diff options
| author | irungentoo_trip <irungentoo@gmail.com> | 2014-10-23 18:09:02 -0700 |
|---|---|---|
| committer | irungentoo_trip <irungentoo@gmail.com> | 2014-10-23 18:09:02 -0700 |
| commit | 9878b441b1d2b175b20d28cc41406280e3cada31 (patch) | |
| tree | ab571798a6eae9ac8e569e043bb1828ee8b71a97 /toxencryptsave/toxencryptsave.c | |
| parent | cfac10fb82b27c80e2ba72f07a3ef0c10f16faa6 (diff) | |
| parent | d90ee9d4e447f7520fee899b7b6211125095242b (diff) | |
Merge branch 'dubslow-master'
#
# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
Diffstat (limited to 'toxencryptsave/toxencryptsave.c')
| -rw-r--r-- | toxencryptsave/toxencryptsave.c | 94 |
1 files changed, 57 insertions, 37 deletions
diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c index 6567eb96..b6453a89 100644 --- a/toxencryptsave/toxencryptsave.c +++ b/toxencryptsave/toxencryptsave.c | |||
| @@ -36,9 +36,9 @@ | |||
| 36 | #endif | 36 | #endif |
| 37 | 37 | ||
| 38 | #define TOX_PASS_ENCRYPTION_EXTRA_LENGTH (crypto_box_MACBYTES + crypto_box_NONCEBYTES \ | 38 | #define TOX_PASS_ENCRYPTION_EXTRA_LENGTH (crypto_box_MACBYTES + crypto_box_NONCEBYTES \ |
| 39 | + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) | 39 | + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH) |
| 40 | 40 | ||
| 41 | #define TOX_PASS_KEY_LENGTH (crypto_box_KEYBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) | 41 | #define TOX_PASS_KEY_LENGTH (crypto_pwhash_scryptsalsa208sha256_SALTBYTES + crypto_box_KEYBYTES) |
| 42 | 42 | ||
| 43 | int tox_pass_encryption_extra_length() | 43 | int tox_pass_encryption_extra_length() |
| 44 | { | 44 | { |
| @@ -50,6 +50,11 @@ int tox_pass_key_length() | |||
| 50 | return TOX_PASS_KEY_LENGTH; | 50 | return TOX_PASS_KEY_LENGTH; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | int tox_pass_salt_length() | ||
| 54 | { | ||
| 55 | return crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | ||
| 56 | } | ||
| 57 | |||
| 53 | /* This "module" provides functions analogous to tox_load and tox_save in toxcore | 58 | /* This "module" provides functions analogous to tox_load and tox_save in toxcore |
| 54 | * Clients should consider alerting their users that, unlike plain data, if even one bit | 59 | * Clients should consider alerting their users that, unlike plain data, if even one bit |
| 55 | * becomes corrupted, the data will be entirely unrecoverable. | 60 | * becomes corrupted, the data will be entirely unrecoverable. |
| @@ -59,7 +64,24 @@ int tox_pass_key_length() | |||
| 59 | /* return size of the messenger data (for encrypted saving). */ | 64 | /* return size of the messenger data (for encrypted saving). */ |
| 60 | uint32_t tox_encrypted_size(const Tox *tox) | 65 | uint32_t tox_encrypted_size(const Tox *tox) |
| 61 | { | 66 | { |
| 62 | return tox_size(tox) + TOX_PASS_ENCRYPTION_EXTRA_LENGTH + TOX_ENC_SAVE_MAGIC_LENGTH; | 67 | return tox_size(tox) + TOX_PASS_ENCRYPTION_EXTRA_LENGTH; |
| 68 | } | ||
| 69 | |||
| 70 | /* This retrieves the salt used to encrypt the given data, which can then be passed to | ||
| 71 | * derive_key_with_salt to produce the same key as was previously used. Any encrpyted | ||
| 72 | * data with this module can be used as input. | ||
| 73 | * | ||
| 74 | * returns -1 if the magic number is wrong | ||
| 75 | * returns 0 otherwise (no guarantee about validity of data) | ||
| 76 | */ | ||
| 77 | int tox_get_salt(uint8_t *data, uint8_t *salt) | ||
| 78 | { | ||
| 79 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) | ||
| 80 | return -1; | ||
| 81 | |||
| 82 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 83 | memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | ||
| 84 | return 0; | ||
| 63 | } | 85 | } |
| 64 | 86 | ||
| 65 | /* Generates a secret symmetric key from the given passphrase. out_key must be at least | 87 | /* Generates a secret symmetric key from the given passphrase. out_key must be at least |
| @@ -76,19 +98,28 @@ uint32_t tox_encrypted_size(const Tox *tox) | |||
| 76 | */ | 98 | */ |
| 77 | int tox_derive_key_from_pass(uint8_t *passphrase, uint32_t pplength, uint8_t *out_key) | 99 | int tox_derive_key_from_pass(uint8_t *passphrase, uint32_t pplength, uint8_t *out_key) |
| 78 | { | 100 | { |
| 101 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | ||
| 102 | randombytes(salt, sizeof salt); | ||
| 103 | return tox_derive_key_with_salt(passphrase, pplength, salt, out_key); | ||
| 104 | } | ||
| 105 | |||
| 106 | /* Same as above, except with use the given salt for deterministic key derivation. | ||
| 107 | * The salt must be tox_salt_length() bytes in length. | ||
| 108 | */ | ||
| 109 | int tox_derive_key_with_salt(uint8_t *passphrase, uint32_t pplength, uint8_t *salt, uint8_t *out_key) | ||
| 110 | { | ||
| 79 | if (pplength == 0) | 111 | if (pplength == 0) |
| 80 | return -1; | 112 | return -1; |
| 81 | 113 | ||
| 82 | uint8_t passkey[crypto_hash_sha256_BYTES]; | 114 | uint8_t passkey[crypto_hash_sha256_BYTES]; |
| 83 | crypto_hash_sha256(passkey, passphrase, pplength); | 115 | crypto_hash_sha256(passkey, passphrase, pplength); |
| 84 | /* First derive a key from the password */ | 116 | |
| 117 | uint8_t key[crypto_box_KEYBYTES]; | ||
| 118 | |||
| 119 | /* Derive a key from the password */ | ||
| 85 | /* http://doc.libsodium.org/key_derivation/README.html */ | 120 | /* http://doc.libsodium.org/key_derivation/README.html */ |
| 86 | /* note that, according to the documentation, a generic pwhash interface will be created | 121 | /* note that, according to the documentation, a generic pwhash interface will be created |
| 87 | * once the pwhash competition (https://password-hashing.net/) is over */ | 122 | * once the pwhash competition (https://password-hashing.net/) is over */ |
| 88 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | ||
| 89 | uint8_t key[crypto_box_KEYBYTES]; | ||
| 90 | randombytes(salt, sizeof salt); | ||
| 91 | |||
| 92 | if (crypto_pwhash_scryptsalsa208sha256( | 123 | if (crypto_pwhash_scryptsalsa208sha256( |
| 93 | key, sizeof(key), passkey, sizeof(passkey), salt, | 124 | key, sizeof(key), passkey, sizeof(passkey), salt, |
| 94 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ | 125 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ |
| @@ -123,13 +154,17 @@ int tox_pass_key_encrypt(const uint8_t *data, uint32_t data_len, const uint8_t * | |||
| 123 | * need them to decrypt the data | 154 | * need them to decrypt the data |
| 124 | */ | 155 | */ |
| 125 | 156 | ||
| 126 | /* first add the prefix */ | 157 | /* first add the magic number */ |
| 127 | uint8_t nonce[crypto_box_NONCEBYTES]; | 158 | memcpy(out, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH); |
| 128 | random_nonce(nonce); | 159 | out += TOX_ENC_SAVE_MAGIC_LENGTH; |
| 129 | 160 | ||
| 161 | /* then add the rest prefix */ | ||
| 130 | memcpy(out, key, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | 162 | memcpy(out, key, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); |
| 131 | key += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | 163 | key += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; |
| 132 | out += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | 164 | out += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; |
| 165 | |||
| 166 | uint8_t nonce[crypto_box_NONCEBYTES]; | ||
| 167 | random_nonce(nonce); | ||
| 133 | memcpy(out, nonce, crypto_box_NONCEBYTES); | 168 | memcpy(out, nonce, crypto_box_NONCEBYTES); |
| 134 | out += crypto_box_NONCEBYTES; | 169 | out += crypto_box_NONCEBYTES; |
| 135 | 170 | ||
| @@ -172,11 +207,6 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 | |||
| 172 | uint8_t temp_data[temp_size]; | 207 | uint8_t temp_data[temp_size]; |
| 173 | tox_save(tox, temp_data); | 208 | tox_save(tox, temp_data); |
| 174 | 209 | ||
| 175 | /* the output data consists of, in order: magic number, enc_data */ | ||
| 176 | /* first add the magic number */ | ||
| 177 | memcpy(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH); | ||
| 178 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 179 | |||
| 180 | /* now encrypt */ | 210 | /* now encrypt */ |
| 181 | return tox_pass_encrypt(temp_data, temp_size, passphrase, pplength, data); | 211 | return tox_pass_encrypt(temp_data, temp_size, passphrase, pplength, data); |
| 182 | } | 212 | } |
| @@ -194,11 +224,6 @@ int tox_encrypted_key_save(const Tox *tox, uint8_t *data, uint8_t *key) | |||
| 194 | uint8_t temp_data[temp_size]; | 224 | uint8_t temp_data[temp_size]; |
| 195 | tox_save(tox, temp_data); | 225 | tox_save(tox, temp_data); |
| 196 | 226 | ||
| 197 | /* the output data consists of, in order: magic number, enc_data */ | ||
| 198 | /* first add the magic number */ | ||
| 199 | memcpy(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH); | ||
| 200 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 201 | |||
| 202 | /* encrypt */ | 227 | /* encrypt */ |
| 203 | return tox_pass_key_encrypt(temp_data, temp_size, key, data); | 228 | return tox_pass_key_encrypt(temp_data, temp_size, key, data); |
| 204 | } | 229 | } |
| @@ -211,9 +236,12 @@ int tox_encrypted_key_save(const Tox *tox, uint8_t *data, uint8_t *key) | |||
| 211 | */ | 236 | */ |
| 212 | int tox_pass_key_decrypt(const uint8_t *data, uint32_t length, const uint8_t *key, uint8_t *out) | 237 | int tox_pass_key_decrypt(const uint8_t *data, uint32_t length, const uint8_t *key, uint8_t *out) |
| 213 | { | 238 | { |
| 214 | if (length <= TOX_PASS_ENCRYPTION_EXTRA_LENGTH) | 239 | if (length <= TOX_PASS_ENCRYPTION_EXTRA_LENGTH |
| 240 | || 0 != memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH)) | ||
| 215 | return -1; | 241 | return -1; |
| 216 | 242 | ||
| 243 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 244 | |||
| 217 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; | 245 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; |
| 218 | //uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | 246 | //uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; |
| 219 | uint8_t nonce[crypto_box_NONCEBYTES]; | 247 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| @@ -241,12 +269,11 @@ int tox_pass_key_decrypt(const uint8_t *data, uint32_t length, const uint8_t *ke | |||
| 241 | */ | 269 | */ |
| 242 | int tox_pass_decrypt(const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength, uint8_t *out) | 270 | int tox_pass_decrypt(const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength, uint8_t *out) |
| 243 | { | 271 | { |
| 244 | |||
| 245 | uint8_t passkey[crypto_hash_sha256_BYTES]; | 272 | uint8_t passkey[crypto_hash_sha256_BYTES]; |
| 246 | crypto_hash_sha256(passkey, passphrase, pplength); | 273 | crypto_hash_sha256(passkey, passphrase, pplength); |
| 247 | 274 | ||
| 248 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | 275 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; |
| 249 | memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | 276 | memcpy(salt, data + TOX_ENC_SAVE_MAGIC_LENGTH, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); |
| 250 | 277 | ||
| 251 | /* derive the key */ | 278 | /* derive the key */ |
| 252 | uint8_t key[crypto_box_KEYBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | 279 | uint8_t key[crypto_box_KEYBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; |
| @@ -272,12 +299,6 @@ int tox_pass_decrypt(const uint8_t *data, uint32_t length, uint8_t *passphrase, | |||
| 272 | */ | 299 | */ |
| 273 | int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) | 300 | int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) |
| 274 | { | 301 | { |
| 275 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) | ||
| 276 | return -1; | ||
| 277 | |||
| 278 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 279 | length -= TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 280 | |||
| 281 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; | 302 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; |
| 282 | uint8_t temp_data[decrypt_length]; | 303 | uint8_t temp_data[decrypt_length]; |
| 283 | 304 | ||
| @@ -295,12 +316,6 @@ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t * | |||
| 295 | */ | 316 | */ |
| 296 | int tox_encrypted_key_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *key) | 317 | int tox_encrypted_key_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *key) |
| 297 | { | 318 | { |
| 298 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) | ||
| 299 | return -1; | ||
| 300 | |||
| 301 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 302 | length -= TOX_ENC_SAVE_MAGIC_LENGTH; | ||
| 303 | |||
| 304 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; | 319 | uint32_t decrypt_length = length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH; |
| 305 | uint8_t temp_data[decrypt_length]; | 320 | uint8_t temp_data[decrypt_length]; |
| 306 | 321 | ||
| @@ -316,10 +331,15 @@ int tox_encrypted_key_load(Tox *tox, const uint8_t *data, uint32_t length, uint8 | |||
| 316 | * returns 1 if it is encrypted | 331 | * returns 1 if it is encrypted |
| 317 | * returns 0 otherwise | 332 | * returns 0 otherwise |
| 318 | */ | 333 | */ |
| 319 | int tox_is_save_encrypted(const uint8_t *data) | 334 | int tox_is_data_encrypted(const uint8_t *data) |
| 320 | { | 335 | { |
| 321 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) | 336 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) |
| 322 | return 1; | 337 | return 1; |
| 323 | else | 338 | else |
| 324 | return 0; | 339 | return 0; |
| 325 | } | 340 | } |
| 341 | |||
| 342 | int tox_is_save_encrypted(const uint8_t *data) | ||
| 343 | { | ||
| 344 | return tox_is_data_encrypted(data); | ||
| 345 | } | ||