c - DES encryption in linux -


i'm trying use glibc cbc_crypt function encrypt strings in c program should portable function why i'm using library

here's code:

#define _gnu_source #include <stdio.h> #include <crypt.h> #include <string.h> #include <rpc/des_crypt.h>  int main(int argc, char *argv[]) {     int blah=0;     char plaintext[]="mypass1234test";     char key[]="abcdefg1";     char encbuff[] = "87654321";     char decbuff[] = "87645321";     des_setparity(key);     int size=sizeof(plaintext);     printf("plaintext %s\n",plaintext);     printf("original size %d\n",size);     while (size % 8 && size < 420)         plaintext[size++]='\0';     printf("new size %d\n",size);     if (argc>1) {         if (strcmp("encrypt",argv[1])==0) {             blah=cbc_crypt(key,plaintext,size,des_encrypt | des_sw,encbuff);             printf("ciphertext %s\n",plaintext);             size = sizeof(plaintext);             printf("original size %d\n",size);             while (size % 8 && size < 420)                 plaintext[size++]='\0';             printf("new size %d\n",size);             blah=cbc_crypt(key,plaintext,size,des_decrypt | des_sw,decbuff);             printf("plaintext %s\n",plaintext);         }     }     return 0; } 

when try run program following:

./a.out encryption plaintext mypass1234test original size 15 new size 16 ciphertext 0ю�sbkx,�7&���8@  @ original size 15 new size 16 plaintext myp`rs12��~�ϖ@ @ 

my goal encrypt files , decrypt files, i'm open use other cryptographic functions need program portable( rather not use openssl have machines running without library)

i haven't reviewed code, here few things wrong.

  • the length of plaintext , ciphertext must multiple of 8 bytes. cbc_crypt function doesn't padding you. you're passing 15-byte buffer; depending on how cbc_crypt works , on platform , on how compiler feeling today, may result in variable being overwritten @ point.
  • the loop add null bytes @ end of plaintext overflows buffer. plaintext has room 15 bytes, you're writing 16. depending on platform , on how compiler feeling today, may result in variable being overwritten @ point.
  • the loop add null bytes @ end of ciphertext results in garbage when decrypt it. that's normal: “regular” ciphertext gives garbage upon decryption. (that's in addition problem loop writing outside bounds of array.)
  • the iv cbc should uniformly random, not constant. won't result in invalid decryption bad security.

in case, mere fact you're using des bad security. des long obsolete. use aes instead.

there's no standard cryptographic library, there libraries liberal license , small footprint. pick 1 , link code statically code.

one possibility use libtomcrypt. there code samples in manual. if want encryption, use aes in cbc or ctr mode random iv/counter. if want authentication (i.e. detect if modified ciphertext), use aes in gcm or ccm mode (again, random iv).


Comments

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

Android soft keyboard reverts to default keyboard on orientation change -

Rendering JButton to get the JCheckBox behavior in a JTable by using images does not update my table -