Beispiel #1
0
bytes Secp256k1PP::eciesKDF(Secret const& _z, bytes _s1, unsigned kdByteLen)
{
	auto reps = ((kdByteLen + 7) * 8) / (CryptoPP::SHA256::BLOCKSIZE * 8);
	// SEC/ISO/Shoup specify counter size SHOULD be equivalent
	// to size of hash output, however, it also notes that
	// the 4 bytes is okay. NIST specifies 4 bytes.
	bytes ctr({0, 0, 0, 1});
	bytes k;
	CryptoPP::SHA256 ctx;
	for (unsigned i = 0; i <= reps; i++)
	{
		ctx.Update(ctr.data(), ctr.size());
		ctx.Update(_z.data(), Secret::size);
		ctx.Update(_s1.data(), _s1.size());
		// append hash to k
		bytes digest(32);
		ctx.Final(digest.data());
		ctx.Restart();
		
		k.reserve(k.size() + h256::size);
		move(digest.begin(), digest.end(), back_inserter(k));
		
		if (++ctr[3] || ++ctr[2] || ++ctr[1] || ++ctr[0])
			continue;
	}
	
	k.resize(kdByteLen);
	return k;
}
Beispiel #2
0
void Secp256k1PP::encryptECIES(Public const& _k, bytesConstRef _sharedMacData, bytes& io_cipher)
{
	// interop w/go ecies implementation
	auto r = KeyPair::create();
	Secret z;
	ecdh::agree(r.sec(), _k, z);
	auto key = eciesKDF(z, bytes(), 32);
	bytesConstRef eKey = bytesConstRef(&key).cropped(0, 16);
	bytesRef mKeyMaterial = bytesRef(&key).cropped(16, 16);
	CryptoPP::SHA256 ctx;
	ctx.Update(mKeyMaterial.data(), mKeyMaterial.size());
	bytes mKey(32);
	ctx.Final(mKey.data());
	
	bytes cipherText = encryptSymNoAuth(SecureFixedHash<16>(eKey), h128(), bytesConstRef(&io_cipher));
	if (cipherText.empty())
		return;

	bytes msg(1 + Public::size + h128::size + cipherText.size() + 32);
	msg[0] = 0x04;
	r.pub().ref().copyTo(bytesRef(&msg).cropped(1, Public::size));
	bytesRef msgCipherRef = bytesRef(&msg).cropped(1 + Public::size + h128::size, cipherText.size());
	bytesConstRef(&cipherText).copyTo(msgCipherRef);
	
	// tag message
	CryptoPP::HMAC<SHA256> hmacctx(mKey.data(), mKey.size());
	bytesConstRef cipherWithIV = bytesRef(&msg).cropped(1 + Public::size, h128::size + cipherText.size());
	hmacctx.Update(cipherWithIV.data(), cipherWithIV.size());
	hmacctx.Update(_sharedMacData.data(), _sharedMacData.size());
	hmacctx.Final(msg.data() + 1 + Public::size + cipherWithIV.size());
	
	io_cipher.resize(msg.size());
	io_cipher.swap(msg);
}
Beispiel #3
0
	void CEncrypt::CreateOwnerKey()
	{
        CryptoPP::RandomPool prng;

        CryptoPP::SecByteBlock salt(16);
        CryptoPP::OS_GenerateRandomBlock(false, salt, salt.size());
        prng.IncorporateEntropy(salt, salt.size());

        memcpy(m_anOwnerKey + 32, salt.data(), salt.size());

        CryptoPP::SHA256 hash;

        hash.Update( (unsigned char*) impl->m_sOwnerPassword.c_str(), impl->m_sOwnerPassword.length());
        hash.Update( m_anOwnerKey + 32, 8);
        hash.Update( m_anUserKey, 48);

        CryptoPP::SecByteBlock pHashData(hash.DigestSize());
        hash.Final(pHashData);

        if (MakeFileKey3(impl->m_sOwnerPassword, pHashData.data(), pHashData.size(), m_anUserKey, 48))
        {
            memcpy(m_anOwnerKey, pHashData.data(), pHashData.size());

            hash.Update( (unsigned char*) impl->m_sOwnerPassword.c_str(), impl->m_sOwnerPassword.length());
            hash.Update( m_anOwnerKey + 40, 8);
            hash.Update( m_anUserKey, 48);

            CryptoPP::SecByteBlock pHashKeyData(hash.DigestSize());
            hash.Final(pHashKeyData);

            MakeFileKey3(impl->m_sOwnerPassword, pHashKeyData.data(), pHashKeyData.size(), m_anUserKey, 48);
            unsigned char empty[16] = {};

            CryptoPP::AES::Encryption aesEncryption(pHashKeyData.data(), pHashKeyData.size());
            CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption( aesEncryption, empty);

            CryptoPP::StreamTransformationFilter stfEncryption(cbcEncryption, new CryptoPP::ArraySink( m_anOwnerEncryptKey, 32), CryptoPP::StreamTransformationFilter::NO_PADDING );
            stfEncryption.Put2(impl->m_anEncryptionKey, 32, 1, true);
            stfEncryption.MessageEnd();
        }
	}
bool Secp256k1PP::decryptECIES(Secret const& _k, bytesConstRef _sharedMacData, bytes& io_text)
{

	// interop w/go ecies implementation
	
	// io_cipher[0] must be 2, 3, or 4, else invalidpublickey
	if (io_text.empty() || io_text[0] < 2 || io_text[0] > 4)
		// invalid message: publickey
		return false;
	
	if (io_text.size() < (1 + Public::size + h128::size + 1 + h256::size))
		// invalid message: length
		return false;

	Secret z;
	if (!ecdh::agree(_k, *(Public*)(io_text.data() + 1), z))
		return false;  // Invalid pubkey or seckey.
	auto key = ecies::kdf(z, bytes(), 64);
	bytesConstRef eKey = bytesConstRef(&key).cropped(0, 16);
	bytesRef mKeyMaterial = bytesRef(&key).cropped(16, 16);
	bytes mKey(32);
	CryptoPP::SHA256 ctx;
	ctx.Update(mKeyMaterial.data(), mKeyMaterial.size());
	ctx.Final(mKey.data());
	
	bytes plain;
	size_t cipherLen = io_text.size() - 1 - Public::size - h128::size - h256::size;
	bytesConstRef cipherWithIV(io_text.data() + 1 + Public::size, h128::size + cipherLen);
	bytesConstRef cipherIV = cipherWithIV.cropped(0, h128::size);
	bytesConstRef cipherNoIV = cipherWithIV.cropped(h128::size, cipherLen);
	bytesConstRef msgMac(cipherNoIV.data() + cipherLen, h256::size);
	h128 iv(cipherIV.toBytes());
	
	// verify tag
	CryptoPP::HMAC<CryptoPP::SHA256> hmacctx(mKey.data(), mKey.size());
	hmacctx.Update(cipherWithIV.data(), cipherWithIV.size());
	hmacctx.Update(_sharedMacData.data(), _sharedMacData.size());
	h256 mac;
	hmacctx.Final(mac.data());
	for (unsigned i = 0; i < h256::size; i++)
		if (mac[i] != msgMac[i])
			return false;
	
	plain = decryptSymNoAuth(SecureFixedHash<16>(eKey), iv, cipherNoIV).makeInsecure();
	io_text.resize(plain.size());
	io_text.swap(plain);
	
	return true;
}
bool CCryptoModulus::InitCrypto(BYTE *temp, DWORD length)
{
    int hashid = 0;
    BYTE digest[2048];


    memset(digest, 0, sizeof(digest));


    if (length >= 10)
    {
        hashid = temp[4] ^ (temp[3] | (temp[1] ^ temp[0]) < temp[2] % 3);
    }
    else
    {
        hashid = temp[0];
    }


    hashid = (hashid % 11) - 1;


    switch (hashid)
    {
        case 0:
        {
            CryptoPP::SHA256 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[0] % 10;
            this->InitCrypto(this->m_algorithm, digest, 32);
        }
        break;


        case 2:
        {
            CryptoPP::SHA512 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[1] % 10;
            this->InitCrypto(this->m_algorithm, digest, 64);
        }
        break;
        
        case 3:
        {
            CryptoPP::SHA384 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[2] % 10;
            this->InitCrypto(this->m_algorithm, digest, 48);
        }
        break;


        case 4:
        {
            CryptoPP::Weak1::MD4 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[3] % 10;
            this->InitCrypto(this->m_algorithm, digest, 16);
        }
        break;


        case 5:
        {
            CryptoPP::Weak1::MD5 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[4] % 10;
            this->InitCrypto(this->m_algorithm, digest, 16);
        }
        break;


        case 6:
        {
            CryptoPP::RIPEMD160 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[5] % 10;
            this->InitCrypto(this->m_algorithm, digest, 20);
        }
        break;


        case 7:
        {
            CryptoPP::RIPEMD320 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[6] % 10;
            this->InitCrypto(this->m_algorithm, digest, 40);
        }
        break;


        case 8:
        {
            CryptoPP::RIPEMD128 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[7] % 10;
            this->InitCrypto(this->m_algorithm, digest, 16);
        }
        break;


        case 9:
        {
            CryptoPP::RIPEMD256 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[8] % 10;
            this->InitCrypto(this->m_algorithm, digest, 32);
        }
        break;


        default:
        {
            CryptoPP::Weak1::MD5 hash;
            hash.Update(temp, length);
            hash.Final(digest);


            this->m_algorithm = digest[9] % 10;
            this->InitCrypto(this->m_algorithm, digest, 16);
        }
        break;
    }


    return true;
}