tAdd master password check before writesecret() - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 609ebec6b8b0a55f03a168ac77c601b750ec44e7
(DIR) parent 98e15100b5dd00325bd675d6751e2b895e4705bd
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Wed, 5 Jun 2019 11:50:32 +0200
Add master password check before writesecret()
Diffstat:
M safe.c | 34 ++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/safe.c b/safe.c
t@@ -236,6 +236,32 @@ readkey(struct safe *s, char *path)
}
int
+trydecrypt(struct safe *s, int fd)
+{
+ int eof = 0;
+ ssize_t n;
+ uint8_t tag;
+ uint8_t m[BUFSIZ];
+ uint8_t c[BUFSIZ + crypto_secretstream_xchacha20poly1305_ABYTES];
+ uint8_t h[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
+ crypto_secretstream_xchacha20poly1305_state st;
+ unsigned long long mlen;
+
+ xread(fd, h, sizeof(h), NULL);
+ if (crypto_secretstream_xchacha20poly1305_init_pull(&st, h, s->key))
+ return -1;
+
+ while ((n = xread(fd, c, sizeof(c), &eof)) > 0) {
+ if (crypto_secretstream_xchacha20poly1305_pull(&st, m, &mlen, &tag, c, n, NULL, 0))
+ return -1;
+
+ if (eof && tag != crypto_secretstream_xchacha20poly1305_TAG_FINAL)
+ return -1;
+ }
+ return 0;
+}
+
+int
writepass(struct safe *s, uint8_t *m, size_t mlen, int fd)
{
uint8_t *c, h[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
t@@ -380,6 +406,13 @@ main(int argc, char *argv[])
err(1, "%s", MASTER);
xread(fd, s.salt, sizeof(s.salt), NULL);
deriv((char *)passphrase, &s);
+
+ /* do not store secret if master password mismatch */
+ if (trydecrypt(&s, fd) < 0) {
+ fprintf(stderr, "incorrect master password\n");
+ close(fd);
+ return -1;
+ }
close(fd);
mkdir_p(dirname(secret), 0700);
t@@ -402,6 +435,5 @@ main(int argc, char *argv[])
close(fd);
}
-
return 0;
}