static int sqlcipher_ltc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
int rc, hash_idx;
unsigned long outlen = key_sz;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
hash_idx = find_hash("sha1");
break;
case SQLCIPHER_HMAC_SHA256:
hash_idx = find_hash("sha256");
break;
case SQLCIPHER_HMAC_SHA512:
hash_idx = find_hash("sha512");
break;
default:
return SQLITE_ERROR;
}
if(hash_idx < 0) return SQLITE_ERROR;
if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz,
workfactor, hash_idx, key, &outlen)) != CRYPT_OK) {
return SQLITE_ERROR;
}
return SQLITE_OK;
}
void CAESModule::setKey(Tools::CSecureString const &rUserKey, Tools::CSecureMemory const &rGeneratedKey)
{
mKey.allocate(gKeySize);
unsigned long KeySize = static_cast<unsigned long>(mKey.getSize());
int Iterations = (int)gPasswordIterations;
if (rGeneratedKey == gGenericSalt)
{
Iterations = (int)gPasswordIterationsWithoutSalt;
}
int const HashID = find_hash("sha256");
FASSERT(HashID != -1);
int ErrorCode;
ErrorCode = pkcs_5_alg2(
reinterpret_cast<uint8_t const *>(&rUserKey[0]),
static_cast<unsigned long>(rUserKey.getMaxLength()),
reinterpret_cast<uint8_t const *>(&rGeneratedKey[0]),
static_cast<unsigned long>(rGeneratedKey.getSize()),
Iterations,
HashID,
&mKey[0],
&KeySize
);
return;
}
static int sqlcipher_ltc_kdf(void *ctx, const char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
int rc, hash_idx;
unsigned long outlen = key_sz;
unsigned long random_buffer_sz = 256;
char random_buffer[random_buffer_sz];
ltc_ctx *ltc = (ltc_ctx*)ctx;
hash_idx = find_hash("sha1");
if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz,
workfactor, hash_idx, key, &outlen)) != CRYPT_OK) {
return SQLITE_ERROR;
}
if((rc = pkcs_5_alg2(key, key_sz, salt, salt_sz,
1, hash_idx, random_buffer, &random_buffer_sz)) != CRYPT_OK) {
return SQLITE_ERROR;
}
sqlcipher_ltc_add_random(ctx, random_buffer, random_buffer_sz);
return SQLITE_OK;
}
void Encrypt(PK0304* le, AE_EXTRA* ae, char* password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len = KeySize*2 + 2;
u32 dig_len = 40;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
/* Gets a random salt (8-16 byte) */
sprng_read(salt, SaltSize, 0);
/* Generates 2 keys for AES and HMAC, plus 2-byte password verification value */
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
// dump("salt", salt, SaltSize);
// dump("key", key1, KeySize);
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR encoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
if (AE2) le->Crc32 = 0;
le->Flag |= 1;
le->CompMethod = 99;
le->ExtraLen += 11;
le->CompSize += SaltSize + 12; /* variable salt, fixed password check and hmac */
safeWrite(ZOUT, le, sizeof(PK0304));
fileCopy(ZOUT, ZIN, le->NameLen+le->ExtraLen-11);
safeWrite(ZOUT, ae, 11);
safeWrite(ZOUT, salt, SaltSize);
safeWrite(ZOUT, check, 2);
/* encrypt contents */
fileFilter(ZOUT, ZIN, le->CompSize-SaltSize-12);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
safeWrite(ZOUT, digest, 10);
ctr_done(&ctr);
}
C4Err PASS_TO_KEY (const uint8_t *password,
unsigned long password_len,
uint8_t *salt,
unsigned long salt_len,
unsigned int rounds,
uint8_t *key_buf,
unsigned long key_len )
{
C4Err err = kC4Err_NoErr;
#if _USES_COMMON_CRYPTO_
if( CCKeyDerivationPBKDF( kCCPBKDF2, (const char*)password, password_len,
salt, salt_len,
kCCPRFHmacAlgSHA256, rounds,
key_buf, key_len)
!= kCCSuccess)
err = kC4Err_BadParams;
#else
int status = CRYPT_OK;
status = pkcs_5_alg2(password, password_len,
salt, salt_len,
rounds, find_hash("sha256"),
key_buf, &key_len); CKSTAT;
done:
if(status != CRYPT_OK)
err = sCrypt2C4Err(status);
#endif
return err;
}
/**
PKCS #5 self-test
@return CRYPT_OK if successful, CRYPT_NOP if tests have been disabled.
*/
int pkcs_5_test (void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
typedef struct {
const char* P;
unsigned long P_len;
const char* S;
unsigned long S_len;
int c;
unsigned long dkLen;
unsigned char DK[40];
} case_item;
static const case_item cases_5_2[] = {
{
"password",
8,
"salt",
4,
1,
20,
{ 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
0x2f, 0xe0, 0x37, 0xa6 }
},
{
"password",
8,
"salt",
4,
2,
20,
{ 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
0xd8, 0xde, 0x89, 0x57 }
},
#ifdef LTC_TEST_EXT
{
"password",
8,
"salt",
4,
4096,
20,
{ 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
0x65, 0xa4, 0x29, 0xc1 }
},
{
"password",
8,
"salt",
4,
16777216,
20,
{ 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
0x26, 0x34, 0xe9, 0x84 }
},
{
"passwordPASSWORDpassword",
25,
"saltSALTsaltSALTsaltSALTsaltSALTsalt",
36,
4096,
25,
{ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
0x38 }
},
{
"pass\0word",
9,
"sa\0lt",
5,
4096,
16,
{ 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 }
},
#endif /* LTC_TEST_EXT */
};
static const case_item cases_5_1[] = {
{
"password",
8,
"saltsalt", /* must be 8 octects */
8, /* ignored by alg1 */
1,
20,
{ 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c,
0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44 }
},
};
static const case_item cases_5_1o[] = {
{
"password",
8,
"saltsalt", /* must be 8 octects */
8, /* ignored by alg1_openssl */
1,
20,
{ 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c,
0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44 }
},
{
"password",
8,
"saltsalt", /* must be 8 octects */
8, /* ignored by alg1_openssl */
1,
30,
{ 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c,
0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44,
0xf0, 0xbf, 0xf4, 0xc1, 0x2c, 0xf3, 0x59, 0x6f, 0xc0, 0x0b }
}
};
unsigned char DK[40];
unsigned long dkLen;
int i, err;
int tested=0, failed=0;
int hash = find_hash("sha1");
if (hash == -1)
{
#ifdef LTC_TEST_DBG
printf("PKCS#5 test failed: 'sha1' hash not found\n");
#endif
return CRYPT_ERROR;
}
/* testing alg 2 */
for(i=0; i < (int)(sizeof(cases_5_2) / sizeof(cases_5_2[0])); i++) {
++tested;
dkLen = cases_5_2[i].dkLen;
if((err = pkcs_5_alg2((unsigned char*)cases_5_2[i].P, cases_5_2[i].P_len,
(unsigned char*)cases_5_2[i].S, cases_5_2[i].S_len,
cases_5_2[i].c, hash,
DK, &dkLen)) != CRYPT_OK) {
#ifdef LTC_TEST_DBG
printf("\npkcs_5_alg2() #%d: Failed/1 (%s)\n", i, error_to_string(err));
#endif
++failed;
}
else if (compare_testvector(DK, dkLen, cases_5_2[i].DK, cases_5_2[i].dkLen, "PKCS#5_2", i)) {
++failed;
}
}
/* testing alg 1 */
for(i=0; i < (int)(sizeof(cases_5_1) / sizeof(case_item)); i++, tested++) {
dkLen = cases_5_1[i].dkLen;
if((err = pkcs_5_alg1((unsigned char*)cases_5_1[i].P, cases_5_1[i].P_len,
(unsigned char*)cases_5_1[i].S,
cases_5_1[i].c, hash,
DK, &dkLen)) != CRYPT_OK) {
#ifdef LTC_TEST_DBG
printf("\npkcs_5_alg1() #%d: Failed/1 (%s)\n", i, error_to_string(err));
#endif
++failed;
}
else if (compare_testvector(DK, dkLen, cases_5_1[i].DK, cases_5_1[i].dkLen, "PKCS#5_1", i)) {
++failed;
}
}
/* testing alg 1_openssl */
for(i = 0; i < (int)(sizeof(cases_5_1o) / sizeof(cases_5_1o[0])); i++, tested++) {
dkLen = cases_5_1o[i].dkLen;
if ((err = pkcs_5_alg1_openssl((unsigned char*)cases_5_1o[i].P, cases_5_1o[i].P_len,
(unsigned char*)cases_5_1o[i].S,
cases_5_1o[i].c, hash,
DK, &dkLen)) != CRYPT_OK) {
#ifdef LTC_TEST_DBG
printf("\npkcs_5_alg1_openssl() #%d: Failed/1 (%s)\n", i, error_to_string(err));
#endif
++failed;
}
else if (compare_testvector(DK, dkLen, cases_5_1o[i].DK, cases_5_1o[i].dkLen, "PKCS#5_1o", i)) {
++failed;
}
}
return (failed != 0) ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK;
#endif
}
void Decrypt(PK0304 *le, char *password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len, dig_len = 40, start, xlen;
AE_EXTRA ae;
start = ftell(ZIN);
/* Searches for AE-1 header */
fseek(ZIN, le->NameLen, SEEK_CUR);
for(xlen=le->ExtraLen; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
fseek(ZIN, ae.Size, SEEK_CUR);
}
if (ae.Sig != 0x9901)
Z_ERROR("Fatal! Can't find AE extra header!");
if (ae.Strength < 1 || ae.Strength > 3)
Z_ERROR("Bad encryption strength");
SaltSize = KS[ae.Strength].Salt;
KeySize = KS[ae.Strength].Key;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
key_len = KeySize*2+2;
/* Loads salt and password check value, and regenerates original crypto material */
fseek(ZIN, start+le->NameLen+le->ExtraLen, SEEK_SET);
safeRead(salt, ZIN, SaltSize);
safeRead(check+2, ZIN, 2);
point1:
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
if (memcmp(check, check+2, 2))
{
printf("\nCan't decrypt data: try another password.\nNew password: "******"\n");
goto point1;
}
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR decoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
/* Adjusts local header */
le->Flag ^= 1;
le->CompMethod = ae.CompMethod;
le->ExtraLen -= 11;
le->CompSize -= (SaltSize + 12);
/* Writes local header and copies extra, except 0x9901 */
safeWrite(ZOUT, le, sizeof(PK0304));
fseek(ZIN, start, SEEK_SET);
fileCopy(ZOUT, ZIN, le->NameLen);
for(xlen=le->ExtraLen+11; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
safeWrite(ZOUT, &ae, 4);
fileCopy(ZOUT, ZIN, ae.Size);
}
fseek(ZIN, SaltSize+2, SEEK_CUR);
fileFilter(ZOUT, ZIN, le->CompSize);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
/* Retrieves and checks HMACs */
safeRead(digest+10, ZIN, 10);
if (memcmp(digest, digest+10, 10))
printf(" authentication failed, contents were lost!");
ctr_done(&ctr);
}
