aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/encpipe.c64
-rw-r--r--src/encpipe_p.h7
2 files changed, 37 insertions, 34 deletions
diff --git a/src/encpipe.c b/src/encpipe.c
index 183a14a..a41a222 100644
--- a/src/encpipe.c
+++ b/src/encpipe.c
@@ -1,4 +1,6 @@
#include "encpipe_p.h"
+#include "tweetpwhash.h"
+#include "util.h"
static struct option getopt_long_options[] = {
{ "help", 0, NULL, 'h' }, { "decrypt", 0, NULL, 'd' }, { "encrypt", 0, NULL, 'e' },
@@ -46,17 +48,15 @@ file_open(const char *file, int create)
static void
derive_key(Context *ctx, char *password, size_t password_len)
{
- static uint8_t master_key[hydro_pwhash_MASTERKEYBYTES] = { 0 };
+ static uint8_t master_key[crypto_pwhash_SALTBYTES] = { 0 };
if (ctx->has_key) {
die(0, "A single key is enough");
}
- if (hydro_pwhash_deterministic(ctx->key, sizeof ctx->key, password, password_len, HYDRO_CONTEXT,
- master_key, PWHASH_OPSLIMIT, PWHASH_MEMLIMIT,
- PWHASH_THREADS) != 0) {
+ if (crypto_pwhash(ctx->key, sizeof ctx->key, (unsigned char *) password, password_len, master_key, PWHASH_OPSLIMIT) != 0) {
die(0, "Password hashing failed");
}
- hydro_memzero(password, password_len);
+ memzero(password, password_len);
ctx->has_key = 1;
}
@@ -64,22 +64,28 @@ static int
stream_encrypt(Context *ctx)
{
unsigned char *const chunk_size_p = ctx->buf;
- unsigned char *const chunk = chunk_size_p + 4;
+ unsigned char *const chunk_nonce = chunk_size_p + 4;
+ unsigned char *const chunk_base = chunk_size_p + 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
+ unsigned char *const chunk_msg = chunk_size_p + 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES;
+ unsigned char nonce[crypto_secretbox_NONCEBYTES];
uint64_t chunk_id;
ssize_t max_chunk_size;
ssize_t chunk_size;
- assert(ctx->sizeof_buf >= 4 + hydro_secretbox_HEADERBYTES);
- max_chunk_size = ctx->sizeof_buf - 4 - hydro_secretbox_HEADERBYTES;
+ assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
+ max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES + crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
assert(max_chunk_size <= 0x7fffffff);
chunk_id = 0;
- while ((chunk_size = safe_read_partial(ctx->fd_in, chunk, max_chunk_size)) >= 0) {
+ while ((chunk_size = safe_read_partial(ctx->fd_in, chunk_msg, max_chunk_size)) >= 0) {
STORE32_LE(chunk_size_p, (uint32_t) chunk_size);
- if (hydro_secretbox_encrypt(chunk, chunk, chunk_size, chunk_id, HYDRO_CONTEXT, ctx->key) !=
+ memzero(chunk_nonce, crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
+ randombytes(nonce, crypto_secretbox_NONCEBYTES);
+ if (crypto_secretbox(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES, nonce, ctx->key) !=
0) {
die(0, "Encryption error");
}
- if (safe_write(ctx->fd_out, chunk_size_p, 4 + hydro_secretbox_HEADERBYTES + chunk_size,
+ memcpy(chunk_nonce, nonce, crypto_secretbox_NONCEBYTES);
+ if (safe_write(ctx->fd_out, chunk_size_p, 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size,
-1) < 0) {
die(1, "write()");
}
@@ -98,14 +104,17 @@ static int
stream_decrypt(Context *ctx)
{
unsigned char *const chunk_size_p = ctx->buf;
- unsigned char *const chunk = chunk_size_p + 4;
+ unsigned char *const chunk_nonce = chunk_size_p + 4;
+ unsigned char *const chunk_base = chunk_size_p + 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES;
+ unsigned char *const chunk_msg = chunk_size_p + 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES;
+ unsigned char nonce[crypto_secretbox_NONCEBYTES];
uint64_t chunk_id;
ssize_t readnb;
ssize_t max_chunk_size;
ssize_t chunk_size;
- assert(ctx->sizeof_buf >= 4 + hydro_secretbox_HEADERBYTES);
- max_chunk_size = ctx->sizeof_buf - 4 - hydro_secretbox_HEADERBYTES;
+ assert(ctx->sizeof_buf >= 4 + crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES);
+ max_chunk_size = ctx->sizeof_buf - 4 - crypto_secretbox_NONCEBYTES + crypto_secretbox_BOXZEROBYTES - crypto_secretbox_ZEROBYTES;
assert(max_chunk_size <= 0x7fffffff);
chunk_id = 0;
while ((readnb = safe_read(ctx->fd_in, chunk_size_p, 4)) == 4) {
@@ -113,13 +122,14 @@ stream_decrypt(Context *ctx)
if (chunk_size > max_chunk_size) {
die(0, "Chunk size too large ([%zd] > [%zd])", chunk_size, max_chunk_size);
}
- if (safe_read(ctx->fd_in, chunk, chunk_size + hydro_secretbox_HEADERBYTES) !=
- chunk_size + hydro_secretbox_HEADERBYTES) {
+ if (safe_read(ctx->fd_in, chunk_nonce, crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size) !=
+ crypto_secretbox_NONCEBYTES - crypto_secretbox_BOXZEROBYTES + crypto_secretbox_ZEROBYTES + chunk_size) {
die(0, "Chunk too short ([%zd] bytes expected)", chunk_size);
}
- if (hydro_secretbox_decrypt(chunk, chunk, chunk_size + hydro_secretbox_HEADERBYTES,
- chunk_id, HYDRO_CONTEXT, ctx->key) != 0) {
- fprintf(stderr, "Unable to decrypt chunk #%" PRIu64 " - ", chunk_id);
+ memcpy(nonce, chunk_nonce, crypto_secretbox_NONCEBYTES);
+ memzero(chunk_nonce, crypto_secretbox_NONCEBYTES);
+ if (crypto_secretbox_open(chunk_base, chunk_base, chunk_size + crypto_secretbox_ZEROBYTES, nonce, ctx->key) != 0) {
+ printf("Unable to decrypt chunk #%" PRIu64 " - ", chunk_id);
if (chunk_id == 0) {
die(0, "Wrong password or key?");
} else {
@@ -129,7 +139,7 @@ stream_decrypt(Context *ctx)
if (chunk_size == 0) {
break;
}
- if (safe_write(ctx->fd_out, chunk, chunk_size, -1) < 0) {
+ if (safe_write(ctx->fd_out, chunk_msg, chunk_size, -1) < 0) {
die(1, "write()");
}
chunk_id++;
@@ -198,11 +208,11 @@ passgen(void)
unsigned char password[32];
char hex[32 * 2 + 1];
- hydro_random_buf(password, sizeof password);
- hydro_bin2hex(hex, sizeof hex, password, sizeof password);
+ randombytes(password, sizeof password);
+ bin2hex(hex, sizeof hex, password, sizeof password);
puts(hex);
- hydro_memzero(password, sizeof password);
- hydro_memzero(hex, sizeof hex);
+ memzero(password, sizeof password);
+ memzero(hex, sizeof hex);
exit(0);
}
@@ -263,9 +273,6 @@ main(int argc, char *argv[])
{
Context ctx;
- if (hydro_init() < 0) {
- die(1, "Unable to initialize the crypto library");
- }
memset(&ctx, 0, sizeof ctx);
options_parse(&ctx, argc, argv);
ctx.sizeof_buf = DEFAULT_BUFFER_SIZE;
@@ -277,7 +284,6 @@ main(int argc, char *argv[])
if ((ctx.buf = (unsigned char *) malloc(ctx.sizeof_buf)) == NULL) {
die(1, "malloc()");
}
- assert(sizeof HYDRO_CONTEXT == hydro_secretbox_CONTEXTBYTES);
ctx.fd_in = file_open(ctx.in, 0);
ctx.fd_out = file_open(ctx.out, 1);
@@ -289,7 +295,7 @@ main(int argc, char *argv[])
free(ctx.buf);
close(ctx.fd_out);
close(ctx.fd_in);
- hydro_memzero(&ctx, sizeof ctx);
+ memzero(&ctx, sizeof ctx);
return 0;
}
diff --git a/src/encpipe_p.h b/src/encpipe_p.h
index 98afe94..06fc523 100644
--- a/src/encpipe_p.h
+++ b/src/encpipe_p.h
@@ -16,7 +16,7 @@
#include <string.h>
#include <unistd.h>
-#include <hydrogen.h>
+#include <tweetnacl.h>
#include "common.h"
#include "safe_rw.h"
@@ -24,15 +24,12 @@
#define MIN_BUFFER_SIZE 512
#define MAX_BUFFER_SIZE 0x7fffffff
#define DEFAULT_BUFFER_SIZE (1 * 1024 * 1024)
-#define HYDRO_CONTEXT "EncPipe"
#define PWHASH_OPSLIMIT 1000000
-#define PWHASH_MEMLIMIT 0
-#define PWHASH_THREADS 1
typedef struct Context_ {
char * in;
char * out;
- unsigned char key[hydro_secretbox_KEYBYTES];
+ unsigned char key[crypto_secretbox_KEYBYTES];
unsigned char *buf;
size_t sizeof_buf;
int fd_in;
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-12 22:01:07 +0000