tRetrieve the key from safe-agent over unix sockets - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 6dd1e0be30daf1a4e81b42e7bf4013313181e0f9
(DIR) parent fbcf01e90629b3b93917b7f79b83d7b7523383d0
(HTM) Author: z3bra <contactatz3bradotorg>
Date: Thu, 23 May 2019 18:20:48 +0200
Retrieve the key from safe-agent over unix sockets
Diffstat:
M safe.c | 76 +++++++++++++------------------
1 file changed, 31 insertions(+), 45 deletions(-)
---
(DIR) diff --git a/safe.c b/safe.c
t@@ -1,5 +1,7 @@
+#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/un.h>
#include <err.h>
#include <fcntl.h>
t@@ -13,17 +15,12 @@
#include <sodium.h>
#include "arg.h"
-#include "readpassphrase.h"
-#define CKSIZE 4096
-#define MDSIZE crypto_generichash_BYTES
+#define SOCKET "/tmp/safe.sock"
#define SAFE ".secrets"
char *argv0;
-uint8_t *passphrase;
-uint32_t pplen;
-
void
usage(void)
{
t@@ -107,43 +104,12 @@ xwrite(int fd, const void *buf, size_t nbytes)
return total;
}
-static int
-readpass(const char *prompt, uint8_t **target, uint32_t *len)
-{
- char pass[BUFSIZ], *p;
-
- p = readpassphrase(prompt, pass, sizeof(pass), RPP_ECHO_OFF);
- if (!p)
- err(1, "readpassphrase:");
-
- if (p[0] == '\0')
- return -1;
-
- *target = realloc(*target, strlen(p)); /* not null-terminated */
- if (!*target)
- err(1, "realloc:");
-
- memcpy(*target, p, strlen(p));
- *len = strlen(p);
- return 0;
-}
-
-void
-deriv(char *pw, uint8_t *salt, uint8_t *key, size_t ks)
-{
- if (crypto_pwhash(key, ks, pw, strlen(pw),
- salt, crypto_pwhash_OPSLIMIT_INTERACTIVE,
- crypto_pwhash_MEMLIMIT_INTERACTIVE,
- crypto_pwhash_ALG_DEFAULT))
- err(1, "crypto_pwhash");
-}
-
void
xencrypt(int ifd, int ofd, uint8_t *key)
{
ssize_t n;
- uint8_t in[CKSIZE];
- uint8_t out[CKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES];
+ uint8_t in[BUFSIZ];
+ uint8_t out[BUFSIZ + crypto_secretstream_xchacha20poly1305_ABYTES];
uint8_t hdr[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
crypto_secretstream_xchacha20poly1305_state st;
unsigned long long len;
t@@ -170,8 +136,8 @@ void
xdecrypt(int ifd, int ofd, uint8_t *key)
{
ssize_t n;
- uint8_t out[CKSIZE];
- uint8_t in[CKSIZE + crypto_secretstream_xchacha20poly1305_ABYTES];
+ uint8_t out[BUFSIZ];
+ uint8_t in[BUFSIZ + crypto_secretstream_xchacha20poly1305_ABYTES];
uint8_t hdr[crypto_secretstream_xchacha20poly1305_HEADERBYTES];
crypto_secretstream_xchacha20poly1305_state st;
unsigned long long len;
t@@ -191,6 +157,28 @@ xdecrypt(int ifd, int ofd, uint8_t *key)
}
int
+getkey(char *path, uint8_t *key, uint8_t *salt)
+{
+ int sfd;
+ struct sockaddr_un addr;
+
+ addr.sun_family = AF_UNIX;
+ strcpy(addr.sun_path, path);
+
+ sfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sfd < 0)
+ err(1, "socket %s", path);
+
+ if (connect(sfd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ err(1, "connect %s", path);
+
+ xwrite(sfd, salt, crypto_pwhash_SALTBYTES);
+ xread(sfd, key, crypto_secretstream_xchacha20poly1305_KEYBYTES);
+
+ return 0;
+}
+
+int
store_secret(int fd, char *name)
{
int sfd;
t@@ -205,8 +193,7 @@ store_secret(int fd, char *name)
randombytes_buf(salt, sizeof(salt));
xwrite(sfd, salt, sizeof(salt));
- readpass("Passphrase:", &passphrase, &pplen);
- deriv((char *)passphrase, salt, key, sizeof(key));
+ getkey(SOCKET, key, salt);
xencrypt(fd, sfd, key);
close(sfd);
t@@ -227,8 +214,7 @@ show_secret(int fd, char *name)
xread(sfd, salt, sizeof(salt));
- readpass("Passphrase:", &passphrase, &pplen);
- deriv((char *)passphrase, salt, key, sizeof(key));
+ getkey(SOCKET, key, salt);
xdecrypt(sfd, fd, key);
close(sfd);