Add check for password lens

This commit is contained in:
ATuinDev 2018-02-03 21:05:56 +01:00
parent 5c419b3117
commit 510c8f6430
No known key found for this signature in database
GPG Key ID: 30B13E03CCAB58B7
2 changed files with 36 additions and 5 deletions

View File

@ -84,7 +84,7 @@ int main(int argc, char *argv[])
int ic=0; // iterative count
int result_len;
unsigned char *result; // result (binary - 32+16 chars)
int i;
int i, j;
if ( argc != 4 ) {
fprintf(stderr, "usage: %s salt count len <passwd >binary_key_iv\n", argv[0]);
@ -111,19 +111,24 @@ int main(int argc, char *argv[])
/* Read password char by char.
*
* Doing in this way we make sure that blanks (even null bytes) end up
* in the password
* in the password.
*
* passwords containing just a bunch of spaces are valid
*/
int j = 0;
while (j < (BUFFER_SIZE + 1)) {
char c = getchar();
if (c == EOF) break;
pass[j] = c;
j++;
}
if (j == BUFFER_SIZE + 1) {
if (j >= BUFFER_SIZE + 1) {
fprintf(stderr, "Error: password is too long\n");
exit(1);
}
if (j <= 1) {
fprintf(stderr, "Error: password is empty\n");
exit(1);
}
pass[j-1] = '\0';
// PBKDF 2

View File

@ -42,8 +42,34 @@ check_white_spaces() {
done
}
check_password_len() {
hexsalt="73616c74"
iter=4096
keylen=20
./tomb-kdb-pbkdf2 $hexsalt $iter $keylen 2>/dev/null <<<"" && {
echo "Empty passwords are accepted"
error=$((error + 1))
}
boundpassword=`perl -e 'print "a"x1023'`
./tomb-kdb-pbkdf2 $hexsalt $iter $keylen &>/dev/null <<<"$boundpassword" || {
echo "Passwords bound to limit are not accepted"
error=$((error + 1))
}
bigpassword=`perl -e 'print "a"x1024'`
./tomb-kdb-pbkdf2 $hexsalt $iter $keylen &>/dev/null <<<"$bigpassword" && {
echo "Passwords overriding buffer are accepted"
error=$((error + 1))
}
bigpassword=`perl -e 'print "a"x1025'`
./tomb-kdb-pbkdf2 $hexsalt $iter $keylen &>/dev/null <<<"$bigpassword" && {
echo "Passwords overriding buffer are accepted"
error=$((error + 1))
}
}
check_kdf
check_white_spaces
check_password_len
if [[ $error == 1 ]]; then
exit $error