Botan 3.0.0-alpha0
Crypto and TLS for C&
Functions
Botan::CryptoBox Namespace Reference

Functions

std::string decrypt (const std::string &input, const std::string &passphrase)
 
std::string decrypt (const uint8_t input[], size_t input_len, const std::string &passphrase)
 
secure_vector< uint8_t > decrypt_bin (const std::string &input, const std::string &passphrase)
 
secure_vector< uint8_t > decrypt_bin (const uint8_t input[], size_t input_len, const std::string &passphrase)
 
std::string encrypt (const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
 

Detailed Description

This namespace holds various high-level crypto functions

Function Documentation

◆ decrypt() [1/2]

std::string Botan::CryptoBox::decrypt ( const std::string &  input,
const std::string &  passphrase 
)

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
passphrasethe passphrase used to encrypt the message

Definition at line 172 of file cryptobox.cpp.

174 {
175 return decrypt(cast_char_ptr_to_uint8(input.data()),
176 input.size(), passphrase);
177 }
std::string decrypt(const std::string &input, const std::string &passphrase)
Definition: cryptobox.cpp:172
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183

References Botan::cast_char_ptr_to_uint8(), and decrypt().

◆ decrypt() [2/2]

std::string Botan::CryptoBox::decrypt ( const uint8_t  input[],
size_t  input_len,
const std::string &  passphrase 
)

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message

Definition at line 163 of file cryptobox.cpp.

165 {
166 const secure_vector<uint8_t> bin = decrypt_bin(input, input_len, passphrase);
167
168 return std::string(cast_uint8_ptr_to_char(&bin[0]),
169 bin.size());
170 }
secure_vector< uint8_t > decrypt_bin(const std::string &input, const std::string &passphrase)
Definition: cryptobox.cpp:155
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:188
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

References Botan::cast_uint8_ptr_to_char(), and decrypt_bin().

Referenced by decrypt(), Botan::PK_Decryptor::decrypt(), Botan::PK_KEM_Decryptor::decrypt(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), and Botan::Camellia_256::decrypt_n().

◆ decrypt_bin() [1/2]

secure_vector< uint8_t > Botan::CryptoBox::decrypt_bin ( const std::string &  input,
const std::string &  passphrase 
)

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
passphrasethe passphrase used to encrypt the message

Definition at line 155 of file cryptobox.cpp.

157 {
158 return decrypt_bin(cast_char_ptr_to_uint8(input.data()),
159 input.size(),
160 passphrase);
161 }

References Botan::cast_char_ptr_to_uint8(), and decrypt_bin().

◆ decrypt_bin() [2/2]

secure_vector< uint8_t > Botan::CryptoBox::decrypt_bin ( const uint8_t  input[],
size_t  input_len,
const std::string &  passphrase 
)

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message

Definition at line 95 of file cryptobox.cpp.

97 {
98 DataSource_Memory input_src(input, input_len);
99 secure_vector<uint8_t> ciphertext =
101 "BOTAN CRYPTOBOX MESSAGE");
102
103 if(ciphertext.size() < CRYPTOBOX_HEADER_LEN)
104 throw Decoding_Error("Invalid CryptoBox input");
105
106 for(size_t i = 0; i != VERSION_CODE_LEN; ++i)
107 {
108 uint32_t version = load_be<uint32_t>(ciphertext.data(), 0);
109 if(version != CRYPTOBOX_VERSION_CODE)
110 throw Decoding_Error("Bad CryptoBox version");
111 }
112
113 const uint8_t* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];
114 const uint8_t* box_mac = &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN];
115
116 auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
117 auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);
118
119 secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);
120
121 pbkdf->derive_key(
122 master_key.data(), master_key.size(),
123 passphrase.data(), passphrase.size(),
124 pbkdf_salt, PBKDF_SALT_LEN);
125
126 const uint8_t* mk = master_key.data();
127 const uint8_t* cipher_key = mk;
128 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
129 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
130
131 // Now authenticate and decrypt
132 std::unique_ptr<MessageAuthenticationCode> hmac =
133 MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
134 hmac->set_key(mac_key, MAC_KEY_LEN);
135
136 if(ciphertext.size() > CRYPTOBOX_HEADER_LEN)
137 {
138 hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN],
139 ciphertext.size() - CRYPTOBOX_HEADER_LEN);
140 }
141 secure_vector<uint8_t> computed_mac = hmac->final();
142
143 if(!constant_time_compare(computed_mac.data(), box_mac, MAC_OUTPUT_LEN))
144 throw Decoding_Error("CryptoBox integrity failure");
145
146 std::unique_ptr<Cipher_Mode> ctr(Cipher_Mode::create_or_throw("Serpent/CTR-BE", DECRYPTION));
147 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
148 ctr->start(iv, CIPHER_IV_LEN);
149 ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN);
150
151 ciphertext.erase(ciphertext.begin(), ciphertext.begin() + CRYPTOBOX_HEADER_LEN);
152 return ciphertext;
153 }
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:52
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition: mem_ops.h:82
constexpr uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:190
@ DECRYPTION
Definition: cipher_mode.h:23

References Botan::constant_time_compare(), Botan::Cipher_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::PasswordHashFamily::create_or_throw(), Botan::PEM_Code::decode_check_label(), Botan::DECRYPTION, and Botan::load_be< uint32_t >().

Referenced by decrypt(), and decrypt_bin().

◆ encrypt()

std::string Botan::CryptoBox::encrypt ( const uint8_t  input[],
size_t  input_len,
const std::string &  passphrase,
RandomNumberGenerator rng 
)

Encrypt a message using a passphrase

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message
rnga ref to a random number generator, such as AutoSeeded_RNG

Definition at line 40 of file cryptobox.cpp.

43 {
44 /*
45 Output format is:
46 version # (4 bytes)
47 salt (10 bytes)
48 mac (20 bytes)
49 ciphertext
50 */
51 secure_vector<uint8_t> out_buf(CRYPTOBOX_HEADER_LEN + input_len);
52 store_be(CRYPTOBOX_VERSION_CODE, out_buf.data());
53 rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
54 // space left for MAC here
55 if(input_len > 0)
56 copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
57
58 // Generate the keys and IV
59
60 auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
61 auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);
62
63 secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);
64
65 pbkdf->derive_key(
66 master_key.data(), master_key.size(),
67 passphrase.data(), passphrase.size(),
68 &out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
69
70 const uint8_t* mk = master_key.data();
71 const uint8_t* cipher_key = mk;
72 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
73 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
74
75 // Now encrypt and authenticate
76 std::unique_ptr<Cipher_Mode> ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", ENCRYPTION);
77 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
78 ctr->start(iv, CIPHER_IV_LEN);
79 ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN);
80
81 std::unique_ptr<MessageAuthenticationCode> hmac =
82 MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
83 hmac->set_key(mac_key, MAC_KEY_LEN);
84 if(input_len > 0)
85 hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
86
87 // Can't write directly because of MAC truncation
88 secure_vector<uint8_t> mac = hmac->final();
89 copy_mem(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], mac.data(), MAC_OUTPUT_LEN);
90
91 return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE");
92 }
virtual void randomize(uint8_t output[], size_t length)=0
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:41
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:126
@ ENCRYPTION
Definition: cipher_mode.h:23
constexpr void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:449

References Botan::copy_mem(), Botan::Cipher_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::PasswordHashFamily::create_or_throw(), Botan::PEM_Code::encode(), Botan::ENCRYPTION, Botan::RandomNumberGenerator::randomize(), and Botan::store_be().

Referenced by Botan::PK_KEM_Encryptor::encrypt(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), and Botan::Camellia_256::encrypt_n().