43std::string
encrypt(
const uint8_t input[],
size_t input_len,
44 const std::string& passphrase,
55 for(
size_t i = 0; i != VERSION_CODE_LEN; ++i)
56 out_buf[i] =
get_byte(i, CRYPTOBOX_VERSION_CODE);
57 rng.
randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
60 copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
67 CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN,
69 &out_buf[VERSION_CODE_LEN],
73 const uint8_t* mk = master_key.
begin();
74 const uint8_t* cipher_key = mk;
75 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
76 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
80 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
81 ctr->start(iv, CIPHER_IV_LEN);
82 ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN);
84 std::unique_ptr<MessageAuthenticationCode> hmac =
86 hmac->set_key(mac_key, MAC_KEY_LEN);
88 hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
92 copy_mem(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], mac.data(), MAC_OUTPUT_LEN);
99 const std::string& passphrase)
104 "BOTAN CRYPTOBOX MESSAGE");
106 if(ciphertext.size() < CRYPTOBOX_HEADER_LEN)
109 for(
size_t i = 0; i != VERSION_CODE_LEN; ++i)
110 if(ciphertext[i] !=
get_byte(i, CRYPTOBOX_VERSION_CODE))
113 const uint8_t* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];
114 const uint8_t* box_mac = &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN];
125 const uint8_t* mk = master_key.
begin();
126 const uint8_t* cipher_key = mk;
127 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
128 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
131 std::unique_ptr<MessageAuthenticationCode> hmac =
133 hmac->set_key(mac_key, MAC_KEY_LEN);
135 if(ciphertext.size() > CRYPTOBOX_HEADER_LEN)
137 hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN],
138 ciphertext.size() - CRYPTOBOX_HEADER_LEN);
146 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
147 ctr->start(iv, CIPHER_IV_LEN);
148 ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN);
150 ciphertext.erase(ciphertext.begin(), ciphertext.begin() + CRYPTOBOX_HEADER_LEN);