static int sqlcipher_ltc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) { int rc, hash_idx; unsigned long outlen = key_sz; switch(algorithm) { case SQLCIPHER_HMAC_SHA1: hash_idx = find_hash("sha1"); break; case SQLCIPHER_HMAC_SHA256: hash_idx = find_hash("sha256"); break; case SQLCIPHER_HMAC_SHA512: hash_idx = find_hash("sha512"); break; default: return SQLITE_ERROR; } if(hash_idx < 0) return SQLITE_ERROR; if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz, workfactor, hash_idx, key, &outlen)) != CRYPT_OK) { return SQLITE_ERROR; } return SQLITE_OK; }
void CAESModule::setKey(Tools::CSecureString const &rUserKey, Tools::CSecureMemory const &rGeneratedKey) { mKey.allocate(gKeySize); unsigned long KeySize = static_cast<unsigned long>(mKey.getSize()); int Iterations = (int)gPasswordIterations; if (rGeneratedKey == gGenericSalt) { Iterations = (int)gPasswordIterationsWithoutSalt; } int const HashID = find_hash("sha256"); FASSERT(HashID != -1); int ErrorCode; ErrorCode = pkcs_5_alg2( reinterpret_cast<uint8_t const *>(&rUserKey[0]), static_cast<unsigned long>(rUserKey.getMaxLength()), reinterpret_cast<uint8_t const *>(&rGeneratedKey[0]), static_cast<unsigned long>(rGeneratedKey.getSize()), Iterations, HashID, &mKey[0], &KeySize ); return; }
static int sqlcipher_ltc_kdf(void *ctx, const char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) { int rc, hash_idx; unsigned long outlen = key_sz; unsigned long random_buffer_sz = 256; char random_buffer[random_buffer_sz]; ltc_ctx *ltc = (ltc_ctx*)ctx; hash_idx = find_hash("sha1"); if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz, workfactor, hash_idx, key, &outlen)) != CRYPT_OK) { return SQLITE_ERROR; } if((rc = pkcs_5_alg2(key, key_sz, salt, salt_sz, 1, hash_idx, random_buffer, &random_buffer_sz)) != CRYPT_OK) { return SQLITE_ERROR; } sqlcipher_ltc_add_random(ctx, random_buffer, random_buffer_sz); return SQLITE_OK; }
void Encrypt(PK0304* le, AE_EXTRA* ae, char* password) { char *salt, *key1, *key2, *check, digest[40]; u32 key_len = KeySize*2 + 2; u32 dig_len = 40; salt = BUF; key1 = salt+SaltSize; key2 = key1+KeySize; check = key2+KeySize; /* Gets a random salt (8-16 byte) */ sprng_read(salt, SaltSize, 0); /* Generates 2 keys for AES and HMAC, plus 2-byte password verification value */ if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK) Z_ERROR("Failed to derive encryption keys"); // dump("salt", salt, SaltSize); // dump("key", key1, KeySize); if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK) Z_ERROR("Failed to setup AES CTR encoder"); #ifdef GLADMAN_HMAC hmac_sha1_begin(&hmac); hmac_sha1_key(key2, KeySize, &hmac); #else if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK) Z_ERROR("Failed to setup HMAC-SHA1"); #endif if (AE2) le->Crc32 = 0; le->Flag |= 1; le->CompMethod = 99; le->ExtraLen += 11; le->CompSize += SaltSize + 12; /* variable salt, fixed password check and hmac */ safeWrite(ZOUT, le, sizeof(PK0304)); fileCopy(ZOUT, ZIN, le->NameLen+le->ExtraLen-11); safeWrite(ZOUT, ae, 11); safeWrite(ZOUT, salt, SaltSize); safeWrite(ZOUT, check, 2); /* encrypt contents */ fileFilter(ZOUT, ZIN, le->CompSize-SaltSize-12); #ifdef GLADMAN_HMAC hmac_sha1_end(digest, dig_len, &hmac); #else if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK) Z_ERROR("Failed to computate HMAC"); #endif safeWrite(ZOUT, digest, 10); ctr_done(&ctr); }
C4Err PASS_TO_KEY (const uint8_t *password, unsigned long password_len, uint8_t *salt, unsigned long salt_len, unsigned int rounds, uint8_t *key_buf, unsigned long key_len ) { C4Err err = kC4Err_NoErr; #if _USES_COMMON_CRYPTO_ if( CCKeyDerivationPBKDF( kCCPBKDF2, (const char*)password, password_len, salt, salt_len, kCCPRFHmacAlgSHA256, rounds, key_buf, key_len) != kCCSuccess) err = kC4Err_BadParams; #else int status = CRYPT_OK; status = pkcs_5_alg2(password, password_len, salt, salt_len, rounds, find_hash("sha256"), key_buf, &key_len); CKSTAT; done: if(status != CRYPT_OK) err = sCrypt2C4Err(status); #endif return err; }
/** PKCS #5 self-test @return CRYPT_OK if successful, CRYPT_NOP if tests have been disabled. */ int pkcs_5_test (void) { #ifndef LTC_TEST return CRYPT_NOP; #else typedef struct { const char* P; unsigned long P_len; const char* S; unsigned long S_len; int c; unsigned long dkLen; unsigned char DK[40]; } case_item; static const case_item cases_5_2[] = { { "password", 8, "salt", 4, 1, 20, { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, 0x2f, 0xe0, 0x37, 0xa6 } }, { "password", 8, "salt", 4, 2, 20, { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, 0xd8, 0xde, 0x89, 0x57 } }, #ifdef LTC_TEST_EXT { "password", 8, "salt", 4, 4096, 20, { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, 0x65, 0xa4, 0x29, 0xc1 } }, { "password", 8, "salt", 4, 16777216, 20, { 0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4, 0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c, 0x26, 0x34, 0xe9, 0x84 } }, { "passwordPASSWORDpassword", 25, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096, 25, { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 0x38 } }, { "pass\0word", 9, "sa\0lt", 5, 4096, 16, { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 } }, #endif /* LTC_TEST_EXT */ }; static const case_item cases_5_1[] = { { "password", 8, "saltsalt", /* must be 8 octects */ 8, /* ignored by alg1 */ 1, 20, { 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c, 0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44 } }, }; static const case_item cases_5_1o[] = { { "password", 8, "saltsalt", /* must be 8 octects */ 8, /* ignored by alg1_openssl */ 1, 20, { 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c, 0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44 } }, { "password", 8, "saltsalt", /* must be 8 octects */ 8, /* ignored by alg1_openssl */ 1, 30, { 0xca, 0xb8, 0x6d, 0xd6, 0x26, 0x17, 0x10, 0x89, 0x1e, 0x8c, 0xb5, 0x6e, 0xe3, 0x62, 0x56, 0x91, 0xa7, 0x5d, 0xf3, 0x44, 0xf0, 0xbf, 0xf4, 0xc1, 0x2c, 0xf3, 0x59, 0x6f, 0xc0, 0x0b } } }; unsigned char DK[40]; unsigned long dkLen; int i, err; int tested=0, failed=0; int hash = find_hash("sha1"); if (hash == -1) { #ifdef LTC_TEST_DBG printf("PKCS#5 test failed: 'sha1' hash not found\n"); #endif return CRYPT_ERROR; } /* testing alg 2 */ for(i=0; i < (int)(sizeof(cases_5_2) / sizeof(cases_5_2[0])); i++) { ++tested; dkLen = cases_5_2[i].dkLen; if((err = pkcs_5_alg2((unsigned char*)cases_5_2[i].P, cases_5_2[i].P_len, (unsigned char*)cases_5_2[i].S, cases_5_2[i].S_len, cases_5_2[i].c, hash, DK, &dkLen)) != CRYPT_OK) { #ifdef LTC_TEST_DBG printf("\npkcs_5_alg2() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif ++failed; } else if (compare_testvector(DK, dkLen, cases_5_2[i].DK, cases_5_2[i].dkLen, "PKCS#5_2", i)) { ++failed; } } /* testing alg 1 */ for(i=0; i < (int)(sizeof(cases_5_1) / sizeof(case_item)); i++, tested++) { dkLen = cases_5_1[i].dkLen; if((err = pkcs_5_alg1((unsigned char*)cases_5_1[i].P, cases_5_1[i].P_len, (unsigned char*)cases_5_1[i].S, cases_5_1[i].c, hash, DK, &dkLen)) != CRYPT_OK) { #ifdef LTC_TEST_DBG printf("\npkcs_5_alg1() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif ++failed; } else if (compare_testvector(DK, dkLen, cases_5_1[i].DK, cases_5_1[i].dkLen, "PKCS#5_1", i)) { ++failed; } } /* testing alg 1_openssl */ for(i = 0; i < (int)(sizeof(cases_5_1o) / sizeof(cases_5_1o[0])); i++, tested++) { dkLen = cases_5_1o[i].dkLen; if ((err = pkcs_5_alg1_openssl((unsigned char*)cases_5_1o[i].P, cases_5_1o[i].P_len, (unsigned char*)cases_5_1o[i].S, cases_5_1o[i].c, hash, DK, &dkLen)) != CRYPT_OK) { #ifdef LTC_TEST_DBG printf("\npkcs_5_alg1_openssl() #%d: Failed/1 (%s)\n", i, error_to_string(err)); #endif ++failed; } else if (compare_testvector(DK, dkLen, cases_5_1o[i].DK, cases_5_1o[i].dkLen, "PKCS#5_1o", i)) { ++failed; } } return (failed != 0) ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK; #endif }
void Decrypt(PK0304 *le, char *password) { char *salt, *key1, *key2, *check, digest[40]; u32 key_len, dig_len = 40, start, xlen; AE_EXTRA ae; start = ftell(ZIN); /* Searches for AE-1 header */ fseek(ZIN, le->NameLen, SEEK_CUR); for(xlen=le->ExtraLen; xlen;) { safeRead(&ae, ZIN, 4); xlen -= (4 + ae.Size); if (ae.Sig == 0x9901) { safeRead(&ae.Version, ZIN, 7); continue; } fseek(ZIN, ae.Size, SEEK_CUR); } if (ae.Sig != 0x9901) Z_ERROR("Fatal! Can't find AE extra header!"); if (ae.Strength < 1 || ae.Strength > 3) Z_ERROR("Bad encryption strength"); SaltSize = KS[ae.Strength].Salt; KeySize = KS[ae.Strength].Key; salt = BUF; key1 = salt+SaltSize; key2 = key1+KeySize; check = key2+KeySize; key_len = KeySize*2+2; /* Loads salt and password check value, and regenerates original crypto material */ fseek(ZIN, start+le->NameLen+le->ExtraLen, SEEK_SET); safeRead(salt, ZIN, SaltSize); safeRead(check+2, ZIN, 2); point1: if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK) Z_ERROR("Failed to derive encryption keys"); if (memcmp(check, check+2, 2)) { printf("\nCan't decrypt data: try another password.\nNew password: "******"\n"); goto point1; } if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK) Z_ERROR("Failed to setup AES CTR decoder"); #ifdef GLADMAN_HMAC hmac_sha1_begin(&hmac); hmac_sha1_key(key2, KeySize, &hmac); #else if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK) Z_ERROR("Failed to setup HMAC-SHA1"); #endif /* Adjusts local header */ le->Flag ^= 1; le->CompMethod = ae.CompMethod; le->ExtraLen -= 11; le->CompSize -= (SaltSize + 12); /* Writes local header and copies extra, except 0x9901 */ safeWrite(ZOUT, le, sizeof(PK0304)); fseek(ZIN, start, SEEK_SET); fileCopy(ZOUT, ZIN, le->NameLen); for(xlen=le->ExtraLen+11; xlen;) { safeRead(&ae, ZIN, 4); xlen -= (4 + ae.Size); if (ae.Sig == 0x9901) { safeRead(&ae.Version, ZIN, 7); continue; } safeWrite(ZOUT, &ae, 4); fileCopy(ZOUT, ZIN, ae.Size); } fseek(ZIN, SaltSize+2, SEEK_CUR); fileFilter(ZOUT, ZIN, le->CompSize); #ifdef GLADMAN_HMAC hmac_sha1_end(digest, dig_len, &hmac); #else if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK) Z_ERROR("Failed to computate HMAC"); #endif /* Retrieves and checks HMACs */ safeRead(digest+10, ZIN, 10); if (memcmp(digest, digest+10, 10)) printf(" authentication failed, contents were lost!"); ctr_done(&ctr); }