diff options
Diffstat (limited to 'toxencryptsave')
-rw-r--r-- | toxencryptsave/toxencryptsave.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c index f4fdbe61..89c47a03 100644 --- a/toxencryptsave/toxencryptsave.c +++ b/toxencryptsave/toxencryptsave.c | |||
@@ -43,7 +43,7 @@ | |||
43 | uint32_t tox_encrypted_size(const Tox *tox) | 43 | uint32_t tox_encrypted_size(const Tox *tox) |
44 | { | 44 | { |
45 | return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES | 45 | return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES |
46 | + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH; | 46 | + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH; |
47 | } | 47 | } |
48 | 48 | ||
49 | /* Save the messenger data encrypted with the given password. | 49 | /* Save the messenger data encrypted with the given password. |
@@ -55,8 +55,8 @@ uint32_t tox_encrypted_size(const Tox *tox) | |||
55 | int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength) | 55 | int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength) |
56 | { | 56 | { |
57 | if (pplength == 0) | 57 | if (pplength == 0) |
58 | return -1; | 58 | return -1; |
59 | 59 | ||
60 | /* First derive a key from the password */ | 60 | /* First derive a key from the password */ |
61 | /* http://doc.libsodium.org/key_derivation/README.html */ | 61 | /* http://doc.libsodium.org/key_derivation/README.html */ |
62 | /* note that, according to the documentation, a generic pwhash interface will be created | 62 | /* note that, according to the documentation, a generic pwhash interface will be created |
@@ -66,12 +66,13 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 | |||
66 | randombytes(salt, sizeof salt); | 66 | randombytes(salt, sizeof salt); |
67 | 67 | ||
68 | if (crypto_pwhash_scryptsalsa208sha256( | 68 | if (crypto_pwhash_scryptsalsa208sha256( |
69 | key, sizeof(key), passphrase, pplength, salt, | 69 | key, sizeof(key), passphrase, pplength, salt, |
70 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ | 70 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ |
71 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { | 71 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { |
72 | /* out of memory most likely */ | 72 | /* out of memory most likely */ |
73 | return -1; | 73 | return -1; |
74 | } | 74 | } |
75 | |||
75 | /* calling sodium_memzero segfaults, but printing passphrase works, so... libsodium bug? | 76 | /* calling sodium_memzero segfaults, but printing passphrase works, so... libsodium bug? |
76 | * ...eh, it's not segfaulting anywhere else, so I'll assume pebkac... | 77 | * ...eh, it's not segfaulting anywhere else, so I'll assume pebkac... |
77 | sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ | 78 | sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ |
@@ -80,7 +81,7 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 | |||
80 | uint32_t temp_size = tox_size(tox); | 81 | uint32_t temp_size = tox_size(tox); |
81 | uint8_t temp_data[temp_size]; | 82 | uint8_t temp_data[temp_size]; |
82 | tox_save(tox, temp_data); | 83 | tox_save(tox, temp_data); |
83 | 84 | ||
84 | /* the output data consists of, in order: | 85 | /* the output data consists of, in order: |
85 | * magic number, salt, nonce, mac, enc_data | 86 | * magic number, salt, nonce, mac, enc_data |
86 | * where the mac is automatically prepended by the encrypt() | 87 | * where the mac is automatically prepended by the encrypt() |
@@ -102,7 +103,7 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 | |||
102 | 103 | ||
103 | /* now encrypt */ | 104 | /* now encrypt */ |
104 | if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data) | 105 | if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data) |
105 | != temp_size + crypto_box_MACBYTES) { | 106 | != temp_size + crypto_box_MACBYTES) { |
106 | return -1; | 107 | return -1; |
107 | } | 108 | } |
108 | 109 | ||
@@ -116,36 +117,41 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 | |||
116 | */ | 117 | */ |
117 | int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) | 118 | int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) |
118 | { | 119 | { |
119 | if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH) | 120 | if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + |
121 | TOX_ENC_SAVE_MAGIC_LENGTH) | ||
120 | return -1; | 122 | return -1; |
121 | 123 | ||
122 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) | 124 | if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) |
123 | return -1; | 125 | return -1; |
126 | |||
124 | data += TOX_ENC_SAVE_MAGIC_LENGTH; | 127 | data += TOX_ENC_SAVE_MAGIC_LENGTH; |
125 | 128 | ||
126 | uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES | 129 | uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES |
127 | - crypto_pwhash_scryptsalsa208sha256_SALTBYTES - TOX_ENC_SAVE_MAGIC_LENGTH; | 130 | - crypto_pwhash_scryptsalsa208sha256_SALTBYTES - TOX_ENC_SAVE_MAGIC_LENGTH; |
128 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | 131 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; |
129 | uint8_t nonce[crypto_box_NONCEBYTES]; | 132 | uint8_t nonce[crypto_box_NONCEBYTES]; |
130 | 133 | ||
131 | memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | 134 | memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); |
132 | data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | 135 | data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; |
133 | memcpy(nonce, data, crypto_box_NONCEBYTES); | 136 | memcpy(nonce, data, crypto_box_NONCEBYTES); |
134 | data += crypto_box_NONCEBYTES; | 137 | data += crypto_box_NONCEBYTES; |
135 | 138 | ||
136 | /* derive the key */ | 139 | /* derive the key */ |
137 | uint8_t key[crypto_box_KEYBYTES]; | 140 | uint8_t key[crypto_box_KEYBYTES]; |
141 | |||
138 | if (crypto_pwhash_scryptsalsa208sha256( | 142 | if (crypto_pwhash_scryptsalsa208sha256( |
139 | key, sizeof(key), passphrase, pplength, salt, | 143 | key, sizeof(key), passphrase, pplength, salt, |
140 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ | 144 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ |
141 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { | 145 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { |
142 | /* out of memory most likely */ | 146 | /* out of memory most likely */ |
143 | return -1; | 147 | return -1; |
144 | } | 148 | } |
149 | |||
145 | /* sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ | 150 | /* sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ |
146 | 151 | ||
147 | /* decrypt the data */ | 152 | /* decrypt the data */ |
148 | uint8_t temp_data[decrypt_length]; | 153 | uint8_t temp_data[decrypt_length]; |
154 | |||
149 | if (decrypt_data_symmetric(key, nonce, data, decrypt_length + crypto_box_MACBYTES, temp_data) | 155 | if (decrypt_data_symmetric(key, nonce, data, decrypt_length + crypto_box_MACBYTES, temp_data) |
150 | != decrypt_length) { | 156 | != decrypt_length) { |
151 | return -1; | 157 | return -1; |