0% found this document useful (0 votes)
22 views64 pages

An Overview On Encryption in C++ - Jens Weller - CppCon 2015

Uploaded by

alan88w
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views64 pages

An Overview On Encryption in C++ - Jens Weller - CppCon 2015

Uploaded by

alan88w
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 64

An Overview on Encryption in C++

Jens Weller
CppCon 2015
NDC Oslo 2015
C++Now 2015

Jens Weller – Meeting C++


About me
● C++ Evangelist
– @meetingcpp

● C++ since '98


● '02-'07 Vodafone
● '07 selfemployed /
freelancer in C++
● '12 Meeting C++

Jens Weller – Meeting C++


Disclaimer
● I'm not an expert in encryption
● This is an overview covering
– Crpyto++
– Botan
– libSodium

Jens Weller – Meeting C++


Why?
● I was looking for a solution last fall
● What I found
– Few specialized libraries
– Lots of documentation
– Easy to do or understand things wrong
● Gaining more insight in options for encryption
– Why not give a talk about it?

Jens Weller – Meeting C++


This talk is about USING encryption.
Not IMPLEMENTING it.

Jens Weller – Meeting C++


Politics
● Discussion on Encryption
– Backdoors
– If you have nothing to hide, you have nothing to fear
● TSA Keys
– Backdoor
– TSA doesn't care they leaked
● Canaries
– Communicate that you have been gagged

Jens Weller – Meeting C++

Image source: https://twitter.com/Gizmodo/status/644605077056036864


You and your Data
● Are a Target
– Services
– Botnets
● Interesting data
– Email
– Passwords
– Logins
● Hardware Resources

● Security Aspects of feature rich,


connected embedded devices
Jens Weller – Meeting C++
Your attacker lives in the future, but you write your
code today.

Jens Weller – Meeting C++


Short Encryption Update
● Symmetric ● Cipher modes
– One Key – Block cipher
– AES – Stream cipher
● A-Symmetric ● HTTPS
– Two Keys – Transport Encryption
● Public – Not for UDP
● Private – No Data Encryption
– RSA

Jens Weller – Meeting C++


*******
Jens Weller – Meeting C++
Storing Passwords
● Authentication
– Never as plaintext
– hash(pw + salt)
● Logins
– Plaintext?
– Encrypt?

Jens Weller – Meeting C++


Encrypting Passwords
● Symmetric: ● OS API?
– Where to store the key? ● I'm still thinking on
● A-Symmetric that problem...
– Private key
● Encrypted with
password...
● Plaintext
– Mutate to real pw?

Jens Weller – Meeting C++


Encryption and C++

Jens Weller – Meeting C++


Lingua Franca
● unsigned char
– Most interfaces build up on this
– std::string etc.
● char

Jens Weller – Meeting C++


C++ Standard & Encryption
● <random>?
– Nope
– random_device
● Not guaranteed
● /dev/urandom
– libc++
– libstdc++
● Same for boost random

Jens Weller – Meeting C++


C++ Encryption Libraries
● Cryptopp ● Botan ● libSodium
– Fork of
libNaCl

● OpenSSL ● QCA
– libCrypto – Encryption
based on
Qt4

Jens Weller – Meeting C++


C++ Encryption Libraries
● Cryptopp ● Botan ● libSodium
– 5.6.2 – Fork of
libNaCl

● C++03 ● C++03(stable) ● C
C++11 C++11(dev)
ISC License
● ●

– 5.6.3 – Use this one


● Boost License ● BSD-2

Jens Weller – Meeting C++


Crypto Examples
● AES
– Cryptopp
● RSA
– Botan
● Cryptobox
– libSodium

Jens Weller – Meeting C++


AES
● Advanced Encryption Standard
– Block Cipher
– Symmetric
– Widely used
– Operates on modes
– Needs to be initialized

Jens Weller – Meeting C++


AES - Modes
● AES has different modes
– ECB – Electronic Code Book
– CBC – Cipher Block Chaining
– OFB – Output FeedBack
– CFB – Cipher FeedBack
– CTR – Counter Mode
– Newer modes:
● EAX & GCM

Jens Weller – Meeting C++


ECB
● Not really

Jens Weller – Meeting C++


Image: Larry Ewing, [email protected], The GIMP
CBC
● Cipher Block Chaining

● + ● -
● No Parallel encryption
● Secure
● Known attacks
– When used properly – Malleability
● Parallel decryption – Secure, when done correctly

Jens Weller – Meeting C++


OFB
● “Stream Cipher Mode”

● + ● -
● Key stream ● Security model is
– Computable in advance questionable
● Fast hardware ● Misconfiguration can lead to
implementation short key stream cycles

Jens Weller – Meeting C++


CFB
● Cipher Feedback
● “CBC backwards”

● + ● -
● Small footprint ● Not very common
● Parallel decryption

Jens Weller – Meeting C++


CTR
● Counter Mode

● + ● -
● Secure ● ?
– When done right
● Parallel en/decryption

Jens Weller – Meeting C++


But wait! There is more!
● EAX and GCM ● Which to choose?
– Authentication – Depends
– Encryption – EAX & GCM
– Based on CTR – CTR
– CBC/CFB

Jens Weller – Meeting C++


IV – Initialization Vector
● unsigned char[16]; ● Usually Libraries
● Must be random provide facilities for
generating random
– Not pseudo random bytes.
● Can be public!
● Do not reuse!

Jens Weller – Meeting C++


AES - Cryptopp

Code example

Jens Weller – Meeting C++


AES – Keys (Cryptopp)
● 16 / 32 bytes
AutoSeededRandomPool rnd;
// Generate a random key
SecByteBlock key(0x00, AES::DEFAULT_KEYLENGTH);
rnd.GenerateBlock( key, key.size() );
// Generate a random IV
byte iv[AES::BLOCKSIZE];
rnd.GenerateBlock(iv, AES::BLOCKSIZE);

Jens Weller – Meeting C++


AES – Keys (Cryptopp)
● 16 / 32 bytes
AutoSeededRandomPool rnd;
// Generate a random key
SecByteBlock key(0x00, AES::DEFAULT_KEYLENGTH);
rnd.GenerateBlock( key, key.size() );
// Generate a random IV
byte iv[AES::BLOCKSIZE];
rnd.GenerateBlock(iv, AES::BLOCKSIZE);

Jens Weller – Meeting C++


AES – Keys (Cryptopp)
● 16 / 32 bytes
AutoSeededRandomPool rnd;
// Generate a random key
SecByteBlock key(0x00, AES::DEFAULT_KEYLENGTH);
rnd.GenerateBlock( key, key.size() );
// Generate a random IV
byte iv[AES::BLOCKSIZE];
rnd.GenerateBlock(iv, AES::BLOCKSIZE);

Jens Weller – Meeting C++


AES – Keys (Cryptopp)
● 16 / 32 bytes
AutoSeededRandomPool rnd;
// Generate a random key
SecByteBlock key(0x00, AES::DEFAULT_KEYLENGTH);
rnd.GenerateBlock( key, key.size() );
// Generate a random IV
byte iv[AES::BLOCKSIZE];
rnd.GenerateBlock(iv, AES::BLOCKSIZE);

Jens Weller – Meeting C++


AES Encryption
char plainText[] = "Hello! How are you.";
int messageLen = (int)strlen(plainText) + 1;
// Encrypt
CFB_Mode<AES>::Encryption cfbEncryption(key, key.size(), iv);
cfbEncryption.ProcessData(
(byte*)plainText,
(byte*)plainText,
messageLen);

Jens Weller – Meeting C++


AES Encryption
char plainText[] = "Hello! How are you.";
int messageLen = (int)strlen(plainText) + 1;
// Encrypt
CFB_Mode<AES>::Encryption cfbEncryption(key, key.size(), iv);
cfbEncryption.ProcessData(
(byte*)plainText,
(byte*)plainText,
messageLen);

Jens Weller – Meeting C++


AES Encryption
char plainText[] = "Hello! How are you.";
int messageLen = (int)strlen(plainText) + 1;
// Encrypt
CFB_Mode<AES>::Encryption cfbEncryption(key, key.size(), iv);
cfbEncryption.ProcessData(
(byte*)plainText,
(byte*)plainText,
messageLen);

Jens Weller – Meeting C++


AES - Decryption
// Decrypt
typedef CFB_Mode<AES> mode;
mode::Decryption cfbDecryption(key, key.size(), iv);
cfbDecryption.ProcessData(
(byte*)plainText,
(byte*)plainText,
messageLen);

Jens Weller – Meeting C++


AES
● Cryptopp ● Modes
– Use a random iv & – Select the right one
key for your use case
– The key is not a ● Padding
password
– Offset before the
encryption
– Cryptopp examples
do not use it

Jens Weller – Meeting C++


RSA
● A-Symmetric Cipher ● Public Key
● 2 Keys – Encryption
– Public – Can be shared
– Private ● Private Key
– Must not be shared
– Should be protected

Jens Weller – Meeting C++


Botan
● namespace Botan
● Botan initialization
– Botan::LibraryInitializer
● Create an instance (stack!)
● Can throw (try & catch)
● A collection of encryption algorithms

Jens Weller – Meeting C++


RSA - Botan
● Where do you get a private Key from?
– RSA_PrivateKey
● (RandomNumberGenerator& rng, size_t bits)

Jens Weller – Meeting C++


RSA - Botan

Code example

Jens Weller – Meeting C++


RSA encryption with
botan
std::string text = "abc";
AutoSeeded_RNG rng;
RSA_PrivateKey key(rng, 1024);
std::string pub = X509::PEM_encode(key);
std::string priv = PKCS8::PEM_encode(key);
DataSource_Memory key_pub(pub);
DataSource_Memory key_priv(priv);

Jens Weller – Meeting C++


RSA encryption with
botan
std::string text = "abc";
AutoSeeded_RNG rng;
RSA_PrivateKey key(rng, 1024);
std::string pub = X509::PEM_encode(key);
std::string priv = PKCS8::PEM_encode(key);
DataSource_Memory key_pub(pub);
DataSource_Memory key_priv(priv);

Jens Weller – Meeting C++


RSA encryption with
botan
std::string text = "abc";
AutoSeeded_RNG rng;
RSA_PrivateKey key(rng, 1024);
std::string pub = X509::PEM_encode(key);
std::string priv = PKCS8::PEM_encode(key);
DataSource_Memory key_pub(pub);
DataSource_Memory key_priv(priv);

Jens Weller – Meeting C++


RSA encryption with
botan
std::string text = "abc";
AutoSeeded_RNG rng;
RSA_PrivateKey key(rng, 1024);
std::string pub = X509::PEM_encode(key);
std::string priv = PKCS8::PEM_encode(key);
DataSource_Memory key_pub(pub);
DataSource_Memory key_priv(priv);

Jens Weller – Meeting C++


RSA Keysetup

X509_PublicKey *pub_rsa = X509::load_key(key_pub);


PKCS8_PrivateKey *priv_rsa = PKCS8::load_key(key_priv, rng);

auto *enckey = dynamic_cast<PK_Encrypting_Key*>(pub_rsa);


auto *deckey = dynamic_cast<PK_Decrypting_Key*>(priv_rsa);

PK_Encryptor *enc = get_pk_encryptor(*enckey, "EME1(SHA-256)");


PK_Decryptor *dec = get_pk_decryptor(*deckey, "EME1(SHA-256)");

Jens Weller – Meeting C++


RSA Keysetup

X509_PublicKey *pub_rsa = X509::load_key(key_pub);


PKCS8_PrivateKey *priv_rsa = PKCS8::load_key(key_priv, rng);

auto *enckey = dynamic_cast<PK_Encrypting_Key*>(pub_rsa);


auto *deckey = dynamic_cast<PK_Decrypting_Key*>(priv_rsa);

PK_Encryptor *enc = get_pk_encryptor(*enckey, "EME1(SHA-256)");


PK_Decryptor *dec = get_pk_decryptor(*deckey, "EME1(SHA-256)");

Jens Weller – Meeting C++


RSA Keysetup

X509_PublicKey *pub_rsa = X509::load_key(key_pub);


PKCS8_PrivateKey *priv_rsa = PKCS8::load_key(key_priv, rng);

auto *enckey = dynamic_cast<PK_Encrypting_Key*>(pub_rsa);


auto *deckey = dynamic_cast<PK_Decrypting_Key*>(priv_rsa);

PK_Encryptor *enc = get_pk_encryptor(*enckey, "EME1(SHA-256)");


PK_Decryptor *dec = get_pk_decryptor(*deckey, "EME1(SHA-256)");

Jens Weller – Meeting C++


RSA Keysetup

X509_PublicKey *pub_rsa = X509::load_key(key_pub);


PKCS8_PrivateKey *priv_rsa = PKCS8::load_key(key_priv, rng);

auto *enckey = dynamic_cast<PK_Encrypting_Key*>(pub_rsa);


auto *deckey = dynamic_cast<PK_Decrypting_Key*>(priv_rsa);

PK_Encryptor *enc = get_pk_encryptor(*enckey, "EME1(SHA-256)");


PK_Decryptor *dec = get_pk_decryptor(*deckey, "EME1(SHA-256)");

Jens Weller – Meeting C++


RSA En/Decrypting
byte msg[text.size()];
SecureVector<byte> ciphertext
= enc->encrypt(msg, sizeof(msg), rng);

SecureVector<byte> plaintext
= dec->decrypt(ciphertext, ciphertext.size());

Jens Weller – Meeting C++


Cryptobox
● AES & RSA
– Can be tricky to setup
● What if just a good encryption is needed?
● A Cryptobox
– Hides implementation details
– Exposes an easier interface for encryption

Jens Weller – Meeting C++


Cryptobox approach
//pseudo code
namespace cryptobox
{
Buffer decrypt(key,buffer,algo);
Buffer encrypt(key,buffer,algo);
}

Jens Weller – Meeting C++


Cryptobox
● Botan
– Based on Serpent (Block cipher)
● Libsodium
– Different cryptoboxes
● Symmetric
● A-Symmetric

Jens Weller – Meeting C++


libSodium
● Fork of libNaCl
– Goal is to make encryption accessible
● C library
– C++ wrappers exist
● Initialization:
– sodium_init()

Jens Weller – Meeting C++


Cryptobox - libSodium

Code example

Jens Weller – Meeting C++


libSodium
#define MESSAGE ((const unsigned char *) "test")
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN
(crypto_secretbox_MACBYTES + MESSAGE_LEN)

unsigned char nonce[crypto_secretbox_NONCEBYTES];


unsigned char key[crypto_secretbox_KEYBYTES];
unsigned char ciphertext[CIPHERTEXT_LEN];

Jens Weller – Meeting C++


libSodium
#define MESSAGE ((const unsigned char *) "test")
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN
(crypto_secretbox_MACBYTES + MESSAGE_LEN)

unsigned char nonce[crypto_secretbox_NONCEBYTES];


unsigned char key[crypto_secretbox_KEYBYTES];
unsigned char ciphertext[CIPHERTEXT_LEN];

Jens Weller – Meeting C++


libSodium
#define MESSAGE ((const unsigned char *) "test")
#define MESSAGE_LEN 4
#define CIPHERTEXT_LEN
(crypto_secretbox_MACBYTES + MESSAGE_LEN)

unsigned char nonce[crypto_secretbox_NONCEBYTES];


unsigned char key[crypto_secretbox_KEYBYTES];
unsigned char ciphertext[CIPHERTEXT_LEN];

Jens Weller – Meeting C++


randombytes_buf(nonce, sizeof nonce);
randombytes_buf(key, sizeof key);
crypto_secretbox_easy(ciphertext, MESSAGE, MESSAGE_LEN,
nonce, key);

unsigned char decrypted[MESSAGE_LEN];


if (crypto_secretbox_open_easy(decrypted, ciphertext,
CIPHERTEXT_LEN, nonce, key) != 0) {
/* message forged! */
}

Jens Weller – Meeting C++


randombytes_buf(nonce, sizeof nonce);
randombytes_buf(key, sizeof key);
crypto_secretbox_easy(ciphertext, MESSAGE, MESSAGE_LEN,
nonce, key);

unsigned char decrypted[MESSAGE_LEN];


if (crypto_secretbox_open_easy(decrypted, ciphertext,
CIPHERTEXT_LEN, nonce, key) != 0) {
/* message forged! */
}

Jens Weller – Meeting C++


randombytes_buf(nonce, sizeof nonce);
randombytes_buf(key, sizeof key);
crypto_secretbox_easy(ciphertext, MESSAGE, MESSAGE_LEN,
nonce, key);

unsigned char decrypted[MESSAGE_LEN];


if (crypto_secretbox_open_easy(decrypted, ciphertext,
CIPHERTEXT_LEN, nonce, key) != 0) {
/* message forged! */
}

Jens Weller – Meeting C++


In the box...
● Symmetric
– Encryption: XSalsa20 stream cipher
– Authentication: Poly1305 MAC
● A-Symmetric
– Key exchange: Curve25519
– Encryption: XSalsa20 stream cipher
– Authentication: Poly1305 MAC

Jens Weller – Meeting C++


Final thoughts
● Encrypt critical data
● Botan and Crypto++
– Are a collection of encryption algorithms
● A Cryptobox
– easy and save encryption
– libSodium – symmetric & a-symmetric
– Botan - symmetric

Jens Weller – Meeting C++


The End

Questions?

Jens Weller – Meeting C++

You might also like