Secure StringSinks

Question

Secure StringSinks

So, it seems that the general way to use algorithms in Crypto ++ is to use StringSinks, which are initiated by passing a reference to std::string.

But what if you do not want to use std::string due to security issues ? Is it possible that the data is something like SecByteBlock, or do I need to create my own shell class that aims to recreate the protected buffer class?

+3

cryptography crypto ++ cryptoapi

kamziro May 23 '12 at 5:22

source share

1 answer

jww · Answer 1 · 2013-10-02T06:26:17+0000

Try the SecByteBlockSink patch . It was sent to the Crypto ++ Users group, but Wei never included it in the library. There is also a wiki page here: SecByteBlockSink .

$ cat filters.h.patch
Index: filters.h
===================================================================
--- filters.h        (revision 525)
+++ filters.h        (working copy)
@@ -10,6 +10,7 @@
 #include "queue.h"
 #include "algparam.h"
 #include <deque>
+#include <limits>

 NAMESPACE_BEGIN(CryptoPP)

@@ -805,6 +806,31 @@
                 {SourceInitialize(pumpAll,
MakeParameters("RandomNumberGeneratorPointer",
&rng)("RandomNumberStoreSize", length));}
 };

+class CRYPTOPP_DLL SecByteBlockSink : public Bufferless<Sink>
+{
+public:
+        SecByteBlockSink(SecByteBlock& sbb) : m_sbb(sbb) { }
+
+        size_t Put2(const byte *inString, size_t length, int /*messageEnd*/, bool /*blocking*/)
+        {
+                if(!inString || !length) return length;
+
+                const size_t size = m_sbb.size();
+                const size_t max = std::numeric_limits<std::size_t>::max() - size;
+
+                if(length > max)
+                        InvalidArgument("SecByteBlockSink: buffer overflow");
+
+                m_sbb.resize(size+length);
+                memcpy(m_sbb.begin()+size, inString, length);
+                
+                return 0;
+        }
+
+private:
+        SecByteBlock& m_sbb;
+};
+
 NAMESPACE_END

 #endif

Secure StringSinks

More articles: