mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-24 19:10:13 +01:00
Prepend a random garbage block to the data to be encrypted
Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
parent
8c6560f302
commit
2ed654c87f
@ -58,6 +58,10 @@ int inf(unsigned char *in, int len, int mode, char **buffer, FILE *dest){
|
|||||||
char *new_ptr;
|
char *new_ptr;
|
||||||
unsigned char out[REALLYBIGBUFSIZE];
|
unsigned char out[REALLYBIGBUFSIZE];
|
||||||
|
|
||||||
|
/* expecting deflate with 32k window size (0x78) */
|
||||||
|
if(len > 0 && in[0] != 0x78)
|
||||||
|
return Z_DATA_ERROR;
|
||||||
|
|
||||||
/* allocate inflate state */
|
/* allocate inflate state */
|
||||||
|
|
||||||
strm.zalloc = Z_NULL;
|
strm.zalloc = Z_NULL;
|
||||||
@ -139,6 +143,7 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
|
|||||||
#else
|
#else
|
||||||
EVP_CIPHER_CTX *ctx=NULL;
|
EVP_CIPHER_CTX *ctx=NULL;
|
||||||
#endif
|
#endif
|
||||||
|
int blocklen;
|
||||||
|
|
||||||
|
|
||||||
if(filename == NULL) return 1;
|
if(filename == NULL) return 1;
|
||||||
@ -162,15 +167,17 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
|
|||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
EVP_CIPHER_CTX_init(&ctx);
|
||||||
EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
EVP_DecryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||||
|
blocklen = EVP_CIPHER_CTX_block_size(&ctx);
|
||||||
#else
|
#else
|
||||||
ctx = EVP_CIPHER_CTX_new();
|
ctx = EVP_CIPHER_CTX_new();
|
||||||
if(!ctx) goto CLEANUP;
|
if(!ctx) goto CLEANUP;
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(ctx);
|
EVP_CIPHER_CTX_init(ctx);
|
||||||
EVP_DecryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
EVP_DecryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||||
|
blocklen = EVP_CIPHER_CTX_block_size(ctx);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
len = st.st_size+EVP_MAX_BLOCK_LENGTH;
|
len = st.st_size+blocklen;
|
||||||
|
|
||||||
s = malloc(len);
|
s = malloc(len);
|
||||||
|
|
||||||
@ -207,7 +214,13 @@ int retrieve_file_from_archive(char *filename, int mode, char **buffer, FILE *de
|
|||||||
|
|
||||||
|
|
||||||
tlen += olen;
|
tlen += olen;
|
||||||
|
|
||||||
|
// old fileformat with static IV
|
||||||
rc = inf(s, tlen, mode, buffer, dest);
|
rc = inf(s, tlen, mode, buffer, dest);
|
||||||
|
// new fileformat, starting with blocklen bytes of garbage
|
||||||
|
if(rc != Z_OK && tlen >= blocklen){
|
||||||
|
rc = inf(s+blocklen, tlen-blocklen, mode, buffer, dest);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
addr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||||
|
28
src/store.c
28
src/store.c
@ -51,6 +51,8 @@ int store_file(struct session_data *sdata, char *filename, int len, struct confi
|
|||||||
#else
|
#else
|
||||||
EVP_CIPHER_CTX *ctx;
|
EVP_CIPHER_CTX *ctx;
|
||||||
#endif
|
#endif
|
||||||
|
int blocklen;
|
||||||
|
unsigned char rnd[EVP_MAX_BLOCK_LENGTH];
|
||||||
unsigned char *outbuf=NULL;
|
unsigned char *outbuf=NULL;
|
||||||
int outlen=0, writelen, tmplen;
|
int outlen=0, writelen, tmplen;
|
||||||
|
|
||||||
@ -108,25 +110,45 @@ int store_file(struct session_data *sdata, char *filename, int len, struct confi
|
|||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
EVP_CIPHER_CTX_init(&ctx);
|
||||||
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||||
|
blocklen = EVP_CIPHER_CTX_block_size(&ctx);
|
||||||
#else
|
#else
|
||||||
ctx = EVP_CIPHER_CTX_new();
|
ctx = EVP_CIPHER_CTX_new();
|
||||||
if(!ctx) goto ENDE;
|
if(!ctx) goto ENDE;
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(ctx);
|
EVP_CIPHER_CTX_init(ctx);
|
||||||
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, cfg->key, cfg->iv);
|
||||||
|
blocklen = EVP_CIPHER_CTX_block_size(ctx);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
outbuf = malloc(dstlen + EVP_MAX_BLOCK_LENGTH);
|
// prepend a block with random data as replacement for dynamic iv
|
||||||
|
// see e.g. https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block
|
||||||
|
fd = open(RANDOM_POOL, O_RDONLY);
|
||||||
|
if(fd == -1) goto ENDE;
|
||||||
|
tmplen = readFromEntropyPool(fd, rnd, blocklen);
|
||||||
|
close(fd);
|
||||||
|
if(tmplen != blocklen) goto ENDE;
|
||||||
|
// make sure, random data does not start with zlib magic 0x78
|
||||||
|
if(rnd[0] == 0x78) rnd[0] =~ rnd[0];
|
||||||
|
|
||||||
|
outbuf = malloc(dstlen + blocklen * 2);
|
||||||
if(outbuf == NULL) goto ENDE;
|
if(outbuf == NULL) goto ENDE;
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, z, dstlen)) goto ENDE;
|
if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, rnd, blocklen)) goto ENDE;
|
||||||
|
if(!EVP_EncryptUpdate(&ctx, outbuf + outlen, &tmplen, z, dstlen)) goto ENDE;
|
||||||
|
#else
|
||||||
|
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, rnd, blocklen)) goto ENDE;
|
||||||
|
if(!EVP_EncryptUpdate(ctx, outbuf + outlen, &tmplen, z, dstlen)) goto ENDE;
|
||||||
|
#endif
|
||||||
|
outlen += tmplen;
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
||||||
#else
|
#else
|
||||||
if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, z, dstlen)) goto ENDE;
|
|
||||||
if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) goto ENDE;
|
||||||
#endif
|
#endif
|
||||||
outlen += tmplen;
|
outlen += tmplen;
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||||
#else
|
#else
|
||||||
|
Loading…
Reference in New Issue
Block a user