From 5d432bac33fe533c6f200b0acab1d33491bf6e0e Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Fri, 23 Jun 2023 19:36:52 +0200 Subject: Add pepper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- .pepper-validation.mk | 10 ++++++++++ Makefile | 5 ++++- crypt.c | 13 +++++++++++++ key2root.c | 4 ++-- 4 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 .pepper-validation.mk diff --git a/.pepper-validation.mk b/.pepper-validation.mk new file mode 100644 index 0000000..1cff2b5 --- /dev/null +++ b/.pepper-validation.mk @@ -0,0 +1,10 @@ +.POSIX: + +## DO NOT MODIFY THIS FILE + +PEPPER_VALIDATION_INPUT = $$argon2id$$v=19$$m=3072,t=32,p=4$$ABCDabcd1234$$*16 +PEPPER_VALIDATION_OUTPUT = $$argon2id$$v=19$$m=3072,t=32,p=4$$ABCDabcd1234$$NVf6KJj9PDPW8BYdduqPWA + +check: + +@test -x key2root-crypt || $(MAKE) key2root-crypt + test "$$(printf '' | ./key2root-crypt '$(PEPPER_VALIDATION_INPUT)')" = '$(PEPPER_VALIDATION_OUTPUT)' diff --git a/Makefile b/Makefile index 86af4e2..8c3ccb1 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,9 @@ key2root-rmkey: key2root-rmkey.o key2root-crypt: key2root-crypt.o crypt.o $(CC) -o $@ $@.o crypt.o $(LDFLAGS_CRYPT) +check: key2root-crypt + +@$(MAKE) -f .pepper-validation.mk check ## DO NOT REMOVE + install: $(BIN) mkdir -p -- "$(DESTDIR)$(PREFIX)/bin" mkdir -p -- "$(DESTDIR)$(MANPREFIX)/man8/" @@ -49,4 +52,4 @@ clean: .SUFFIXES: .SUFFIXES: .o .c -.PHONY: all install uninstall clean +.PHONY: all check install uninstall clean diff --git a/crypt.c b/crypt.c index ca3626d..2886cf3 100644 --- a/crypt.c +++ b/crypt.c @@ -10,6 +10,15 @@ extern char *argv0; +static unsigned char pepper[] = { + /* DO NOT MODIFY !!! */ + 0x45, 0xf3, 0x4d, 0x3d, 0x14, 0xf9, 0x4b, 0x9a, + 0x56, 0xda, 0x12, 0xd5, 0x45, 0x35, 0x94, 0x74, + 0x93, 0x1d, 0x04, 0xb1, 0xea, 0x9e, 0x20, 0x49, + 0xce, 0x5d, 0xdc, 0x58, 0x82, 0x90, 0xed, 0xff +}; + + char * key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) { @@ -20,6 +29,7 @@ key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) libar2simplified_init_context(&ctx); ctx.autoerase_message = (unsigned char)autoerase; + ctx.autoerase_secret = 0; if (!paramstr) paramstr = libar2simplified_recommendation(0); @@ -34,6 +44,9 @@ key2root_crypt(char *msg, size_t msglen, const char *paramstr, int autoerase) goto out; } + params->key = pepper; + params->keylen = sizeof(pepper); + size = libar2_hash_buf_size(params); if (!size) abort(); diff --git a/key2root.c b/key2root.c index 49febd2..ceb78c9 100644 --- a/key2root.c +++ b/key2root.c @@ -240,7 +240,7 @@ hashequal(const char *a, const char *b) static int checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *linenop, const char *path, - const char *keyname, size_t keyname_len, const char *key, size_t key_len, int *key_foundp) + const char *keyname, size_t keyname_len, char *key, size_t key_len, int *key_foundp) { int failed = 0, match; char *hash, *sp; @@ -287,7 +287,7 @@ checkauth(char *data, size_t whead, size_t *rheadp, size_t *rhead2p, size_t *lin static int -authenticate(const char *path, const char *keyname, const char *key, size_t key_len, int *key_foundp) +authenticate(const char *path, const char *keyname, char *key, size_t key_len, int *key_foundp) { int fd; char *data = NULL; -- cgit v1.2.3-70-g09d2