// passphrase must be at most 256 characters or code may crash
void CMnemonic::ToSeed(SecureString mnemonic, SecureString passphrase, SecureVector& seedRet)
{
SecureString ssSalt = SecureString("mnemonic") + passphrase;
SecureVector vchSalt(ssSalt.begin(), ssSalt.end());
seedRet.resize(64);
// int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
// const unsigned char *salt, int saltlen, int iter,
// const EVP_MD *digest,
// int keylen, unsigned char *out);
PKCS5_PBKDF2_HMAC(mnemonic.c_str(), mnemonic.size(), &vchSalt[0], vchSalt.size(), 2048, EVP_sha512(), 64, &seedRet[0]);
}
/*
* Split up and process handshake messages
*/
void TLS_Server::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE)
{
if(!state)
state = new Handshake_State;
state->queue.write(&rec_buf[0], rec_buf.size());
}
while(true)
{
Handshake_Type type = HANDSHAKE_NONE;
SecureVector<byte> contents;
if(rec_type == HANDSHAKE)
{
if(state->queue.size() >= 4)
{
byte head[4] = { 0 };
state->queue.peek(head, 4);
const size_t length = make_u32bit(0, head[1], head[2], head[3]);
if(state->queue.size() >= length + 4)
{
type = static_cast<Handshake_Type>(head[0]);
contents.resize(length);
state->queue.read(head, 4);
state->queue.read(&contents[0], contents.size());
}
}
}
else if(rec_type == CHANGE_CIPHER_SPEC)
{
if(state->queue.size() == 0 && rec_buf.size() == 1 && rec_buf[0] == 1)
type = HANDSHAKE_CCS;
else
throw Decoding_Error("Malformed ChangeCipherSpec message");
}
else
throw Decoding_Error("Unknown message type in handshake processing");
if(type == HANDSHAKE_NONE)
break;
process_handshake_msg(type, contents);
if(type == HANDSHAKE_CCS || !state)
break;
}
}
/*!
Encrypts \a data using \a password as the passphrase.
\param data The data to encrypt.
\param password The passphrase used to encrypt \a data.
\param compressionLevel The level of compression to use on \a data. See Database::compression.
\param error If this parameter is non-\c NULL, it will be set to DatabaseCrypto::NoError if the
encryption process succeeded, or one of the other DatabaseCrypto::CryptoStatus enumeration
constants if an error occurred.
\param extendedErrorInformation If this parameter is non-\c NULL, it will be set to a string
containing detailed information about any errors that occurred.
\return The encrypted data encoded in base 64, or an empty string if an error occurred.
*/
QString DatabaseCrypto::encrypt(const QString &data, const QString &password, int compressionLevel, CryptoStatus *error, QString *extendedErrorInformation)
{
const std::string algo = ALGO;
const QString header = HEADER;
Botan::LibraryInitializer init;
Q_UNUSED(init);
if (error)
{
*error = NoError;
}
std::string passphrase = password.toStdString();
// Holds the output data
QString out;
try
{
const BlockCipher* cipher_proto = global_state().algorithm_factory().prototype_block_cipher(algo);
const u32bit key_len = cipher_proto->maximum_keylength();
const u32bit iv_len = cipher_proto->block_size(); // TODO: AES block size is always 128 bit, verify this
const bool compressed = compressionLevel != 0;
const u32bit iterations = 8192;
AutoSeeded_RNG rng;
SecureVector<Botan::byte> salt(8);
rng.randomize(&salt[0], salt.size());
std::auto_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-1)"));
SymmetricKey bc_key = pbkdf->derive_key(key_len, "BLK" + passphrase, &salt[0], salt.size(), iterations);
InitializationVector iv = pbkdf->derive_key(iv_len, "IVL" + passphrase, &salt[0], salt.size(), iterations);
SymmetricKey mac_key = pbkdf->derive_key(16, "MAC" + passphrase, &salt[0], salt.size(), iterations);
// Write the standard file header and the salt encoded in base64
out += QString("%1 %2 %3\n").arg(header).arg(Database::version())
.arg(compressed ? COMPRESSED : UNCOMPRESSED);
out += QString::fromStdString(b64_encode(salt)) + "\n";
Pipe pipe(
new Fork(
new Chain(
new MAC_Filter("HMAC(SHA-1)", mac_key),
new Base64_Encoder),
new Chain(
get_cipher(algo + "/CBC/PKCS7", bc_key, iv, ENCRYPTION),
new Base64_Encoder(true))));
// Write our input data to the pipe to process it - if compressionLevel = 0,
// nothing will be compressed
pipe.start_msg();
QByteArray qCompressedData = qCompress(data.toUtf8(), compressionLevel);
SecureVector<Botan::byte> rawCompressedData;
rawCompressedData.resize(qCompressedData.length());
for (int i = 0; i < qCompressedData.length(); i++)
{
rawCompressedData[i] = qCompressedData[i];
}
pipe.write(rawCompressedData);
pipe.end_msg();
// Get the encrypted data back from the pipe and write it to our output variable
out += QString::fromStdString(pipe.read_all_as_string(0)) + "\n";
out += QString::fromStdString(pipe.read_all_as_string(1));
return out;
}
catch (Algorithm_Not_Found &e)
{
if (extendedErrorInformation)
{
*extendedErrorInformation = QString(e.what());
}
if (error)
{
*error = UnknownError;
}
}
catch (std::exception &e)
{
if (extendedErrorInformation)
{
*extendedErrorInformation = QString(e.what());
}
if (error)
{
*error = UnknownError;
}
}
return QString();
}
void SetUpBase()
{
initial_string_.resize(text_to_encrypt_.size());
initial_string_.copy(reinterpret_cast<const byte*>(text_to_encrypt_.c_str()), text_to_encrypt_.size());
}
