bool OSSLEVPHashAlgorithm::hashUpdate(const ByteString& data) { if (!HashAlgorithm::hashUpdate(data)) { return false; } // Continue digesting if (data.size() == 0) { return true; } if (!EVP_DigestUpdate(curCTX, (unsigned char*) data.const_byte_str(), data.size())) { ERROR_MSG("EVP_DigestUpdate failed"); EVP_MD_CTX_free(curCTX); curCTX = NULL; ByteString dummy; HashAlgorithm::hashFinal(dummy); return false; } return true; }
bool RSAPrivateKey::deserialise(ByteString& serialised) { ByteString dP = ByteString::chainDeserialise(serialised); ByteString dQ = ByteString::chainDeserialise(serialised); ByteString dPQ = ByteString::chainDeserialise(serialised); ByteString dDP1 = ByteString::chainDeserialise(serialised); ByteString dDQ1 = ByteString::chainDeserialise(serialised); ByteString dD = ByteString::chainDeserialise(serialised); ByteString dN = ByteString::chainDeserialise(serialised); ByteString dE = ByteString::chainDeserialise(serialised); if ((dD.size() == 0) || (dN.size() == 0) || (dE.size() == 0)) { return false; } setP(dP); setQ(dQ); setPQ(dPQ); setDP1(dDP1); setDQ1(dDQ1); setD(dD); setN(dN); setE(dE); return true; }
void AESTests::testWrap(const char testKeK[][128], const char testKey[][128], const char testCt[][128], const int testCnt, SymWrap::Type mode) { for (int i = 0; i < testCnt; i++) { ByteString kekData(testKeK[i]); ByteString keyData(testKey[i]); AESKey aesKeK(kekData.size() * 8); CPPUNIT_ASSERT(aesKeK.setKeyBits(kekData)); ByteString wrapped; ByteString expectedCt(testCt[i]); CPPUNIT_ASSERT(aes->wrapKey(&aesKeK, mode, keyData, wrapped)); CPPUNIT_ASSERT(wrapped.size() == expectedCt.size()); CPPUNIT_ASSERT(wrapped == expectedCt); ByteString unwrapped; CPPUNIT_ASSERT(aes->unwrapKey(&aesKeK, mode, wrapped, unwrapped)); CPPUNIT_ASSERT(unwrapped.size() == keyData.size()); CPPUNIT_ASSERT(unwrapped == keyData); /* #ifdef HAVE_AES_KEY_WRAP_PAD keyData.resize(20); ByteString padwrapped; CPPUNIT_ASSERT(aes->wrapKey(&aesKeK, SymWrap::AES_KEYWRAP_PAD, keyData, padwrapped)); CPPUNIT_ASSERT(padwrapped.size() == 32); ByteString padunwrapped; CPPUNIT_ASSERT(aes->unwrapKey(&aesKeK, SymWrap::AES_KEYWRAP_PAD, padwrapped, padunwrapped)); CPPUNIT_ASSERT(padunwrapped == keyData); #endif */ } }
std::unique_ptr<VideoBuffer> ImageRequest::Finish() { int width = Width; int height = Height; ByteString data = Request::Finish(nullptr); // Note that at this point it's not safe to use any member of the // ImageRequest object as Request::Finish signals RequestManager // to delete it. std::unique_ptr<VideoBuffer> vb; if (data.size()) { int imgw, imgh; pixel *imageData = Graphics::ptif_unpack(&data[0], data.size(), &imgw, &imgh); if (imageData) { vb = std::unique_ptr<VideoBuffer>(new VideoBuffer(imageData, imgw, imgh)); free(imageData); } else { vb = std::unique_ptr<VideoBuffer>(new VideoBuffer(32, 32)); vb->SetCharacter(14, 14, 'x', 255, 255, 255, 255); } vb->Resize(width, height, true); } return vb; }
bool BotanRSA::signUpdate(const ByteString& dataToSign) { if (!AsymmetricAlgorithm::signUpdate(dataToSign)) { return false; } try { if (dataToSign.size() != 0) { signer->update(dataToSign.const_byte_str(), dataToSign.size()); } } catch (...) { ERROR_MSG("Could not add data to signer token"); ByteString dummy; AsymmetricAlgorithm::signFinal(dummy); delete signer; signer = NULL; return false; } return true; }
bool BotanRSA::verifyUpdate(const ByteString& originalData) { if (!AsymmetricAlgorithm::verifyUpdate(originalData)) { return false; } try { if (originalData.size() != 0) { verifier->update(originalData.const_byte_str(), originalData.size()); } } catch (...) { ERROR_MSG("Could not add data to the verifier token"); ByteString dummy; AsymmetricAlgorithm::verifyFinal(dummy); delete verifier; verifier = NULL; return false; } return true; }
void HashTests::writeTmpFile(ByteString& data) { FILE* out = fopen("shsmv2-hashtest.tmp", "w"); CPPUNIT_ASSERT(out != NULL); CPPUNIT_ASSERT(fwrite(&data[0], 1, data.size(), out) == data.size()); CPPUNIT_ASSERT(!fclose(out)); }
bool BotanSymmetricAlgorithm::decryptUpdate(const ByteString& encryptedData, ByteString& data) { if (!SymmetricAlgorithm::decryptUpdate(encryptedData, data)) { delete cryption; cryption = NULL; return false; } // Write data try { if (encryptedData.size() > 0) cryption->write(encryptedData.const_byte_str(), encryptedData.size()); } catch (...) { ERROR_MSG("Failed to write to the decryption token"); ByteString dummy; SymmetricAlgorithm::decryptFinal(dummy); delete cryption; cryption = NULL; return false; } // Read data int bytesRead = 0; try { size_t outLen = cryption->remaining(); data.resize(outLen); if (outLen > 0) bytesRead = cryption->read(&data[0], outLen); } catch (...) { ERROR_MSG("Failed to decrypt the data"); ByteString dummy; SymmetricAlgorithm::decryptFinal(dummy); delete cryption; cryption = NULL; return false; } // Resize the output block data.resize(bytesRead); currentBufferSize -= bytesRead; return true; }
// Decryption functions bool OSSLRSA::decrypt(PrivateKey* privateKey, const ByteString& encryptedData, ByteString& data, const AsymMech::Type padding) { // Check if the private key is the right type if (!privateKey->isOfType(OSSLRSAPrivateKey::type)) { ERROR_MSG("Invalid key type supplied"); return false; } // Retrieve the OpenSSL key object RSA* rsa = ((OSSLRSAPrivateKey*) privateKey)->getOSSLKey(); // Check the input size if (encryptedData.size() != (size_t) RSA_size(rsa)) { ERROR_MSG("Invalid amount of input data supplied for RSA decryption"); return false; } // Determine the OpenSSL padding algorithm int osslPadding = 0; switch (padding) { case AsymMech::RSA_PKCS: osslPadding = RSA_PKCS1_PADDING; break; case AsymMech::RSA_PKCS_OAEP: osslPadding = RSA_PKCS1_OAEP_PADDING; break; case AsymMech::RSA: osslPadding = RSA_NO_PADDING; break; default: ERROR_MSG("Invalid padding mechanism supplied (%i)", padding); return false; } // Perform the RSA operation data.resize(RSA_size(rsa)); int decSize = RSA_private_decrypt(encryptedData.size(), (unsigned char*) encryptedData.const_byte_str(), &data[0], rsa, osslPadding); if (decSize == -1) { ERROR_MSG("RSA private key decryption failed (0x%08X)", ERR_get_error()); return false; } data.resize(decSize); return true; }
static bool encodeAttributeMap(ByteString& value, const std::map<CK_ATTRIBUTE_TYPE,OSAttribute>& attributes) { for (std::map<CK_ATTRIBUTE_TYPE,OSAttribute>::const_iterator i = attributes.begin(); i != attributes.end(); ++i) { CK_ATTRIBUTE_TYPE attrType = i->first; value += ByteString((unsigned char*) &attrType, sizeof(attrType)); OSAttribute attr = i->second; if (attr.isBooleanAttribute()) { AttributeKind attrKind = akBoolean; value += ByteString((unsigned char*) &attrKind, sizeof(attrKind)); bool val = attr.getBooleanValue(); value += ByteString((unsigned char*) &val, sizeof(val)); } else if (attr.isUnsignedLongAttribute()) { AttributeKind attrKind = akInteger; value += ByteString((unsigned char*) &attrKind, sizeof(attrKind)); unsigned long val = attr.getUnsignedLongValue(); value += ByteString((unsigned char*) &val, sizeof(val)); } else if (attr.isByteStringAttribute()) { AttributeKind attrKind = akBinary; value += ByteString((unsigned char*) &attrKind, sizeof(attrKind)); ByteString val = attr.getByteStringValue(); unsigned long len = val.size(); value += ByteString((unsigned char*) &len, sizeof(len)); value += val; } else if (attr.isMechanismTypeSetAttribute()) { AttributeKind attrKind = akMechSet; value += ByteString((unsigned char*) &attrKind, sizeof(attrKind)); ByteString val; encodeMechanismTypeSet(val, attr.getMechanismTypeSetValue()); unsigned long len = val.size(); value += ByteString((unsigned char*) &len, sizeof(len)); value += val; } else { ERROR_MSG("unsupported attribute kind for attribute map"); return false; } } return true; }
void GOSTTests::writeTmpFile(ByteString& data) { #ifndef _WIN32 FILE* out = fopen("gost-hashtest.tmp", "w"); #else FILE* out = fopen("gost-hashtest.tmp", "wb"); #endif CPPUNIT_ASSERT(out != NULL); CPPUNIT_ASSERT(fwrite(&data[0], 1, data.size(), out) == data.size()); CPPUNIT_ASSERT(!fclose(out)); }
// XOR data ByteString operator^(const ByteString& lhs, const ByteString& rhs) { size_t xorLen = std::min(lhs.size(), rhs.size()); ByteString rv; for (size_t i = 0; i < xorLen; i++) { rv += lhs.const_byte_str()[i] ^ rhs.const_byte_str()[i]; } return rv; }
// Verification functions bool OSSLDSA::verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param /* = NULL */, const size_t paramLen /* = 0 */) { if (mechanism == AsymMech::DSA) { // Separate implementation for DSA verification without hash computation // Check if the private key is the right type if (!publicKey->isOfType(OSSLDSAPublicKey::type)) { ERROR_MSG("Invalid key type supplied"); return false; } // Perform the verify operation OSSLDSAPublicKey* pk = (OSSLDSAPublicKey*) publicKey; unsigned int sigLen = pk->getOutputLength(); if (signature.size() != sigLen) return false; DSA_SIG* sig = DSA_SIG_new(); if (sig == NULL) return false; const unsigned char *s = signature.const_byte_str(); sig->r = BN_bin2bn(s, sigLen / 2, NULL); sig->s = BN_bin2bn(s + sigLen / 2, sigLen / 2, NULL); if (sig->r == NULL || sig->s == NULL) { DSA_SIG_free(sig); return false; } int dLen = originalData.size(); int ret = DSA_do_verify(originalData.const_byte_str(), dLen, sig, pk->getOSSLKey()); if (ret != 1) { if (ret < 0) ERROR_MSG("DSA verify failed (0x%08X)", ERR_get_error()); DSA_SIG_free(sig); return false; } DSA_SIG_free(sig); return true; } else { // Call the generic function return AsymmetricAlgorithm::verify(publicKey, originalData, signature, mechanism, param, paramLen); } }
// Decrypt the supplied data bool SecureDataManager::decrypt(const ByteString& encrypted, ByteString& plaintext) { // Check the object logged in state if ((!userLoggedIn && !soLoggedIn) || (maskedKey.size() != 32)) { return false; } // Do not attempt decryption of empty byte strings if (encrypted.size() == 0) { plaintext = ByteString(""); return true; } AESKey theKey(256); ByteString unmaskedKey; { MutexLocker lock(dataMgrMutex); unmask(unmaskedKey); theKey.setKeyBits(unmaskedKey); remask(unmaskedKey); } // Take the IV from the input data ByteString IV = encrypted.substr(0, aes->getBlockSize()); if (IV.size() != aes->getBlockSize()) { ERROR_MSG("Invalid IV in encrypted data"); return false; } ByteString finalBlock; if (!aes->decryptInit(&theKey, SymMode::CBC, IV) || !aes->decryptUpdate(encrypted.substr(aes->getBlockSize()), plaintext) || !aes->decryptFinal(finalBlock)) { return false; } plaintext += finalBlock; return true; }
bool OSSLDSA::verifyFinal(const ByteString& signature) { // Save necessary state before calling super class verifyFinal OSSLDSAPublicKey* pk = (OSSLDSAPublicKey*) currentPublicKey; if (!AsymmetricAlgorithm::verifyFinal(signature)) { return false; } ByteString hash; bool bFirstResult = pCurrentHash->hashFinal(hash); delete pCurrentHash; pCurrentHash = NULL; if (!bFirstResult) { return false; } // Perform the verify operation unsigned int sigLen = pk->getOutputLength(); if (signature.size() != sigLen) return false; DSA_SIG* sig = DSA_SIG_new(); if (sig == NULL) return false; const unsigned char *s = signature.const_byte_str(); sig->r = BN_bin2bn(s, sigLen / 2, NULL); sig->s = BN_bin2bn(s + sigLen / 2, sigLen / 2, NULL); if (sig->r == NULL || sig->s == NULL) { DSA_SIG_free(sig); return false; } int ret = DSA_do_verify(&hash[0], hash.size(), sig, pk->getOSSLKey()); if (ret != 1) { if (ret < 0) ERROR_MSG("DSA verify failed (0x%08X)", ERR_get_error()); DSA_SIG_free(sig); return false; } DSA_SIG_free(sig); return true; }
bool OSSLEVPHashAlgorithm::hashFinal(ByteString& hashedData) { if (!HashAlgorithm::hashFinal(hashedData)) { return false; } hashedData.resize(EVP_MD_size(getEVPHash())); unsigned int outLen = hashedData.size(); if (!EVP_DigestFinal_ex(curCTX, &hashedData[0], &outLen)) { ERROR_MSG("EVP_DigestFinal failed"); EVP_MD_CTX_free(curCTX); curCTX = NULL; return false; } hashedData.resize(outLen); EVP_MD_CTX_free(curCTX); curCTX = NULL; return true; }
bool OSSLGOST::verifyFinal(const ByteString& signature) { // Save necessary state before calling super class verifyFinal OSSLGOSTPublicKey* pk = (OSSLGOSTPublicKey*) currentPublicKey; if (!AsymmetricAlgorithm::verifyFinal(signature)) { return false; } // Perform the verify operation EVP_PKEY *pkey = pk->getOSSLKey(); int ret; if (pkey == NULL) { ERROR_MSG("Could not get the OpenSSL public key"); EVP_MD_CTX_cleanup(&curCTX); return false; } ret = EVP_VerifyFinal(&curCTX, signature.const_byte_str(), signature.size(), pkey); EVP_MD_CTX_cleanup(&curCTX); if (ret != 1) { if (ret < 0) ERROR_MSG("GOST verify failed (0x%08X)", ERR_get_error()); return false; } return true; }
// Create the Botan representation of the key void BotanEDPublicKey::createBotanKey() { if (ec.size() != 0 && a.size() != 0) { if (edkey) { delete edkey; edkey = NULL; } try { ByteString raw = DERUTIL::octet2Raw(a); size_t len = raw.size(); if (len == 0) return; std::vector<uint8_t> pub(len); memcpy(&pub[0], raw.const_byte_str(), len); Botan::OID oid = BotanUtil::byteString2Oid(ec); if (oid == x25519_oid) { edkey = new Botan::Curve25519_PublicKey(pub); } else if (oid == ed25519_oid) { edkey = new Botan::Ed25519_PublicKey(pub); } } catch (...) { ERROR_MSG("Could not create the Botan public key"); } } }
// Create the Botan representation of the key void BotanGOSTPublicKey::createBotanKey() { if (ec.size() != 0 && q.size() != 0) { if (eckey) { delete eckey; eckey = NULL; } try { /* The points are stored in little endian */ ByteString bPoint = q; const size_t length = bPoint.size() / 2; for (size_t i = 0; i < (length / 2); i++) { std::swap(bPoint[i], bPoint[length-1-i]); std::swap(bPoint[length+i], bPoint[2*length-1-i]); } ByteString p = "044104" + bPoint; Botan::EC_Group group = BotanUtil::byteString2ECGroup(ec); Botan::PointGFp point = BotanUtil::byteString2ECPoint(p, group); eckey = new Botan::GOST_3410_PublicKey(group, point); } catch (...) { ERROR_MSG("Could not create the Botan public key"); } } }
bool OSSLEVPMacAlgorithm::signFinal(ByteString& signature) { if (!MacAlgorithm::signFinal(signature)) { return false; } signature.resize(EVP_MD_size(getEVPHash())); unsigned int outLen = signature.size(); if (!HMAC_Final(&curCTX, &signature[0], &outLen)) { ERROR_MSG("HMAC_Final failed"); HMAC_CTX_cleanup(&curCTX); return false; } signature.resize(outLen); HMAC_CTX_cleanup(&curCTX); return true; }
bool BotanRSA::verifyFinal(const ByteString& signature) { if (!AsymmetricAlgorithm::verifyFinal(signature)) { return false; } // Perform the verify operation bool verResult; try { verResult = verifier->check_signature(signature.const_byte_str(), signature.size()); } catch (...) { ERROR_MSG("Could not check the signature"); delete verifier; verifier = NULL; return false; } delete verifier; verifier = NULL; return verResult; }
bool DHParameters::deserialise(ByteString& serialised) { ByteString dP = ByteString::chainDeserialise(serialised); ByteString dG = ByteString::chainDeserialise(serialised); if ((dP.size() == 0) || (dG.size() == 0)) { return false; } setP(dP); setG(dG); return true; }
bool OSSLDES::generateKey(SymmetricKey& key, RNG* rng /* = NULL */) { if (rng == NULL) { return false; } if (key.getBitLen() == 0) { return false; } ByteString keyBits; // don't count parity bit if (!rng->generateRandom(keyBits, key.getBitLen()/7)) { return false; } // fix the odd parity size_t i; for (i = 0; i < keyBits.size(); i++) { keyBits[i] = odd_parity[keyBits[i]]; } return key.setKeyBits(keyBits); }
bool ECPublicKey::deserialise(ByteString& serialised) { ByteString dEC = ByteString::chainDeserialise(serialised); ByteString dQ = ByteString::chainDeserialise(serialised); if ((dEC.size() == 0) || (dQ.size() == 0)) { return false; } setEC(dEC); setQ(dQ); return true; }
bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised) { ByteString dEC = ByteString::chainDeserialise(serialised); ByteString dD = ByteString::chainDeserialise(serialised); if ((dEC.size() == 0) || (dD.size() == 0)) { return false; } setEC(dEC); setD(dD); return true; }
// Setters for the GOST private key components void OSSLGOSTPrivateKey::setD(const ByteString& d) { GOSTPrivateKey::setD(d); EC_KEY* ec = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey); if (ec == NULL) { ByteString der = dummyKey; const unsigned char *p = &der[0]; if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p, (long) der.size()) == NULL) { ERROR_MSG("d2i_PrivateKey failed"); return; } ec = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey); } const BIGNUM* priv = OSSL::byteString2bn(d); if (EC_KEY_set_private_key(ec, priv) <= 0) { ERROR_MSG("EC_KEY_set_private_key failed"); return; } #ifdef notyet if (gost2001_compute_public(ec) <= 0) ERROR_MSG("gost2001_compute_public failed"); #endif }
// Set the SO PIN (requires either a blank SecureDataManager or the // SO to have logged in previously) bool SecureDataManager::setSOPIN(const ByteString& soPIN) { // Check the new PIN if (soPIN.size() == 0) { DEBUG_MSG("Zero length PIN specified"); return false; } // Check if the SO needs to be logged in if ((soEncryptedKey.size() > 0) && !soLoggedIn) { DEBUG_MSG("SO must be logged in to change the SO PIN"); return false; } // If no SO PIN was set, then this is a SecureDataManager for a blank token. This // means a new key has to be generated if (soEncryptedKey.size() == 0) { ByteString key; rng->generateRandom(key, 32); remask(key); } return pbeEncryptKey(soPIN, soEncryptedKey); }
int luatpt_getscript(lua_State* l) { int scriptID = luaL_checkinteger(l, 1); const char *filename = luaL_checkstring(l, 2); int runScript = luaL_optint(l, 3, 0); int confirmPrompt = luaL_optint(l, 4, 1); ByteString url = ByteString::Build(SCHEME "starcatcher.us/scripts/main.lua?get=", scriptID); if (confirmPrompt && !ConfirmPrompt::Blocking("Do you want to install script?", url.FromUtf8(), "Install")) return 0; int ret; ByteString scriptData = http::Request::Simple(url, &ret); if (!scriptData.size() || !filename) { return luaL_error(l, "Server did not return data"); } if (ret != 200) { return luaL_error(l, http::StatusText(ret).ToUtf8().c_str()); } if (!strcmp(scriptData.c_str(), "Invalid script ID\r\n")) { return luaL_error(l, "Invalid Script ID"); } FILE *outputfile = fopen(filename, "r"); if (outputfile) { fclose(outputfile); outputfile = NULL; if (!confirmPrompt || ConfirmPrompt::Blocking("File already exists, overwrite?", ByteString(filename).FromUtf8(), "Overwrite")) { outputfile = fopen(filename, "wb"); } else { return 0; } } else { outputfile = fopen(filename, "wb"); } if (!outputfile) { return luaL_error(l, "Unable to write to file"); } fputs(scriptData.c_str(), outputfile); fclose(outputfile); outputfile = NULL; if (runScript) { luaL_dostring(l, ByteString::Build("dofile('", filename, "')").c_str()); } return 0; }
// Verification functions bool OSSLGOST::verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param /* = NULL */, const size_t paramLen /* = 0 */) { if (mechanism == AsymMech::GOST) { // Separate implementation for GOST verification without hash computation // Check if the private key is the right type if (!publicKey->isOfType(OSSLGOSTPublicKey::type)) { ERROR_MSG("Invalid key type supplied"); return false; } // Perform the verification operation OSSLGOSTPublicKey* osslKey = (OSSLGOSTPublicKey*) publicKey; EVP_PKEY* pkey = osslKey->getOSSLKey(); if (pkey == NULL) { ERROR_MSG("Could not get the OpenSSL public key"); return false; } EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey,NULL); if (ctx == NULL) { ERROR_MSG("EVP_PKEY_CTX_new failed"); return false; } if (EVP_PKEY_verify_init(ctx) <= 0) { ERROR_MSG("EVP_PKEY_verify_init failed"); EVP_PKEY_CTX_free(ctx); return false; } int ret = EVP_PKEY_verify(ctx, signature.const_byte_str(), signature.size(), originalData.const_byte_str(), originalData.size()); EVP_PKEY_CTX_free(ctx); if (ret != 1) { if (ret < 0) ERROR_MSG("GOST verify failed (0x%08X)", ERR_get_error()); return false; } return true; } else { // Call the generic function return AsymmetricAlgorithm::verify(publicKey, originalData, signature, mechanism, param, paramLen); } }
/** * Send a RDM request to the widget */ bool RobeWidgetImpl::PackAndSendRDMRequest(uint8_t label, const RDMRequest *request) { ByteString frame; if (!RDMCommandSerializer::Pack(*request, &frame)) { return false; } frame.append(RDM_PADDING_BYTES, 0); return SendMessage(label, frame.data(), frame.size()); }