uint32 FOnlineSessionNull::FindLANSession()
{
	uint32 Return = ERROR_IO_PENDING;

	// Recreate the unique identifier for this client
	GenerateNonce((uint8*)&LANSessionManager.LanNonce, 8);

	FOnValidResponsePacketDelegate ResponseDelegate = FOnValidResponsePacketDelegate::CreateRaw(this, &FOnlineSessionNull::OnValidResponsePacketReceived);
	FOnSearchingTimeoutDelegate TimeoutDelegate = FOnSearchingTimeoutDelegate::CreateRaw(this, &FOnlineSessionNull::OnLANSearchTimeout);

	FNboSerializeToBufferNull Packet(LAN_BEACON_MAX_PACKET_SIZE);
	LANSessionManager.CreateClientQueryPacket(Packet, LANSessionManager.LanNonce);
	if (LANSessionManager.Search(Packet, ResponseDelegate, TimeoutDelegate) == false)
	{
		Return = E_FAIL;

		FinalizeLANSearch();

		CurrentSessionSearch->SearchState = EOnlineAsyncTaskState::Failed;
		
		// Just trigger the delegate as having failed
		TriggerOnFindSessionsCompleteDelegates(false);
	}
	return Return;
}
Exemplo n.º 2
0
void Mac::ProcessTransmitSecurity(void)
{
    uint8_t securityLevel;
    uint8_t nonce[kNonceSize];
    uint8_t tagLength;
    Crypto::AesCcm aesCcm;

    if (mSendFrame.GetSecurityEnabled() == false)
    {
        ExitNow();
    }

    mSendFrame.GetSecurityLevel(securityLevel);
    mSendFrame.SetFrameCounter(mKeyManager.GetMacFrameCounter());

    mSendFrame.SetKeyId((mKeyManager.GetCurrentKeySequence() & 0x7f) + 1);

    GenerateNonce(mExtAddress, mKeyManager.GetMacFrameCounter(), securityLevel, nonce);

    aesCcm.SetKey(mKeyManager.GetCurrentMacKey(), 16);
    tagLength = mSendFrame.GetFooterLength() - Frame::kFcsSize;

    aesCcm.Init(mSendFrame.GetHeaderLength(), mSendFrame.GetPayloadLength(), tagLength,
                nonce, sizeof(nonce));

    aesCcm.Header(mSendFrame.GetHeader(), mSendFrame.GetHeaderLength());
    aesCcm.Payload(mSendFrame.GetPayload(), mSendFrame.GetPayload(), mSendFrame.GetPayloadLength(), true);
    aesCcm.Finalize(mSendFrame.GetFooter(), &tagLength);

    mKeyManager.IncrementMacFrameCounter();

exit:
    {}
}
Exemplo n.º 3
0
            //-----------------------------------------------------------
            //-----------------------------------------------------------
            std::string GenerateAuthorisationHeader(RequestType in_requestType, const std::string& in_url, const std::string& in_rawData, const std::string& in_consumerKey, const std::string& in_consumerSecret,
                                                    const std::string& in_oauthToken, const std::string& in_oauthTokenSecret, const std::string& in_oauthVerifier)
            {
                std::string pureUrl = in_url;

                //If URL itself contains "?key=value", then extract and put them in map
                size_t position = pureUrl.find_first_of("?");
                std::unordered_map<std::string, std::string> urlParams;
                if(std::string::npos != position)
                {
                    //Get only URL
                    pureUrl = in_url.substr(0, position);
                    
                    //Get only key=value data part
                    std::string dataPart = in_url.substr(position + 1);
                    
                    //This dataPart can contain many key value pairs: key1=value1&key2=value2&key3=value3
                    size_t sep = std::string::npos;
                    size_t position2 = std::string::npos;
                    std::string dataKeyVal;
                    std::string dataKey;
                    std::string dataVal;
                    while(std::string::npos != (sep = dataPart.find_first_of("&")))
                    {
                        //Extract first key=value pair
                        dataKeyVal = dataPart.substr(0, sep);
                        
                        //Split them
                        position2 = dataKeyVal.find_first_of("=");
                        if(std::string::npos != position2)
                        {
                            dataKey = dataKeyVal.substr(0, position2);
                            dataVal = dataKeyVal.substr(position2 + 1);
                            
                            //Put this key=value pair in map
                            urlParams[dataKey] = StringUtils::URLEncode(dataVal);
                        }
                        dataPart = dataPart.substr(sep + 1);
                    }
                    
                    //For the last key=value
                    dataKeyVal = dataPart.substr(0, sep);
                    
                    //Split them
                    position2 = dataKeyVal.find_first_of("=");
                    if(std::string::npos != position2)
                    {
                        dataKey = dataKeyVal.substr(0, position2);
                        dataVal = dataKeyVal.substr(position2 + 1);
                        
                        //Put this key=value pair in map
                        urlParams[dataKey] = StringUtils::URLEncode(dataVal);
                    }
                }
                
                //Generate nonce and timestamp if required
                TimeIntervalSecs timestamp = (TimeIntervalSecs)time(0);
                std::string nonce = GenerateNonce(timestamp);
                std::string timestampString = Core::ToString(timestamp);
                
                //Build key-value pairs needed for OAuth request token, without signature
                BuildOAuthTokenKeyValuePairs(in_rawData, "", timestampString, nonce, in_consumerKey, in_oauthToken, in_oauthVerifier, urlParams);
                
                //Get url encoded base64 signature using request type, url and parameters
                std::string oauthSignature = GetSignature(in_requestType, pureUrl, in_consumerSecret, in_oauthTokenSecret, urlParams);
                
                //Now, again build key-value pairs with signature this time
                BuildOAuthTokenKeyValuePairs("", oauthSignature, timestampString, nonce, in_consumerKey, in_oauthToken, in_oauthVerifier, urlParams);
                
                //Get OAuth header in string format
                std::string strRawParams = GetStringFromOAuthKeyValuePairs(urlParams, ",");
                
                //Build authorization header
                return k_authHeader + strRawParams;
            }
Exemplo n.º 4
0
int crypto_aead_encrypt_no_nonce(
       unsigned char *c,unsigned long long *clen,
       const unsigned char *m,unsigned long long mlen,
       const unsigned char *ad,unsigned long long adlen,
       const unsigned char *nsec,
       unsigned char *npub,
       const unsigned char *k
     )
	 //Generates nonce out of plaintext and AD and put it into npub

     {
		 Init();//Initializing GF(256) multiplication table for AES

		 if(clen==NULL)
			 return -1;
		 if((mlen==0) && (adlen==0))
		 {
			 *clen=0;
			 return 0;
		 }

		 //Assume that we do encryption and/or authentication so we need a key and a ciphertext pointer valid
		 if( (k==NULL) || (c==NULL) )
			 return -2;

		GenerateNonce(npub,m,mlen,ad,adlen,k);

		 //Initializing constants
		unsigned char D0[2];
		D0[0] = CRYPTO_NPUBBYTES*8; //nonce length in bits, zero for 256-bit nonce
		D0[1] = CRYPTO_KEYBYTES*8; //key length in bits
		(*clen)=0;
		 
		 //Block variables
		 unsigned char BlockInput[64];  //V1 - input to the first layer call of F
			 unsigned char BlockMiddle[64];  //W1 - output of the first layer call of F
			 unsigned char BlockOutput[64];  //Y1 - output of the second layer call of F
			
		 unsigned char BlockLastInput[64];  //Z1 - input to the last call of F
		 memset(BlockLastInput,0,64);
		 unsigned char Tag[64]; //Tag output
		 
		 unsigned long long encrypted_bytes=0;//Encrypted bytes counter
		 

		 //Encryption part
		 if(mlen!=0)
		 {
			 if(m==NULL)
			 {
				 //Clearing variables
				for(unsigned i=0; i<64; ++i)
					BlockInput[i] = BlockMiddle[i] = BlockOutput[i] = BlockLastInput[i] = 0;
				return -3;
			 }
				 
			 unsigned long long mblock_counter=1;   //Message block counter
			 
			 while((mlen>0))
			 {
				 /* I. First layer */

				 //1. Domain-separation constant
				 BlockInput[1] = D0[1]; 
				 if(mlen>= CRYPTO_MBLOCK)
					 BlockInput[0] = D0[0];
				 else //Last incomplete block
					 BlockInput[0] = D0[0]+1;

				 //2. Counter
				 for(unsigned i=0; i<CRYPTO_COUNTERBYTES; ++i)
				 {
					 BlockInput[i+2] = (i<sizeof(mblock_counter))?(mblock_counter>>(8*i))&0xff :0;//copying counter bytewise
				 }
				 
				 //3. Nonce
				 for(unsigned i=0; i<CRYPTO_NPUBBYTES; ++i) 
				 {
					 BlockInput[i+2+CRYPTO_COUNTERBYTES] = npub[i];
				 }

				 //4. Key
				 for(unsigned i=0; i<CRYPTO_KEYBYTES; ++i) 
				 {
					 BlockInput[i+2+CRYPTO_COUNTERBYTES+CRYPTO_NPUBBYTES] = k[i];
				 }	 

				 //5. Permutation call
				 FPerm(BlockInput, BlockMiddle); //First layer call to F

				 /* II. Encryption*/

				 if(mlen>=CRYPTO_MBLOCK)//Full block encryption
				 {
					 for(unsigned i=0; i<CRYPTO_MBLOCK; ++i)
					 {
						 BlockMiddle[i+2] ^= m[encrypted_bytes+i];
						 c[encrypted_bytes+i] = BlockMiddle[i+2];
						 
					 }
					 BlockMiddle[1] =  D0[1];
					 BlockMiddle[0] = D0[0]+2;  //New Di constant

				 }

				 else //Last incomplete block
				 {
					 for(unsigned i=0; i<(unsigned)mlen; ++i)//Incomplete block Encryption
					 {
						 BlockMiddle[i+2] ^= m[encrypted_bytes+i];
						 c[encrypted_bytes+i] = BlockMiddle[i+2];						 
					 }
					 for(unsigned i=(unsigned)mlen; i<CRYPTO_MBLOCK; ++i)
					 {
						 BlockMiddle[i+2] ^=  (unsigned char)mlen;  //Extra Padding: extra bytes filled with the last block length in bytes
					 }

					 BlockMiddle[1] =  D0[1];
					 BlockMiddle[0] = D0[0]+3;  //New Di constant
				 }

				 //III. Second permutation call
				 //1. Call
				 FPerm(BlockMiddle, BlockOutput); //Second layer call to F
				 
				 //2. Buffer update
				 for(unsigned i=0; i<64-2-CRYPTO_KEYBYTES; ++i)//Adding the output to tag preparation buffer
				 {
					 BlockLastInput[i+2] ^= BlockOutput[i+2];
				 }


				 //Counters increment
				 mblock_counter++;
				 if(mlen>=CRYPTO_MBLOCK)
				 {					 
					 encrypted_bytes += CRYPTO_MBLOCK;
					 mlen-=CRYPTO_MBLOCK;
				 }
				 else 
				 {
					 encrypted_bytes += mlen;
					 mlen=0;
				 }
				 (*clen) = encrypted_bytes;
			 }
		 }

		//Associated data part	  
		if(adlen!=0)
		{
			if(ad==NULL)
			{
				//Clearing variables
				for(unsigned i=0; i<64; ++i)
					BlockInput[i] = BlockMiddle[i] = BlockOutput[i] = BlockLastInput[i] = 0;
				return -4;
			}

			 unsigned long long adblock_counter=1;   //AD block counter
			 unsigned long long auth_bytes=0;

			while(adlen>0)
			{
				//1. Constant
				BlockInput[1] = D0[1];
				if(adlen>= CRYPTO_ADBLOCK)
					 BlockInput[0] = D0[0]+4;
				 else //Last incomplete block
					 BlockInput[0] = D0[0]+5;


				//2. Counter
				for(unsigned i=0; i<CRYPTO_KEYBYTES; ++i)
					BlockInput[i+2] = (i<sizeof(adblock_counter))? (adblock_counter>>(8*i))&0xff:0;//copying counter bytewise

				//3. AD block
				if(adlen >= CRYPTO_ADBLOCK) //Filling AD block
				{
					for(unsigned i=0; i<CRYPTO_ADBLOCK; ++i)
						BlockInput[i+2+CRYPTO_KEYBYTES] = ad[auth_bytes+i];
					
				}
				else //Last incomplete block
				{
					for(unsigned i=0; i<adlen; ++i)
						BlockInput[i+2+CRYPTO_KEYBYTES] = ad[auth_bytes+i];
					for(unsigned i=(unsigned)adlen; i<CRYPTO_ADBLOCK; ++i)
						BlockInput[i+2+CRYPTO_KEYBYTES] = (unsigned char)adlen;
				}

				//4. Key
				for(unsigned i=0; i<CRYPTO_KEYBYTES; ++i) 
				{
					 BlockInput[i+CRYPTO_ADBLOCK+CRYPTO_KEYBYTES+2] = k[i];
				}
				

				//5.Call to the F permutation

				FPerm(BlockInput,BlockOutput);//Call to the F permutation

				 for(unsigned i=0; i<64-2-CRYPTO_KEYBYTES; ++i)//Adding the output to Z
				 {
					 BlockLastInput[i+2] ^= BlockOutput[i];
				 }

				//Counters increment
				 adblock_counter++;
				 if(adlen>=CRYPTO_ADBLOCK)
				 {
					 auth_bytes += CRYPTO_ADBLOCK;
					 adlen-=CRYPTO_ADBLOCK;
				 }
				 else 
				 {
					 auth_bytes += adlen;
					 adlen=0;
				 }
			}
		}

		// Tag production 
		for(unsigned i=0; i<CRYPTO_KEYBYTES; ++i) //Key to the Z input
			BlockLastInput[64-CRYPTO_KEYBYTES+i] = k[i];
		 BlockLastInput[0] = D0[0]+6;
		 BlockLastInput[1] = D0[1];

		//1. Permutation call
		FPerm(BlockLastInput,Tag);
		//2. Key injection
		for(unsigned i=0; i<CRYPTO_KEYBYTES; ++i) 
		{
				Tag[64-CRYPTO_KEYBYTES+i] ^= k[i];
		}

		//3. Truncation
		for(unsigned i=0; i<CRYPTO_ABYTES; ++i)
			c[(*clen)+i] = Tag[i];
		*clen += CRYPTO_ABYTES;


		//Clearing variables
		for(unsigned i=0; i<64; ++i)
			BlockInput[i] = BlockMiddle[i] = BlockOutput[i] = BlockLastInput[i] = 0;
		

	   
		return 0;
     }
Exemplo n.º 5
0
//--------------------------------------------------------------------------------------------------
void OAuthSignRequest
(
    const Credentials_t& keys,  ///< [IN] The application's keys.
    Request_t type,             ///< [IN] The type of request to be performed.
    const std::string& url,     ///< [IN] The address and path of the request.
    ParamMap_t& params,         ///< [IN/OUT] The parameter list will be updated with the required
                                ///<          OAuth additions.
    bool excludeConsumer        ///< [IN] Should the consumer key be excluded from the params?
)
//--------------------------------------------------------------------------------------------------
{
    std::string timeStamp = GenerateTimestamp();

    params.insert({ "oauth_nonce", GenerateNonce(timeStamp) });
    params.insert({ "oauth_signature_method", "HMAC-SHA1" });
    params.insert({ "oauth_timestamp", timeStamp });
    params.insert({ "oauth_version", "1.0" });

    if (excludeConsumer == false)
    {
        params.insert({ "oauth_consumer_key", keys.consumer.publicKey });
    }

    if (keys.oAuthAccess.publicKey.size() > 0)
    {
        params.insert({ "oauth_token", keys.oAuthAccess.publicKey });
    }

    std::stringstream requestString;
    std::stringstream paramString;

    switch (type)
    {
        case Request_t::Get:
            requestString << "GET&";
            break;

        case Request_t::Post:
            requestString << "POST&";
            break;

        default:
            throw std::runtime_error("Unexpected HTTP request type.");
    }

    requestString << UrlEncode(url) << "&";

    bool first = true;
    for (auto iter : params)
    {
        if (first) { first = false; } else { paramString << "&"; }
        paramString << UrlEncode(iter.first) << "=" << UrlEncode(iter.second);
    }

    requestString << UrlEncode(paramString.str());

    for (size_t i = 0; i < requestString.str().size(); i += 20)
    {
        std::string section = requestString.str().substr(i, 20);
    }

    CHMAC_SHA1 sha1;

    std::string signingKey = UrlEncode(keys.consumer.secretKey) + "&";

    if (keys.oAuthAccess.secretKey.size() > 0)
    {
        signingKey += UrlEncode(keys.oAuthAccess.secretKey);
    }

    BYTE digest[CHMAC_SHA1::SHA1_DIGEST_LENGTH] = "";

    sha1.HMAC_SHA1((unsigned char*)requestString.str().c_str(),
                   requestString.str().size(),
                   (unsigned char*)signingKey.c_str(),
                   signingKey.size(),
                   digest);

    params.insert({ "oauth_signature", base64_encode(digest, sizeof(digest)) });
}
Exemplo n.º 6
0
ThreadError Mac::ProcessReceiveSecurity(const Address &aSrcAddr, Neighbor *aNeighbor)
{
    ThreadError error = kThreadError_None;
    uint8_t securityLevel;
    uint32_t frameCounter;
    uint8_t nonce[kNonceSize];
    uint8_t tag[Frame::kMaxMicSize];
    uint8_t tagLength;
    uint8_t keyid;
    uint32_t keySequence;
    const uint8_t *macKey;
    Crypto::AesCcm aesCcm;

    mReceiveFrame.SetSecurityValid(false);

    if (mReceiveFrame.GetSecurityEnabled() == false)
    {
        ExitNow();
    }

    VerifyOrExit(aNeighbor != NULL, error = kThreadError_Security);

    mReceiveFrame.GetSecurityLevel(securityLevel);
    mReceiveFrame.GetFrameCounter(frameCounter);

    GenerateNonce(aSrcAddr.mExtAddress, frameCounter, securityLevel, nonce);

    tagLength = mReceiveFrame.GetFooterLength() - Frame::kFcsSize;

    mReceiveFrame.GetKeyId(keyid);
    keyid--;

    if (keyid == (mKeyManager.GetCurrentKeySequence() & 0x7f))
    {
        // same key index
        keySequence = mKeyManager.GetCurrentKeySequence();
        macKey = mKeyManager.GetCurrentMacKey();
        VerifyOrExit(aNeighbor->mPreviousKey == true || frameCounter >= aNeighbor->mValid.mLinkFrameCounter,
                     error = kThreadError_Security);
    }
    else if (aNeighbor->mPreviousKey &&
             mKeyManager.IsPreviousKeyValid() &&
             keyid == (mKeyManager.GetPreviousKeySequence() & 0x7f))
    {
        // previous key index
        keySequence = mKeyManager.GetPreviousKeySequence();
        macKey = mKeyManager.GetPreviousMacKey();
        VerifyOrExit(frameCounter >= aNeighbor->mValid.mLinkFrameCounter, error = kThreadError_Security);
    }
    else if (keyid == ((mKeyManager.GetCurrentKeySequence() + 1) & 0x7f))
    {
        // next key index
        keySequence = mKeyManager.GetCurrentKeySequence() + 1;
        macKey = mKeyManager.GetTemporaryMacKey(keySequence);
    }
    else
    {
        for (Receiver *receiver = mReceiveHead; receiver; receiver = receiver->mNext)
        {
            receiver->HandleReceivedFrame(mReceiveFrame, kThreadError_Security);
        }

        ExitNow(error = kThreadError_Security);
    }

    aesCcm.SetKey(macKey, 16);
    aesCcm.Init(mReceiveFrame.GetHeaderLength(), mReceiveFrame.GetPayloadLength(),
                tagLength, nonce, sizeof(nonce));
    aesCcm.Header(mReceiveFrame.GetHeader(), mReceiveFrame.GetHeaderLength());
    aesCcm.Payload(mReceiveFrame.GetPayload(), mReceiveFrame.GetPayload(), mReceiveFrame.GetPayloadLength(),
                   false);
    aesCcm.Finalize(tag, &tagLength);

    VerifyOrExit(memcmp(tag, mReceiveFrame.GetFooter(), tagLength) == 0, error = kThreadError_Security);

    if (keySequence > mKeyManager.GetCurrentKeySequence())
    {
        mKeyManager.SetCurrentKeySequence(keySequence);
    }

    if (keySequence == mKeyManager.GetCurrentKeySequence())
    {
        aNeighbor->mPreviousKey = false;
    }

    aNeighbor->mValid.mLinkFrameCounter = frameCounter + 1;

    mReceiveFrame.SetSecurityValid(true);

exit:
    return error;
}