forked from entailz/toes
cabddb26e6
New [key-bindings]:
- session-save: captures cwd and foreground process argv to ~/.local/share/foot/state/{name}.json
- session-save-secure: prompts for a password, encrypts the scrollback with argon2id + XChaCha20-Poly1305 (libsodium) and writes it to {name}.scrollback.enc(stores up to 1Mb scrollback buffer).
- session-load: a minimal fuzzy picker that displays saved sessions (both secure and vanilla), UI piggybacks on search bar subsurface. use arrows to navigate and delete to delete a previously saved session.
39 lines
1.3 KiB
C
39 lines
1.3 KiB
C
#pragma once
|
|
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
|
|
/*
|
|
* Encrypt and decrypt session scrollback with a password.
|
|
*
|
|
* File format (binary):
|
|
* [magic : 10 bytes "FOOT-ENC1\0"]
|
|
* [salt : crypto_pwhash_SALTBYTES (16)]
|
|
* [nonce : crypto_aead_xchacha20poly1305_ietf_NPUBBYTES (24)]
|
|
* [ciphertext : plaintext_len + crypto_aead_xchacha20poly1305_ietf_ABYTES (16)]
|
|
*
|
|
* KDF: argon2id at INTERACTIVE ops/mem limits (≈100ms on modern hardware).
|
|
* AEAD: XChaCha20-Poly1305 (authenticates the magic+salt+nonce as AAD).
|
|
*/
|
|
|
|
bool session_crypto_init(void);
|
|
|
|
/*
|
|
* Encrypts plaintext with the given password. Allocates and returns a buffer
|
|
* in *out (caller frees); *out_len receives its size. Returns true on success.
|
|
*/
|
|
bool session_crypto_encrypt(
|
|
const char *password,
|
|
const unsigned char *plaintext, size_t plaintext_len,
|
|
unsigned char **out, size_t *out_len);
|
|
|
|
/*
|
|
* Decrypts an encrypted blob (as produced by session_crypto_encrypt) with
|
|
* the given password. Allocates *out (caller frees) on success. Returns
|
|
* false on bad magic, truncated file, or authentication failure (wrong
|
|
* password / corrupted file).
|
|
*/
|
|
bool session_crypto_decrypt(
|
|
const char *password,
|
|
const unsigned char *blob, size_t blob_len,
|
|
unsigned char **out, size_t *out_len);
|