string RNEncryptor::encrypt(string plaintext, string password, RNCryptorSchema schemaVersion)
{
this->configureSettings(schemaVersion);
RNCryptorPayloadComponents components;
components.schema = (char)schemaVersion;
components.options = (char)this->options;
components.salt = this->generateSalt();
components.hmacSalt = this->generateSalt();
components.iv = this->generateIv(this->ivLength);
SecByteBlock key = this->generateKey(components.salt, password);
switch (this->aesMode) {
case MODE_CTR: {
CTR_Mode<AES>::Encryption encryptor;
encryptor.SetKeyWithIV((const byte *)key.data(), key.size(), (const byte *)components.iv.data());
StringSource(plaintext, true,
// StreamTransformationFilter adds padding as required.
new StreamTransformationFilter(encryptor,
new StringSink(components.ciphertext)
)
);
break;
}
case MODE_CBC: {
CBC_Mode<AES>::Encryption encryptor;
encryptor.SetKeyWithIV(key.BytePtr(), key.size(), (const byte *)components.iv.data());
StringSource(plaintext, true,
// StreamTransformationFilter adds padding as required.
new StreamTransformationFilter(encryptor,
new StringSink(components.ciphertext)
)
);
break;
}
}
stringstream binaryData;
binaryData << components.schema;
binaryData << components.options;
binaryData << components.salt;
binaryData << components.hmacSalt;
binaryData << components.iv;
binaryData << components.ciphertext;
std::cout << "Hex encoded: " << this->hex_encode(binaryData.str()) << std::endl;
binaryData << this->generateHmac(components, password);
return this->base64_encode(binaryData.str());
}
std::string Converter::SecByteBlockToString(SecByteBlock data){
Integer a;
a.Decode(data.BytePtr(), data.SizeInBytes());
//cout<< "ze secbyteblock do integera: "<<a<<endl;
std::ostrstream oss;
oss << std::hex << a;
std::string s(oss.str());
s = s.substr(0, 2*data.SizeInBytes()+1); //Do zapamiêtania. d³ugoœæ stringa z s wynosi 2*d³ugoœæ w bytach plus 1.
return s;
}
bool
SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName,
const uint8_t* buf, size_t size,
const std::string& passwordStr)
{
using namespace CryptoPP;
Oid pbes2Id;
Oid pbkdf2Id;
SecByteBlock saltBlock;
uint32_t iterationCount;
Oid pbes2encsId;
SecByteBlock ivBlock;
SecByteBlock encryptedDataBlock;
try {
// decode some decoding processes are not necessary for now,
// because we assume only one encryption scheme.
StringSource source(buf, size, true);
// EncryptedPrivateKeyInfo ::= SEQUENCE {
// encryptionAlgorithm EncryptionAlgorithmIdentifier,
// encryptedData OCTET STRING }
BERSequenceDecoder encryptedPrivateKeyInfo(source);
{
// EncryptionAlgorithmIdentifier ::= SEQUENCE {
// algorithm OBJECT IDENTIFIER {{PBES2-id}},
// parameters SEQUENCE {{PBES2-params}} }
BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo);
{
pbes2Id.decode(encryptionAlgorithm);
// PBES2-params ::= SEQUENCE {
// keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
// encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
BERSequenceDecoder pbes2Params(encryptionAlgorithm);
{
// AlgorithmIdentifier ::= SEQUENCE {
// algorithm OBJECT IDENTIFIER {{PBKDF2-id}},
// parameters SEQUENCE {{PBKDF2-params}} }
BERSequenceDecoder pbes2KDFs(pbes2Params);
{
pbkdf2Id.decode(pbes2KDFs);
// AlgorithmIdentifier ::= SEQUENCE {
// salt OCTET STRING,
// iterationCount INTEGER (1..MAX),
// keyLength INTEGER (1..MAX) OPTIONAL,
// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 }
BERSequenceDecoder pbkdf2Params(pbes2KDFs);
{
BERDecodeOctetString(pbkdf2Params, saltBlock);
BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
}
pbkdf2Params.MessageEnd();
}
pbes2KDFs.MessageEnd();
// AlgorithmIdentifier ::= SEQUENCE {
// algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}},
// parameters OCTET STRING} {{iv}} }
BERSequenceDecoder pbes2Encs(pbes2Params);
{
pbes2encsId.decode(pbes2Encs);
BERDecodeOctetString(pbes2Encs, ivBlock);
}
pbes2Encs.MessageEnd();
}
pbes2Params.MessageEnd();
}
encryptionAlgorithm.MessageEnd();
BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock);
}
encryptedPrivateKeyInfo.MessageEnd();
}
catch (const CryptoPP::Exception& e) {
return false;
}
PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
size_t derivedLen = 24; //For DES-EDE3-CBC-PAD
byte derived[24] = {0};
byte purpose = 0;
try {
keyGenerator.DeriveKey(derived, derivedLen,
purpose,
reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(),
saltBlock.BytePtr(), saltBlock.size(),
iterationCount);
}
catch (const CryptoPP::Exception& e) {
return false;
}
//decrypt
CBC_Mode< DES_EDE3 >::Decryption d;
d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr());
OBufferStream privateKeyOs;
try {
StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true,
new StreamTransformationFilter(d, new FileSink(privateKeyOs)));
}
catch (const CryptoPP::Exception& e) {
return false;
}
if (!importPrivateKeyPkcs8IntoTpm(keyName,
privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()))
return false;
// determine key type
StringSource privateKeySource(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size(), true);
KeyType publicKeyType = KeyType::NONE;
SecByteBlock rawKeyBits;
// PrivateKeyInfo ::= SEQUENCE {
// INTEGER,
// SEQUENCE,
// OCTECT STRING}
BERSequenceDecoder privateKeyInfo(privateKeySource);
{
uint32_t versionNum;
BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
BERSequenceDecoder sequenceDecoder(privateKeyInfo);
{
Oid keyTypeOid;
keyTypeOid.decode(sequenceDecoder);
if (keyTypeOid == oid::RSA)
publicKeyType = KeyType::RSA;
else if (keyTypeOid == oid::ECDSA)
publicKeyType = KeyType::EC;
else
return false; // Unsupported key type;
}
}
// derive public key
OBufferStream publicKeyOs;
try {
switch (publicKeyType) {
case KeyType::RSA: {
RSA::PrivateKey privateKey;
privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref());
RSAFunction publicKey(privateKey);
FileSink publicKeySink(publicKeyOs);
publicKey.DEREncode(publicKeySink);
publicKeySink.MessageEnd();
break;
}
case KeyType::EC: {
ECDSA<ECP, SHA256>::PrivateKey privateKey;
privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref());
ECDSA<ECP, SHA256>::PublicKey publicKey;
privateKey.MakePublicKey(publicKey);
publicKey.AccessGroupParameters().SetEncodeAsOID(true);
FileSink publicKeySink(publicKeyOs);
publicKey.DEREncode(publicKeySink);
publicKeySink.MessageEnd();
break;
}
default:
return false;
}
}
catch (const CryptoPP::Exception& e) {
return false;
}
if (!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size()))
return false;
return true;
}
int main()
{
string key;
unsigned int limit;
int flag;
cout << "Input key(32Byte from [0-9a-f]):";
cin >> key;
cout << "Input upper limit:";
cin >> limit;
StringSource ss(key, true, new HexDecoder);
SecByteBlock bkey((size_t)ss.MaxRetrievable());
ss.Get(bkey, bkey.size());
ECB_Mode<AES>::Encryption aes(bkey, bkey.size());
ECB_Mode<AES>::Encryption aes1(bkey, bkey.size());
SecByteBlock *outputsbb;
for(unsigned int i = 0; i < limit; i ++)
{
const byte *pi = (const byte *)&i;
flag = 0;
StreamTransformationFilter *stf = new StreamTransformationFilter(aes);
StringSource outputss(pi, (size_t)sizeof(int)/sizeof(byte), true, stf);
outputsbb = new SecByteBlock((size_t)outputss.MaxRetrievable());
outputss.Get(*outputsbb, outputsbb->size());
if(*((unsigned int *)(outputsbb->BytePtr())) < limit &&
*((unsigned int *)(outputsbb->BytePtr()) + 4) == 0 &&
*((unsigned int *)(outputsbb->BytePtr()) + 8) == 0 &&
*((unsigned int *)(outputsbb->BytePtr()) + 12) == 0)
{
flag = 1;
}
while(!flag)
{
StreamTransformationFilter *stf1 = new StreamTransformationFilter(aes1);
StringSource outputss1(*outputsbb, outputsbb->size(), true, stf1);
delete outputsbb;
outputsbb = new SecByteBlock((size_t)outputss1.MaxRetrievable());
outputss1.Get(*outputsbb, outputsbb->size());
if(*((unsigned int *)(outputsbb->BytePtr())) < limit &&
*((unsigned int *)(outputsbb->BytePtr()) + 4) == 0 &&
*((unsigned int *)(outputsbb->BytePtr()) + 8) == 0 &&
*((unsigned int *)(outputsbb->BytePtr()) + 12) == 0)
{
flag = 1;
cout << i << ": " << *((unsigned int *)(outputsbb->BytePtr())) << endl;
}
}
delete outputsbb;
}
return 0;
}
//********************************************************************************************************
Integer Converter::decodeSecByteBlock(SecByteBlock key)
{
Integer x;
x.Decode(key.BytePtr(), key.SizeInBytes());
return x;
}
int main()
{
using namespace CryptoPP;
AutoSeededRandomPool rng;
DH dhA; //< Diffie-Hellman structure
DH2 dh2A(dhA); //< Diffie-Hellman structure
SecByteBlock sprivA; //< static private key
SecByteBlock spubA; //< static public key
SecByteBlock eprivA; //< ephemeral private key
SecByteBlock epubA; //< ephemeral public key
SecByteBlock sharedA; //< shared key
DH dhB; //< Diffie-Hellman structure
DH2 dh2B(dhA); //< Diffie-Hellman structure
SecByteBlock sprivB; //< static private key
SecByteBlock spubB; //< static public key
SecByteBlock eprivB; //< ephemeral private key
SecByteBlock epubB; //< ephemeral public key
SecByteBlock sharedB; //< shared key
std::cout << "Initializing DH parameters" << std::endl;;
dhA.AccessCryptoParameters().GenerateRandomWithKeySize(rng,1024);
dhB.AccessCryptoParameters().GenerateRandomWithKeySize(rng,1024);
std::cout << "Generating Keys" << std::endl;;
sprivA = SecByteBlock( dh2A.StaticPrivateKeyLength() );
spubA = SecByteBlock( dh2A.StaticPublicKeyLength() );
eprivA = SecByteBlock( dh2A.EphemeralPrivateKeyLength() );
epubA = SecByteBlock( dh2A.EphemeralPublicKeyLength() );
dh2A.GenerateStaticKeyPair(rng,sprivA,spubA);
dh2A.GenerateEphemeralKeyPair(rng,eprivA, epubA);
sharedA= SecByteBlock( dh2A.AgreedValueLength() );
sprivB = SecByteBlock( dh2B.StaticPrivateKeyLength() );
spubB = SecByteBlock( dh2B.StaticPublicKeyLength() );
eprivB = SecByteBlock( dh2B.EphemeralPrivateKeyLength() );
epubB = SecByteBlock( dh2B.EphemeralPublicKeyLength() );
dh2B.GenerateStaticKeyPair(rng,sprivB,spubB);
dh2B.GenerateEphemeralKeyPair(rng,eprivB, epubB);
sharedB= SecByteBlock( dh2B.AgreedValueLength() );
if(!dh2A.Agree(sharedA, sprivA, eprivA, spubB, epubB) )
std::cerr << "A failed to agree " << std::endl;
if(!dh2B.Agree(sharedB, sprivB, eprivB, spubA, epubA) )
std::cerr << "B failed to agree " << std::endl;
Integer sharedAOut, sharedBOut;
sharedAOut.Decode(sharedA.BytePtr(), sharedA.SizeInBytes());
sharedBOut.Decode(sharedB.BytePtr(), sharedB.SizeInBytes());
std::cout << "shared secret:"
<< "\n A: " << std::hex << sharedAOut
<< "\n B: " << std::hex << sharedBOut
<< std::endl;
}
