From d59fceb5b221ab5c88979885a4fa40670a8596c6 Mon Sep 17 00:00:00 2001
From: Daniel Lyubomirov <daniel.lyubomirov@vereign.com>
Date: Mon, 29 Jun 2020 10:46:40 +0300
Subject: [PATCH] [17] Crypto configuration tuning

---
 cpp/src/csandbox.cc                                   | 11 +++--------
 cpp/src/vereign/kvstore/detail/base_crypto_storage.cc |  2 +-
 .../vereign/kvstore/detail/linux_crypto_storage.cc    |  8 +++++---
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/cpp/src/csandbox.cc b/cpp/src/csandbox.cc
index 25de708..b6101f9 100644
--- a/cpp/src/csandbox.cc
+++ b/cpp/src/csandbox.cc
@@ -1,7 +1,10 @@
+#include "vereign/crypto/rand.hh"
 #include "vereign/kvstore/sqlite_storage.hh"
 #include <boost/core/ignore_unused.hpp>
 #include <iostream>
 #include <boost/filesystem.hpp>
+#include <openssl/digest.h>
+#include <openssl/evp.h>
 #include <vereign/core/string.hh>
 
 #include <vereign/bytes/view.hh>
@@ -17,13 +20,5 @@ auto main(int argc, char** argv) -> int {
   boost::ignore_unused(argc);
   boost::ignore_unused(argv);
 
-  auto dir = fs::TempDir("trtr_");
-  auto rm = fs::RemoveAllGuard{dir};
-  std::cout << dir << std::endl;
-
-  std::ofstream f{fs::path::Join(dir, "hello")};
-  f << "ops";
-  f.close();
-
   return 0;
 }
diff --git a/cpp/src/vereign/kvstore/detail/base_crypto_storage.cc b/cpp/src/vereign/kvstore/detail/base_crypto_storage.cc
index d2278a6..940ccb5 100644
--- a/cpp/src/vereign/kvstore/detail/base_crypto_storage.cc
+++ b/cpp/src/vereign/kvstore/detail/base_crypto_storage.cc
@@ -17,7 +17,7 @@
 namespace {
 
   // FIXME: should these be injected and provided by the integrator
-  constexpr int tagSizeBytes = 64;
+  constexpr int tagSizeBytes = 16;
   constexpr int lockRetryCount = 10;
   constexpr auto lockRetrySleep = std::chrono::milliseconds{1000};
 }
diff --git a/cpp/src/vereign/kvstore/detail/linux_crypto_storage.cc b/cpp/src/vereign/kvstore/detail/linux_crypto_storage.cc
index 0d420f0..03a6c26 100644
--- a/cpp/src/vereign/kvstore/detail/linux_crypto_storage.cc
+++ b/cpp/src/vereign/kvstore/detail/linux_crypto_storage.cc
@@ -17,7 +17,7 @@
 namespace {
   // FIXME: should these be injected and provided by the integrator
   constexpr int iterations = 1 << 18;
-  constexpr int saltSizeBytes = 64;
+  constexpr int saltSizeBytes = 16;
   constexpr int aesKeySizeBytes = 32;
 
   constexpr int lockRetryCount = 10;
@@ -44,12 +44,13 @@ void CryptoStorageImpl::Open(const std::string& pin) {
 
   bytes::Buffer key{aesKeySizeBytes};
 
-  int result = PKCS5_PBKDF2_HMAC_SHA1(
+  int result = PKCS5_PBKDF2_HMAC(
     pin.data(),
     pin.length(),
     salt.View().Data(),
     salt.View().Size(),
     iterations,
+    EVP_sha256(),
     key.FreeCap(),
     key.end()
   );
@@ -70,12 +71,13 @@ void CryptoStorageImpl::Reset(const std::string& pin) {
 
   bytes::Buffer key{aesKeySizeBytes};
 
-  int result = PKCS5_PBKDF2_HMAC_SHA1(
+  int result = PKCS5_PBKDF2_HMAC(
     pin.data(),
     pin.length(),
     salt.View().Data(),
     salt.View().Size(),
     iterations,
+    EVP_sha256(),
     key.FreeCap(),
     key.end()
   );
-- 
GitLab