git-svn-id: svn://db.shs.com.ru/pip@607 12ceb7fc-bf1f-11e4-8940-5bc7170c53b5

2018-04-26 18:20:03 +00:00
parent ef4030ebb9
commit cfa7be623c
11 changed files with 815 additions and 131 deletions
--- a/src_crypt/picrypt.cpp
+++ b/src_crypt/picrypt.cpp
@@ -1,20 +1,20 @@
 /*
-    PIP - Platform Independent Primitives
-    Cryptographic class using lib Sodium
+	PIP - Platform Independent Primitives
+	Cryptographic class using lib Sodium
 	Copyright (C) 2018 Andrey Bychkov work.a.b@yandex.ru

-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.

-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.

-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

 #include "picrypt.h"
@@ -22,6 +22,7 @@
 #  include <sodium.h>
 #endif

+#define PICRYPT_DISABLED_WARNING piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and rebuild pip";

 const char hash_def_key[] = "_picrypt_";

@@ -34,7 +35,7 @@ PICrypt::PICrypt() {
 	randombytes_buf(key_.data(), key_.size());
 	randombytes_buf(nonce_.data(), nonce_.size());
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install libsodium-dev library and build pip_crypt library";
+	PICRYPT_DISABLED_WARNING
 #endif
 }

@@ -72,22 +73,22 @@ PIByteArray PICrypt::crypt(const PIByteArray & data) {


 PIByteArray PICrypt::crypt(const PIByteArray & data, PIByteArray key) {
-	PIByteArray retba;
+	PIByteArray ret;
 #ifdef PIP_CRYPT
 	if (key.size() != crypto_secretbox_KEYBYTES)
 		key.resize(crypto_secretbox_KEYBYTES, ' ');
 		//return PIByteArray();
-	if (!init()) return retba;
+	if (!init()) return ret;
 	PIByteArray n;
-	retba.resize(data.size() + crypto_secretbox_MACBYTES);
+	ret.resize(data.size() + crypto_secretbox_MACBYTES);
 	n.resize(crypto_secretbox_NONCEBYTES);
 	randombytes_buf(n.data(), n.size());
-	crypto_secretbox_easy(retba.data(), data.data(), data.size(), n.data(), key.data());
-	retba.append(n);
+	crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data());
+	ret.append(n);
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=1";
+	PICRYPT_DISABLED_WARNING
 #endif
-	return retba;
+	return ret;
 }


@@ -112,7 +113,7 @@ PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool *ok) {


 PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bool *ok) {
-	PIByteArray retba;
+	PIByteArray ret;
 #ifdef PIP_CRYPT
 	if (key.size() != crypto_secretbox_KEYBYTES)
 		key.resize(crypto_secretbox_KEYBYTES, ' ');
@@ -123,21 +124,20 @@ PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bo
 		if (ok) *ok = false;
 		return PIByteArray();
 	}
-	if (!init()) return retba;
+	if (!init()) return ret;
 	PIByteArray n;
 	n.resize(crypto_secretbox_NONCEBYTES);
-	retba.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
+	ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
 	memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
-	if (crypto_secretbox_open_easy(retba.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) {
+	if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) {
 		if (ok) *ok = false;
 		//			piCout << "[PICrypt]" << "bad key_";
 		return PIByteArray();
-	}
+	} else if (ok) *ok = true;
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
-	if (ok) *ok = true;
-	return retba;
+	return ret;
 }


@@ -149,7 +149,7 @@ PIByteArray PICrypt::hash(const PIString & secret) {
 	PIByteArray s(secret.data(), secret.size());
 	crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), (const uchar*)hash_def_key, sizeof(hash_def_key) - 1);
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
 	return hash;
 }
@@ -167,7 +167,7 @@ ullong PICrypt::shorthash(const PIString& s, PIByteArray key) {
 	PIByteArray in(s.data(), s.size());
 	crypto_shorthash((uchar *)&hash, in.data(), in.size(), key.data());
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
 	return hash;
 }
@@ -180,7 +180,20 @@ PIByteArray PICrypt::generateKey() {
 	hash.resize(crypto_secretbox_KEYBYTES);
 	randombytes_buf(hash.data(), hash.size());
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
+#endif
+	return hash;
+}
+
+
+PIByteArray PICrypt::generateRandomBuff(int size) {
+	PIByteArray hash;
+#ifdef PIP_CRYPT
+	if (!init() || size <= 0) return hash;
+	hash.resize(size);
+	randombytes_buf(hash.data(), hash.size());
+#else
+	PICRYPT_DISABLED_WARNING
 #endif
 	return hash;
 }
@@ -190,7 +203,7 @@ size_t PICrypt::sizeKey() {
 #ifdef PIP_CRYPT
 	return crypto_secretbox_KEYBYTES;
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
 	return 0;
 }
@@ -200,12 +213,170 @@ size_t PICrypt::sizeCrypt() {
 #ifdef PIP_CRYPT
 	return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
 	return 0;
 }


+void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
+#ifdef PIP_CRYPT
+	if (!init()) return;
+	public_key.resize(crypto_sign_PUBLICKEYBYTES);
+	secret_key.resize(crypto_sign_SECRETKEYBYTES);
+	crypto_sign_keypair(public_key.data(), secret_key.data());
+#else
+	PICRYPT_DISABLED_WARNING
+		#endif
+}
+
+
+void PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
+#ifdef PIP_CRYPT
+	if (!init() || seed.isEmpty()) return;
+	public_key.resize(crypto_sign_PUBLICKEYBYTES);
+	secret_key.resize(crypto_sign_SECRETKEYBYTES);
+	crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
+#else
+	PICRYPT_DISABLED_WARNING
+		#endif
+}
+
+
+PIByteArray PICrypt::extractSignPublicKey(const PIByteArray & secret_key) {
+	PIByteArray pk;
+#ifdef PIP_CRYPT
+	if (!init() || secret_key.size() != crypto_sign_SECRETKEYBYTES) return pk;
+	pk.resize(crypto_sign_PUBLICKEYBYTES);
+	crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data());
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+	return pk;
+}
+
+
+PIByteArray PICrypt::signMessage(const PIByteArray & data, PIByteArray secret_key) {
+	PIByteArray sign;
+#ifdef PIP_CRYPT
+	if (!init()) return sign;
+	sign.resize(crypto_sign_BYTES);
+	crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data());
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+	return sign;
+}
+
+
+bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, PIByteArray public_key) {
+#ifdef PIP_CRYPT
+	if (!init()) return false;
+	return (crypto_sign_verify_detached(signature.data(), data.data(), data.size(), public_key.data()) == 0);
+#else
+	PICRYPT_DISABLED_WARNING
+	return false;
+#endif
+}
+
+
+void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
+#ifdef PIP_CRYPT
+	if (!init()) return;
+	public_key.resize(crypto_box_PUBLICKEYBYTES);
+	secret_key.resize(crypto_box_SECRETKEYBYTES);
+	crypto_box_keypair(public_key.data(), secret_key.data());
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+}
+
+
+void PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
+#ifdef PIP_CRYPT
+	if (!init()) return;
+	public_key.resize(crypto_box_PUBLICKEYBYTES);
+	secret_key.resize(crypto_box_SECRETKEYBYTES);
+	crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data());
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+}
+
+
+PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & public_key, const PIByteArray & secret_key) {
+	PIByteArray ret;
+#ifdef PIP_CRYPT
+	if (!init()) return ret;
+	if (public_key.size() != crypto_box_PUBLICKEYBYTES)
+		return ret;
+	if (secret_key.size() != crypto_box_SECRETKEYBYTES)
+		return ret;
+	PIByteArray n;
+	ret.resize(data.size() + crypto_box_MACBYTES);
+	n.resize(crypto_box_NONCEBYTES);
+	randombytes_buf(n.data(), n.size());
+	if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0)
+		return PIByteArray();
+	ret.append(n);
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+	return ret;
+}
+
+
+PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & public_key, const PIByteArray & secret_key, bool * ok) {
+	PIByteArray ret;
+#ifdef PIP_CRYPT
+	if (!init()) return ret;
+	if (public_key.size() != crypto_box_PUBLICKEYBYTES) {
+		if (ok) *ok = false;
+		return ret;
+	}
+	if (secret_key.size() != crypto_box_SECRETKEYBYTES) {
+		if (ok) *ok = false;
+		return ret;
+	}
+	if (crypt_data.size() < crypto_box_NONCEBYTES + crypto_box_MACBYTES) {
+		if (ok) *ok = false;
+		return ret;
+	}
+	PIByteArray n;
+	n.resize(crypto_secretbox_NONCEBYTES);
+	ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES);
+	memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size());
+	if (crypto_box_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), public_key.data(), secret_key.data()) != 0) {
+		if (ok) *ok = false;
+		//			piCout << "[PICrypt]" << "bad key_";
+		return PIByteArray();
+	} else if (ok) *ok = true;
+#else
+	PICRYPT_DISABLED_WARNING
+#endif
+	return ret;
+}
+
+
+PIByteArray PICrypt::passwordHash(const PIString & password, const PIByteArray & seed) {
+//	char out[crypto_pwhash_STRBYTES];
+	PIByteArray pass = password.toUTF8();
+	PIByteArray n;
+	PIByteArray ph;
+	ph.resize(crypto_box_SEEDBYTES);
+	n.resize(crypto_pwhash_SALTBYTES);
+//	randombytes_buf(n.data(), n.size());
+	crypto_shorthash(n.data(), seed.data(), seed.size(), PIByteArray(crypto_shorthash_KEYBYTES).data());
+	int r = crypto_pwhash(ph.data(), ph.size(), (const char*)pass.data(), pass.size(), n.data(), crypto_pwhash_argon2i_opslimit_moderate(), crypto_pwhash_argon2i_memlimit_moderate(), crypto_pwhash_ALG_ARGON2I13);
+	//crypto_pwhash_str(out, (const char*)pass.data(), pass.size(), crypto_pwhash_argon2i_opslimit_moderate(), crypto_pwhash_argon2i_memlimit_moderate());
+	pass.fill(0);
+	if (r != 0) return PIByteArray();
+	PIByteArray ret;
+	ret << ph << n << crypto_pwhash_argon2i_opslimit_moderate() << crypto_pwhash_argon2i_memlimit_moderate();
+	return ret;
+}
+
+
 bool PICrypt::init() {
 #ifdef PIP_CRYPT
 	static bool inited = false;
@@ -215,7 +386,7 @@ bool PICrypt::init() {
 	//piCout << "[PICrypt]" << "init" << inited;
 	return inited;
 #else
-	piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT=";
+	PICRYPT_DISABLED_WARNING
 #endif
 	return false;
 }