From f6586ae894673b561455de5044d2ff31f6a0ef94 Mon Sep 17 00:00:00 2001 From: Stefan Suhren Date: Wed, 10 Jun 2015 12:52:06 +0200 Subject: Add IV to CryptAes and create hash in CryptEngine --- src/crypt/cryptaes.cpp | 72 +++++------------------------------------------ src/crypt/cryptaes.h | 4 +++ src/crypt/cryptengine.cpp | 61 +++++++++++++++++++++++++++++++++++++++ src/crypt/cryptengine.h | 11 ++++++++ 4 files changed, 83 insertions(+), 65 deletions(-) (limited to 'src/crypt') diff --git a/src/crypt/cryptaes.cpp b/src/crypt/cryptaes.cpp index b74ae03..0129c31 100644 --- a/src/crypt/cryptaes.cpp +++ b/src/crypt/cryptaes.cpp @@ -32,80 +32,22 @@ const EVP_CIPHER *CryptAes::algorithm() void CryptAes::encrypt() { - EVP_MD_CTX *ctx; + m_key = CryptEngine::createPasswordHash(m_key); - /* Create and initialise the context */ - if (!(ctx = EVP_MD_CTX_create())) - { - handleOpenSslError(); - } - - /* Initialise the encryption operation. IMPORTANT - ensure you use a key - * and IV size appropriate for your cipher */ - if (1 != EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) - { - handleOpenSslError(); - } - - /* Provide the message to be encrypted, and obtain the encrypted output. - * EVP_EncryptUpdate can be called multiple times if necessary - */ - if (1 != EVP_DigestUpdate(ctx, m_key.data(), m_key.size())) - { - handleOpenSslError(); - } - - m_key = QByteArray(256, 0); - - /* Finalise the encryption. Further ciphertext bytes may be written at - * this stage. - */ - if (1 != EVP_DigestFinal_ex(ctx, (unsigned char *) m_key.data(), NULL)) - { - handleOpenSslError(); - } - - EVP_MD_CTX_destroy(ctx); + m_iv = CryptEngine::createRandomIv(IVLENGTH); CryptClassEvp::encrypt(); + + m_cryptText = m_iv + m_cryptText; } void CryptAes::decrypt() { - EVP_MD_CTX *ctx; - - /* Create and initialise the context */ - if (!(ctx = EVP_MD_CTX_create())) - { - handleOpenSslError(); - } - - /* Initialise the encryption operation. IMPORTANT - ensure you use a key - * and IV size appropriate for your cipher */ - if (1 != EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) - { - handleOpenSslError(); - } + m_key = CryptEngine::createPasswordHash(m_key); - /* Provide the message to be encrypted, and obtain the encrypted output. - * EVP_EncryptUpdate can be called multiple times if necessary - */ - if (1 != EVP_DigestUpdate(ctx, m_key.data(), m_key.size())) - { - handleOpenSslError(); - } - - m_key = QByteArray(256, 0); - - /* Finalise the encryption. Further ciphertext bytes may be written at - * this stage. - */ - if (1 != EVP_DigestFinal_ex(ctx, (unsigned char *) m_key.data(), NULL)) - { - handleOpenSslError(); - } + m_iv = m_cryptText.left(IVLENGTH); - EVP_MD_CTX_destroy(ctx); + m_cryptText = m_cryptText.remove(0, IVLENGTH); CryptClassEvp::decrypt(); } diff --git a/src/crypt/cryptaes.h b/src/crypt/cryptaes.h index 58ddba1..e0de1b1 100644 --- a/src/crypt/cryptaes.h +++ b/src/crypt/cryptaes.h @@ -2,6 +2,7 @@ #define CRYPTAES_H #include "cryptclassevp.h" +#include "cryptengine.h" #include @@ -16,6 +17,9 @@ public: virtual void encrypt(); virtual void decrypt(); + +private: + static const int IVLENGTH = 8; }; #endif // CRYPTAES_H diff --git a/src/crypt/cryptengine.cpp b/src/crypt/cryptengine.cpp index fcee6f2..905fa7d 100644 --- a/src/crypt/cryptengine.cpp +++ b/src/crypt/cryptengine.cpp @@ -18,6 +18,67 @@ void CryptEngine::generateRandomKey() m_cryptClass->generateRandomKey(); } +QByteArray CryptEngine::createPasswordHash(const QString &password) +{ + QByteArray ret(256, 0); + + EVP_MD_CTX *ctx; + + /* Create and initialise the context */ + if (!(ctx = EVP_MD_CTX_create())) + { + handleOpenSslError(); + } + + /* Initialise the encryption operation. IMPORTANT - ensure you use a key + * and IV size appropriate for your cipher */ + if (1 != EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + { + handleOpenSslError(); + } + + /* Provide the message to be encrypted, and obtain the encrypted output. + * EVP_EncryptUpdate can be called multiple times if necessary + */ + if (1 != EVP_DigestUpdate(ctx, password.data(), password.size())) + { + handleOpenSslError(); + } + + /* Finalise the encryption. Further ciphertext bytes may be written at + * this stage. + */ + if (1 != EVP_DigestFinal_ex(ctx, (unsigned char *) ret.data(), NULL)) + { + handleOpenSslError(); + } + + EVP_MD_CTX_destroy(ctx); + + return ret; +} + +QByteArray CryptEngine::createRandomIv(int length) +{ + QByteArray ret(length, 0); + + qint64 m_time = QDateTime::currentMSecsSinceEpoch(); + + RAND_seed(&m_time, sizeof m_time); + + if(1 != RAND_bytes((unsigned char *) ret.data(), ret.length())) + { + handleOpenSslError(); + } + + return ret; +} + +void CryptEngine::handleOpenSslError() +{ + throw std::runtime_error(ERR_reason_error_string(ERR_get_error())); +} + void CryptEngine::setKey(QString value) { m_cryptClass->setKey( value.toLatin1() ); diff --git a/src/crypt/cryptengine.h b/src/crypt/cryptengine.h index 50f91a1..a0d990b 100644 --- a/src/crypt/cryptengine.h +++ b/src/crypt/cryptengine.h @@ -3,6 +3,12 @@ #include +#include +#include +#include + +#include + #include "../cipherssingleton.h" #include "cryptclassbase.h" #include "cryptclassnullcipher.h" @@ -209,6 +215,9 @@ public: //Methods + static QByteArray createPasswordHash(const QString &password); + + static QByteArray createRandomIv(int length); public slots: /** * \brief Slot called when an active algorithm gets selected. @@ -257,6 +266,8 @@ private: //Attributes * \see CryptClassBase */ CryptClassBase* m_cryptClass; + + static void handleOpenSslError(); }; #endif // CRYPTENGINE_H -- cgit v1.2.3-70-g09d2