CryptoPP::SecByteBlock
prf (
 CryptoPP::SecByteBlock const& secret,
 char const* label,
 CryptoPP::SecByteBlock const& seed,
 size_t length
)
{
  size_t half, len;
  CryptoPP::SecByteBlock first, second;
  CryptoPP::SecByteBlock::iterator it1, it2;

  half = secret.size() >> 1;
  len = half + (secret.size() & 1);

  first.Assign(secret.data(), len);
  second.Assign(secret.data()+half, len);

  first  = prf<H1>(first,  label, seed, length);
  second = prf<H2>(second, label, seed, length);

  it1 = first.begin();
  it2 = second.begin();
  while (it1 != first.end() && it2 != second.end())
  {
    (*it1) ^= (*it2);
    ++it1;
    ++it2;
  }
  
  return first;
}
Exemple #2
0
	GenericCryptoOutputFilter(
			std::ostream &stream,
			const CryptoPP::SecByteBlock &key,
			const CryptoPP::SecByteBlock &iv): CryptoOutputFilter(stream){
		this->data.reset(new impl);
		this->data->e.SetKeyWithIV(key, key.size(), iv.data(), iv.size());
		this->data->filter.reset(new CryptoPP::StreamTransformationFilter(this->data->e));
	}
Exemple #3
0
	std::string security::str(const CryptoPP::SecByteBlock& input)
	{
		std::string output;
		CryptoPP::StringSink sink(output);
		sink.Put(input, input.size());
		return output;
	}
Exemple #4
0
void Marshall::initAES( const CryptoPP::SecByteBlock& cek,
                             const CryptoPP::SecByteBlock& iv )
{
    m_iv = iv;
    m_enc.SetKeyWithIV(  cek.BytePtr(), cek.SizeInBytes(),
                         iv.BytePtr(),  iv.SizeInBytes());
    m_dec.SetKeyWithIV(  cek.BytePtr(), cek.SizeInBytes(),
                         iv.BytePtr(),  iv.SizeInBytes());
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_rsa (
 CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
  using namespace CryptoPP;
  
  // Decrypt pre-master secret.
  RSAES<PKCS1v15>::Decryptor dec(*m_handshake.m_config.rsa_key());
  DecodingResult res;
  SecByteBlock random(48);

  // Bleinbacher and Klima et al. attack protection.
  // 1. Generate a string R of random 46 bytes.
  m_handshake.m_rng.GenerateBlock(&random[2], 46);

  // 2. Decrypt the message to recover plaintext M.
  premaster.resize(dec.MaxPlaintextLength(m_pub.size()));
  res = dec.Decrypt(m_handshake.m_rng,
   m_pub.data(), m_pub.size(),
   premaster
  );
  premaster.resize(res.messageLength);

  protocol_version const& v = m_handshake.m_client_hello.version();

  // 3. If the PKCS#8 padding is not correct,
  //    or the length of message M is not exactly 48 bytes:
  if (!res.isValidCoding || res.messageLength != 48)
  {
    random[0] = v.major;
    random[1] = v.minor;

    m_handshake.compute_master_secret(random);
  }
  else
  {
    premaster[0] = v.major;
    premaster[1] = v.minor;

    m_handshake.compute_master_secret(premaster);
  }
}
CryptoPP::SecByteBlock
prf (
 CryptoPP::SecByteBlock const& secret,
 char const* label,
 CryptoPP::SecByteBlock const& seed,
 size_t length
)
{
  CryptoPP::HMAC<H> hmac(secret.data(), secret.size());
  CryptoPP::SecByteBlock hash_seed, A, cur_seed, output;
  
  // PRF(secret, label, seed) = P_hash(secret, label + seed)
  // P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
  //                        HMAC_hash(secret, A(2) + seed) +
  //                        HMAC_hash(secret, A(3) + seed) + ...
  // A(0) = seed
  // A(i) = HMAC_hash(secret, A(i-1))

  // Make the seed for P_<hash>.
  hash_seed.Assign(
   reinterpret_cast<byte const*>(label),
   strlen(label)
  );
  hash_seed += seed;
  
  // Calculate A(1) = HMAC_hash(secret, A(0)=seed)
  A.CleanNew(hmac.DigestSize());
  hmac.CalculateDigest(A.data(), hash_seed.data(), hash_seed.size());
  
  // Calculate P_hash(secret, seed)
  while (output.size() < length)
  {
    cur_seed = A + hash_seed;
    hmac.Update(cur_seed.data(), cur_seed.size());
    cur_seed.resize(hmac.DigestSize());
    hmac.Final(cur_seed.data());
    output += cur_seed;
    hmac.Update(A.data(), A.size());
    hmac.Final(A.data());
  }

  // Trim and return.
  output.resize(length);
  return output;
}
Exemple #7
0
void Container::set_seed(CryptoPP::SecByteBlock seed)
{
	seed_ = seed;
	CryptoPP::AutoSeededRandomPool prng;
	CryptoPP::SecByteBlock t(seed.size());
	prng.GenerateBlock(t, t.size());
	for (auto p : mtl::count_until(t.size()))
	{
		seed_[p] ^= t[p];
	}
	prng_.IncorporateEntropy(seed_, seed_.size());

	//enhance pw
	for (auto b : seed)
	{
		enhanced_passphrase_.push_back(b);
	}
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_dh (
 CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
  CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo;
  size_t pos;

  // Add leading zeros to match domain's public key length.
  if (m_pub.size() < alg->PublicKeyLength())
  {
    CryptoPP::SecByteBlock padding;

    padding.CleanNew(alg->PublicKeyLength() - m_pub.size());
    m_pub = padding + m_pub;
  }
  
  // Agree on the premaster secret.
  premaster.New(alg->AgreedValueLength());

  if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true))
  {
    LOG_ERR("net.tls.client_key_exchange",
     "Error agreeing on pre-master secret. (DH)"
    );
    
    throw alert(
     alert_level::fatal,
     alert_description::illegal_parameter
    );
  }

  // Strip any leading zero bytes from the agreed value.
  pos = 0;

  while (premaster[pos] == 0 && pos < premaster.size())
  {
    ++pos;
  }

  premaster.Assign(&premaster[pos], (premaster.size() - pos));
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_ecdh (
 CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
  CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo;

  // Agree on the premaster secret.
  premaster.New(alg->AgreedValueLength());

  if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true))
  {
    LOG_ERR("net.tls.client_key_exchange",
     "Error agreeing on pre-master secret. (ECDH)"
    );
    
    throw alert(
     alert_level::fatal,
     alert_description::illegal_parameter
    );
  }
}
	// Compute
	bool diffie_hellman::compute(const CryptoPP::SecByteBlock& input, const bool validate /*= true*/)
	{
		assert(!input.empty());

		return m_dh.Agree(m_shared, m_private, reinterpret_cast<const byte*>(input.data()), validate);
	}
Exemple #11
0
int main() {
    {
        CryptoPP::SHA512 sha2;
        unsigned char digest[CryptoPP::SHA512::DIGESTSIZE];
        sha2.Final(digest);
    }

    {
        std::string data;
        const CryptoPP::SecByteBlock key;
        const CryptoPP::SecByteBlock iv;

        CryptoPP::SecByteBlock ret(0, CryptoPP::AES::MAX_KEYLENGTH);
        CryptoPP::StringSource(data, true, new CryptoPP::HashFilter(*(new CryptoPP::SHA3_512), new CryptoPP::ArraySink(ret, CryptoPP::AES::MAX_KEYLENGTH)));
        CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Encryption pwenc;
        pwenc.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size());
        std::string cipher;
        CryptoPP::StringSource(data, true, new CryptoPP::AuthenticatedEncryptionFilter(pwenc, new CryptoPP::StringSink(cipher), false, 16));
    }

    {
        const CryptoPP::SecByteBlock key;
        const CryptoPP::SecByteBlock iv;
        CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Decryption pwdec;
        pwdec.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size());
    }

    {
        CryptoPP::SecByteBlock ret(0, CryptoPP::AES::BLOCKSIZE);
        std::string str;
        CryptoPP::StringSource(str, true, new CryptoPP::Base64Decoder(new CryptoPP::ArraySink(ret, CryptoPP::AES::BLOCKSIZE)));
    }

    return 0;
}