void Address::encode_address(uint64_t version, uint64_t stream, const SecureVector& ripe)
{
if(ripe.size() != 20)
throw SizeException(__FILE__, __FUNCTION__, __LINE__, "The ripe length is not 20");
SecureVector ripex;
if(ripe[0] == 0x00 && ripe[1] == 0x00)
std::copy(ripe.begin() + 2, ripe.end(), std::back_inserter(ripex));
else if(ripe[0] == 0x00)
std::copy(ripe.begin() + 1, ripe.end(), std::back_inserter(ripex));
else ripex = ripe;
SecureVector bm_addr = encode::varint(version);
bm_addr += encode::varint(stream);
bm_addr += ripex;
SecureVector checksum = hash::sha512(hash::sha512(bm_addr));
std::copy(checksum.begin(), checksum.begin() + 4, std::back_inserter(bm_addr));
m_address = encode::base58(bm_addr);
}
int main()
{
Botan::LibraryInitializer init;
AutoSeeded_RNG rng;
std::string passphrase = "secret";
std::ifstream infile("readme.txt");
std::ofstream outfile("readme.txt.enc");
PKCS5_PBKDF2 pbkdf2(new HMAC(new SHA_160));
pbkdf2.set_iterations(4096);
pbkdf2.new_random_salt(rng, 8);
SecureVector<byte> the_salt = pbkdf2.current_salt();
SecureVector<byte> master_key = pbkdf2.derive_key(48, passphrase).bits_of();
KDF* kdf = get_kdf("KDF2(SHA-1)");
SymmetricKey key = kdf->derive_key(20, master_key, "cipher key");
SymmetricKey mac_key = kdf->derive_key(20, master_key, "hmac key");
InitializationVector iv = kdf->derive_key(8, master_key, "cipher iv");
Pipe pipe(new Fork(
new Chain(
get_cipher("Blowfish/CBC/PKCS7", key, iv, ENCRYPTION),
new Base64_Encoder,
new DataSink_Stream(outfile)
),
new Chain(
new MAC_Filter("HMAC(SHA-1)", mac_key),
new Hex_Encoder)
)
);
outfile.write((const char*)the_salt.begin(), the_salt.size());
pipe.start_msg();
infile >> pipe;
pipe.end_msg();
SecureVector<byte> hmac = pipe.read_all(1);
outfile.write((const char*)hmac.begin(), hmac.size());
}
int main()
{
Botan::LibraryInitializer init;
try {
X509_Certificate mycert("mycert.pem");
X509_Certificate mycert2("mycert2.pem");
X509_Certificate yourcert("yourcert.pem");
X509_Certificate cacert("cacert.pem");
X509_Certificate int_ca("int_ca.pem");
AutoSeeded_RNG rng;
X509_Store store;
store.add_cert(mycert);
store.add_cert(mycert2);
store.add_cert(yourcert);
store.add_cert(int_ca);
store.add_cert(cacert, true);
const std::string msg = "prioncorp: we don't toy\n";
CMS_Encoder encoder(msg);
encoder.compress("Zlib");
encoder.digest();
encoder.encrypt(rng, mycert);
/*
PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", rng, "cut");
encoder.sign(store, *mykey);
*/
SecureVector<byte> raw = encoder.get_contents();
std::ofstream out("out.der");
out.write((const char*)raw.begin(), raw.size());
}
catch(std::exception& e)
{
std::cerr << e.what() << std::endl;
}
return 0;
}
QByteArray SshAbstractCryptoFacility::generateHash(const SshKeyExchange &kex,
char c, quint32 length)
{
const QByteArray &k = kex.k();
const QByteArray &h = kex.h();
QByteArray data(k);
data.append(h).append(c).append(m_sessionId);
SecureVector<byte> key
= kex.hash()->process(convertByteArray(data), data.size());
while (key.size() < length) {
SecureVector<byte> tmpKey;
tmpKey += SecureVector<byte>(convertByteArray(k), k.size());
tmpKey += SecureVector<byte>(convertByteArray(h), h.size());
tmpKey += key;
key += kex.hash()->process(tmpKey);
}
return QByteArray(reinterpret_cast<const char *>(key.begin()), length);
}
bool password_hash_ok(const std::string& pass, const std::string& hash)
{
Pipe pipe(new Base64_Decoder);
pipe.start_msg();
pipe.write(hash);
pipe.end_msg();
SecureVector<byte> hash_bin = pipe.read_all();
PKCS5_PBKDF2 kdf(new HMAC(new SHA_160));
kdf.set_iterations(10000);
kdf.change_salt(hash_bin, 6);
SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of();
return same_mem(cmp.begin(), hash_bin.begin() + 6, 12);
}
void ne7ssh_string::bn2vector(Botan::SecureVector<Botan::byte>& result, const Botan::BigInt& bi)
{
int high;
Botan::byte zero = '\0';
SecureVector<Botan::byte> strVector = BigInt::encode(bi);
high = (*(strVector.begin()) & 0x80) ? 1 : 0;
if (high)
{
result = SecureVector<Botan::byte>(&zero, 1);
}
else
{
result.clear();
}
result += strVector;
}
bool ne7ssh_keys::getKeyPairFromFile (const char* privKeyFileName)
{
ne7ssh_string privKeyStr;
char* buffer;
uint32 pos, i, length;
if (!privKeyStr.addFile (privKeyFileName))
{
ne7ssh::errors()->push (-1, "Cannot read PEM file: '%s'. Permission issues?", privKeyFileName);
return false;
}
buffer = (char*) malloc (privKeyStr.length() + 1);
memcpy (buffer, (const char*)privKeyStr.value().begin(), privKeyStr.length());
buffer[privKeyStr.length()] = 0x0;
length = privKeyStr.length();
for (i = pos = 0; i < privKeyStr.length(); i++)
{
if (isspace(buffer[i]))
{
while (i < privKeyStr.length() && isspace (buffer[i]))
{
if (buffer[pos] != '\n')
buffer[pos] = buffer[i];
if (++i >= privKeyStr.length()) break;
}
i--;
pos++;
continue;
}
buffer[pos] = buffer[i];
pos++;
}
buffer[pos] = 0x00;
length = pos;
if ((memcmp (buffer, "-----BEGIN", 10)) ||
(memcmp (buffer + length - 17, "PRIVATE KEY-----", 16)))
{
ne7ssh::errors()->push (-1, "Encountered unknown PEM file format. Perhaps not an SSH private key file: '%s'.", privKeyFileName);
free (buffer);
return false;
}
if (!memcmp (buffer, "-----BEGIN RSA PRIVATE KEY-----", 31))
this->keyAlgo = ne7ssh_keys::RSA;
else if (!memcmp (buffer, "-----BEGIN DSA PRIVATE KEY-----", 31))
this->keyAlgo = ne7ssh_keys::DSA;
else
{
ne7ssh::errors()->push (-1, "Encountered unknown PEM file format. Perhaps not an SSH private key file: '%s'.", privKeyFileName);
free (buffer);
return false;
}
SecureVector<Botan::byte> keyVector ((Botan::byte*)buffer, length);
free (buffer);
switch (this->keyAlgo)
{
case DSA:
if (!getDSAKeys ((char*)keyVector.begin(), keyVector.size()))
return false;
break;
case RSA:
if (!getRSAKeys ((char*)keyVector.begin(), keyVector.size()))
return false;
break;
}
return true;
}