From b807f0a3bb80b41c939f6e14c2a42455ddaf0b5c Mon Sep 17 00:00:00 2001 From: Gregory Date: Sat, 6 Apr 2019 21:25:04 +0300 Subject: [PATCH] add salt header --- openssl_cases.txt | 24 +++++++------ src/des/ft_des_derive_key.c | 68 +++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 10 deletions(-) diff --git a/openssl_cases.txt b/openssl_cases.txt index 67af1a06..b4024ca9 100644 --- a/openssl_cases.txt +++ b/openssl_cases.txt @@ -1,29 +1,33 @@ // ENCRYPTING -1. "openssl des-ecb -S a" +1. "openssl des-ecb -S a" prompts to enter password, generate key with given pass and salt, prepend salt header. -2. "openssl des-ecb -pass pass:asd" +2. "openssl des-ecb -pass pass:asd" generate salt and key, prepend salt header. -3. "openssl des-ecb -S a -pass:asd" +3. "openssl des-ecb -S a -pass:asd" generate key from givent salt and pass, prepend header. -4. "openssl des-ecb -S a -pass:asd -K 1" - encrypt with GIVEN key, prepend GIVEN salt hedaer. +4. "openssl des-ecb -S a -pass:asd -K 1" + encrypt with GIVEN key, prepend GIVEN salt headaer. -5. "openssl des-ecb -K 1" +5. "openssl des-ecb -K 1" encrypt with given key, doesn't generate and prepend salt. -6. "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2" +6. "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2" generate key using PKCS5_PBKDF2_HMAC with 10000 iteration, - 8 byte salt, 3 byte key, sha256 hash function + 8 byte salt, 3 byte key, sha256 hash function, prepend salt header. // DECRYPTING -7. "echo -n Salted__ | openssl des-ecb -d" +7. "echo -n Salted__ | openssl des-ecb -d" prompts to enter password, generate key but fails to decode. -8. "echo -n Salted__aaaaaaaa | openssl des-ecb -d" +8. "echo -n Salted__aaaaaaaa | openssl des-ecb -d" prompts to enter password, generate key but fails to validate padding. + +9. openssl doesn't expect "Salted__" header only when -K or -S flag supplied + (or both simultaneously, in this case salt is discarded), + in any other case salt should be readed from message. diff --git a/src/des/ft_des_derive_key.c b/src/des/ft_des_derive_key.c index 1fe40557..faf18a7c 100644 --- a/src/des/ft_des_derive_key.c +++ b/src/des/ft_des_derive_key.c @@ -1,8 +1,70 @@ +#include #include +#include #include "ft_des.h" #include "ft_pbkdf2.h" #include "libft.h" +static void get_pass +( + char pass[128] +) +{ + char *first_try[128]; + char *second_try[128]; + + ft_bzero(first_try, 128); + ft_bzero(second_try, 128); + ft_strcpy((char *)first_try, getpass("enter password:")); + ft_strcpy((char *)second_try, getpass("retype password:")); + if (ft_strcmp((const char *)first_try, (const char *)second_try) != 0) + ft_des_print_error("passwords doesn't match"); + ft_strcpy(pass, (const char *)first_try); +} + +static void generate_salt +( + char salt[FT_DES_BYTE_BLOCK_SIZE] +) +{ + int fd; + + fd = open("/dev/random", O_RDONLY); + if (fd == -1) + { + perror("des"); + exit(1); + } + read(fd, salt, FT_DES_BYTE_BLOCK_SIZE); +} + +static void no_arguments +( + t_des_ctx *ctx, + t_pbkdf2_sha256_ctx *pbkdf_ctx +) +{ + char pass[128]; + char salt[FT_DES_BYTE_BLOCK_SIZE]; + t_byte1 key[FT_DES_BYTE_BLOCK_SIZE]; + + get_pass(pass); + generate_salt(salt); + + pbkdf_ctx->iterations = 10000; + pbkdf_ctx->key = key; + pbkdf_ctx->salt_len = FT_DES_BYTE_BLOCK_SIZE; + pbkdf_ctx->pass = (t_byte1 *)pass; + pbkdf_ctx->salt = (t_byte1 *)salt; + pbkdf_ctx->pass_len = ft_strlen((char *)pass); + pbkdf_ctx->key_len = FT_DES_BYTE_BLOCK_SIZE; + ft_pbkdf2_sha256(pbkdf_ctx); + ft_des_byte_to_bits(key, FT_DES_BYTE_BLOCK_SIZE, ctx->key, + FT_DES_INITIAL_KEY_SIZE); + write(ctx->output_fd, "Salted__", 8); + write(ctx->output_fd, salt, FT_DES_BYTE_BLOCK_SIZE); +} + void ft_des_derive_key ( t_des_ctx *ctx @@ -11,6 +73,12 @@ void ft_des_derive_key t_pbkdf2_sha256_ctx pbkdf_ctx; t_byte1 key[FT_DES_BYTE_BLOCK_SIZE]; + if (!ctx->raw_key && !ctx->raw_salt && !ctx->raw_password) + { + no_arguments(ctx, &pbkdf_ctx); + return ; + } + if (ctx->raw_key) { if (ft_des_hex_to_bit(ctx->raw_key, ctx->key, FT_DES_BIT_BLOCK_SIZE))