ucommon
ucommon/secure.h
Go to the documentation of this file.
00001 // Copyright (C) 2010 David Sugar, Tycho Softworks.
00002 //
00003 // This file is part of GNU uCommon C++.
00004 //
00005 // GNU uCommon C++ is free software: you can redistribute it and/or modify
00006 // it under the terms of the GNU Lesser General Public License as published
00007 // by the Free Software Foundation, either version 3 of the License, or
00008 // (at your option) any later version.
00009 //
00010 // GNU uCommon C++ is distributed in the hope that it will be useful,
00011 // but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 // GNU Lesser General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU Lesser General Public License
00016 // along with GNU uCommon C++.  If not, see <http://www.gnu.org/licenses/>.
00017 
00041 #ifndef _UCOMMON_SECURE_H_
00042 #define _UCOMMON_SECURE_H_
00043 
00044 #ifndef _UCOMMON_CONFIG_H_
00045 #include <ucommon/platform.h>
00046 #endif
00047 
00048 #ifndef _UCOMMON_UCOMMON_H_
00049 #include <ucommon/ucommon.h>
00050 #endif
00051 
00052 #define MAX_CIPHER_KEYSIZE  512
00053 #define MAX_DIGEST_HASHSIZE 512
00054 
00055 NAMESPACE_UCOMMON
00056 
00062 class __SHARED secure
00063 {
00064 public:
00068     typedef enum {OK=0, INVALID, MISSING_CERTIFICATE, MISSING_PRIVATEKEY, INVALID_CERTIFICATE, INVALID_AUTHORITY, INVALID_PEERNAME, INVALID_CIPHER} error_t;
00069 
00073     typedef enum {
00074         SYSTEM_CERTIFICATES, SYSTEM_KEYS} path_t;
00075 
00076 protected:
00080     error_t error;
00081 
00082     inline secure() {error = OK;};
00083 
00084 public:
00089     virtual ~secure();
00090 
00094     typedef secure *client_t;
00095 
00096     typedef secure *server_t;
00097 
00101     typedef void *session_t;
00102 
00106     typedef void *bufio_t;
00107 
00115     static bool init(const char *program = NULL);
00116 
00124     static bool fips(const char *program = NULL);
00125 
00132     static String path(path_t id);
00133 
00139     static int oscerts(const char *path);
00140 
00150     static error_t verify(session_t session, const char *peername = NULL);
00151 
00161     static server_t server(const char *authority = NULL);
00162 
00169     static client_t client(const char *authority = NULL);
00170 
00177     static client_t user(const char *authority);
00178 
00184     static void cipher(secure *context, const char *ciphers);
00185 
00190     inline bool is(void)
00191         {return error == OK;};
00192 
00197     inline error_t err(void)
00198         {return error;};
00199 
00204     static void uuid(char *string);
00205 
00206     static String uuid(void);
00207 
00208     template <typename T>
00209     inline static void erase(T *object)
00210         {memset(object, 0, sizeof(object)); delete object;}
00211 };
00212 
00220 class __SHARED SSLBuffer : public TCPBuffer
00221 {
00222 protected:
00223     secure::session_t ssl;
00224     secure::bufio_t bio;
00225     bool server;
00226     bool verify;
00227 
00228 public:
00229     SSLBuffer(secure::client_t context);
00230     SSLBuffer(const TCPServer *server, secure::server_t context, size_t size = 536);
00231     ~SSLBuffer();
00232 
00240     void open(const char *host, const char *service, size_t size = 536);
00241 
00242     void close(void);
00243 
00244     void release(void);
00245 
00246     size_t _push(const char *address, size_t size);
00247 
00248     size_t _pull(char *address, size_t size);
00249 
00250     bool _flush(void);
00251 
00252     bool _pending(void);
00253 
00254     inline bool is_secure(void)
00255         {return bio != NULL;};
00256 };
00257 
00267 class __SHARED Cipher
00268 {
00269 public:
00270     typedef enum {ENCRYPT = 1, DECRYPT = 0} mode_t;
00271 
00279     class __SHARED Key
00280     {
00281     protected:
00282         friend class Cipher;
00283 
00284         union {
00285             const void *algotype;
00286             int algoid;
00287         };
00288 
00289         union {
00290             const void *hashtype;
00291             int hashid;
00292         };
00293 
00294         int modeid;
00295 
00296         // assume 512 bit cipher keys possible...
00297         unsigned char keybuf[MAX_CIPHER_KEYSIZE / 8], ivbuf[MAX_CIPHER_KEYSIZE / 8];
00298 
00299         // generated keysize
00300         size_t keysize, blksize;
00301 
00302         Key(const char *cipher);
00303         Key();
00304 
00305         void set(const char *cipher);
00306 
00307         void set(const char *cipher, const char *digest);
00308 
00309         void assign(const char *key, size_t size, const unsigned char *salt, unsigned rounds);
00310 
00311     public:
00312         Key(const char *cipher, const char *digest, const char *text, size_t size = 0, const unsigned char *salt = NULL, unsigned rounds = 1);
00313 
00314         Key(const char *cipher, const char *digest);
00315 
00316         ~Key();
00317 
00318         void assign(const char *key, size_t size = 0);
00319 
00320         void clear(void);
00321 
00322         inline size_t size(void)
00323             {return keysize;};
00324 
00325         inline size_t iosize(void)
00326             {return blksize;};
00327 
00328         inline operator bool()
00329             {return keysize > 0;};
00330 
00331         inline bool operator!()
00332             {return keysize == 0;};
00333 
00334         inline Key& operator=(const char *pass)
00335             {assign(pass); return *this;};
00336 
00337         static void options(const unsigned char *salt = NULL, unsigned rounds = 1);
00338     };
00339 
00340     typedef Key *key_t;
00341 
00342 private:
00343     Key keys;
00344     size_t bufsize, bufpos;
00345     mode_t bufmode;
00346     unsigned char *bufaddr;
00347     void *context;
00348 
00349 protected:
00350     virtual void push(unsigned char *address, size_t size);
00351 
00352     void release(void);
00353 
00354 public:
00355     Cipher();
00356 
00357     Cipher(key_t key, mode_t mode, unsigned char *address = NULL, size_t size = 0);
00358 
00359     virtual ~Cipher();
00360 
00361     void set(unsigned char *address, size_t size = 0);
00362 
00363     void set(key_t key, mode_t mode, unsigned char *address, size_t size = 0);
00364 
00369     size_t flush(void);
00370 
00379     size_t put(const unsigned char *data, size_t size);
00380 
00387     size_t puts(const char *string);
00388 
00400     size_t pad(const unsigned char *address, size_t size);
00401 
00410     size_t process(unsigned char *address, size_t size, bool flag = false);
00411 
00412     inline size_t size(void)
00413         {return bufsize;};
00414 
00415     inline size_t pos(void)
00416         {return bufpos;};
00417 
00418     inline size_t align(void)
00419         {return keys.iosize();};
00420 
00426     static bool is(const char *name);
00427 };
00428 
00435 class __SHARED Digest
00436 {
00437 private:
00438     void *context;
00439 
00440     union {
00441         const void *hashtype;
00442         int hashid;
00443     };
00444 
00445     unsigned bufsize;
00446     unsigned char buffer[MAX_DIGEST_HASHSIZE / 8];
00447     char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
00448 
00449 protected:
00450     void release(void);
00451 
00452 public:
00453     Digest(const char *type);
00454 
00455     Digest();
00456 
00457     ~Digest();
00458 
00459     inline bool puts(const char *str)
00460         {return put(str, strlen(str));};
00461 
00462     bool put(const void *memory, size_t size);
00463 
00464     inline unsigned size() const
00465         {return bufsize;};
00466 
00467     const unsigned char *get(void);
00468 
00469     const char *c_str(void);
00470 
00471     inline String str(void)
00472         {return String(c_str());};
00473 
00474     inline operator String()
00475         {return String(c_str());};
00476 
00477     void set(const char *id);
00478 
00479     inline void operator=(const char *id)
00480         {set(id);};
00481 
00482     inline bool operator *=(const char *text)
00483         {return puts(text);};
00484 
00485     inline bool operator +=(const char *text)
00486         {return puts(text);};
00487 
00488     inline const char *operator*()
00489         {return c_str();};
00490 
00491     inline bool operator!() const
00492         {return !bufsize && context == NULL;};
00493 
00494     inline operator bool() const
00495         {return bufsize > 0 || context != NULL;};
00496 
00502     void recycle(bool binary = false);
00503 
00507     void reset(void);
00508 
00514     static bool is(const char *name);
00515 
00516     static void uuid(char *string, const char *name, const unsigned char *ns = NULL);
00517 
00518     static String uuid(const char *name, const unsigned char *ns = NULL);
00519 };
00520 
00526 class __SHARED Random
00527 {
00528 public:
00535     static bool seed(const unsigned char *buffer, size_t size);
00536 
00540     static void seed(void);
00541 
00550     static size_t key(unsigned char *memory, size_t size);
00551 
00560     static size_t fill(unsigned char *memory, size_t size);
00561 
00566     static int get(void);
00567 
00574     static int get(int min, int max);
00575 
00580     static double real(void);
00581 
00588     static double real(double min, double max);
00589 
00595     static bool status(void);
00596 
00601     static void uuid(char *string);
00602 
00603     static String uuid(void);
00604 };
00605 
00609 typedef SSLBuffer ssl_t;
00610 
00614 typedef Digest digest_t;
00615 
00619 typedef Cipher cipher_t;
00620 
00624 typedef Cipher::Key skey_t;
00625 
00626 inline void zerofill(void *addr, size_t size)
00627 {
00628     ::memset(addr, 0, size);
00629 }
00630 
00631 #if defined(OLD_STDCPP) || defined(NEW_STDCPP)
00632 
00641 class __SHARED sstream : public tcpstream
00642 {
00643 protected:
00644     secure::session_t ssl;
00645     secure::bufio_t bio;
00646     bool server;
00647     bool verify;
00648 
00649 private:
00650     // kill copy constructor
00651     sstream(const sstream&);
00652 
00653 public:
00654     sstream(secure::client_t context);
00655     sstream(const TCPServer *server, secure::server_t context, size_t size = 536);
00656     ~sstream();
00657 
00658     void open(const char *host, const char *service, size_t size = 536);
00659 
00660     void close(void);
00661 
00662     int sync();
00663 
00664     void release(void);
00665 
00666     ssize_t _write(const char *address, size_t size);
00667 
00668     ssize_t _read(char *address, size_t size);
00669 
00670     bool _wait(void);
00671 
00672     inline void flush(void)
00673         {sync();}
00674 
00675     inline bool is_secure(void)
00676         {return bio != NULL;}
00677 };
00678 
00679 #endif
00680 
00681 END_NAMESPACE
00682 
00683 #endif