2220 lines
82 KiB
C++
2220 lines
82 KiB
C++
//========= Copyright Valve Corporation, All rights reserved. ============//
|
|
//
|
|
// Purpose:
|
|
//
|
|
// $NoKeywords: $
|
|
//=============================================================================
|
|
|
|
// Note: not using precompiled headers. The crypto++ headers create gunk that anyone including them
|
|
// has to link to, so they can't be included in the global project file. They also contain
|
|
// string functions which are deprecated by the global project file so they can't be included after, either.
|
|
// So we can't use the global precompiled header, need to manually include the things we need.
|
|
|
|
#include "winlite.h"
|
|
|
|
#ifdef POSIX
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#endif
|
|
|
|
/* this stuff needs to be before the crypto headers, as it relies on memdbg, which doesn't
|
|
do the right thing in the face of xdebug getting included below */
|
|
// tier0
|
|
//#include "tier0/tier0.h"
|
|
#include "tier0/basetypes.h"
|
|
#include "tier0/vprof.h"
|
|
//#include "constants.h"
|
|
#include "vstdlib/vstdlib.h"
|
|
#include "strtools.h"
|
|
//#include "version.h"
|
|
//#include "globals.h"
|
|
//#include "ivalidate.h"
|
|
#include "tier1/utlvector.h"
|
|
#include "simplebitstring.h"
|
|
#include "tier1/checksum_sha1.h"
|
|
#include "tier0/memdbgon.h"
|
|
#include "tier0/tslist.h"
|
|
#include "tier0/memdbgoff.h"
|
|
|
|
|
|
#ifdef ENABLE_OPENSSLCONNECTION
|
|
#define USE_OPENSSL_AES_DECRYPT 1
|
|
#endif
|
|
|
|
#ifdef USE_OPENSSL_AES_DECRYPT
|
|
// openssl optimized AES routines
|
|
#include "openssl/aes.h"
|
|
#if defined(_M_IX86) || defined (_M_X64) || defined(__i386__) || defined(__x86_64__)
|
|
#include <emmintrin.h>
|
|
#endif
|
|
#endif
|
|
|
|
// crypto ++
|
|
#include "tier0/valve_off.h"
|
|
#include "../external/crypto++-5.6.3/cryptopushdisablewarnings.h"
|
|
#if _MSC_VER < 1400 // doesn't work with vc8, things below need xdebug
|
|
#define _XDEBUG_ // keep crypto++-5.2 from including xdebug
|
|
// these are defined in xdebug and used in some subsequent headers, define them to be our version
|
|
#define _NEW_CRT new
|
|
#define _DELETE_CRT(_P) delete (_P)
|
|
#define _DELETE_CRT_VEC(_P) delete[] (_P)
|
|
#define _STRING_CRT string
|
|
#endif
|
|
#define CRYPTOPP_DLL
|
|
#undef min
|
|
#undef max
|
|
#undef Verify
|
|
#define VPROF_BUDGETGROUP_ENCRYPTION _T("Encryption")
|
|
#define SPEW_CRYPTO "crypto"
|
|
const int k_cMedBuff = 1024; // medium buffer
|
|
|
|
#if defined(GNUC)
|
|
#pragma GCC diagnostic ignored "-Wshadow"
|
|
#endif
|
|
|
|
#include "../external/crypto++-5.6.3/cryptlib.h"
|
|
#include "../external/crypto++-5.6.3/osrng.h"
|
|
#include "../external/crypto++-5.6.3/crc.h"
|
|
#include "../external/crypto++-5.6.3/modes.h"
|
|
#include "../external/crypto++-5.6.3/files.h"
|
|
#include "../external/crypto++-5.6.3/hex.h"
|
|
#include "../external/crypto++-5.6.3/base64.h"
|
|
#include "../external/crypto++-5.6.3/base32.h"
|
|
#include "../external/crypto++-5.6.3/words.h"
|
|
#include "../external/crypto++-5.6.3/rsa.h"
|
|
#include "../external/crypto++-5.6.3/aes.h"
|
|
#include "../external/crypto++-5.6.3/hmac.h"
|
|
#include "../external/crypto++-5.6.3/zlib.h"
|
|
#include "../external/crypto++-5.6.3/gzip.h"
|
|
#include "../external/crypto++-5.6.3/pwdbased.h"
|
|
using namespace CryptoPP;
|
|
typedef AutoSeededX917RNG<AES> CAutoSeededRNG;
|
|
#include "../external/crypto++-5.6.3/cryptopopdisablewarnings.h"
|
|
|
|
#if defined(GNUC)
|
|
#pragma GCC diagnostic warning "-Wshadow"
|
|
#endif
|
|
|
|
#include "tier0/memdbgon.h"
|
|
#include "tier0/valve_on.h"
|
|
|
|
#include "crypto.h"
|
|
#define max(a,b) (((a) > (b)) ? (a) : (b))
|
|
#define min(a,b) (((a) < (b)) ? (a) : (b))
|
|
|
|
|
|
// list of auto-seeded RNG pointers
|
|
// these are very expensive to construct, so it makes sense to cache them
|
|
CTSList<CAutoSeededRNG> g_tslistPAutoSeededRNG;
|
|
|
|
// to avoid deconstructor order issuses we allow to manually free the list
|
|
void FreeListRNG()
|
|
{
|
|
g_tslistPAutoSeededRNG.Purge();
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: thread-safe access to a pool of cryptoPP random number generators
|
|
//-----------------------------------------------------------------------------
|
|
class CPoolAllocatedRNG
|
|
{
|
|
public:
|
|
CPoolAllocatedRNG()
|
|
{
|
|
m_pRNGNode = g_tslistPAutoSeededRNG.Pop();
|
|
if ( !m_pRNGNode )
|
|
{
|
|
m_pRNGNode = new CTSList<CAutoSeededRNG>::Node_t;
|
|
}
|
|
}
|
|
|
|
~CPoolAllocatedRNG()
|
|
{
|
|
g_tslistPAutoSeededRNG.Push( m_pRNGNode );
|
|
}
|
|
|
|
CAutoSeededRNG &GetRNG()
|
|
{
|
|
return m_pRNGNode->elem;
|
|
}
|
|
|
|
private:
|
|
CTSList<CAutoSeededRNG>::Node_t *m_pRNGNode;
|
|
};
|
|
|
|
// force run this static construction code
|
|
class CGlobalInitConstructor
|
|
{
|
|
public:
|
|
CGlobalInitConstructor()
|
|
{
|
|
// we have to use this function once since the underlying static constructor
|
|
// is not thread safe. See use of MicrosoftCryptoProvider in Crypto++
|
|
CAutoSeededRNG rng;
|
|
rng.GenerateByte();
|
|
}
|
|
};
|
|
|
|
volatile static CGlobalInitConstructor s_StaticCryptoConstructor;
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Encrypts the specified data with the specified key. Uses AES (Rijndael) symmetric
|
|
// encryption. The encrypted data may then be decrypted by calling SymmetricDecrypt
|
|
// with the same key.
|
|
// Input: pubPlaintextData - Data to be encrypted
|
|
// cubPlaintextData - Size of data to be encrypted
|
|
// pIV - Pointer to initialization vector
|
|
// cubIV - Size of initialization vector
|
|
// pubEncryptedData - Pointer to buffer to receive encrypted data
|
|
// pcubEncryptedData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for encrypted data. When the method returns, this will contain
|
|
// the actual size of the encrypted data.
|
|
// pubKey - the key to encrypt the data with
|
|
// cubKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if encryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::SymmetricEncryptWithIV( const uint8 *pubPlaintextData, const uint32 cubPlaintextData,
|
|
const uint8 *pIV, const uint32 cubIV,
|
|
uint8 *pubEncryptedData, uint32 *pcubEncryptedData,
|
|
const uint8 *pubKey, const uint32 cubKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::SymmetricEncrypt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubPlaintextData );
|
|
Assert( cubPlaintextData );
|
|
Assert( pubEncryptedData );
|
|
Assert( pcubEncryptedData );
|
|
Assert( *pcubEncryptedData );
|
|
Assert( pubKey );
|
|
Assert( k_nSymmetricKeyLen == cubKey ); // the only key length supported is k_nSymmetricKeyLen
|
|
|
|
bool bRet = false;
|
|
|
|
uint32 cubEncryptedData = *pcubEncryptedData; // remember how big the caller's buffer is
|
|
bool bUseTempBuffer = false;
|
|
uint8 *pTemp = pubEncryptedData;
|
|
|
|
|
|
//
|
|
// Crypto++ does not play well with overlapping buffers. If the buffers are
|
|
// overlapping, then allocate some temp space to use for the encryption.
|
|
//
|
|
// It does work fine with _identical_ buffers.
|
|
//
|
|
if ( ( pubEncryptedData + cubEncryptedData >= pubPlaintextData ) &&
|
|
( pubPlaintextData + cubPlaintextData >= pubEncryptedData ) )
|
|
{
|
|
pTemp = new uint8[cubEncryptedData];
|
|
bUseTempBuffer = true;
|
|
}
|
|
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
if ( pTemp != NULL )
|
|
{
|
|
AESEncryption aesEncrypt( pubKey, cubKey );
|
|
|
|
byte rgubIVEncrypted[k_cMedBuff];
|
|
Assert( Q_ARRAYSIZE( rgubIVEncrypted ) >= aesEncrypt.BlockSize() );
|
|
Assert( pIV != NULL && cubIV >= aesEncrypt.BlockSize() );
|
|
|
|
ArraySink * pOutputSink = new ArraySink( pTemp, *pcubEncryptedData );
|
|
|
|
// encrypt the initial vector with the key
|
|
aesEncrypt.ProcessBlock( pIV, rgubIVEncrypted );
|
|
|
|
// store the encrypted IV in the output - the recipient will need it
|
|
pOutputSink->Put( rgubIVEncrypted, aesEncrypt.BlockSize() );
|
|
|
|
// encrypt the message, given the key & IV
|
|
CBC_Mode_ExternalCipher::Encryption cipher( aesEncrypt, pIV );
|
|
// Note: StreamTransformationFilter now owns the pointer to pOutputSink and will
|
|
// free it when the filter goes out of scope and destructs
|
|
StreamTransformationFilter filter( cipher, pOutputSink );
|
|
filter.Put( (byte *) pubPlaintextData, cubPlaintextData );
|
|
filter.MessageEnd();
|
|
// return length of encrypted data to caller
|
|
*pcubEncryptedData = pOutputSink->TotalPutLength();
|
|
// CryptoPP may leave garbage hanging around in the caller's buffer past the stated output length.
|
|
// Just to be safe, zero out caller's buffer from end out output to end of max buffer
|
|
if ( bUseTempBuffer )
|
|
{
|
|
Q_memcpy( pubEncryptedData, pTemp, *pcubEncryptedData );
|
|
}
|
|
Q_memset( pubEncryptedData + *pcubEncryptedData, 0, (cubEncryptedData - *pcubEncryptedData ) );
|
|
bRet = true;
|
|
}
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::SymmetricEncrypt: crypto++ threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
if ( bUseTempBuffer )
|
|
{
|
|
delete[] pTemp;
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Encrypts the specified data with the specified key. Uses AES (Rijndael) symmetric
|
|
// encryption. The encrypted data may then be decrypted by calling SymmetricDecrypt
|
|
// with the same key. Generates a random initialization vector of the
|
|
// appropriate size.
|
|
// Input: pubPlaintextData - Data to be encrypted
|
|
// cubPlaintextData - Size of data to be encrypted
|
|
// pubEncryptedData - Pointer to buffer to receive encrypted data
|
|
// pcubEncryptedData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for encrypted data. When the method returns, this will contain
|
|
// the actual size of the encrypted data.
|
|
// pubKey - the key to encrypt the data with
|
|
// cubKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if encryption failed
|
|
//-----------------------------------------------------------------------------
|
|
|
|
bool CCrypto::SymmetricEncrypt( const uint8 *pubPlaintextData, const uint32 cubPlaintextData,
|
|
uint8 *pubEncryptedData, uint32 *pcubEncryptedData,
|
|
const uint8 *pubKey, const uint32 cubKey )
|
|
{
|
|
bool bRet = false;
|
|
|
|
//
|
|
// Generate a random IV
|
|
//
|
|
AESEncryption aesEncrypt( pubKey, cubKey );
|
|
byte rgubIV[k_cMedBuff];
|
|
CPoolAllocatedRNG rng;
|
|
rng.GetRNG().GenerateBlock( rgubIV, aesEncrypt.BlockSize() );
|
|
|
|
bRet = SymmetricEncryptWithIV( pubPlaintextData, cubPlaintextData, rgubIV, aesEncrypt.BlockSize(), pubEncryptedData, pcubEncryptedData, pubKey, cubKey );
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
#ifdef USE_OPENSSL_AES_DECRYPT
|
|
|
|
// Local helper to perform AES+CBC decryption using optimized OpenSSL AES routines
|
|
static bool BDecryptAESUsingOpenSSL( const uint8 *pubEncryptedData, uint32 cubEncryptedData, uint8 *pubPlaintextData, uint32 *pcubPlaintextData, AES_KEY *key, const uint8 *pIV )
|
|
{
|
|
COMPILE_TIME_ASSERT( k_nSymmetricBlockSize == 16 );
|
|
|
|
// Block cipher encrypted text must be a multiple of the block size
|
|
if ( cubEncryptedData % k_nSymmetricBlockSize != 0 )
|
|
return false;
|
|
|
|
// Enough input? Requirement is one padded final block
|
|
if ( cubEncryptedData < k_nSymmetricBlockSize )
|
|
return false;
|
|
|
|
// Enough output space for all the full non-final blocks?
|
|
if ( *pcubPlaintextData < cubEncryptedData - k_nSymmetricBlockSize )
|
|
return false;
|
|
|
|
uint8 rgubWorking[k_nSymmetricBlockSize];
|
|
uint32 nDecrypted = 0;
|
|
|
|
// Process non-final blocks
|
|
#if defined(_M_IX86) || defined (_M_X64) || defined(__i386__) || defined(__x86_64__)
|
|
// ... believe it or not, Steam client on Windows supports Athlon XP without SSE2
|
|
if ( !IsWindows() || GetCPUInformation().m_bSSE2 )
|
|
{
|
|
while ( nDecrypted < cubEncryptedData - k_nSymmetricBlockSize )
|
|
{
|
|
AES_decrypt( pubEncryptedData + nDecrypted, rgubWorking, key );
|
|
__m128i m128Temp = _mm_xor_si128( _mm_loadu_si128( (__m128i*)pIV ), _mm_loadu_si128( (__m128i*)rgubWorking ) );
|
|
pIV = pubEncryptedData + nDecrypted;
|
|
nDecrypted += k_nSymmetricBlockSize;
|
|
_mm_storeu_si128( (__m128i* RESTRICT)( pubPlaintextData + nDecrypted - k_nSymmetricBlockSize ), m128Temp );
|
|
}
|
|
}
|
|
else
|
|
#endif
|
|
{
|
|
while ( nDecrypted < cubEncryptedData - k_nSymmetricBlockSize )
|
|
{
|
|
AES_decrypt( pubEncryptedData + nDecrypted, rgubWorking, key );
|
|
for ( int i = 0; i < k_nSymmetricBlockSize; ++i )
|
|
pubPlaintextData[nDecrypted + i] = rgubWorking[i] ^ pIV[i];
|
|
pIV = pubEncryptedData + nDecrypted;
|
|
nDecrypted += k_nSymmetricBlockSize;
|
|
}
|
|
}
|
|
|
|
// Process final block into rgubWorking for padding inspection
|
|
Assert( nDecrypted == cubEncryptedData - k_nSymmetricBlockSize );
|
|
AES_decrypt( pubEncryptedData + nDecrypted, rgubWorking, key );
|
|
for ( int i = 0; i < k_nSymmetricBlockSize; ++i )
|
|
rgubWorking[i] ^= pIV[i];
|
|
|
|
// Get final block padding length and make sure it is backfilled properly (PKCS#5)
|
|
uint8 pad = rgubWorking[ k_nSymmetricBlockSize - 1 ];
|
|
if ( pad < 1 || pad > k_nSymmetricBlockSize )
|
|
return false;
|
|
for ( int i = k_nSymmetricBlockSize - pad; i < k_nSymmetricBlockSize; ++i )
|
|
if ( rgubWorking[i] != pad )
|
|
return false;
|
|
|
|
// Check that we have enough space for final bytes
|
|
if ( *pcubPlaintextData < nDecrypted + k_nSymmetricBlockSize - pad )
|
|
return false;
|
|
|
|
// Write any non-pad bytes from rgubWorking to pubPlaintextData
|
|
for ( int i = 0; i < k_nSymmetricBlockSize - pad; ++i )
|
|
pubPlaintextData[nDecrypted++] = rgubWorking[i];
|
|
|
|
// The old CryptoPP path zeros out the entire destination buffer, but that
|
|
// behavior isn't documented or even expected. We'll just zero out one byte
|
|
// in case anyone relies on string termination, but that zero isn't counted.
|
|
if ( *pcubPlaintextData > nDecrypted )
|
|
pubPlaintextData[nDecrypted] = 0;
|
|
|
|
*pcubPlaintextData = nDecrypted;
|
|
return true;
|
|
}
|
|
|
|
#else
|
|
|
|
/* function, not method */
|
|
static bool SymmetricDecryptWorker( const uint8 *pubEncryptedData, uint32 cubEncryptedData,
|
|
const uint8 * pIV, uint32 cubIV,
|
|
uint8 *pubPlaintextData, uint32 *pcubPlaintextData,
|
|
AESDecryption &aesDecrypt )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::SymmetricDecrypt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubEncryptedData );
|
|
Assert( cubEncryptedData);
|
|
Assert( pIV );
|
|
Assert( cubIV );
|
|
Assert( pubPlaintextData );
|
|
Assert( pcubPlaintextData );
|
|
Assert( *pcubPlaintextData );
|
|
|
|
bool bRet = false;
|
|
|
|
uint32 cubPlaintextData = *pcubPlaintextData; // remember how big the caller's buffer is
|
|
bool bUseTempBuffer = false;
|
|
uint8* pTemp = pubPlaintextData;
|
|
|
|
//
|
|
// Crypto++ does not play nice with decrypting in place. If the buffers are
|
|
// overlapping, then allocate some temp space to use for the decryption.
|
|
//
|
|
// It does work fine with _identical_ buffers, but due to the way we store
|
|
// the IV in the returned encrypted data we never actually hit that case.
|
|
//
|
|
if ( ( pubEncryptedData + cubEncryptedData >= pubPlaintextData ) &&
|
|
( pubPlaintextData + cubPlaintextData >= pubEncryptedData ) )
|
|
{
|
|
pTemp = new uint8[cubPlaintextData];
|
|
bUseTempBuffer = true;
|
|
}
|
|
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
if ( pTemp != NULL )
|
|
{
|
|
CryptoPP::ArraySink* pOutputSink = new CryptoPP::ArraySink( pTemp, *pcubPlaintextData );
|
|
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbc( aesDecrypt, pIV );
|
|
// Note: StreamTransformationFilter now owns the pointer to pOutputSink and will
|
|
// free it when the filter goes out of scope and destructs
|
|
CryptoPP::StreamTransformationFilter padding( cbc, pOutputSink );
|
|
padding.Put( pubEncryptedData, cubEncryptedData );
|
|
padding.MessageEnd();
|
|
// return length of decrypted data to caller
|
|
*pcubPlaintextData = pOutputSink->TotalPutLength();
|
|
// CryptoPP may leave garbage hanging around in the caller's buffer past the stated output length.
|
|
// Just to be safe, zero out caller's buffer from end out output to end of max buffer
|
|
if ( bUseTempBuffer )
|
|
{
|
|
Q_memcpy( pubPlaintextData, pTemp, *pcubPlaintextData );
|
|
}
|
|
Q_memset( pubPlaintextData + *pcubPlaintextData, 0, (cubPlaintextData - *pcubPlaintextData ) );
|
|
|
|
bRet = true;
|
|
}
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 4, "CCrypto::SymmetricDecrypt: crypto++ threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
if ( bUseTempBuffer )
|
|
{
|
|
delete[] pTemp;
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Decrypts the specified data with the specified key. Uses AES (Rijndael) symmetric
|
|
// decryption.
|
|
// Input: pubEncryptedData - Data to be decrypted
|
|
// cubEncryptedData - Size of data to be decrypted
|
|
// pubPlaintextData - Pointer to buffer to receive decrypted data
|
|
// pcubPlaintextData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for decrypted data. When the method returns, this will contain
|
|
// the actual size of the decrypted data.
|
|
// pubKey - the key to decrypt the data with
|
|
// cubKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if decryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::SymmetricDecrypt( const uint8 *pubEncryptedData, uint32 cubEncryptedData,
|
|
uint8 *pubPlaintextData, uint32 *pcubPlaintextData,
|
|
const uint8 *pubKey, const uint32 cubKey )
|
|
{
|
|
Assert( pubEncryptedData );
|
|
Assert( cubEncryptedData);
|
|
Assert( pubPlaintextData );
|
|
Assert( pcubPlaintextData );
|
|
Assert( *pcubPlaintextData );
|
|
Assert( pubKey );
|
|
Assert( k_nSymmetricKeyLen == cubKey ); // the only key length supported is k_nSymmetricKeyLen
|
|
|
|
// the initialization vector (IV) must be stored in the first block of bytes.
|
|
// If the size of encrypted data is not at least the block size, it is not valid
|
|
if ( cubEncryptedData < k_nSymmetricBlockSize )
|
|
return false;
|
|
|
|
#ifdef USE_OPENSSL_AES_DECRYPT
|
|
|
|
AES_KEY key;
|
|
if ( AES_set_decrypt_key( pubKey, cubKey * 8, &key ) < 0 )
|
|
return false;
|
|
|
|
// Our first block is straight AES block encryption of IV with user key, no XOR.
|
|
uint8 rgubIV[ k_nSymmetricBlockSize ];
|
|
AES_decrypt( pubEncryptedData, rgubIV, &key );
|
|
pubEncryptedData += k_nSymmetricBlockSize;
|
|
cubEncryptedData -= k_nSymmetricBlockSize;
|
|
|
|
return BDecryptAESUsingOpenSSL( pubEncryptedData, cubEncryptedData, pubPlaintextData, pcubPlaintextData, &key, rgubIV );
|
|
|
|
#else
|
|
|
|
AESDecryption aesDecrypt( pubKey, cubKey );
|
|
Assert( k_nSymmetricBlockSize == aesDecrypt.BlockSize() );
|
|
|
|
// Decrypt the IV
|
|
byte rgubIV[k_cMedBuff];
|
|
Assert( Q_ARRAYSIZE( rgubIV ) >= aesDecrypt.BlockSize() );
|
|
aesDecrypt.ProcessBlock( pubEncryptedData, rgubIV );
|
|
|
|
// We have now consumed the IV, so remove it from the front of the message
|
|
pubEncryptedData += k_nSymmetricBlockSize;
|
|
cubEncryptedData -= k_nSymmetricBlockSize;
|
|
|
|
// given the IV stored in the message, and the key, decrypt the message
|
|
return SymmetricDecryptWorker( pubEncryptedData, cubEncryptedData,
|
|
rgubIV, aesDecrypt.BlockSize(),
|
|
pubPlaintextData, pcubPlaintextData,
|
|
aesDecrypt );
|
|
|
|
#endif
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Decrypts the specified data with the specified key. Uses AES (Rijndael) symmetric
|
|
// decryption.
|
|
// Input: pubEncryptedData - Data to be decrypted
|
|
// cubEncryptedData - Size of data to be decrypted
|
|
// pIV - Initialization vector. Byte array one block in size.
|
|
// cubIV - size of IV. This should be 16 (one block, 128 bits)
|
|
// pubPlaintextData - Pointer to buffer to receive decrypted data
|
|
// pcubPlaintextData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for decrypted data. When the method returns, this will contain
|
|
// the actual size of the decrypted data.
|
|
// pubKey - the key to decrypt the data with
|
|
// cubKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if decryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::SymmetricDecryptWithIV( const uint8 *pubEncryptedData, uint32 cubEncryptedData,
|
|
const uint8 * pIV, uint32 cubIV,
|
|
uint8 *pubPlaintextData, uint32 *pcubPlaintextData,
|
|
const uint8 *pubKey, const uint32 cubKey )
|
|
{
|
|
Assert( pubEncryptedData );
|
|
Assert( cubEncryptedData);
|
|
Assert( pIV );
|
|
Assert( cubIV );
|
|
Assert( pubPlaintextData );
|
|
Assert( pcubPlaintextData );
|
|
Assert( *pcubPlaintextData );
|
|
Assert( pubKey );
|
|
Assert( k_nSymmetricKeyLen == cubKey ); // the only key length supported is k_nSymmetricKeyLen
|
|
|
|
// IV input into CBC must be exactly one block size
|
|
if ( cubIV != k_nSymmetricBlockSize )
|
|
return false;
|
|
|
|
#ifdef USE_OPENSSL_AES_DECRYPT
|
|
|
|
AES_KEY key;
|
|
if ( AES_set_decrypt_key( pubKey, cubKey * 8, &key ) < 0 )
|
|
return false;
|
|
|
|
return BDecryptAESUsingOpenSSL( pubEncryptedData, cubEncryptedData, pubPlaintextData, pcubPlaintextData, &key, pIV );
|
|
|
|
#else
|
|
|
|
AESDecryption aesDecrypt( pubKey, cubKey );
|
|
Assert( k_nSymmetricBlockSize == aesDecrypt.BlockSize() );
|
|
|
|
return SymmetricDecryptWorker( pubEncryptedData, cubEncryptedData,
|
|
pIV, cubIV,
|
|
pubPlaintextData, pcubPlaintextData,
|
|
aesDecrypt );
|
|
|
|
#endif
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: For specified plaintext data size, returns what size of symmetric
|
|
// encrypted data will be
|
|
//-----------------------------------------------------------------------------
|
|
uint32 CCrypto::GetSymmetricEncryptedSize( uint32 cubPlaintextData )
|
|
{
|
|
// empirically determined encrypted size as function of plaintext size for AES encryption
|
|
uint k_cubBlock = 16;
|
|
uint k_cubHeader = 16;
|
|
return k_cubHeader + ( ( cubPlaintextData / k_cubBlock ) * k_cubBlock ) + k_cubBlock;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Encrypts the specified data with the specified text password.
|
|
// Uses the SHA256 hash of the password as the key for AES (Rijndael) symmetric
|
|
// encryption. A SHA1 HMAC of the result is appended, for authentication on
|
|
// the receiving end.
|
|
// The encrypted data may then be decrypted by calling DecryptWithPasswordAndAuthenticate
|
|
// with the same password.
|
|
// Input: pubPlaintextData - Data to be encrypted
|
|
// cubPlaintextData - Size of data to be encrypted
|
|
// pubEncryptedData - Pointer to buffer to receive encrypted data
|
|
// pcubEncryptedData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for encrypted data. When the method returns, this will contain
|
|
// the actual size of the encrypted data.
|
|
// pchPassword - text password
|
|
// Output: true if successful, false if encryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::EncryptWithPasswordAndHMAC( const uint8 *pubPlaintextData, uint32 cubPlaintextData,
|
|
uint8 * pubEncryptedData, uint32 * pcubEncryptedData,
|
|
const char *pchPassword )
|
|
{
|
|
//
|
|
// Generate a random IV
|
|
//
|
|
byte rgubIV[k_nSymmetricBlockSize];
|
|
CPoolAllocatedRNG rng;
|
|
rng.GetRNG().GenerateBlock( rgubIV, k_nSymmetricBlockSize );
|
|
|
|
return EncryptWithPasswordAndHMACWithIV( pubPlaintextData, cubPlaintextData, rgubIV, k_nSymmetricBlockSize, pubEncryptedData, pcubEncryptedData, pchPassword );
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Encrypts the specified data with the specified text password.
|
|
// Uses the SHA256 hash of the password as the key for AES (Rijndael) symmetric
|
|
// encryption. A SHA1 HMAC of the result is appended, for authentication on
|
|
// the receiving end.
|
|
// The encrypted data may then be decrypted by calling DecryptWithPasswordAndAuthenticate
|
|
// with the same password.
|
|
// Input: pubPlaintextData - Data to be encrypted
|
|
// cubPlaintextData - Size of data to be encrypted
|
|
// pIV - IV to use for AES encryption. Should be random and never used before unless you know
|
|
// exactly what you're doing.
|
|
// cubIV - size of the IV - should be same ase the AES blocksize.
|
|
// pubEncryptedData - Pointer to buffer to receive encrypted data
|
|
// pcubEncryptedData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for encrypted data. When the method returns, this will contain
|
|
// the actual size of the encrypted data.
|
|
// pchPassword - text password
|
|
// Output: true if successful, false if encryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::EncryptWithPasswordAndHMACWithIV( const uint8 *pubPlaintextData, uint32 cubPlaintextData,
|
|
const uint8 * pIV, uint32 cubIV,
|
|
uint8 * pubEncryptedData, uint32 * pcubEncryptedData,
|
|
const char *pchPassword )
|
|
{
|
|
uint8 rgubKey[k_nSymmetricKeyLen];
|
|
if ( !pchPassword || !pchPassword[0] )
|
|
return false;
|
|
|
|
if ( !cubPlaintextData )
|
|
return false;
|
|
|
|
uint32 cubBuffer = *pcubEncryptedData;
|
|
uint32 cubExpectedResult = GetSymmetricEncryptedSize( cubPlaintextData ) + sizeof( SHADigest_t );
|
|
|
|
if ( cubBuffer < cubExpectedResult )
|
|
return false;
|
|
|
|
try
|
|
{
|
|
CryptoPP::SHA256().CalculateDigest( rgubKey, (const uint8 *)pchPassword, Q_strlen( pchPassword ) );
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 4, "CCrypto::EncryptWithPassword: crypto++ threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
return false;
|
|
}
|
|
|
|
bool bRet = SymmetricEncryptWithIV( pubPlaintextData, cubPlaintextData, pIV, cubIV, pubEncryptedData, pcubEncryptedData, rgubKey, k_nSymmetricKeyLen );
|
|
if ( bRet )
|
|
{
|
|
// calc HMAC
|
|
uint32 cubEncrypted = *pcubEncryptedData;
|
|
*pcubEncryptedData += sizeof( SHADigest_t );
|
|
if ( cubBuffer < *pcubEncryptedData )
|
|
return false;
|
|
|
|
SHADigest_t *pHMAC = (SHADigest_t*)( pubEncryptedData + cubEncrypted );
|
|
bRet = CCrypto::GenerateHMAC( pubEncryptedData, cubEncrypted, rgubKey, k_nSymmetricKeyLen, pHMAC );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Decrypts the specified data with the specified password. Uses AES (Rijndael) symmetric
|
|
// decryption. First, the HMAC is verified - if it is not correct, then we know that
|
|
// the key is incorrect or the data is corrupted, and the decryption fails.
|
|
// Input: pubEncryptedData - Data to be decrypted
|
|
// cubEncryptedData - Size of data to be decrypted
|
|
// pubPlaintextData - Pointer to buffer to receive decrypted data
|
|
// pcubPlaintextData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for decrypted data. When the method returns, this will contain
|
|
// the actual size of the decrypted data.
|
|
// pchPassword - the text password to decrypt the data with
|
|
// Output: true if successful, false if decryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::DecryptWithPasswordAndAuthenticate( const uint8 * pubEncryptedData, uint32 cubEncryptedData,
|
|
uint8 * pubPlaintextData, uint32 * pcubPlaintextData,
|
|
const char *pchPassword )
|
|
{
|
|
uint8 rgubKey[k_nSymmetricKeyLen];
|
|
if ( !pchPassword || !pchPassword[0] )
|
|
return false;
|
|
|
|
if ( cubEncryptedData <= sizeof( SHADigest_t ) )
|
|
return false;
|
|
|
|
try
|
|
{
|
|
CryptoPP::SHA256().CalculateDigest( rgubKey, (const uint8 *)pchPassword, Q_strlen( pchPassword ) );
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 4, "CCrypto::EncryptWithPassword: crypto++ threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
return false;
|
|
}
|
|
|
|
uint32 cubCiphertext = cubEncryptedData - sizeof( SHADigest_t );
|
|
SHADigest_t *pHMAC = (SHADigest_t*)( pubEncryptedData + cubCiphertext );
|
|
SHADigest_t hmacActual;
|
|
bool bRet = CCrypto::GenerateHMAC( pubEncryptedData, cubCiphertext, rgubKey, k_nSymmetricKeyLen, &hmacActual );
|
|
|
|
if ( bRet )
|
|
{
|
|
// invalid ciphertext or key
|
|
if ( Q_memcmp( &hmacActual, pHMAC, sizeof( SHADigest_t ) ) )
|
|
return false;
|
|
|
|
bRet = SymmetricDecrypt( pubEncryptedData, cubCiphertext, pubPlaintextData, pcubPlaintextData, rgubKey, k_nSymmetricKeyLen );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generates a new pair of private/public RSA keys
|
|
// Input: pubPublicKey - Pointer to buffer to receive public key (should be of size k_nRSAKeyLenMax)
|
|
// pcubPublicKey - Pointer to variable that contains size of pubPublicKey buffer. At exit,
|
|
// this is filled in with the actual size of the public key
|
|
// pubPrivateKey - Pointer to buffer to receive private key (should be of size k_nRSAKeyLenMax)
|
|
// pcubPrivateKey - Pointer to variable that contains size of pubPrivateKey buffer. At exit,
|
|
// this is filled in with the actual size of the private key
|
|
// Output: true if successful, false if key generation failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSAGenerateKeys( uint8 *pubPublicKey, uint32 *pcubPublicKey, uint8 *pubPrivateKey, uint32 *pcubPrivateKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSAGenerateKeys", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
bool bRet = false;
|
|
Assert( pubPublicKey );
|
|
Assert( pcubPublicKey );
|
|
Assert( pubPrivateKey );
|
|
Assert( pcubPrivateKey );
|
|
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
// generate private key
|
|
ArraySink arraySinkPrivateKey( pubPrivateKey, *pcubPrivateKey );
|
|
CPoolAllocatedRNG rng;
|
|
RSAES_OAEP_SHA_Decryptor priv( rng.GetRNG(), k_nRSAKeyBits );
|
|
priv.DEREncode( arraySinkPrivateKey );
|
|
*pcubPrivateKey = arraySinkPrivateKey.TotalPutLength();
|
|
// generate public key
|
|
ArraySink arraySinkPublicKey( pubPublicKey, *pcubPublicKey );
|
|
RSAES_OAEP_SHA_Encryptor pub(priv);
|
|
pub.DEREncode( arraySinkPublicKey );
|
|
*pcubPublicKey = arraySinkPublicKey.TotalPutLength();
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSAGenerateKeys: crypto++ threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Encrypts the specified data with the specified RSA public key.
|
|
// The encrypted data may then be decrypted by calling RSADecrypt with the
|
|
// corresponding RSA private key.
|
|
// Input: pubPlaintextData - Data to be encrypted
|
|
// cubPlaintextData - Size of data to be encrypted
|
|
// pubEncryptedData - Pointer to buffer to receive encrypted data
|
|
// pcubEncryptedData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for encrypted data. When the method returns, this will contain
|
|
// the actual size of the encrypted data.
|
|
// pubPublicKey - the RSA public key to encrypt the data with
|
|
// cubPublicKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if encryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSAEncrypt( const uint8 *pubPlaintextData, uint32 cubPlaintextData,
|
|
uint8 *pubEncryptedData, uint32 *pcubEncryptedData,
|
|
const uint8 *pubPublicKey, const uint32 cubPublicKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSAEncrypt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
bool bRet = false;
|
|
Assert( cubPlaintextData > 0 ); // must pass in some data
|
|
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePublicKey( pubPublicKey, cubPublicKey, true );
|
|
RSAES_OAEP_SHA_Encryptor rsaEncryptor( stringSourcePublicKey );
|
|
|
|
// calculate how many blocks of encryption will we need to do
|
|
AssertFatal( rsaEncryptor.FixedMaxPlaintextLength() <= ULONG_MAX );
|
|
uint32 cBlocks = 1 + ( ( cubPlaintextData - 1 ) / (uint32)rsaEncryptor.FixedMaxPlaintextLength() );
|
|
// calculate how big the output will be
|
|
AssertFatal( rsaEncryptor.FixedCiphertextLength() <= ULONG_MAX / cBlocks );
|
|
uint32 cubCipherText = cBlocks * (uint32)rsaEncryptor.FixedCiphertextLength();
|
|
Assert( cubCipherText > 0 );
|
|
|
|
// ensure there is sufficient room in output buffer for result
|
|
if ( cubCipherText > ( *pcubEncryptedData ) )
|
|
{
|
|
AssertMsg2( false, "CCrypto::RSAEncrypt: insufficient output buffer for encryption, needed %d got %d\n",
|
|
cubCipherText, *pcubEncryptedData );
|
|
return false;
|
|
}
|
|
|
|
// encrypt the message, using as many blocks as required
|
|
CPoolAllocatedRNG rng;
|
|
for ( uint32 nBlock = 0; nBlock < cBlocks; nBlock++ )
|
|
{
|
|
// encrypt either all remaining plaintext, or maximum allowed plaintext per RSA encryption operation
|
|
uint32 cubToEncrypt = min( cubPlaintextData, (uint32)rsaEncryptor.FixedMaxPlaintextLength() );
|
|
// encrypt the plaintext
|
|
rsaEncryptor.Encrypt( rng.GetRNG(), pubPlaintextData, cubToEncrypt, pubEncryptedData );
|
|
// adjust input and output pointers and remaining plaintext byte count
|
|
pubPlaintextData += cubToEncrypt;
|
|
cubPlaintextData -= cubToEncrypt;
|
|
pubEncryptedData += rsaEncryptor.FixedCiphertextLength();
|
|
}
|
|
Assert( 0 == cubPlaintextData ); // should have no remaining plaintext to encrypt
|
|
*pcubEncryptedData = cubCipherText;
|
|
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSAEncrypt: Encrypt() threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Decrypts the specified data with the specified RSA private key
|
|
// Input: pubEncryptedData - Data to be decrypted
|
|
// cubEncryptedData - Size of data to be decrypted
|
|
// pubPlaintextData - Pointer to buffer to receive decrypted data
|
|
// pcubPlaintextData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for decrypted data. When the method returns, this will contain
|
|
// the actual size of the decrypted data.
|
|
// pubPrivateKey - the RSA private key key to decrypt the data with
|
|
// cubPrivateKey - Size of the key (must be k_nSymmetricKeyLen)
|
|
// Output: true if successful, false if decryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSADecrypt( const uint8 *pubEncryptedData, uint32 cubEncryptedData,
|
|
uint8 *pubPlaintextData, uint32 *pcubPlaintextData,
|
|
const uint8 *pubPrivateKey, const uint32 cubPrivateKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSADecrypt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
bool bRet = false;
|
|
|
|
Assert( cubEncryptedData > 0 ); // must pass in some data
|
|
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePrivateKey( pubPrivateKey, cubPrivateKey, true );
|
|
RSAES_OAEP_SHA_Decryptor rsaDecryptor( stringSourcePrivateKey );
|
|
|
|
// calculate how many blocks of decryption will we need to do
|
|
AssertFatal( rsaDecryptor.FixedCiphertextLength() <= ULONG_MAX );
|
|
uint32 cubFixedCiphertextLength = (uint32)rsaDecryptor.FixedCiphertextLength();
|
|
// Ensure encrypted data is valid and has length that is exact multiple of 128 bytes
|
|
if ( 0 != ( cubEncryptedData % cubFixedCiphertextLength ) )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSADecrypt: invalid ciphertext length %d, needs to be a multiple of %d\n",
|
|
cubEncryptedData, cubFixedCiphertextLength );
|
|
return false;
|
|
}
|
|
uint32 cBlocks = cubEncryptedData / cubFixedCiphertextLength;
|
|
|
|
// calculate how big the maximum output will be
|
|
size_t cubMaxPlaintext = rsaDecryptor.MaxPlaintextLength( rsaDecryptor.FixedCiphertextLength() );
|
|
AssertFatal( cubMaxPlaintext <= ULONG_MAX / cBlocks );
|
|
uint32 cubPlaintextDataMax = cBlocks * (uint32)cubMaxPlaintext;
|
|
Assert( cubPlaintextDataMax > 0 );
|
|
// ensure there is sufficient room in output buffer for result
|
|
if ( cubPlaintextDataMax >= ( *pcubPlaintextData ) )
|
|
{
|
|
AssertMsg2( false, "CCrypto::RSADecrypt: insufficient output buffer for decryption, needed %d got %d\n",
|
|
cubPlaintextDataMax, *pcubPlaintextData );
|
|
return false;
|
|
}
|
|
|
|
// decrypt the data, using as many blocks as required
|
|
CPoolAllocatedRNG rng;
|
|
uint32 cubPlaintextData = 0;
|
|
for ( uint32 nBlock = 0; nBlock < cBlocks; nBlock++ )
|
|
{
|
|
// decrypt one block (always of fixed size)
|
|
int cubToDecrypt = cubFixedCiphertextLength;
|
|
DecodingResult decodingResult = rsaDecryptor.Decrypt( rng.GetRNG(), pubEncryptedData, cubToDecrypt, pubPlaintextData );
|
|
if ( !decodingResult.isValidCoding )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSADecrypt: failed to decrypt\n" );
|
|
return false;
|
|
}
|
|
// adjust input and output pointers and remaining encrypted byte count
|
|
pubEncryptedData += cubToDecrypt;
|
|
cubEncryptedData -= cubToDecrypt;
|
|
pubPlaintextData += decodingResult.messageLength;
|
|
AssertFatal( decodingResult.messageLength <= ULONG_MAX );
|
|
cubPlaintextData += (uint32)decodingResult.messageLength;
|
|
}
|
|
Assert( 0 == cubEncryptedData ); // should have no remaining encrypted data to decrypt
|
|
*pcubPlaintextData = cubPlaintextData;
|
|
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSADecrypt: Decrypt() threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Decrypts the specified data with the specified RSA PUBLIC key,
|
|
// using no padding (eg un-padded signature).
|
|
// Input: pubEncryptedData - Data to be decrypted
|
|
// cubEncryptedData - Size of data to be decrypted
|
|
// pubPlaintextData - Pointer to buffer to receive decrypted data
|
|
// pcubPlaintextData - Pointer to a variable that at time of call contains the size of
|
|
// the receive buffer for decrypted data. When the method returns, this will contain
|
|
// the actual size of the decrypted data.
|
|
// pubPublicKey - the RSA public key key to decrypt the data with
|
|
// cubPublicKey - Size of the key
|
|
// Output: true if successful, false if decryption failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSAPublicDecrypt_NoPadding( const uint8 *pubEncryptedData, uint32 cubEncryptedData,
|
|
uint8 *pubPlaintextData, uint32 *pcubPlaintextData,
|
|
const uint8 *pubPublicKey, const uint32 cubPublicKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSADecrypt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
bool bRet = false;
|
|
|
|
Assert( cubEncryptedData > 0 ); // must pass in some data
|
|
|
|
// BUGBUG taylor
|
|
// This probably only works for reasonably small ciphertext sizes.
|
|
|
|
try // handle any exceptions crypto++-5.2 may throw
|
|
{
|
|
StringSource stringSourcePublicKey( pubPublicKey, cubPublicKey, true );
|
|
|
|
// 1. We need to use a Verifier because a Decryptor expects a private key,
|
|
// which is encoded differently
|
|
// 2. We are using neither PKCS1v15 padding nor SHA in any way, we are simply
|
|
// using this object as a means of instantiating the key decryption function
|
|
RSASSA_PKCS1v15_SHA_Verifier pub( stringSourcePublicKey );
|
|
|
|
// Ask for the data to be decrypted
|
|
// Caveat: this may "succeed" even if the ciphertext is bogus, so it
|
|
// is up to the caller to do any MAC or other sanity checking
|
|
Integer x = pub.AccessKey().ApplyFunction(Integer(pubEncryptedData, cubEncryptedData));
|
|
|
|
// Result is an 'Integer', essentially a string of bytes for our
|
|
// purposes though.
|
|
uint32 nBytes = x.ByteCount();
|
|
if ( nBytes > *pcubPlaintextData )
|
|
{
|
|
return false;
|
|
}
|
|
|
|
// don't tell it to encode to the full buffer size, because it will
|
|
// pre-pad with zeros. Just squeeze it in to the first nBytes of the
|
|
// buffer.
|
|
x.Encode( pubPlaintextData, nBytes );
|
|
*pcubPlaintextData = nBytes;
|
|
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSAPublicDecrypt_NoPadding: Decrypt() threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generates an RSA signature block for the specified data with the specified
|
|
// RSA private key. The signature can be verified by calling RSAVerifySignature
|
|
// with the RSA public key.
|
|
// Input: pubData - Data to be signed
|
|
// cubData - Size of data to be signed
|
|
// pubSignature - Pointer to buffer to receive signature block
|
|
// pcubSignature - Pointer to a variable that at time of call contains the size of
|
|
// the pubSignature buffer. When the method returns, this will contain
|
|
// the actual size of the signature block
|
|
// pubPrivateKey - The RSA private key to use to sign the data
|
|
// cubPrivateKey - Size of the key
|
|
// Output: true if successful, false if signature failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSASign( const uint8 *pubData, const uint32 cubData,
|
|
uint8 *pubSignature, uint32 *pcubSignature,
|
|
const uint8 *pubPrivateKey, const uint32 cubPrivateKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSASign", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( pubPrivateKey );
|
|
Assert( cubPrivateKey > 0 );
|
|
Assert( pubSignature );
|
|
Assert( pcubSignature );
|
|
bool bRet = false;
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePrivateKey( pubPrivateKey, cubPrivateKey, true );
|
|
RSASSA_PKCS1v15_SHA_Signer rsaSigner( stringSourcePrivateKey );
|
|
CPoolAllocatedRNG rng;
|
|
size_t len = rsaSigner.SignMessage( rng.GetRNG(), (byte *)pubData, cubData, pubSignature );
|
|
AssertFatal( len <= ULONG_MAX );
|
|
*pcubSignature = (uint32)len;
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSASign: SignMessage threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Verifies that signature block is authentic for given data & RSA public key
|
|
// Input: pubData - Data that was signed
|
|
// cubData - Size of data that was signed signed
|
|
// pubSignature - Signature block
|
|
// cubSignature - Size of signature block
|
|
// pubPublicKey - The RSA public key to use to verify the signature
|
|
// (must be from same pair as RSA private key used to generate signature)
|
|
// cubPublicKey - Size of the key
|
|
// Output: true if successful and signature is authentic, false if signature does not match or other error
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSAVerifySignature( const uint8 *pubData, const uint32 cubData,
|
|
const uint8 *pubSignature, const uint32 cubSignature,
|
|
const uint8 *pubPublicKey, const uint32 cubPublicKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSAVerifySignature", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( pubSignature );
|
|
Assert( pubPublicKey );
|
|
|
|
bool bRet = false;
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePublicKey( pubPublicKey, cubPublicKey, true );
|
|
RSASSA_PKCS1v15_SHA_Verifier pub( stringSourcePublicKey );
|
|
bRet = pub.VerifyMessage( pubData, cubData, pubSignature, cubSignature );
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSASign: VerifyMessage threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generates an RSA signature block for the specified data with the specified
|
|
// RSA private key. The signature can be verified by calling RSAVerifySignature
|
|
// with the RSA public key.
|
|
// Input: pubData - Data to be signed
|
|
// cubData - Size of data to be signed
|
|
// pubSignature - Pointer to buffer to receive signature block
|
|
// pcubSignature - Pointer to a variable that at time of call contains the size of
|
|
// the pubSignature buffer. When the method returns, this will contain
|
|
// the actual size of the signature block
|
|
// pubPrivateKey - The RSA private key to use to sign the data
|
|
// cubPrivateKey - Size of the key
|
|
// Output: true if successful, false if signature failed
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSASignSHA256( const uint8 *pubData, const uint32 cubData,
|
|
uint8 *pubSignature, uint32 *pcubSignature,
|
|
const uint8 *pubPrivateKey, const uint32 cubPrivateKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSASign", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( pubPrivateKey );
|
|
Assert( cubPrivateKey > 0 );
|
|
Assert( pubSignature );
|
|
Assert( pcubSignature );
|
|
bool bRet = false;
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePrivateKey( pubPrivateKey, cubPrivateKey, true );
|
|
RSASS<PKCS1v15, SHA256>::Signer rsaSigner( stringSourcePrivateKey );
|
|
CPoolAllocatedRNG rng;
|
|
size_t len = rsaSigner.SignMessage( rng.GetRNG(), (byte *)pubData, cubData, pubSignature );
|
|
AssertFatal( len <= ULONG_MAX );
|
|
*pcubSignature = (uint32)len;
|
|
bRet = true;
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSASign: SignMessage threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Verifies that signature block is authentic for given data & RSA public key
|
|
// Input: pubData - Data that was signed
|
|
// cubData - Size of data that was signed signed
|
|
// pubSignature - Signature block
|
|
// cubSignature - Size of signature block
|
|
// pubPublicKey - The RSA public key to use to verify the signature
|
|
// (must be from same pair as RSA private key used to generate signature)
|
|
// cubPublicKey - Size of the key
|
|
// Output: true if successful and signature is authentic, false if signature does not match or other error
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::RSAVerifySignatureSHA256( const uint8 *pubData, const uint32 cubData,
|
|
const uint8 *pubSignature, const uint32 cubSignature,
|
|
const uint8 *pubPublicKey, const uint32 cubPublicKey )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::RSAVerifySignature", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( pubSignature );
|
|
Assert( pubPublicKey );
|
|
|
|
bool bRet = false;
|
|
try // handle any exceptions crypto++ may throw
|
|
{
|
|
StringSource stringSourcePublicKey( pubPublicKey, cubPublicKey, true );
|
|
RSASS<PKCS1v15, SHA256>::Verifier pub( stringSourcePublicKey );
|
|
bRet = pub.VerifyMessage( pubData, cubData, pubSignature, cubSignature );
|
|
}
|
|
catch ( Exception e )
|
|
{
|
|
DMsg( SPEW_CRYPTO, 2, "CCrypto::RSASign: VerifyMessage threw exception %s (%d)\n",
|
|
e.what(), e.GetErrorType() );
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Hex-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Input: pubData - Data to encode
|
|
// cubData - Size of data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// cchEncodedData - Size of pchEncodedData buffer
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::HexEncode( const uint8 *pubData, const uint32 cubData, char *pchEncodedData, uint32 cchEncodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::HexEncode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( cubData );
|
|
Assert( pchEncodedData );
|
|
Assert( cchEncodedData > 0 );
|
|
|
|
if ( cchEncodedData < ( ( cubData * 2 ) + 1 ) )
|
|
{
|
|
Assert( cchEncodedData >= ( cubData * 2 ) + 1 ); // expands to 2x input + NULL, must have room in output buffer
|
|
*pchEncodedData = '\0';
|
|
return false;
|
|
}
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( (byte *) pchEncodedData, cchEncodedData );
|
|
// Note: HexEncoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
HexEncoder hexEncoder( pArraySinkOutput );
|
|
hexEncoder.Put( pubData, cubData );
|
|
hexEncoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
if ( len >= cchEncodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::HexEncode: insufficient output buffer for encoding, needed %d got %d\n",
|
|
len, cchEncodedData );
|
|
return false;
|
|
}
|
|
|
|
pchEncodedData[len] = 0; // NULL-terminate
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Hex-decodes a block of data. (Text -> binary representation.)
|
|
// Input: pchData - Null-terminated hex-encoded string
|
|
// pubDecodedData - Pointer to buffer to store output in
|
|
// pcubDecodedData - Pointer to variable that contains size of
|
|
// output buffer. At exit, is filled in with actual size
|
|
// of decoded data.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::HexDecode( const char *pchData, uint8 *pubDecodedData, uint32 *pcubDecodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::HexDecode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pchData );
|
|
Assert( pubDecodedData );
|
|
Assert( pcubDecodedData );
|
|
Assert( *pcubDecodedData );
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( pubDecodedData, *pcubDecodedData );
|
|
// Note: HexEncoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
HexDecoder hexDecoder( pArraySinkOutput );
|
|
hexDecoder.Put( (byte *) pchData, Q_strlen( pchData ) );
|
|
hexDecoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
if ( len > *pcubDecodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::HexDecode: insufficient output buffer for decoding, needed %d got %d\n",
|
|
len, *pcubDecodedData );
|
|
return false;
|
|
}
|
|
*pcubDecodedData = len;
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
static const int k_LineBreakEveryNGroups = 18; // line break every 18 groups of 4 characters (every 72 characters)
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Returns the expected buffer size that should be passed to Base64Encode.
|
|
// Input: cubData - Size of data to encode
|
|
// bInsertLineBreaks - If line breaks should be inserted automatically
|
|
//-----------------------------------------------------------------------------
|
|
uint32 CCrypto::Base64EncodeMaxOutput( const uint32 cubData, const char *pszLineBreak )
|
|
{
|
|
// terminating null + 4 chars per 3-byte group + line break after every 18 groups (72 output chars) + final line break
|
|
uint32 nGroups = (cubData+2)/3;
|
|
str_size cchRequired = 1 + nGroups*4 + ( pszLineBreak ? Q_strlen(pszLineBreak)*(1+(nGroups-1)/k_LineBreakEveryNGroups) : 0 );
|
|
return cchRequired;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base64-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Input: pubData - Data to encode
|
|
// cubData - Size of data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// cchEncodedData - Size of pchEncodedData buffer
|
|
// bInsertLineBreaks - If "\n" line breaks should be inserted automatically
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::Base64Encode( const uint8 *pubData, uint32 cubData, char *pchEncodedData, uint32 cchEncodedData, bool bInsertLineBreaks )
|
|
{
|
|
const char *pszLineBreak = bInsertLineBreaks ? "\n" : NULL;
|
|
uint32 cchRequired = Base64EncodeMaxOutput( cubData, pszLineBreak );
|
|
(void)cchRequired;
|
|
AssertMsg2( cchEncodedData >= cchRequired, "CCrypto::Base64Encode: insufficient output buffer for encoding, needed %d got %d\n", cchRequired, cchEncodedData );
|
|
return Base64Encode( pubData, cubData, pchEncodedData, &cchEncodedData, pszLineBreak );
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base64-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Input: pubData - Data to encode
|
|
// cubData - Size of data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// pcchEncodedData - Pointer to size of pchEncodedData buffer; adjusted to number of characters written (before NULL)
|
|
// pszLineBreak - String to be inserted every 72 characters; empty string or NULL pointer for no line breaks
|
|
// Note: if pchEncodedData is NULL and *pcchEncodedData is zero, *pcchEncodedData is filled with the actual required length
|
|
// for output. A simpler approximation for maximum output size is (cubData * 4 / 3) + 5 if there are no linebreaks.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::Base64Encode( const uint8 *pubData, uint32 cubData, char *pchEncodedData, uint32* pcchEncodedData, const char *pszLineBreak )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::Base64Encode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
|
|
if ( pchEncodedData == NULL )
|
|
{
|
|
AssertMsg( *pcchEncodedData == 0, "NULL output buffer with non-zero size passed to Base64Encode" );
|
|
*pcchEncodedData = Base64EncodeMaxOutput( cubData, pszLineBreak );
|
|
return true;
|
|
}
|
|
|
|
const uint8 *pubDataEnd = pubData + cubData;
|
|
char *pchEncodedDataStart = pchEncodedData;
|
|
str_size unLineBreakLen = pszLineBreak ? Q_strlen( pszLineBreak ) : 0;
|
|
int nNextLineBreak = unLineBreakLen ? k_LineBreakEveryNGroups : INT_MAX;
|
|
|
|
const char * const pszBase64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
|
|
uint32 cchEncodedData = *pcchEncodedData;
|
|
if ( cchEncodedData == 0 )
|
|
goto out_of_space;
|
|
|
|
--cchEncodedData; // pre-decrement for the terminating null so we don't forget about it
|
|
|
|
// input 3 x 8-bit, output 4 x 6-bit
|
|
while ( pubDataEnd - pubData >= 3 )
|
|
{
|
|
if ( cchEncodedData < 4 + unLineBreakLen )
|
|
goto out_of_space;
|
|
|
|
if ( nNextLineBreak == 0 )
|
|
{
|
|
memcpy( pchEncodedData, pszLineBreak, unLineBreakLen );
|
|
pchEncodedData += unLineBreakLen;
|
|
cchEncodedData -= unLineBreakLen;
|
|
nNextLineBreak = k_LineBreakEveryNGroups;
|
|
}
|
|
|
|
uint32 un24BitsData;
|
|
un24BitsData = (uint32) pubData[0] << 16;
|
|
un24BitsData |= (uint32) pubData[1] << 8;
|
|
un24BitsData |= (uint32) pubData[2];
|
|
pubData += 3;
|
|
|
|
pchEncodedData[0] = pszBase64Chars[ (un24BitsData >> 18) & 63 ];
|
|
pchEncodedData[1] = pszBase64Chars[ (un24BitsData >> 12) & 63 ];
|
|
pchEncodedData[2] = pszBase64Chars[ (un24BitsData >> 6) & 63 ];
|
|
pchEncodedData[3] = pszBase64Chars[ (un24BitsData ) & 63 ];
|
|
pchEncodedData += 4;
|
|
cchEncodedData -= 4;
|
|
--nNextLineBreak;
|
|
}
|
|
|
|
// Clean up remaining 1 or 2 bytes of input, pad output with '='
|
|
if ( pubData != pubDataEnd )
|
|
{
|
|
if ( cchEncodedData < 4 + unLineBreakLen )
|
|
goto out_of_space;
|
|
|
|
if ( nNextLineBreak == 0 )
|
|
{
|
|
memcpy( pchEncodedData, pszLineBreak, unLineBreakLen );
|
|
pchEncodedData += unLineBreakLen;
|
|
cchEncodedData -= unLineBreakLen;
|
|
}
|
|
|
|
uint32 un24BitsData;
|
|
un24BitsData = (uint32) pubData[0] << 16;
|
|
if ( pubData+1 != pubDataEnd )
|
|
{
|
|
un24BitsData |= (uint32) pubData[1] << 8;
|
|
}
|
|
pchEncodedData[0] = pszBase64Chars[ (un24BitsData >> 18) & 63 ];
|
|
pchEncodedData[1] = pszBase64Chars[ (un24BitsData >> 12) & 63 ];
|
|
pchEncodedData[2] = pubData+1 != pubDataEnd ? pszBase64Chars[ (un24BitsData >> 6) & 63 ] : '=';
|
|
pchEncodedData[3] = '=';
|
|
pchEncodedData += 4;
|
|
cchEncodedData -= 4;
|
|
}
|
|
|
|
if ( unLineBreakLen )
|
|
{
|
|
if ( cchEncodedData < unLineBreakLen )
|
|
goto out_of_space;
|
|
memcpy( pchEncodedData, pszLineBreak, unLineBreakLen );
|
|
pchEncodedData += unLineBreakLen;
|
|
cchEncodedData -= unLineBreakLen;
|
|
}
|
|
|
|
*pchEncodedData = 0;
|
|
*pcchEncodedData = pchEncodedData - pchEncodedDataStart;
|
|
return true;
|
|
|
|
out_of_space:
|
|
*pchEncodedData = 0;
|
|
*pcchEncodedData = Base64EncodeMaxOutput( cubData, pszLineBreak );
|
|
AssertMsg( false, "CCrypto::Base64Encode: insufficient output buffer (up to n*4/3+5 bytes required, plus linebreaks)" );
|
|
return false;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base64-decodes a block of data. (Text -> binary representation.)
|
|
// Input: pchData - Null-terminated hex-encoded string
|
|
// pubDecodedData - Pointer to buffer to store output in
|
|
// pcubDecodedData - Pointer to variable that contains size of
|
|
// output buffer. At exit, is filled in with actual size
|
|
// of decoded data.
|
|
// Note: if NULL is passed as the output buffer and *pcubDecodedData is zero, the function
|
|
// will calculate the actual required size and place it in *pcubDecodedData. A simpler upper
|
|
// bound on the required size is ( strlen(pchData)*3/4 + 1 ).
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::Base64Decode( const char *pchData, uint8 *pubDecodedData, uint32 *pcubDecodedData, bool bIgnoreInvalidCharacters )
|
|
{
|
|
return Base64Decode( pchData, ~0u, pubDecodedData, pcubDecodedData, bIgnoreInvalidCharacters );
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base64-decodes a block of data. (Text -> binary representation.)
|
|
// Input: pchData - base64-encoded string, null terminated
|
|
// cchDataMax - maximum length of string unless a null is encountered first
|
|
// pubDecodedData - Pointer to buffer to store output in
|
|
// pcubDecodedData - Pointer to variable that contains size of
|
|
// output buffer. At exit, is filled in with actual size
|
|
// of decoded data.
|
|
// Note: if NULL is passed as the output buffer and *pcubDecodedData is zero, the function
|
|
// will calculate the actual required size and place it in *pcubDecodedData. A simpler upper
|
|
// bound on the required size is ( strlen(pchData)*3/4 + 2 ).
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::Base64Decode( const char *pchData, uint32 cchDataMax, uint8 *pubDecodedData, uint32 *pcubDecodedData, bool bIgnoreInvalidCharacters )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::Base64Decode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
|
|
uint32 cubDecodedData = *pcubDecodedData;
|
|
uint32 cubDecodedDataOrig = cubDecodedData;
|
|
|
|
if ( pubDecodedData == NULL )
|
|
{
|
|
AssertMsg( *pcubDecodedData == 0, "NULL output buffer with non-zero size passed to Base64Decode" );
|
|
cubDecodedDataOrig = cubDecodedData = ~0u;
|
|
}
|
|
|
|
// valid base64 character range: '+' (0x2B) to 'z' (0x7A)
|
|
// table entries are 0-63, -1 for invalid entries, -2 for '='
|
|
static const char rgchInvBase64[] = {
|
|
62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
|
|
-1, -1, -1, -2, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7,
|
|
8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
|
|
23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31,
|
|
32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46,
|
|
47, 48, 49, 50, 51
|
|
};
|
|
COMPILE_TIME_ASSERT( Q_ARRAYSIZE(rgchInvBase64) == 0x7A - 0x2B + 1 );
|
|
|
|
uint32 un24BitsWithSentinel = 1;
|
|
while ( cchDataMax-- > 0 )
|
|
{
|
|
char c = *pchData++;
|
|
|
|
if ( (uint8)(c - 0x2B) >= Q_ARRAYSIZE( rgchInvBase64 ) )
|
|
{
|
|
if ( c == '\0' )
|
|
break;
|
|
|
|
if ( !bIgnoreInvalidCharacters && !( c == '\r' || c == '\n' || c == '\t' || c == ' ' ) )
|
|
goto decode_failed;
|
|
else
|
|
continue;
|
|
}
|
|
|
|
c = rgchInvBase64[(uint8)(c - 0x2B)];
|
|
if ( c < 0 )
|
|
{
|
|
if ( c == -2 ) // -2 -> terminating '='
|
|
break;
|
|
|
|
if ( !bIgnoreInvalidCharacters )
|
|
goto decode_failed;
|
|
else
|
|
continue;
|
|
}
|
|
|
|
un24BitsWithSentinel <<= 6;
|
|
un24BitsWithSentinel |= c;
|
|
if ( un24BitsWithSentinel & (1<<24) )
|
|
{
|
|
if ( cubDecodedData < 3 ) // out of space? go to final write logic
|
|
break;
|
|
if ( pubDecodedData )
|
|
{
|
|
pubDecodedData[0] = (uint8)( un24BitsWithSentinel >> 16 );
|
|
pubDecodedData[1] = (uint8)( un24BitsWithSentinel >> 8);
|
|
pubDecodedData[2] = (uint8)( un24BitsWithSentinel );
|
|
pubDecodedData += 3;
|
|
}
|
|
cubDecodedData -= 3;
|
|
un24BitsWithSentinel = 1;
|
|
}
|
|
}
|
|
|
|
// If un24BitsWithSentinel contains data, output the remaining full bytes
|
|
if ( un24BitsWithSentinel >= (1<<6) )
|
|
{
|
|
// Possibilities are 3, 2, 1, or 0 full output bytes.
|
|
int nWriteBytes = 3;
|
|
while ( un24BitsWithSentinel < (1<<24) )
|
|
{
|
|
nWriteBytes--;
|
|
un24BitsWithSentinel <<= 6;
|
|
}
|
|
|
|
// Write completed bytes to output
|
|
while ( nWriteBytes-- > 0 )
|
|
{
|
|
if ( cubDecodedData == 0 )
|
|
{
|
|
AssertMsg( false, "CCrypto::Base64Decode: insufficient output buffer (up to n*3/4+2 bytes required)" );
|
|
goto decode_failed;
|
|
}
|
|
if ( pubDecodedData )
|
|
{
|
|
*pubDecodedData++ = (uint8)(un24BitsWithSentinel >> 16);
|
|
}
|
|
--cubDecodedData;
|
|
un24BitsWithSentinel <<= 8;
|
|
}
|
|
}
|
|
|
|
*pcubDecodedData = cubDecodedDataOrig - cubDecodedData;
|
|
return true;
|
|
|
|
decode_failed:
|
|
*pcubDecodedData = cubDecodedDataOrig - cubDecodedData;
|
|
return false;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generate a SHA1 hash
|
|
// Input: pchInput - Plaintext string of item to hash (null terminated)
|
|
// pOutDigest - Pointer to receive hashed digest output
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateSHA1Digest( const uint8 *pubInput, const int cubInput, SHADigest_t *pOutDigest )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::GenerateSHA1Digest", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubInput );
|
|
Assert( cubInput > 0 );
|
|
Assert( pOutDigest );
|
|
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
CryptoPP::SHA().CalculateDigest( *pOutDigest, pubInput, cubInput );
|
|
}
|
|
catch(...)
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generate a hash Salt - be careful, over-writing an existing salt
|
|
// will render the hashed value unverifiable.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateSalt( Salt_t *pSalt )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::GenerateSalt", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pSalt );
|
|
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
CPoolAllocatedRNG rng;
|
|
rng.GetRNG().GenerateBlock( (byte*)pSalt, sizeof(Salt_t) );
|
|
}
|
|
catch(...)
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generate a SHA1 hash using a salt.
|
|
// Input: pchInput - Plaintext string of item to hash (null terminated)
|
|
// pSalt - Salt
|
|
// pOutDigest - Pointer to receive salted digest output
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateSaltedSHA1Digest( const char *pchInput, const Salt_t *pSalt, SHADigest_t *pOutDigest )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::GenerateSaltedSHA1Digest", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pchInput );
|
|
Assert( pSalt );
|
|
Assert( pOutDigest );
|
|
|
|
int iInputLen = Q_strlen( pchInput );
|
|
uint8 *pubSaltedInput = new uint8[ iInputLen + sizeof( Salt_t ) ];
|
|
|
|
// Insert half the salt before the input string and half at the end.
|
|
// This is probably unnecessary (to split the salt) but we're stuck with it for historical reasons.
|
|
uint8 *pubCursor = pubSaltedInput;
|
|
Q_memcpy( pubCursor, (uint8 *)pSalt, sizeof(Salt_t) / 2 );
|
|
pubCursor += sizeof( Salt_t ) / 2;
|
|
Q_memcpy( pubCursor, pchInput, iInputLen );
|
|
pubCursor += iInputLen;
|
|
Q_memcpy( pubCursor, (uint8 *)pSalt + sizeof(Salt_t) / 2, sizeof(Salt_t) / 2 );
|
|
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
CryptoPP::SHA().CalculateDigest( *pOutDigest, pubSaltedInput, iInputLen + sizeof( Salt_t ) );
|
|
}
|
|
catch(...)
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
|
|
delete [] pubSaltedInput;
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generates a random block of data
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateRandomBlock( uint8 *pubDest, int cubDest )
|
|
{
|
|
CPoolAllocatedRNG rng;
|
|
rng.GetRNG().GenerateBlock( pubDest, cubDest );
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generate a keyed-hash MAC using SHA1
|
|
// Input: pubData - Plaintext data to digest
|
|
// cubData - length of data
|
|
// pubKey - key to use in HMAC
|
|
// cubKey - length of key
|
|
// pOutDigest - Pointer to receive hashed digest output
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateHMAC( const uint8 *pubData, uint32 cubData, const uint8 *pubKey, uint32 cubKey, SHADigest_t *pOutputDigest )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::GenerateHMAC", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( cubData > 0 );
|
|
Assert( pubKey );
|
|
Assert( cubKey > 0 );
|
|
Assert( pOutputDigest );
|
|
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
CryptoPP::HMAC< CryptoPP::SHA1 > hmac( pubKey, cubKey );
|
|
hmac.CalculateDigest( *pOutputDigest, pubData, cubData );
|
|
}
|
|
catch(...)
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Generate a keyed-hash MAC using SHA-256
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::GenerateHMAC256( const uint8 *pubData, uint32 cubData, const uint8 *pubKey, uint32 cubKey, SHA256Digest_t *pOutputDigest )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::GenerateHMAC256", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( cubData > 0 );
|
|
Assert( pubKey );
|
|
Assert( cubKey > 0 );
|
|
Assert( pOutputDigest );
|
|
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
CryptoPP::HMAC< CryptoPP::SHA256 > hmac( pubKey, cubKey );
|
|
hmac.CalculateDigest( *pOutputDigest, pubData, cubData );
|
|
}
|
|
catch(...)
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
bool CCrypto::BGzipBuffer( const uint8 *pubData, uint32 cubData, CCryptoOutBuffer &bufOutput )
|
|
{
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
std::string gzip_output;
|
|
StringSource( (byte *)pubData, cubData, true, new Gzip( new StringSink( gzip_output ) ) );
|
|
bufOutput.Set( (uint8*)gzip_output.c_str(), (uint32)gzip_output.length() );
|
|
}
|
|
catch( ... )
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
bool CCrypto::BGunzipBuffer( const uint8 *pubData, uint32 cubData, CCryptoOutBuffer &bufOutput )
|
|
{
|
|
bool bSuccess = true;
|
|
try
|
|
{
|
|
std::string gunzip_output;
|
|
StringSource( (byte *)pubData, cubData, true, new Gunzip( new StringSink( gunzip_output ) ) );
|
|
bufOutput.Set( (uint8*)gunzip_output.c_str(), (uint32)gunzip_output.length() );
|
|
}
|
|
catch( ... )
|
|
{
|
|
bSuccess = false;
|
|
}
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
//! These are all needed to get around stack-overflow bug in Initialize()
|
|
class HexDecoderTKS : public HexDecoder
|
|
{
|
|
public:
|
|
HexDecoderTKS(BufferedTransformation *attachment, const int *pnDecodingArray)
|
|
: HexDecoder(attachment)
|
|
{
|
|
BaseN_Decoder::IsolatedInitialize( MakeParameters( Name::DecodingLookupArray(), pnDecodingArray )( Name::Log2Base(), 4 ) );
|
|
}
|
|
};
|
|
|
|
class Base32DecoderTKS : public Base32Decoder
|
|
{
|
|
public:
|
|
Base32DecoderTKS(BufferedTransformation *attachment, const int *pnDecodingArray)
|
|
: Base32Decoder(attachment)
|
|
{
|
|
BaseN_Decoder::IsolatedInitialize( MakeParameters( Name::DecodingLookupArray(), pnDecodingArray )( Name::Log2Base(), 5 ) );
|
|
}
|
|
};
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Implement hex encoding / decoding using a custom lookup table.
|
|
// This is a class because the decoding is done via a generated
|
|
// reverse-lookup table, and to save time it's best to just create
|
|
// that table once.
|
|
//-----------------------------------------------------------------------------
|
|
CCustomHexEncoder::CCustomHexEncoder( const char *pchEncodingTable )
|
|
{
|
|
m_bValidEncoding = false;
|
|
if ( Q_strlen( pchEncodingTable ) == sizeof( m_rgubEncodingTable ) )
|
|
{
|
|
Q_memcpy( m_rgubEncodingTable, pchEncodingTable, sizeof( m_rgubEncodingTable ) );
|
|
|
|
BaseN_Decoder::InitializeDecodingLookupArray( m_rgnDecodingTable, m_rgubEncodingTable, 16, false );
|
|
m_bValidEncoding = true;
|
|
}
|
|
else
|
|
{
|
|
AssertMsg( false, "CCrypto::CustomHexEncoder: Improper encoding table\n" );
|
|
}
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Destructor
|
|
//-----------------------------------------------------------------------------
|
|
CCustomHexEncoder::~CCustomHexEncoder()
|
|
{
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Hex-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Uses the supplied custom encoding characters
|
|
// Input: pubData - Data to encode
|
|
// cubData - Size of data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// cchEncodedData - Size of pchEncodedData buffer
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomHexEncoder::Encode( const uint8 *pubData, const uint32 cubData, char *pchEncodedData, uint32 cchEncodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::CustomHexEncode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( cubData );
|
|
Assert( pchEncodedData );
|
|
Assert( cchEncodedData > 0 );
|
|
|
|
if ( !m_bValidEncoding )
|
|
return false;
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( (byte *) pchEncodedData, cchEncodedData );
|
|
// Note: HexEncoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
HexEncoder hexEncoder( pArraySinkOutput );
|
|
hexEncoder.IsolatedInitialize( MakeParameters( Name::EncodingLookupArray(), (const uint8 *)m_rgubEncodingTable ) );
|
|
hexEncoder.Put( pubData, cubData );
|
|
hexEncoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
pchEncodedData[len] = 0; // NULL-terminate
|
|
if ( len >= cchEncodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::CustomHexEncode: insufficient output buffer for encoding, needed %d got %d\n",
|
|
len, cchEncodedData );
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Hex-decodes a block of data. (Text -> binary representation.)
|
|
// With custom encoding-table
|
|
// Input: pchData - Null-terminated hex-encoded string
|
|
// pubDecodedData - Pointer to buffer to store output in
|
|
// pcubDecodedData - Pointer to variable that contains size of
|
|
// output buffer. At exit, is filled in with actual size
|
|
// of decoded data.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomHexEncoder::Decode( const char *pchData, uint8 *pubDecodedData, uint32 *pcubDecodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::CustomHexDecode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pchData );
|
|
Assert( pubDecodedData );
|
|
Assert( pcubDecodedData );
|
|
Assert( *pcubDecodedData );
|
|
|
|
if ( !m_bValidEncoding )
|
|
return false;
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( pubDecodedData, *pcubDecodedData );
|
|
// Note: HexEncoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
HexDecoderTKS hexDecoder( pArraySinkOutput, (const int *)m_rgnDecodingTable );
|
|
hexDecoder.Put( (byte *) pchData, Q_strlen( pchData ) );
|
|
hexDecoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
if ( len > *pcubDecodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::CustomHexDecode: insufficient output buffer for decoding, needed %d got %d\n",
|
|
len, *pcubDecodedData );
|
|
return false;
|
|
}
|
|
*pcubDecodedData = len;
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Implement hex encoding / decoding using a custom lookup table.
|
|
// This is a class because the decoding is done via a generated
|
|
// reverse-lookup table, and to save time it's best to just create
|
|
// that table once.
|
|
//-----------------------------------------------------------------------------
|
|
CCustomBase32Encoder::CCustomBase32Encoder( const char *pchEncodingTable )
|
|
{
|
|
m_bValidEncoding = false;
|
|
if ( Q_strlen( pchEncodingTable ) == sizeof( m_rgubEncodingTable ) )
|
|
{
|
|
Q_memcpy( m_rgubEncodingTable, pchEncodingTable, sizeof( m_rgubEncodingTable ) );
|
|
|
|
BaseN_Decoder::InitializeDecodingLookupArray( m_rgnDecodingTable, m_rgubEncodingTable, 32, false );
|
|
m_bValidEncoding = true;
|
|
}
|
|
else
|
|
{
|
|
AssertMsg( false, "CCrypto::CustomBase32Encoder: Improper encoding table\n" );
|
|
}
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Destructor
|
|
//-----------------------------------------------------------------------------
|
|
CCustomBase32Encoder::~CCustomBase32Encoder()
|
|
{
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base32-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Uses the supplied custom encoding table
|
|
// Input: pubData - Data to encode
|
|
// cubData - Size of data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// cchEncodedData - Size of pchEncodedData buffer
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomBase32Encoder::Encode( const uint8 *pubData, const uint32 cubData, char *pchEncodedData, uint32 cchEncodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::CustomBase32Encode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pubData );
|
|
Assert( cubData );
|
|
Assert( pchEncodedData );
|
|
Assert( cchEncodedData > 0 );
|
|
|
|
if ( !m_bValidEncoding )
|
|
return false;
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( (byte *) pchEncodedData, cchEncodedData );
|
|
// Note: Base32Encoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
Base32Encoder base32Encoder( pArraySinkOutput );
|
|
base32Encoder.IsolatedInitialize( MakeParameters( Name::EncodingLookupArray(), (const uint8 *)m_rgubEncodingTable ) );
|
|
base32Encoder.Put( pubData, cubData );
|
|
base32Encoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
pchEncodedData[len] = 0; // NULL-terminate
|
|
if ( len >= cchEncodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::CustomBase32Encode: insufficient output buffer for encoding, needed %d got %d\n",
|
|
len, cchEncodedData );
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base32-decodes a block of data. (Text -> binary representation.)
|
|
// With custom encoding table
|
|
// Input: pchData - Null-terminated hex-encoded string
|
|
// pubDecodedData - Pointer to buffer to store output in
|
|
// pcubDecodedData - Pointer to variable that contains size of
|
|
// output buffer. At exit, is filled in with actual size
|
|
// of decoded data.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomBase32Encoder::Decode( const char *pchData, uint8 *pubDecodedData, uint32 *pcubDecodedData )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::CustomBase32Decode", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
Assert( pchData );
|
|
Assert( pubDecodedData );
|
|
Assert( pcubDecodedData );
|
|
Assert( *pcubDecodedData );
|
|
|
|
if ( !m_bValidEncoding )
|
|
return false;
|
|
|
|
ArraySink * pArraySinkOutput = new ArraySink( pubDecodedData, *pcubDecodedData );
|
|
// Note: Base32Encoder now owns the pointer to pOutputSink and will free it when the encoder goes out of scope and destructs
|
|
Base32DecoderTKS base32Decoder( pArraySinkOutput, (const int *)m_rgnDecodingTable );
|
|
base32Decoder.Put( (byte *) pchData, Q_strlen( pchData ) );
|
|
base32Decoder.MessageEnd();
|
|
|
|
uint32 len = pArraySinkOutput->TotalPutLength();
|
|
if ( len > *pcubDecodedData )
|
|
{
|
|
AssertMsg2( false, "CCrypto::CustomBase32Decode: insufficient output buffer for decoding, needed %d got %d\n",
|
|
len, *pcubDecodedData );
|
|
return false;
|
|
}
|
|
*pcubDecodedData = len;
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base32-encodes a block of data. (Binary -> text representation.) The output
|
|
// is null-terminated and can be treated as a string.
|
|
// Uses the supplied custom encoding table, and a bit-stream input source
|
|
// (not necessarily an integer number of bytes).
|
|
// Input: pBitStringData - Data to encode
|
|
// pchEncodedData - Pointer to string buffer to store output in
|
|
// cchEncodedData - Size of pchEncodedData buffer
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomBase32Encoder::Encode( CSimpleBitString *pBitStringData, char *pchEncodedData, uint32 cchEncodedData )
|
|
{
|
|
// This is useful if you have, say, 125 bits of information and
|
|
// want to encode them into 25 base32-encoded characters.
|
|
uint32 cBits = pBitStringData->GetCurrNumBits();
|
|
|
|
uint32 cCharacters = (cBits / 5);
|
|
uint32 cBitsRemainder = cBits % 5;
|
|
if ( cBitsRemainder )
|
|
cCharacters++;
|
|
|
|
// GTE because of NULL
|
|
if ( cCharacters >= cchEncodedData )
|
|
return false;
|
|
|
|
CSimpleBitString::iterator itBitString( *pBitStringData );
|
|
uint ich = 0;
|
|
for ( ; ich < cCharacters; ++ich )
|
|
{
|
|
uint32 unCodon = itBitString.GetNextBits( 5 );
|
|
// Pad w/ zero bits to integer num codons
|
|
if ( ich == (cCharacters - 1) )
|
|
unCodon <<= cBitsRemainder;
|
|
|
|
pchEncodedData[ich] = m_rgubEncodingTable[ unCodon ];
|
|
}
|
|
|
|
// NULL
|
|
pchEncodedData[ich] = 0;
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Base32-decodes a block of data. (Text -> binary representation.)
|
|
// With custom encoding table, and a BitString output
|
|
// Input: pchData - Null-terminated base32-encoded string
|
|
// pBitStringDecodedData - Pointer to BitString to receive decoded data
|
|
//-----------------------------------------------------------------------------
|
|
bool CCustomBase32Encoder::Decode( const char *pchData, CSimpleBitString *pBitStringDecodedData )
|
|
{
|
|
// Note: 25 base32-encoded characters contain 125 bits of information.
|
|
// Decoded into a byte buffer, this yields 15 bytes plus 5 bits of padding.
|
|
// Decoded into a CSimpleBitString, it will yield all 125 bits
|
|
while ( *pchData )
|
|
{
|
|
uint32 unData = m_rgnDecodingTable[(unsigned)*pchData++];
|
|
if ( unData == 0xFFFFFFFF )
|
|
return false;
|
|
|
|
pBitStringDecodedData->AppendBits( unData, 5 );
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
#ifdef DBGFLAG_VALIDATE
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: validates memory structures
|
|
//-----------------------------------------------------------------------------
|
|
void CCrypto::ValidateStatics( CValidator &validator, const char *pchName )
|
|
{
|
|
ValidateObj( g_tslistPAutoSeededRNG );
|
|
}
|
|
#endif // DBGFLAG_VALIDATE
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Given a plaintext password, check whether it matches an existing
|
|
// hash
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::BValidatePasswordHash( const char *pchInput, EPasswordHashAlg hashType, const PasswordHash_t &DigestStored, const Salt_t &Salt, PasswordHash_t *pDigestComputed )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::BValidatePasswordHash", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
|
|
bool bResult = false;
|
|
size_t cDigest = k_HashLengths[hashType];
|
|
Assert( cDigest != 0 );
|
|
PasswordHash_t tmpDigest;
|
|
PasswordHash_t *pOutputDigest = pDigestComputed;
|
|
if ( pOutputDigest == NULL )
|
|
{
|
|
pOutputDigest = &tmpDigest;
|
|
}
|
|
|
|
BGeneratePasswordHash( pchInput, hashType, Salt, *pOutputDigest );
|
|
bResult = ( 0 == Q_memcmp( &DigestStored, pOutputDigest, cDigest ) );
|
|
|
|
return bResult;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Given a plaintext password and salt, generate a password hash of
|
|
// the requested type.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::BGeneratePasswordHash( const char *pchInput, EPasswordHashAlg hashType, const Salt_t &Salt, PasswordHash_t &OutPasswordHash )
|
|
{
|
|
VPROF_BUDGET( "CCrypto::BGeneratePasswordHash", VPROF_BUDGETGROUP_ENCRYPTION );
|
|
|
|
bool bResult = false;
|
|
size_t cDigest = k_HashLengths[hashType];
|
|
|
|
switch ( hashType )
|
|
{
|
|
case k_EHashSHA1:
|
|
bResult = CCrypto::GenerateSaltedSHA1Digest( pchInput, &Salt, (SHADigest_t *)&OutPasswordHash.sha );
|
|
break;
|
|
case k_EHashBigPassword:
|
|
{
|
|
//
|
|
// This is a fake algorithm to test widening of the column. It's a salted SHA-1 hash with 0x01 padding
|
|
// on either side of it.
|
|
//
|
|
size_t cDigestSHA1 = k_HashLengths[k_EHashSHA1];
|
|
size_t cPadding = ( cDigest - cDigestSHA1 ) / 2;
|
|
|
|
AssertMsg( ( ( cDigest - cDigestSHA1 ) % 2 ) == 0, "Invalid hash width for k_EHashBigPassword, needs to be even." );
|
|
|
|
CCrypto::GenerateSaltedSHA1Digest( pchInput, &Salt, (SHADigest_t *)( (uint8 *)&OutPasswordHash.bigpassword + cPadding ) );
|
|
Q_memset( (uint8 *)&OutPasswordHash, 0x01, cPadding );
|
|
Q_memset( (uint8 *)&OutPasswordHash + cPadding + cDigestSHA1 , 0x01, cPadding );
|
|
bResult = true;
|
|
break;
|
|
}
|
|
case k_EHashPBKDF2_1000:
|
|
bResult = CCrypto::BGeneratePBKDF2Hash( pchInput, Salt, 1000, OutPasswordHash );
|
|
break;
|
|
case k_EHashPBKDF2_5000:
|
|
bResult = CCrypto::BGeneratePBKDF2Hash( pchInput, Salt, 5000, OutPasswordHash );
|
|
break;
|
|
case k_EHashPBKDF2_10000:
|
|
bResult = CCrypto::BGeneratePBKDF2Hash( pchInput, Salt, 10000, OutPasswordHash );
|
|
break;
|
|
case k_EHashSHA1WrappedWithPBKDF2_10000:
|
|
bResult = CCrypto::BGenerateWrappedSHA1PasswordHash( pchInput, Salt, 10000, OutPasswordHash );
|
|
break;
|
|
default:
|
|
AssertMsg1( false, "Invalid password hash type %u passed to BGeneratePasswordHash\n", hashType );
|
|
bResult = false;
|
|
}
|
|
|
|
return bResult;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Given a plaintext password and salt and a count of rounds, generate a PBKDF2 hash
|
|
// with the requested number of rounds.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::BGeneratePBKDF2Hash( const char* pchInput, const Salt_t &Salt, unsigned int rounds, PasswordHash_t &OutPasswordHash )
|
|
{
|
|
PKCS5_PBKDF2_HMAC<SHA256> pbkdf;
|
|
|
|
unsigned int iterations = pbkdf.DeriveKey( (byte *)&OutPasswordHash.pbkdf2, sizeof(OutPasswordHash.pbkdf2), 0, (const byte *)pchInput, Q_strlen(pchInput), (const byte *)&Salt, sizeof(Salt), rounds );
|
|
|
|
return ( iterations == rounds );
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Given a plaintext password and salt and a count of rounds, generate a SHA1 hash wrapped with
|
|
// a PBKDF2 hash with the specified number of rounds.
|
|
// Used to provide a stronger password hash for accounts that haven't logged in in a while.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::BGenerateWrappedSHA1PasswordHash( const char *pchInput, const Salt_t &Salt, unsigned int rounds, PasswordHash_t &OutPasswordHash )
|
|
{
|
|
bool bResult;
|
|
bResult = CCrypto::GenerateSaltedSHA1Digest( pchInput, &Salt, (SHADigest_t *)&OutPasswordHash.sha );
|
|
if ( bResult )
|
|
{
|
|
PKCS5_PBKDF2_HMAC<SHA256> pbkdf;
|
|
unsigned int iterations = pbkdf.DeriveKey( (byte *)&OutPasswordHash.pbkdf2, sizeof(OutPasswordHash.pbkdf2), 0, (const byte *)&OutPasswordHash.sha, sizeof(OutPasswordHash.sha), (const byte *)&Salt, sizeof(Salt), rounds );
|
|
|
|
bResult = ( iterations == rounds );
|
|
}
|
|
return bResult;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// Purpose: Given an existing password hash and salt, attempt to construct a stronger
|
|
// password hash and return the new hash type.
|
|
//
|
|
// Currently the only transformation available is from a SHA1 (or BigPassword)
|
|
// hash to a PBKDF2 hash with 10,000 rounds. In the future this function
|
|
// may be extended to allow additional transformations.
|
|
//-----------------------------------------------------------------------------
|
|
bool CCrypto::BUpgradeOrWrapPasswordHash( PasswordHash_t &InPasswordHash, EPasswordHashAlg hashTypeIn, const Salt_t &Salt, PasswordHash_t &OutPasswordHash, EPasswordHashAlg &hashTypeOut )
|
|
{
|
|
bool bResult = true;;
|
|
|
|
if ( hashTypeIn == k_EHashSHA1 || hashTypeIn == k_EHashBigPassword )
|
|
{
|
|
//
|
|
// Can wrap a SHA1 hash with any PBKDF variant, but right now only 10,000 rounds is
|
|
// implemented.
|
|
//
|
|
if ( hashTypeOut == k_EHashPBKDF2_10000 )
|
|
{
|
|
hashTypeOut = k_EHashSHA1WrappedWithPBKDF2_10000;
|
|
|
|
byte * pbHash;
|
|
if ( hashTypeIn == k_EHashSHA1 )
|
|
{
|
|
pbHash = (byte *)&InPasswordHash.sha;
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Need to unroll BigPasswordHash into unpadded SHA1
|
|
//
|
|
size_t cDigest = k_HashLengths[k_EHashBigPassword];
|
|
size_t cDigestSHA1 = k_HashLengths[k_EHashSHA1];
|
|
size_t cPadding = ( cDigest - cDigestSHA1 ) / 2;
|
|
|
|
AssertMsg( ( ( cDigest - cDigestSHA1 ) % 2 ) == 0, "Invalid hash width for k_EHashBigPassword, needs to be even." );
|
|
pbHash = (byte *)&InPasswordHash.sha + cPadding;
|
|
}
|
|
|
|
PKCS5_PBKDF2_HMAC<SHA256> pbkdf;
|
|
PasswordHash_t passOut;
|
|
unsigned int iterations = pbkdf.DeriveKey( (byte *)passOut.pbkdf2, sizeof(passOut.pbkdf2), 0, pbHash, k_HashLengths[k_EHashSHA1], (const byte *)&Salt, sizeof(Salt), 10000 );
|
|
|
|
bResult = ( iterations == 10000 );
|
|
if ( bResult )
|
|
{
|
|
Q_memcpy( &OutPasswordHash, &passOut, sizeof(OutPasswordHash) );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
Assert( hashTypeOut == k_EHashPBKDF2_10000 );
|
|
bResult = false;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
bResult = false;
|
|
Assert( false );
|
|
}
|
|
|
|
return bResult;
|
|
}
|
|
|