CryptoPP::SecByteBlock prf ( CryptoPP::SecByteBlock const& secret, char const* label, CryptoPP::SecByteBlock const& seed, size_t length ) { size_t half, len; CryptoPP::SecByteBlock first, second; CryptoPP::SecByteBlock::iterator it1, it2; half = secret.size() >> 1; len = half + (secret.size() & 1); first.Assign(secret.data(), len); second.Assign(secret.data()+half, len); first = prf<H1>(first, label, seed, length); second = prf<H2>(second, label, seed, length); it1 = first.begin(); it2 = second.begin(); while (it1 != first.end() && it2 != second.end()) { (*it1) ^= (*it2); ++it1; ++it2; } return first; }
GenericCryptoOutputFilter( std::ostream &stream, const CryptoPP::SecByteBlock &key, const CryptoPP::SecByteBlock &iv): CryptoOutputFilter(stream){ this->data.reset(new impl); this->data->e.SetKeyWithIV(key, key.size(), iv.data(), iv.size()); this->data->filter.reset(new CryptoPP::StreamTransformationFilter(this->data->e)); }
std::string security::str(const CryptoPP::SecByteBlock& input) { std::string output; CryptoPP::StringSink sink(output); sink.Put(input, input.size()); return output; }
void Marshall::initAES( const CryptoPP::SecByteBlock& cek, const CryptoPP::SecByteBlock& iv ) { m_iv = iv; m_enc.SetKeyWithIV( cek.BytePtr(), cek.SizeInBytes(), iv.BytePtr(), iv.SizeInBytes()); m_dec.SetKeyWithIV( cek.BytePtr(), cek.SizeInBytes(), iv.BytePtr(), iv.SizeInBytes()); }
// -------------------------------------------------------------------------- inline void client_key_exchange::process_rsa ( CryptoPP::SecByteBlock& premaster ) // -------------------------------------------------------------------------- { using namespace CryptoPP; // Decrypt pre-master secret. RSAES<PKCS1v15>::Decryptor dec(*m_handshake.m_config.rsa_key()); DecodingResult res; SecByteBlock random(48); // Bleinbacher and Klima et al. attack protection. // 1. Generate a string R of random 46 bytes. m_handshake.m_rng.GenerateBlock(&random[2], 46); // 2. Decrypt the message to recover plaintext M. premaster.resize(dec.MaxPlaintextLength(m_pub.size())); res = dec.Decrypt(m_handshake.m_rng, m_pub.data(), m_pub.size(), premaster ); premaster.resize(res.messageLength); protocol_version const& v = m_handshake.m_client_hello.version(); // 3. If the PKCS#8 padding is not correct, // or the length of message M is not exactly 48 bytes: if (!res.isValidCoding || res.messageLength != 48) { random[0] = v.major; random[1] = v.minor; m_handshake.compute_master_secret(random); } else { premaster[0] = v.major; premaster[1] = v.minor; m_handshake.compute_master_secret(premaster); } }
CryptoPP::SecByteBlock prf ( CryptoPP::SecByteBlock const& secret, char const* label, CryptoPP::SecByteBlock const& seed, size_t length ) { CryptoPP::HMAC<H> hmac(secret.data(), secret.size()); CryptoPP::SecByteBlock hash_seed, A, cur_seed, output; // PRF(secret, label, seed) = P_hash(secret, label + seed) // P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + // HMAC_hash(secret, A(2) + seed) + // HMAC_hash(secret, A(3) + seed) + ... // A(0) = seed // A(i) = HMAC_hash(secret, A(i-1)) // Make the seed for P_<hash>. hash_seed.Assign( reinterpret_cast<byte const*>(label), strlen(label) ); hash_seed += seed; // Calculate A(1) = HMAC_hash(secret, A(0)=seed) A.CleanNew(hmac.DigestSize()); hmac.CalculateDigest(A.data(), hash_seed.data(), hash_seed.size()); // Calculate P_hash(secret, seed) while (output.size() < length) { cur_seed = A + hash_seed; hmac.Update(cur_seed.data(), cur_seed.size()); cur_seed.resize(hmac.DigestSize()); hmac.Final(cur_seed.data()); output += cur_seed; hmac.Update(A.data(), A.size()); hmac.Final(A.data()); } // Trim and return. output.resize(length); return output; }
void Container::set_seed(CryptoPP::SecByteBlock seed) { seed_ = seed; CryptoPP::AutoSeededRandomPool prng; CryptoPP::SecByteBlock t(seed.size()); prng.GenerateBlock(t, t.size()); for (auto p : mtl::count_until(t.size())) { seed_[p] ^= t[p]; } prng_.IncorporateEntropy(seed_, seed_.size()); //enhance pw for (auto b : seed) { enhanced_passphrase_.push_back(b); } }
// -------------------------------------------------------------------------- inline void client_key_exchange::process_dh ( CryptoPP::SecByteBlock& premaster ) // -------------------------------------------------------------------------- { CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo; size_t pos; // Add leading zeros to match domain's public key length. if (m_pub.size() < alg->PublicKeyLength()) { CryptoPP::SecByteBlock padding; padding.CleanNew(alg->PublicKeyLength() - m_pub.size()); m_pub = padding + m_pub; } // Agree on the premaster secret. premaster.New(alg->AgreedValueLength()); if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true)) { LOG_ERR("net.tls.client_key_exchange", "Error agreeing on pre-master secret. (DH)" ); throw alert( alert_level::fatal, alert_description::illegal_parameter ); } // Strip any leading zero bytes from the agreed value. pos = 0; while (premaster[pos] == 0 && pos < premaster.size()) { ++pos; } premaster.Assign(&premaster[pos], (premaster.size() - pos)); }
// -------------------------------------------------------------------------- inline void client_key_exchange::process_ecdh ( CryptoPP::SecByteBlock& premaster ) // -------------------------------------------------------------------------- { CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo; // Agree on the premaster secret. premaster.New(alg->AgreedValueLength()); if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true)) { LOG_ERR("net.tls.client_key_exchange", "Error agreeing on pre-master secret. (ECDH)" ); throw alert( alert_level::fatal, alert_description::illegal_parameter ); } }
// Compute bool diffie_hellman::compute(const CryptoPP::SecByteBlock& input, const bool validate /*= true*/) { assert(!input.empty()); return m_dh.Agree(m_shared, m_private, reinterpret_cast<const byte*>(input.data()), validate); }
int main() { { CryptoPP::SHA512 sha2; unsigned char digest[CryptoPP::SHA512::DIGESTSIZE]; sha2.Final(digest); } { std::string data; const CryptoPP::SecByteBlock key; const CryptoPP::SecByteBlock iv; CryptoPP::SecByteBlock ret(0, CryptoPP::AES::MAX_KEYLENGTH); CryptoPP::StringSource(data, true, new CryptoPP::HashFilter(*(new CryptoPP::SHA3_512), new CryptoPP::ArraySink(ret, CryptoPP::AES::MAX_KEYLENGTH))); CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Encryption pwenc; pwenc.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size()); std::string cipher; CryptoPP::StringSource(data, true, new CryptoPP::AuthenticatedEncryptionFilter(pwenc, new CryptoPP::StringSink(cipher), false, 16)); } { const CryptoPP::SecByteBlock key; const CryptoPP::SecByteBlock iv; CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Decryption pwdec; pwdec.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size()); } { CryptoPP::SecByteBlock ret(0, CryptoPP::AES::BLOCKSIZE); std::string str; CryptoPP::StringSource(str, true, new CryptoPP::Base64Decoder(new CryptoPP::ArraySink(ret, CryptoPP::AES::BLOCKSIZE))); } return 0; }