tRemove useless data from header - cream - Stream encryption utility
(HTM) git clone git://git.z3bra.org/cream.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit f268d845b7b4f2cfb9d88cae51de02586bdbcc1e
(DIR) parent 2df6a701ab4764289b076806a5d00778273541a5
(HTM) Author: Willy Goiffon <contact@z3bra.org>
Date: Tue, 18 Oct 2022 15:07:05 +0200
Remove useless data from header
Diffstat:
M cream.go | 33 ++++++++++++-------------------
1 file changed, 13 insertions(+), 20 deletions(-)
---
(DIR) diff --git a/cream.go b/cream.go
t@@ -10,34 +10,31 @@ import (
"os"
"github.com/netfoundry/secretstream"
+ "golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/argon2"
"golang.org/x/term"
)
const (
cream_magic = "CREAM\x01"
- cream_version = 1
+ cream_version = 0x10
- // default encryption parameters
- xchacha20poly1305_key_len = 32
- xchacha20poly1305_iv_len = 16
+ // internal stream cipher buffer
xchacha20poly1305_buf_len = 4096
- // default key derivation values in libsodium
- argon2id_time_cost = 2
+ // recommended for memory constrained environments, as per RFC9106
argon2id_memory_cost = 65536 // 64 Kib
- argon2id_threads = 1
+ argon2id_time_cost = 3
+ argon2id_threads = 4
argon2id_salt_len = 16
)
type Header struct {
Cream_magic [6]byte
Cream_version uint16
- Xchacha20poly1305_key_len uint32
- Xchacha20poly1305_iv_len uint32
Xchacha20poly1305_buf_len uint32
- Argon2id_time_cost uint32
Argon2id_memory_cost uint32
+ Argon2id_time_cost uint32
Argon2id_threads uint32
Argon2id_salt [16]byte
}
t@@ -54,11 +51,11 @@ func readheader(f *os.File, h *Header) {
}
if string(h.Cream_magic[:]) != string(cream_magic) {
- log.Fatal("Bad magic value: %b", h.Cream_magic)
+ log.Fatal("Invalid format", h.Cream_magic)
}
- if h.Cream_version > cream_version {
- log.Fatal("Version %d not handled", h.Cream_version)
+ if h.Cream_version != cream_version {
+ log.Fatal("Version %d not supported", h.Cream_version)
}
}
t@@ -161,11 +158,7 @@ func main() {
copy(header.Cream_magic[:], cream_magic)
header.Cream_version = cream_version
- // Init default cipher values
- header.Xchacha20poly1305_key_len = xchacha20poly1305_key_len
- header.Xchacha20poly1305_iv_len = xchacha20poly1305_iv_len
-
- key = make([]byte, header.Xchacha20poly1305_key_len)
+ key = make([]byte, chacha20poly1305.KeySize)
flag.StringVar(&filename, "f", "", "Encrypt/decrypt to/from file name")
flag.StringVar(&saltfile, "s", "", "Read salt from file (encrypt-only)")
t@@ -173,16 +166,16 @@ func main() {
flag.BoolVar(&dflag, "d", false, "decrypt input")
// xchacha20/argon2id parameters
- flag.Uint64Var(&time, "t", argon2id_time_cost, "Time cost/Iterations")
flag.Uint64Var(&memory, "m", argon2id_memory_cost, "Memory cost")
+ flag.Uint64Var(&time, "t", argon2id_time_cost, "Time cost")
flag.Uint64Var(&jobnum, "j", argon2id_threads, "Parallel threads")
flag.Uint64Var(&blksiz, "b", xchacha20poly1305_buf_len, "Buffer size")
flag.Usage = usage
flag.Parse()
- header.Argon2id_time_cost = uint32(time)
header.Argon2id_memory_cost = uint32(memory)
+ header.Argon2id_time_cost = uint32(time)
header.Argon2id_threads = uint32(jobnum)
header.Xchacha20poly1305_buf_len = uint32(blksiz)