tPut back the key generation bit in safe.c - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 6d148607abca29a784e2558bcc73639a81b20ae7
(DIR) parent 04c4ce005bc16a95427ef80cc32443441b7c50c7
(HTM) Author: z3bra <contactatz3bradotorg>
Date: Fri, 24 May 2019 17:37:58 +0200
Put back the key generation bit in safe.c
Diffstat:
M safe.c | 50 +++++++++++++++++++++++++++++--
1 file changed, 47 insertions(+), 3 deletions(-)
---
(DIR) diff --git a/safe.c b/safe.c
t@@ -15,10 +15,13 @@
#include <sodium.h>
#include "arg.h"
+#include "readpassphrase.h"
-#define SOCKET "/tmp/safe.sock"
+#define MDSIZ crypto_generichash_BYTES
#define SAFE ".secrets"
+uint8_t *passphrase;
+size_t pplen;
char *argv0;
void
t@@ -157,6 +160,38 @@ xdecrypt(int ifd, int ofd, uint8_t *key)
}
int
+readpass(const char *prompt, uint8_t **target, size_t *len)
+{
+ char pass[BUFSIZ], *p;
+
+ p = readpassphrase(prompt, pass, sizeof(pass), RPP_ECHO_OFF);
+ if (!p)
+ err(1, "readpassphrase:");
+
+ if (p[0] == '\0')
+ return -1;
+
+ *target = realloc(*target, strlen(p)); /* not null-terminated */
+ if (!*target)
+ err(1, "realloc:");
+
+ memcpy(*target, p, strlen(p));
+ *len = strlen(p);
+
+ return 0;
+}
+
+void
+deriv(char *pw, uint8_t *salt, uint8_t *key, size_t ks)
+{
+ if (crypto_pwhash(key, ks, pw, strlen(pw),
+ salt, crypto_pwhash_OPSLIMIT_INTERACTIVE,
+ crypto_pwhash_MEMLIMIT_INTERACTIVE,
+ crypto_pwhash_ALG_DEFAULT))
+ err(1, "crypto_pwhash");
+}
+
+int
getkey(char *path, uint8_t *key, uint8_t *salt)
{
int sfd;
t@@ -179,6 +214,15 @@ getkey(char *path, uint8_t *key, uint8_t *salt)
}
int
+genkey(uint8_t *key, size_t ks, uint8_t *salt)
+{
+ readpass("password:", &passphrase, &pplen);
+ deriv((char *)passphrase, salt, key, ks);
+
+ return 0;
+}
+
+int
store_secret(int fd, char *name)
{
int sfd;
t@@ -193,7 +237,7 @@ store_secret(int fd, char *name)
randombytes_buf(salt, sizeof(salt));
xwrite(sfd, salt, sizeof(salt));
- getkey(SOCKET, key, salt);
+ genkey(key, sizeof(key), salt);
xencrypt(fd, sfd, key);
close(sfd);
t@@ -214,7 +258,7 @@ show_secret(int fd, char *name)
xread(sfd, salt, sizeof(salt));
- getkey(SOCKET, key, salt);
+ genkey(key, sizeof(key), salt);
xdecrypt(sfd, fd, key);
close(sfd);