From bbab440e198a4d67ba78591176c7853e62d29e04 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Thu, 26 Dec 2019 18:05:21 +0100
Subject: [PATCH] internal/age: add a label to the scrypt salt

This way every recipient is labeled with the version.

-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBSbmw2ellyQ1VFK25rVkwx
TkF0SklnIDE4CjlZL2RKb2FOcjFrM0MwSVZqS1BzMUFLeVF5Y1RaMEwvQlRLMWwv
Q0xJbEEKLS0tIEJ1STZCbFh5Vjdsam5nSEFGTVZUY1BxcVVIek04ZUVrOGR4L3ph
NkYzS28KucY25ejFefMDMtKvsAEofDQLsYF41NPrSPITpoxuVWMMZ1ldm+lDh09q
RzCIZAhLN8jaqdeVdCEutqiniJ/9qv4=
-----END AGE ENCRYPTED FILE-----

Password: lies
---
 internal/age/scrypt.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/age/scrypt.go b/internal/age/scrypt.go
index 41ac483e..89789b4a 100644
--- a/internal/age/scrypt.go
+++ b/internal/age/scrypt.go
@@ -17,6 +17,8 @@ import (
 	"golang.org/x/crypto/scrypt"
 )
 
+const scryptLabel = "age-encryption.org/v1/scrypt"
+
 type ScryptRecipient struct {
 	password   []byte
 	workFactor int
@@ -59,6 +61,7 @@ func (r *ScryptRecipient) Wrap(fileKey []byte) (*format.Recipient, error) {
 		Args: []string{format.EncodeToString(salt), strconv.Itoa(logN)},
 	}
 
+	salt = append([]byte(scryptLabel), salt...)
 	k, err := scrypt.Key(r.password, salt, 1<<logN, 8, 1, chacha20poly1305.KeySize)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate scrypt hash: %v", err)
@@ -127,6 +130,7 @@ func (i *ScryptIdentity) Unwrap(block *format.Recipient) ([]byte, error) {
 		return nil, fmt.Errorf("invalid scrypt work factor: %v", logN)
 	}
 
+	salt = append([]byte(scryptLabel), salt...)
 	k, err := scrypt.Key(i.password, salt, 1<<logN, 8, 1, chacha20poly1305.KeySize)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate scrypt hash: %v", err)