aboutsummaryrefslogtreecommitdiff
path: root/CMakeLists.txt
diff options
context:
space:
mode:
authorXavier Del Campo Romero <xavi92@disroot.org>2025-10-08 13:50:52 +0200
committerXavier Del Campo Romero <xavi92@disroot.org>2025-10-08 22:55:44 +0200
commit10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b (patch)
tree3bb586177e375a6f7f91c0335876faefc28b805c /CMakeLists.txt
parent805630dbfcd409a5d49bc89102f4183b71f713f9 (diff)
downloadslcl-10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b.tar.gz
Replace OpenSSL with libsodium and argon2id
The SHA256-based password hashing algorithm used by slcl(1) and usergen(1) is considered insecure against several kinds of attacks, including brute force attacks. [1] Therefore, a stronger password hashing algorithm based on the Argon2id key derivation function is now used by default. While OpenSSL does support Argon2id, it is only supported by very recent versions [2], which are still not packaged by most distributions as of the time of this writing. [3] As an alternative to OpenSSL, libsodium [4] had several benefits: - It provides easy-to-use functions for password hashing, base64 encoding/decoding and other cryptographic primitives used by slcl(1) and usergen(1). - It is packaged by most distributions [5], and most often only the patch version differs, which ensures good compatibility across distributions. Unfortunately, and as opposed to OpenSSL, libsodium does not come with command-line tools. Therefore, usergen(1) had to be rewritten in C. In order to maintain backwards compatiblity with existing databases, slcl(1) and usergen(1) shall support the insecure, SHA256-based password hashing algorithm. However, Argon2id shall now be the default choice for usergen(1). [1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords [2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/ [3]: https://repology.org/project/openssl/versions [4]: https://www.libsodium.org/ [5]: https://repology.org/project/libsodium/versions
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r--CMakeLists.txt18
1 files changed, 8 insertions, 10 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4d234c3..c3e4ea1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,6 @@ cmake_minimum_required(VERSION 3.13)
project(slcl LANGUAGES C VERSION 0.2.0)
add_executable(${PROJECT_NAME}
auth.c
- base64.c
cftw.c
crealpath.c
hex.c
@@ -12,6 +11,10 @@ add_executable(${PROJECT_NAME}
style.c
zip.c
)
+add_executable(usergen
+ hex.c
+ usergen.c
+)
target_compile_options(${PROJECT_NAME} PRIVATE -Wall)
target_compile_definitions(${PROJECT_NAME} PRIVATE _FILE_OFFSET_BITS=64)
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_LIST_DIR}/cmake)
@@ -26,7 +29,7 @@ else()
endif()
find_package(cJSON 1.0 REQUIRED)
-find_package(OpenSSL 1.0 REQUIRED)
+find_package(libsodium 1.0.0 REQUIRED)
find_package(fdzipstream)
if(NOT fdzipstream_FOUND)
@@ -34,13 +37,8 @@ if(NOT fdzipstream_FOUND)
add_subdirectory(fdzipstream)
endif()
-target_link_libraries(${PROJECT_NAME} PRIVATE web dynstr cjson OpenSSL::SSL
+target_link_libraries(${PROJECT_NAME} PRIVATE web dynstr cjson libsodium
fdzipstream)
-install(TARGETS ${PROJECT_NAME})
-install(FILES usergen
- TYPE BIN
- PERMISSIONS
- OWNER_READ OWNER_WRITE OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
+target_link_libraries(usergen PRIVATE dynstr cjson libsodium)
+install(TARGETS ${PROJECT_NAME} usergen)
add_subdirectory(doc)