LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 11-19-2008, 10:17 AM   #1
delite
Member
 
Registered: Nov 2008
Posts: 44

Rep: Reputation: 15
Passwords


Hey,
I'm starting to have a play with some crypto stuff. I seem to have got some algorithms which work, but i'm having trouble implementing a password structure which is compatible with the likes of openssls'. Can someone point me in the direction of a RFC or suchlike. Currently i'm about to dissect 'passwd.c' from the openssl source, but i'm not sure if it's what i'm actually after (because there numerous ways, e.g. md5, des).

Many thanks...


To be a bit clearer this is concerning symmetric algorithms such as say blowfish. From the user entering the password, how is it turned into a key (possibly concerning, iv's, magic, etc)

Last edited by delite; 11-19-2008 at 10:49 AM. Reason: To be a bit clearer...
 
Old 11-19-2008, 08:07 PM   #2
delite
Member
 
Registered: Nov 2008
Posts: 44

Original Poster
Rep: Reputation: 15
Hi,

I'm testing with openssl. Here's what i'm using with it.
Quote:
openssl bf-cbc -in test.txt -out test2.bin -pass pass:password
openssl bf-cbc -d -in test.bin -out test2.bin.txt -pass pass:password
Then i've taken an example of symmetrical encryption from the book 'Network Security with OpenSSL' and made it into this. I've been playing with the 'EVP_BytesToKey()' function, of which I think i've got right. It encrypts and decrypts. However when I use the actual openssl program to decrypt it states: 'bad magic number'

Also I notice that the openssl variations output is 16 bytes bigger. From looking at a hex dump I see the string 'Salted__', but thats only 8 bytes. Is the next 8 used as an iv or something? Is it converted to hex? I'm almost assuming that this is internal to a BIO (from looking within enc.c)....

Any points towards the right direction greatly appreciated...

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/evp.h>

#define ALG		EVP_des_ede3_cbc()

int do_crypt(char *fin, char *fout, int do_encrypt, char *pw)
{
	
	static const char magic[]="Salted__";
	
	unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
	EVP_BytesToKey(ALG, EVP_md5(), magic, (unsigned char*)pw, strlen(pw), 1, key, iv);
	
	FILE *in;
	in = fopen(fin, "r");
	
	FILE *out;
	out = fopen(fout, "w");
	
	unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
	int inlen, outlen;
	
	EVP_CIPHER_CTX ctx;
	
	EVP_CIPHER_CTX_init(&ctx);
	EVP_CipherInit_ex(&ctx, EVP_bf_cbc(), NULL, NULL, NULL, do_encrypt);
	
	EVP_CIPHER_CTX_set_key_length(&ctx, 10);
	EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
	
	for(;;)
	{
		inlen = fread(inbuf, 1, 1024, in);
		
		if(inlen <= 0) break;
		if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
		{
			/* Error */
			EVP_CIPHER_CTX_cleanup(&ctx);
			return 0;
		}
		fwrite(outbuf, 1, outlen, out);
	}
	if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
	{
		/* Error */
		EVP_CIPHER_CTX_cleanup(&ctx);
		return 0;
	}
	fwrite(outbuf, 1, outlen, out);
	EVP_CIPHER_CTX_cleanup(&ctx);
	fclose(in);
	fclose(out);
	return 1;
}

int main (int argc, char *argv[])
{
	int iret;
	char *s;
	s = (char*)malloc(8+1);
	strcpy(s, (char*)"password");
	
	iret = do_crypt("test.txt", "test.bin", 1, s);
	iret = do_crypt("test.bin", "test.bin.txt", 0, s);
	
	return 0;
}

My simple makefile for building within demos of src:
Code:
CC=cc
CFLAGS= -g -I../../include -Wall
LIBS= -L../.. ../../libssl.a ../../libcrypto.a -lcrypto -ldl -pthread
EXAMPLES=main

all: $(EXAMPLES) 

main: main.o
	$(CC) -o main main.o $(LIBS)

clean:	
	rm -f $(EXAMPLES) *.o

Last edited by delite; 11-19-2008 at 08:08 PM. Reason: To disable smiles!
 
  


Reply

Tags
openssl, passwords


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to convert user passwords and group passwords using pwconv? dolceinter1 Linux - Security 2 11-04-2008 11:03 PM
updating samba passwords with system passwords paranoid times Linux - Software 3 10-03-2006 10:04 PM
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 04:15 AM
Completely uninstalling MySQL and its passwords passwords...how? I locked myself out! Baix Linux - Newbie 2 01-30-2005 05:10 PM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 11:59 AM


All times are GMT -5. The time now is 10:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration