crypto.h

#pragma once
 
 
#include <openssl/pem.h>  // For OpenSSL (HASH,MAC, HMAC)
#include <sodium.h>       // For libsodium (DH, DH_GENERATE, (X)ENCRYPT, (X)DECRYPT)
#include <stdexcept>      // Exceptions
#include <cstring>        // For std::string
 
 
namespace crypto {
 
 
  class string {
    private:
 
 
    // We just use a vector under the hood, because they're wicked fast and manage memory for us.
    std::vector<unsigned char> array;
 
 
    public:
 
 
    string(const size_t& l = 0) {for (size_t x = 0; x < l; ++x) array.emplace_back(0);}
 
 
    string(const std::string& string) {
      for (size_t x = 0; x < string.length(); ++x) array.emplace_back(unsigned(string[x]));
    }
 
 
    string(const unsigned char* string, const size_t& l) {
      for (size_t x = 0; x < l; ++x) array.emplace_back(string[x]);
    }
 
 
    string(const char* string) {
      for (size_t x = 0; x < strlen(string); ++x) array.emplace_back(string[x]);
    }
 
 
    ~string() {for (auto& x : array) x = '\0';}
 
 
    string substr(const size_t& start, const size_t& count = std::string::npos) const {
 
      // These one-line if statements might seem a little confusing, but the general structure is:
      // CONDITION ? IF TRUE : IF FALSE
      // So, here we're setting the value ret to either two values, depending on whether
      // count == std::string::npos (Which just means the end of the string, std::string
      // uses it when find() doesn't return anything, for example)
      // If it is, we obviously don't want to make the string SIZE_MAX bytes long,
      // so we instead just set it to the size of the array - where we want to start from.
      // Otherwise, we use count as you expect, setting ret to how many characters we
      // want to draw from.
      string ret = count == std::string::npos ? array.size() - start : count;
      for (size_t x = 0; x < count && x + start < array.size(); ++x) {
        ret.bytes()[x] = array[x + start];
      }
      return ret;
    }
 
 
    void resize(const size_t& n, const unsigned char& v=0) {array.resize(n, v);}
 
 
    void append(const string& s) {
      for (const auto& x : s.array) array.emplace_back(x);
    }
 
 
    std::string str() {
      std::stringstream out;
      for (const auto& byte : array) out << std::hex << int(byte);
      return out.str();
    }
 
 
    const size_t length() const {return array.size();}
 
 
    unsigned char* bytes() {return &array[0];}
 
 
    const unsigned char* bytes() const {return &array[0];}
 
 
    std::string to() const {return std::string(reinterpret_cast<const char*>(bytes()), array.size());}
 
 
    unsigned char& operator [](const size_t& pos) {
      if (pos >= array.size())
      throw std::out_of_range("Index into crypto::string out of range!");
      return array[pos];
    }
 
 
    const bool operator == (const string& cmp) const {return array == cmp.array;}
 
 
    string operator + (const string& a) const {string ret = *this; ret.append(a); return ret;}
  };
 
 
  class keypair {
    private:
 
    // The private and public keys.
    string P, p;
 
    public:
 
    keypair() = default;
    keypair(const string& private_key, const string& public_key) : P(private_key), p(public_key) {}
 
    // Return the private key.
    string& priv() {return P;}
    const string& priv() const {return P;}
 
    // Return the public key.
    string& pub() {return p;}
    const string& pub() const {return p;}
 
    // Return the first key
    string& first() {return P;}
    const string& first() const {return P;}
 
    // Return the second.
    string& second() {return p;}
    const string& second() const {return p;}
  };
 
 
  string DH(const string& priv, const string& pub) {
    string product = 32;
    if (crypto_scalarmult(product.bytes(), priv.bytes(), pub.bytes()) != 0)
      throw std::runtime_error("Failed to multiply keys!");
    return product;
  }
 
 
   keypair DH_GENERATE() {
 
    // Hold our two 32 byte keys.
    string pub = 32, priv = 32;
 
    // Randomly generate a private key, get the public point on the curve.
    randombytes_buf(priv.bytes(), priv.length());
    crypto_scalarmult_base(pub.bytes(), priv.bytes());
 
    // Return
    return {priv, pub};
  }
 
 
  string IV(uint64_t counter) {
 
    // 32 bits (4 bytes) of zeros + 64 bits (8 bytes) of the counter = 96 bits (12 bytes).
    string iv = 12;
 
    // Extract the highest byte of the counter, shifting down to the last.
    for (size_t x = 0; x < 8; ++x) {
      iv[4 + x] = counter >> 56;
      counter << 8;
    }
    return iv;
  }
 
 
  string ENCRYPT(string key, const uint64_t& counter, const string& plain, const string& data) {
    // Ensure the key is of the correct size.
    key.resize(crypto_aead_chacha20poly1305_ietf_KEYBYTES);
 
    // Initialize the max possible size that the encryption may take
    string cipher = plain.length() + crypto_aead_chacha20poly1305_ietf_ABYTES;
    long long unsigned int length = cipher.length();
 
    // Generate the Nonce.
    string nonce = IV(counter);
 
    // Encrypt.
    crypto_aead_chacha20poly1305_ietf_encrypt(
      cipher.bytes(), &length,
      plain.bytes(), plain.length(),
      data.bytes(), data.length(),
      nullptr,
      nonce.bytes(), key.bytes()
    );
 
    // Shrink based on the amount of bytes that were actually written.
    cipher.resize(length);
    return cipher;
  }
 
 
  string DECRYPT(string key, const uint64_t& counter, const string& cipher, const string& data) {
    key.resize(crypto_aead_chacha20poly1305_ietf_KEYBYTES);
 
    // Reserve the maximum size.
    string plain = cipher.length() - crypto_aead_chacha20poly1305_ietf_ABYTES;
    long long unsigned int length = plain.length();
 
    auto nonce = IV(counter);
 
    if (crypto_aead_chacha20poly1305_ietf_decrypt(
      plain.bytes(), &length,
      nullptr,
      cipher.bytes(), cipher.length(),
      data.bytes(), data.length(),
      nonce.bytes(), key.bytes()) != 0) {
        throw std::runtime_error("Modified message! Refusing to decrypt!");
    }
    plain.resize(length);
    return plain;
  }
 
 
  keypair XENCRYPT(string key, const string& plain, const string& data) {
 
    // Ensure the key is of the correct size.
    key.resize(crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
 
    // Initialize the max possible size that the encryption may take
    string cipher = plain.length() + crypto_aead_xchacha20poly1305_ietf_ABYTES;
    long long unsigned int length = cipher.length();
 
    // Generate a random nonce.
    string nonce = crypto_aead_xchacha20poly1305_ietf_NPUBBYTES;
    randombytes_buf(nonce.bytes(), nonce.length());
 
    // Encrypt.
    crypto_aead_xchacha20poly1305_ietf_encrypt(
      cipher.bytes(), &length,
      plain.bytes(), plain.length(),
      data.bytes(), data.length(),
      nullptr,
      nonce.bytes(), key.bytes()
    );
 
    // Shrink based on the amount of bytes that were actually written.
    cipher.resize(length);
    return {cipher, nonce};
  }
 
 
  string XDECRYPT(string key, const keypair& pair, const string& data) {
    key.resize(crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
 
    const auto& cipher = pair.first();
    const auto& nonce = pair.second();
 
    // Reserve the maximum size.
    string plain = cipher.length() - crypto_aead_xchacha20poly1305_ietf_ABYTES;
    long long unsigned int length = plain.length();
 
    if (crypto_aead_xchacha20poly1305_ietf_decrypt(
      plain.bytes(), &length,
      nullptr,
      cipher.bytes(), cipher.length(),
      data.bytes(), data.length(),
      nonce.bytes(), key.bytes()) != 0) {
        throw std::runtime_error("Modified message! Refusing to decrypt!");
    }
    plain.resize(length);
    return plain;
  }
 
 
  string HASH(const string& in) {
 
    // Initialize the context.
    EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
    if (mdctx == nullptr) {
      throw std::runtime_error("Failed to initialize context!");
    }
 
    // Hash the message.We enclose the OpenSSL calls into a DIGEST lambda.
    string hash = 32;
    auto DIGEST = [&in, &hash, &mdctx]() {
 
      // Initialize
        if (EVP_DigestInit_ex(mdctx, EVP_blake2s256(), nullptr) != 1) return -1;
 
      // Add our input to the digest.
        if (EVP_DigestUpdate(mdctx, in.bytes(), in.length()) != 1) return -2;
 
      // Handle any padding leftover.
      unsigned int length = 32;
        if (EVP_DigestFinal_ex(mdctx, hash.bytes(), &length) != 1) return -3;
      if (length != 32) return -3;
 
      return 0;
        };
 
        // Get the result code, free the context
        auto result = DIGEST();
        EVP_MD_CTX_free(mdctx);
 
    // If an error, throw an exception.
    if (result < 0) {
      std::string reason = "BLAKE2s256: Failed to Hash: ";
      switch (result) {
        case -1: reason += "Failed to initiailze!"; break;
        case -2: reason += "Failed to digest!"; break;
        case -3: reason += "Failed to extract hash!"; break;
        default: reason += "Unknown reason!"; break;
      }
      throw std::runtime_error(reason);
    }
    return hash;
  }
 
 
  string HMAC(const string& key, const string& input, const size_t& size=32) {
    if (size > 32 || size == 0)
      throw std::out_of_range("HMAC can only output sizes from 1-32 inclusive!");
 
    // Initialize the BLAKE2sMAC.
    EVP_MAC *mac = EVP_MAC_fetch(nullptr, "BLAKE2SMAC", nullptr);
    if (mac == nullptr) {
      throw std::runtime_error("Failed to fetch MAC!");
    }
 
    // Initiailze the context.
    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(mac);
    if (ctx == nullptr) {
      EVP_MAC_free(mac);
      throw std::runtime_error("Failed to initialize context!");
    }
 
    // Generate the hmac into the hmac string.
    string hmac = 32;
    auto GENERATE = [&key, &input, &hmac, &ctx, &size]() {
      if (EVP_MAC_init(ctx, key.bytes(), key.length(), nullptr) != 1) return -1;
 
      if (EVP_MAC_update(ctx, input.bytes(), input.length()) != 1) return -2;
 
      size_t length = hmac.length();
      if (EVP_MAC_final(ctx, hmac.bytes(), &length, hmac.length()) != 1) return -3;
      if (length != hmac.length()) return -3;
 
      return 0;
    };
 
    auto result = GENERATE();
    EVP_MAC_CTX_free(ctx);
    EVP_MAC_free(mac);
 
    // If an error, throw an exception.
    if (result < 0) {
      std::string reason = "BLAKE2s256-HMAC: Failed to Hash: ";
      switch (result) {
        case -1: reason += "Failed to initiailze!"; break;
        case -2: reason += "Failed to digest input!"; break;
        case -3: reason += "Failed to extract hmac!"; break;
        default: reason += "Unknown reason!"; break;
      }
      throw std::runtime_error(reason);
    }
 
    // Truncate.
    return hmac.substr(0, size);
  }
 
 
  string MAC(const string& key, const string& input) {return HMAC(key, input, 16);}
 
 
  std::vector<string> KDF(const size_t& n, const string& key, const string& input) {
    std::vector<string> ret;
 
    // Create the initial generation, and first iteration.
    string g0 = HMAC(key, input);
    ret.emplace_back(g0);
    if (n == 1) return ret;
 
    // The 0 and 1 generations are the only ones that have unique construction.
    ret.emplace_back(HMAC(g0, 0x1));
 
    // Until we've added N items, keep adding new generations.
    while (ret.size() != n) {
 
      // Get the prior generation and add our current generation to the end.
      auto last = ret.back();
      auto size = ret.size();
      last.append({reinterpret_cast<const unsigned char*>(&size), sizeof(size)});
 
      // Generate.
      ret.emplace_back(HMAC(g0, last));
    }
 
    // Return the entire list of generations.
    return ret;
  }
}