aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bhash/bhash.go10
-rw-r--r--keys.go12
-rw-r--r--keys_test.go7
3 files changed, 20 insertions, 9 deletions
diff --git a/bhash/bhash.go b/bhash/bhash.go
index bc4bfe8..307d31d 100644
--- a/bhash/bhash.go
+++ b/bhash/bhash.go
@@ -49,7 +49,7 @@ func Pbkdf(pass, salt []byte, iter, keyLen int) []byte {
numBlocks := (keyLen + hashLen - 1) / hashLen
out := make([]byte, hashLen)
- buf := new(bytes.Buffer)
+ key := make([]byte, hashLen*numBlocks)
for n := 1; n <= numBlocks; n++ {
// first round, salt is salt
@@ -67,7 +67,11 @@ func Pbkdf(pass, salt []byte, iter, keyLen int) []byte {
out[x] ^= tmp[x]
}
}
- buf.Write(out)
+ // pbkdf2 deviation: output the key material non-linearly
+ for x := range out {
+ dst := x*numBlocks + (n - 1)
+ key[dst] = out[x]
+ }
}
- return buf.Bytes()[:keyLen]
+ return key[:keyLen]
}
diff --git a/keys.go b/keys.go
index 0fcfee9..0248a4b 100644
--- a/keys.go
+++ b/keys.go
@@ -4,6 +4,8 @@ import (
"bytes"
"crypto/sha512"
+ "dim13.org/signify/bhash"
+
"golang.org/x/crypto/ed25519"
)
@@ -43,7 +45,13 @@ func xor(text, key []byte) {
}
}
-func (v *EncKey) IsValid() bool {
+func (v *EncKey) IsValid(pass []byte) bool {
+ if v.KDFRounds > 0 {
+ key := bhash.Pbkdf(pass, v.Salt[:], int(v.KDFRounds), len(v.SecKey))
+ for x := range key {
+ v.SecKey[x] ^= key[x]
+ }
+ }
sum := sha512.Sum512(v.SecKey[:])
- return bytes.Equal(sum[:8], v.Checksum[:])
+ return bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:])
}
diff --git a/keys_test.go b/keys_test.go
index 02a0a6b..7c02b8f 100644
--- a/keys_test.go
+++ b/keys_test.go
@@ -36,7 +36,7 @@ func TestUnmarshalEnc(t *testing.T) {
t.Errorf("want %v, got %v", b64enc, out)
}
t.Logf("%+v", v)
- if !v.IsValid() {
+ if !v.IsValid(nil) {
t.Error("invalid")
}
}
@@ -50,9 +50,8 @@ func TestUnmarshalKDF(t *testing.T) {
t.Errorf("want %v, got %v", b64enc, out)
}
t.Logf("%+v", v)
- /* FIXME KDF missing
- if !v.IsValid() {
+ if !v.IsValid([]byte("test")) {
+ t.Logf("%+v", v)
t.Error("invalid")
}
- */
}