8 #include <botan/cryptobox.h>
9 #include <botan/filters.h>
10 #include <botan/pipe.h>
11 #include <botan/lookup.h>
12 #include <botan/sha2_64.h>
13 #include <botan/hmac.h>
14 #include <botan/pbkdf2.h>
15 #include <botan/pem.h>
16 #include <botan/get_byte.h>
17 #include <botan/mem_ops.h>
29 const u32bit CRYPTOBOX_VERSION_CODE = 0xEFC22400;
31 const size_t VERSION_CODE_LEN = 4;
32 const size_t CIPHER_KEY_LEN = 32;
33 const size_t CIPHER_IV_LEN = 16;
34 const size_t MAC_KEY_LEN = 32;
35 const size_t MAC_OUTPUT_LEN = 20;
36 const size_t PBKDF_SALT_LEN = 10;
37 const size_t PBKDF_ITERATIONS = 8 * 1024;
39 const size_t PBKDF_OUTPUT_LEN = CIPHER_KEY_LEN + CIPHER_IV_LEN + MAC_KEY_LEN;
44 const std::string& passphrase,
69 mac_key, MAC_OUTPUT_LEN)));
80 const size_t ciphertext_len = pipe.
remaining(0);
87 for(
size_t i = 0; i != VERSION_CODE_LEN; ++i)
88 out_buf[i] =
get_byte(i, CRYPTOBOX_VERSION_CODE);
90 copy_mem(&out_buf[VERSION_CODE_LEN], &pbkdf_salt[0], PBKDF_SALT_LEN);
92 pipe.
read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], MAC_OUTPUT_LEN, 1);
93 pipe.
read(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN],
100 const std::string& passphrase)
105 "BOTAN CRYPTOBOX MESSAGE");
107 if(ciphertext.
size() < (VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN))
110 for(
size_t i = 0; i != VERSION_CODE_LEN; ++i)
111 if(ciphertext[i] !=
get_byte(i, CRYPTOBOX_VERSION_CODE))
114 const byte* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];
134 mac_key, MAC_OUTPUT_LEN)));
136 const size_t ciphertext_offset =
137 VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN;
140 ciphertext.
size() - ciphertext_offset);
142 byte computed_mac[MAC_OUTPUT_LEN];
143 pipe.
read(computed_mac, MAC_OUTPUT_LEN, 1);
146 &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN],
154 const std::string& passphrase)
156 return decrypt(reinterpret_cast<const byte*>(&input[0]),
virtual void randomize(byte output[], size_t length)=0
bool same_mem(const T *p1, const T *p2, size_t n)
size_t read(byte output[], size_t length)
std::string read_all_as_string(message_id=DEFAULT_MESSAGE)
OctetString derive_key(size_t output_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
byte get_byte(size_t byte_num, T input)
std::string decrypt(const byte input[], size_t input_len, const std::string &passphrase)
size_t remaining(message_id msg=DEFAULT_MESSAGE) const
RandomNumberGenerator * rng
const byte * begin() const
void copy_mem(T *out, const T *in, size_t n)
std::string encrypt(const byte input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Keyed_Filter * get_cipher(const std::string &algo_spec, Cipher_Dir direction)
SecureVector< byte > decode_check_label(DataSource &source, const std::string &label_want)
void process_msg(const byte in[], size_t length)