int main(int argc, char * argv[]){ unsigned char key[32]; char *pwd; unsigned char * salt; /* *** initialization *** */ if(argc != 3) { fprintf(stderr, "usage: %s <passwd>\n", argv[0]); return -1; } /* *** allocate space for salt *** */ salt = (unsigned char *)malloc( 32 * sizeof(char)); if(key == NULL) { fprintf(stderr, "error: can't allocate enough space for salt\n"); return -1; } /* *** allocate space for pwd *** */ pwd = (char *)malloc( 64 * sizeof(char)); if(pwd == NULL) { fprintf(stderr, "error: can't allocate enough space for passwd\n"); return -1; } salt = (unsigned char *) argv[2]; pwd = argv[1]; deriv_passwd( key, pwd, salt, 9, 32); print_hex( key, 32, "hash ="); return 0; }
int protect_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *password, unsigned char *salt, int salt_len, unsigned int iterations) { int ret; int i; unsigned char k_m[32]; unsigned char k_c[32]; unsigned char k_i[32]; unsigned char tmp_1[36]; int pad_len; unsigned char *input_padd; unsigned char *cipher; aes_context aes_ctx; unsigned char iv_[16]; /* *** Initialisation *** */ input_padd = NULL; cipher = NULL; memset(iv_, 0x00, 16); /* *** Check des arguments *** */ if((output == NULL) || (output_len == NULL) || (input == NULL) || (input_len <= 0) || (password == NULL) || (salt == NULL)) { goto cleanup; } /* *** Deriv password to MasterKey *** */ ret = deriv_passwd(k_m, password, salt, salt_len, iterations); if(ret != 0) { fprintf(stderr, "error: deriv_passwd\n"); return 1; } /* *** Deriv MasterKey to CipherKey / IntegrityKey *** */ i = 0; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha256(tmp_1, 36, k_c, 0); i ++; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha256(tmp_1, 36, k_i, 0); /* *** Padding ?! *** */ pad_len = 16 - (input_len % 16); input_padd = (unsigned char *)malloc((input_len + pad_len)*sizeof(char)); if(input_padd == NULL) goto cleanup; cipher = (unsigned char *)malloc((input_len + pad_len + 32)*sizeof(char)); if(cipher == NULL) goto cleanup; memcpy(input_padd, input, input_len); memcpy(input_padd+input_len, padding, pad_len); /* *** Chiffrement *** */ ret = aes_setkey_enc(&aes_ctx, k_c, 256); if(ret != 0) goto cleanup; ret = aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, input_len+pad_len, iv_, input_padd, cipher); if(ret != 0) goto cleanup; /* *** Ajout du controle d'integrite *** */ sha256_hmac(k_i, 32, cipher, input_len+pad_len, cipher+input_len+pad_len, 0); *output = cipher; *output_len = input_len + pad_len + 32; ret = 0; cleanup: if(input_padd != NULL) free(input_padd); if(cipher != NULL) free(cipher); memset(&aes_ctx, 0x00, sizeof(aes_context)); memset(k_m, 0x00, 32); memset(k_c, 0x00, 32); memset(k_i, 0x00, 32); memset(tmp_1, 0x00, 36); return ret; }
int protect_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *password, unsigned char *salt, int salt_len, unsigned int iterations) { int i, pad_len, ret; unsigned char k_m[32]; unsigned char k_c[32]; unsigned char k_i[32]; unsigned char tmp_1[36]; unsigned char *input_padd; unsigned char *cipher; aes_context aes_ctx; /* *** Init *** */ i = 0; pad_len = 0; ret = 1; input_padd = NULL; cipher = NULL; /* *** Deriv password to MasterKey *** */ ret = deriv_passwd(k_m, password, salt, salt_len, iterations); if(ret != 0) { fprintf(stderr, "error: deriv_passwd failed\n"); return 1; } /* *** Deriv MasterKey to CipherKey / IntegrityKey *** */ i = 0; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_c, 0); i ++; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_i, 0); /* *** Padding *** */ pad_len = 16 - (input_len % 16); input_padd = (unsigned char *) malloc((input_len + pad_len) * sizeof(char)); if(input_padd == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } cipher = (unsigned char *)malloc((input_len + pad_len + 32) * sizeof(char)); if(cipher == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } memcpy(input_padd, input, input_len); memcpy(input_padd+input_len, padding, pad_len); /* *** Chiffrement *** */ ret = aes_setkey_enc(&aes_ctx, k_c, 256); if(ret != 0) { fprintf(stderr, "error : aes_setkey_enc failed\n"); ret = 1; goto cleanup; } ret = aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, (size_t) (input_len + pad_len), iv, input_padd, cipher); if(ret != 0) { fprintf(stderr, "error : aes_crypt_cbc failed\n"); ret = 1; goto cleanup; } /* *** Ajout du controle d'integrite *** */ sha2_hmac(k_i, 32, cipher, input_len + pad_len, cipher + input_len + pad_len, 0); *output = cipher; *output_len = input_len + pad_len + 32; ret = 0; cleanup: if(input_padd != NULL) { memset(input_padd, 0x00, input_len + pad_len); free(input_padd); } memset(&aes_ctx, 0x00, sizeof(aes_context)); memset(k_m, 0x00, 32); memset(k_c, 0x00, 32); memset(k_i, 0x00, 32); memset(tmp_1, 0x00, 36); pad_len = 0; i = 0; return ret; }
int unprotect_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *password, unsigned char *salt, int salt_len, unsigned int iterations) { int ret, i, offset; unsigned char k_m[32]; unsigned char k_c[32]; unsigned char k_i[32]; unsigned char tmp_1[36]; unsigned char tmp_2[32]; unsigned char *input_padd; unsigned char *cipher; unsigned char *plain; aes_context aes_ctx; sha2_context sha_ctx; /* *** Init *** */ ret = 1; i = 0; offset = 0; input_padd = NULL; cipher = NULL; plain = NULL; /* *** Get cipher text *** */ cipher = (unsigned char *) malloc((input_len - 32) * sizeof(char)); if (cipher == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } memcpy(cipher, input, input_len - 32); input_padd = (unsigned char *) malloc((input_len - 32) * sizeof(char)); if (input_padd == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } memcpy(tmp_2, input + (input_len - 32), 32); /* *** Deriv password to MasterKey *** */ ret = deriv_passwd(k_m, password, salt, salt_len, iterations); if(ret != 0) { fprintf(stderr, "error: deriv_passwd failed\n"); ret = 1; goto cleanup; } /* *** Deriv MasterKey to CipherKey / IntegrityKey *** */ i = 0; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_c, 0); i++; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_i, 0); /* *** Calculate the integrity key with the given password *** */ sha2_hmac_starts(&sha_ctx, k_i, 32, 0); sha2_hmac_update(&sha_ctx, cipher, input_len - 32); sha2_hmac_finish(&sha_ctx, k_i); /* *** Comparison *** */ if (memcmp(k_i, tmp_2, 32) != 0) { fprintf(stderr, "error : keys are differents\n"); ret = 1; goto cleanup; } /* *** Dechiffrement *** */ ret = aes_setkey_dec(&aes_ctx, k_c, 256); if (ret != 0) { fprintf(stderr, "error : aes_setkey_dec failed\n"); ret = 1; goto cleanup; } ret = aes_crypt_cbc(&aes_ctx, AES_DECRYPT, input_len - 32, iv, cipher, input_padd); if (ret != 0) { fprintf(stderr, "error : aes_crypt_cbc failed\n"); ret = 1; goto cleanup; } /* *** Padding *** */ offset = getPaddingOffset(input_padd, input_len - 32); plain = (unsigned char *) malloc(offset * sizeof(char) + 1); if (plain == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } memcpy(plain, input_padd, offset); plain[offset * sizeof(char)] = '\0'; /* *** Output *** */ *output = plain; *output_len = offset; ret = 0; cleanup: if (input_padd != NULL) { memset(input_padd, 0x00, input_len - 32); free(input_padd); } if (cipher != NULL) { memset(cipher, 0x00, input_len - 32); free(cipher); } memset(&aes_ctx, 0x00, sizeof(aes_context)); memset(&sha_ctx, 0x00, sizeof(sha_ctx)); memset(k_m, 0x00, 32); memset(k_c, 0x00, 32); memset(k_i, 0x00, 32); memset(tmp_1, 0x00, 36); memset(tmp_2, 0x00, 32); i = 0; return ret; }