Larra/larra
10
4
Fork 0
Code Issues 15 Pull requests Projects 1 Releases Packages Wiki Activity Actions
larra/library/src/encryption.cpp

229 lines
8.9 KiB
C++
Raw Normal View History

Move all encryption to separate file
2024-09-14 16:38:45 +00:00
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <boost/algorithm/string.hpp>
#include <boost/archive/iterators/base64_from_binary.hpp>
#include <boost/archive/iterators/binary_from_base64.hpp>
#include <boost/archive/iterators/transform_width.hpp>
#include <larra/encryption.hpp>
#include <random>
#include <ranges>
namespace larra::xmpp {
auto EncodeBase64(std::string_view val) -> std::string {
using namespace boost::archive::iterators; // NOLINT
using It = base64_from_binary<transform_width<std::string_view::const_iterator, 6, 8>>; // NOLINT
auto tmp = std::string(It(std::begin(val)), It(std::end(val)));
return tmp.append((3 - val.size() % 3) % 3, '=');
}
auto DecodeBase64(std::string_view val) -> std::string {
using namespace boost::archive::iterators; // NOLINT
using It = transform_width<binary_from_base64<std::string_view::const_iterator>, 8, 6>; // NOLINT
return boost::algorithm::trim_right_copy_if(std::string(It(std::begin(val)), It(std::end(val))), [](char c) {
return c == '\0';
});
}
auto GenerateNonce(std::size_t length) -> std::string { // NOLINT
constexpr std::string_view characters =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789";
std::random_device rd;
std::mt19937 generator(rd());
std::uniform_int_distribution<> distribution(0, characters.size() - 1);
return std::views::iota(std::size_t{}, length) | std::views::transform([&](...) {
return characters[distribution(generator)];
}) |
std::ranges::to<std::string>();
}
template <typename A, typename B, typename C>
struct DataHolder {
A first;
B second;
C third;
};
consteval auto GetDataForTag(sha512sum::EncryptionTag) {
return DataHolder{[] {
return EVP_sha512();
},
kSha512ResultSize,
[](auto... args) {
return SHA512(args...);
}};
}
consteval auto GetDataForTag(sha256sum::EncryptionTag) {
return DataHolder{[] {
return EVP_sha256();
},
kSha256ResultSize,
[](auto... args) {
return SHA256(args...);
}};
}
consteval auto GetDataForTag(sha1sum::EncryptionTag) {
return DataHolder{[] {
return EVP_sha256();
},
kSha1ResultSize,
[](auto... args) {
return SHA1(args...);
}};
}
template <typename TagType>
inline auto HashImpl(UnsignedStringView input, TagType) -> UnsignedString {
constexpr auto Size = GetDataForTag(TagType{}).second;
constexpr auto F = GetDataForTag(TagType{}).third;
UnsignedString response;
response.resize(Size);
F(input.data(), input.size(), response.data());
return response;
}
template <typename TagType>
inline auto HmacImpl(std::string_view key, UnsignedStringView message, TagType) -> UnsignedString {
constexpr auto Size = GetDataForTag(TagType{}).second;
constexpr auto F = GetDataForTag(TagType{}).first;
UnsignedString result;
result.resize(Size);
unsigned int result_len{};
HMAC(F(), key.data(), static_cast<int>(key.size()), message.data(), message.size(), result.data(), &result_len);
result.resize(result_len);
return result;
}
template <typename TagType>
inline auto Pbkdf2Impl(std::string_view password, UnsignedStringView salt, int iterations, TagType) -> UnsignedString {
constexpr auto Size = GetDataForTag(TagType{}).second;
constexpr auto F = GetDataForTag(TagType{}).first;
UnsignedString response;
response.resize(Size);
PKCS5_PBKDF2_HMAC(password.data(), password.length(), salt.data(), salt.size(), iterations, F(), Size, response.data()); // NOLINT
return response;
}
inline auto ToCharStringView(std::ranges::range auto& str) -> std::string_view {
return {new(&*str.begin()) char[str.size()], str.size()};
}
inline auto ToUnsignedCharStringView(std::ranges::range auto& str) -> UnsignedStringView {
return {new(str.data()) unsigned char[str.size()], str.size()};
}
template <typename TagType>
inline auto GenerateAuthScramMessageImpl(std::string_view password,
std::string salt,
std::string_view serverNonce,
std::string_view firstServerMessage,
std::string_view initialMessage,
int iterations,
TagType tag) -> std::string {
auto clientFinalMessageBare = std::format("c=biws,r={}", serverNonce);
auto saltedPassword = Pbkdf2Impl(password, ToUnsignedCharStringView(salt), iterations, tag);
std::string clientKeyStr = "Client Key"; // NOLINT
auto clientKey = HmacImpl(ToCharStringView(saltedPassword), ToUnsignedCharStringView(clientKeyStr), tag);
auto storedKey = HashImpl(clientKey, tag);
auto authMessage = std::format("{},{},{}", initialMessage, firstServerMessage, clientFinalMessageBare);
auto clientSignature = HmacImpl(ToCharStringView(storedKey), ToUnsignedCharStringView(authMessage), tag);
auto clientProof = std::views::iota(std::size_t{}, clientKey.size()) | // No std::views::enumerate in libc++
std::views::transform([&](auto i) {
return clientKey[i] ^ clientSignature[i];
}) |
std::ranges::to<std::string>();
std::string serverKeyStr = "Server Key";
auto serverKey = HmacImpl(ToCharStringView(saltedPassword), ToUnsignedCharStringView(serverKeyStr), tag);
auto serverSignature = HmacImpl(ToCharStringView(serverKey), ToUnsignedCharStringView(authMessage), tag);
return std::format("{},p={}", clientFinalMessageBare, EncodeBase64(ToCharStringView(clientProof)));
}
namespace sha512sum {
auto Pbdkf2(std::string_view password, UnsignedStringView salt, int iterations, EncryptionTag tag) -> UnsignedString {
return Pbkdf2Impl(password, salt, iterations, tag);
}
auto Hash(UnsignedStringView data, EncryptionTag tag) -> UnsignedString {
return HashImpl(data, tag);
}
auto Hmac(std::string_view key, UnsignedStringView message, EncryptionTag tag) -> UnsignedString {
return HmacImpl(key, message, tag);
}
auto GenerateScramAuthMessage(std::string_view password,
std::string salt,
std::string_view serverNonce,
std::string_view firstServerMessage,
std::string_view initialMessage,
int iterations,
EncryptionTag tag) -> std::string {
return GenerateAuthScramMessageImpl(password, std::move(salt), serverNonce, firstServerMessage, initialMessage, iterations, tag);
}
} // namespace sha512sum
namespace sha256sum {
auto Pbdkf2(std::string_view password, UnsignedStringView salt, int iterations, EncryptionTag tag) -> UnsignedString {
return Pbkdf2Impl(password, salt, iterations, tag);
}
auto Hash(UnsignedStringView data, EncryptionTag tag) -> UnsignedString {
return HashImpl(data, tag);
}
auto Hmac(std::string_view key, UnsignedStringView message, EncryptionTag tag) -> UnsignedString {
return HmacImpl(key, message, tag);
}
auto GenerateScramAuthMessage(std::string_view password,
std::string salt,
std::string_view serverNonce,
std::string_view firstServerMessage,
std::string_view initialMessage,
int iterations,
EncryptionTag tag) -> std::string {
return GenerateAuthScramMessageImpl(password, std::move(salt), serverNonce, firstServerMessage, initialMessage, iterations, tag);
}
} // namespace sha256sum
namespace sha1sum {
auto Pbdkf2(std::string_view password, UnsignedStringView salt, int iterations, EncryptionTag tag) -> UnsignedString {
return Pbkdf2Impl(password, salt, iterations, tag);
}
auto Hash(UnsignedStringView data, EncryptionTag tag) -> UnsignedString {
return HashImpl(data, tag);
}
auto Hmac(std::string_view key, UnsignedStringView message, EncryptionTag tag) -> UnsignedString {
return HmacImpl(key, message, tag);
}
auto GenerateScramAuthMessage(std::string_view password,
std::string salt,
std::string_view serverNonce,
std::string_view firstServerMessage,
std::string_view initialMessage,
int iterations,
EncryptionTag tag) -> std::string {
return GenerateAuthScramMessageImpl(password, std::move(salt), serverNonce, firstServerMessage, initialMessage, iterations, tag);
}
} // namespace sha1sum
} // namespace larra::xmpp
Reference in a new issue Copy permalink