pdb

Simple password manager
Log | Files | Refs

commit 5ac870563af585f4bd1a44a2451e39e32d456c10
parent c02fbfb5d004b76dabf0e607abd8e5f1721d6ac4
Author: Michael Savage <mikejsavage@gmail.com>
Date:   Tue, 31 Dec 2013 22:43:47 +0000

Let's use an HMAC to stop people from tampering with our DB

Diffstat:
pdb | 18+++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/pdb b/pdb @@ -7,8 +7,14 @@ local json = require( "cjson.safe" ) -- config local Cipher = "aes-256-ctr" +local Hash = "sha256" +local HMAC = "sha256" + local KeyLength = 32 local IVLength = 16 +local HMACLength = 32 + +local SplitCipherTextPattern = "^(" .. string.rep( ".", IVLength ) .. ")(.+)(" .. string.rep( ".", HMACLength ) .. ")$" -- consts local Help = @@ -64,8 +70,11 @@ local function loadDB( key ) local contents = assert( file:read( "*all" ) ) assert( file:close() ) - local iv, c = contents:match( "^(" .. string.rep( ".", IVLength ) .. ")(.+)$" ) - assert( iv, "Corrupt DB." ) + local iv, c, hmac = contents:match( SplitCipherTextPattern ) + assert( iv, "Corrupt DB" ) + + local key2 = crypto.digest( Hash, key ) + assert( hmac == crypto.hmac.digest( HMAC, c, key2, true ), "Corrupt DB" ) local m = crypto.decrypt( Cipher, c, key, iv ) @@ -78,8 +87,11 @@ local function writeDB( db, key ) local m = assert( json.encode( db ) ) local c = crypto.encrypt( Cipher, m, key, iv ) + local key2 = crypto.digest( Hash, key ) + local hmac = crypto.hmac.digest( HMAC, c, key2, true ) + local file = assert( io.open( paths.db, "w" ) ) - assert( file:write( iv .. c ) ) + assert( file:write( iv .. c .. hmac ) ) assert( file:close() ) end