bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2024-11-08 04:51:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prepend a random garbage block to the data to be encrypted

Browse Source 
Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
Janos SUTO 2020-12-03 18:12:48 +01:00
parent 8c6560f302
commit 2ed654c87f
2 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/archive.c
View File

@ -58,6 +58,10 @@ int inf(unsigned char *in, int len, int mode, char **buffer, FILE *dest){
char *new_ptr; char *new_ptr;
unsigned char out[REALLYBIGBUFSIZE]; unsigned char out[REALLYBIGBUFSIZE];
/* expecting deflate with 32k window size (0x78) */
if(len > 0 && in[0] != 0x78)
return Z_DATA_ERROR;
/* allocate inflate state */ /* allocate inflate state */
strm.zalloc = Z_NULL; strm.zalloc = Z_NULL;
@ -139,6 +143,7 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
#else #else
EVP_CIPHER_CTX *ctx=NULL; EVP_CIPHER_CTX *ctx=NULL;
#endif #endif
int blocklen;
if(filename == NULL) return 1; if(filename == NULL) return 1;
@ -162,15 +167,17 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
blocklen = EVP_CIPHER_CTX_block_size(&ctx);
#else #else
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
if(!ctx) goto CLEANUP; if(!ctx) goto CLEANUP;
EVP_CIPHER_CTX_init(ctx); EVP_CIPHER_CTX_init(ctx);
EVP_DecryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); EVP_DecryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
blocklen = EVP_CIPHER_CTX_block_size(ctx);
#endif #endif
len = st.st_size+EVP_MAX_BLOCK_LENGTH; len = st.st_size+blocklen;
s = malloc(len); s = malloc(len);
@ -207,7 +214,13 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
tlen += olen; tlen += olen;
// old fileformat with static IV
rc = inf(s, tlen, mode, buffer, dest); rc = inf(s, tlen, mode, buffer, dest);
// new fileformat, starting with blocklen bytes of garbage
if(rc != Z_OK && tlen >= blocklen){
rc = inf(s+blocklen, tlen-blocklen, mode, buffer, dest);
}
} }
else { else {
addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);

28
src/store.c
View File

@ -51,6 +51,8 @@ int store_file(struct session_data *sdata, char *filename, int len, struct confi
#else #else
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx;
#endif #endif
int blocklen;
unsigned char rnd[EVP_MAX_BLOCK_LENGTH];
unsigned char *outbuf=NULL; unsigned char *outbuf=NULL;
int outlen=0, writelen, tmplen; int outlen=0, writelen, tmplen;
@ -108,25 +110,45 @@ int store_file(struct session_data *sdata, char *filename, int len, struct confi
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
blocklen = EVP_CIPHER_CTX_block_size(&ctx);
#else #else
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
if(!ctx) goto ENDE; if(!ctx) goto ENDE;
EVP_CIPHER_CTX_init(ctx); EVP_CIPHER_CTX_init(ctx);
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv); EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
blocklen = EVP_CIPHER_CTX_block_size(ctx);
#endif #endif
outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH); // prepend a block with random data as replacement for dynamic iv
// see e.g. https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block
fd = open(RANDOM_POOL, O_RDONLY);
if(fd == -1) goto ENDE;
tmplen = readFromEntropyPool(fd, rnd, blocklen);
close(fd);
if(tmplen != blocklen) goto ENDE;
// make sure, random data does not start with zlib magic 0x78
if(rnd[0] == 0x78) rnd[0] =~ rnd[0];
outbuf = malloc(dstlen + blocklen * 2);
if(outbuf == NULL) goto ENDE; if(outbuf == NULL) goto ENDE;
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE; if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, rnd, blocklen)) goto ENDE;
if(!EVP_EncryptUpdate(&ctx, outbuf + outlen, &tmplen, z, dstlen)) goto ENDE;
#else
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, rnd, blocklen)) goto ENDE;
if(!EVP_EncryptUpdate(ctx, outbuf + outlen, &tmplen, z, dstlen)) goto ENDE;
#endif
outlen += tmplen;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE; if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE;
#else #else
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, z, dstlen)) goto ENDE;
if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) goto ENDE; if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) goto ENDE;
#endif #endif
outlen += tmplen; outlen += tmplen;
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
#else #else