mirrors
/
enchive
mirror of https://github.com/skeeto/enchive.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Switch to HMAC for the MAC.

pull/2/head
Christopher Wellons 2017-03-05 19:00:13 -05:00
parent e718e63324
commit d2de5a30f6
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -8,7 +8,7 @@ performance.
Supported platforms: Linux, BSD, macOS, Windows
Files are secured with uses ChaCha20, Curve25519, and SHA-256.
Files are secured with uses ChaCha20, Curve25519, and HMAC-SHA256.
## Usage
@ -90,17 +90,17 @@ The process for encrypting a file:
4. Write the 8-byte IV.
5. Write the 32-byte ephemeral public key.
6. Encrypt the file with ChaCha20 and write the ciphertext.
7. Write `sha256(key + sha256(plaintext))`.
7. Write `HMAC(key, plaintext)`.
The process for decrypting a file:
1. Read the 8-byte ChaCha20 IV.
2. Read the 32-byte ephemeral public key
2. Read the 32-byte ephemeral public key.
3. Perform a Curve25519 Diffie-Hellman key exchange with the ephemeral
public key.
4. Initialize ChaCha20 with the shared secret as the key.
5. Decrypt the ciphertext using ChaCha20.
6. Verify `sha256(key + sha256(plaintext))`.
7. Write `HMAC(key, plaintext)`.
## Compile-time configuration

22
enchive.c
View File

@ -418,11 +418,18 @@ symmetric_encrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
{
static u8 buffer[2][CHACHA_BLOCKLENGTH * 1024];
u8 msghash[SHA256_BLOCK_SIZE];
u8 hmac_pad[SHA256_BLOCK_SIZE];
SHA256_CTX hash[1];
chacha_ctx ctx[1];
int i;
chacha_keysetup(ctx, key, 256);
chacha_ivsetup(ctx, iv);
sha256_init(hash);
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
hmac_pad[i] = key[i] ^ 0x36U;
sha256_update(hash, hmac_pad, sizeof(hmac_pad));
for (;;) {
size_t z = fread(buffer[0], 1, sizeof(buffer[0]), in);
@ -441,7 +448,9 @@ symmetric_encrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
sha256_final(hash, msghash);
sha256_init(hash);
sha256_update(hash, key, 32);
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
hmac_pad[i] = key[i] ^ 0x5cU;
sha256_update(hash, hmac_pad, sizeof(hmac_pad));
sha256_update(hash, msghash, sizeof(msghash));
sha256_final(hash, msghash);
@ -459,11 +468,18 @@ symmetric_decrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
{
static u8 buffer[2][CHACHA_BLOCKLENGTH * 1024 + SHA256_BLOCK_SIZE];
u8 msghash[SHA256_BLOCK_SIZE];
u8 hmac_pad[SHA256_BLOCK_SIZE];
SHA256_CTX hash[1];
chacha_ctx ctx[1];
int i;
chacha_keysetup(ctx, key, 256);
chacha_ivsetup(ctx, iv);
sha256_init(hash);
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
hmac_pad[i] = key[i] ^ 0x36U;
sha256_update(hash, hmac_pad, sizeof(hmac_pad));
/* Always keep SHA256_BLOCK_SIZE bytes in the buffer. */
if (!(fread(buffer[0], SHA256_BLOCK_SIZE, 1, in))) {
@ -495,7 +511,9 @@ symmetric_decrypt(FILE *in, FILE *out, u8 *key, u8 *iv)
sha256_final(hash, msghash);
sha256_init(hash);
sha256_update(hash, key, 32);
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
hmac_pad[i] = key[i] ^ 0x5cU;
sha256_update(hash, hmac_pad, sizeof(hmac_pad));
sha256_update(hash, msghash, sizeof(msghash));
sha256_final(hash, msghash);