fotonmoton/ssl_des
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all flags works for encrypting in ecb mode

Browse source
This commit is contained in:
Gregory 2019-04-07 20:28:56 +03:00
parent b807f0a3bb
commit a5b4066b3f
7 changed files with 120 additions and 127 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Makefile
View file

@ -140,7 +140,7 @@ DES_SRC = ft_des_initial_permutation.c \
ft_des_generate_decryption_round_keys.c \ ft_des_generate_decryption_round_keys.c \
ft_des_ecb.c \ ft_des_ecb.c \
ft_des_init_ctx.c \ ft_des_init_ctx.c \
ft_des_derive_key.c \ ft_des_encryption_key_routine.c \
ft_des_print_error.c \ ft_des_print_error.c \
ft_des_arg_parsers.c \ ft_des_arg_parsers.c \
ft_des_ecb_encrypt.c \ ft_des_ecb_encrypt.c \
@ -277,6 +277,7 @@ clean:
fclean: clean fclean: clean
rm -f $(NAME) rm -f $(NAME)
rm -f $(TEST_BIN) rm -f $(TEST_BIN)
rm -rf $(OPENSSL_BLD)
$(MAKE) -C $(LIBFT_DIR) fclean $(MAKE) -C $(LIBFT_DIR) fclean
re: fclean all re: fclean all

4
inc/ft_des.h
View file

@ -41,8 +41,8 @@ typedef struct s_des_ctx
int b64; int b64;
int readed; int readed;
t_byte1 buffer[FT_DES_BYTE_BLOCK_SIZE]; t_byte1 buffer[FT_DES_BYTE_BLOCK_SIZE];
t_byte1 salt[FT_DES_BYTE_BLOCK_SIZE];
t_byte1 key[FT_DES_INITIAL_KEY_SIZE]; t_byte1 key[FT_DES_INITIAL_KEY_SIZE];
t_byte1 salt[FT_DES_BIT_BLOCK_SIZE];
t_byte1 iv[FT_DES_BIT_BLOCK_SIZE]; t_byte1 iv[FT_DES_BIT_BLOCK_SIZE];
t_byte1 round_keys[FT_DES_ROUND_COUNT] t_byte1 round_keys[FT_DES_ROUND_COUNT]
[FT_DES_ROUND_KEY_SIZE]; [FT_DES_ROUND_KEY_SIZE];
@ -364,7 +364,7 @@ void ft_des_byte_to_bits
t_byte8 bits_len t_byte8 bits_len
); );
void ft_des_derive_key void ft_des_encryption_key_routine
( (
t_des_ctx *ctx t_des_ctx *ctx
); );

24
openssl_cases.txt
View file

@ -1,33 +1,37 @@
// ENCRYPTING // ENCRYPTING
1. "openssl des-ecb -S a" "openssl des-ecb"
prompts to enter password, generate key with given pass and salt, prompts to enter password, derive key with generated salt and pass,
prepend salt header. prepend salt header.
2. "openssl des-ecb -pass pass:asd" "openssl des-ecb -S a"
prompts to enter password, derive key with given salt and generated pass,
prepend salt header.
"openssl des-ecb -pass pass:asd"
generate salt and key, prepend salt header. generate salt and key, prepend salt header.
3. "openssl des-ecb -S a -pass:asd" "openssl des-ecb -S a -pass:asd"
generate key from givent salt and pass, prepend header. generate key from givent salt and pass, prepend header.
4. "openssl des-ecb -S a -pass:asd -K 1" "openssl des-ecb -S a -pass:asd -K 1"
encrypt with GIVEN key, prepend GIVEN salt headaer. encrypt with GIVEN key, prepend GIVEN salt headaer.
5. "openssl des-ecb -K 1" "openssl des-ecb -K 1"
encrypt with given key, doesn't generate and prepend salt. encrypt with given key, doesn't generate and prepend salt.
6. "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2" "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2"
generate key using PKCS5_PBKDF2_HMAC with 10000 iteration, generate key using PKCS5_PBKDF2_HMAC with 10000 iteration,
8 byte salt, 3 byte key, sha256 hash function, prepend salt header. 8 byte salt, 3 byte key, sha256 hash function, prepend salt header.
// DECRYPTING // DECRYPTING
7. "echo -n Salted__ | openssl des-ecb -d" "echo -n Salted__ | openssl des-ecb -d"
prompts to enter password, generate key but fails to decode. prompts to enter password, generate key but fails to decode.
8. "echo -n Salted__aaaaaaaa | openssl des-ecb -d" "echo -n Salted__aaaaaaaa | openssl des-ecb -d"
prompts to enter password, generate key but fails to validate padding. prompts to enter password, generate key but fails to validate padding.
9. openssl doesn't expect "Salted__" header only when -K or -S flag supplied openssl doesn't expect "Salted__" header only when -K or -S flag supplied
(or both simultaneously, in this case salt is discarded), (or both simultaneously, in this case salt is discarded),
in any other case salt should be readed from message. in any other case salt should be readed from message.

113
src/des/ft_des_derive_key.c
View file

@ -1,113 +0,0 @@
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include "ft_des.h"
#include "ft_pbkdf2.h"
#include "libft.h"
static void get_pass
(
char pass[128]
)
{
char *first_try[128];
char *second_try[128];
ft_bzero(first_try, 128);
ft_bzero(second_try, 128);
ft_strcpy((char *)first_try, getpass("enter password:"));
ft_strcpy((char *)second_try, getpass("retype password:"));
if (ft_strcmp((const char *)first_try, (const char *)second_try) != 0)
ft_des_print_error("passwords doesn't match");
ft_strcpy(pass, (const char *)first_try);
}
static void generate_salt
(
char salt[FT_DES_BYTE_BLOCK_SIZE]
)
{
int fd;
fd = open("/dev/random", O_RDONLY);
if (fd == -1)
{
perror("des");
exit(1);
}
read(fd, salt, FT_DES_BYTE_BLOCK_SIZE);
}
static void no_arguments
(
t_des_ctx *ctx,
t_pbkdf2_sha256_ctx *pbkdf_ctx
)
{
char pass[128];
char salt[FT_DES_BYTE_BLOCK_SIZE];
t_byte1 key[FT_DES_BYTE_BLOCK_SIZE];
get_pass(pass);
generate_salt(salt);
pbkdf_ctx->iterations = 10000;
pbkdf_ctx->key = key;
pbkdf_ctx->salt_len = FT_DES_BYTE_BLOCK_SIZE;
pbkdf_ctx->pass = (t_byte1 *)pass;
pbkdf_ctx->salt = (t_byte1 *)salt;
pbkdf_ctx->pass_len = ft_strlen((char *)pass);
pbkdf_ctx->key_len = FT_DES_BYTE_BLOCK_SIZE;
ft_pbkdf2_sha256(pbkdf_ctx);
ft_des_byte_to_bits(key, FT_DES_BYTE_BLOCK_SIZE, ctx->key,
FT_DES_INITIAL_KEY_SIZE);
write(ctx->output_fd, "Salted__", 8);
write(ctx->output_fd, salt, FT_DES_BYTE_BLOCK_SIZE);
}
void ft_des_derive_key
(
t_des_ctx *ctx
)
{
t_pbkdf2_sha256_ctx pbkdf_ctx;
t_byte1 key[FT_DES_BYTE_BLOCK_SIZE];
if (!ctx->raw_key && !ctx->raw_salt && !ctx->raw_password)
{
no_arguments(ctx, &pbkdf_ctx);
return ;
}
if (ctx->raw_key)
{
if (ft_des_hex_to_bit(ctx->raw_key, ctx->key, FT_DES_BIT_BLOCK_SIZE))
ft_des_print_error("wrong char in key");
return ;
}
// if (ctx->decode)
// {
// readed = read(ctx->input_fd, buffer, FT_DES_BYTE_BLOCK_SIZE);
// if (readed != FT_DES_BYTE_BLOCK_SIZE)
// ft_des_print_error("wrong input");
// if (ft_strcmp("Salted__", buffer) == 0)
// {
// readed = read(ctx->input_fd, buffer, FT_DES_BYTE_BLOCK_SIZE);
// if (readed != FT_DES_BYTE_BLOCK_SIZE)
// ft_des_print_error("wrong salt");
// pbkdf_ctx.salt = buffer;
// }
// else
// ft_des_pr
// }
pbkdf_ctx.iterations = 10000;
pbkdf_ctx.key = key;
pbkdf_ctx.salt_len = FT_DES_BYTE_BLOCK_SIZE;
pbkdf_ctx.pass = (t_byte1 *)ctx->raw_password;
pbkdf_ctx.salt = ctx->salt;
pbkdf_ctx.pass_len = ft_strlen((char *)ctx->raw_password);
pbkdf_ctx.key_len = FT_DES_BYTE_BLOCK_SIZE;
ft_pbkdf2_sha256(&pbkdf_ctx);
ft_des_byte_to_bits(key, FT_DES_BYTE_BLOCK_SIZE, ctx->key,
FT_DES_INITIAL_KEY_SIZE);
}

2
src/des/ft_des_ecb.c
View file

@ -78,7 +78,6 @@ void ft_des_ecb
ft_des_init_ctx(&ctx); ft_des_init_ctx(&ctx);
parse_args(argc, argv, &ctx); parse_args(argc, argv, &ctx);
ft_des_derive_key(&ctx);
if (ctx.decode) if (ctx.decode)
{ {
if (ctx.b64) if (ctx.b64)
@ -88,6 +87,7 @@ void ft_des_ecb
} }
else else
{ {
ft_des_encryption_key_routine(&ctx);
if (ctx.b64) if (ctx.b64)
ft_des_ecb_encrypt_b64(&ctx); ft_des_ecb_encrypt_b64(&ctx);
else else

5
src/des/ft_des_ecb_encrypt.c
View file

@ -11,6 +11,11 @@ void ft_des_ecb_encrypt
t_byte8 readed; t_byte8 readed;
ft_des_generate_encryption_round_keys(ctx->key, ctx->round_keys); ft_des_generate_encryption_round_keys(ctx->key, ctx->round_keys);
if (ctx->raw_password)
{
write(ctx->output_fd, "Salted__", 8);
write(ctx->output_fd, ctx->salt, FT_DES_BYTE_BLOCK_SIZE);
}
while((readed = read(ctx->input_fd, buffer, FT_DES_READ_SIZE)) > 0) while((readed = read(ctx->input_fd, buffer, FT_DES_READ_SIZE)) > 0)
ft_des_ecb_encode_process_chunk(ctx, readed, buffer); ft_des_ecb_encode_process_chunk(ctx, readed, buffer);
ft_des_ecb_finish_encrypt(ctx); ft_des_ecb_finish_encrypt(ctx);

96
src/des/ft_des_encryption_key_routine.c Normal file
View file

@ -0,0 +1,96 @@
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include "ft_des.h"
#include "ft_pbkdf2.h"
#include "libft.h"
static void derive_key
(
t_des_ctx *ctx
)
{
t_pbkdf2_sha256_ctx pbkdf_ctx;
t_byte1 byte_key[FT_DES_BYTE_BLOCK_SIZE];
pbkdf_ctx.iterations = 10000;
pbkdf_ctx.key = byte_key;
pbkdf_ctx.salt_len = FT_DES_BYTE_BLOCK_SIZE;
pbkdf_ctx.key_len = FT_DES_BYTE_BLOCK_SIZE;
pbkdf_ctx.pass_len = ft_strlen((char *)ctx->raw_password);
pbkdf_ctx.pass = (t_byte1 *)ctx->raw_password;
pbkdf_ctx.salt = (t_byte1 *)ctx->salt;
ft_pbkdf2_sha256(&pbkdf_ctx);
ft_des_byte_to_bits(byte_key, FT_DES_BYTE_BLOCK_SIZE, ctx->key,
FT_DES_INITIAL_KEY_SIZE);
}
static void get_pass
(
char pass[128]
)
{
char *first_try[128];
char *second_try[128];
ft_bzero(first_try, 128);
ft_bzero(second_try, 128);
ft_strcpy((char *)first_try, getpass("enter password:"));
if (!ft_strlen((const char *)first_try))
exit(1);
ft_strcpy((char *)second_try, getpass("retype password:"));
if (ft_strcmp((const char *)first_try, (const char *)second_try) != 0)
ft_des_print_error("passwords doesn't match");
ft_strcpy(pass, (const char *)first_try);
}
static void get_salt
(
char salt[FT_DES_BYTE_BLOCK_SIZE]
)
{
int fd;
fd = open("/dev/random", O_RDONLY);
if (fd == -1)
{
perror("des");
exit(1);
}
read(fd, salt, FT_DES_BYTE_BLOCK_SIZE);
}
static void get_key
(
t_des_ctx *ctx
)
{
const char *wrong_char;
wrong_char = ft_des_hex_to_bit(ctx->raw_key, ctx->key,
FT_DES_INITIAL_KEY_SIZE);
if (wrong_char)
ft_des_print_error("wrong char in hex key");
}
void ft_des_encryption_key_routine
(
t_des_ctx *ctx
)
{
char pass[128];
if (ctx->raw_key)
{
get_key(ctx);
return ;
}
if (!ctx->raw_password)
{
get_pass(pass);
ctx->raw_password = pass;
}
if (!ctx->raw_salt)
get_salt((char *)ctx->salt);
derive_key(ctx);
}