tStore salt in the encrypted secret file - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 0fe1bf13e623f52610fe2307b26c8fada91c750d
(DIR) parent c17f57fbb9d825b1137066cb3e2cbdd3fc94f589
(HTM) Author: z3bra <contactatz3bradotorg>
Date: Thu, 23 May 2019 11:50:56 +0200
Store salt in the encrypted secret file
Diffstat:
M safe.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
---
(DIR) diff --git a/safe.c b/safe.c
t@@ -118,11 +118,8 @@ hash(uint8_t *buf, size_t size, uint8_t *md, size_t mdsize)
}
void
-deriv(char *pw, uint8_t *key, size_t ks)
+deriv(char *pw, uint8_t *salt, uint8_t *key, size_t ks)
{
- uint8_t salt[crypto_pwhash_SALTBYTES];
-
- sodium_memzero(salt, sizeof(salt));
if (crypto_pwhash(key, ks, pw, strlen(pw),
salt, crypto_pwhash_OPSLIMIT_INTERACTIVE,
crypto_pwhash_MEMLIMIT_INTERACTIVE,
t@@ -187,13 +184,17 @@ store_secret(int fd, char *name)
{
int sfd;
uint8_t key[crypto_secretstream_xchacha20poly1305_KEYBYTES];
+ uint8_t salt[crypto_pwhash_SALTBYTES];
sfd = open(name, O_WRONLY | O_CREAT, 0600);
if (sfd < 0)
err(1, "open %s", name);
+ randombytes_buf(salt, sizeof(salt));
+ xwrite(sfd, salt, sizeof(salt));
+
readpass("Passphrase:", &passphrase, &pplen);
- deriv((char *)passphrase, key, sizeof(key));
+ deriv((char *)passphrase, salt, key, sizeof(key));
xencrypt(fd, sfd, key);
close(sfd);
t@@ -206,13 +207,16 @@ show_secret(int fd, char *name)
{
int sfd;
uint8_t key[crypto_secretstream_xchacha20poly1305_KEYBYTES];
+ uint8_t salt[crypto_pwhash_SALTBYTES];
sfd = open(name, O_RDONLY);
if (sfd < 0)
err(1, "open %s", name);
+ xread(sfd, salt, sizeof(salt));
+
readpass("Passphrase:", &passphrase, &pplen);
- deriv((char *)passphrase, key, sizeof(key));
+ deriv((char *)passphrase, salt, key, sizeof(key));
xdecrypt(sfd, fd, key);
close(sfd);