ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup. Minor bugfixes. Better documentation.

Browse Source
This commit is contained in:
JoelKatz
2012-04-07 04:13:22 -07:00
parent 812445f205
commit 2467e668ac
1 changed files with 56 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
src/ECIES.cpp
View File

@@ -11,17 +11,38 @@
#include "key.h" #include "key.h"
#define ECIES_KEY_HASH SHA256 // ECIES uses elliptic curve keys to send an encrypted message.
#define ECIES_KEY_LENGTH (256/8)
#define ECIES_KEY_TYPE uint256 // A shared secret is generated from one public key and one private key.
#define ECIES_ENC_ALGO EVP_aes_256_cbc() // The same key results regardless of which key is public and which private.
#define ECIES_ENC_KEY_SIZE (256/8)
#define ECIES_ENC_BLK_SIZE (128/8) // Anonymous messages can be sent by generating an ephemeral public/private
#define ECIES_ENC_KEY_TYPE uint256 // key pair, using that private key with the recipient's public key to
#define ECIES_ENC_IV_TYPE uint128 // encrypt and publishing the ephemeral public key. Non-anonymous messages
#define ECIES_HMAC_ALGO EVP_sha256() // can be sent by using your own private key with the recipeint's public key.
#define ECIES_HMAC_SIZE (256/8)
#define ECIES_HMAC_TYPE uint256 // A random IV is used to encrypt the message and an HMAC is used to ensure
// message integrity. If you need timestamps or need to tell the recipient
// which key to use (his, yours, or ephemeral) you must add that data.
// (Obviously, it can't go in the encrypted portion anyway.)
// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows:
// 1) IV (unencrypted)
// 2) Encrypted: HMAC of original plaintext
// 3) Encrypted: Original plaintext
// 4) Encrypted: Rest of block/padding
// Algorithmic choices:
#define ECIES_KEY_HASH SHA256 // Hash used to generate shared secret
#define ECIES_KEY_LENGTH (256/8) // Size of shared secret
#define ECIES_KEY_TYPE uint256 // Type used to hold shared secret
#define ECIES_ENC_ALGO EVP_aes_256_cbc() // Encryption algorithm
#define ECIES_ENC_KEY_SIZE (256/8) // Encryption key size
#define ECIES_ENC_BLK_SIZE (128/8) // Encryption block size
#define ECIES_ENC_IV_TYPE uint128 // Type used to hold IV
#define ECIES_HMAC_ALGO EVP_sha256() // HMAC algorithm
#define ECIES_HMAC_SIZE (256/8) // Size of HMAC
#define ECIES_HMAC_TYPE uint256 // Type used to hold HMAC
static void* ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen) static void* ecies_key_derivation(const void *input, size_t ilen, void *output, size_t *olen)
{ // This function must not be changed as it must be what ECDH_compute_key expects { // This function must not be changed as it must be what ECDH_compute_key expects
@@ -59,13 +80,7 @@ ECIES_KEY_TYPE CKey::getECIESSecret(CKey& otherKey)
return key; return key;
} }
// Our ciphertext is all encrypted except the IV. The encrypted data decodes as follows: static ECIES_HMAC_TYPE makeHMAC(const ECIES_KEY_TYPE& secret, const std::vector<unsigned char> data)
// 1) IV (unencrypted)
// 2) Encrypted: HMAC of original plaintext
// 3) Encrypted: Original plaintext
// 4) Encrypted: Rest of block/padding
static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector<unsigned char> data)
{ {
HMAC_CTX ctx; HMAC_CTX ctx;
HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx);
@@ -82,37 +97,39 @@ static ECIES_HMAC_TYPE makeHMAC(ECIES_KEY_TYPE secret, const std::vector<unsigne
throw std::runtime_error("update hmac"); throw std::runtime_error("update hmac");
} }
unsigned int ml=EVP_MAX_MD_SIZE; ECIES_HMAC_TYPE ret;
std::vector<unsigned char> hmac(ml); unsigned int ml = ECIES_HMAC_SIZE;
if(HMAC_Final(&ctx, &(hmac.front()), &ml) != 1) if(HMAC_Final(&ctx, ret.begin(), &ml) != 1)
{ {
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx);
throw std::runtime_error("finalize hmac"); throw std::runtime_error("finalize hmac");
} }
assert(ml == ECIES_HMAC_SIZE);
ECIES_HMAC_TYPE ret; HMAC_CTX_cleanup(&ctx);
memcpy(ret.begin(), &(hmac.front()), ECIES_HMAC_SIZE);
return ret; return ret;
} }
std::vector<unsigned char> CKey::encryptECIES(CKey& otherKey, const std::vector<unsigned char>& plaintext) std::vector<unsigned char> CKey::encryptECIES(CKey& otherKey, const std::vector<unsigned char>& plaintext)
{ {
ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext);
ECIES_ENC_IV_TYPE iv; ECIES_ENC_IV_TYPE iv;
if(RAND_bytes(static_cast<unsigned char *>(iv.begin()), ECIES_ENC_BLK_SIZE) != 1) if(RAND_bytes(static_cast<unsigned char *>(iv.begin()), ECIES_ENC_BLK_SIZE) != 1)
throw std::runtime_error("insufficient entropy"); throw std::runtime_error("insufficient entropy");
ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
ECIES_HMAC_TYPE hmac=makeHMAC(secret, plaintext);
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
if (EVP_EncryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1) if (EVP_EncryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1)
{ {
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
secret.zero();
throw std::runtime_error("init cipher ctx"); throw std::runtime_error("init cipher ctx");
} }
secret.zero();
std::vector<unsigned char> out(plaintext.size() + ECIES_HMAC_SIZE + ECIES_ENC_KEY_SIZE + ECIES_ENC_BLK_SIZE, 0); std::vector<unsigned char> out(plaintext.size() + ECIES_HMAC_SIZE + ECIES_ENC_KEY_SIZE + ECIES_ENC_BLK_SIZE, 0);
int len=0, bytesWritten; int len=0, bytesWritten;
@@ -160,10 +177,9 @@ std::vector<unsigned char> CKey::encryptECIES(CKey& otherKey, const std::vector<
std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<unsigned char>& ciphertext) std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<unsigned char>& ciphertext)
{ {
ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
// minimum ciphertext = IV + HMAC + 1 block // minimum ciphertext = IV + HMAC + 1 block
if(ciphertext.size() < ((2*ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) ) if(ciphertext.size() < ((2 * ECIES_ENC_BLK_SIZE) + ECIES_HMAC_SIZE) )
throw std::runtime_error("ciphertext too short"); throw std::runtime_error("ciphertext too short");
// extract IV // extract IV
@@ -173,9 +189,10 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
// begin decrypting // begin decrypting
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
ECIES_KEY_TYPE secret=getECIESSecret(otherKey);
if(EVP_DecryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1) if(EVP_DecryptInit_ex(&ctx, ECIES_ENC_ALGO, NULL, secret.begin(), iv.begin()) != 1)
{ {
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
throw std::runtime_error("unable to init cipher"); throw std::runtime_error("unable to init cipher");
} }
@@ -184,8 +201,9 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
ECIES_HMAC_TYPE hmac; ECIES_HMAC_TYPE hmac;
int outlen=ECIES_HMAC_SIZE; int outlen=ECIES_HMAC_SIZE;
if( (EVP_DecryptUpdate(&ctx, hmac.begin(), &outlen, if( (EVP_DecryptUpdate(&ctx, hmac.begin(), &outlen,
&(ciphertext.front()) + ECIES_ENC_BLK_SIZE, ECIES_HMAC_SIZE+1) != 1) || (outlen != ECIES_HMAC_SIZE) ) &(ciphertext.front()) + ECIES_ENC_BLK_SIZE, ECIES_HMAC_SIZE + 1) != 1) || (outlen != ECIES_HMAC_SIZE) )
{ {
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
throw std::runtime_error("unable to extract hmac"); throw std::runtime_error("unable to extract hmac");
} }
@@ -194,26 +212,32 @@ std::vector<unsigned char> CKey::decryptECIES(CKey& otherKey, const std::vector<
std::vector<unsigned char> plaintext(ciphertext.size() - ECIES_HMAC_SIZE - ECIES_ENC_BLK_SIZE); std::vector<unsigned char> plaintext(ciphertext.size() - ECIES_HMAC_SIZE - ECIES_ENC_BLK_SIZE);
outlen=plaintext.size(); outlen=plaintext.size();
if(EVP_DecryptUpdate(&ctx, &(plaintext.front()), &outlen, if(EVP_DecryptUpdate(&ctx, &(plaintext.front()), &outlen,
&(ciphertext.front())+ECIES_ENC_BLK_SIZE+ECIES_HMAC_SIZE+1, &(ciphertext.front()) + ECIES_ENC_BLK_SIZE + ECIES_HMAC_SIZE + 1,
ciphertext.size()-ECIES_ENC_BLK_SIZE-ECIES_HMAC_SIZE-1) != 1) ciphertext.size() - ECIES_ENC_BLK_SIZE - ECIES_HMAC_SIZE - 1) != 1)
{ {
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
throw std::runtime_error("unable to extract plaintext"); throw std::runtime_error("unable to extract plaintext");
} }
// decrypt padding
int flen = 0; int flen = 0;
if(EVP_DecryptFinal(&ctx, &(plaintext.front()) + outlen, &flen) != 1) if(EVP_DecryptFinal(&ctx, &(plaintext.front()) + outlen, &flen) != 1)
{ {
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
throw std::runtime_error("plaintext had bad padding"); throw std::runtime_error("plaintext had bad padding");
} }
plaintext.resize(flen + outlen); plaintext.resize(flen + outlen);
// verify integrity
if(hmac != makeHMAC(secret, plaintext)) if(hmac != makeHMAC(secret, plaintext))
{ {
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
throw std::runtime_error("plaintext had bad hmac"); throw std::runtime_error("plaintext had bad hmac");
} }
secret.zero();
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
return plaintext; return plaintext;