Skip to content

Instantly share code, notes, and snippets.

@dzmitryk
Last active June 22, 2024 00:22
Show Gist options
  • Save dzmitryk/6830285 to your computer and use it in GitHub Desktop.
Save dzmitryk/6830285 to your computer and use it in GitHub Desktop.
Simple command line tool to demonstrate using of PKCS#5 PBKDF2 HMAC SHA1 capabilities of OpenSSL library.Params: -i number of iterations; -s salt; -p password; -l hash length; -x flag which allows to specify salt as hex string;Compile using: $gcc pkcs5.c -L/usr/lib -lssl -lcrypto -o pkcs5
/*
MIT License
Copyright (c) 2013 Dzmitry Kazimirchyk
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <openssl/evp.h>
typedef int bool;
#define true 1
#define false 0
/*
* Converts string representation of hex number into actual hex sequence of bytes.
*/
void fromHex(unsigned char *hexSalt, unsigned char *out, int length) {
unsigned char hexNumber[2] = "";
unsigned char *hex = hexSalt;
int i;
for (i = 0; i < length; i++) {
memcpy(hexNumber, hex, 2);
char number = strtoul(hexNumber, NULL, 16);
out[i] = number;
hex += 2;
}
}
int main(int argc, char **argv) {
int option = -1;
bool convertHex = false;
int iterations = -1;
int length = -1;
unsigned char *salt_str = NULL;
const char *pass = NULL;
while ((option = getopt(argc, argv, "i:s:p:l:x")) != -1) {
switch (option) {
case 'i':
iterations = atoi(optarg);
break;
case 's':
salt_str = optarg;
break;
case 'p':
pass = optarg;
break;
case 'l':
length = atoi(optarg);
break;
case 'x':
convertHex = true;
break;
default:
fprintf(stderr, "unknown parameter\n");
return 1;
}
}
if (pass == NULL) {
fprintf(stderr, "password not specified\n");
return 1;
}
if (salt_str == NULL) {
fprintf(stderr, "salt not specified\n");
return 1;
}
if (iterations < 0) {
fprintf(stderr, "number of iterations not specified\n");
return 1;
}
if (length < 0) {
fprintf(stderr, "length not specified\n");
return 1;
}
unsigned char *salt;
int saltLength;
if (convertHex) {
// for now not handling hex sequences with odd number of symbols
saltLength = strlen(salt_str) / 2;
salt = (unsigned char *) malloc(sizeof(unsigned char) * saltLength);
fromHex(salt_str, salt, saltLength);
} else {
salt = salt_str;
saltLength = strlen(salt);
}
unsigned char *out = (unsigned char *) malloc(sizeof(unsigned char) * length);
if (PKCS5_PBKDF2_HMAC_SHA1(pass, strlen(pass), salt, saltLength, iterations, length, out) != 0) {
int i;
for (i = 0; i < length; i++) {
printf("%02x", out[i]);
}
printf("\n");
} else {
fprintf(stderr, "computation failed\n");
}
if (convertHex) {
free(salt);
}
free(out);
return 0;
}
@Kilobyte22
Copy link

Woot, VERY helpful, thanks a huge lot

@obdrpi
Copy link

obdrpi commented Sep 19, 2016

Very useful. Thanks for this. But it seems '-lssl' gave me a problem while compiling. Any suggestions?

@RokerHRO
Copy link

RokerHRO commented Nov 28, 2017

There are some problems with your C code: You really should initialize your local variables. The behaviour of the program is undefined e.g. if someone does not specify -i or -l and hexNumber might contain garbage (e.g. "abc", so copying 2 bytes into it might result in the wrong hex number being created.

An additional suggestion: The command line option -h is usually used to print a usage help to stdout. I changed the hex salt option into -x.

@obdrpi: -lssl is not necessary here, because no SSL/TLS functions are used, only crypto primitives. :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment