changed salt & magin number

Author: SnosMe

include/mtsdata.h

@@ -23,6 +23,7 @@ typedef enum {
   MTSD_EENCODE_PAYLOAD_SIZE,
   MTSD_EDECODE_CORRUPTED_PAYLOAD,
   MTSD_EPARSE_UNKNOWN_KEY,
+  MTSD_ETIME,
 } mtsd_err;
 
 typedef struct mtsd_field {

lib/container.c

@@ -6,15 +6,17 @@
 
 #pragma pack(push, 1)
 typedef struct {
+  uint8_t magic_number;
   uint16_t crc16;
-  uint16_t date;
+  uint32_t date;
   uint8_t random_bytes[MTSD_RANDOM_BYTES];
   uint8_t is_compressed;
 } mtsd_header;
 #pragma pack(pop)
 
 static uint16_t crc16(uint8_t* data, size_t size);
-static uint16_t get_date_now ();
+static mtsd_res get_date_now (uint32_t* out);
+static void derive_salt(const uint8_t* data, size_t data_size, const uint8_t* pass, size_t pass_len, uint8_t* salt);
 
 mtsd_res mtsd_encrypt(mtsd_document* doc,
                       uint8_t* password,
@@ -42,10 +44,16 @@ mtsd_res mtsd_encrypt(mtsd_document* doc,
   }
   MTSD_FREE(encoded);
 
-  MTSD_CHECK_GOTO(mtsd_encrypt_payload(out + sizeof(mtsd_header), *size, password, password_len, ((mtsd_header*)out)->random_bytes), error);
+  MTSD_CHECK_GOTO(get_date_now(&((mtsd_header*)out)->date), error);
 
-  ((mtsd_header*)out)->date = get_date_now();
-  ((mtsd_header*)out)->crc16 = crc16(out + 2, sizeof(mtsd_header) + *size - 2);
+  MTSD_CHECK_GOTO(mtsd_random_bytes(((mtsd_header*)out)->random_bytes, MTSD_RANDOM_BYTES), error);
+
+  uint8_t salt[MTSD_SALT_SIZE];
+  derive_salt(out, (sizeof(mtsd_header) + *size), password, password_len, salt);
+  MTSD_CHECK_GOTO(mtsd_encrypt_payload(out + sizeof(mtsd_header), *size, password, password_len, salt), error);
+
+  ((mtsd_header*)out)->magic_number = 0x7D;
+  ((mtsd_header*)out)->crc16 = crc16(out + 3, sizeof(mtsd_header) + *size - 3);
 
   *encrypted = (uint8_t*)out;
   *size = (sizeof(mtsd_header) + *size);
@@ -68,7 +76,9 @@ mtsd_res mtsd_decrypt(uint8_t* encrypted,
   MTSD_MALLOC(cloned, size - sizeof(mtsd_header));
   memcpy(cloned, encrypted + sizeof(mtsd_header), size - sizeof(mtsd_header));
 
-  MTSD_CHECK_GOTO(mtsd_decrypt_payload(cloned, size - sizeof(mtsd_header), password, password_len, ((mtsd_header*)encrypted)->random_bytes), error);
+  uint8_t salt[MTSD_SALT_SIZE];
+  derive_salt(encrypted, size, password, password_len, salt);
+  MTSD_CHECK_GOTO(mtsd_decrypt_payload(cloned, size - sizeof(mtsd_header), password, password_len, salt), error);
 
   if (((mtsd_header*)encrypted)->is_compressed) {
     encoded = mtsd_malloc(MTSD_PAYLOAD_MAX_SIZE);
@@ -119,10 +129,43 @@ static uint16_t crc16 (uint8_t* data, size_t size) {
   return crc;
 }
 
-static uint16_t get_date_now () {
+static mtsd_res get_date_now (uint32_t* out) {
   time_t t = time(NULL);
-  struct tm* local = localtime(&t);
-  uint16_t delta_y = local->tm_year + 1900 - MTSD_DATE_FROM;
-  uint16_t delta_d = (delta_y * 366) + (local->tm_yday + 1);
-  return delta_d;
+  if (t == (time_t)-1) {
+    mtsd_error(MTSD_ESELF, MTSD_ETIME, "cannot get system time");
+    return MTSD_ERR;
+  }
+  *out = (uint32_t)((uint64_t)t - MTSD_DATE_FROM);
+  return MTSD_OK;
+}
+
+static void derive_salt(const uint8_t* data, size_t data_size, const uint8_t* pass, size_t pass_len, uint8_t* salt) {
+#ifndef DEBUG
+  mtsd_header* header = (mtsd_header*)data;
+  salt[0] = (data_size >> (8*0)) & 0xFF;
+  salt[1] = (data_size >> (8*1)) & 0xFF;
+  salt[2] = (header->date >> (8*0)) & 0xFF;
+  salt[3] = (header->date >> (8*1)) & 0xFF;
+  salt[4] = (header->date >> (8*2)) & 0xFF;
+  salt[5] = (header->date >> (8*3)) & 0xFF;
+  salt[6] = header->random_bytes[0];
+  salt[7] = header->random_bytes[1];
+  salt[8] = header->random_bytes[2];
+  salt[9] = header->random_bytes[3];
+  salt[10] = (pass_len >> (8*0)) & 0xFF;
+  salt[11] = 0x42;
+  salt[12] = 0xf0;
+  salt[13] = 0xe1;
+  salt[14] = 0xeb;
+  salt[15] = 0xa9;
+
+  for (size_t pi = 0, si = 11; pi < pass_len && si < MTSD_SALT_SIZE; pi += 1, si += 1) {
+    salt[si] ^= pass[pi];
+  }
+#else
+  salt[0] = 0x0; salt[1] = 0x1; salt[2] = 0x2; salt[3] = 0x3;
+  salt[4] = 0x4; salt[5] = 0x5; salt[6] = 0x6; salt[7] = 0x7;
+  salt[8] = 0xF; salt[9] = 0xE; salt[10] = 0xD; salt[11] = 0xC;
+  salt[12] = 0xB; salt[13] = 0xA; salt[14] = 0x9; salt[15] = 0x8;
+#endif
 }

lib/encryption.c

@@ -4,31 +4,12 @@
 #include <argon2.h>
 #include <randombytes.h>
 
-#ifdef DEBUG
-#include <string.h>
-
-static uint8_t DEBUG_RND_BYTES[] = {
-  0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
-  0xF, 0xE, 0xD, 0xC, 0xB, 0xA, 0x9, 0x8,
-};
-#endif
-
-static mtsd_res derive_bytes(uint8_t* random_bytes, uint8_t* pwd, size_t pwd_size, uint8_t* out);
+static mtsd_res derive_bytes(uint8_t* salt, uint8_t* pwd, size_t pwd_size, uint8_t* out);
 
 mtsd_res mtsd_encrypt_payload(uint8_t* data, size_t data_size,
-                 uint8_t* pwd, size_t pwd_size, uint8_t* random_bytes) {
-#ifndef DEBUG
-  int err = randombytes(random_bytes, MTSD_RANDOM_BYTES);
-  if (err != 0) {
-    mtsd_error(MTSD_ERANDOMBYTES, err, NULL);
-    return MTSD_ERR;
-  }
-#else
-  memcpy(random_bytes, DEBUG_RND_BYTES, MTSD_RANDOM_BYTES);
-#endif
-
+                              uint8_t* pwd, size_t pwd_size, uint8_t* salt) {
   uint8_t derived_bytes[AES_KEYLEN + AES_BLOCKLEN];
-  MTSD_CHECK (derive_bytes(random_bytes, pwd, pwd_size, derived_bytes));
+  MTSD_CHECK (derive_bytes(salt, pwd, pwd_size, derived_bytes));
   uint8_t* key = derived_bytes;
   uint8_t* iv = derived_bytes + AES_KEYLEN;
 
@@ -39,9 +20,9 @@ mtsd_res mtsd_encrypt_payload(uint8_t* data, size_t data_size,
 }
 
 mtsd_res mtsd_decrypt_payload(uint8_t* data, size_t data_size,
-                 uint8_t* pwd, size_t pwd_size, uint8_t* random_bytes) {
+                              uint8_t* pwd, size_t pwd_size, uint8_t* salt) {
   uint8_t derived_bytes[AES_KEYLEN + AES_BLOCKLEN];
-  MTSD_CHECK (derive_bytes(random_bytes, pwd, pwd_size, derived_bytes));
+  MTSD_CHECK (derive_bytes(salt, pwd, pwd_size, derived_bytes));
   uint8_t* key = derived_bytes;
   uint8_t* iv = derived_bytes + AES_KEYLEN;
 
@@ -59,11 +40,11 @@ static void argon2_free (uint8_t *memory, size_t bytes_to_allocate) {
   mtsd_free(memory);
 }
 
-static mtsd_res derive_bytes(uint8_t* random_bytes, uint8_t* pwd, size_t pwd_size, uint8_t* out) {
+static mtsd_res derive_bytes(uint8_t* salt, uint8_t* pwd, size_t pwd_size, uint8_t* out) {
   struct Argon2_Context ctx = {
     .out = out, .outlen = (AES_KEYLEN + AES_BLOCKLEN),
     .pwd = pwd, .pwdlen = pwd_size,
-    .salt = random_bytes, .saltlen = MTSD_RANDOM_BYTES,
+    .salt = salt, .saltlen = MTSD_SALT_SIZE,
 
     .t_cost = 10,
     .m_cost = (1 << 15), // 32 MB
@@ -84,3 +65,12 @@ static mtsd_res derive_bytes(uint8_t* random_bytes, uint8_t* pwd, size_t pwd_siz
   }
   return MTSD_OK;
 }
+
+mtsd_res mtsd_random_bytes(uint8_t* out, size_t size) {
+  int err = randombytes(out, size);
+  if (err != 0) {
+    mtsd_error(MTSD_ERANDOMBYTES, err, NULL);
+    return MTSD_ERR;
+  }
+  return MTSD_OK;
+}

lib/private.h

@@ -1,8 +1,9 @@
 #include "mtsdata.h"
 
-#define MTSD_RANDOM_BYTES 16
+#define MTSD_RANDOM_BYTES 4
+#define MTSD_SALT_SIZE 16
 #define MTSD_PAYLOAD_MAX_SIZE 0xFFFF
-#define MTSD_DATE_FROM 1999
+#define MTSD_DATE_FROM 915148800 // 01/01/1999
 
 #define MTSD_CHECK(result)        if ((result) != MTSD_OK) {\
                                     return MTSD_ERR;\
@@ -48,10 +49,12 @@ mtsd_res mtsd_encrypt_payload(/* In Out */ uint8_t* data,
                               /* In */ size_t data_size,
                               /* In */ uint8_t* pwd,
                               /* In */ size_t pwd_size,
-                              /* Out */ uint8_t* random_bytes);
+                              /* In */ uint8_t* salt);
 
 mtsd_res mtsd_decrypt_payload(/* In Out */ uint8_t* data,
                               /* In */ size_t data_size,
                               /* In */ uint8_t* pwd,
                               /* In */ size_t pwd_size,
-                              /* In */ uint8_t* random_bytes);
+                              /* In */ uint8_t* salt);
+
+mtsd_res mtsd_random_bytes(uint8_t* out, size_t size);

test/payload.py

@@ -3,11 +3,12 @@
 from Crypto.Cipher import AES
 from hexdump import hexdump
 
+# pip install argon2-cffi pycryptodome hexdump
 # python test/payload.py && hexdump -C data.mtsd.bin --skip 21
 
 PASSWORD = b'pass'
 
-RANDOM_BYTES = bytes([
+SALT = bytes([
   0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7,
   0xF, 0xE, 0xD, 0xC, 0xB, 0xA, 0x9, 0x8,
   ])
@@ -33,7 +34,7 @@
 
 derived_bytes = argon2.low_level.hash_secret_raw(
   secret=PASSWORD,
-  salt=RANDOM_BYTES,
+  salt=SALT,
   time_cost=1,
   memory_cost=1<<12,
   parallelism=1,