/**
* Private helper to create the SecureByteArray.
*/
SecureByteArray IvParameterSpec::create_secure_array(const byte iv[], size_t size, size_t offset, size_t len)
{
ESAPI_ASSERT2(iv, "Iv is not valid");
ESAPI_ASSERT2(size, "Iv size is 0");
ESAPI_ASSERT2(len, "Length is 0");
ESAPI_ASSERT2(len <= size, "Length exceeds iv size");
ESAPI_ASSERT2(offset <= size - len, "Offset and length exceed iv array size");
if(!iv)
throw IllegalArgumentException("The iv array is not valid");
if(!size)
throw IllegalArgumentException("The iv array size is not valid");
try
{
SafeInt<size_t> si(offset);
si += len;
// ArrayIndexOutOfBoundsException
if((size_t)si > size)
throw IllegalArgumentException("The iv array is too small for the specified offset and length");
// Will throw on pointer wrap
const byte* ptr = iv;
ptr += si;
return SecureByteArray(&(iv[offset]), len);
}
catch(const SafeIntException&)
{
throw IllegalArgumentException("Integer overflow detected");
}
}
void pwdgen_binary_salt_and_password(void)
{
DomainSettings ds;
ds.domainName = "Foo";
ds.usedCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRTUVWXYZ";
ds.iterations = 1024;
ds.length = 32;
static uchar salt[256] = { 219, 234, 34, 57, 151, 182, 99, 40, 180, 243, 133, 33, 191, 250, 4, 226, 107, 19, 132, 160, 29, 73, 184, 194, 38, 109, 104, 126, 43, 108, 215, 45, 253, 44, 204, 83, 229, 220, 146, 136, 110, 0, 232, 25, 212, 23, 205, 157, 91, 179, 200, 248, 102, 17, 101, 164, 113, 130, 27, 141, 79, 177, 47, 123, 36, 210, 183, 65, 64, 140, 72, 134, 207, 100, 233, 35, 211, 131, 75, 186, 70, 156, 105, 21, 66, 216, 241, 169, 15, 144, 111, 122, 181, 135, 118, 39, 228, 37, 188, 26, 14, 147, 49, 95, 2, 244, 119, 154, 171, 218, 77, 187, 3, 127, 217, 22, 129, 69, 185, 206, 152, 5, 115, 106, 6, 96, 227, 255, 125, 155, 18, 240, 238, 55, 32, 128, 84, 89, 252, 172, 28, 67, 225, 214, 121, 237, 93, 148, 59, 139, 87, 97, 158, 199, 98, 94, 68, 247, 41, 86, 13, 142, 196, 197, 195, 82, 78, 116, 60, 209, 7, 9, 174, 189, 150, 221, 175, 224, 213, 145, 92, 231, 170, 208, 81, 254, 76, 246, 198, 71, 203, 192, 124, 167, 137, 222, 31, 249, 58, 190, 11, 20, 10, 168, 46, 235, 88, 245, 114, 74, 176, 163, 1, 223, 8, 193, 30, 54, 166, 52, 24, 85, 90, 162, 117, 236, 120, 178, 143, 63, 159, 173, 161, 61, 48, 42, 103, 80, 251, 56, 202, 53, 153, 201, 51, 230, 242, 112, 149, 239, 138, 165, 16, 62, 12, 50 };
static uchar password[256] = { 136, 152, 37, 207, 212, 209, 100, 16, 137, 118, 4, 205, 115, 26, 21, 19, 99, 30, 156, 31, 102, 35, 130, 114, 22, 191, 32, 248, 155, 60, 120, 44, 167, 107, 197, 123, 27, 138, 171, 133, 186, 69, 122, 58, 70, 147, 51, 62, 164, 236, 61, 81, 72, 3, 218, 11, 134, 24, 230, 227, 54, 43, 124, 168, 113, 84, 144, 217, 9, 184, 163, 64, 195, 34, 173, 5, 8, 192, 91, 63, 40, 12, 6, 140, 74, 125, 52, 196, 110, 46, 229, 198, 220, 247, 131, 202, 177, 216, 246, 106, 161, 219, 146, 41, 226, 154, 28, 148, 117, 238, 18, 92, 135, 231, 180, 75, 211, 141, 94, 67, 185, 160, 23, 105, 187, 47, 53, 253, 95, 232, 242, 169, 240, 181, 172, 139, 116, 1, 179, 178, 80, 143, 20, 7, 243, 101, 252, 176, 228, 48, 224, 0, 206, 50, 249, 104, 89, 88, 199, 78, 17, 33, 200, 194, 132, 83, 97, 57, 56, 222, 183, 214, 68, 250, 73, 108, 237, 71, 29, 221, 251, 98, 204, 45, 245, 121, 255, 193, 182, 79, 14, 254, 190, 15, 153, 127, 215, 119, 111, 2, 225, 90, 223, 233, 213, 36, 151, 59, 210, 49, 159, 241, 10, 86, 188, 162, 109, 65, 42, 235, 103, 128, 234, 157, 189, 77, 201, 25, 82, 166, 203, 239, 96, 38, 244, 175, 39, 142, 112, 170, 55, 93, 165, 76, 13, 208, 150, 126, 85, 66, 158, 87, 145, 129, 174, 149 };
ds.salt_base64 = QByteArray(reinterpret_cast<char*>(salt), 256).toBase64();
Password pwd(ds);
pwd.generate(SecureByteArray(reinterpret_cast<char*>(password), 256));
QVERIFY(pwd.hexKey() == "e217c512b32d61f94bccad89b9c79012d073f4c0960854803a6115aa928f5b823d3bcd167872d4df102450f4dc26d82c6fa6666f749f82b2ec12593edb6ba2b0");
QVERIFY(pwd.key() == "XQCjlTFKFWBAsmgYgzTwJdbFPjCyykCl");
}
SecureByteArray HashImpl<HASH, DRBGINFO>::generateSeedImpl(unsigned int numBytes)
{
// Has a catastrophic error been encountered previously? Forwarding facing gear is the gate keeper.
ASSERT(!m_catastrophic);
if(m_catastrophic)
throw EncryptionException("A catastrophic error was previously encountered");
ASSERT(numBytes);
if(!numBytes)
return SecureByteArray();
SecureByteArray sa(numBytes);
nextBytesImpl(sa.data(), sa.size());
return sa;
}
SecureByteArray SecretKey::getEncoded() const
{
ASSERT(m_secBlock.data());
ASSERT(m_secBlock.size());
return SecureByteArray(m_secBlock.data(), m_secBlock.size());
}
SecureByteArray Exporter::read(const SecureString &pwd)
{
Q_D(Exporter);
SecureByteArray plain;
QFile file(d->filename);
bool opened = file.open(QIODevice::ReadOnly);
if (opened) {
static const int MaxLineSize = 64 + 2;
int state = 0;
QByteArray b64;
while (!file.atEnd()) {
char buf[MaxLineSize];
const qint64 bytesRead = file.readLine(buf, MaxLineSize);
const QString line = QByteArray(buf, bytesRead).trimmed();
switch (state) {
case 0:
if (line == PemPreamble) {
state = 1;
}
else {
qWarning() << "bad format";
}
break;
case 1:
if (line != PemEpilog) {
b64.append(line.toUtf8());
}
else {
state = 2;
}
break;
case 2:
// ignore trailing lines
break;
default:
qWarning() << "Oops! Should never have gotten here.";
break;
}
}
file.close();
SecureByteArray iv;
SecureByteArray key;
QByteArray imported = QByteArray::fromBase64(b64);
QByteArray salt = imported.mid(0, Crypter::SaltSize);
QByteArray cipher = imported.mid(Crypter::SaltSize);
Crypter::makeKeyAndIVFromPassword(pwd.toUtf8(), salt, key, iv);
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption dec;
dec.SetKeyWithIV(reinterpret_cast<const byte*>(key.constData()), key.size(), reinterpret_cast<const byte*>(iv.constData()));
plain = SecureByteArray(cipher.size(), static_cast<char>(0));
CryptoPP::ArraySource s(
reinterpret_cast<const byte*>(cipher.constData()), cipher.size(),
true,
new CryptoPP::StreamTransformationFilter(
dec,
new CryptoPP::ArraySink(reinterpret_cast<byte*>(plain.data()), plain.size()),
CryptoPP::StreamTransformationFilter::NO_PADDING
)
);
Q_UNUSED(s); // just to please the compiler
}
return plain;
}
void pbkdf2_empty_message(void)
{
PBKDF2 pbkdf2(SecureByteArray(), QString("pepper").toUtf8(), 3, QCryptographicHash::Sha512);
QVERIFY(pbkdf2.derivedKey() == QByteArray::fromHex("9dd331fc67421e1dce619cbbb517170e2dc325491d3426425630c4c01fd0eca8d8f535d6b0555a2aa43efbc9141e3dd7edaef8b1278ac34eabfc2db735d992ee"));
}