diff --git a/RNCryptor.xcodeproj/project.pbxproj b/RNCryptor.xcodeproj/project.pbxproj index 63db888c..8bd3848c 100644 --- a/RNCryptor.xcodeproj/project.pbxproj +++ b/RNCryptor.xcodeproj/project.pbxproj @@ -17,6 +17,13 @@ AB13429515E0FC4600456914 /* RNCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = FB75651B1512D3E9007B806B /* RNCryptor.m */; }; AB13429715E0FC4E00456914 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AB13429615E0FC4E00456914 /* Security.framework */; }; AB13429915E0FD1D00456914 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AB13429815E0FD1D00456914 /* Foundation.framework */; }; + FB6AC68D16F6704200CA0C0A /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FB7564F31512D3C4007B806B /* Foundation.framework */; }; + FB6AC69016F6704200CA0C0A /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = FB6AC68F16F6704200CA0C0A /* main.m */; }; + FB6AC69D16F672F700CA0C0A /* RNCryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = FB75651B1512D3E9007B806B /* RNCryptor.m */; }; + FB6AC69E16F672F700CA0C0A /* RNDecryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = FB7565241512D9BE007B8078 /* RNDecryptor.m */; }; + FB6AC69F16F672F700CA0C0A /* RNEncryptor.m in Sources */ = {isa = PBXBuildFile; fileRef = FB7565241512D9BE007B8074 /* RNEncryptor.m */; }; + FB6AC6A016F672F700CA0C0A /* RNCryptorEngine.m in Sources */ = {isa = PBXBuildFile; fileRef = FB7565241512D9BE007B807C /* RNCryptorEngine.m */; }; + FB6AC6A116F6730100CA0C0A /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AB13429615E0FC4E00456914 /* Security.framework */; }; FB6CB6D7158FD093001F6D61 /* test.enc in Resources */ = {isa = PBXBuildFile; fileRef = FB6CB6D6158FD093001F6D61 /* test.enc */; }; FB7564F41512D3C4007B806B /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FB7564F31512D3C4007B806B /* Foundation.framework */; }; FB7565021512D3C4007B806B /* SenTestingKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FB7565011512D3C4007B806B /* SenTestingKit.framework */; }; @@ -57,6 +64,15 @@ /* End PBXContainerItemProxy section */ /* Begin PBXCopyFilesBuildPhase section */ + FB6AC68A16F6704100CA0C0A /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; FBF7D58A167E5031004B6F0F /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 12; @@ -79,6 +95,9 @@ AB13428715E0FC2300456914 /* RNCryptor OS X-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "RNCryptor OS X-Prefix.pch"; sourceTree = ""; }; AB13429615E0FC4E00456914 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/Security.framework; sourceTree = DEVELOPER_DIR; }; AB13429815E0FD1D00456914 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.7.sdk/System/Library/Frameworks/Foundation.framework; sourceTree = DEVELOPER_DIR; }; + FB6AC68C16F6704100CA0C0A /* rncrypt */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = rncrypt; sourceTree = BUILT_PRODUCTS_DIR; }; + FB6AC68F16F6704200CA0C0A /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; + FB6AC69216F6704200CA0C0A /* rncrypt-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "rncrypt-Prefix.pch"; sourceTree = ""; }; FB6CB6D6158FD093001F6D61 /* test.enc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = test.enc; sourceTree = ""; }; FB7564F01512D3C4007B806B /* libRNCryptor.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libRNCryptor.a; sourceTree = BUILT_PRODUCTS_DIR; }; FB7564F31512D3C4007B806B /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; @@ -122,6 +141,15 @@ ); runOnlyForDeploymentPostprocessing = 0; }; + FB6AC68916F6704100CA0C0A /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + FB6AC6A116F6730100CA0C0A /* Security.framework in Frameworks */, + FB6AC68D16F6704200CA0C0A /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; FB7564ED1512D3C4007B806B /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; @@ -181,6 +209,23 @@ name = "Supporting Files"; sourceTree = ""; }; + FB6AC68E16F6704200CA0C0A /* rncrypt */ = { + isa = PBXGroup; + children = ( + FB6AC68F16F6704200CA0C0A /* main.m */, + FB6AC69116F6704200CA0C0A /* Supporting Files */, + ); + path = rncrypt; + sourceTree = ""; + }; + FB6AC69116F6704200CA0C0A /* Supporting Files */ = { + isa = PBXGroup; + children = ( + FB6AC69216F6704200CA0C0A /* rncrypt-Prefix.pch */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; FB7564E51512D3C4007B806B = { isa = PBXGroup; children = ( @@ -191,6 +236,7 @@ FB7565091512D3C4007B806B /* RNCryptorTests */, AB13428115E0FC2300456914 /* RNCryptor OS X */, FBF7D58F167E5031004B6F0F /* RNCryptorVectors */, + FB6AC68E16F6704200CA0C0A /* rncrypt */, FB7564F21512D3C4007B806B /* Frameworks */, FB7564F11512D3C4007B806B /* Products */, ); @@ -203,6 +249,7 @@ FB7565001512D3C4007B806B /* RNCryptorTests.octest */, AB13427A15E0FC2300456914 /* RNCryptor.framework */, FBF7D58C167E5031004B6F0F /* RNCryptorVectors */, + FB6AC68C16F6704100CA0C0A /* rncrypt */, ); name = Products; sourceTree = ""; @@ -333,6 +380,23 @@ productReference = AB13427A15E0FC2300456914 /* RNCryptor.framework */; productType = "com.apple.product-type.framework"; }; + FB6AC68B16F6704100CA0C0A /* rncrypt */ = { + isa = PBXNativeTarget; + buildConfigurationList = FB6AC69716F6704200CA0C0A /* Build configuration list for PBXNativeTarget "rncrypt" */; + buildPhases = ( + FB6AC68816F6704100CA0C0A /* Sources */, + FB6AC68916F6704100CA0C0A /* Frameworks */, + FB6AC68A16F6704100CA0C0A /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = rncrypt; + productName = rncrypt; + productReference = FB6AC68C16F6704100CA0C0A /* rncrypt */; + productType = "com.apple.product-type.tool"; + }; FB7564EF1512D3C4007B806B /* RNCryptor */ = { isa = PBXNativeTarget; buildConfigurationList = FB7565141512D3C5007B806B /* Build configuration list for PBXNativeTarget "RNCryptor" */; @@ -412,6 +476,7 @@ AB13427915E0FC2300456914 /* RNCryptor OS X */, FB7564FF1512D3C4007B806B /* RNCryptorTests */, FBF7D58B167E5031004B6F0F /* RNCryptorVectors */, + FB6AC68B16F6704100CA0C0A /* rncrypt */, ); }; /* End PBXProject section */ @@ -467,6 +532,18 @@ ); runOnlyForDeploymentPostprocessing = 0; }; + FB6AC68816F6704100CA0C0A /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + FB6AC69D16F672F700CA0C0A /* RNCryptor.m in Sources */, + FB6AC69E16F672F700CA0C0A /* RNDecryptor.m in Sources */, + FB6AC69F16F672F700CA0C0A /* RNEncryptor.m in Sources */, + FB6AC6A016F672F700CA0C0A /* RNCryptorEngine.m in Sources */, + FB6AC69016F6704200CA0C0A /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; FB7564EC1512D3C4007B806B /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; @@ -581,6 +658,50 @@ }; name = Release; }; + FB6AC69516F6704200CA0C0A /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ARCHS = "$(ARCHS_STANDARD_64_BIT)"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_ENABLE_OBJC_EXCEPTIONS = YES; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "rncrypt/rncrypt-Prefix.pch"; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + MACOSX_DEPLOYMENT_TARGET = 10.8; + ONLY_ACTIVE_ARCH = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = macosx; + }; + name = Debug; + }; + FB6AC69616F6704200CA0C0A /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ARCHS = "$(ARCHS_STANDARD_64_BIT)"; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + GCC_ENABLE_OBJC_EXCEPTIONS = YES; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "rncrypt/rncrypt-Prefix.pch"; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + MACOSX_DEPLOYMENT_TARGET = 10.8; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = macosx; + }; + name = Release; + }; FB7565121512D3C5007B806B /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { @@ -735,6 +856,14 @@ defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; + FB6AC69716F6704200CA0C0A /* Build configuration list for PBXNativeTarget "rncrypt" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + FB6AC69516F6704200CA0C0A /* Debug */, + FB6AC69616F6704200CA0C0A /* Release */, + ); + defaultConfigurationIsVisible = 0; + }; FB7564EA1512D3C4007B806B /* Build configuration list for PBXProject "RNCryptor" */ = { isa = XCConfigurationList; buildConfigurations = ( diff --git a/python/RNCryptor.py b/python/RNCryptor.py index cae74e96..bb15dfe9 100755 --- a/python/RNCryptor.py +++ b/python/RNCryptor.py @@ -1,33 +1,61 @@ #!/usr/bin/python -from Crypto.Cipher import AES -from Crypto import Random + +import Crypto.Hash.SHA +import Crypto.Hash.SHA256 +import Crypto.Random +import Crypto.Protocol.KDF +import Crypto.Cipher.AES +import Crypto.Hash.HMAC import StringIO -from pkcs7 import PKCS7Encoder class RNCryptor: """Cryptor for RNCryptor""" - def __init__(self, settings): - self.settings = settings - - def encrypt(self, message, key, hmac_key): + + salt_size = 8 + key_length = 32 + iterations = 10000 + HMAC_hash_algo = Crypto.Hash.SHA256 + block_size = Crypto.Cipher.AES.block_size + mode = Crypto.Cipher.AES.MODE_CBC + + def encrypt(self, message, password): + random = Crypto.Random.new() + + encryption_salt = random.read(self.salt_size) + encryption_key = Crypto.Protocol.KDF.PBKDF2(password, encryption_salt, self.key_length, self.iterations) + + hmac_salt = random.read(self.salt_size) + hmac_key = Crypto.Protocol.KDF.PBKDF2(password, hmac_salt, self.key_length, self.iterations) + + iv = random.read(self.block_size) + cipher = Crypto.Cipher.AES.new(encryption_key, self.mode, iv) + + ciphertext = cipher.encrypt(self.pad(message)) + output = StringIO.StringIO() - output.write(1) # Version 1 - output.write(0) # No options - iv = Random.new().read(AES.block_size) - cipher = AES.new(key, AES.MODE_CBC, iv) - encoder = PKCS7Encoder() + output.write(chr(2)) # Version 2 + output.write(chr(1)) # Password + output.write(encryption_salt) + output.write(hmac_salt) output.write(iv) - output.write(cipher.encrypt(encoder.encode(message))) + output.write(ciphertext) + + hmac = Crypto.Hash.HMAC.new(hmac_key, output.getvalue(), self.HMAC_hash_algo) + + output.write(hmac.digest()) + return output.getvalue() + def pad(self, data): + block_size = self.block_size + return data + (block_size - len(data) % block_size) * chr(block_size - len(data) % block_size) def main(): plaintext = b"Attack at dawn" - key = '000102030405060708090a0b0c0d0e0f'.decode("hex") - hmac_key = '0f0e0d0c0b0a09080706050403020100'.decode("hex") - cipher = RNCryptor("") - ciphertext = cipher.encrypt(plaintext, key, hmac_key) - print ''.join('%02x' % ord(byte) for byte in ciphertext) + password = b"mypassword" + + message = RNCryptor().encrypt(plaintext, password) + print ''.join('%02x' % ord(byte) for byte in message) if __name__ == '__main__': main() diff --git a/rncrypt/main.m b/rncrypt/main.m new file mode 100644 index 00000000..68a6e75c --- /dev/null +++ b/rncrypt/main.m @@ -0,0 +1,94 @@ +// +// main.m +// rncrypt +// +// Created by Rob Napier on 3/17/13. +// Copyright (c) 2013 Rob Napier. All rights reserved. +// + +#import +#import "RNEncryptor.h" +#import "RNDecryptor.h" +#import + +NSData *GetDataForHex(NSString *hex) +{ + NSString *hexNoSpaces = [hex stringByReplacingOccurrencesOfString:@" " withString:@""]; + + NSMutableData *data = [[NSMutableData alloc] init]; + unsigned char whole_byte = 0; + char byte_chars[3] = {'\0','\0','\0'}; + int i; + for (i=0; i < [hexNoSpaces length] / 2; i++) { + byte_chars[0] = [hexNoSpaces characterAtIndex:i*2]; + byte_chars[1] = [hexNoSpaces characterAtIndex:i*2+1]; + whole_byte = strtol(byte_chars, NULL, 16); + [data appendBytes:&whole_byte length:1]; + } + return data; +} + +void usage() { + printf("Not like that\n"); + exit(2); +} + +int main(int argc, char * const argv[]) +{ + @autoreleasepool { + + int decrypt_flag; + NSString *password = nil; + NSString *message = nil; + + char ch; + + /* options descriptor */ + struct option longopts[] = { + { "decrypt", no_argument, &decrypt_flag, 1 }, + { "password", required_argument, NULL, 'p' }, + { NULL, 0, NULL, 0 } + }; + + while ((ch = getopt_long(argc, argv, "dp:P", longopts, NULL)) != -1) + switch (ch) { + case 'd': + decrypt_flag = 1; + break; + case 'p': + password = [NSString stringWithUTF8String:optarg]; + break; + default: + usage(); + } + argc -= optind; + argv += optind; + + if (argc != 1) { + usage(); + } + + message = [NSString stringWithUTF8String:argv[0]]; + + NSError *error; + if (decrypt_flag) { + NSData *decryptedData = [RNDecryptor decryptData:GetDataForHex(message) + withPassword:password + error:&error]; + if (error) { + NSLog(@"Failed: %@", error); + exit(1); + } + else { + NSString *string = [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding]; + if (string) { + printf("%s\n", [string UTF8String]); + } + else { + printf("%s\n", [[decryptedData description] UTF8String]); + } + } + } + return 0; + } +} \ No newline at end of file diff --git a/rncrypt/rncrypt-Prefix.pch b/rncrypt/rncrypt-Prefix.pch new file mode 100644 index 00000000..c1e1b240 --- /dev/null +++ b/rncrypt/rncrypt-Prefix.pch @@ -0,0 +1,7 @@ +// +// Prefix header for all source files of the 'rncrypt' target in the 'rncrypt' project +// + +#ifdef __OBJC__ + #import +#endif