safe

Password protected secret keeper
git clone git://git.z3bra.org/safe.git
Log | Files | Refs | README | LICENSE

commit 5dab94f82b2ff901e004fb3ef9692e3644208aac
parent d559d079f0cbe3f4347898ce51962877c05eda01
Author: Willy Goiffon <dev@z3bra.org>
Date:   Mon,  3 Jun 2019 11:37:42 +0200

Reuse salt of special entry '.lock' if present

Diffstat:
safe.c | 30+++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/safe.c b/safe.c @@ -4,6 +4,7 @@ #include <sys/un.h> #include <err.h> +#include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdint.h> @@ -155,6 +156,20 @@ secret_decrypt(struct safe *s, uint8_t *c, size_t clen, uint8_t *m, unsigned lon } int +secret_exists(const char *secret) +{ + struct stat sb; + + if (!stat(secret, &sb)) + return 1; + + if (errno == ENOENT) + return 0; + + err(1, "stat: %s", secret); +} + +int readpass(const char *prompt, uint8_t **target, size_t *len) { char pass[BUFSIZ], *p; @@ -265,7 +280,17 @@ getkey(struct safe *s, char *path) int genkey(struct safe *s) { - memset(s->salt, 0, sizeof(s->salt)); + int fd; + + if (secret_exists(LOCK)) { + if ((fd = open(LOCK, O_RDONLY)) < 0) + err(1, "open %s", LOCK); + + xread(fd, s->salt, sizeof(s->salt), NULL); + } else { + randombytes_buf(s->salt, sizeof(s->salt)); + } + readpass("password:", &passphrase, &pplen); deriv((char *)passphrase, s); @@ -286,6 +311,8 @@ store_secret(struct safe *s, int fd, char *name) if (sfd < 0) err(1, "open %s", name); + xwrite(sfd, s->salt, sizeof(s->salt)); + flags = SAFE_INIT; while ((n = xread(fd, m, sizeof(m), &eof)) > 0) { flags |= eof ? SAFE_FINAL : 0; @@ -316,6 +343,7 @@ show_secret(struct safe *s, int fd, char *name) if (sfd < 0) err(1, "open %s", name); + xread(sfd, s->salt, sizeof(s->salt), NULL); xread(sfd, s->h, sizeof(s->h), NULL); flags = SAFE_INIT;