mirror of https://github.com/skeeto/enchive.git
Remove extra passphrase mixing from key derivation.
parent
65467d2fe3
commit
ff6ac9c7ca
15
README.md
15
README.md
|
@ -124,20 +124,15 @@ of memory (D=29) by default, and protection key derivation requires
|
|||
2. Compute `HMAC_SHA256(salt, passphrase)` and write this 32-byte
|
||||
result to the beginning of *M*.
|
||||
3. For each uninitialized 32-byte chunk in *M*, compute the SHA-256
|
||||
hash of the previous 32-byte chunk concatenated with the
|
||||
passphrase.
|
||||
hash of the previous 32-byte chunk.
|
||||
4. Initialize a byte pointer *P* to the last 32-byte chunk of *M*.
|
||||
5. Compute the SHA-256 of the 32 bytes at *P* concatenated with the
|
||||
passphrase.
|
||||
6. Overwrite the memory at *P* with this new hash value.
|
||||
7. Take the first *D* bits of this hash and use this value to set a
|
||||
new *P* pointing elsewhere into *M*.
|
||||
5. Compute the SHA-256 hash, *H*, of the 32 bytes at *P*.
|
||||
6. Overwrite the memory at *P* with *H*.
|
||||
7. Take the first *D* bits of *H* and use this value to set a new *P*
|
||||
pointing into *M*.
|
||||
8. Repeat from step 5 `1 << (D - 5)` times.
|
||||
9. *P* points to the result.
|
||||
|
||||
The passphrase is always concatenated on the end so that the hash
|
||||
context can't be precomputed.
|
||||
|
||||
## Compilation
|
||||
|
||||
To build on any unix-like system, run `make`. The resulting binary has
|
||||
|
|
|
@ -374,7 +374,6 @@ static void
|
|||
key_derive(const char *passphrase, u8 *buf, int iexp, const u8 *salt)
|
||||
{
|
||||
static const u8 empty[8] = {0};
|
||||
size_t len = strlen(passphrase);
|
||||
SHA256_CTX ctx[1];
|
||||
unsigned long i;
|
||||
unsigned long memlen = 1UL << iexp;
|
||||
|
@ -389,7 +388,7 @@ key_derive(const char *passphrase, u8 *buf, int iexp, const u8 *salt)
|
|||
if (!salt)
|
||||
salt = empty;
|
||||
hmac_init(ctx, salt);
|
||||
sha256_update(ctx, (u8 *)passphrase, len);
|
||||
sha256_update(ctx, (u8 *)passphrase, strlen(passphrase));
|
||||
hmac_final(ctx, salt, memory);
|
||||
|
||||
for (p = memory + SHA256_BLOCK_SIZE;
|
||||
|
@ -397,7 +396,6 @@ key_derive(const char *passphrase, u8 *buf, int iexp, const u8 *salt)
|
|||
p += SHA256_BLOCK_SIZE) {
|
||||
sha256_init(ctx);
|
||||
sha256_update(ctx, p - SHA256_BLOCK_SIZE, SHA256_BLOCK_SIZE);
|
||||
sha256_update(ctx, (u8 *)passphrase, len);
|
||||
sha256_final(ctx, p);
|
||||
}
|
||||
|
||||
|
@ -406,7 +404,6 @@ key_derive(const char *passphrase, u8 *buf, int iexp, const u8 *salt)
|
|||
unsigned long offset;
|
||||
sha256_init(ctx);
|
||||
sha256_update(ctx, memptr, SHA256_BLOCK_SIZE);
|
||||
sha256_update(ctx, (u8 *)passphrase, len);
|
||||
sha256_final(ctx, memptr);
|
||||
offset = ((unsigned long)memptr[3] << 24 |
|
||||
(unsigned long)memptr[2] << 16 |
|
||||
|
|
Loading…
Reference in New Issue