summaryrefslogtreecommitdiffstats
path: root/lib/cryptopp/default.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'lib/cryptopp/default.cpp')
-rw-r--r--lib/cryptopp/default.cpp258
1 files changed, 258 insertions, 0 deletions
diff --git a/lib/cryptopp/default.cpp b/lib/cryptopp/default.cpp
new file mode 100644
index 000000000..72940784d
--- /dev/null
+++ b/lib/cryptopp/default.cpp
@@ -0,0 +1,258 @@
+// default.cpp - written and placed in the public domain by Wei Dai
+
+#include "pch.h"
+#include "default.h"
+#include "queue.h"
+#include <time.h>
+#include <memory>
+
+NAMESPACE_BEGIN(CryptoPP)
+
+static const unsigned int MASH_ITERATIONS = 200;
+static const unsigned int SALTLENGTH = 8;
+static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE;
+static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH;
+
+// The purpose of this function Mash() is to take an arbitrary length input
+// string and *deterministicly* produce an arbitrary length output string such
+// that (1) it looks random, (2) no information about the input is
+// deducible from it, and (3) it contains as much entropy as it can hold, or
+// the amount of entropy in the input string, whichever is smaller.
+
+static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations)
+{
+ if (BytePrecision(outLen) > 2)
+ throw InvalidArgument("Mash: output legnth too large");
+
+ size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)DefaultHashModule::DIGESTSIZE);
+ byte b[2];
+ SecByteBlock buf(bufSize);
+ SecByteBlock outBuf(bufSize);
+ DefaultHashModule hash;
+
+ unsigned int i;
+ for(i=0; i<outLen; i+=DefaultHashModule::DIGESTSIZE)
+ {
+ b[0] = (byte) (i >> 8);
+ b[1] = (byte) i;
+ hash.Update(b, 2);
+ hash.Update(in, inLen);
+ hash.Final(outBuf+i);
+ }
+
+ while (iterations-- > 1)
+ {
+ memcpy(buf, outBuf, bufSize);
+ for (i=0; i<bufSize; i+=DefaultHashModule::DIGESTSIZE)
+ {
+ b[0] = (byte) (i >> 8);
+ b[1] = (byte) i;
+ hash.Update(b, 2);
+ hash.Update(buf, bufSize);
+ hash.Final(outBuf+i);
+ }
+ }
+
+ memcpy(out, outBuf, outLen);
+}
+
+static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const byte *salt, size_t saltLength, byte *key, byte *IV)
+{
+ SecByteBlock temp(passphraseLength+saltLength);
+ memcpy(temp, passphrase, passphraseLength);
+ memcpy(temp+passphraseLength, salt, saltLength);
+ SecByteBlock keyIV(KEYLENGTH+BLOCKSIZE);
+ Mash(temp, passphraseLength + saltLength, keyIV, KEYLENGTH+BLOCKSIZE, MASH_ITERATIONS);
+ memcpy(key, keyIV, KEYLENGTH);
+ memcpy(IV, keyIV+KEYLENGTH, BLOCKSIZE);
+}
+
+// ********************************************************
+
+DefaultEncryptor::DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment)
+ : ProxyFilter(NULL, 0, 0, attachment), m_passphrase((const byte *)passphrase, strlen(passphrase))
+{
+}
+
+DefaultEncryptor::DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)
+ : ProxyFilter(NULL, 0, 0, attachment), m_passphrase(passphrase, passphraseLength)
+{
+}
+
+
+void DefaultEncryptor::FirstPut(const byte *)
+{
+ // VC60 workaround: __LINE__ expansion bug
+ CRYPTOPP_COMPILE_ASSERT_INSTANCE(SALTLENGTH <= DefaultHashModule::DIGESTSIZE, 1);
+ CRYPTOPP_COMPILE_ASSERT_INSTANCE(BLOCKSIZE <= DefaultHashModule::DIGESTSIZE, 2);
+
+ SecByteBlock salt(DefaultHashModule::DIGESTSIZE), keyCheck(DefaultHashModule::DIGESTSIZE);
+ DefaultHashModule hash;
+
+ // use hash(passphrase | time | clock) as salt
+ hash.Update(m_passphrase, m_passphrase.size());
+ time_t t=time(0);
+ hash.Update((byte *)&t, sizeof(t));
+ clock_t c=clock();
+ hash.Update((byte *)&c, sizeof(c));
+ hash.Final(salt);
+
+ // use hash(passphrase | salt) as key check
+ hash.Update(m_passphrase, m_passphrase.size());
+ hash.Update(salt, SALTLENGTH);
+ hash.Final(keyCheck);
+
+ AttachedTransformation()->Put(salt, SALTLENGTH);
+
+ // mash passphrase and salt together into key and IV
+ SecByteBlock key(KEYLENGTH);
+ SecByteBlock IV(BLOCKSIZE);
+ GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV);
+
+ m_cipher.SetKeyWithIV(key, key.size(), IV);
+ SetFilter(new StreamTransformationFilter(m_cipher));
+
+ m_filter->Put(keyCheck, BLOCKSIZE);
+}
+
+void DefaultEncryptor::LastPut(const byte *inString, size_t length)
+{
+ m_filter->MessageEnd();
+}
+
+// ********************************************************
+
+DefaultDecryptor::DefaultDecryptor(const char *p, BufferedTransformation *attachment, bool throwException)
+ : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment)
+ , m_state(WAITING_FOR_KEYCHECK)
+ , m_passphrase((const byte *)p, strlen(p))
+ , m_throwException(throwException)
+{
+}
+
+DefaultDecryptor::DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)
+ : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment)
+ , m_state(WAITING_FOR_KEYCHECK)
+ , m_passphrase(passphrase, passphraseLength)
+ , m_throwException(throwException)
+{
+}
+
+void DefaultDecryptor::FirstPut(const byte *inString)
+{
+ CheckKey(inString, inString+SALTLENGTH);
+}
+
+void DefaultDecryptor::LastPut(const byte *inString, size_t length)
+{
+ if (m_filter.get() == NULL)
+ {
+ m_state = KEY_BAD;
+ if (m_throwException)
+ throw KeyBadErr();
+ }
+ else
+ {
+ m_filter->MessageEnd();
+ m_state = WAITING_FOR_KEYCHECK;
+ }
+}
+
+void DefaultDecryptor::CheckKey(const byte *salt, const byte *keyCheck)
+{
+ SecByteBlock check(STDMAX((unsigned int)2*BLOCKSIZE, (unsigned int)DefaultHashModule::DIGESTSIZE));
+
+ DefaultHashModule hash;
+ hash.Update(m_passphrase, m_passphrase.size());
+ hash.Update(salt, SALTLENGTH);
+ hash.Final(check);
+
+ SecByteBlock key(KEYLENGTH);
+ SecByteBlock IV(BLOCKSIZE);
+ GenerateKeyIV(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, key, IV);
+
+ m_cipher.SetKeyWithIV(key, key.size(), IV);
+ std::auto_ptr<StreamTransformationFilter> decryptor(new StreamTransformationFilter(m_cipher));
+
+ decryptor->Put(keyCheck, BLOCKSIZE);
+ decryptor->ForceNextPut();
+ decryptor->Get(check+BLOCKSIZE, BLOCKSIZE);
+
+ SetFilter(decryptor.release());
+
+ if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE))
+ {
+ m_state = KEY_BAD;
+ if (m_throwException)
+ throw KeyBadErr();
+ }
+ else
+ m_state = KEY_GOOD;
+}
+
+// ********************************************************
+
+static DefaultMAC * NewDefaultEncryptorMAC(const byte *passphrase, size_t passphraseLength)
+{
+ size_t macKeyLength = DefaultMAC::StaticGetValidKeyLength(16);
+ SecByteBlock macKey(macKeyLength);
+ // since the MAC is encrypted there is no reason to mash the passphrase for many iterations
+ Mash(passphrase, passphraseLength, macKey, macKeyLength, 1);
+ return new DefaultMAC(macKey, macKeyLength);
+}
+
+DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment)
+ : ProxyFilter(NULL, 0, 0, attachment)
+ , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase)))
+{
+ SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase), true));
+}
+
+DefaultEncryptorWithMAC::DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)
+ : ProxyFilter(NULL, 0, 0, attachment)
+ , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength))
+{
+ SetFilter(new HashFilter(*m_mac, new DefaultEncryptor(passphrase, passphraseLength), true));
+}
+
+void DefaultEncryptorWithMAC::LastPut(const byte *inString, size_t length)
+{
+ m_filter->MessageEnd();
+}
+
+// ********************************************************
+
+DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment, bool throwException)
+ : ProxyFilter(NULL, 0, 0, attachment)
+ , m_mac(NewDefaultEncryptorMAC((const byte *)passphrase, strlen(passphrase)))
+ , m_throwException(throwException)
+{
+ SetFilter(new DefaultDecryptor(passphrase, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException));
+}
+
+DefaultDecryptorWithMAC::DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)
+ : ProxyFilter(NULL, 0, 0, attachment)
+ , m_mac(NewDefaultEncryptorMAC(passphrase, passphraseLength))
+ , m_throwException(throwException)
+{
+ SetFilter(new DefaultDecryptor(passphrase, passphraseLength, m_hashVerifier=new HashVerifier(*m_mac, NULL, HashVerifier::PUT_MESSAGE), throwException));
+}
+
+DefaultDecryptor::State DefaultDecryptorWithMAC::CurrentState() const
+{
+ return static_cast<const DefaultDecryptor *>(m_filter.get())->CurrentState();
+}
+
+bool DefaultDecryptorWithMAC::CheckLastMAC() const
+{
+ return m_hashVerifier->GetLastResult();
+}
+
+void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length)
+{
+ m_filter->MessageEnd();
+ if (m_throwException && !CheckLastMAC())
+ throw MACBadErr();
+}
+
+NAMESPACE_END