aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ask.go5
-rw-r--r--cmd/signify/main.go30
-rw-r--r--keys.go20
-rw-r--r--keys_test.go2
4 files changed, 24 insertions, 33 deletions
diff --git a/ask.go b/ask.go
index 2215877..ce0bf91 100644
--- a/ask.go
+++ b/ask.go
@@ -12,7 +12,10 @@ var (
ErrNoMatch = errors.New("passwords don't match")
)
-func AskPassword(confirm bool) (string, error) {
+func AskConfirmed() (string, error) { return askPassword(true) }
+func AskPassword() (string, error) { return askPassword(false) }
+
+func askPassword(confirm bool) (string, error) {
f := os.Stdin
fd := f.Fd()
diff --git a/cmd/signify/main.go b/cmd/signify/main.go
index 6ec787b..407609a 100644
--- a/cmd/signify/main.go
+++ b/cmd/signify/main.go
@@ -45,11 +45,7 @@ func main() {
switch {
case *generate:
- rounds := signify.DefaultRounds
- if *nopass {
- rounds = 0
- }
- if err := Generate(*pub, *sec, *comment, rounds); err != nil {
+ if err := Generate(*pub, *sec, *comment, *nopass); err != nil {
log.Fatal(err)
}
case *sign:
@@ -65,22 +61,20 @@ func main() {
}
}
-func Generate(pubFile, secFile, comment string, rounds int) error {
+func Generate(pubFile, secFile, comment string, nopass bool) error {
if !NamingScheme(pubFile, secFile) {
return ErrNamingScheme
}
+
pubKey, encKey, err := signify.NewKey()
if err != nil {
return err
}
- if rounds > 0 {
- pass, err := signify.AskPassword(true)
- if err != nil {
- return err
- }
- encKey.Kdf(pass, rounds)
+ if nopass {
+ encKey.KDFRounds = 0
}
+ encKey.Kdf(signify.AskConfirmed)
encRaw, err := signify.Marshal(encKey)
if err != nil {
@@ -110,7 +104,7 @@ func Generate(pubFile, secFile, comment string, rounds int) error {
return nil
}
-func OpenSec(fname string) (*signify.EncKey, error) {
+func OpenEnc(fname string) (*signify.EncKey, error) {
f, err := signify.ParseFile(fname)
if err != nil {
return nil, err
@@ -119,13 +113,7 @@ func OpenSec(fname string) (*signify.EncKey, error) {
if err := signify.Unmarshal(f.RawKey, encKey); err != nil {
return nil, err
}
- if rounds := encKey.Rounds(); rounds > 0 {
- pass, err := signify.AskPassword(false)
- if err != nil {
- return nil, err
- }
- encKey.Kdf(pass, rounds)
- }
+ encKey.Kdf(signify.AskPassword)
if err := encKey.Check(); err != nil {
return nil, err
}
@@ -170,7 +158,7 @@ func OpenSig(fname string) (*signify.Sig, []byte, error) {
}
func Sign(msgFile, secFile string, embed bool) error {
- encKey, err := OpenSec(secFile)
+ encKey, err := OpenEnc(secFile)
if err != nil {
return err
}
diff --git a/keys.go b/keys.go
index dae2661..f299a64 100644
--- a/keys.go
+++ b/keys.go
@@ -94,19 +94,19 @@ func (v *EncKey) Check() error {
return nil
}
-func (e *EncKey) Kdf(pass string, rounds int) {
- if rounds == 0 {
- return
+func (e *EncKey) Kdf(ask func() (string, error)) error {
+ if e.KDFRounds == 0 {
+ return nil
}
- xorkey := bhash.Pbkdf([]byte(pass), e.Salt[:], rounds, len(e.SecKey))
+ pass, err := ask()
+ if err != nil {
+ return err
+ }
+ xorkey := bhash.Pbkdf([]byte(pass), e.Salt[:], int(e.KDFRounds), len(e.SecKey))
for i := range xorkey {
e.SecKey[i] ^= xorkey[i]
}
- e.KDFRounds = uint32(rounds)
-}
-
-func (e *EncKey) Rounds() int {
- return int(e.KDFRounds)
+ return nil
}
func Unmarshal(b []byte, v interface{}) error {
@@ -132,7 +132,7 @@ func NewKey() (PubKey, EncKey, error) {
}
pubKey := PubKey{PKAlg: pkAlg}
- encKey := EncKey{PKAlg: pkAlg, KDFAlg: kdfAlg}
+ encKey := EncKey{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds}
copy(pubKey.PubKey[:], pub)
copy(encKey.SecKey[:], sec)
diff --git a/keys_test.go b/keys_test.go
index 15de7c5..675ceee 100644
--- a/keys_test.go
+++ b/keys_test.go
@@ -63,7 +63,7 @@ func TestUnmarshalKDF(t *testing.T) {
if !bytes.Equal(raw, out) {
t.Errorf("want %v, got %v", raw, out)
}
- v.Kdf("test", DefaultRounds)
+ v.Kdf(func() (string, error) { return "test", nil })
if err := v.Check(); err != nil {
t.Error(err)
}