book

Secure Programming Cookbook for C and C++

by John Viega, Matt Messier

July 2003

Intermediate to advanced

790 pages

23h 35m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Secure Programming Cookbook for C and C++
A Note Regarding Supplemental Files
Foreword
Preface
More Than Just a Book
We Can’t Do It All
Organization of This Book
Recipe Compatibility
Conventions Used in This Book
Comments and Questions

Acknowledgments
1. Safe Initialization
1.1. Sanitizing the Environment
1.1.1. Problem1.1.2. Solution1.1.3. Discussion1.1.4. See Also
1.2. Restricting Privileges on Windows
1.2.1. Problem1.2.2. Solution1.2.3. Discussion1.2.3.1. Creating restricted tokens1.2.3.2. Modifying a process’s primary token1.2.3.3. Working with SID_AND_ATTRIBUTES structures1.2.3.4. Working with LUID_AND_ATTRIBUTES structures1.2.4. See Also
1.3. Dropping Privileges in setuid Programs
1.3.1. Problem1.3.2. Solution1.3.3. Discussion1.3.4. See Also
1.4. Limiting Risk with Privilege Separation
1.4.1. Problem1.4.2. Solution1.4.3. Discussion1.4.3.1. Privilege separation1.4.3.2. A privilege separation library: privman1.4.4. See Also
1.5. Managing File Descriptors Safely
1.5.1. Problem1.5.2. Solution1.5.3. Discussion
1.6. Creating a Child Process Securely
1.6.1. Problem1.6.2. Solution1.6.3. Discussion1.6.4. See Also
1.7. Executing External Programs Securely
1.7.1. Problem1.7.2. Solution1.7.3. Discussion1.7.4. See Also
1.8. Executing External Programs Securely
1.8.1. Problem1.8.2. Solution1.8.3. Discussion
1.9. Disabling Memory Dumps in the Event of a Crash
1.9.1. Problem1.9.2. Solution1.9.3. Discussion1.9.4. See Also
2. Access Control
2.1. Understanding the Unix Access Control Model
2.1.1. Problem2.1.2. Solution2.1.3. Discussion2.1.3.1. The sticky bit2.1.3.2. The setuid bit2.1.3.3. The setgid bit2.1.4. See Also
2.2. Understanding the Windows Access Control Model
2.2.1. Problem2.2.2. Solution2.2.3. Discussion
2.3. Determining Whether a User Has Access to a File on Unix
2.3.1. Problem2.3.2. Solution2.3.3. Discussion
2.4. Determining Whether a Directory Is Secure
2.4.1. Problem2.4.2. Solution2.4.3. Discussion
2.5. Erasing Files Securely
2.5.1. Problem2.5.2. Solution2.5.3. Discussion2.5.4. See Also
2.6. Accessing File Information Securely
2.6.1. Problem2.6.2. Solution2.6.3. Discussion2.6.4. See Also
2.7. Restricting Access Permissions for New Files on Unix
2.7.1. Problem2.7.2. Solution2.7.3. Discussion2.7.4. See Also
2.8. Locking Files
2.8.1. Problem2.8.2. Solution2.8.3. Discussion2.8.3.1. Locking files on Unix2.8.3.2. Locking files on Windows
2.9. Synchronizing Resource Access Across Processes on Unix
2.9.1. Problem2.9.2. Solution2.9.3. Discussion2.9.4. See Also
2.10. Synchronizing Resource Access Across Processes on Windows
2.10.1. Problem2.10.2. Solution2.10.3. Discussion2.10.4. See Also
2.11. Creating Files for Temporary Use
2.11.1. Problem2.11.2. Solution2.11.3. Discussion2.11.3.1. Temporary files on Unix2.11.3.2. Temporary files on Windows2.11.4. See Also
2.12. Restricting Filesystem Access on Unix
2.12.1. Problem2.12.2. Solution2.12.3. Discussion
2.13. Restricting Filesystem and Network Access on FreeBSD
2.13.1. Problem2.13.2. Solution2.13.3. Discussion2.13.4. See Also
3. Input Validation
3.1. Understanding Basic Data Validation Techniques
3.1.1. Problem3.1.2. Solution3.1.3. Discussion3.1.4. See Also
3.2. Preventing Attacks on Formatting Functions
3.2.1. Problem3.2.2. Solution3.2.3. Discussion3.2.4. See Also
3.3. Preventing Buffer Overflows
3.3.1. Problem3.3.2. Solution3.3.3. Discussion3.3.3.1. String handling3.3.3.2. Using C++3.3.3.3. Stack protection technologies3.3.4. See Also
3.4. Using the SafeStr Library
3.4.1. Problem3.4.2. Solution3.4.3. Discussion3.4.4. See Also
3.5. Preventing Integer Coercion and Wrap-Around Problems
3.5.1. Problem3.5.2. Solution3.5.3. Discussion3.5.3.1. Signed-to-unsigned coercion3.5.3.2. Unsigned-to-signed coercion3.5.3.3. Size mismatches3.5.3.4. Wrap-around3.5.4. See Also
3.6. Using Environment Variables Securely
3.6.1. Problem3.6.2. Solution3.6.3. Discussion3.6.3.1. Obtaining the value of an environment variable3.6.3.2. Changing the value of an environment variable3.6.3.3. Deleting an environment variable3.6.4. See Also
3.7. Validating Filenames and Paths
3.7.1. Problem3.7.2. Solution3.7.3. Discussion
3.8. Evaluating URL Encodings
3.8.1. Problem3.8.2. Solution3.8.3. Discussion3.8.4. See Also
3.9. Validating Email Addresses
3.9.1. Problem3.9.2. Solution3.9.3. Discussion3.9.4. See Also
3.10. Preventing Cross-Site Scripting
3.10.1. Problem3.10.2. Solution3.10.3. Discussion
3.11. Preventing SQL Injection Attacks
3.11.1. Problem3.11.2. Solution3.11.3. Discussion
3.12. Detecting Illegal UTF-8 Characters
3.12.1. Problem3.12.2. Solution3.12.3. Discussion
3.13. Preventing File Descriptor Overflows When Using select( )
3.13.1. Problem3.13.2. Solution3.13.3. Discussion3.13.4. See Also
4. Symmetric Cryptography Fundamentals
4.1. Representing Keys for Use in Cryptographic Algorithms
4.1.1. Problem4.1.2. Solution4.1.3. Discussion4.1.4. See Also
4.2. Generating Random Symmetric Keys
4.2.1. Problem4.2.2. Solution4.2.3. Discussion4.2.4. See Also
4.3. Representing Binary Keys (or Other Raw Data) as Hexadecimal
4.3.1. Problem4.3.2. Solution4.3.3. Discussion
4.4. Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary
4.4.1. Problem4.4.2. Solution4.4.3. Discussion
4.5. Performing Base64 Encoding
4.5.1. Problem4.5.2. Solution4.5.3. Discussion4.5.4. See Also
4.6. Performing Base64 Decoding
4.6.1. Problem4.6.2. Solution4.6.3. Discussion4.6.4. See Also
4.7. Representing Keys (or Other Binary Data) as English Text
4.7.1. Problem4.7.2. Solution4.7.3. Discussion4.7.4. See Also
4.8. Converting Text Keys to Binary Keys
4.8.1. Problem4.8.2. Solution4.8.3. Discussion4.8.4. See Also
4.9. Using Salts, Nonces, and Initialization Vectors
4.9.1. Problem4.9.2. Solution4.9.3. Discussion4.9.3.1. Salts4.9.3.2. Nonces4.9.3.3. Initialization vectors (IVs)4.9.4. See Also
4.10. Deriving Symmetric Keys from a Password
4.10.1. Problem4.10.2. Solution4.10.3. Discussion4.10.4. See Also
4.11. Algorithmically Generating Symmetric Keys from One Base Secret
4.11.1. Problem4.11.2. Solution4.11.3. Discussion4.11.4. See Also
4.12. Encrypting in a Single Reduced Character Set
4.12.1. Problem4.12.2. Solution4.12.3. Discussion4.12.4. See Also
4.13. Managing Key Material Securely
4.13.1. Problem4.13.2. Solution4.13.3. See Also
4.14. Timing Cryptographic Primitives
4.14.1. Problem4.14.2. Solution4.14.3. Discussion4.14.3.1. Timing basics4.14.3.2. Timing cryptographic code
5. Symmetric Encryption
5.1. Deciding Whether to Use Multiple Encryption Algorithms
5.1.1. Problem5.1.2. Solution5.1.3. Discussion5.1.4. See Also
5.2. Figuring Out Which Encryption Algorithm Is Best
5.2.1. Problem5.2.2. Solution5.2.3. Discussion5.2.4. See Also
5.3. Selecting an Appropriate Key Length
5.3.1. Problem5.3.2. Solution5.3.3. Discussion5.3.4. See Also
5.4. Selecting a Cipher Mode
5.4.1. Problem5.4.2. Solution5.4.3. Discussion5.4.3.1. Electronic Code Book (ECB) mode5.4.3.2. Cipher Block Chaining (CBC) mode5.4.3.3. Counter (CTR) mode5.4.3.4. Output Feedback (OFB) mode5.4.3.5. Cipher Feedback (CFB) mode5.4.3.6. Carter-Wegman + CTR (CWC) mode5.4.3.7. Offset Codebook (OCB) mode5.4.3.8. CTR plus CBC-MAC (CCM) mode5.4.4. See Also
5.5. Using a Raw Block Cipher
5.5.1. Problem5.5.2. Solution5.5.3. Discussion5.5.3.1. Brian Gladman’s AES implementation5.5.3.2. OpenSSL block cipher implementations5.5.4. See Also
5.6. Using a Generic CBC Mode Implementation
5.6.1. Problem5.6.2. Solution5.6.3. Discussion5.6.3.1. The high-level API5.6.3.2. SPC_CBC_CTX data type5.6.3.3. Incremental initialization5.6.3.4. Incremental encrypting5.6.3.5. Incremental decryption5.6.4. See Also
5.7. Using a Generic CFB Mode Implementation
5.7.1. Problem5.7.2. Solution5.7.3. Discussion5.7.3.1. The high-level API5.7.3.2. The incremental API5.7.4. See Also
5.8. Using a Generic OFB Mode Implementation
5.8.1. Problem5.8.2. Solution5.8.3. Discussion5.8.3.1. The high-level API5.8.3.2. The incremental API5.8.4. See Also
5.9. Using a Generic CTR Mode Implementation
5.9.1. Problem5.9.2. Solution5.9.3. Discussion5.9.3.1. The high-level API5.9.3.2. The incremental API5.9.4. See Also
5.10. Using CWC Mode
5.10.1. Problem5.10.2. Solution5.10.3. Discussion5.10.4. See Also
5.11. Manually Adding and Checking Cipher Padding
5.11.1. Problem5.11.2. Solution5.11.3. Discussion
5.12. Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers)
5.12.1. Problem5.12.2. Solution5.12.3. Discussion
5.13. Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility)
5.13.1. Problem5.13.2. Solution5.13.3. Discussion5.13.4. See Also
5.14. Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility)
5.14.1. Problem5.14.2. Solution5.14.3. Discussion5.14.4. See Also
5.15. Performing File or Disk Encryption
5.15.1. Problem5.15.2. Solution5.15.3. Discussion5.15.4. See Also
5.16. Using a High-Level, Error-Resistant Encryption and Decryption API
5.16.1. Problem5.16.2. Solution5.16.3. Discussion5.16.4. See Also
5.17. Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL
5.17.1. Problem5.17.2. Solution5.17.3. Discussion5.17.4. See Also
5.18. Using Variable Key-Length Ciphers in OpenSSL
5.18.1. Problem5.18.2. Solution5.18.3. Discussion
5.19. Disabling Cipher Padding in OpenSSL in CBC Mode
5.19.1. Problem5.19.2. Solution5.19.3. Discussion
5.20. Performing Additional Cipher Setup in OpenSSL
5.20.1. Problem5.20.2. Solution5.20.3. Discussion
5.21. Querying Cipher Configuration Properties in OpenSSL
5.21.1. Problem5.21.2. Solution5.21.3. Discussion
5.22. Performing Low-Level Encryption and Decryption with OpenSSL
5.22.1. Problem5.22.2. Solution5.22.3. Discussion5.22.4. See Also
5.23. Setting Up and Using RC4
5.23.1. Problem5.23.2. Solution5.23.3. Discussion
5.24. Using One-Time Pads
5.24.1. Problem5.24.2. Solution5.24.3. Discussion5.24.4. See Also
5.25. Using Symmetric Encryption with Microsoft’s CryptoAPI
5.25.1. Problem5.25.2. Solution5.25.3. Discussion5.25.4. See Also
5.26. Creating a CryptoAPI Key Object from Raw Key Data
5.26.1. Problem5.26.2. Solution5.26.3. Discussion5.26.4. See Also
5.27. Extracting Raw Key Data from a CryptoAPI Key Object
5.27.1. Problem5.27.2. Solution5.27.3. Discussion5.27.4. See Also
6. Hashes and Message Authentication
6.1. Understanding the Basics of Hashes and MACs
6.1.1. Problem6.1.2. Solution6.1.3. Discussion6.1.3.1. Types of primitives6.1.3.2. Attacks against one-way constructs6.1.4. See Also
6.2. Deciding Whether to Support Multiple Message Digests or MACs
6.2.1. Problem6.2.2. Solution6.2.3. Discussion6.2.4. See Also
6.3. Choosing a Cryptographic Hash Algorithm
6.3.1. Problem6.3.2. Solution6.3.3. Discussion6.3.4. See Also
6.4. Choosing a Message Authentication Code
6.4.1. Problem6.4.2. Solution6.4.3. Discussion6.4.4. See Also
6.5. Incrementally Hashing Data
6.5.1. Problem6.5.2. Solution6.5.3. Discussion6.5.4. See Also
6.6. Hashing a Single String
6.6.1. Problem6.6.2. Solution6.6.3. Discussion6.6.4. See Also
6.7. Using a Cryptographic Hash
6.7.1. Problem6.7.2. Solution6.7.3. Discussion6.7.4. See Also
6.8. Using a Nonce to Protect Against Birthday Attacks
6.8.1. Problem6.8.2. Solution6.8.3. Discussion6.8.4. See Also
6.9. Checking Message Integrity
6.9.1. Problem6.9.2. Solution6.9.3. Discussion6.9.4. See Also
6.10. Using HMAC
6.10.1. Problem6.10.2. Solution6.10.3. Discussion6.10.4. See Also
6.11. Using OMAC (a Simple Block Cipher-Based MAC)
6.11.1. Problem6.11.2. Solution6.11.3. Discussion6.11.4. See Also
6.12. Using HMAC or OMAC with a Nonce
6.12.1. Problem6.12.2. Solution6.12.3. Discussion6.12.4. See Also
6.13. Using a MAC That’s Reasonably Fast in Software and Hardware
6.13.1. Problem6.13.2. Solution6.13.3. Discussion6.13.4. See Also
6.14. Using a MAC That’s Optimized for Software Speed
6.14.1. Problem6.14.2. Solution6.14.3. Discussion6.14.4. See Also
6.15. Constructing a Hash Function from a Block Cipher
6.15.1. Problem6.15.2. Solution6.15.3. Discussion6.15.4. See Also
6.16. Using a Block Cipher to Build a Full-Strength Hash Function
6.16.1. Problem6.16.2. Solution6.16.3. Discussion
6.17. Using Smaller MAC Tags
6.17.1. Problem6.17.2. Solution6.17.3. Discussion
6.18. Making Encryption and Message Integrity Work Together
6.18.1. Problem6.18.2. Solution6.18.3. Discussion6.18.4. See Also
6.19. Making Your Own MAC
6.19.1. Problem6.19.2. Solution6.19.3. Discussion6.19.4. See Also
6.20. Encrypting with a Hash Function
6.20.1. Problem6.20.2. Solution6.20.3. Discussion6.20.4. See Also
6.21. Securely Authenticating a MAC (Thwarting Capture Replay Attacks)
6.21.1. Problem6.21.2. Solution6.21.3. Discussion6.21.4. See Also
6.22. Parallelizing MACs
6.22.1. Problem6.22.2. Solution6.22.3. Discussion6.22.4. See Also
7. Public Key Cryptography
7.1. Determining When to Use Public Key Cryptography
7.1.1. Problem7.1.2. Solution7.1.3. Discussion7.1.4. See Also
7.2. Selecting a Public Key Algorithm
7.2.1. Problem7.2.2. Solution7.2.3. Discussion7.2.4. See Also
7.3. Selecting Public Key Sizes
7.3.1. Problem7.3.2. Solution7.3.3. Discussion
7.4. Manipulating Big Numbers
7.4.1. Problem7.4.2. Solution7.4.3. Discussion7.4.3.1. Initialization and cleanup7.4.3.2. Assigning to BIGNUM objects7.4.3.3. Getting BIGNUM objects with random values7.4.3.4. Outputting BIGNUM objects7.4.3.5. Common tests on BIGNUM objects7.4.3.6. Math operations on BIGNUM objects7.4.4. See Also
7.5. Generating a Prime Number (Testing for Primality)
7.5.1. Problem7.5.2. Solution7.5.3. Discussion7.5.4. See Also
7.6. Generating an RSA Key Pair
7.6.1. Problem7.6.2. Solution7.6.3. Discussion7.6.4. See Also
7.7. Disentangling the Public and Private Keys in OpenSSL
7.7.1. Problem7.7.2. Solution7.7.3. Discussion
7.8. Converting Binary Strings to Integers for Use with RSA
7.8.1. Problem7.8.2. Solution7.8.3. Discussion7.8.4. See Also
7.9. Converting Integers into Binary Strings for Use with RSA
7.9.1. Problem7.9.2. Solution7.9.3. Discussion
7.10. Performing Raw Encryption with an RSA Public Key
7.10.1. Problem7.10.2. Solution7.10.3. Discussion7.10.4. See Also
7.11. Performing Raw Decryption Using an RSA Private Key
7.11.1. Problem7.11.2. Solution7.11.3. Discussion7.11.4. See Also
7.12. Signing Data Using an RSA Private Key
7.12.1. Problem7.12.2. Solution7.12.3. Discussion
7.13. Verifying Signed Data Using an RSA Public Key
7.13.1. Problem7.13.2. Solution7.13.3. Discussion7.13.4. See Also
7.14. Securely Signing and Encrypting with RSA
7.14.1. Problem7.14.2. Solution7.14.3. Discussion7.14.4. See Also
7.15. Using the Digital Signature Algorithm (DSA)
7.15.1. Problem7.15.2. Solution7.15.3. Discussion7.15.4. See Also
7.16. Representing Public Keys and Certificates in Binary (DER Encoding)
7.16.1. Problem7.16.2. Solution7.16.3. Discussion7.16.4. See Also
7.17. Representing Keys and Certificates in Plaintext (PEM Encoding)
7.17.1. Problem7.17.2. Solution7.17.3. Discussion7.17.4. See Also
8. Authentication and Key Exchange
8.1. Choosing an Authentication Method
8.1.1. Problem8.1.2. Solution8.1.3. Discussion8.1.3.1. Traditional UNIX crypt( )8.1.3.2. MD5 Modular Crypt Format (a.k.a. md5crypt or MD5-MCF)8.1.3.3. PBKDF28.1.3.4. S/KEY and OPIE8.1.3.5. CRAM8.1.3.6. Digest-Auth (RFC 2617)8.1.3.7. SRP8.1.3.8. Basic public key exchange8.1.3.9. SAX8.1.3.10. PAX8.1.3.11. Kerberos8.1.3.12. Windows NT LAN Manager (NTLM)8.1.3.13. SSL certificate-based checking8.1.4. See Also
8.2. Getting User and Group Information on Unix
8.2.1. Problem8.2.2. Solution8.2.3. Discussion
8.3. Getting User and Group Information on Windows
8.3.1. Problem8.3.2. Solution8.3.3. Discussion
8.4. Restricting Access Based on Hostname or IP Address
8.4.1. Problem8.4.2. Solution8.4.3. Discussion
8.5. Generating Random Passwords and Passphrases
8.5.1. Problem8.5.2. Solution8.5.3. Discussion8.5.4. See Also
8.6. Testing the Strength of Passwords
8.6.1. Problem8.6.2. Solution8.6.3. Discussion8.6.4. See Also
8.7. Prompting for a Password
8.7.1. Problem8.7.2. Solution8.7.3. Discussion8.7.3.1. Prompting for a password on Unix using getpass( ) or readpassphrase( )8.7.3.2. Prompting for a password on Unix without getpass( ) or readpassphrase( )8.7.3.3. Prompting for a password on Windows
8.8. Throttling Failed Authentication Attempts
8.8.1. Problem8.8.2. Solution8.8.3. Discussion
8.9. Performing Password-Based Authentication with crypt( )
8.9.1. Problem8.9.2. Solution8.9.3. Discussion8.9.4. See Also
8.10. Performing Password-Based Authentication with MD5-MCF
8.10.1. Problem8.10.2. Solution8.10.3. Discussion8.10.4. See Also
8.11. Performing Password-Based Authentication with PBKDF2
8.11.1. Problem8.11.2. Solution8.11.3. Discussion8.11.4. See Also
8.12. Authenticating with PAM
8.12.1. Problem8.12.2. Solution8.12.3. Discussion8.12.4. See Also
8.13. Authenticating with Kerberos
8.13.1. Problem8.13.2. Solution8.13.3. Discussion8.13.4. See Also
8.14. Authenticating with HTTP Cookies
8.14.1. Problem8.14.2. Solution8.14.3. Discussion8.14.4. See Also
8.15. Performing Password-Based Authentication and Key Exchange
8.15.1. Problem8.15.2. Solution8.15.3. Discussion8.15.3.1. The server8.15.3.2. The client8.15.4. See Also
8.16. Performing Authenticated Key Exchange Using RSA
8.16.1. Problem8.16.2. Solution8.16.3. Discussion8.16.4. See Also
8.17. Using Basic Diffie-Hellman Key Agreement
8.17.1. Problem8.17.2. Solution8.17.3. Discussion8.17.4. See Also
8.18. Using Diffie-Hellman and DSA Together
8.18.1. Problem8.18.2. Solution8.18.3. Discussion8.18.4. See Also
8.19. Minimizing the Window of Vulnerability When Authenticating Without a PKI
8.19.1. Problem8.19.2. Solution8.19.3. Discussion8.19.4. See Also
8.20. Providing Forward Secrecy in a Symmetric System
8.20.1. Problem8.20.2. Solution8.20.3. Discussion8.20.4. See Also
8.21. Ensuring Forward Secrecy in a Public Key System
8.21.1. Problem8.21.2. Solution8.21.3. Discussion8.21.4. See Also
8.22. Confirming Requests via Email
8.22.1. Problem8.22.2. Solution8.22.3. Discussion8.22.4. See Also
9. Networking
9.1. Creating an SSL Client
9.1.1. Problem9.1.2. Solution9.1.3. Discussion9.1.4. See Also
9.2. Creating an SSL Server
9.2.1. Problem9.2.2. Solution9.2.3. Discussion9.2.4. See Also
9.3. Using Session Caching to Make SSL Servers More Efficient
9.3.1. Problem9.3.2. Solution9.3.3. Discussion9.3.4. See Also
9.4. Securing Web Communication on Windows Using the WinInet API
9.4.1. Problem9.4.2. Solution9.4.3. Discussion9.4.4. See Also
9.5. Enabling SSL without Modifying Source Code
9.5.1. Problem9.5.2. Solution9.5.3. Discussion9.5.4. See Also
9.6. Using Kerberos Encryption
9.6.1. Problem9.6.2. Solution9.6.3. Discussion9.6.4. See Also
9.7. Performing Interprocess Communication Using Sockets
9.7.1. Problem9.7.2. Solution9.7.3. Discussion9.7.4. See Also
9.8. Performing Authentication with Unix Domain Sockets
9.8.1. Problem9.8.2. Solution9.8.3. Discussion
9.9. Performing Session ID Management
9.9.1. Problem9.9.2. Solution9.9.3. Discussion9.9.4. See Also
9.10. Securing Database Connections
9.10.1. Problem9.10.2. Solution9.10.3. Discussion9.10.3.1. MySQL9.10.3.2. PostgreSQL9.10.4. See Also
9.11. Using a Virtual Private Network to Secure Network Connections
9.11.1. Problem9.11.2. Solution9.11.3. Discussion
9.12. Building an Authenticated Secure Channel Without SSL
9.12.1. Problem9.12.2. Solution9.12.3. Discussion9.12.4. See Also
10. Public Key Infrastructure
10.1. Understanding Public Key Infrastructure (PKI)
10.1.1. Problem10.1.2. Solution10.1.3. Discussion10.1.3.1. Certificates10.1.3.2. Certification authorities10.1.3.3. Certificate revocation10.1.3.4. Online Certificate Status Protocol10.1.3.5. Certificate hierarchies10.1.3.6. X.509 certificates10.1.4. See Also
10.2. Obtaining a Certificate
10.2.1. Problem10.2.2. Solution10.2.3. Discussion10.2.3.1. Personal certificates10.2.3.2. Code-signing certificates10.2.3.3. Web site certificates10.2.4. See Also
10.3. Using Root Certificates
10.3.1. Problem10.3.2. Solution10.3.3. Discussion10.3.4. See Also
10.4. Understanding X.509 Certificate Verification Methodology
10.4.1. Problem10.4.2. Solution10.4.3. Discussion10.4.4. See Also
10.5. Performing X.509 Certificate Verification with OpenSSL
10.5.1. Problem10.5.2. Solution10.5.3. Discussion10.5.4. See Also
10.6. Performing X.509 Certificate Verification with CryptoAPI
10.6.1. Problem10.6.2. Solution10.6.3. Discussion10.6.3.1. CryptoAPI certificate stores10.6.4. See Also
10.7. Verifying an SSL Peer’s Certificate
10.7.1. Problem10.7.2. Solution10.7.3. Discussion10.7.4. See Also
10.8. Adding Hostname Checking to Certificate Verification
10.8.1. Problem10.8.2. Solution10.8.3. Discussion10.8.4. See Also
10.9. Using a Whitelist to Verify Certificates
10.9.1. Problem10.9.2. Solution10.9.3. Discussion
10.10. Obtaining Certificate Revocation Lists with OpenSSL
10.10.1. Problem10.10.2. Solution10.10.3. Discussion10.10.4. See Also
10.11. Obtaining CRLs with CryptoAPI
10.11.1. Problem10.11.2. Solution10.11.3. Discussion10.11.4. See Also
10.12. Checking Revocation Status via OCSP with OpenSSL
10.12.1. Problem10.12.2. Solution10.12.3. Discussion10.12.4. See Also
11. Random Numbers
11.1. Determining What Kind of Random Numbers to Use
11.1.1. Problem11.1.2. Solution11.1.3. Discussion11.1.4. See Also
11.2. Using a Generic API for Randomness and Entropy
11.2.1. Problem11.2.2. Solution11.2.3. Discussion11.2.4. See Also
11.3. Using the Standard Unix Randomness Infrastructure
11.3.1. Problem11.3.2. Solution11.3.3. Discussion11.3.4. See Also
11.4. Using the Standard Windows Randomness Infrastructure
11.4.1. Problem11.4.2. Solution11.4.3. Discussion11.4.4. See Also
11.5. Using an Application-Level Generator
11.5.1. Problem11.5.2. Solution11.5.3. Discussion11.5.3.1. Using generators based on block ciphers11.5.3.2. Using a stream cipher as a generator11.5.3.3. Using a generator based on a cryptographic hash function11.5.4. See Also
11.6. Reseeding a Pseudo-Random Number Generator
11.6.1. Problem11.6.2. Solution11.6.3. Discussion11.6.4. See Also
11.7. Using an Entropy Gathering Daemon-Compatible Solution
11.7.1. Problem11.7.2. Solution11.7.3. Discussion11.7.4. See Also
11.8. Getting Entropy or Pseudo-Randomness Using EGADS
11.8.1. Problem11.8.2. Solution11.8.3. Discussion11.8.4. See Also
11.9. Using the OpenSSL Random Number API
11.9.1. Problem11.9.2. Solution11.9.3. Discussion11.9.4. See Also
11.10. Getting Random Integers
11.10.1. Problem11.10.2. Solution11.10.3. Discussion11.10.4. See Also
11.11. Getting a Random Integer in a Range
11.11.1. Problem11.11.2. Solution11.11.3. Discussion11.11.4. See Also
11.12. Getting a Random Floating-Point Value with Uniform Distribution
11.12.1. Problem11.12.2. Solution11.12.3. Discussion
11.13. Getting Floating-Point Values with Nonuniform Distributions
11.13.1. Problem11.13.2. Solution11.13.3. Discussion11.13.4. See Also
11.14. Getting a Random Printable ASCII String
11.14.1. Problem11.14.2. Solution11.14.3. Discussion
11.15. Shuffling Fairly
11.15.1. Problem11.15.2. Solution11.15.3. Discussion11.15.4. See Also
11.16. Compressing Data with Entropy into a Fixed-Size Seed
11.16.1. Problem11.16.2. Solution11.16.3. Discussion11.16.4. See Also
11.17. Getting Entropy at Startup
11.17.1. Problem11.17.2. Solution11.17.3. Discussion11.17.4. See Also
11.18. Statistically Testing Random Numbers
11.18.1. Problem11.18.2. Solution11.18.3. Discussion11.18.3.1. FIPS 140-1 power-up and on-demand tests11.18.3.2. The FIPS continuous output test11.18.4. See Also
11.19. Performing Entropy Estimation and Management
11.19.1. Problem11.19.2. Solution11.19.3. Discussion11.19.3.1. Entropy in timestamps11.19.3.2. Entropy in a key press11.19.3.3. Entropy in mouse movements11.19.3.4. Entropy in disk access11.19.3.5. Entropy in data from the network11.19.3.6. Entropy in the sound device11.19.3.7. Entropy from thread timing and other system state11.19.4. See Also
11.20. Gathering Entropy from the Keyboard
11.20.1. Problem11.20.2. Solution11.20.3. Discussion11.20.3.1. Collecting entropy from the keyboard on Unix11.20.3.2. Collecting entropy from the keyboard on Windows11.20.4. See Also
11.21. Gathering Entropy from Mouse Events on Windows
11.21.1. Problem11.21.2. Solution11.21.3. Discussion11.21.4. See Also
11.22. Gathering Entropy from Thread Timings
11.22.1. Problem11.22.2. Solution11.22.3. See Also
11.23. Gathering Entropy from System State
11.23.1. Problem11.23.2. Solution11.23.3. Discussion11.23.4. See Also
12. Anti-Tampering
12.1. Understanding the Problem of Software Protection
12.1.1. Problem12.1.2. Solution12.1.3. Discussion12.1.3.1. The threat of protection crackers12.1.3.2. The goal of software protection12.1.3.3. The cost of software protection12.1.3.4. Anti-tampering techniques12.1.4. See Also
12.2. Detecting Modification
12.2.1. Problem12.2.2. Solution12.2.3. Discussion12.2.4. See Also
12.3. Obfuscating Code
12.3.1. Problem12.3.2. Solution12.3.3. Discussion12.3.4. See Also
12.4. Performing Bit and Byte Obfuscation
12.4.1. Problem12.4.2. Solution12.4.3. Discussion12.4.4. See Also
12.5. Performing Constant Transforms on Variables
12.5.1. Problem12.5.2. Solution12.5.3. Discussion
12.6. Merging Scalar Variables
12.6.1. Problem12.6.2. Solution12.6.3. Discussion
12.7. Splitting Variables
12.7.1. Problem12.7.2. Solution12.7.3. Discussion
12.8. Disguising Boolean Values
12.8.1. Problem12.8.2. Solution12.8.3. Discussion12.8.4. See Also
12.9. Using Function Pointers
12.9.1. Problem12.9.2. Solution12.9.3. Discussion
12.10. Restructuring Arrays
12.10.1. Problem12.10.2. Solution12.10.3. Discussion
12.11. Hiding Strings
12.11.1. Problem12.11.2. Solution12.11.3. Discussion
12.12. Detecting Debuggers
12.12.1. Problem12.12.2. Solution12.12.3. Discussion12.12.4. See Also
12.13. Detecting Unix Debuggers
12.13.1. Problem12.13.2. Solution12.13.3. Discussion12.13.4. See Also
12.14. Detecting Windows Debuggers
12.14.1. Problem12.14.2. Solution12.14.3. Discussion12.14.4. See Also
12.15. Detecting SoftICE
12.15.1. Problem12.15.2. Solution12.15.3. Discussion12.15.4. See Also
12.16. Countering Disassembly
12.16.1. Problem12.16.2. Solution12.16.3. Discussion
12.17. Using Self-Modifying Code
12.17.1. Problem12.17.2. Solution12.17.3. Discussion12.17.4. See Also
13. Other Topics
13.1. Performing Error Handling
13.1.1. Problem13.1.2. Solution13.1.3. Discussion13.1.4. See Also
13.2. Erasing Data from Memory Securely
13.2.1. Problem13.2.2. Solution13.2.3. Discussion
13.3. Preventing Memory from Being Paged to Disk
13.3.1. Problem13.3.2. Solution13.3.3. Discussion
13.4. Using Variable Arguments Properly
13.4.1. Problem13.4.2. Solution13.4.3. Discussion13.4.4. See Also
13.5. Performing Proper Signal Handling
13.5.1. Problem13.5.2. Solution13.5.3. Discussion13.5.4. See Also
13.6. Protecting against Shatter Attacks on Windows
13.6.1. Problem13.6.2. Solution13.6.3. Discussion13.6.4. See Also
13.7. Guarding Against Spawning Too Many Threads
13.7.1. Problem13.7.2. Solution13.7.3. Discussion
13.8. Guarding Against Creating Too Many Network Sockets
13.8.1. Problem13.8.2. Solution13.8.3. Discussion
13.9. Guarding Against Resource Starvation Attacks on Unix
13.9.1. Problem13.9.2. Solution13.9.3. Discussion13.9.4. See Also
13.10. Guarding Against Resource Starvation Attacks on Windows
13.10.1. Problem13.10.2. Solution13.10.3. Discussion
13.11. Following Best Practices for Audit Logging
13.11.1. Problem13.11.2. Solution13.11.3. Discussion13.11.3.1. Network logging13.11.3.2. Logging to CD-R13.11.3.3. Signing and encrypting log entries13.11.4. See Also
Index
About the Authors
Colophon
Copyright

Content preview from Secure Programming Cookbook for C and C++

6.11. Using OMAC (a Simple Block Cipher-Based MAC)

Problem

You want to use a simple MAC based on a block cipher, such as AES.

Solution

Use the OMAC implementation provided in Section 6.11.3.

Discussion

Tip

Be sure to look at our generic recommendations for using a MAC (see Recipe 6.9).

OMAC is a straightforward message authentication algorithm based on the CBC-encryption mode. It fixes some security problems with the naïve implementation of a MAC from CBC mode (CBC-MAC). In particular, that MAC is susceptible to length-extension attacks, similar to the ones we consider for cryptographic hash functions in Recipe 6.7.

OMAC has been explicitly specified for AES, and it is easy to adapt to any 128-bit block cipher. It is possible, but a bit more work, to get it working with ciphers with 64-bit blocks. In this section, we only cover using OMAC with AES.

The basic idea behind using CBC mode as a MAC is to encrypt a message in CBC mode and throw away everything except the very last block of output. That’s not generally secure, though. It only works when all messages you might possibly process are a particular size.

Besides OMAC, there are several MACs that try to fix the CBC-MAC problem, including XCBC-MAC, TMAC, and RMAC:

RMAC: RMAC (the R stands for randomized) has security issues in the general case, and is not favored by the cryptographic community.^[6]
XCBC-MAC: XCBC-MAC (eXtended CBC-MAC) is the foundation for TMAC and OMAC, but it uses three different keys.
TMAC: TMAC uses two keys (thus ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596003943Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Secure Programming Cookbook for C and C++

by John Viega, Matt Messier

6.11. Using OMAC (a Simple Block Cipher-Based MAC)

Problem

Solution

Discussion

Tip

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Secure Programming with C++

C++ System Programming Cookbook

C++ Cookbook

Modern C++ Programming Cookbook - Second Edition

Publisher Resources