| author | Olivier Brunel
<jjk@jjacky.com> 2023-10-02 11:56:09 UTC |
| committer | Olivier Brunel
<jjk@jjacky.com> 2024-01-01 19:10:12 UTC |
| parent | 10c7944fc40df8ce4309a0ea03755c6c903567d4 |
| src/doc/buffer-shldata.h/buffer_shldata_getinit.3.md | +6 | -5 |
| src/doc/shldata-rw.h/shldata_write.3.md | +7 | -5 |
| src/doc/shldata.h/shldata_initr.3.md | +6 | -4 |
| src/include/buffer-shldata.h | +2 | -1 |
| src/liblimb/buffer-shldata.h/buffer_shldata_getinit.c | +2 | -2 |
| src/liblimb/buffer-shldata.h/buffer_shldata_getinit_sa.c | +6 | -3 |
| src/liblimb/include/limb/buffer-shldata.h | +2 | -2 |
| src/liblimb/include/limb/shldata-rw.h | +2 | -2 |
| src/liblimb/include/limb/shldata.h | +1 | -1 |
| src/liblimb/shldata-rw.h/shldata_read.c | +3 | -3 |
| src/liblimb/shldata.h/shldata_initr.c | +9 | -8 |
diff --git a/src/doc/buffer-shldata.h/buffer_shldata_getinit.3.md b/src/doc/buffer-shldata.h/buffer_shldata_getinit.3.md index a23e1dc..3657dbf 100644 --- a/src/doc/buffer-shldata.h/buffer_shldata_getinit.3.md +++ b/src/doc/buffer-shldata.h/buffer_shldata_getinit.3.md @@ -12,8 +12,8 @@ the shielded data protocol through buffer interface #include <limb/buffer-shldata.h> ```pre hl -int buffer_shldata_getinit_sa(buffer *<em>buf</em>, const char *<em>pwd</em>, size_t <em>plen</em>, stralloc *<em>sa</em>, buffer_shldata_ctx *<em>ctx</em>) -int buffer_shldata_getinit(buffer *<em>buf</em>, const char *<em>pwd</em>, size_t <em>plen</em>, buffer_shldata_ctx *<em>ctx</em>) +int buffer_shldata_getinit_sa(buffer *<em>buf</em>, const char *<em>pwd</em>, size_t <em>plen</em>, unsigned *<em>algo</em>, unsigned *<em>iter</em>, stralloc *<em>sa</em>, buffer_shldata_ctx *<em>ctx</em>) +int buffer_shldata_getinit(buffer *<em>buf</em>, const char *<em>pwd</em>, size_t <em>plen</em>, unsigned *<em>algo</em>, unsigned *<em>iter</em>, buffer_shldata_ctx *<em>ctx</em>) size_t buffer_shldata_datasize(buffer_shldata_ctx *<em>ctx</em>) ssize_t buffer_shldata_get(buffer *<em>buf</em>, char *<em>dst</em>, size_t <em>dlen</em>, buffer_shldata_ctx *<em>ctx</em>) int buffer_shldata_getfinal_sa(buffer *<em>buf</em>, stralloc *<em>sa</em>, buffer_shldata_ctx *<em>ctx</em>) @@ -27,9 +27,10 @@ and decrypt it with a user-supplied password, as per the shielded data protocol described in [shldata](5). The `buffer_shldata_getinit`() function reads data from the buffer pointed by -`buf` for derivation parameters, derives a secret key from the password pointed -by `pwd` of length `plen` and initializes the opaque structure pointed by `ctx` -for decryption. +`buf` for derivation parameters, storing in the memory pointed to by `algo` and +`iter` the used algorithm and iterations number, respectively. +It then derives a secret key from the password pointed by `pwd` of length `plen` +and initializes the opaque structure pointed by `ctx` for decryption. The `buffer_shldata_getinit_sa`() function is similar but using the *stralloc* `sa` as head-allocated temporary space. diff --git a/src/doc/shldata-rw.h/shldata_write.3.md b/src/doc/shldata-rw.h/shldata_write.3.md index b125016..173fab9 100644 --- a/src/doc/shldata-rw.h/shldata_write.3.md +++ b/src/doc/shldata-rw.h/shldata_write.3.md @@ -16,8 +16,8 @@ int shldata_chkmagic(u32 <em>magic</em>) int shldata_write(int <em>bfd</em>, const char *<em>file</em>, u32 <em>magic</em>, u64 <em>ver</em>, const char *<em>pwd</em>, size_t <em>plen</em>, unsigned <em>algo</em>, unsigned <em>iter</em>, int <em>inplace</em>, const struct iovec <em>v</em>[], unsigned <em>n</em>) -int shldata_read(u32 *<em>magic</em>, u64 *<em>ver</em>, stralloc *<em>sa</em>, int <em>bfd</em>, const char *<em>file</em>, - const char *<em>pwd</em>, size_t <em>plen</em>) +int shldata_read(u32 *<em>magic</em>, u64 *<em>ver</em>, unsigned *<em>algo</em>, unsigned *<em>iter</em>, stralloc *<em>sa</em>, + int <em>bfd</em>, const char *<em>file</em>, const char *<em>pwd</em>, size_t <em>plen</em>) ``` # DESCRIPTION @@ -52,9 +52,11 @@ to the directory associated with the file descriptor `bfd`. If passed the special value *AT_FDCWD* in the `bfd` parameter, the current working directory is used. -If the magic is valid, parameters will read and the encrypted data will then be -decrypted using the password pointed by `pwd` of length `plen` and placed into -the *stralloc* pointed by `sa`. +If the magic is valid, parameters will read; The algorithm and iterations number +used for key derivation will be put as value pointed by `algo` and `iter` +respectively, and used with the password pointed by `pwd` of length `plen` to +derive the encryption key. The decrypted data will be placed into the *stralloc* +pointed by `sa`. ! INFO: ! It is possible to set the value pointed to be `magic` to the expected magic diff --git a/src/doc/shldata.h/shldata_initr.3.md b/src/doc/shldata.h/shldata_initr.3.md index 600b85b..aa3bef6 100644 --- a/src/doc/shldata.h/shldata_initr.3.md +++ b/src/doc/shldata.h/shldata_initr.3.md @@ -11,7 +11,7 @@ data using the shielded data protocol #include <limb/shldata.h> ```pre hl -ssize_t shldata_initr(const char *<em>sce</em>, size_t <em>slen</em>, const char *<em>pwd</em>, size_t <em>plen</em>, shldata_ctx *<em>ctx</em>) +ssize_t shldata_initr(const char *<em>sce</em>, size_t <em>slen</em>, const char *<em>pwd</em>, size_t <em>plen</em>, unsigned *<em>algo</em>, unsigned *<em>iter</em>, shldata_ctx *<em>ctx</em>) size_t shldata_datasize(shldata_ctx *<em>ctx</em>) int shldata_decrypt(char *<em>dst</em>, const char *<em>sce</em>, size_t <em>len</em>, shldata_ctx *<em>ctx</em>) ssize_t shldata_finalr(const char *<em>sce</em>, size_t <em>slen</em>, shldata_ctx *<em>ctx</em>) @@ -24,9 +24,11 @@ user-supplied password using the shielded data protocol, as described in [shldata](5). First, the `shldata_initr`() function will read the memory pointed by `sce` (up -to a maximum of `slen` bytes) for derivation parameters, then it will derive a -secret key from the password pointed by `pwd` of length `plen` and initialize -the opaque structure pointed by `ctx`. +to a maximum of `slen` bytes) for derivation parameters. The algorithm and +number of iterations used will be stored in the variables pointed to by `algo` +and `iter` respectively. +Then it will derive a secret key from the password pointed by `pwd` of length +`plen` and initialize the opaque structure pointed by `ctx`. The `shldata_datasize`() macro returns the length of the encrypted data, and therefore decrypted data. diff --git a/src/include/buffer-shldata.h b/src/include/buffer-shldata.h index 56c95b2..4275afe 100644 --- a/src/include/buffer-shldata.h +++ b/src/include/buffer-shldata.h @@ -6,9 +6,10 @@ #include <skalibs/functypes.h> #include <limb/buffer-shldata.h> +#include <limb/gccattributes.h> typedef ssize_t (*shldata_getfull) (const char *s, size_t l, void *args, buffer_shldata_ctx *ctx); -extern int buffer_shldata_getfull(buffer *b, shldata_getfull fn, void *args, stralloc *sa, buffer_shldata_ctx *ctx); +extern int buffer_shldata_getfull(buffer *b, shldata_getfull fn, void *args, stralloc *sa, buffer_shldata_ctx *ctx) gccattr_hidden; #endif /* LIMB_LIMB_BUFFER_SHLDATA_h */ diff --git a/src/liblimb/buffer-shldata.h/buffer_shldata_getinit.c b/src/liblimb/buffer-shldata.h/buffer_shldata_getinit.c index e8a5f75..1d4379b 100644 --- a/src/liblimb/buffer-shldata.h/buffer_shldata_getinit.c +++ b/src/liblimb/buffer-shldata.h/buffer_shldata_getinit.c @@ -4,7 +4,7 @@ #include <limb/buffer-shldata.h> int -buffer_shldata_getinit(buffer *b, const char *pwd, size_t plen, buffer_shldata_ctx *ctx) +buffer_shldata_getinit(buffer *b, const char *pwd, size_t plen, unsigned *algo, unsigned *iter, buffer_shldata_ctx *ctx) { - return buffer_shldata_getinit_sa(b, pwd, plen, &ctx->sa, ctx); + return buffer_shldata_getinit_sa(b, pwd, plen, algo, iter, &ctx->sa, ctx); } diff --git a/src/liblimb/buffer-shldata.h/buffer_shldata_getinit_sa.c b/src/liblimb/buffer-shldata.h/buffer_shldata_getinit_sa.c index c656529..8a2034a 100644 --- a/src/liblimb/buffer-shldata.h/buffer_shldata_getinit_sa.c +++ b/src/liblimb/buffer-shldata.h/buffer_shldata_getinit_sa.c @@ -5,6 +5,8 @@ #include "buffer-shldata.h" struct args { + unsigned *algo; + unsigned *iter; const char *pwd; size_t plen; }; @@ -13,13 +15,14 @@ static ssize_t fn(const char *s, size_t l, void *args_, buffer_shldata_ctx *ctx) { struct args *args = args_; - return shldata_initr(s, l, args->pwd, args->plen, &ctx->sd); + return shldata_initr(s, l, args->pwd, args->plen, args->algo, args->iter, &ctx->sd); } int buffer_shldata_getinit_sa(buffer *b, const char *pwd, size_t plen, - stralloc *sa, buffer_shldata_ctx *ctx) + unsigned *algo, unsigned *iter, stralloc *sa, + buffer_shldata_ctx *ctx) { - struct args args = { pwd, plen }; + struct args args = { algo, iter, pwd, plen }; return buffer_shldata_getfull(b, fn, &args, sa, ctx); } diff --git a/src/liblimb/include/limb/buffer-shldata.h b/src/liblimb/include/limb/buffer-shldata.h index 1c43d72..2ea04dd 100644 --- a/src/liblimb/include/limb/buffer-shldata.h +++ b/src/liblimb/include/limb/buffer-shldata.h @@ -28,8 +28,8 @@ extern ssize_t buffer_shldata_putfinal(buffer *b, buffer_shldata_ctx *ctx); /* Reading */ -extern int buffer_shldata_getinit_sa(buffer *b, const char *pwd, size_t plen, stralloc *sa, buffer_shldata_ctx *ctx); -extern int buffer_shldata_getinit(buffer *b, const char *pwd, size_t plen, buffer_shldata_ctx *ctx); +extern int buffer_shldata_getinit_sa(buffer *b, const char *pwd, size_t plen, unsigned *algo, unsigned *iter, stralloc *sa, buffer_shldata_ctx *ctx); +extern int buffer_shldata_getinit(buffer *b, const char *pwd, size_t plen, unsigned *algo, unsigned *iter, buffer_shldata_ctx *ctx); #define buffer_shldata_datasize(ctx) shldata_datasize(&(ctx)->sd) extern ssize_t buffer_shldata_get(buffer *b, char *dst, size_t dlen, buffer_shldata_ctx *ctx); extern int buffer_shldata_getfinal_sa(buffer *b, stralloc *sa, buffer_shldata_ctx *ctx); diff --git a/src/liblimb/include/limb/shldata-rw.h b/src/liblimb/include/limb/shldata-rw.h index 05321bb..4757ecf 100644 --- a/src/liblimb/include/limb/shldata-rw.h +++ b/src/liblimb/include/limb/shldata-rw.h @@ -16,7 +16,7 @@ extern int shldata_chkmagic(u32 magic); extern int shldata_write(int bfd, const char *file, u32 magic, u64 ver, const char *pwd, size_t plen, unsigned algo, unsigned iter, int inplace, const struct iovec v[], unsigned n); -extern int shldata_read(u32 *magic, u64 *ver, stralloc *sa, int bfd, const char *file, - const char *pwd, size_t plen); +extern int shldata_read(u32 *magic, u64 *ver, unsigned *algo, unsigned *iter, stralloc *sa, + int bfd, const char *file, const char *pwd, size_t plen); #endif /* LIMB_SHLDATA_RW_H */ diff --git a/src/liblimb/include/limb/shldata.h b/src/liblimb/include/limb/shldata.h index 9081fce..2df726f 100644 --- a/src/liblimb/include/limb/shldata.h +++ b/src/liblimb/include/limb/shldata.h @@ -22,7 +22,7 @@ extern ssize_t shldata_predata(char *dst, size_t dlen, shldata_ctx *ctx); extern ssize_t shldata_finalw(char *dst, size_t dlen, shldata_ctx *ctx); -extern ssize_t shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, shldata_ctx *ctx); +extern ssize_t shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, unsigned *algo, unsigned *iter, shldata_ctx *ctx); #define shldata_datasize(ctx) (ctx)->len extern int shldata_decrypt(char *dst, const char *sce, size_t len, shldata_ctx *ctx); extern ssize_t shldata_finalr(const char *sce, size_t slen, shldata_ctx *ctx); diff --git a/src/liblimb/shldata-rw.h/shldata_read.c b/src/liblimb/shldata-rw.h/shldata_read.c index 615206e..9a30b45 100644 --- a/src/liblimb/shldata-rw.h/shldata_read.c +++ b/src/liblimb/shldata-rw.h/shldata_read.c @@ -17,8 +17,8 @@ chkmagic(u32 magic, u32 wmagic) } int -shldata_read(u32 *magic, u64 *ver, stralloc *sa, int bfd, const char *file, - const char *pwd, size_t plen) +shldata_read(u32 *magic, u64 *ver, unsigned *algo, unsigned *iter, stralloc *sa, + int bfd, const char *file, const char *pwd, size_t plen) { int ret = 0; char buf[4096]; @@ -35,7 +35,7 @@ shldata_read(u32 *magic, u64 *ver, stralloc *sa, int bfd, const char *file, size_t salen = sa->len; if (!buffer_gethdr(&b, magic, ver) || !chkmagic(*magic, wmagic) - || !buffer_shldata_getinit_sa(&b, pwd, plen, sa, &bsd) + || !buffer_shldata_getinit_sa(&b, pwd, plen, algo, iter, sa, &bsd) || !stralloc_readyplus(sa, buffer_shldata_datasize(&bsd)) || !buffer_shldata_get(&b, sa->s + sa->len, buffer_shldata_datasize(&bsd), &bsd) || (sa->len += buffer_shldata_datasize(&bsd), 0) diff --git a/src/liblimb/shldata.h/shldata_initr.c b/src/liblimb/shldata.h/shldata_initr.c index 1e3e922..1dee37d 100644 --- a/src/liblimb/shldata.h/shldata_initr.c +++ b/src/liblimb/shldata.h/shldata_initr.c @@ -9,9 +9,10 @@ #include "shldata.h" ssize_t -shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, shldata_ctx *ctx) +shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, + unsigned *algo, unsigned *iter, shldata_ctx *ctx) { - unsigned algo, iter, o; + unsigned o; const char *salt; size_t sltlen; ssize_t aadoff; @@ -22,7 +23,7 @@ shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, shldat sltlen = 0; aadoff = -1; - o = algo = iter = 0; + o = *algo = *iter = 0; for (;;) { u64 id, u; @@ -39,10 +40,10 @@ shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, shldat aadoff = o; switch (id) { case ID_ALGO: - algo = u + 1; + *algo = u + 1; break; case ID_ITER: - iter = u; + *iter = u; break; case ID_SALT: salt = sce + o + r; @@ -60,13 +61,13 @@ shldata_initr(const char *sce, size_t slen, const char *pwd, size_t plen, shldat break; o += r; } - if (!algo || !iter || !sltlen) + if (!*algo || !*iter || !sltlen) return (errno = EINVAL, -1); - --algo; + --*algo; char key[KEY_LEN]; char nonce[NONCE_LEN] = { 0 }; - pbkdf2(key, sizeof(key), hashers[algo], pwd, plen, salt, sltlen, iter); + pbkdf2(key, sizeof(key), hashers[*algo], pwd, plen, salt, sltlen, *iter); ccpl_init(key, nonce, &ctx->ccpl); ccpl_aad(sce + aadoff, o - aadoff, &ctx->ccpl);