tDecorelate testing master password from key derivation - safe - password protected secret keeper
(HTM) git clone git://git.z3bra.org/safe.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit bda607548494962049a8b89cfd26b06304393807
(DIR) parent c541f712cd990950f121cc599b35db5b4559368c
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Sun, 21 Aug 2022 15:02:51 +0200
Decorelate testing master password from key derivation
Diffstat:
M safe.c | 47 ++++++++++++++++---------------
1 file changed, 25 insertions(+), 22 deletions(-)
---
(DIR) diff --git a/safe.c b/safe.c
t@@ -458,38 +458,41 @@ main(int argc, char *argv[])
else
close(ttyfd);
- if (!haskey) {
+ /* write master password entry if not present */
+ if (!hasmaster) {
pplen = readpass(prompt, passphrase, sizeof(passphrase), kflag, bflag);
if (pplen < 0)
return -1;
- /* write master password entry if not present */
- if (!hasmaster) {
+ /* input for master password again to check */
+ vplen = readpass("verify:", verifyphrase, sizeof(verifyphrase), kflag, bflag);
+ if (vplen < 0)
+ return -1;
- /* input for master password again to check */
- vplen = readpass("verify:", verifyphrase, sizeof(verifyphrase), kflag, bflag);
- if (vplen < 0)
- return -1;
+ if (pplen != vplen || memcmp(passphrase, verifyphrase, pplen)) {
+ fprintf(stderr, "password mismatch\n");
+ return -1;
+ }
- if (pplen != vplen || memcmp(passphrase, verifyphrase, pplen)) {
- fprintf(stderr, "password mismatch\n");
- return -1;
- }
+ fd = open(master_entry, O_RDWR | O_CREAT | O_EXCL, 0600);
+ if (fd < 0)
+ err(1, "%s", master_entry);
- fd = open(master_entry, O_RDWR | O_CREAT | O_EXCL, 0600);
- if (fd < 0)
- err(1, "%s", master_entry);
+ randombytes_buf(s.salt, sizeof(s.salt));
+ deriv((char *)passphrase, &s);
- randombytes_buf(s.salt, sizeof(s.salt));
- deriv((char *)passphrase, &s);
+ xwrite(fd, s.salt, sizeof(s.salt));
+ writepass(&s, passphrase, pplen, fd);
+ haskey = 1;
+ }
- xwrite(fd, s.salt, sizeof(s.salt));
- writepass(&s, passphrase, pplen, fd);
- } else {
- xread(fd, s.salt, sizeof(s.salt), NULL);
- deriv(passphrase, &s);
- }
+ if (!haskey) {
+ pplen = readpass(prompt, passphrase, sizeof(passphrase), kflag, bflag);
+ if (pplen < 0)
+ return -1;
+ xread(fd, s.salt, sizeof(s.salt), NULL);
+ deriv(passphrase, &s);
haskey = 1;
}