/* PIP - Platform Independent Primitives Cryptographic class using lib Sodium Copyright (C) 2015 Andrey Bychkov work.a.b@yandex.ru This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "picrypt.h" #ifdef PIP_CRYPT # include "sodium.h" #endif PICrypt::PICrypt() { #ifdef PIP_CRYPT sodium_init(); nonce_.resize(crypto_secretbox_NONCEBYTES); key_.resize(crypto_secretbox_KEYBYTES); randombytes_buf(key_.data(), key_.size()); randombytes_buf(nonce_.data(), nonce_.size()); #else piCout << "[PICrypt]" << "Warning: PICrypt is disabled, to enable install sodium library and build pip with -DCRYPT="; #endif } bool PICrypt::setKey(const PIByteArray & secret) { if (secret.size() != key_.size()) return false; key_ = secret; return true; } PIByteArray PICrypt::setKey(const PIString & secret) { PIByteArray hash; #ifdef PIP_CRYPT hash.resize(crypto_generichash_BYTES); PIByteArray s(secret.data(), secret.size()); crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), 0, 0); hash.resize(key_.size()); setKey(hash); #endif return hash; } PIByteArray PICrypt::crypt(const PIByteArray & data) { PIByteArray ret; #ifdef PIP_CRYPT ret.resize(data.size() + crypto_secretbox_MACBYTES); randombytes_buf(nonce_.data(), nonce_.size()); crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()); ret.append(nonce_); #endif return ret; } PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & key) { PIByteArray ret; #ifdef PIP_CRYPT if (key.size() != crypto_secretbox_KEYBYTES) return PIByteArray(); sodium_init(); PIByteArray n; ret.resize(data.size() + crypto_secretbox_MACBYTES); n.resize(crypto_secretbox_NONCEBYTES); randombytes_buf(n.data(), n.size()); crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()); ret.append(n); #endif return ret; } PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool *ok) { PIByteArray ret; #ifdef PIP_CRYPT if (crypt_data.size() < nonce_.size() + crypto_secretbox_MACBYTES) { if (ok) *ok = false; return PIByteArray(); } ret.resize(crypt_data.size() - nonce_.size() - crypto_secretbox_MACBYTES); memcpy(nonce_.data(), crypt_data.data(crypt_data.size() - nonce_.size()), nonce_.size()); if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - nonce_.size(), nonce_.data(), key_.data()) != 0) { if (ok) *ok = false; // piCout << "[PICrypt]" << "bad key_"; return PIByteArray(); } #endif if (ok) *ok = true; return ret; } PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & key, bool *ok) { PIByteArray ret; #ifdef PIP_CRYPT if (key.size() != crypto_secretbox_KEYBYTES) { if (ok) *ok = false; return PIByteArray(); } if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) { if (ok) *ok = false; return PIByteArray(); } sodium_init(); PIByteArray n; n.resize(crypto_secretbox_NONCEBYTES); ret.resize(crypt_data.size() - n.size() - crypto_secretbox_MACBYTES); memcpy(n.data(), crypt_data.data(crypt_data.size() - n.size()), n.size()); if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), crypt_data.size() - n.size(), n.data(), key.data()) != 0) { if (ok) *ok = false; // piCout << "[PICrypt]" << "bad key_"; return PIByteArray(); } #endif if (ok) *ok = true; return ret; } PIByteArray PICrypt::hash(const PIString & secret) { PIByteArray hash; #ifdef PIP_CRYPT sodium_init(); hash.resize(crypto_generichash_BYTES); PIByteArray s(secret.data(), secret.size()); crypto_generichash(hash.data(), hash.size(), s.data(), s.size(), 0, 0); #endif return hash; } int PICrypt::sizeKey() { #ifdef PIP_CRYPT return crypto_secretbox_KEYBYTES; #endif return 0; } int PICrypt::sizeCrypt() { #ifdef PIP_CRYPT return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES; #endif return 0; }