tAdd flags to change cryptographic settings - cream - Stream encryption utility
(HTM) git clone git://git.z3bra.org/cream.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 658ef59f5638a92ebd1b33195edc74134a379e34
(DIR) parent 97856352a98e752cfb2c1588a0c176f0fc7f0bc6
(HTM) Author: Willy Goiffon <contact@z3bra.org>
Date: Tue, 20 Sep 2022 15:40:08 +0200
Add flags to change cryptographic settings
Diffstat:
M cream.go | 47 ++++++++++++++++++++++---------
1 file changed, 34 insertions(+), 13 deletions(-)
---
(DIR) diff --git a/cream.go b/cream.go
t@@ -14,8 +14,6 @@ import (
)
const (
- BUFSIZ = 8192
-
// default key derivation values in libsodium
argon2id_time_cost = 2
argon2id_memory_cost = 67108864 / 1024
t@@ -23,10 +21,21 @@ const (
argon2id_salt_len = 16
xchacha20poly1305_key_len = 32
xchacha20poly1305_iv_len = 16
+ xchacha20poly1305_buf_len = 8192
)
+var param struct {
+ argon2id_time_cost uint64
+ argon2id_memory_cost uint64
+ argon2id_threads uint64
+ argon2id_salt_len int64
+ xchacha20poly1305_key_len uint64
+ xchacha20poly1305_iv_len uint64
+ xchacha20poly1305_buf_len uint64
+}
+
func usage() {
- fmt.Printf("usage: %s [-hed] [-s salt] [-f file]\n", os.Args[0])
+ fmt.Printf("usage: %s [-hed] [-b size] [-j thread] [-t time] [-m memory] [-s salt] [-f file]\n", os.Args[0])
os.Exit(2)
}
t@@ -39,15 +48,15 @@ func readsalt(f *os.File, salt *[]byte) {
func deriv(pw []byte, key *[]byte, salt []byte) {
*key = argon2.IDKey(pw, salt,
- argon2id_time_cost,
- argon2id_memory_cost,
- argon2id_threads,
- xchacha20poly1305_key_len)
+ uint32(param.argon2id_time_cost),
+ uint32(param.argon2id_memory_cost),
+ uint8(param.argon2id_threads),
+ uint32(param.xchacha20poly1305_key_len))
}
func encrypt(in *os.File, out *os.File, key []byte, salt []byte) {
var tag byte
- buf := make([]byte, BUFSIZ)
+ buf := make([]byte, param.xchacha20poly1305_buf_len)
enc, nonce, err := secretstream.NewEncryptor(key)
if err != nil {
t@@ -87,11 +96,11 @@ func encrypt(in *os.File, out *os.File, key []byte, salt []byte) {
}
func decrypt(in *os.File, out *os.File, key []byte) {
- buf := make([]byte, BUFSIZ+secretstream.StreamABytes)
+ buf := make([]byte, param.xchacha20poly1305_buf_len+secretstream.StreamABytes)
header := make([]byte, secretstream.StreamHeaderBytes)
- // Skip beginning of file which (supposedly) contains the salt for the key
- in.Seek(argon2id_salt_len, os.SEEK_SET)
+ // Skip beginning of file which (supposedly) contains the salt for the key
+ in.Seek(param.argon2id_salt_len, os.SEEK_SET)
_, err := in.Read(header)
if err != nil {
log.Fatal(err)
t@@ -130,13 +139,25 @@ func main() {
in := os.Stdin
out := os.Stdout
- salt = make([]byte, argon2id_salt_len)
- key = make([]byte, xchacha20poly1305_key_len)
+ // Init default cipher values
+ param.argon2id_salt_len = argon2id_salt_len
+ param.xchacha20poly1305_key_len = xchacha20poly1305_key_len
+ param.xchacha20poly1305_iv_len = xchacha20poly1305_iv_len
+
+ salt = make([]byte, param.argon2id_salt_len)
+ key = make([]byte, param.xchacha20poly1305_key_len)
flag.StringVar(&filename, "f", "", "Encrypt/decrypt to/from file name")
flag.StringVar(&saltfile, "s", "", "Read salt from file (encrypt-only)")
flag.BoolVar(&eflag, "e", false, "encrypt input (default)")
flag.BoolVar(&dflag, "d", false, "decrypt input")
+
+ // xchacha20/argon2id parameters
+ flag.Uint64Var(¶m.argon2id_time_cost, "t", argon2id_time_cost, "Time cost/Iterations")
+ flag.Uint64Var(¶m.argon2id_memory_cost, "m", argon2id_memory_cost, "Memory cost")
+ flag.Uint64Var(¶m.argon2id_threads, "j", argon2id_threads, "Parallel threads")
+ flag.Uint64Var(¶m.xchacha20poly1305_buf_len, "b", xchacha20poly1305_buf_len, "Buffer size")
+
flag.Usage = usage
flag.Parse()