/* Decrypts the given data with the given passphrase. The output array must be * at least data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. This delegates * to tox_pass_key_decrypt. * * the output data has size data_length - TOX_PASS_ENCRYPTION_EXTRA_LENGTH * * returns true on success */ bool tox_pass_decrypt(const uint8_t *data, size_t length, const uint8_t *passphrase, size_t pplength, uint8_t *out, TOX_ERR_DECRYPTION *error) { if (length <= TOX_PASS_ENCRYPTION_EXTRA_LENGTH) { SET_ERROR_PARAMETER(error, TOX_ERR_DECRYPTION_INVALID_LENGTH); return 0; } if (!data || !passphrase || !out) { SET_ERROR_PARAMETER(error, TOX_ERR_DECRYPTION_NULL); return 0; } if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) { SET_ERROR_PARAMETER(error, TOX_ERR_DECRYPTION_BAD_FORMAT); return 0; } uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; memcpy(salt, data + TOX_ENC_SAVE_MAGIC_LENGTH, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); /* derive the key */ Tox_Pass_Key key; if (!tox_pass_key_derive_with_salt(&key, passphrase, pplength, salt, NULL)) { /* out of memory most likely */ SET_ERROR_PARAMETER(error, TOX_ERR_DECRYPTION_KEY_DERIVATION_FAILED); return 0; } return tox_pass_key_decrypt(&key, data, length, out, error); }
/* Generates a secret symmetric key from the given passphrase. out_key must be at least * TOX_PASS_KEY_LENGTH bytes long. * Be sure to not compromise the key! Only keep it in memory, do not write to disk. * The password is zeroed after key derivation. * The key should only be used with the other functions in this module, as it * includes a salt. * Note that this function is not deterministic; to derive the same key from a * password, you also must know the random salt that was used. See below. * * returns true on success */ bool tox_pass_key_derive(Tox_Pass_Key *out_key, const uint8_t *passphrase, size_t pplength, TOX_ERR_KEY_DERIVATION *error) { uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; randombytes(salt, sizeof salt); return tox_pass_key_derive_with_salt(out_key, passphrase, pplength, salt, error); }
std::shared_ptr<Tox_Pass_Key> Core::createPasskey(const QString& password, uint8_t* salt) { std::shared_ptr<Tox_Pass_Key> encryptionKey(tox_pass_key_new(), tox_pass_key_free); CString str(password); if (salt) tox_pass_key_derive_with_salt(encryptionKey.get(), str.data(), str.size(), salt, nullptr); else tox_pass_key_derive(encryptionKey.get(), str.data(), str.size(), nullptr); return encryptionKey; }