#!/usr/bin/env perl
##
## Author......: See docs/credits.txt
## License.....: MIT
##
use strict;
use warnings;
use Crypt::PBKDF2;
use Digest::SHA qw (sha1);
use Crypt::CBC;
use Encode;
sub module_constraints { [[0, 256], [128, 128], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $iter = shift // 10000;
my $ct = shift;
my $pbkdf2 = Crypt::PBKDF2->new
(
hasher => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA1'),
iterations => $iter,
output_len => 48
);
my $salt_bin = pack ("H*", $salt);
my $word_utf16le = encode ("UTF-16LE", $word);
my $pbkdf2key = $pbkdf2->PBKDF2 ($salt_bin, $word_utf16le);
my $key = substr ($pbkdf2key, 0, 32);
my $iv = substr ($pbkdf2key, 32, 16);
my $pt;
if (defined $ct)
{
my $aes_cbc = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
iv => $iv,
key => $key,
keysize => 32,
literal_key => 1,
header => "none",
padding => "none"
});
my $ct_bin = pack ("H*", $ct);
$pt = $aes_cbc->decrypt ($ct_bin);
if (substr ($pt, 4, 12) ne "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c")
{
$pt = "\xff" x 16;
}
}
else
{
$pt = "\x30\x30\x30\x30\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c";
}
my $aes_cbc = Crypt::CBC->new ({
cipher => "Crypt::Rijndael",
iv => $iv,
key => $key,
keysize => 32,
literal_key => 1,
header => "none",
padding => "none"
});
my $ct_bin = $aes_cbc->encrypt ($pt);
my $hash = sprintf ('$vbk$*%s*%d*%s', unpack ("H*", $salt_bin), $iter, unpack ("H*", $ct_bin));
return $hash;
}
sub module_verify_hash
{
my $line = shift;
my $idx = index ($line, ':');
return unless $idx >= 0;
my $hash = substr ($line, 0, $idx);
my $word = substr ($line, $idx + 1);
return unless substr ($hash, 0, 5) eq '$vbk$';
my ($signature, $salt, $iter, $ct) = split '\*', $hash;
return unless defined $signature;
return unless defined $salt;
return unless defined $iter;
return unless defined $ct;
my $word_packed = pack_if_HEX_notation ($word);
my $new_hash = module_generate_hash ($word_packed, $salt, $iter, $ct);
return ($new_hash, $word);
}
1;