Last active
June 22, 2024 00:22
-
-
Save dzmitryk/6830285 to your computer and use it in GitHub Desktop.
Simple command line tool to demonstrate using of PKCS#5 PBKDF2 HMAC SHA1 capabilities of OpenSSL library.Params: -i number of iterations; -s salt; -p password; -l hash length; -x flag which allows to specify salt as hex string;Compile using: $gcc pkcs5.c -L/usr/lib -lssl -lcrypto -o pkcs5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| MIT License | |
| Copyright (c) 2013 Dzmitry Kazimirchyk | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is | |
| furnished to do so, subject to the following conditions: | |
| The above copyright notice and this permission notice shall be included in all | |
| copies or substantial portions of the Software. | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| SOFTWARE. | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <openssl/evp.h> | |
| typedef int bool; | |
| #define true 1 | |
| #define false 0 | |
| /* | |
| * Converts string representation of hex number into actual hex sequence of bytes. | |
| */ | |
| void fromHex(unsigned char *hexSalt, unsigned char *out, int length) { | |
| unsigned char hexNumber[2] = ""; | |
| unsigned char *hex = hexSalt; | |
| int i; | |
| for (i = 0; i < length; i++) { | |
| memcpy(hexNumber, hex, 2); | |
| char number = strtoul(hexNumber, NULL, 16); | |
| out[i] = number; | |
| hex += 2; | |
| } | |
| } | |
| int main(int argc, char **argv) { | |
| int option = -1; | |
| bool convertHex = false; | |
| int iterations = -1; | |
| int length = -1; | |
| unsigned char *salt_str = NULL; | |
| const char *pass = NULL; | |
| while ((option = getopt(argc, argv, "i:s:p:l:x")) != -1) { | |
| switch (option) { | |
| case 'i': | |
| iterations = atoi(optarg); | |
| break; | |
| case 's': | |
| salt_str = optarg; | |
| break; | |
| case 'p': | |
| pass = optarg; | |
| break; | |
| case 'l': | |
| length = atoi(optarg); | |
| break; | |
| case 'x': | |
| convertHex = true; | |
| break; | |
| default: | |
| fprintf(stderr, "unknown parameter\n"); | |
| return 1; | |
| } | |
| } | |
| if (pass == NULL) { | |
| fprintf(stderr, "password not specified\n"); | |
| return 1; | |
| } | |
| if (salt_str == NULL) { | |
| fprintf(stderr, "salt not specified\n"); | |
| return 1; | |
| } | |
| if (iterations < 0) { | |
| fprintf(stderr, "number of iterations not specified\n"); | |
| return 1; | |
| } | |
| if (length < 0) { | |
| fprintf(stderr, "length not specified\n"); | |
| return 1; | |
| } | |
| unsigned char *salt; | |
| int saltLength; | |
| if (convertHex) { | |
| // for now not handling hex sequences with odd number of symbols | |
| saltLength = strlen(salt_str) / 2; | |
| salt = (unsigned char *) malloc(sizeof(unsigned char) * saltLength); | |
| fromHex(salt_str, salt, saltLength); | |
| } else { | |
| salt = salt_str; | |
| saltLength = strlen(salt); | |
| } | |
| unsigned char *out = (unsigned char *) malloc(sizeof(unsigned char) * length); | |
| if (PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, saltLength, iterations, length, out) != 0) { | |
| int i; | |
| for (i = 0; i < length; i++) { | |
| printf("%02x", out[i]); | |
| } | |
| printf("\n"); | |
| } else { | |
| fprintf(stderr, "computation failed\n"); | |
| } | |
| if (convertHex) { | |
| free(salt); | |
| } | |
| free(out); | |
| return 0; | |
| } |
Very useful. Thanks for this. But it seems '-lssl' gave me a problem while compiling. Any suggestions?
There are some problems with your C code: You really should initialize your local variables. The behaviour of the program is undefined e.g. if someone does not specify -i or -l and hexNumber might contain garbage (e.g. "abc", so copying 2 bytes into it might result in the wrong hex number being created.
An additional suggestion: The command line option -h is usually used to print a usage help to stdout. I changed the hex salt option into -x.
@obdrpi: -lssl is not necessary here, because no SSL/TLS functions are used, only crypto primitives. :-)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Woot, VERY helpful, thanks a huge lot