static void test_crypto_pwbox(void *arg) { uint8_t *boxed=NULL, *decoded=NULL; size_t len, dlen; unsigned i; const char msg[] = "This bunny reminds you that you still have a " "salamander in your sylladex. She is holding the bunny Dave got you. " "It’s sort of uncanny how similar they are, aside from the knitted " "enhancements. Seriously, what are the odds?? So weird."; const char pw[] = "I'm a night owl and a wise bird too"; const unsigned flags[] = { 0, S2K_FLAG_NO_SCRYPT, S2K_FLAG_LOW_MEM, S2K_FLAG_NO_SCRYPT|S2K_FLAG_LOW_MEM, S2K_FLAG_USE_PBKDF2 }; (void)arg; for (i = 0; i < ARRAY_LENGTH(flags); ++i) { tt_int_op(0, OP_EQ, crypto_pwbox(&boxed, &len, (const uint8_t*)msg, strlen(msg), pw, strlen(pw), flags[i])); tt_assert(boxed); tt_assert(len > 128+32); tt_int_op(0, OP_EQ, crypto_unpwbox(&decoded, &dlen, boxed, len, pw, strlen(pw))); tt_assert(decoded); tt_uint_op(dlen, OP_EQ, strlen(msg)); tt_mem_op(decoded, OP_EQ, msg, dlen); tor_free(decoded); tt_int_op(UNPWBOX_BAD_SECRET, OP_EQ, crypto_unpwbox(&decoded, &dlen, boxed, len, pw, strlen(pw)-1)); boxed[len-1] ^= 1; tt_int_op(UNPWBOX_BAD_SECRET, OP_EQ, crypto_unpwbox(&decoded, &dlen, boxed, len, pw, strlen(pw))); boxed[0] = 255; tt_int_op(UNPWBOX_CORRUPTED, OP_EQ, crypto_unpwbox(&decoded, &dlen, boxed, len, pw, strlen(pw))); tor_free(boxed); } done: tor_free(boxed); tor_free(decoded); }
int write_encrypted_secret_key(const ed25519_secret_key_t *key, const char *fname) { int r = -1; char pwbuf0[256]; uint8_t *encrypted_key = NULL; size_t encrypted_len = 0; if (do_getpass("Enter new passphrase:", pwbuf0, sizeof(pwbuf0), 1, get_options()) < 0) { log_warn(LD_OR, "NO/failed passphrase"); return -1; } if (strlen(pwbuf0) == 0) { if (get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_ON) return -1; else return 0; } if (crypto_pwbox(&encrypted_key, &encrypted_len, key->seckey, sizeof(key->seckey), pwbuf0, strlen(pwbuf0), 0) < 0) { log_warn(LD_OR, "crypto_pwbox failed!?"); goto done; } if (crypto_write_tagged_contents_to_file(fname, ENC_KEY_HEADER, ENC_KEY_TAG, encrypted_key, encrypted_len) < 0) goto done; r = 1; done: if (encrypted_key) { memwipe(encrypted_key, 0, encrypted_len); tor_free(encrypted_key); } memwipe(pwbuf0, 0, sizeof(pwbuf0)); return r; }