/**
   * Private helper to create the SecureByteArray.
   */
  SecureByteArray IvParameterSpec::create_secure_array(const byte iv[], size_t size, size_t offset, size_t len)
  {
    ESAPI_ASSERT2(iv, "Iv is not valid");
    ESAPI_ASSERT2(size, "Iv size is 0");
    ESAPI_ASSERT2(len, "Length is 0");
    ESAPI_ASSERT2(len <= size, "Length exceeds iv size");
    ESAPI_ASSERT2(offset <= size - len, "Offset and length exceed iv array size");

    if(!iv)
      throw IllegalArgumentException("The iv array is not valid");

    if(!size)
      throw IllegalArgumentException("The iv array size is not valid");

    try
      {
        SafeInt<size_t> si(offset);
        si += len;

        // ArrayIndexOutOfBoundsException
        if((size_t)si > size)
          throw IllegalArgumentException("The iv array is too small for the specified offset and length");

        // Will throw on pointer wrap
        const byte* ptr = iv;
        ptr += si;

        return SecureByteArray(&(iv[offset]), len);
      }
    catch(const SafeIntException&)
      {
        throw IllegalArgumentException("Integer overflow detected");
      }
  }
Exemple #2
0
 void pwdgen_binary_salt_and_password(void)
 {
   DomainSettings ds;
   ds.domainName = "Foo";
   ds.usedCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRTUVWXYZ";
   ds.iterations = 1024;
   ds.length = 32;
   static uchar salt[256] = { 219, 234, 34, 57, 151, 182, 99, 40, 180, 243, 133, 33, 191, 250, 4, 226, 107, 19, 132, 160, 29, 73, 184, 194, 38, 109, 104, 126, 43, 108, 215, 45, 253, 44, 204, 83, 229, 220, 146, 136, 110, 0, 232, 25, 212, 23, 205, 157, 91, 179, 200, 248, 102, 17, 101, 164, 113, 130, 27, 141, 79, 177, 47, 123, 36, 210, 183, 65, 64, 140, 72, 134, 207, 100, 233, 35, 211, 131, 75, 186, 70, 156, 105, 21, 66, 216, 241, 169, 15, 144, 111, 122, 181, 135, 118, 39, 228, 37, 188, 26, 14, 147, 49, 95, 2, 244, 119, 154, 171, 218, 77, 187, 3, 127, 217, 22, 129, 69, 185, 206, 152, 5, 115, 106, 6, 96, 227, 255, 125, 155, 18, 240, 238, 55, 32, 128, 84, 89, 252, 172, 28, 67, 225, 214, 121, 237, 93, 148, 59, 139, 87, 97, 158, 199, 98, 94, 68, 247, 41, 86, 13, 142, 196, 197, 195, 82, 78, 116, 60, 209, 7, 9, 174, 189, 150, 221, 175, 224, 213, 145, 92, 231, 170, 208, 81, 254, 76, 246, 198, 71, 203, 192, 124, 167, 137, 222, 31, 249, 58, 190, 11, 20, 10, 168, 46, 235, 88, 245, 114, 74, 176, 163, 1, 223, 8, 193, 30, 54, 166, 52, 24, 85, 90, 162, 117, 236, 120, 178, 143, 63, 159, 173, 161, 61, 48, 42, 103, 80, 251, 56, 202, 53, 153, 201, 51, 230, 242, 112, 149, 239, 138, 165, 16, 62, 12, 50 };
   static uchar password[256] = { 136, 152, 37, 207, 212, 209, 100, 16, 137, 118, 4, 205, 115, 26, 21, 19, 99, 30, 156, 31, 102, 35, 130, 114, 22, 191, 32, 248, 155, 60, 120, 44, 167, 107, 197, 123, 27, 138, 171, 133, 186, 69, 122, 58, 70, 147, 51, 62, 164, 236, 61, 81, 72, 3, 218, 11, 134, 24, 230, 227, 54, 43, 124, 168, 113, 84, 144, 217, 9, 184, 163, 64, 195, 34, 173, 5, 8, 192, 91, 63, 40, 12, 6, 140, 74, 125, 52, 196, 110, 46, 229, 198, 220, 247, 131, 202, 177, 216, 246, 106, 161, 219, 146, 41, 226, 154, 28, 148, 117, 238, 18, 92, 135, 231, 180, 75, 211, 141, 94, 67, 185, 160, 23, 105, 187, 47, 53, 253, 95, 232, 242, 169, 240, 181, 172, 139, 116, 1, 179, 178, 80, 143, 20, 7, 243, 101, 252, 176, 228, 48, 224, 0, 206, 50, 249, 104, 89, 88, 199, 78, 17, 33, 200, 194, 132, 83, 97, 57, 56, 222, 183, 214, 68, 250, 73, 108, 237, 71, 29, 221, 251, 98, 204, 45, 245, 121, 255, 193, 182, 79, 14, 254, 190, 15, 153, 127, 215, 119, 111, 2, 225, 90, 223, 233, 213, 36, 151, 59, 210, 49, 159, 241, 10, 86, 188, 162, 109, 65, 42, 235, 103, 128, 234, 157, 189, 77, 201, 25, 82, 166, 203, 239, 96, 38, 244, 175, 39, 142, 112, 170, 55, 93, 165, 76, 13, 208, 150, 126, 85, 66, 158, 87, 145, 129, 174, 149 };
   ds.salt_base64 = QByteArray(reinterpret_cast<char*>(salt), 256).toBase64();
   Password pwd(ds);
   pwd.generate(SecureByteArray(reinterpret_cast<char*>(password), 256));
   QVERIFY(pwd.hexKey() == "e217c512b32d61f94bccad89b9c79012d073f4c0960854803a6115aa928f5b823d3bcd167872d4df102450f4dc26d82c6fa6666f749f82b2ec12593edb6ba2b0");
   QVERIFY(pwd.key() == "XQCjlTFKFWBAsmgYgzTwJdbFPjCyykCl");
 }
    SecureByteArray HashImpl<HASH, DRBGINFO>::generateSeedImpl(unsigned int numBytes)
    {
        // Has a catastrophic error been encountered previously? Forwarding facing gear is the gate keeper.
        ASSERT(!m_catastrophic);
        if(m_catastrophic)
            throw EncryptionException("A catastrophic error was previously encountered");

        ASSERT(numBytes);
        if(!numBytes)
            return SecureByteArray();

        SecureByteArray sa(numBytes);
        nextBytesImpl(sa.data(), sa.size());

        return sa;
    }
 SecureByteArray SecretKey::getEncoded() const
 {
   ASSERT(m_secBlock.data());
   ASSERT(m_secBlock.size());
   return SecureByteArray(m_secBlock.data(), m_secBlock.size());
 }
Exemple #5
0
SecureByteArray Exporter::read(const SecureString &pwd)
{
  Q_D(Exporter);
  SecureByteArray plain;
  QFile file(d->filename);
  bool opened = file.open(QIODevice::ReadOnly);
  if (opened) {
    static const int MaxLineSize = 64 + 2;
    int state = 0;
    QByteArray b64;
    while (!file.atEnd()) {
      char buf[MaxLineSize];
      const qint64 bytesRead = file.readLine(buf, MaxLineSize);
      const QString line = QByteArray(buf, bytesRead).trimmed();
      switch (state) {
      case 0:
        if (line == PemPreamble) {
          state = 1;
        }
        else {
          qWarning() << "bad format";
        }
        break;
      case 1:
        if (line != PemEpilog) {
          b64.append(line.toUtf8());
        }
        else {
          state = 2;
        }
        break;
      case 2:
        // ignore trailing lines
        break;
      default:
        qWarning() << "Oops! Should never have gotten here.";
        break;
      }
    }
    file.close();
    SecureByteArray iv;
    SecureByteArray key;
    QByteArray imported = QByteArray::fromBase64(b64);
    QByteArray salt = imported.mid(0, Crypter::SaltSize);
    QByteArray cipher = imported.mid(Crypter::SaltSize);
    Crypter::makeKeyAndIVFromPassword(pwd.toUtf8(), salt, key, iv);
    CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption dec;
    dec.SetKeyWithIV(reinterpret_cast<const byte*>(key.constData()), key.size(), reinterpret_cast<const byte*>(iv.constData()));
    plain = SecureByteArray(cipher.size(), static_cast<char>(0));
    CryptoPP::ArraySource s(
          reinterpret_cast<const byte*>(cipher.constData()), cipher.size(),
          true,
          new CryptoPP::StreamTransformationFilter(
            dec,
            new CryptoPP::ArraySink(reinterpret_cast<byte*>(plain.data()), plain.size()),
            CryptoPP::StreamTransformationFilter::NO_PADDING
            )
          );
    Q_UNUSED(s); // just to please the compiler
  }
  return plain;
}
Exemple #6
0
 void pbkdf2_empty_message(void)
 {
   PBKDF2 pbkdf2(SecureByteArray(), QString("pepper").toUtf8(), 3, QCryptographicHash::Sha512);
   QVERIFY(pbkdf2.derivedKey() == QByteArray::fromHex("9dd331fc67421e1dce619cbbb517170e2dc325491d3426425630c4c01fd0eca8d8f535d6b0555a2aa43efbc9141e3dd7edaef8b1278ac34eabfc2db735d992ee"));
 }