Home Explore Help
Register Sign In
hebinlong
/
aria2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: release-1.
Branches Tags
aria2
/
src
/
util_security.h

util_security.h 8.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 
  1. /* <!-- copyright */
    2. 

  2. /*
    3. 

  3.  * aria2 - The high speed download utility
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2014 Nils Maier
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * This program is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
    20. 

  20.  *
    21. 

  21.  * In addition, as a special exception, the copyright holders give
    22. 

  22.  * permission to link the code of portions of this program with the
    23. 

  23.  * OpenSSL library under certain conditions as described in each
    24. 

  24.  * individual source file, and distribute linked combinations
    25. 

  25.  * including the two.
    26. 

  26.  * You must obey the GNU General Public License in all respects
    27. 

  27.  * for all of the code used other than OpenSSL.  If you modify
    28. 

  28.  * file(s) with this exception, you may extend this exception to your
    29. 

  29.  * version of the file(s), but you are not obligated to do so.  If you
    30. 

  30.  * do not wish to do so, delete this exception statement from your
    31. 

  31.  * version.  If you delete this exception statement from all source
    32. 

  32.  * files in the program, then also delete it here.
    33. 

  33.  */
    34. 

  34. /* copyright --> */
    35. 

  35. 

  36. #ifndef D_UTIL_SECURITY_H
    37. 

  37. #define D_UTIL_SECURITY_H
    38. 

  38. 

  39. #include "common.h"
    40. 

  40. 

  41. #include <string>
    42. 

  42. #include <stdexcept>
    43. 

  43. 

  44. #include "a2functional.h"
    45. 

  45. #include "MessageDigest.h"
    46. 

  46. 

  47. namespace aria2 {
    48. 

  48. namespace util {
    49. 

  49. namespace security {
    50. 

  50. 

  51. /**
    52. 

  52.  * Compare to bytes in constant time.
    53. 

  53.  *
    54. 

  54.  * @param a First byte.
    55. 

  55.  * @param b Second byte.
    56. 

  56.  * @return True, if both match, false otherwise.
    57. 

  57.  */
    58. 

  58. bool compare(const uint8_t a, const uint8_t b);
    59. 

  59. 

  60. /**
    61. 

  61.  * Compare two byte arrays in constant time. The arrays must have the same
    62. 

  62.  * length!
    63. 

  63.  *
    64. 

  64.  * @param a First byte array.
    65. 

  65.  * @param b Second byte array.
    66. 

  66.  * @return True, if both match, false otherwise.
    67. 

  67.  */
    68. 

  68. bool compare(const uint8_t* a, const uint8_t* b, size_t length);
    69. 

  69. inline bool compare(const char* a, const char* b, size_t length)
    70. 

  70. {
    71. 

  71.   return compare(reinterpret_cast<const uint8_t*>(a),
    72. 

  72.                  reinterpret_cast<const uint8_t*>(b), length * sizeof(char));
    73. 

  73. }
    74. 

  74. 

  75. /**
    76. 

  76.  * HMAC Result wrapper. While it is still possible to get the raw result bytes,
    77. 

  77.  * when using this wrapper it is ensured that constant-time comparison is used.
    78. 

  78.  * Also, this wrapper makes it an error to compare results of a different
    79. 

  79.  * length, helping to prevent logic errors either during development, or
    80. 

  80.  * triggering in the wild. Therefore |.getBytes()| use should be avoided.
    81. 

  81.  */
    82. 

  82. class HMACResult {
    83. 

  83. public:
    84. 

  84.   HMACResult(const std::string& result) : result_(result), len_(result.length())
    85. 

  85.   {
    86. 

  86.   }
    87. 

  87. 

  88.   HMACResult(const char* result, size_t length)
    89. 

  89.       : result_(result, length), len_(length)
    90. 

  90.   {
    91. 

  91.   }
    92. 

  92. 

  93.   HMACResult(const HMACResult& other) : result_(other.result_), len_(other.len_)
    94. 

  94.   {
    95. 

  95.   }
    96. 

  96. 

  97.   HMACResult& operator=(const HMACResult& other)
    98. 

  98.   {
    99. 

  99.     result_ = other.result_;
    100. 

  100.     len_ = other.len_;
    101. 

  101.     return *this;
    102. 

  102.   }
    103. 

  103. 

  104.   bool operator==(const HMACResult& other) const
    105. 

  105.   {
    106. 

  106.     if (len_ != other.len_) {
    107. 

  107.       throw std::domain_error("comparing different hmac is undefined");
    108. 

  108.     }
    109. 

  109.     return compare(result_.data(), other.result_.data(), len_);
    110. 

  110.   }
    111. 

  111. 

  112.   bool operator!=(const HMACResult& other) const { return !(*this == other); }
    113. 

  113. 

  114.   size_t length() const { return len_; }
    115. 

  115. 

  116.   const std::string& getBytes() const { return result_; }
    117. 

  117. 

  118. private:
    119. 

  119.   std::string result_;
    120. 

  120.   size_t len_;
    121. 

  121. };
    122. 

  122. 

  123. /**
    124. 

  124.  * Implements HMAC-SHA* per RFC 6234. It supports the same cryptographic hash
    125. 

  125.  * algorithms that MessageDigest supports, but at most the SHA-1, SHA-2
    126. 

  126.  * algorithms as specified in the RFC.
    127. 

  127.  */
    128. 

  128. class HMAC {
    129. 

  129. public:
    130. 

  130.   /**
    131. 

  131.    * Constructs a new HMAC. It is recommended to use the |create| or
    132. 

  132.    * |createRandom| factory methods instead.
    133. 

  133.    *
    134. 

  134.    * @see create
    135. 

  135.    * @see createRandom
    136. 

  136.    */
    137. 

  137.   HMAC(const std::string& algorithm, const char* secret, size_t length);
    138. 

  138. 

  139.   /**
    140. 

  140.    * Creates a new instance using the specified algorithm and secret.
    141. 

  141.    */
    142. 

  142.   static std::unique_ptr<HMAC> create(const std::string& algorithm,
    143. 

  143.                                       const std::string& secret)
    144. 

  144.   {
    145. 

  145.     return create(algorithm, secret.data(), secret.length());
    146. 

  146.   }
    147. 

  147. 

  148.   /**
    149. 

  149.    * Creates a new instance using the specified algorithm and secret.
    150. 

  150.    */
    151. 

  151.   static std::unique_ptr<HMAC> create(const std::string& algorithm,
    152. 

  152.                                       const char* secret, size_t length)
    153. 

  153.   {
    154. 

  154.     if (!supports(algorithm)) {
    155. 

  155.       return nullptr;
    156. 

  156.     }
    157. 

  157.     return make_unique<HMAC>(algorithm, secret, length);
    158. 

  158.   }
    159. 

  159. 

  160.   /**
    161. 

  161.    * Creates a new instance using sha-1 and the specified secret.
    162. 

  162.    */
    163. 

  163.   static std::unique_ptr<HMAC> create(const std::string& secret)
    164. 

  164.   {
    165. 

  165.     return create("sha-1", secret.data(), secret.length());
    166. 

  166.   }
    167. 

  167. 

  168.   /**
    169. 

  169.    * Creates a new instance using sha-1 and the specified secret.
    170. 

  170.    */
    171. 

  171.   static std::unique_ptr<HMAC> create(const char* secret, size_t length)
    172. 

  172.   {
    173. 

  173.     return create("sha-1", secret, length);
    174. 

  174.   }
    175. 

  175. 

  176.   /**
    177. 

  177.    * Creates a new instance using the specified algorithm and a random secret.
    178. 

  178.    */
    179. 

  179.   static std::unique_ptr<HMAC> createRandom(const std::string& algorithm);
    180. 

  180. 

  181.   /**
    182. 

  182.    * Creates a new instance using sha-1 and a random secret.
    183. 

  183.    */
    184. 

  184.   static std::unique_ptr<HMAC> createRandom() { return createRandom("sha-1"); }
    185. 

  185. 

  186.   /**
    187. 

  187.    * Tells if this implementation supports a specific hash algorithm.
    188. 

  188.    */
    189. 

  189.   static bool supports(const std::string& algorithm);
    190. 

  190. 

  191.   /**
    192. 

  192.    * Tells the length in bytes of the resulting HMAC.
    193. 

  193.    */
    194. 

  194.   size_t length() const { return md_->getDigestLength(); }
    195. 

  195. 

  196.   /**
    197. 

  197.    * Resets the instance, clearing the internal state. The instance can be
    198. 

  198.    * re-used afterwards.
    199. 

  199.    */
    200. 

  200.   void reset()
    201. 

  201.   {
    202. 

  202.     if (clean_) {
    203. 

  203.       return;
    204. 

  204.     }
    205. 

  205.     md_->reset();
    206. 

  206.     md_->update(ipad_.data(), ipad_.length());
    207. 

  207.     clean_ = true;
    208. 

  208.   }
    209. 

  209. 

  210.   /**
    211. 

  211.    * Updates the HMAC with new message data.
    212. 

  212.    */
    213. 

  213.   void update(const std::string& data)
    214. 

  214.   {
    215. 

  215.     md_->update(data.data(), data.length());
    216. 

  216.     clean_ = false;
    217. 

  217.   }
    218. 

  218. 

  219.   /**
    220. 

  220.    * Updates the HMAC with new message data.
    221. 

  221.    */
    222. 

  222.   void update(const char* data, size_t length)
    223. 

  223.   {
    224. 

  224.     md_->update(data, length);
    225. 

  225.     clean_ = false;
    226. 

  226.   }
    227. 

  227. 

  228.   /**
    229. 

  229.    * Returns the result. This can only be called once. After the call the
    230. 

  230.    * internal state is reset and new HMACs can be computed with the same
    231. 

  231.    * instance.
    232. 

  232.    */
    233. 

  233.   HMACResult getResult()
    234. 

  234.   {
    235. 

  235.     auto rv = md_->digest();
    236. 

  236.     md_->reset();
    237. 

  237.     md_->update(opad_.data(), opad_.length());
    238. 

  238.     md_->update(rv.data(), rv.length());
    239. 

  239.     rv = md_->digest();
    240. 

  240.     clean_ = false;
    241. 

  241.     reset();
    242. 

  242.     return HMACResult(rv);
    243. 

  243.   }
    244. 

  244. 

  245.   /**
    246. 

  246.    * Returns the resulting HMAC of string in one go. You cannot mix call to this
    247. 

  247.    * method with calls to update.
    248. 

  248.    */
    249. 

  249.   HMACResult getResult(const std::string& str)
    250. 

  250.   {
    251. 

  251.     reset();
    252. 

  252.     update(str);
    253. 

  253.     return getResult();
    254. 

  254.   }
    255. 

  255. 

  256.   /**
    257. 

  257.    * Returns the resulting HMAC of string in one go. You cannot mix call to this
    258. 

  258.    * method with calls to update.
    259. 

  259.    */
    260. 

  260.   HMACResult getResult(const char* data, size_t len)
    261. 

  261.   {
    262. 

  262.     reset();
    263. 

  263.     update(data, len);
    264. 

  264.     return getResult();
    265. 

  265.   }
    266. 

  266. 

  267. private:
    268. 

  268.   const size_t blockSize_;
    269. 

  269.   std::unique_ptr<MessageDigest> md_;
    270. 

  270.   std::string ipad_, opad_;
    271. 

  271.   bool clean_;
    272. 

  272. };
    273. 

  273. 

  274. /**
    275. 

  275.  * Create A PKBDF2-HMAC. See RFC 2898.
    276. 

  276.  *
    277. 

  277.  * Example:
    278. 

  278.  *   result = PBKDF2(HMAC::create("password"), random_salt, salt_len, 1000);
    279. 

  279.  */
    280. 

  280. HMACResult PBKDF2(HMAC* hmac, const char* salt, size_t salt_length,
    281. 

  281.                   size_t iterations, size_t key_length = 0);
    282. 

  282. 

  283. /**
    284. 

  284.  * Create A PKBDF2-HMAC. See RFC 2898.
    285. 

  285.  *
    286. 

  286.  * Example:
    287. 

  287.  *   result = PBKDF2(HMAC::create("password"), random_salt, 1000);
    288. 

  288.  */
    289. 

  289. inline HMACResult PBKDF2(HMAC* hmac, const std::string& salt, size_t iterations,
    290. 

  290.                          size_t key_length = 0)
    291. 

  291. {
    292. 

  292.   return PBKDF2(hmac, salt.data(), salt.length(), iterations, key_length);
    293. 

  293. }
    294. 

  294. 

  295. } // namespace security
    296. 

  296. } // namespace util
    297. 

  297. } // namespace aria2
    298. 

  298. 

  299. #endif // D_UTIL_SECURITY_H
    300.