From: Scott Worley Date: Mon, 23 Oct 2017 03:27:04 +0000 (-0700) Subject: Use salted hashes X-Git-Url: http://git.scottworley.com/overonion/commitdiff_plain/a4f749134de875d82a0ca5d8251968db429558d3?ds=inline Use salted hashes --- diff --git a/overonion b/overonion index c54048a..cb663fe 100755 --- a/overonion +++ b/overonion @@ -51,7 +51,14 @@ function go() { elif [[ "$operation" == reverse ]];then reverse elif [[ "$operation" == openssl-dgst ]];then - tee >(echo "$(sed -n "${layer}p" "$keyfile") $(openssl dgst -binary "-$(sed -rn "${layer}s/^[^ ]+ ([^ ]+).*/\\1/p" "$keyfile")" | base64 --wrap=0)" > "$hash_dir/$layer") + tee >(echo "$(sed -n "${layer}p" "$keyfile") $( + { + awk -vlayer="$layer" 'NR == layer { print $3 }' "$keyfile" | base64 -d + cat + awk -vlayer="$layer" 'NR == layer { print $4 }' "$keyfile" | base64 -d + } | + openssl dgst -binary "-$(sed -rn "${layer}s/^[^ ]+ ([^ ]+).*/\\1/p" "$keyfile")" | + base64 --wrap=0)" > "$hash_dir/$layer") else die "Unknown operation" fi | @@ -73,7 +80,7 @@ for hash_result in "$hash_dir"/*;do rmdir "$key_aside_dir" else # Verify the hashes - if [[ "$(awk '{ print $3 == $4 ? "hash ok" : "mismatch" }' "$hash_result")" != "hash ok" ]];then + if [[ "$(awk '{ print $5 == $6 ? "hash ok" : "mismatch" }' "$hash_result")" != "hash ok" ]];then die "Hash check $layer failed" fi fi diff --git a/overonion-make-key b/overonion-make-key index 0e588b2..0ff9776 100755 --- a/overonion-make-key +++ b/overonion-make-key @@ -1,6 +1,7 @@ #!/bin/bash key_size=99 +hash_salt_size=63 ciphers=( bf-cbc bf-cfb bf-ecb bf-ofb @@ -38,19 +39,20 @@ if [[ -e "$keyfile" ]];then exit 1 fi -keys_needed=$((${#ciphers[*]} * 2)) +keys_needed=$((${#ciphers[*]} * 2 + ${#hashes[*]} * 4)) keys_generated=0 function generate_keys() { while read -r cipher;do - echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed" >&2 + echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed " >&2 echo "openssl-enc $cipher $(head -c "$key_size" "$random_source" | base64 --wrap=0 )" done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; ) } function generate_hashes() { while read -r hash;do - echo "openssl-dgst $hash" + echo -n $'\r'"Generating salt $((keys_generated += 2))/$keys_needed" >&2 + echo "openssl-dgst $hash $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 ) $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 )" done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; ) }