本文整理汇总了C++中SymmetricKey::length方法的典型用法代码示例。如果您正苦于以下问题:C++ SymmetricKey::length方法的具体用法?C++ SymmetricKey::length怎么用?C++ SymmetricKey::length使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SymmetricKey的用法示例。
在下文中一共展示了SymmetricKey::length方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: set_key
void XTS_Decryption::set_key(const SymmetricKey& key)
{
u32bit key_half = key.length() / 2;
if(key.length() % 2 == 1 || !cipher->valid_keylength(key_half))
throw Invalid_Key_Length(name(), key.length());
cipher->set_key(key.begin(), key_half);
cipher2->set_key(key.begin() + key_half, key_half);
}示例2: key_agreement
bool ne7ssh_crypt::makeKexSecret (Botan::SecureVector<Botan::byte> &result, Botan::BigInt &f)
{
PK_Key_Agreement key_agreement(*privKexKey, "Raw");
SymmetricKey negotiated = key_agreement.derive_key(32, (byte*)f.data(), f.bytes(), "");
// SymmetricKey negotiated = privKexKey->derive_key (f);
if (!negotiated.length()) return false;
BigInt Kint (negotiated.begin(), negotiated.length());
ne7ssh_string::bn2vector(result, Kint);
K = Botan::SecureVector<Botan::byte>(result);
delete privKexKey;
privKexKey = 0;
return true;
} 示例3: set_key
void Transform_Filter::set_key(const SymmetricKey& key)
{
if(Keyed_Transform* keyed = dynamic_cast<Keyed_Transform*>(m_transform.get()))
keyed->set_key(key);
else if(key.length() != 0)
throw std::runtime_error("Transform " + name() + " does not accept keys");
}示例4: sendNewKeysPacket
void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
const QByteArray &clientId)
{
const SshKeyExchangeReply &reply
= dhReply.extractKeyExchangeReply(m_serverHostKeyAlgo);
if (reply.f <= 0 || reply.f >= m_dhKey->group_p()) {
throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
"Server sent invalid f.");
}
QByteArray concatenatedData = AbstractSshPacket::encodeString(clientId);
concatenatedData += AbstractSshPacket::encodeString(m_serverId);
concatenatedData += AbstractSshPacket::encodeString(m_clientKexInitPayload);
concatenatedData += AbstractSshPacket::encodeString(m_serverKexInitPayload);
concatenatedData += reply.k_s;
concatenatedData += AbstractSshPacket::encodeMpInt(m_dhKey->get_y());
concatenatedData += AbstractSshPacket::encodeMpInt(reply.f);
SymmetricKey k = m_dhKey->derive_key(reply.f);
m_k = AbstractSshPacket::encodeMpInt(BigInt(k.begin(), k.length()));
concatenatedData += m_k;
m_hash.reset(get_hash(botanSha1Name()));
const SecureVector<byte> &hashResult
= m_hash->process(convertByteArray(concatenatedData),
concatenatedData.size());
m_h = convertByteArray(hashResult);
QScopedPointer<Public_Key> sigKey;
QScopedPointer<PK_Verifier> verifier;
if (m_serverHostKeyAlgo == SshCapabilities::PubKeyDss) {
const DL_Group group(reply.parameters.at(0), reply.parameters.at(1),
reply.parameters.at(2));
DSA_PublicKey * const dsaKey
= new DSA_PublicKey(group, reply.parameters.at(3));
sigKey.reset(dsaKey);
verifier.reset(get_pk_verifier(*dsaKey,
botanEmsaAlgoName(SshCapabilities::PubKeyDss)));
} else if (m_serverHostKeyAlgo == SshCapabilities::PubKeyRsa) {
RSA_PublicKey * const rsaKey
= new RSA_PublicKey(reply.parameters.at(1), reply.parameters.at(0));
sigKey.reset(rsaKey);
verifier.reset(get_pk_verifier(*rsaKey,
botanEmsaAlgoName(SshCapabilities::PubKeyRsa)));
} else {
Q_ASSERT(!"Impossible: Neither DSS nor RSA!");
}
const byte * const botanH = convertByteArray(m_h);
const Botan::byte * const botanSig
= convertByteArray(reply.signatureBlob);
if (!verifier->verify_message(botanH, m_h.size(), botanSig,
reply.signatureBlob.size())) {
throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
"Invalid signature in SSH_MSG_KEXDH_REPLY packet.");
}
m_sendFacility.sendNewKeysPacket();
}示例5: invalid_argument
SecureVector<byte> rfc3394_keyunwrap(const MemoryRegion<byte>& key,
const SymmetricKey& kek,
Algorithm_Factory& af)
{
if(key.size() < 16 || key.size() % 8 != 0)
throw std::invalid_argument("Bad input key size for NIST key unwrap");
std::auto_ptr<BlockCipher> aes(make_aes(kek.length(), af));
aes->set_key(kek);
const size_t n = (key.size() - 8) / 8;
SecureVector<byte> R(n * 8);
SecureVector<byte> A(16);
for(size_t i = 0; i != 8; ++i)
A[i] = key[i];
copy_mem(&R[0], key.begin() + 8, key.size() - 8);
for(size_t j = 0; j <= 5; ++j)
{
for(size_t i = n; i != 0; --i)
{
const u32bit t = (5 - j) * n + i;
byte t_buf[4] = { 0 };
store_be(t, t_buf);
xor_buf(&A[4], &t_buf[0], 4);
copy_mem(&A[8], &R[8*(i-1)], 8);
aes->decrypt(&A[0]);
copy_mem(&R[8*(i-1)], &A[8], 8);
}
}
if(load_be<u64bit>(&A[0], 0) != 0xA6A6A6A6A6A6A6A6)
throw Integrity_Failure("NIST key unwrap failed");
return R;
}示例6: reader
/*
* Create a new Client Key Exchange message
*/
Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
Handshake_State& state,
const Policy& policy,
Credentials_Manager& creds,
const Public_Key* server_public_key,
const std::string& hostname,
RandomNumberGenerator& rng)
{
const std::string kex_algo = state.ciphersuite().kex_algo();
if(kex_algo == "PSK")
{
std::string identity_hint = "";
if(state.server_kex())
{
TLS_Data_Reader reader("ClientKeyExchange", state.server_kex()->params());
identity_hint = reader.get_string(2, 0, 65535);
}
const std::string psk_identity = creds.psk_identity("tls-client",
hostname,
identity_hint);
append_tls_length_value(m_key_material, psk_identity, 2);
SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity);
std::vector<byte> zeros(psk.length());
append_tls_length_value(m_pre_master, zeros, 2);
append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
else if(state.server_kex())
{
TLS_Data_Reader reader("ClientKeyExchange", state.server_kex()->params());
SymmetricKey psk;
if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
{
std::string identity_hint = reader.get_string(2, 0, 65535);
const std::string psk_identity = creds.psk_identity("tls-client",
hostname,
identity_hint);
append_tls_length_value(m_key_material, psk_identity, 2);
psk = creds.psk("tls-client", hostname, psk_identity);
}
if(kex_algo == "DH" || kex_algo == "DHE_PSK")
{
BigInt p = BigInt::decode(reader.get_range<byte>(2, 1, 65535));
BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535));
BigInt Y = BigInt::decode(reader.get_range<byte>(2, 1, 65535));
if(reader.remaining_bytes())
throw Decoding_Error("Bad params size for DH key exchange");
if(p.bits() < policy.minimum_dh_group_size())
throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
"Server sent DH group of " +
std::to_string(p.bits()) +
" bits, policy requires at least " +
std::to_string(policy.minimum_dh_group_size()));
/*
* A basic check for key validity. As we do not know q here we
* cannot check that Y is in the right subgroup. However since
* our key is ephemeral there does not seem to be any
* advantage to bogus keys anyway.
*/
if(Y <= 1 || Y >= p - 1)
throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
"Server sent bad DH key for DHE exchange");
DL_Group group(p, g);
if(!group.verify_group(rng, false))
throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
"DH group validation failed");
DH_PublicKey counterparty_key(group, Y);
DH_PrivateKey priv_key(rng, group);
PK_Key_Agreement ka(priv_key, "Raw");
secure_vector<byte> dh_secret = CT::strip_leading_zeros(
ka.derive_key(0, counterparty_key.public_value()).bits_of());
if(kex_algo == "DH")
m_pre_master = dh_secret;
else
{
//.........这里部分代码省略.........
示例7: Internal_Error
/*
* Read a Client Key Exchange message
*/
Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
const Handshake_State& state,
const Private_Key* server_rsa_kex_key,
Credentials_Manager& creds,
const Policy& policy,
RandomNumberGenerator& rng)
{
const std::string kex_algo = state.ciphersuite().kex_algo();
if(kex_algo == "RSA")
{
BOTAN_ASSERT(state.server_certs() && !state.server_certs()->cert_chain().empty(),
"RSA key exchange negotiated so server sent a certificate");
if(!server_rsa_kex_key)
throw Internal_Error("Expected RSA kex but no server kex key set");
if(!dynamic_cast<const RSA_PrivateKey*>(server_rsa_kex_key))
throw Internal_Error("Expected RSA key but got " + server_rsa_kex_key->algo_name());
PK_Decryptor_EME decryptor(*server_rsa_kex_key, "PKCS1v15");
Protocol_Version client_version = state.client_hello()->version();
/*
* This is used as the pre-master if RSA decryption fails.
* Otherwise we can be used as an oracle. See Bleichenbacher
* "Chosen Ciphertext Attacks against Protocols Based on RSA
* Encryption Standard PKCS #1", Crypto 98
*
* Create it here instead if in the catch clause as otherwise we
* expose a timing channel WRT the generation of the fake value.
* Some timing channel likely remains due to exception handling
* and the like.
*/
secure_vector<byte> fake_pre_master = rng.random_vec(48);
fake_pre_master[0] = client_version.major_version();
fake_pre_master[1] = client_version.minor_version();
try
{
TLS_Data_Reader reader("ClientKeyExchange", contents);
m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535));
if(m_pre_master.size() != 48 ||
client_version.major_version() != m_pre_master[0] ||
client_version.minor_version() != m_pre_master[1])
{
throw Decoding_Error("Client_Key_Exchange: Secret corrupted");
}
}
catch(...)
{
m_pre_master = fake_pre_master;
}
}
else
{
TLS_Data_Reader reader("ClientKeyExchange", contents);
SymmetricKey psk;
if(kex_algo == "PSK" || kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
{
const std::string psk_identity = reader.get_string(2, 0, 65535);
psk = creds.psk("tls-server",
state.client_hello()->sni_hostname(),
psk_identity);
if(psk.length() == 0)
{
if(policy.hide_unknown_users())
psk = SymmetricKey(rng, 16);
else
throw TLS_Exception(Alert::UNKNOWN_PSK_IDENTITY,
"No PSK for identifier " + psk_identity);
}
}
if(kex_algo == "PSK")
{
std::vector<byte> zeros(psk.length());
append_tls_length_value(m_pre_master, zeros, 2);
append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
#if defined(BOTAN_HAS_SRP6)
else if(kex_algo == "SRP_SHA")
{
SRP6_Server_Session& srp = state.server_kex()->server_srp_params();
m_pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of();
}
#endif
else if(kex_algo == "DH" || kex_algo == "DHE_PSK" ||
kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
{
//.........这里部分代码省略.........