add salt header
This commit is contained in:
parent
41dcf6b7dd
commit
b807f0a3bb
2 changed files with 82 additions and 10 deletions
|
@ -1,29 +1,33 @@
|
|||
// ENCRYPTING
|
||||
|
||||
1. "openssl des-ecb -S a"
|
||||
1. "openssl des-ecb -S a"
|
||||
prompts to enter password, generate key with given pass and salt,
|
||||
prepend salt header.
|
||||
|
||||
2. "openssl des-ecb -pass pass:asd"
|
||||
2. "openssl des-ecb -pass pass:asd"
|
||||
generate salt and key, prepend salt header.
|
||||
|
||||
3. "openssl des-ecb -S a -pass:asd"
|
||||
3. "openssl des-ecb -S a -pass:asd"
|
||||
generate key from givent salt and pass, prepend header.
|
||||
|
||||
4. "openssl des-ecb -S a -pass:asd -K 1"
|
||||
encrypt with GIVEN key, prepend GIVEN salt hedaer.
|
||||
4. "openssl des-ecb -S a -pass:asd -K 1"
|
||||
encrypt with GIVEN key, prepend GIVEN salt headaer.
|
||||
|
||||
5. "openssl des-ecb -K 1"
|
||||
5. "openssl des-ecb -K 1"
|
||||
encrypt with given key, doesn't generate and prepend salt.
|
||||
|
||||
6. "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2"
|
||||
6. "openssl des-ecb -S 0 -pass pass:asd -P -pbkdf2"
|
||||
generate key using PKCS5_PBKDF2_HMAC with 10000 iteration,
|
||||
8 byte salt, 3 byte key, sha256 hash function
|
||||
8 byte salt, 3 byte key, sha256 hash function, prepend salt header.
|
||||
|
||||
// DECRYPTING
|
||||
|
||||
7. "echo -n Salted__ | openssl des-ecb -d"
|
||||
7. "echo -n Salted__ | openssl des-ecb -d"
|
||||
prompts to enter password, generate key but fails to decode.
|
||||
|
||||
8. "echo -n Salted__aaaaaaaa | openssl des-ecb -d"
|
||||
8. "echo -n Salted__aaaaaaaa | openssl des-ecb -d"
|
||||
prompts to enter password, generate key but fails to validate padding.
|
||||
|
||||
9. openssl doesn't expect "Salted__" header only when -K or -S flag supplied
|
||||
(or both simultaneously, in this case salt is discarded),
|
||||
in any other case salt should be readed from message.
|
||||
|
|
|
@ -1,8 +1,70 @@
|
|||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include "ft_des.h"
|
||||
#include "ft_pbkdf2.h"
|
||||
#include "libft.h"
|
||||
|
||||
static void get_pass
|
||||
(
|
||||
char pass[128]
|
||||
)
|
||||
{
|
||||
char *first_try[128];
|
||||
char *second_try[128];
|
||||
|
||||
ft_bzero(first_try, 128);
|
||||
ft_bzero(second_try, 128);
|
||||
ft_strcpy((char *)first_try, getpass("enter password:"));
|
||||
ft_strcpy((char *)second_try, getpass("retype password:"));
|
||||
if (ft_strcmp((const char *)first_try, (const char *)second_try) != 0)
|
||||
ft_des_print_error("passwords doesn't match");
|
||||
ft_strcpy(pass, (const char *)first_try);
|
||||
}
|
||||
|
||||
static void generate_salt
|
||||
(
|
||||
char salt[FT_DES_BYTE_BLOCK_SIZE]
|
||||
)
|
||||
{
|
||||
int fd;
|
||||
|
||||
fd = open("/dev/random", O_RDONLY);
|
||||
if (fd == -1)
|
||||
{
|
||||
perror("des");
|
||||
exit(1);
|
||||
}
|
||||
read(fd, salt, FT_DES_BYTE_BLOCK_SIZE);
|
||||
}
|
||||
|
||||
static void no_arguments
|
||||
(
|
||||
t_des_ctx *ctx,
|
||||
t_pbkdf2_sha256_ctx *pbkdf_ctx
|
||||
)
|
||||
{
|
||||
char pass[128];
|
||||
char salt[FT_DES_BYTE_BLOCK_SIZE];
|
||||
t_byte1 key[FT_DES_BYTE_BLOCK_SIZE];
|
||||
|
||||
get_pass(pass);
|
||||
generate_salt(salt);
|
||||
|
||||
pbkdf_ctx->iterations = 10000;
|
||||
pbkdf_ctx->key = key;
|
||||
pbkdf_ctx->salt_len = FT_DES_BYTE_BLOCK_SIZE;
|
||||
pbkdf_ctx->pass = (t_byte1 *)pass;
|
||||
pbkdf_ctx->salt = (t_byte1 *)salt;
|
||||
pbkdf_ctx->pass_len = ft_strlen((char *)pass);
|
||||
pbkdf_ctx->key_len = FT_DES_BYTE_BLOCK_SIZE;
|
||||
ft_pbkdf2_sha256(pbkdf_ctx);
|
||||
ft_des_byte_to_bits(key, FT_DES_BYTE_BLOCK_SIZE, ctx->key,
|
||||
FT_DES_INITIAL_KEY_SIZE);
|
||||
write(ctx->output_fd, "Salted__", 8);
|
||||
write(ctx->output_fd, salt, FT_DES_BYTE_BLOCK_SIZE);
|
||||
}
|
||||
|
||||
void ft_des_derive_key
|
||||
(
|
||||
t_des_ctx *ctx
|
||||
|
@ -11,6 +73,12 @@ void ft_des_derive_key
|
|||
t_pbkdf2_sha256_ctx pbkdf_ctx;
|
||||
t_byte1 key[FT_DES_BYTE_BLOCK_SIZE];
|
||||
|
||||
if (!ctx->raw_key && !ctx->raw_salt && !ctx->raw_password)
|
||||
{
|
||||
no_arguments(ctx, &pbkdf_ctx);
|
||||
return ;
|
||||
}
|
||||
|
||||
if (ctx->raw_key)
|
||||
{
|
||||
if (ft_des_hex_to_bit(ctx->raw_key, ctx->key, FT_DES_BIT_BLOCK_SIZE))
|
||||
|
|
Loading…
Reference in a new issue