Beispiel #1
0
void Address::encode_address(uint64_t version, uint64_t stream, const SecureVector& ripe)
{
    if(ripe.size() != 20)
        throw SizeException(__FILE__, __FUNCTION__, __LINE__, "The ripe length is not 20");

    SecureVector ripex;

    if(ripe[0] == 0x00 && ripe[1] == 0x00)
        std::copy(ripe.begin() + 2, ripe.end(), std::back_inserter(ripex));
    else if(ripe[0] == 0x00)
        std::copy(ripe.begin() + 1, ripe.end(), std::back_inserter(ripex));
    else ripex = ripe;

    SecureVector bm_addr = encode::varint(version);
    bm_addr += encode::varint(stream);
    bm_addr += ripex;

    SecureVector checksum = hash::sha512(hash::sha512(bm_addr));
    std::copy(checksum.begin(), checksum.begin() + 4, std::back_inserter(bm_addr));

    m_address = encode::base58(bm_addr);
}
int main()
   {
   Botan::LibraryInitializer init;

   AutoSeeded_RNG rng;

   std::string passphrase = "secret";

   std::ifstream infile("readme.txt");
   std::ofstream outfile("readme.txt.enc");

   PKCS5_PBKDF2 pbkdf2(new HMAC(new SHA_160));

   pbkdf2.set_iterations(4096);
   pbkdf2.new_random_salt(rng, 8);
   SecureVector<byte> the_salt = pbkdf2.current_salt();

   SecureVector<byte> master_key = pbkdf2.derive_key(48, passphrase).bits_of();

   KDF* kdf = get_kdf("KDF2(SHA-1)");

   SymmetricKey key = kdf->derive_key(20, master_key, "cipher key");
   SymmetricKey mac_key = kdf->derive_key(20, master_key, "hmac key");
   InitializationVector iv = kdf->derive_key(8, master_key, "cipher iv");

   Pipe pipe(new Fork(
                new Chain(
                   get_cipher("Blowfish/CBC/PKCS7", key, iv, ENCRYPTION),
                   new Base64_Encoder,
                   new DataSink_Stream(outfile)
                   ),
                new Chain(
                   new MAC_Filter("HMAC(SHA-1)", mac_key),
                   new Hex_Encoder)
                )
      );

   outfile.write((const char*)the_salt.begin(), the_salt.size());

   pipe.start_msg();
   infile >> pipe;
   pipe.end_msg();

   SecureVector<byte> hmac = pipe.read_all(1);
   outfile.write((const char*)hmac.begin(), hmac.size());
   }
int main()
   {
   Botan::LibraryInitializer init;

   try {

      X509_Certificate mycert("mycert.pem");
      X509_Certificate mycert2("mycert2.pem");
      X509_Certificate yourcert("yourcert.pem");
      X509_Certificate cacert("cacert.pem");
      X509_Certificate int_ca("int_ca.pem");

      AutoSeeded_RNG rng;

      X509_Store store;
      store.add_cert(mycert);
      store.add_cert(mycert2);
      store.add_cert(yourcert);
      store.add_cert(int_ca);
      store.add_cert(cacert, true);

      const std::string msg = "prioncorp: we don't toy\n";

      CMS_Encoder encoder(msg);

      encoder.compress("Zlib");
      encoder.digest();
      encoder.encrypt(rng, mycert);

      /*
      PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", rng, "cut");
      encoder.sign(store, *mykey);
      */

      SecureVector<byte> raw = encoder.get_contents();
      std::ofstream out("out.der");

      out.write((const char*)raw.begin(), raw.size());
   }
   catch(std::exception& e)
      {
      std::cerr << e.what() << std::endl;
      }
   return 0;
   }
QByteArray SshAbstractCryptoFacility::generateHash(const SshKeyExchange &kex,
    char c, quint32 length)
{
    const QByteArray &k = kex.k();
    const QByteArray &h = kex.h();
    QByteArray data(k);
    data.append(h).append(c).append(m_sessionId);
    SecureVector<byte> key
        = kex.hash()->process(convertByteArray(data), data.size());
    while (key.size() < length) {
        SecureVector<byte> tmpKey;
        tmpKey += SecureVector<byte>(convertByteArray(k), k.size());
        tmpKey += SecureVector<byte>(convertByteArray(h), h.size());
        tmpKey += key;
        key += kex.hash()->process(tmpKey);
    }
    return QByteArray(reinterpret_cast<const char *>(key.begin()), length);
}
bool password_hash_ok(const std::string& pass, const std::string& hash)
   {
   Pipe pipe(new Base64_Decoder);
   pipe.start_msg();
   pipe.write(hash);
   pipe.end_msg();

   SecureVector<byte> hash_bin = pipe.read_all();

   PKCS5_PBKDF2 kdf(new HMAC(new SHA_160));

   kdf.set_iterations(10000);
   kdf.change_salt(hash_bin, 6);

   SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of();

   return same_mem(cmp.begin(), hash_bin.begin() + 6, 12);
   }
Beispiel #6
0
void ne7ssh_string::bn2vector(Botan::SecureVector<Botan::byte>& result, const Botan::BigInt& bi)
{
    int high;
    Botan::byte zero = '\0';

    SecureVector<Botan::byte> strVector = BigInt::encode(bi);

    high = (*(strVector.begin()) & 0x80) ? 1 : 0;

    if (high)
    {
        result = SecureVector<Botan::byte>(&zero, 1);
    }
    else
    {
        result.clear();
    }
    result += strVector;
}
bool ne7ssh_keys::getKeyPairFromFile (const char* privKeyFileName)
{
  ne7ssh_string privKeyStr;
  char* buffer;
  uint32 pos, i, length;

  if (!privKeyStr.addFile (privKeyFileName))
  {
    ne7ssh::errors()->push (-1, "Cannot read PEM file: '%s'. Permission issues?", privKeyFileName);
    return false;
  }

  buffer = (char*) malloc (privKeyStr.length() + 1);
  memcpy (buffer, (const char*)privKeyStr.value().begin(), privKeyStr.length());
  buffer[privKeyStr.length()] = 0x0;

  length = privKeyStr.length();

  for (i = pos = 0; i < privKeyStr.length(); i++)
  {
    if (isspace(buffer[i]))
    {
      while (i < privKeyStr.length() && isspace (buffer[i]))
      {
        if (buffer[pos] != '\n')
          buffer[pos] = buffer[i];
        if (++i >= privKeyStr.length()) break;
      }
      i--;
      pos++;
      continue;
    }
    buffer[pos] = buffer[i];
    pos++;
  }
  buffer[pos] = 0x00;
  length = pos;

  if ((memcmp (buffer, "-----BEGIN", 10)) ||
     (memcmp (buffer + length - 17, "PRIVATE KEY-----", 16)))
  {
    ne7ssh::errors()->push (-1, "Encountered unknown PEM file format. Perhaps not an SSH private key file: '%s'.", privKeyFileName);
    free (buffer);
    return false;
  }

  if (!memcmp (buffer, "-----BEGIN RSA PRIVATE KEY-----", 31))
    this->keyAlgo = ne7ssh_keys::RSA;
  else if (!memcmp (buffer, "-----BEGIN DSA PRIVATE KEY-----", 31))
    this->keyAlgo = ne7ssh_keys::DSA;
  else
  {
    ne7ssh::errors()->push (-1, "Encountered unknown PEM file format. Perhaps not an SSH private key file: '%s'.", privKeyFileName);
    free (buffer);
    return false;
  }

  SecureVector<Botan::byte> keyVector ((Botan::byte*)buffer, length);
  free (buffer);
  switch (this->keyAlgo)
  {
    case DSA:
      if (!getDSAKeys ((char*)keyVector.begin(), keyVector.size()))
        return false;
      break;

    case RSA:
      if (!getRSAKeys ((char*)keyVector.begin(), keyVector.size()))
        return false;
      break;
  }

  return true;

}