From ee422c513dd1d51f62a2cd9aaa4d9aadb707a51e Mon Sep 17 00:00:00 2001 From: subtly Date: Sat, 25 Jul 2015 05:52:41 -0400 Subject: [PATCH] remove unused code --- libdevcrypto/AES.cpp | 31 -------------------- libdevcrypto/AES.h | 62 +-------------------------------------- libdevcrypto/ECDHE.cpp | 59 ------------------------------------- libdevcrypto/ECDHE.h | 35 ---------------------- test/libdevcrypto/AES.cpp | 12 -------- 5 files changed, 1 insertion(+), 198 deletions(-) diff --git a/libdevcrypto/AES.cpp b/libdevcrypto/AES.cpp index e9edac0d3..bec2ba137 100644 --- a/libdevcrypto/AES.cpp +++ b/libdevcrypto/AES.cpp @@ -25,39 +25,8 @@ using namespace std; using namespace dev; using namespace dev::crypto; -using namespace dev::crypto::aes; using namespace CryptoPP; -struct aes::Aes128Ctr -{ - Aes128Ctr(h128 _k) - { - mode.SetKeyWithIV(_k.data(), sizeof(h128), Nonce::get().data()); - } - CTR_Mode::Encryption mode; -}; - -Stream::Stream(StreamType, h128 _ckey): - m_cSecret(_ckey) -{ - cryptor = new Aes128Ctr(_ckey); -} - -Stream::~Stream() -{ - delete cryptor; -} - -void Stream::update(bytesRef) -{ - -} - -size_t Stream::streamOut(bytes&) -{ - return 0; -} - bytes dev::aesDecrypt(bytesConstRef _ivCipher, std::string const& _password, unsigned _rounds, bytesConstRef _salt) { bytes pw = asBytes(_password); diff --git a/libdevcrypto/AES.h b/libdevcrypto/AES.h index 6aaed6fad..60c6afdf6 100644 --- a/libdevcrypto/AES.h +++ b/libdevcrypto/AES.h @@ -24,71 +24,11 @@ #pragma once -#include #include "Common.h" namespace dev { -namespace crypto -{ -namespace aes -{ - -struct Aes128Ctr; -enum StreamType { Encrypt, Decrypt }; - -/** - * @brief Encrypted stream - */ -class Stream -{ -public: - // streamtype maybe irrelevant w/ctr - Stream(StreamType _t, h128 _ckey); - ~Stream(); - - virtual void update(bytesRef io_bytes); - - /// Move ciphertext to _bytes. - virtual size_t streamOut(bytes& o_bytes); - -private: - Stream(Stream const&) = delete; - Stream& operator=(Stream const&) = delete; - - h128 m_cSecret; - bytes m_text; - - Aes128Ctr* cryptor; -}; - - -/** - * @brief Encrypted stream with inband SHA3 mac at specific interval. - */ -class AuthenticatedStream: public Stream -{ -public: - AuthenticatedStream(StreamType _t, h128 _ckey, h128 _mackey, unsigned _interval): Stream(_t, _ckey), m_macSecret(_mackey) { m_macInterval = _interval; } - - AuthenticatedStream(StreamType _t, Secret const& _s, unsigned _interval): Stream(_t, h128(_s)), m_macSecret(FixedHash<16>((byte const*)_s.data()+16,h128::ConstructFromPointer)) { m_macInterval = _interval; } - - /// Adjust mac interval. Next mac will be xored with value. - void adjustInterval(unsigned _interval) { m_macInterval = _interval; } - - unsigned getMacInterval() { return m_macInterval;} - -private: - AuthenticatedStream(AuthenticatedStream const&) = delete; - AuthenticatedStream& operator=(AuthenticatedStream const&) = delete; - - std::atomic m_macInterval; - h128 m_macSecret; -}; - -} -} bytes aesDecrypt(bytesConstRef _cipher, std::string const& _password, unsigned _rounds = 2000, bytesConstRef _salt = bytesConstRef()); -} +} \ No newline at end of file diff --git a/libdevcrypto/ECDHE.cpp b/libdevcrypto/ECDHE.cpp index f9e55f676..3005d38c1 100644 --- a/libdevcrypto/ECDHE.cpp +++ b/libdevcrypto/ECDHE.cpp @@ -44,62 +44,3 @@ void ECDHE::agree(Public const& _remote, Secret& o_sharedSecret) const s_secp256k1.agree(m_ephemeral.sec(), m_remoteEphemeral, o_sharedSecret); } -void ECDHEKeyExchange::agree(Public const& _remoteEphemeral) -{ - s_secp256k1.agree(m_ephemeral.sec(), _remoteEphemeral, m_ephemeralSecret); -} - -void ECDHEKeyExchange::exchange(bytes& o_exchange) -{ - if (!m_ephemeralSecret) - // didn't agree on public remote - BOOST_THROW_EXCEPTION(InvalidState()); - - // The key exchange payload is in two parts and is encrypted - // using ephemeral keypair. - // - // The first part is the 'prefix' which is a zero-knowledge proof - // allowing the remote to resume or emplace a previous session. - // If a session previously exists: - // prefix is sha3(token) // todo: ephemeral entropy from both sides - // If a session doesn't exist: - // prefix is sha3(m_ephemeralSecret) - // - // The second part is encrypted using the public key which relates to the prefix. - - Public encpk = m_known.first ? m_known.first : m_remoteEphemeral; - bytes exchange(encpk.asBytes()); - - // This is the public key which we would like the remote to use, - // which maybe different than the previously-known public key. - // - // Here we should pick an appropriate alias or generate a new one, - // but for now, we use static alias passed to constructor. - // - Public p = toPublic(m_alias.m_secret); - exchange.resize(exchange.size() + sizeof(p)); - memcpy(&exchange[exchange.size() - sizeof(p)], p.data(), sizeof(p)); - - // protocol parameters; should be fixed size - bytes v(1, 0x80); - exchange.resize(exchange.size() + v.size()); - memcpy(&exchange[exchange.size() - v.size()], v.data(), v.size()); - - h256 auth; - sha3mac(m_alias.m_secret.ref(), m_ephemeralSecret.ref(), auth.ref()); - Signature sig = s_secp256k1.sign(m_alias.m_secret, auth); - exchange.resize(exchange.size() + sizeof(sig)); - memcpy(&exchange[exchange.size() - sizeof(sig)], sig.data(), sizeof(sig)); - - aes::AuthenticatedStream aes(aes::Encrypt, m_ephemeralSecret, 0); - h256 prefix(sha3(m_known.second ? m_known.second : (h256)m_remoteEphemeral)); - aes.update(prefix.ref()); - - s_secp256k1.encrypt(encpk, exchange); - aes.update(&exchange); - - aes.streamOut(o_exchange); -} - - - diff --git a/libdevcrypto/ECDHE.h b/libdevcrypto/ECDHE.h index d3c9ae325..0fd5a8d3f 100644 --- a/libdevcrypto/ECDHE.h +++ b/libdevcrypto/ECDHE.h @@ -38,7 +38,6 @@ using AliasSession = std::pair; */ class Alias { - friend class ECDHEKeyExchange; // todo: remove public: Alias(Secret _s): m_secret(_s) {}; @@ -77,40 +76,6 @@ protected: mutable Public m_remoteEphemeral; ///< Public key of remote; parameter. Set once when agree is called, otherwise immutable. }; -/** - * @brief Secure exchange of static keys. - * Key exchange is encrypted with public key of remote and then encrypted by block cipher. For a blind remote the ecdhe public key is used to encrypt exchange, and for a known remote the known public key is used. The block cipher key is derived from ecdhe shared secret. - * - * Usage: Agree -> Exchange -> Authenticate - */ -class ECDHEKeyExchange: private ECDHE -{ -public: - /// Exchange with unknown remote (pass public key for ingress exchange) - ECDHEKeyExchange(Alias& _k): m_alias(_k) {} - - /// Exchange with known remote - ECDHEKeyExchange(Alias& _k, AliasSession _known): m_alias(_k), m_known(_known) {} - - /// Provide public key for dh agreement to generate shared secret. - void agree(Public const& _remoteEphemeral); - - /// @returns encrypted payload of key exchange - void exchange(bytes& o_exchange); - - /// Decrypt payload, check mac, check trust, decrypt exchange, authenticate exchange, verify version, verify signature, and if no failure occurs, update or creats trust and derive session-shared-secret. - bool authenticate(bytes _exchangeIn); - -private: - Secret m_ephemeralSecret; - Alias m_alias; - AliasSession m_known; - Secret m_sharedAliasSecret; - - FixedHash<16> m_sharedC; - FixedHash<16> m_sharedM; -}; - } } diff --git a/test/libdevcrypto/AES.cpp b/test/libdevcrypto/AES.cpp index 06f0515d6..a8aeb4cd1 100644 --- a/test/libdevcrypto/AES.cpp +++ b/test/libdevcrypto/AES.cpp @@ -75,18 +75,6 @@ BOOST_AUTO_TEST_CASE(AesDecryptFailInvalidSeed2) bytes seed = fromHex("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f"); BOOST_CHECK(bytes() == aesDecrypt(&seed, "test")); } -BOOST_AUTO_TEST_CASE(AuthenticatedStreamConstructor) -{ - cout << "AuthenticatedStreamConstructor" << endl; - - Secret const sec(dev::sha3("test")); - crypto::aes::AuthenticatedStream as(crypto::aes::Encrypt, sec, 0); - BOOST_CHECK(as.getMacInterval() == 0); - as.adjustInterval(1); - BOOST_CHECK(as.getMacInterval() == 1); - crypto::aes::AuthenticatedStream as_mac(crypto::aes::Encrypt, h128(), h128(), 42); - BOOST_CHECK(as_mac.getMacInterval() == 42); -} BOOST_AUTO_TEST_SUITE_END()