diff options
author | Mattias Andrée <maandree@kth.se> | 2023-06-23 19:36:52 +0200 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2023-06-23 19:38:23 +0200 |
commit | 5d432bac33fe533c6f200b0acab1d33491bf6e0e (patch) | |
tree | 93d027fe7e46910a7e7c208b408d4dc3415ad314 | |
parent | Use libar2simplified instead of crypt as crypt has a verily limited imput size, and add -h to key2root-addkey, and add key2root-crypt (diff) | |
download | key2root-5d432bac33fe533c6f200b0acab1d33491bf6e0e.tar.gz key2root-5d432bac33fe533c6f200b0acab1d33491bf6e0e.tar.bz2 key2root-5d432bac33fe533c6f200b0acab1d33491bf6e0e.tar.xz |
Add pepper
Signed-off-by: Mattias Andrée <maandree@kth.se>
-rw-r--r-- | .pepper-validation.mk | 10 | ||||
-rw-r--r-- | Makefile | 5 | ||||
-rw-r--r-- | crypt.c | 13 | ||||
-rw-r--r-- | key2root.c | 4 |
4 files changed, 29 insertions, 3 deletions
diff --git a/.pepper-validation.mk b/.pepper-validation.mk new file mode 100644 index 0000000..1cff2b5 --- /dev/null +++ b/.pepper-validation.mk @@ -0,0 +1,10 @@ +.POSIX: + +## DO NOT MODIFY THIS FILE + +PEPPER_VALIDATION_INPUT = $$argon2id$$v=19$$m=3072,t=32,p=4$$ABCDabcd1234$$*16 +PEPPER_VALIDATION_OUTPUT = $$argon2id$$v=19$$m=3072,t=32,p=4$$ABCDabcd1234$$NVf6KJj9PDPW8BYdduqPWA + +check: + +@test -x key2root-crypt || $(MAKE) key2root-crypt + test "$$(printf '' | ./key2root-crypt '$(PEPPER_VALIDATION_INPUT)')" = '$(PEPPER_VALIDATION_OUTPUT)' @@ -31,6 +31,9 @@ key2root-rmkey: key2root-rmkey.o key2root-crypt: key2root-crypt.o crypt.o $(CC) -o $@ $@.o crypt.o $(LDFLAGS_CRYPT) +check: key2root-crypt + +@$(MAKE) -f .pepper-validation.mk check ## DO NOT REMOVE + install: $(BIN) mkdir -p -- "$(DESTDIR)$(PREFIX)/bin" mkdir -p -- "$(DESTDIR)$(MANPREFIX)/man8/" @@ -49,4 +52,4 @@ clean: .SUFFIXES: .SUFFIXES: .o .c -.PHONY: all install uninstall clean +.PHONY: all check install uninstall clean @@ -10,6 +10,15 @@ extern char *argv0; +static unsigned char pepper[] = { + /* DO NOT MODIFY !!! */ + 0x45, 0xf3, 0x4d, 0x3d, 0x14, 0xf9, 0x4b, 0x9a, + 0x56, 0xda, 0x12, 0xd5, 0x45, 0x35, 0x94, 0x74, + 0x93, 0x1d, 0x04, 0xb1, 0xea, 0x9e, 0x20, 0x49, + 0xce, 0x5d, 0xdc, 0x58, 0x82, 0x90, 0xed, 0xff +}; + + char * key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) { @@ -20,6 +29,7 @@ key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) libar2simplified_init_context(&ctx); ctx.autoerase_message = (unsigned char)autoerase; + ctx.autoerase_secret = 0; if (!paramstr) paramstr = libar2simplified_recommendation(0); @@ -34,6 +44,9 @@ key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) goto out; } + params->key = pepper; + params->keylen = sizeof(pepper); + size = libar2_hash_buf_size(params); if (!size) abort(); @@ -240,7 +240,7 @@ hashequal(const char *a, const char *b) static int checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *linenop, const char *path, - const char *keyname, size_t keyname_len, const char *key, size_t key_len, int *key_foundp) + const char *keyname, size_t keyname_len, char *key, size_t key_len, int *key_foundp) { int failed = 0, match; char *hash, *sp; @@ -287,7 +287,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin static int -authenticate(const char *path, const char *keyname, const char *key, size_t key_len, int *key_foundp) +authenticate(const char *path, const char *keyname, char *key, size_t key_len, int *key_foundp) { int fd; char *data = NULL; |