std::size_t genKeyIv(char* _chunk) { char* chunk = _chunk; CryptoPP::AutoSeededRandomPool rnd; { CryptoPP::SecByteBlock key(0x00, CryptoPP::AES::DEFAULT_KEYLENGTH); rnd.GenerateBlock(key, key.size()); byte iv[CryptoPP::AES::BLOCKSIZE]; rnd.GenerateBlock(iv, sizeof(iv)); setEncKeyWithIv(key.data(), key.SizeInBytes(), iv, sizeof(iv)); std::memcpy(chunk, key.data(), key.SizeInBytes()); chunk += key.SizeInBytes(); std::memcpy(chunk, iv, sizeof(iv)); chunk += sizeof(iv); } { CryptoPP::SecByteBlock key(0x00, CryptoPP::AES::DEFAULT_KEYLENGTH); rnd.GenerateBlock(key, key.size()); byte iv[CryptoPP::AES::BLOCKSIZE]; rnd.GenerateBlock(iv, sizeof(iv)); setDecKeyWithIv(key.data(), key.SizeInBytes(), iv, sizeof(iv)); std::memcpy(chunk, key.data(), key.SizeInBytes()); chunk += key.SizeInBytes(); std::memcpy(chunk, iv, sizeof(iv)); chunk += sizeof(iv); } return chunk - _chunk; }
bool Session::do_key_exchange() { aes_buffer aes_tmp; CryptoPP::AutoSeededRandomPool prng; prng.GenerateBlock(this->aes.key, sizeof(aes_key)); prng.GenerateBlock(this->aes.iv, sizeof(aes_iv)); std::memcpy(&aes_tmp, &this->aes, sizeof(aes_buffer)); CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption encryptor(aes_hard_key, sizeof(aes_key), aes_hard_iv); encryptor.ProcessData((uint8_t*)&aes_tmp, (uint8_t const*)&this->aes, sizeof(aes_buffer)); return (write(this->fd, &aes_tmp, sizeof(aes_buffer)) > 0); }
void VhsmTest::testMac() { VHSM vhsm; ClientId cid; cid.pid = 0; cid.veid = 0; std::string user = "******"; std::string password = "******"; unsigned int mdsize; char msg[BUF_SIZE]; std::vector<char> md; CryptoPP::AutoSeededRandomPool rnd; rnd.GenerateBlock((byte*)msg, BUF_SIZE); byte realmd[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE]; CryptoPP::HMAC<CryptoPP::SHA1>((byte*)"", 0).CalculateDigest(realmd, (byte*)msg, BUF_SIZE); VhsmSession s = vhsm.openSession(cid); CPPUNIT_ASSERT_MESSAGE("login user failed", vhsm.loginUser(user, password, s.sid())); CPPUNIT_ASSERT_MESSAGE("macInit failed", vhsm.macInit(HMAC, SHA1, s.sid(), "") == ERR_NO_ERROR); CPPUNIT_ASSERT_MESSAGE("unsupported method accepted", vhsm.macInit((VhsmMacMechanismId)0, (VhsmDigestMechanismId)0, s.sid(), "") == ERR_BAD_MAC_METHOD); CPPUNIT_ASSERT_MESSAGE("macUpdate failed", vhsm.macUpdate(s.sid(), std::string(msg, BUF_SIZE)) == ERR_NO_ERROR); CPPUNIT_ASSERT_MESSAGE("invalid session id accepted", vhsm.macUpdate(s.sid() + 1, std::string(msg, BUF_SIZE)) == ERR_MAC_NOT_INITIALIZED); CPPUNIT_ASSERT_MESSAGE("macGetSize failed", vhsm.macGetSize(s.sid(), &mdsize) == ERR_NO_ERROR); CPPUNIT_ASSERT_MESSAGE("wrong size returned", mdsize == CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE); CPPUNIT_ASSERT_MESSAGE("invalid session id accepted", vhsm.macGetSize(s.sid() + 1, &mdsize) == ERR_MAC_NOT_INITIALIZED); CPPUNIT_ASSERT_MESSAGE("macFinal failed", vhsm.macFinal(s.sid(), md) == ERR_NO_ERROR); CPPUNIT_ASSERT_MESSAGE("double digest finalization", vhsm.macFinal(s.sid(), md) == ERR_MAC_NOT_INITIALIZED); CPPUNIT_ASSERT_MESSAGE("wrong digest", memcmp(realmd, md.data(), CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE) == 0); CPPUNIT_ASSERT_MESSAGE("close session failed", vhsm.closeSession(cid, s)); }
void securityInfo::setPassword(const std::string &pw){ password=pw; CryptoPP::PKCS5_PBKDF2_HMAC<CryptoPP::SHA1> pbkdf; CryptoPP::AutoSeededRandomPool rng; rng.GenerateBlock(pwsalt,pwsalt.size()); icpw=pbkdf.DeriveKey( key, key.size(), 0x00, (byte *) password.data(), password.size(), pwsalt, pwsalt.size(), 0,0.5); iciv=pbkdf.DeriveKey(iv, iv.size(), 0x00,(byte *) password.data(), password.size(), pwsalt, pwsalt.size(), 0,0.5); }
void generateRandomKey(std::string name, byte* key, long unsigned int length) { CryptoPP::AutoSeededRandomPool prng; //byte key[CryptoPP::AES::DEFAULT_KEYLENGTH]; prng.GenerateBlock(key, length); std::string encoded; CryptoPP::StringSource(key, length, true, new CryptoPP::HexEncoder( new CryptoPP::StringSink(encoded) ) // HexEncoder ); // StringSource std::ofstream outfile; std::string keyFile = "keys/" + name + ".key"; std::ofstream file_out(keyFile.c_str()); if(file_out.is_open()) { file_out << encoded; } //end if valid outfstream file_out.close(); }
SecureBinaryData SecureBinaryData::GenerateRandom(uint32_t numBytes) { static CryptoPP::AutoSeededRandomPool prng; SecureBinaryData randData(numBytes); prng.GenerateBlock(randData.getPtr(), numBytes); return randData; }
// -------------------------------------------------------------------------- document::document () : node(std::shared_ptr<document>(this, [](document*){})), m_implementation(m_document) // -------------------------------------------------------------------------- { m_html = false; m_mode = no_quirks_mode; m_content_type = "application/xml"; m_encoding = "utf-8"; m_url = "about:blank"; if (global_object) { m_origin = global_object->m_document->m_origin; m_script_origin = global_object->m_document->m_script_origin; } else { // Default is a globally unique identifier. // We'll just generate 32 random bytes as the ID. CryptoPP::AutoSeededRandomPool rng; CryptoPP::HexEncoder enc; byte bin[32]; char hex[64]; rng.GenerateBlock(bin, 32); enc.PutMessageEnd(bin, 32); enc.Get(reinterpret_cast<byte*>(hex), 64); m_origin = hex; m_script_origin = m_origin; } }
static std::string generateChallenge() { CryptoPP::AutoSeededRandomPool prng; CryptoPP::SecByteBlock seed(16); prng.GenerateBlock(seed, seed.size()); std::string challenge; CryptoPP::ArraySource(seed, seed.size(), true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(challenge))); return challenge; }
uint64_t generateWord64() { static CryptoPP::AutoSeededRandomPool rng; uint64_t random; rng.GenerateBlock(reinterpret_cast<unsigned char*>(&random), 8); return random; }
std::string I2PControlSession::generateToken() const { byte random_data[I2P_CONTROL_TOKEN_SIZE] = {}; CryptoPP::AutoSeededRandomPool rng; rng.GenerateBlock(random_data, I2P_CONTROL_TOKEN_SIZE); std::string token; CryptoPP::StringSource ss( random_data, I2P_CONTROL_TOKEN_SIZE, true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(token)) ); return token; }
bool encryptPacket(char* packet, byte* aes_key) { try { std::string plaintext(packet); //Decode the key from the file GCM< AES >::Encryption p; //iv will help us with keying out cipher //it is also randomly generated byte iv[ AES::BLOCKSIZE ]; CryptoPP::AutoSeededRandomPool prng; prng.GenerateBlock( iv, sizeof(iv) ); //Merge the iv and key p.SetKeyWithIV( aes_key, CryptoPP::AES::DEFAULT_KEYLENGTH, iv, sizeof(iv) ); //Encode the IV std::string encoded_iv; CryptoPP::StringSource(iv, sizeof(iv), true, new CryptoPP::HexEncoder( new CryptoPP::StringSink(encoded_iv) ) // HexEncoder ); //Create the ciphertext from the plaintext std::string ciphertext; CryptoPP::StringSource(plaintext, true, new CryptoPP::AuthenticatedEncryptionFilter(p, new CryptoPP::StringSink(ciphertext) ) ); //Encode the cipher to be sent std::string encodedCipher; CryptoPP::StringSource(ciphertext, true, new CryptoPP::HexEncoder( new CryptoPP::StringSink(encodedCipher) ) // HexEncoder ); //replace the packet with the econded ciphertext strcpy(packet, (encoded_iv+encodedCipher).c_str()); packet[(encoded_iv+encodedCipher).size()] = '\0'; //printf("Encrypted packet size: %d\n", (int)strlen(packet)); } catch(std::exception e) { return false; } return true; } //end encryptPacket function
bool SecTpmFile::generateRandomBlock(uint8_t* res, size_t size) { try { CryptoPP::AutoSeededRandomPool rng; rng.GenerateBlock(res, size); return true; } catch (const CryptoPP::Exception& e) { return false; } }
QByteArray encrypt(QByteArray in) { byte iv[CryptoPP::AES::BLOCKSIZE]; rnd.GenerateBlock(iv, CryptoPP::AES::BLOCKSIZE); QByteArray out = QByteArray((char*)iv, CryptoPP::AES::BLOCKSIZE); int inputSize = in.size(); string cipher; CBC_Mode<AES>::Encryption aes(keyByte(), keySize(), iv); ArraySource((byte *)in.data(), inputSize, true, new StreamTransformationFilter(aes, new StringSink(cipher))); QByteArray encryptedBytes = QByteArray(cipher.c_str(), cipher.size()); out.append(encryptedBytes); return out; }
void Container::set_seed(CryptoPP::SecByteBlock seed) { seed_ = seed; CryptoPP::AutoSeededRandomPool prng; CryptoPP::SecByteBlock t(seed.size()); prng.GenerateBlock(t, t.size()); for (auto p : mtl::count_until(t.size())) { seed_[p] ^= t[p]; } prng_.IncorporateEntropy(seed_, seed_.size()); //enhance pw for (auto b : seed) { enhanced_passphrase_.push_back(b); } }
int s3fs_encrypt(int fd, byte *key) { //randomly generate iv CryptoPP::AutoSeededRandomPool prng; byte iv[CryptoPP::AES::BLOCKSIZE]; prng.GenerateBlock(iv, sizeof(iv)); string rawiv(reinterpret_cast<char*>(iv), CryptoPP::AES::BLOCKSIZE), striv; CryptoPP::StringSource s2(rawiv, true, new CryptoPP::HexEncoder( new CryptoPP::StringSink(striv) ) ); //read file into char array int flength = lseek(fd, 0, SEEK_END); unsigned char* fcontents; fcontents = (unsigned char*) calloc(flength, sizeof(char)); pread(fd, fcontents, flength, 0); string plain(reinterpret_cast<char*>(fcontents), flength); //encrypt plaintext into ciphertext string cipher; CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption e; e.SetKeyWithIV(key, CryptoPP::AES::DEFAULT_KEYLENGTH, iv); CryptoPP::StringSource ss(plain, true, new CryptoPP::StreamTransformationFilter(e, new CryptoPP::HexEncoder( new CryptoPP::StringSink(cipher) ) ) ); //write iv and encrypted data to file string output = striv+cipher; const char *buf = output.c_str(); pwrite(fd, buf, output.length(), 0); ftruncate(fd, output.length()); return 0; }
void Pbkdf2::Work() { static const unsigned _PBKDF2_BYTE_ = 512 / 8; boost::chrono::steady_clock::time_point start = boost::chrono::steady_clock::now(); CryptoPP::SecByteBlock byte_Derived(_PBKDF2_BYTE_); CryptoPP::PKCS5_PBKDF2_HMAC<CryptoPP::Whirlpool> pbkdf2; if(h_Worker == PBKDF2_GENERATE) { CryptoPP::SecByteBlock byte_Salt(_PBKDF2_BYTE_); CryptoPP::AutoSeededRandomPool RNG; RNG.GenerateBlock(byte_Salt, byte_Salt.size()); CryptoPP::ArraySource(byte_Salt, byte_Salt.size(), true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(h_Salt))); pbkdf2.DeriveKey(byte_Derived, byte_Derived.size(), 0x0, reinterpret_cast<const byte *>(h_Key.data()), h_Key.size(), reinterpret_cast<const byte *>(h_Salt.data()), h_Salt.size(), h_Iterations, 0); CryptoPP::ArraySource(byte_Derived, byte_Derived.size(), true, new CryptoPP::HexEncoder(new CryptoPP::StringSink(h_Hash))); } else if(h_Worker == PBKDF2_VALIDATE) { pbkdf2.DeriveKey(byte_Derived, byte_Derived.size(), 0x0, reinterpret_cast<const byte *>(h_Key.data()), h_Key.size(), reinterpret_cast<const byte *>(h_Salt.data()), h_Salt.size(), h_Iterations, 0); CryptoPP::SecByteBlock byte_Validate(_PBKDF2_BYTE_); CryptoPP::StringSource(h_Hash, true, new CryptoPP::HexDecoder(new CryptoPP::ArraySink(byte_Validate, byte_Validate.size()))); // Length-constant comparison. unsigned diff = _PBKDF2_BYTE_ ^ _PBKDF2_BYTE_; for(unsigned i = 0; i < _PBKDF2_BYTE_; ++i) { diff |= byte_Derived[i] ^ byte_Validate[i]; } h_Equal = diff == 0; } boost::chrono::steady_clock::duration duration = boost::chrono::steady_clock::now() - start; h_ExecTime = static_cast<unsigned>(boost::chrono::duration_cast<boost::chrono::milliseconds>(duration).count()); }
QByteArray generateKey() { byte key[32]; rnd.GenerateBlock(key, 32); return UCharArrayToQByteArray(key, 32); }
void CUTPSocketListner::Send(const byte* Buff, size_t uSize, const struct sockaddr* sa, socklen_t sa_len, uint8 Type) { TKeyMap::iterator I = m_SendKeys.find((struct sockaddr*)sa); if(I == m_SendKeys.end()) return; I->second->LastActivity = GetCurTick(); ASSERT(I->second->PassKey); if(uSize > 0xFFFF - 0x80) { ASSERT(0); return; } bool SendKey = false; int PadLen = 16; if(Type == 1) // if its a UTP packet lets be a bit smart { ASSERT(uSize >= 4); UUtpHdr UtpHdr; UtpHdr.Bits = *((uint32*)Buff); if(UtpHdr.Fields.type == 4) // ST_SYN SendKey = true; // we always send the passked on y UTP Sync packet if(UtpHdr.Fields.type == 0) // ST_DATA PadLen = 0; // we dont needto padd data frames as tahy may already on thair own have a random size } else //if(!I->second->bAck) // if we are not talking UDT lets always send the key just to be sure SendKey = true; char Buffer[0xFFFF]; byte* pBuffer = (byte*)Buffer; size_t uLength = 0; CryptoPP::AutoSeededRandomPool rng; uint32 Rand = 0; rng.GenerateBlock((byte*)&Rand, sizeof(uint32)); UHdr Hdr; Hdr.Fields.Type = Type; Hdr.Fields.Reserved = 0; Hdr.Fields.Discard = 0; // total drop ist (n+1)*256 if(uSize >= 10 * 1024) Hdr.Fields.Discard = 3; // discard only 1024 key bytes in total for large packets Hdr.Fields.HasKey = SendKey; if(PadLen) PadLen = (rand() % (PadLen + 1)) & 0x3F; // ensure 64 bytes are available for optional footer entries Hdr.Fields.PadLen = PadLen; //if(Hdr.Fields.Reserved != 0) // Hdr.Fields.PadLen += 4; memcpy(pBuffer + uLength, &Rand, sizeof(uint32)); uLength += 4; memcpy(pBuffer + uLength, &Hdr.Bits, sizeof(uint32)); uLength += 4; if(Hdr.Fields.HasKey) { memcpy(pBuffer + uLength, &m_RecvKey, sizeof(uint64)); uLength += 8; } memcpy(pBuffer + uLength, Buff, uSize); uLength += uSize; //if(Hdr.Fields.Reserved != 0) { // memcpy(pBuffer + uLength, NEO_MAGIC, 4); uLength += 4; } if(PadLen > 0) { rng.GenerateBlock(pBuffer + uLength, PadLen); uLength += PadLen; } CryptoPP::Weak1::MD5 md5; md5.Update((byte*)&Rand, sizeof(Rand)); md5.Update((byte*)&I->second->PassKey, sizeof(uint64)); byte Hash[16]; md5.Final(Hash); //#ifdef _DEBUG // LogLine(LOG_INFO | LOG_DEBUG, L"Send to %s PassKey %I64u -> %s", // CSafeAddress(sa, sa_len, sa_len == sizeof(sockaddr_in) ? CSafeAddress::eUTP_IP4 : CSafeAddress::eUTP_IP6).ToString().c_str(), // I->second->PassKey, ToHex(Hash, 16).c_str()); //#endif CryptoPP::Weak::ARC4::Encryption RC4; RC4.SetKey(Hash, 16); RC4.DiscardBytes(256); RC4.ProcessData(pBuffer + 4, pBuffer + 4, 4); if(Hdr.Fields.Discard) RC4.DiscardBytes(Hdr.Fields.Discard * 256); RC4.ProcessData(pBuffer + 8, pBuffer + 8, uLength - 8); sendto(m_Socket, Buffer, (int)uLength, 0, (struct sockaddr*)sa, sa_len); }
void Key::generate(){ byte key[keySize]; CryptoPP::AutoSeededRandomPool prng; prng.GenerateBlock(key, keySize); this->key.insert(this->key.begin(), &key[0], &key[keySize]); }