59 #if defined(__linux__)
62 # include <sys/ioctl.h>
63 # include <linux/random.h>
72 #if SODIUM_VERSION_INT >= 90200
77 g_info(
"Generating passphrase (may take a while)...");
79 unsigned char salt[crypto_pwhash_SALTBYTES] = { 0 };
80 randombytes_buf(salt,
sizeof salt);
82 unsigned long long opslimit;
87 opslimit = crypto_pwhash_OPSLIMIT_MODERATE;
88 memlimit = crypto_pwhash_MEMLIMIT_MODERATE;
91 opslimit = crypto_pwhash_OPSLIMIT_SENSITIVE;
92 memlimit = crypto_pwhash_MEMLIMIT_SENSITIVE;
98 opslimit = crypto_pwhash_OPSLIMIT_INTERACTIVE;
99 memlimit = crypto_pwhash_MEMLIMIT_INTERACTIVE;
104 unsigned char key[crypto_secretbox_KEYBYTES];
105 if (crypto_pwhash(key,
sizeof key, pass, strlen(pass), salt,
108 crypto_pwhash_ALG_DEFAULT) != 0) {
109 g_error(
"%s - Out of memory!", __func__);
113 g_info(
"%s - Password hashed", __func__);
114 return g_strdup((
const char *)key);
119 TRACE_CALL(__func__);
120 g_info(
"Generating passphrase (may take a while)...");
122 unsigned char salt[crypto_pwhash_SALTBYTES] = { 0 };
123 randombytes_buf(salt,
sizeof salt);
125 unsigned long long opslimit;
130 opslimit = crypto_pwhash_OPSLIMIT_MODERATE;
131 memlimit = crypto_pwhash_MEMLIMIT_MODERATE;
134 opslimit = crypto_pwhash_OPSLIMIT_SENSITIVE;
135 memlimit = crypto_pwhash_MEMLIMIT_SENSITIVE;
141 opslimit = crypto_pwhash_OPSLIMIT_INTERACTIVE;
142 memlimit = crypto_pwhash_MEMLIMIT_INTERACTIVE;
147 char key[crypto_pwhash_STRBYTES];
148 if (crypto_pwhash_str(key, pass, strlen(pass),
151 g_error(
"%s - Out of memory!", __func__);
155 g_info(
"%s - Password hashed", __func__);
156 return g_strdup((
const char *)key);
161 TRACE_CALL(__func__);
165 rc = crypto_pwhash_str_verify(key, pass, strlen(pass));
172 TRACE_CALL(__func__);
173 #if defined(__linux__) && defined(RNDGETENTCNT)
177 if ((fd = open(
"/dev/random", O_RDONLY)) != -1) {
178 if (ioctl(fd, RNDGETENTCNT, &c) == 0 && c < 160) {
179 g_printerr(
"This system doesn't provide enough entropy to quickly generate high-quality random numbers.\n"
180 "Installing the rng-utils/rng-tools, jitterentropy or haveged packages may help.\n"
181 "On virtualized Linux environments, also consider using virtio-rng.\n"
182 "The service will not start until enough entropy has been collected.\n");
188 if (sodium_init() < 0)
189 g_critical(
"%s - Failed to initialize sodium, it is not safe to use", __func__);
@ RM_ENC_MODE_SODIUM_SENSITIVE
@ RM_ENC_MODE_SODIUM_INTERACTIVE
@ RM_ENC_MODE_SODIUM_MODERATE
void remmina_sodium_init(void)
gchar * remmina_sodium_pwhash_str(const gchar *pass)
gint remmina_sodium_pwhash_str_verify(const char *key, const char *pass)
gchar * remmina_sodium_pwhash(const gchar *pass)