Skip to content

Commit

Permalink
add PBKDF2 support to unwrap_openssl
Browse files Browse the repository at this point in the history
  • Loading branch information
@grawity
grawity committed May 25, 2024
1 parent 4eae23c commit 8b856a3
Showing 1 changed file with 15 additions and 2 deletions.
17 changes: 15 additions & 2 deletions getpaste
View file
Original file line number Diff line number Diff line change
Expand Up @@ -647,12 +647,15 @@ sub unwrap_openssl_aes {
eval {
require Crypt::Cipher::AES;
require Crypt::Mode::CBC;
require Crypt::KeyDerivation;
} or _die("missing Perl package 'CryptX'");

# serialization: raw [magic + salt + data]
# key derivation: EVP_BytesToKey (usually MD5)
# encryption: AES-256-CBC

Crypt::KeyDerivation->import("pbkdf2");

my ($data, $passwd, %opt) = @_;

my $ks = Crypt::Cipher::AES->keysize;
Expand All @@ -669,8 +672,18 @@ sub unwrap_openssl_aes {
_debug("salt: "._db64($salt));
_debug("salt: "._dhex($salt));

my $algo = uc($opt{kdf_algo} // "MD5");
my $buf = EVP_BytesToKey($salt, $passwd, $algo, $ks + $bs);
my $buf;
if ($opt{pbkdf2}) {
my $algo = uc($opt{kdf_algo} // "SHA256");
my $iter = $opt{kdf_iter} // 1000;
_debug("KDF: PBKDF2 (algo=$algo, iter=$iter)");
$buf = pbkdf2($passwd, $salt, $iter, $algo, $ks + $bs);
} else {
my $algo = uc($opt{kdf_algo} // "MD5");
_debug("KDF: EVP_BytesToKey (algo=$algo");
$buf = EVP_BytesToKey($salt, $passwd, $algo, $ks + $bs);
}

my $key = substr($buf, 0, $ks, "");
my $iv = substr($buf, 0, $bs, "");

Expand Down

0 comments on commit 8b856a3

Please sign in to comment.