CryptoPP::SecByteBlock
prf (
CryptoPP::SecByteBlock const& secret,
char const* label,
CryptoPP::SecByteBlock const& seed,
size_t length
)
{
size_t half, len;
CryptoPP::SecByteBlock first, second;
CryptoPP::SecByteBlock::iterator it1, it2;
half = secret.size() >> 1;
len = half + (secret.size() & 1);
first.Assign(secret.data(), len);
second.Assign(secret.data()+half, len);
first = prf<H1>(first, label, seed, length);
second = prf<H2>(second, label, seed, length);
it1 = first.begin();
it2 = second.begin();
while (it1 != first.end() && it2 != second.end())
{
(*it1) ^= (*it2);
++it1;
++it2;
}
return first;
}
GenericCryptoOutputFilter(
std::ostream &stream,
const CryptoPP::SecByteBlock &key,
const CryptoPP::SecByteBlock &iv): CryptoOutputFilter(stream){
this->data.reset(new impl);
this->data->e.SetKeyWithIV(key, key.size(), iv.data(), iv.size());
this->data->filter.reset(new CryptoPP::StreamTransformationFilter(this->data->e));
}
std::string security::str(const CryptoPP::SecByteBlock& input)
{
std::string output;
CryptoPP::StringSink sink(output);
sink.Put(input, input.size());
return output;
}
void Marshall::initAES( const CryptoPP::SecByteBlock& cek,
const CryptoPP::SecByteBlock& iv )
{
m_iv = iv;
m_enc.SetKeyWithIV( cek.BytePtr(), cek.SizeInBytes(),
iv.BytePtr(), iv.SizeInBytes());
m_dec.SetKeyWithIV( cek.BytePtr(), cek.SizeInBytes(),
iv.BytePtr(), iv.SizeInBytes());
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_rsa (
CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
using namespace CryptoPP;
// Decrypt pre-master secret.
RSAES<PKCS1v15>::Decryptor dec(*m_handshake.m_config.rsa_key());
DecodingResult res;
SecByteBlock random(48);
// Bleinbacher and Klima et al. attack protection.
// 1. Generate a string R of random 46 bytes.
m_handshake.m_rng.GenerateBlock(&random[2], 46);
// 2. Decrypt the message to recover plaintext M.
premaster.resize(dec.MaxPlaintextLength(m_pub.size()));
res = dec.Decrypt(m_handshake.m_rng,
m_pub.data(), m_pub.size(),
premaster
);
premaster.resize(res.messageLength);
protocol_version const& v = m_handshake.m_client_hello.version();
// 3. If the PKCS#8 padding is not correct,
// or the length of message M is not exactly 48 bytes:
if (!res.isValidCoding || res.messageLength != 48)
{
random[0] = v.major;
random[1] = v.minor;
m_handshake.compute_master_secret(random);
}
else
{
premaster[0] = v.major;
premaster[1] = v.minor;
m_handshake.compute_master_secret(premaster);
}
}
CryptoPP::SecByteBlock
prf (
CryptoPP::SecByteBlock const& secret,
char const* label,
CryptoPP::SecByteBlock const& seed,
size_t length
)
{
CryptoPP::HMAC<H> hmac(secret.data(), secret.size());
CryptoPP::SecByteBlock hash_seed, A, cur_seed, output;
// PRF(secret, label, seed) = P_hash(secret, label + seed)
// P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
// HMAC_hash(secret, A(2) + seed) +
// HMAC_hash(secret, A(3) + seed) + ...
// A(0) = seed
// A(i) = HMAC_hash(secret, A(i-1))
// Make the seed for P_<hash>.
hash_seed.Assign(
reinterpret_cast<byte const*>(label),
strlen(label)
);
hash_seed += seed;
// Calculate A(1) = HMAC_hash(secret, A(0)=seed)
A.CleanNew(hmac.DigestSize());
hmac.CalculateDigest(A.data(), hash_seed.data(), hash_seed.size());
// Calculate P_hash(secret, seed)
while (output.size() < length)
{
cur_seed = A + hash_seed;
hmac.Update(cur_seed.data(), cur_seed.size());
cur_seed.resize(hmac.DigestSize());
hmac.Final(cur_seed.data());
output += cur_seed;
hmac.Update(A.data(), A.size());
hmac.Final(A.data());
}
// Trim and return.
output.resize(length);
return output;
}
void Container::set_seed(CryptoPP::SecByteBlock seed)
{
seed_ = seed;
CryptoPP::AutoSeededRandomPool prng;
CryptoPP::SecByteBlock t(seed.size());
prng.GenerateBlock(t, t.size());
for (auto p : mtl::count_until(t.size()))
{
seed_[p] ^= t[p];
}
prng_.IncorporateEntropy(seed_, seed_.size());
//enhance pw
for (auto b : seed)
{
enhanced_passphrase_.push_back(b);
}
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_dh (
CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo;
size_t pos;
// Add leading zeros to match domain's public key length.
if (m_pub.size() < alg->PublicKeyLength())
{
CryptoPP::SecByteBlock padding;
padding.CleanNew(alg->PublicKeyLength() - m_pub.size());
m_pub = padding + m_pub;
}
// Agree on the premaster secret.
premaster.New(alg->AgreedValueLength());
if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true))
{
LOG_ERR("net.tls.client_key_exchange",
"Error agreeing on pre-master secret. (DH)"
);
throw alert(
alert_level::fatal,
alert_description::illegal_parameter
);
}
// Strip any leading zero bytes from the agreed value.
pos = 0;
while (premaster[pos] == 0 && pos < premaster.size())
{
++pos;
}
premaster.Assign(&premaster[pos], (premaster.size() - pos));
}
// --------------------------------------------------------------------------
inline
void
client_key_exchange::process_ecdh (
CryptoPP::SecByteBlock& premaster
)
// --------------------------------------------------------------------------
{
CryptoPP::SimpleKeyAgreementDomain*& alg = m_handshake.m_key_algo;
// Agree on the premaster secret.
premaster.New(alg->AgreedValueLength());
if (!alg->Agree(premaster, m_handshake.m_key_value, m_pub, true))
{
LOG_ERR("net.tls.client_key_exchange",
"Error agreeing on pre-master secret. (ECDH)"
);
throw alert(
alert_level::fatal,
alert_description::illegal_parameter
);
}
}
// Compute
bool diffie_hellman::compute(const CryptoPP::SecByteBlock& input, const bool validate /*= true*/)
{
assert(!input.empty());
return m_dh.Agree(m_shared, m_private, reinterpret_cast<const byte*>(input.data()), validate);
}
int main() {
{
CryptoPP::SHA512 sha2;
unsigned char digest[CryptoPP::SHA512::DIGESTSIZE];
sha2.Final(digest);
}
{
std::string data;
const CryptoPP::SecByteBlock key;
const CryptoPP::SecByteBlock iv;
CryptoPP::SecByteBlock ret(0, CryptoPP::AES::MAX_KEYLENGTH);
CryptoPP::StringSource(data, true, new CryptoPP::HashFilter(*(new CryptoPP::SHA3_512), new CryptoPP::ArraySink(ret, CryptoPP::AES::MAX_KEYLENGTH)));
CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Encryption pwenc;
pwenc.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size());
std::string cipher;
CryptoPP::StringSource(data, true, new CryptoPP::AuthenticatedEncryptionFilter(pwenc, new CryptoPP::StringSink(cipher), false, 16));
}
{
const CryptoPP::SecByteBlock key;
const CryptoPP::SecByteBlock iv;
CryptoPP::GCM< CryptoPP::AES, CryptoPP::GCM_64K_Tables >::Decryption pwdec;
pwdec.SetKeyWithIV(key.data(), key.size(), iv.data(), iv.size());
}
{
CryptoPP::SecByteBlock ret(0, CryptoPP::AES::BLOCKSIZE);
std::string str;
CryptoPP::StringSource(str, true, new CryptoPP::Base64Decoder(new CryptoPP::ArraySink(ret, CryptoPP::AES::BLOCKSIZE)));
}
return 0;
}