Exemplo n.º 1
1
bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
{
    if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
        return false;

    int i = 0;
    if (nDerivationMethod == 0)
    {
        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);
    }

    if (nDerivationMethod == 1)
    {
        // Passphrase conversion
        uint256 scryptHash = scrypt_salted_multiround_hash((const void*)strKeyData.c_str(), strKeyData.size(), &chSalt[0], 8, nRounds);

        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&scryptHash, sizeof scryptHash, nRounds, chKey, chIV);
        OPENSSL_cleanse(&scryptHash, sizeof scryptHash);
    }


    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
        OPENSSL_cleanse(chKey, sizeof(chKey));
        OPENSSL_cleanse(chIV, sizeof(chIV));
        return false;
    }

    fKeySet = true;
    return true;
}
Exemplo n.º 2
0
bool DecryptAES256(const SecureString& sKey, const std::string& sCiphertext, const std::string& sIV, SecureString& sPlaintext)
{
    // plaintext will always be equal to or lesser than length of ciphertext
    int nLen = sCiphertext.size();
    int nPLen = nLen, nFLen = 0;

    // Verify key sizes
    if(sKey.size() != 32 || sIV.size() != AES_BLOCK_SIZE) {
        LogPrintf("crypter DecryptAES256 - Invalid key or block size\n");
        return false;
    }

    sPlaintext.resize(nPLen);

    EVP_CIPHER_CTX ctx;

    bool fOk = true;

    EVP_CIPHER_CTX_init(&ctx);
    if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, (const unsigned char*) &sKey[0], (const unsigned char*) &sIV[0]);
    if (fOk) fOk = EVP_DecryptUpdate(&ctx, (unsigned char *) &sPlaintext[0], &nPLen, (const unsigned char *) &sCiphertext[0], nLen);
    if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (unsigned char *) (&sPlaintext[0])+nPLen, &nFLen);
    EVP_CIPHER_CTX_cleanup(&ctx);

    if (!fOk) return false;

    sPlaintext.resize(nPLen + nFLen);
    return true;
}
Exemplo n.º 3
0
// General secure AES 256 CBC encryption routine
bool EncryptAES256(const SecureString& sKey, const SecureString& sPlaintext, const std::string& sIV, std::string& sCiphertext)
{
    // max ciphertext len for a n bytes of plaintext is
    // n + AES_BLOCK_SIZE - 1 bytes
    int nLen = sPlaintext.size();
    int nCLen = nLen + AES_BLOCK_SIZE;
    int nFLen = 0;

    // Verify key sizes
    if(sKey.size() != 32 || sIV.size() != AES_BLOCK_SIZE) {
        LogPrintf("crypter EncryptAES256 - Invalid key or block size: Key: %d sIV:%d\n", sKey.size(), sIV.size());
        return false;
    }

    // Prepare output buffer
    sCiphertext.resize(nCLen);

    // Perform the encryption
    EVP_CIPHER_CTX ctx;

    bool fOk = true;

    EVP_CIPHER_CTX_init(&ctx);
    if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, (const unsigned char*) &sKey[0], (const unsigned char*) &sIV[0]);
    if (fOk) fOk = EVP_EncryptUpdate(&ctx, (unsigned char*) &sCiphertext[0], &nCLen, (const unsigned char*) &sPlaintext[0], nLen);
    if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (unsigned char*) (&sCiphertext[0])+nCLen, &nFLen);
    EVP_CIPHER_CTX_cleanup(&ctx);

    if (!fOk) return false;

    sCiphertext.resize(nCLen + nFLen);
    return true;
}
Exemplo n.º 4
0
// SecureString CMnemonic::FromData(const uint8_t *data, int len)
SecureString CMnemonic::FromData(const SecureVector& data, int len)
{
    if (len % 4 || len < 16 || len > 32) {
        return SecureString();
    }

    SecureVector checksum(32);
    CSHA256().Write(&data[0], len).Finalize(&checksum[0]);

    // data
    SecureVector bits(len);
    memcpy(&bits[0], &data[0], len);
    // checksum
    bits.push_back(checksum[0]);

    int mlen = len * 3 / 4;
    SecureString mnemonic;

    int i, j, idx;
    for (i = 0; i < mlen; i++) {
        idx = 0;
        for (j = 0; j < 11; j++) {
            idx <<= 1;
            idx += (bits[(i * 11 + j) / 8] & (1 << (7 - ((i * 11 + j) % 8)))) > 0;
        }
        mnemonic.append(wordlist[idx]);
        if (i < mlen - 1) {
            mnemonic += ' ';
        }
    }

    return mnemonic;
}
Exemplo n.º 5
0
Value walletpassphrase(const Array& params, bool fHelp)
{
    if (pwalletMain->IsCrypted() && (fHelp || params.size() != 2))
        throw runtime_error(
            "walletpassphrase <passphrase> <timeout>\n"
            "Stores the wallet decryption key in memory for <timeout> seconds.");
    if (fHelp)
        return true;
    if (!pwalletMain->IsCrypted())
        throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrase was called.");

    // Note that the walletpassphrase is stored in params[0] which is not mlock()ed
    SecureString strWalletPass;
    strWalletPass.reserve(100);
    // TODO: get rid of this .c_str() by implementing SecureString::operator=(std::string)
    // Alternately, find a way to make params[0] mlock()'d to begin with.
    strWalletPass = params[0].get_str().c_str();

    if (strWalletPass.length() > 0)
    {
        if (!pwalletMain->Unlock(strWalletPass))
            throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
    }
    else
        throw runtime_error(
            "walletpassphrase <passphrase> <timeout>\n"
            "Stores the wallet decryption key in memory for <timeout> seconds.");

    int64 nSleepTime = params[1].get_int64();
    LOCK(cs_nWalletUnlockTime);
    nWalletUnlockTime = GetTime() + nSleepTime;
    RPCRunLater("lockwallet", boost::bind(LockWallet, pwalletMain), nSleepTime);

    return Value::null;
}
Exemplo n.º 6
0
Value encryptwallet(const Array& params, bool fHelp)
{
    if (!pwalletMain->IsCrypted() && (fHelp || params.size() != 1))
        throw runtime_error(
            "encryptwallet <passphrase>\n"
            "Encrypts the wallet with <passphrase>.");
    if (fHelp)
        return true;
    if (pwalletMain->IsCrypted())
        throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an encrypted wallet, but encryptwallet was called.");

    // TODO: get rid of this .c_str() by implementing SecureString::operator=(std::string)
    // Alternately, find a way to make params[0] mlock()'d to begin with.
    SecureString strWalletPass;
    strWalletPass.reserve(100);
    strWalletPass = params[0].get_str().c_str();

    if (strWalletPass.length() < 1)
        throw runtime_error(
            "encryptwallet <passphrase>\n"
            "Encrypts the wallet with <passphrase>.");

    if (!pwalletMain->EncryptWallet(strWalletPass))
        throw JSONRPCError(RPC_WALLET_ENCRYPTION_FAILED, "Error: Failed to encrypt the wallet.");

    // BDB seems to have a bad habit of writing old data into
    // slack space in .dat files; that is bad if the old data is
    // unencrypted private keys. So:
    StartShutdown();
    return "wallet encrypted; Twister server stopping, restart to run with encrypted wallet. The keypool has been flushed, you need to make a new backup.";
}
Exemplo n.º 7
0
int CCrypter::BytesToKeySHA512AES(const std::vector<unsigned char>& chSalt, const SecureString& strKeyData, int count, unsigned char *key,unsigned char *iv) const
{
    // This mimics the behavior of openssl's EVP_BytesToKey with an aes256cbc
    // cipher and sha512 message digest. Because sha512's output size (64b) is
    // greater than the aes256 block size (16b) + aes256 key size (32b),
    // there's no need to process more than once (D_0).

    if(!count || !key || !iv)
        return 0;

    unsigned char buf[CSHA512::OUTPUT_SIZE];
    CSHA512 di;

    di.Write((const unsigned char*)strKeyData.c_str(), strKeyData.size());
    di.Write(chSalt.data(), chSalt.size());
    di.Finalize(buf);

    for(int i = 0; i != count - 1; i++)
        di.Reset().Write(buf, sizeof(buf)).Finalize(buf);

    memcpy(key, buf, WALLET_CRYPTO_KEY_SIZE);
    memcpy(iv, buf + WALLET_CRYPTO_KEY_SIZE, WALLET_CRYPTO_IV_SIZE);
    memory_cleanse(buf, sizeof(buf));
    return WALLET_CRYPTO_KEY_SIZE;
}
Exemplo n.º 8
0
bool SecurityUser::IsPasswordUpdated(SecurityUserSPtr const & other)
{
    bool needUpdate = false;
    if(this->AccountType == SecurityPrincipalAccountType::DomainUser)
    {
        if(other)
        {
            wstring originalPswd = password_;
            wstring currentPswd = other->Password;

            if(this->isPasswordEncrypted_)
            {
                SecureString pswd;
                CryptoUtility::DecryptText(password_, pswd);
                originalPswd = pswd.GetPlaintext();
            }
            if(other->isPasswordEncrypted_)
            {
                SecureString pswd;
                CryptoUtility::DecryptText(other->password_, pswd);
                currentPswd = pswd.GetPlaintext();
            }

            needUpdate = (originalPswd != currentPswd);

            originalPswd.clear();
            currentPswd.clear();
        }
    }
    return needUpdate;
}
Exemplo n.º 9
0
static void TestPassphrase(const std::vector<unsigned char>& vchSalt, const SecureString& passphrase, uint32_t rounds,
                 const std::vector<unsigned char>& correctKey = std::vector<unsigned char>(),
                 const std::vector<unsigned char>& correctIV=std::vector<unsigned char>())
{
    TestPassphraseSingle(vchSalt, passphrase, rounds, correctKey, correctIV);
    for(SecureString::const_iterator i(passphrase.begin()); i != passphrase.end(); ++i)
        TestPassphraseSingle(vchSalt, SecureString(i, passphrase.end()), rounds);
}
Exemplo n.º 10
0
bool myLabelcompare(SecureString a, SecureString b)
{
    const char* aStr = a.getUnsecureString();
    const char* bStr = b.getUnsecureString();
    bool res = _strcmpi(aStr, bStr) < 0;
    a.UnsecuredStringFinished();
    b.UnsecuredStringFinished();
    return res;
}
Exemplo n.º 11
0
void CKeePassIntegrator::CKeePassRequest::init()
{
    SecureString sIVSecure = generateRandomKey(KEEPASS_CRYPTO_BLOCK_SIZE);
    sIV = std::string(&sIVSecure[0], sIVSecure.size());
    // Generate Nonce, Verifier and RequestType
    SecureString sNonceBase64Secure = EncodeBase64Secure(sIVSecure);
    addStrParameter("Nonce", std::string(&sNonceBase64Secure[0], sNonceBase64Secure.size())); // Plain
    addStrParameter("Verifier", sNonceBase64Secure); // Encoded
    addStrParameter("RequestType", sType);
}
Exemplo n.º 12
0
Value walletpassphrase(const Array& params, bool fHelp)
{
    if (pwalletMain->IsCrypted() && (fHelp || params.size() != 2))
        throw runtime_error(
            "walletpassphrase \"passphrase\" timeout\n"
            "\nStores the wallet decryption key in memory for 'timeout' seconds.\n"
            "This is needed prior to performing transactions related to private keys such as sending Dacrss\n"
            "\nArguments:\n"
            "1. \"passphrase\"     (string, required) The wallet passphrase\n"
            "2. timeout            (numeric, required) The time to keep the decryption key in seconds.\n"
            "\nNote:\n"
            "Issuing the walletpassphrase command while the wallet is already unlocked will set a new unlock\n"
            "time that overrides the old one.\n"
            "\nExamples:\n"
            "\nunlock the wallet for 60 seconds\n"
            + HelpExampleCli("walletpassphrase", "\"my pass phrase\" 60") +
            "\nLock the wallet again (before 60 seconds)\n"
            + HelpExampleCli("walletlock", "") +
            "\nAs json rpc call\n"
            + HelpExampleRpc("walletpassphrase", "\"my pass phrase\", 60")
        );

    LOCK2(cs_main, pwalletMain->cs_wallet);

    if (fHelp)
        return true;
    if (!pwalletMain->IsCrypted())
        throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrase was called.");

    // Note that the walletpassphrase is stored in params[0] which is not mlock()ed
    SecureString strWalletPass;
    strWalletPass.reserve(100);
    // TODO: get rid of this .c_str() by implementing SecureString::operator=(string)
    // Alternately, find a way to make params[0] mlock()'d to begin with.
    strWalletPass = params[0].get_str().c_str();
	//assert(0);
    if (strWalletPass.length() > 0)
    {
        if (!pwalletMain->Unlock(strWalletPass))
            throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");
    }
    else
        throw runtime_error(
            "walletpassphrase <passphrase> <timeout>\n"
            "Stores the wallet decryption key in memory for <timeout> seconds.");

    int64_t nSleepTime = params[1].get_int64();
    LOCK(cs_nWalletUnlockTime);
    nWalletUnlockTime = GetTime() + nSleepTime;
    RPCRunLater("lockwallet", boost::bind(LockWallet, pwalletMain), nSleepTime);
    Object retObj;
    retObj.push_back(Pair("passphrase", true));
    return retObj;
}
Exemplo n.º 13
0
// passphrase must be at most 256 characters or code may crash
void CMnemonic::ToSeed(SecureString mnemonic, SecureString passphrase, SecureVector& seedRet)
{
    SecureString ssSalt = SecureString("mnemonic") + passphrase;
    SecureVector vchSalt(ssSalt.begin(), ssSalt.end());
    seedRet.resize(64);
    // int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
    //                    const unsigned char *salt, int saltlen, int iter,
    //                    const EVP_MD *digest,
    //                    int keylen, unsigned char *out);
    PKCS5_PBKDF2_HMAC(mnemonic.c_str(), mnemonic.size(), &vchSalt[0], vchSalt.size(), 2048, EVP_sha512(), 64, &seedRet[0]);
}
Exemplo n.º 14
0
SecureString CKeePassIntegrator::generateRandomKey(size_t nSize)
{
    // Generates random key
    SecureString key;
    key.resize(nSize);

    RandAddSeedPerfmon();
    RAND_bytes((unsigned char *) &key[0], nSize);

    return key;
}
Exemplo n.º 15
0
int __pass_cb(char *buf, int size, int rwflag, void *u) {
    Key::PassphraseFunctor* pf = (Key::PassphraseFunctor*)u;
    bool verify = (rwflag == 1);
    
    SecureString ss = (*pf)(verify);
    
    int len;
    len = ss.size();
    if (len <= 0) return 0;
    // if too long, truncate
    if (len > size) len = size;
    memcpy(buf, ss.c_str(), len);
    return len;
}
Exemplo n.º 16
0
bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
{
    if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
        return false;

    // Try to keep the keydata out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
    // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
    // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.  
    // mlock(&chKey[0], sizeof chKey);
    // mlock(&chIV[0], sizeof chIV);

    int i = 0;
    if (nDerivationMethod == 0)
        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);

    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
        // memset(&chKey, 0, sizeof chKey);
        // memset(&chIV, 0, sizeof chIV);
        OPENSSL_cleanse(chKey, sizeof(chKey));
        OPENSSL_cleanse(chIV, sizeof(chIV));
        return false;
    }

    fKeySet = true;
    return true;
}
Exemplo n.º 17
0
void permutation(int k, SecureString &s)
{
  for(unsigned int j = 1; j < s.size(); ++j)
    {
      swap(s, k % (j + 1), j);
      k = k / (j + 1);
    }
}
Exemplo n.º 18
0
PwdLabelVector PwdList::FilterLabels(SecureString pattern)
{
    std::lock_guard<std::recursive_mutex> lock(mutex_lock);
    PwdLabelVector vector;
    const char* strPtrn = pattern.getUnsecureString();
    for (auto it = existingLabels.begin(); it != existingLabels.end(); it++)
    {
        if (strstr(strPtrn, (*it).getUnsecureString()) != NULL)
        {
            vector.push_back((*it));
        }
        (*it).UnsecuredStringFinished();
    }
    pattern.UnsecuredStringFinished();

    std::sort(vector.begin(), vector.end(), myLabelcompare);
    return vector;
}
Exemplo n.º 19
0
    //key:128
    //encrypt output:nonce(12)+tag(16)+cipher_text
    //no aad
    //
    int Encrypt_AesGcm128(const uint8_t * plain_text, uint32_t plain_text_len,
            const SecureString & key, string & cipher_text){

        cipher_text.clear();
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);

        EVP_CIPHER * cipher=EVP_aes_128_gcm();

        if(1 != EVP_EncryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
            return LIB_ERR;

        unsigned char  nonce[GCM_NONCE_LENGTH]={};
        RAND_bytes(nonce,4);

        struct timeval t={0,0};
        if(0==gettimeofday(&t,NULL)){
            memcpy(&nonce[4],&t.tv_sec,4);
            memcpy(&nonce[8],&t.tv_nsec,4);
        }else{
            RAND_bytes(&nonce[4],GCM_NONCE_LENGTH-4);
        }

        if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, GCM_NONCE_LENGTH, NULL))
            return LIB_ERR;

        if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, key.data(), &nonce[0]))
            return LIB_ERR;

        cipher_text.reserve(GCM_NONCE_LENGTH+GCM_TAG_LENGTH+plain_text_len);
        cipher_text.append(&nonce[0],GCM_NONCE_LENGTH);
        cipher_text.append(GCM_TAG_LENGTH,0);//fill tag later
        cipher_text.resize(GCM_NONCE_LENGTH+GCM_TAG_LENGTH+plain_text_len);

        //do the real encryption.
        int out_len=plain_text_len;
        const int ret = EVP_CipherUpdate(&ctx,&cipher_text[GCM_NONCE_LENGTH+GCM_TAG_LENGTH],&out_len, plain_text,plain_text_len);
        if(1!=ret){
            cipher_text.clear();
            return LIB_ERR;
        }

        out_len=0;
        if(1 != EVP_CipherFinal_ex(&ctx,cipher_text.end(),out_len) ){
            cipher_text.clear();
            return LIB_ERR;
        }

        /* Get the tag */
        if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, &cipher_text[GCM_NONCE_LENGTH])){
            cipher_text.clear();
            return LIB_ERR;
        }
        return OK;
    }
Exemplo n.º 20
0
Value walletpassphrasechange(const Array& params, bool fHelp)
{
    if (pwalletMain->IsCrypted() && (fHelp || params.size() != 2))
        throw runtime_error(
            "walletpassphrasechange <oldpassphrase> <newpassphrase>\n"
            "Changes the wallet passphrase from <oldpassphrase> to <newpassphrase>.");
    if (fHelp)
        return true;
    if (!pwalletMain->IsCrypted())
        throw JSONRPCError(RPC_WALLET_WRONG_ENC_STATE, "Error: running with an unencrypted wallet, but walletpassphrasechange was called.");

    // TODO: get rid of these .c_str() calls by implementing SecureString::operator=(std::string)
    // Alternately, find a way to make params[0] mlock()'d to begin with.
    SecureString strOldWalletPass;
    strOldWalletPass.reserve(100);
    strOldWalletPass = params[0].get_str().c_str();

    SecureString strNewWalletPass;
    strNewWalletPass.reserve(100);
    strNewWalletPass = params[1].get_str().c_str();

    if (strOldWalletPass.length() < 1 || strNewWalletPass.length() < 1)
        throw runtime_error(
            "walletpassphrasechange <oldpassphrase> <newpassphrase>\n"
            "Changes the wallet passphrase from <oldpassphrase> to <newpassphrase>.");

    if (!pwalletMain->ChangeWalletPassphrase(strOldWalletPass, strNewWalletPass))
        throw JSONRPCError(RPC_WALLET_PASSPHRASE_INCORRECT, "Error: The wallet passphrase entered was incorrect.");

    return Value::null;
}
Exemplo n.º 21
0
void MinerAutoUnlockFeature(CWallet *pwallet)
{
    ///////////////////////  Auto Unlock Feature for Research Miner
    if (pwallet->IsLocked())
        {
            //11-5-2014 R Halford - If wallet is locked - see if user has an encrypted password stored:
            std::string passphrase = "";
            if (mapArgs.count("-autounlock"))
            {
                passphrase = GetArg("-autounlock", "");
            }
            if (passphrase.length() > 1)
            {
                std::string decrypted = AdvancedDecryptWithHWID(passphrase);
                //Unlock the wallet for 10 days (Equivalent to: walletpassphrase mylongpass 999999) FOR STAKING ONLY!
                int64_t nSleepTime = 9999999;
                SecureString strWalletPass;
                strWalletPass.reserve(100);
                strWalletPass = decrypted.c_str();
                if (strWalletPass.length() > 0)
                {
                    if (!pwallet->Unlock(strWalletPass))
                    {
                        LogPrintf("GridcoinResearchMiner:AutoUnlock:Error: The wallet passphrase entered was incorrect.");
                    }
                    else
                    {
                        NewThread(ThreadTopUpKeyPool,NULL);
                        int64_t* pnSleepTime = new int64_t(nSleepTime);
                        NewThread(ThreadCleanWalletPassphrase, pnSleepTime);
                        fWalletUnlockStakingOnly = true;
                    }
                }
            }
        }
    return;
    // End of AutoUnlock Feature
}
Exemplo n.º 22
0
vector<unsigned char> Convert (SecureString hexNumber)
// assumes 2 character string with legal hex digits
{
  vector<unsigned char> chars;
  int size = hexNumber.length();
  for (int i = 0; i < size; i+=2)
    {
      char highOrderDig = hexNumber[i];
      char lowOrderDig  = hexNumber[i+1];
      int lowOrderValue = GetDigitValue(lowOrderDig);//;  convert lowOrderDig to number from 0 to 15
      int highOrderValue = GetDigitValue(highOrderDig);//; convert highOrderDig to number from 0 to 15
      chars.push_back(lowOrderValue + 16 * highOrderValue);
    }
  return chars;
}
Exemplo n.º 23
0
void CKeePassIntegrator::rpcSetLogin(const SecureString& strWalletPass, const SecureString& sEntryId)
{

    // Convert key format
    SecureString sKey = DecodeBase64Secure(sKeyBase64);

    CKeePassRequest request(sKey, "set-login");
    request.addStrParameter("Id", sKeePassId);
    request.addStrParameter("Url", sUrl);

    if(fDebug) LogPrintf("CKeePassIntegrator::rpcSetLogin - send Url: %s\n", sUrl.c_str());

    //request.addStrParameter("SubmitUrl", sSubmitUrl); // Is used to construct the entry title
    request.addStrParameter("Login", SecureString("Nodes"));
    request.addStrParameter("Password", strWalletPass);
    if(sEntryId.size() != 0)
    {
        request.addStrParameter("Uuid", sEntryId); // Update existing
    }

    int nStatus;
    std::string sResponse;

    doHTTPPost(request.getJson(), nStatus, sResponse);


    if(fDebug) LogPrintf("CKeePassIntegrator::rpcSetLogin - send result: status: %d response: %s\n", nStatus, sResponse.c_str());

    if(nStatus != 200)
    {
        std::string sErrorMessage = "Error returned: HTTP code ";
        sErrorMessage += boost::lexical_cast<std::string>(nStatus);
        sErrorMessage += " - Response: ";
        sErrorMessage += " response: [";
        sErrorMessage += sResponse;
        sErrorMessage += "]";
        throw std::runtime_error(sErrorMessage);
    }

    // Parse the response
    CKeePassResponse response(sKey, sResponse);

    if(!response.getSuccess())
    {
        throw std::runtime_error("KeePassHttp returned failure status");
    }
}
Exemplo n.º 24
0
bool myPwdCompare(Pwd* a, Pwd* b)
{
    SecureString aSstr = a->GetDescription();
    const char* aStr = aSstr.getUnsecureString();
    SecureString bSstr = b->GetDescription();
    const char* bStr = bSstr.getUnsecureString();
    bool res = _strcmpi(aStr, bStr) < 0;
    aSstr.UnsecuredStringFinished();
    bSstr.UnsecuredStringFinished();
    return res;
}
Exemplo n.º 25
0
bool OldSetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod, unsigned char* chKey, unsigned char* chIV)
{
    if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
        return false;

    int i = 0;
    if (nDerivationMethod == 0)
        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);

    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
        memory_cleanse(chKey, WALLET_CRYPTO_KEY_SIZE);
        memory_cleanse(chIV, WALLET_CRYPTO_IV_SIZE);
        return false;
    }
    return true;
}
Exemplo n.º 26
0
PwdList::PwdVector PwdList::Filter(const SecureString& pattern, const PwdLabelVector& labels)
{
    std::lock_guard<std::recursive_mutex> lock(mutex_lock);
    PwdVector filtered;
    if (pattern.length() > 0)
    {
        SecureString patternCpy = pattern;
        char* strPtrn = (char*)patternCpy.getUnsecureString();

        for (auto it = pwds.begin(); it != pwds.end(); it++)
        {
            SecureString description = (*it)->GetDescription();
            if (strcasestr((char*)description.getUnsecureString(), strPtrn) != NULL)
            {
                filtered.push_back((*it));
            }
            description.UnsecuredStringFinished();
        }

        patternCpy.UnsecuredStringFinished();
    }
    else {
        filtered = PwdVector(pwds.begin(), pwds.end());
    }

    if (labels.size() > 0)
    {
        for (auto iLabel = labels.begin(); iLabel != labels.end(); iLabel++)
        {
            PwdVector passed;
            for (auto iPwd = filtered.begin(); iPwd != filtered.end(); iPwd++)
            {
                if ((*iPwd)->HasLabel(*iLabel))
                {
                    passed.push_back(*iPwd);
                }
            }
            filtered = passed;
        }
    }

    pwds.sort(myPwdCompare);
    return filtered;
}
Exemplo n.º 27
0
bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
{
    if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
        return false;

    int i = 0;
    if (nDerivationMethod == 0)
        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);

    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
        OPENSSL_cleanse(chKey, sizeof(chKey));
        OPENSSL_cleanse(chIV, sizeof(chIV));
        return false;
    }

    fKeySet = true;
    return true;
}
Exemplo n.º 28
0
    int Decrypt_AesGcm128(const uint8_t * cipher_text, uint32_t cipher_text_len,
            const SecureString & key, string & plain_text){

        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);

        EVP_CIPHER * cipher=EVP_aes_128_gcm();

        if(1 != EVP_DecryptInit_ex(&ctx, cipher, NULL, NULL, NULL))
            return false;

        if(1 != EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, GCM_NONCE_LENGTH, NULL))
            return false;

        unsigned char  nonce[GCM_NONCE_LENGTH]={};
        if(1 != EVP_EncryptInit_ex(&ctx, NULL, NULL, key.data(), cipher_text))
            return false;


        int outl=out.size();
        const int ret = EVP_CipherUpdate(&ctx,&out[0],outl,&in[0],in.size());
        if(1==ret){
            out.resize(outl);
            return true;
        }
        out.resize(EVP_CIPHER_CTX_block_size(&ctx));

        /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
            return false;


        if(1 != EVP_CipherFinal_ex(&ctx,out.data(),outl) ){
            return false;
        }
        out.resize(outl);


        return OK;

    }
Exemplo n.º 29
0
bool Exporter::write(const SecureByteArray &data, const SecureString &pwd)
{
  Q_D(Exporter);
  Q_ASSERT((data.size() % Crypter::AESBlockSize) == 0);
  QByteArray salt = Crypter::generateSalt();
  SecureByteArray iv;
  SecureByteArray key;
  Crypter::makeKeyAndIVFromPassword(pwd.toUtf8(), salt, key, iv);
  CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption enc;
  enc.SetKeyWithIV(reinterpret_cast<const byte*>(key.constData()), key.size(), reinterpret_cast<const byte*>(iv.constData()));
  const int cipherSize = data.size();
  QByteArray cipher(cipherSize, static_cast<char>(0));
  CryptoPP::ArraySource s(
        reinterpret_cast<const byte*>(data.constData()), data.size(),
        true,
        new CryptoPP::StreamTransformationFilter(
          enc,
          new CryptoPP::ArraySink(reinterpret_cast<byte*>(cipher.data()), cipher.size()),
          CryptoPP::StreamTransformationFilter::NO_PADDING
          )
        );
  Q_UNUSED(s); // just to please the compiler
  QFile file(d->filename);
  bool opened = file.open(QIODevice::WriteOnly);
  if (!opened)
    return false;
  QByteArray block = salt + cipher;
  file.write(PemPreamble.toUtf8());
  file.write("\n");
  const SecureByteArray &b64 = block.toBase64();
  for (int i = 0; i < b64.size(); i += 64) {
    file.write(b64.mid(i, qMin(64, b64.size() - i)));
    file.write("\n");
  }
  file.write(PemEpilog.toUtf8());
  file.write("\n");
  file.close();
  return true;
}
Exemplo n.º 30
0
void CKeePassIntegrator::rpcAssociate(std::string& sId, SecureString& sKeyBase64)
{
    sKey = generateRandomKey(KEEPASS_CRYPTO_KEY_SIZE);
    CKeePassRequest request(sKey, "associate");

    sKeyBase64 = EncodeBase64Secure(sKey);
    request.addStrParameter("Key", std::string(&sKeyBase64[0], sKeyBase64.size()));

    int nStatus;
    std::string sResponse;

    doHTTPPost(request.getJson(), nStatus, sResponse);

    if(fDebug) LogPrintf("CKeePassIntegrator::rpcAssociate - send result: status: %d response: %s\n", nStatus, sResponse.c_str());

    if(nStatus != 200)
    {
        std::string sErrorMessage = "Error returned: HTTP code ";
        sErrorMessage += boost::lexical_cast<std::string>(nStatus);
        sErrorMessage += " - Response: ";
        sErrorMessage += " response: [";
        sErrorMessage += sResponse;
        sErrorMessage += "]";
        throw std::runtime_error(sErrorMessage);
    }

    // Parse the response
    CKeePassResponse response(sKey, sResponse);

    if(!response.getSuccess())
    {
        throw std::runtime_error("KeePassHttp returned failure status");
    }

    // If we got here, we were successful. Return the information
    sId = response.getStr("Id");
}