1 /*
2 ** Copyright (c) 2008 - present, Alexis Megas.
3 ** All rights reserved.
4 **
5 ** Redistribution and use in source and binary forms, with or without
6 ** modification, are permitted provided that the following conditions
7 ** are met:
8 ** 1. Redistributions of source code must retain the above copyright
9 ** notice, this list of conditions and the following disclaimer.
10 ** 2. Redistributions in binary form must reproduce the above copyright
11 ** notice, this list of conditions and the following disclaimer in the
12 ** documentation and/or other materials provided with the distribution.
13 ** 3. The name of the author may not be used to endorse or promote products
14 ** derived from Dooble without specific prior written permission.
15 **
16 ** DOOBLE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 ** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 ** OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 ** IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 ** INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 ** NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 ** DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 ** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 ** DOOBLE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include <QCryptographicHash>
29
30 #ifndef Q_OS_WIN
31 extern "C"
32 {
33 #include <sys/mman.h>
34 }
35 #endif
36
37 #include "dooble_aes256.h"
38 #include "dooble_cryptography.h"
39 #include "dooble_hmac.h"
40 #include "dooble_random.h"
41 #include "dooble_threefish256.h"
42
43 int dooble_cryptography::s_authentication_key_length = 64;
44 int dooble_cryptography::s_encryption_key_length = 32;
45
dooble_cryptography(const QByteArray & authentication_key,const QByteArray & encryption_key,const QString & block_cipher_type,const QString & hash_type)46 dooble_cryptography::dooble_cryptography
47 (const QByteArray &authentication_key,
48 const QByteArray &encryption_key,
49 const QString &block_cipher_type,
50 const QString &hash_type):QObject()
51 {
52 m_as_plaintext = false;
53 m_authenticated = false;
54 m_authentication_key = authentication_key;
55 m_block_cipher_type = block_cipher_type.toLower().trimmed();
56 m_encryption_key = encryption_key;
57
58 if(hash_type.toLower().trimmed() == "keccak-512")
59 m_hash_type = dooble_cryptography::HashTypes::KECCAK_512;
60 else
61 m_hash_type = dooble_cryptography::HashTypes::SHA3_512;
62
63 if(m_authentication_key.isEmpty() || m_encryption_key.isEmpty())
64 {
65 m_as_plaintext = true;
66 m_authenticated = true;
67 m_authentication_key.clear();
68 m_encryption_key.clear();
69 }
70 #ifdef DOOBLE_MMAN_PRESENT
71 else
72 {
73 mlock(m_authentication_key.constData(),
74 static_cast<size_t> (m_authentication_key.length()));
75 mlock(m_encryption_key.constData(),
76 static_cast<size_t> (m_encryption_key.length()));
77 }
78 #endif
79 }
80
dooble_cryptography(const QString & block_cipher_type,const QString & hash_type)81 dooble_cryptography::dooble_cryptography(const QString &block_cipher_type,
82 const QString &hash_type):QObject()
83 {
84 m_as_plaintext = false;
85 m_authenticated = false;
86 m_authentication_key = dooble_random::random_bytes
87 (s_authentication_key_length);
88 m_block_cipher_type = block_cipher_type.toLower().trimmed();
89 m_encryption_key = dooble_random::random_bytes(s_encryption_key_length);
90
91 if(hash_type.toLower().trimmed() == "keccak-512")
92 m_hash_type = dooble_cryptography::HashTypes::KECCAK_512;
93 else
94 m_hash_type = dooble_cryptography::HashTypes::SHA3_512;
95
96 #ifdef DOOBLE_MMAN_PRESENT
97 mlock(m_authentication_key.constData(),
98 static_cast<size_t> (m_authentication_key.length()));
99 mlock(m_encryption_key.constData(),
100 static_cast<size_t> (m_encryption_key.length()));
101 #endif
102 }
103
~dooble_cryptography()104 dooble_cryptography::~dooble_cryptography()
105 {
106 memzero(m_authentication_key);
107 memzero(m_encryption_key);
108 #ifdef DOOBLE_MMAN_PRESENT
109 munlock(m_authentication_key.constData(),
110 static_cast<size_t> (m_authentication_key.length()));
111 munlock(m_encryption_key.constData(),
112 static_cast<size_t> (m_encryption_key.length()));
113 #endif
114 }
115
encrypt_then_mac(const QByteArray & data) const116 QByteArray dooble_cryptography::encrypt_then_mac(const QByteArray &data) const
117 {
118 if(m_as_plaintext)
119 return data;
120
121 QByteArray bytes;
122
123 if(m_block_cipher_type == "aes-256")
124 {
125 dooble_aes256 aes(m_encryption_key);
126
127 bytes = aes.encrypt(data);
128 }
129 else
130 {
131 dooble_threefish256 threefish(m_encryption_key);
132
133 threefish.set_tweak("76543210fedcba98", nullptr);
134 bytes = threefish.encrypt(data);
135 }
136
137 if(!bytes.isEmpty())
138 bytes.prepend(hmac(bytes));
139
140 return bytes;
141 }
142
hmac(const QByteArray & message) const143 QByteArray dooble_cryptography::hmac(const QByteArray &message) const
144 {
145 if(m_as_plaintext)
146 return message;
147 else
148 {
149 switch(m_hash_type)
150 {
151 case dooble_cryptography::HashTypes::KECCAK_512:
152 return dooble_hmac::keccak_512_hmac(m_authentication_key, message);
153 default:
154 return dooble_hmac::sha3_512_hmac(m_authentication_key, message);
155 }
156 }
157 }
158
hmac(const QString & message) const159 QByteArray dooble_cryptography::hmac(const QString &message) const
160 {
161 if(m_as_plaintext)
162 return message.toUtf8();
163 else
164 {
165 switch(m_hash_type)
166 {
167 case dooble_cryptography::HashTypes::KECCAK_512:
168 return dooble_hmac::keccak_512_hmac
169 (m_authentication_key, message.toUtf8());
170 default:
171 return dooble_hmac::sha3_512_hmac
172 (m_authentication_key, message.toUtf8());
173 }
174 }
175 }
176
mac_then_decrypt(const QByteArray & data) const177 QByteArray dooble_cryptography::mac_then_decrypt(const QByteArray &data) const
178 {
179 if(m_as_plaintext)
180 return data;
181
182 QByteArray computed_mac;
183 auto mac(data.mid(0, dooble_hmac::preferred_output_size_in_bytes()));
184
185 computed_mac = hmac(data.mid(dooble_hmac::preferred_output_size_in_bytes()));
186
187 if(!computed_mac.isEmpty() && !mac.isEmpty() &&
188 dooble_cryptography::memcmp(computed_mac, mac))
189 {
190 if(m_block_cipher_type == "aes-256")
191 {
192 dooble_aes256 aes(m_encryption_key);
193
194 return aes.decrypt
195 (data.mid(dooble_hmac::preferred_output_size_in_bytes()));
196 }
197 else
198 {
199 dooble_threefish256 threefish(m_encryption_key);
200
201 threefish.set_tweak("76543210fedcba98", nullptr);
202 return threefish.decrypt
203 (data.mid(dooble_hmac::preferred_output_size_in_bytes()));
204 }
205 }
206
207 return data;
208 }
209
keys(void) const210 QPair<QByteArray, QByteArray> dooble_cryptography::keys(void) const
211 {
212 return QPair<QByteArray, QByteArray> (m_authentication_key, m_encryption_key);
213 }
214
as_plaintext(void) const215 bool dooble_cryptography::as_plaintext(void) const
216 {
217 return m_as_plaintext;
218 }
219
authenticated(void) const220 bool dooble_cryptography::authenticated(void) const
221 {
222 return m_authenticated;
223 }
224
memcmp(const QByteArray & a,const QByteArray & b)225 bool dooble_cryptography::memcmp(const QByteArray &a, const QByteArray &b)
226 {
227 QByteArray c1;
228 QByteArray c2;
229 auto length = qMax(a.length(), b.length());
230 quint64 rc = 0;
231
232 c1 = a.leftJustified(length, 0);
233 c2 = b.leftJustified(length, 0);
234
235 for(int i = 0; i < length; i++)
236 rc |= static_cast<quint64> (c1[i]) ^ static_cast<quint64> (c2[i]);
237
238 return rc == 0;
239 }
240
authenticate(const QByteArray & salt,const QByteArray & salted_password,const QString & password)241 void dooble_cryptography::authenticate(const QByteArray &salt,
242 const QByteArray &salted_password,
243 const QString &password)
244 {
245 QByteArray hash;
246
247 switch(m_hash_type)
248 {
249 case dooble_cryptography::HashTypes::KECCAK_512:
250 {
251 hash = QCryptographicHash::hash
252 (password.toUtf8() + salt, QCryptographicHash::Keccak_512);
253 break;
254 }
255 default:
256 {
257 hash = QCryptographicHash::hash
258 (password.toUtf8() + salt, QCryptographicHash::Sha3_512);
259 break;
260 }
261 }
262
263 m_authenticated = dooble_cryptography::memcmp(hash, salted_password);
264 }
265
memzero(QByteArray & bytes)266 void dooble_cryptography::memzero(QByteArray &bytes)
267 {
268 for(auto &&byte : bytes)
269 byte = 0;
270 }
271
memzero(QString & text)272 void dooble_cryptography::memzero(QString &text)
273 {
274 for(auto &&i : text)
275 i = QChar(0);
276 }
277
set_authenticated(bool state)278 void dooble_cryptography::set_authenticated(bool state)
279 {
280 m_authenticated = state;
281 }
282
set_block_cipher_type(const QString & block_cipher_type_index)283 void dooble_cryptography::set_block_cipher_type
284 (const QString &block_cipher_type_index)
285 {
286 m_block_cipher_type = block_cipher_type_index.toLower().trimmed();
287 }
288
set_hash_type(const QString & hash_type)289 void dooble_cryptography::set_hash_type(const QString &hash_type)
290 {
291 if(hash_type.toLower().trimmed() == "keccak-512")
292 m_hash_type = dooble_cryptography::HashTypes::KECCAK_512;
293 else
294 m_hash_type = dooble_cryptography::HashTypes::SHA3_512;
295 }
296
set_keys(const QByteArray & authentication_key,const QByteArray & encryption_key)297 void dooble_cryptography::set_keys(const QByteArray &authentication_key,
298 const QByteArray &encryption_key)
299 {
300 #ifdef DOOBLE_MMAN_PRESENT
301 munlock(m_authentication_key.constData(),
302 static_cast<size_t> (m_authentication_key.length()));
303 munlock(m_encryption_key.constData(),
304 static_cast<size_t> (m_encryption_key.length()));
305 #endif
306 m_authentication_key = authentication_key;
307 m_encryption_key = encryption_key;
308
309 if(m_authentication_key.isEmpty() || m_encryption_key.isEmpty())
310 {
311 m_as_plaintext = true;
312 m_authenticated = true;
313 m_authentication_key.clear();
314 m_encryption_key.clear();
315 }
316 else
317 {
318 m_as_plaintext = false;
319 #ifdef DOOBLE_MMAN_PRESENT
320 mlock(m_authentication_key.constData(),
321 static_cast<size_t> (m_authentication_key.length()));
322 mlock(m_encryption_key.constData(),
323 static_cast<size_t> (m_encryption_key.length()));
324 #endif
325 }
326 }
327