aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/tweetpipe.c56
1 files changed, 35 insertions, 21 deletions
diff --git a/src/tweetpipe.c b/src/tweetpipe.c
index b74bbaf..e369f70 100644
--- a/src/tweetpipe.c
+++ b/src/tweetpipe.c
@@ -53,7 +53,8 @@ derive_key(Context *ctx, char *password, size_t password_len)
if (ctx->has_key) {
die(0, "A single key is enough");
}
- if (crypto_pwhash(ctx->key, sizeof ctx->key, (unsigned char *) password, password_len, master_key, PWHASH_OPSLIMIT) != 0) {
+ if (crypto_pwhash(ctx->key, sizeof ctx->key, (unsigned char *) password, password_len,
+ master_key, PWHASH_OPSLIMIT) != 0) {
die(0, "Password hashing failed");
}
memzero(password, password_len);
@@ -65,15 +66,18 @@ stream_encrypt(Context *ctx)
{
unsigned char *const chunk_size_p = ctx->buf;
unsigned char *const chunk_nonce = chunk_size_p + 4;
- unsigned char *const chunk_base = chunk_nonce + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
- unsigned char *const chunk_msg = chunk_base + crypto_secretbox_ZEROBYTES;
- unsigned char nonce[crypto_secretbox_NONCEBYTES];
+ unsigned char *const chunk_base =
+ chunk_nonce + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
+ unsigned char *const chunk_msg = chunk_base + crypto_secretbox_ZEROBYTES;
+ unsigned char nonce[crypto_secretbox_NONCEBYTES];
uint64_t chunk_id;
ssize_t max_chunk_size;
ssize_t chunk_size;
- assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
- max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES + crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
+ assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES);
+ max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES +
+ crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
assert(max_chunk_size <= 0x7fffffff);
chunk_id = 0;
/*
@@ -83,7 +87,7 @@ stream_encrypt(Context *ctx)
* M: Message
* C: Ciphertext
* N: Nonce
- *
+ *
* load message and chunk_size into buffer:
*
* +- chunk_size_p
@@ -102,30 +106,33 @@ stream_encrypt(Context *ctx)
*/
while ((chunk_size = safe_read_partial(ctx->fd_in, chunk_msg, max_chunk_size)) >= 0) {
STORE32_LE(chunk_size_p, (uint32_t) chunk_size);
- memzero(chunk_nonce, crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
+ memzero(chunk_nonce, crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES);
randombytes(nonce, crypto_secretbox_NONCEBYTES);
/*
* encrypt with crypto_secretbox()
- *
+ *
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
* |LLL|???????|000000000000000|CCCCCCCCCCCCCCC|CCCCCCCCCCCCCCCCCC
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
* | 4 | 8 | 16 | 16 | chunk_size
*/
- if (crypto_secretbox(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES, nonce, ctx->key) !=
- 0) {
+ if (crypto_secretbox(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES, nonce,
+ ctx->key) != 0) {
die(0, "Encryption error");
}
/*
* copy nonce into empty space:
- *
+ *
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
* |LLL|NNNNNNN|NNNNNNNNNNNNNNN|CCCCCCCCCCCCCCC|CCCCCCCCCCCCCCCCCC
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...
* | 4 | 8 | 16 | 16 | chunk_size
*/
memcpy(chunk_nonce, nonce, crypto_secretbox_NONCEBYTES);
- if (safe_write(ctx->fd_out, chunk_size_p, 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size,
+ if (safe_write(ctx->fd_out, chunk_size_p,
+ 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES + chunk_size,
-1) < 0) {
die(1, "write()");
}
@@ -145,16 +152,19 @@ stream_decrypt(Context *ctx)
{
unsigned char *const chunk_size_p = ctx->buf;
unsigned char *const chunk_nonce = chunk_size_p + 4;
- unsigned char *const chunk_base = chunk_nonce + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
- unsigned char *const chunk_msg = chunk_base + crypto_secretbox_ZEROBYTES;
- unsigned char nonce[crypto_secretbox_NONCEBYTES];
+ unsigned char *const chunk_base =
+ chunk_nonce + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
+ unsigned char *const chunk_msg = chunk_base + crypto_secretbox_ZEROBYTES;
+ unsigned char nonce[crypto_secretbox_NONCEBYTES];
uint64_t chunk_id;
ssize_t readnb;
ssize_t max_chunk_size;
ssize_t chunk_size;
- assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
- max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES + crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
+ assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES);
+ max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES +
+ crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
assert(max_chunk_size <= 0x7fffffff);
chunk_id = 0;
while ((readnb = safe_read(ctx->fd_in, chunk_size_p, 4)) == 4) {
@@ -162,13 +172,17 @@ stream_decrypt(Context *ctx)
if (chunk_size > max_chunk_size) {
die(0, "Chunk size too large ([%zd] > [%zd])", chunk_size, max_chunk_size);
}
- if (safe_read(ctx->fd_in, chunk_nonce, crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size) !=
- crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size) {
+ if (safe_read(ctx->fd_in, chunk_nonce,
+ crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES + chunk_size) !=
+ crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES +
+ crypto_secretbox_ZEROBYTES + chunk_size) {
die(0, "Chunk too short ([%zd] bytes expected)", chunk_size);
}
memcpy(nonce, chunk_nonce, crypto_secretbox_NONCEBYTES);
memzero(chunk_nonce, crypto_secretbox_NONCEBYTES);
- if (crypto_secretbox_open(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES, nonce, ctx->key) != 0) {
+ if (crypto_secretbox_open(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES,
+ nonce, ctx->key) != 0) {
printf("Unable to decrypt chunk #%" PRIu64 " - ", chunk_id);
if (chunk_id == 0) {
die(0, "Wrong password or key?");
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-10 20:50:07 +0000