mirror of
https://github.com/vgough/encfs.git
synced 2025-01-04 04:59:53 +01:00
95750d4539
implement pbkdf-hmac-sha256 module for Botan and CommonCrypto. git-svn-id: http://encfs.googlecode.com/svn/trunk@98 db9cf616-1c43-0410-9cb8-a902689de0d6
287 lines
7.4 KiB
C++
287 lines
7.4 KiB
C++
|
|
/*****************************************************************************
|
|
* Author: Valient Gough <vgough@pobox.com>
|
|
*
|
|
*****************************************************************************
|
|
* Copyright (c) 2013 Valient Gough
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify it under
|
|
* the terms of the GNU Lesser General Public License as published by the Free
|
|
* Software Foundation, either version 3 of the License, or (at your option) any
|
|
* later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "cipher/CommonCrypto.h"
|
|
|
|
#include <glog/logging.h>
|
|
|
|
#include <CommonCrypto/CommonCryptor.h>
|
|
#include <CommonCrypto/CommonDigest.h>
|
|
#include <CommonCrypto/CommonHMAC.h>
|
|
#include <CommonCrypto/CommonKeyDerivation.h>
|
|
|
|
#include "base/config.h"
|
|
#include "cipher/BlockCipher.h"
|
|
#include "cipher/MAC.h"
|
|
#include "cipher/PBKDF.h"
|
|
|
|
#ifdef HAVE_SEC_RANDOM_H
|
|
#include <Security/SecRandom.h>
|
|
#endif
|
|
|
|
namespace encfs {
|
|
namespace commoncrypto {
|
|
|
|
class PbkdfPkcs5Hmac : public PBKDF {
|
|
CCPseudoRandomAlgorithm prf_;
|
|
public:
|
|
PbkdfPkcs5Hmac(CCPseudoRandomAlgorithm prf)
|
|
: prf_(prf) {}
|
|
virtual ~PbkdfPkcs5Hmac() {}
|
|
|
|
virtual bool makeKey(const char *password, int passwordLength,
|
|
const byte *salt, int saltLength,
|
|
int numIterations,
|
|
CipherKey *outKey) {
|
|
int ret = CCKeyDerivationPBKDF(kCCPBKDF2, password, passwordLength,
|
|
salt, saltLength, prf_,
|
|
numIterations,
|
|
outKey->data(), outKey->size());
|
|
if (ret != 0) {
|
|
PLOG(ERROR) << "CCKeyDerivationPBKDF failed";
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
virtual CipherKey randomKey(int length) {
|
|
CipherKey key(length);
|
|
if (length == 0) return key;
|
|
#ifdef HAVE_SEC_RANDOM_H
|
|
if (SecRandomCopyBytes(kSecRandomDefault, key.size(), key.data()) < 0) {
|
|
PLOG(ERROR) << "random key generation failure for length " << length;
|
|
key.reset();
|
|
}
|
|
#else
|
|
#error No random number generator provided.
|
|
#endif
|
|
return key;
|
|
}
|
|
|
|
virtual bool pseudoRandom(byte *out, int length) {
|
|
if (length == 0) return true;
|
|
#ifdef HAVE_SEC_RANDOM_H
|
|
if (SecRandomCopyBytes(kSecRandomDefault, length, out) < 0) {
|
|
PLOG(ERROR) << "random key generation failure for length " << length;
|
|
return false;
|
|
}
|
|
#else
|
|
#error No random number generator provided.
|
|
#endif
|
|
return true;
|
|
}
|
|
};
|
|
|
|
|
|
class PbkdfPkcs5HmacSha1CC : public PbkdfPkcs5Hmac {
|
|
public:
|
|
PbkdfPkcs5HmacSha1CC() : PbkdfPkcs5Hmac(kCCPRFHmacAlgSHA1) {}
|
|
~PbkdfPkcs5HmacSha1CC() {}
|
|
|
|
static Properties GetProperties() {
|
|
Properties props;
|
|
props.mode = NAME_PBKDF2_HMAC_SHA1;
|
|
props.library = "CommonCrypto";
|
|
return props;
|
|
}
|
|
};
|
|
REGISTER_CLASS(PbkdfPkcs5HmacSha1CC, PBKDF);
|
|
|
|
class PbkdfPkcs5HmacSha256CC : public PbkdfPkcs5Hmac {
|
|
public:
|
|
PbkdfPkcs5HmacSha256CC() : PbkdfPkcs5Hmac(kCCPRFHmacAlgSHA256) {}
|
|
~PbkdfPkcs5HmacSha256CC() {}
|
|
|
|
static Properties GetProperties() {
|
|
Properties props;
|
|
props.mode = NAME_PBKDF2_HMAC_SHA256;
|
|
props.library = "CommonCrypto";
|
|
return props;
|
|
}
|
|
};
|
|
REGISTER_CLASS(PbkdfPkcs5HmacSha256CC, PBKDF);
|
|
|
|
class CCCipher : public BlockCipher {
|
|
CipherKey key;
|
|
CCAlgorithm algorithm;
|
|
CCMode mode;
|
|
public:
|
|
CCCipher() { }
|
|
virtual ~CCCipher() { }
|
|
|
|
bool rekey(const CipherKey &key, CCAlgorithm algorithm, CCMode mode) {
|
|
this->key = key;
|
|
this->algorithm = algorithm;
|
|
this->mode = mode;
|
|
return true;
|
|
}
|
|
|
|
virtual bool encrypt(const byte *iv, const byte *in, byte *out, int size) {
|
|
CCCryptorRef cryptor;
|
|
CCCryptorCreateWithMode(kCCEncrypt, mode, algorithm, 0,
|
|
iv, key.data(), key.size(),
|
|
NULL, 0, 0, 0, &cryptor);
|
|
size_t updateLength = 0;
|
|
CCCryptorUpdate(cryptor, in, size, out, size, &updateLength);
|
|
CCCryptorRelease(cryptor);
|
|
return true;
|
|
}
|
|
|
|
virtual bool decrypt(const byte *iv, const byte *in, byte *out, int size) {
|
|
CCCryptorRef cryptor;
|
|
CCCryptorCreateWithMode(kCCDecrypt, mode, algorithm, 0,
|
|
iv, key.data(), key.size(),
|
|
NULL, 0, 0, 0, &cryptor);
|
|
size_t updateLength = 0;
|
|
CCCryptorUpdate(cryptor, in, size, out, size, &updateLength);
|
|
CCCryptorRelease(cryptor);
|
|
return true;
|
|
}
|
|
};
|
|
|
|
class BfCbc : public CCCipher {
|
|
public:
|
|
BfCbc() {}
|
|
virtual ~BfCbc() {}
|
|
|
|
virtual bool setKey(const CipherKey &key) {
|
|
return CCCipher::rekey(key, kCCAlgorithmBlowfish, kCCModeCBC);
|
|
}
|
|
|
|
virtual int blockSize() const {
|
|
return kCCBlockSizeBlowfish;
|
|
}
|
|
|
|
static Properties GetProperties() {
|
|
return Properties(Range(128,256,32), "Blowfish", "CBC", "CommonCrypto");
|
|
}
|
|
};
|
|
REGISTER_CLASS(BfCbc, BlockCipher);
|
|
|
|
class AesCbc : public CCCipher {
|
|
public:
|
|
AesCbc() {}
|
|
virtual ~AesCbc() {}
|
|
|
|
virtual bool setKey(const CipherKey &key) {
|
|
return CCCipher::rekey(key, kCCAlgorithmAES128, kCCModeCBC);
|
|
}
|
|
|
|
virtual int blockSize() const {
|
|
return kCCBlockSizeAES128;
|
|
}
|
|
|
|
static Properties GetProperties() {
|
|
return Properties(Range(128,256,64), "AES", "CBC", "CommonCrypto");
|
|
}
|
|
};
|
|
REGISTER_CLASS(AesCbc, BlockCipher);
|
|
|
|
class BfCfb : public CCCipher {
|
|
public:
|
|
BfCfb() {}
|
|
virtual ~BfCfb() {}
|
|
|
|
virtual bool setKey(const CipherKey &key) {
|
|
return CCCipher::rekey(key, kCCAlgorithmBlowfish, kCCModeCFB);
|
|
}
|
|
|
|
virtual int blockSize() const { return 1; }
|
|
|
|
static Properties GetProperties() {
|
|
return Properties(Range(128,256,32), "Blowfish", "CFB", "CommonCrypto");
|
|
}
|
|
};
|
|
REGISTER_CLASS(BfCfb, StreamCipher);
|
|
|
|
class AesCfb : public CCCipher {
|
|
public:
|
|
AesCfb() {}
|
|
virtual ~AesCfb() {}
|
|
|
|
virtual bool setKey(const CipherKey &key) {
|
|
return CCCipher::rekey(key, kCCAlgorithmAES128, kCCModeCFB);
|
|
}
|
|
|
|
virtual int blockSize() const { return 1; }
|
|
|
|
static Properties GetProperties() {
|
|
return Properties(Range(128,256,64), "AES", "CFB", "CommonCrypto");
|
|
}
|
|
};
|
|
REGISTER_CLASS(AesCfb, StreamCipher);
|
|
|
|
class Sha1HMac : public MAC {
|
|
public:
|
|
Sha1HMac() {}
|
|
virtual ~Sha1HMac() {}
|
|
|
|
virtual int outputSize() const {
|
|
return CC_SHA1_DIGEST_LENGTH;
|
|
}
|
|
|
|
virtual bool setKey(const CipherKey &key) {
|
|
this->key = key;
|
|
return true;
|
|
}
|
|
|
|
virtual void init() {
|
|
if (key.size() > 0) {
|
|
CCHmacInit(&ctx, kCCHmacAlgSHA1, key.data(), key.size());
|
|
} else {
|
|
// CommonCrypto will segfault later on if a null key is passed, even if
|
|
// key length is 0.
|
|
CCHmacInit(&ctx, kCCHmacAlgSHA1, &ctx, 0);
|
|
}
|
|
}
|
|
|
|
virtual bool update (const byte *in, int length) {
|
|
CCHmacUpdate(&ctx, in, length);
|
|
return true;
|
|
}
|
|
|
|
virtual bool write(byte *out) {
|
|
CCHmacFinal(&ctx, out);
|
|
return true;
|
|
}
|
|
|
|
static Properties GetProperties() {
|
|
Properties props;
|
|
props.blockSize = CC_SHA1_DIGEST_LENGTH;
|
|
props.hashFunction = "SHA-1";
|
|
props.mode = "HMAC";
|
|
props.library = "CommonCrypto";
|
|
return props;
|
|
}
|
|
|
|
private:
|
|
CipherKey key;
|
|
CCHmacContext ctx;
|
|
};
|
|
REGISTER_CLASS(Sha1HMac, MAC);
|
|
|
|
} // namespace commoncrypto
|
|
|
|
void CommonCrypto::registerCiphers() {
|
|
}
|
|
|
|
} // namespace encfs
|