42 #ifndef _UCOMMON_SECURE_H_
43 #define _UCOMMON_SECURE_H_
45 #ifndef _UCOMMON_CONFIG_H_
49 #ifndef _UCOMMON_UCOMMON_H_
53 #define MAX_CIPHER_KEYSIZE 512
54 #define MAX_DIGEST_HASHSIZE 512
63 typedef enum {GENERIC_STRING, B64_STRING, HEX_STRING, MD5_DIGEST, SHA_DIGEST, PEM_PUBLIC, PEM_PRIVATE} strtype_t;
69 typedef enum {UNDEFINED_KEYTYPE, IV_BUFFER, UNPAIRED_KEYTYPE, RSA_KEYTYPE, KEY_DIGEST} keytype_t;
75 class __SHARED typeref<Type::SecChars> :
protected TypeRef,
public Type::SecChars
78 class storage :
public Counted
86 __DELETE_COPY(storage);
88 storage(caddr_t
addr,
size_t size,
const char *str, strtype_t strtype = GENERIC_STRING);
90 virtual void dealloc() __FINAL;
92 inline const
char *get() {
100 inline size_t max() {
107 typeref(
const typeref&
copy);
109 typeref(
const char *str, strtype_t strtype = GENERIC_STRING);
111 const char *operator*()
const;
113 inline operator const char *()
const {
117 bool operator==(
const typeref& ptr)
const;
119 bool operator==(
const char *obj)
const;
121 inline bool operator!=(
const typeref& ptr)
const {
122 return !(*
this == ptr);
125 inline bool operator!=(
const char *obj)
const {
126 return !(*
this == obj);
129 typeref& operator=(
const typeref& objref);
131 typeref& operator=(
const char *str);
133 void set(
const char *str, strtype_t strtype = GENERIC_STRING);
135 void b64(
const uint8_t *bytes,
size_t bsize);
137 void hex(
const uint8_t *bytes,
size_t bsize);
139 strtype_t type(
void)
const;
141 size_t size(
void)
const;
143 size_t len(
void)
const;
147 class __SHARED typeref<Type::KeyBytes> :
protected TypeRef,
public Type::KeyBytes
150 class storage :
public Counted
153 friend class typeref;
155 __DELETE_COPY(storage);
160 storage(caddr_t
addr,
size_t size,
const uint8_t *key = NULL, keytype_t keytype = UNPAIRED_KEYTYPE);
162 virtual void dealloc() __FINAL;
164 inline const uint8_t *get() {
171 typeref(
const typeref&
copy);
173 typeref(
size_t keysize, keytype_t keytype = UNPAIRED_KEYTYPE);
175 typeref(
const uint8_t *key,
size_t keysize, keytype_t keytype = UNPAIRED_KEYTYPE);
177 const uint8_t *operator*()
const;
179 inline operator const uint8_t *()
const {
183 bool operator==(
const typeref& ptr)
const;
185 inline bool operator!=(
const typeref& ptr)
const {
186 return !(*
this == ptr);
189 typeref& operator=(
const typeref& objref);
191 void set(
const uint8_t *str,
size_t keysize, keytype_t keytype = UNPAIRED_KEYTYPE);
193 void generate(
size_t keysize, keytype_t keytype = UNPAIRED_KEYTYPE);
195 keytype_t type(
void)
const;
197 size_t size(
void)
const;
199 size_t bytes(
void)
const;
203 inline size_t mapkeypath<Type::SecChars>(typeref<Type::SecChars>& object)
206 return MapRef::index(path, (
const uint8_t *)(*
object),
object.len());
210 inline size_t mapkeypath<Type::KeyBytes>(typeref<Type::KeyBytes>& object)
212 size_t path =
object.size();
213 return MapRef::index(path, *
object,
object.size() / 8);
221 class __SHARED
secure :
public Type::SecChars,
public Type::KeyBytes
227 typedef enum {OK=0, INVALID, MISSING_CERTIFICATE, MISSING_PRIVATEKEY, INVALID_CERTIFICATE, INVALID_AUTHORITY, INVALID_PEERNAME, INVALID_CIPHER} error_t;
229 typedef typeref<Type::SecChars> string;
231 typedef arrayref<Type::SecChars> strarray;
233 typedef queueref<Type::SecChars> strqueue;
235 typedef typeref<Type::KeyBytes> keybytes;
237 typedef typeref<Type::KeyBytes> keyarray;
239 typedef typeref<Type::KeyBytes> keyqueue;
247 inline secure() {error = OK;}
278 static bool init(
void);
286 static bool fips(
void);
293 static int oscerts(
const char *path);
299 static const char *oscerts(
void);
310 static error_t verify(session_t session,
const char *peername = NULL);
321 static server_t server(
const char *
keyfile = NULL,
const char *authority = NULL);
329 static client_t client(
const char *authority = NULL);
337 static client_t user(
const char *authority);
344 static void cipher(
secure *context,
const char *ciphers);
351 {
return error == OK;};
364 static void uuid(
char *
string);
366 static secure::string uuid(
void);
368 template <
typename T>
369 inline static void erase(T *
object)
370 {memset(
object, 0,
sizeof(T));
delete object;}
372 inline operator bool()
const
375 inline bool operator!()
const
376 {
return !is_valid();}
410 void open(
const char *host,
const char *service,
size_t size = 536);
416 size_t _push(
const char *
address,
size_t size);
418 size_t _pull(
char *address,
size_t size);
424 inline bool is_secure(
void)
const
425 {
return bio != NULL;}
440 typedef enum {ENCRYPT = 1, DECRYPT = 0} mode_t;
455 const void *algotype;
460 const void *hashtype;
467 unsigned char keybuf[MAX_CIPHER_KEYSIZE / 8], ivbuf[MAX_CIPHER_KEYSIZE / 8];
470 size_t keysize, blksize;
472 Key(
const char *ciper);
474 void set(
const char *cipher);
479 Key(
const char *cipher,
const char *digest,
const char *text,
size_t size = 0,
const unsigned char *salt = NULL,
unsigned rounds = 1);
481 Key(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
483 Key(
const char *cipher, secure::keybytes& iv);
485 Key(
const char *cipher,
const char *digest);
489 inline secure::keybytes key() {
490 return secure::keybytes(keybuf, keysize);
493 inline secure::keybytes iv() {
494 return secure::keybytes(ivbuf, blksize, secure::IV_BUFFER);
497 void set(
const unsigned char *key,
size_t size);
499 bool set(
const secure::keybytes& key);
501 void set(
const char *cipher,
const char *digest);
503 void set(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
505 bool set(
const char *cipher,
const secure::keybytes& iv);
507 void assign(
const char *key,
size_t size,
const unsigned char *salt,
unsigned rounds);
509 void assign(
const char *key,
size_t size = 0);
513 secure::string b64(
void);
515 void b64(
const char *
string);
517 size_t get(uint8_t *key, uint8_t *ivout = NULL);
519 inline size_t size(
void)
const
522 inline size_t iosize(
void)
const
525 inline operator bool()
const
526 {
return keysize > 0;}
528 inline bool operator!()
const
529 {
return keysize == 0;}
531 inline Key& operator=(
const char *pass)
532 {assign(pass);
return *
this;}
534 static void options(
const unsigned char *salt = NULL,
unsigned rounds = 1);
541 size_t bufsize, bufpos;
543 unsigned char *bufaddr;
547 virtual void push(
unsigned char *address,
size_t size);
554 Cipher(key_t key, mode_t mode,
unsigned char *address = NULL,
size_t size = 0);
558 void set(
unsigned char *address,
size_t size = 0);
560 void set(key_t key, mode_t mode,
unsigned char *address,
size_t size = 0);
562 inline secure::keybytes iv() {
566 inline secure::keybytes key() {
584 size_t put(
const unsigned char *data,
size_t size);
592 size_t puts(
const char *
string);
605 size_t pad(
const unsigned char *address,
size_t size);
615 size_t process(
unsigned char *address,
size_t size,
bool flag =
false);
617 inline size_t size(
void)
const
620 inline size_t pos(
void)
const
623 inline size_t align(
void)
const
624 {
return keys.iosize();}
631 static bool has(
const char *name);
646 const void *hashtype;
651 unsigned char buffer[MAX_DIGEST_HASHSIZE / 8];
652 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
664 inline bool puts(
const char *str)
665 {
return put(str, strlen(str));}
667 inline Digest &operator<<(
const char *str)
668 {puts(str);
return *
this;}
670 inline Digest &operator<<(int16_t value)
671 {int16_t v = htons(value); put(&v, 2);
return *
this;}
673 inline Digest &operator<<(int32_t value)
674 {int32_t v = htonl(value); put(&v, 4);
return *
this;}
677 {
const char *cp = p.
_print();
if(cp) puts(cp);
return *
this;}
679 bool put(
const void *memory,
size_t size);
681 inline unsigned size()
const
684 const unsigned char *
get(void);
686 const char *c_str(
void);
688 inline secure::string str(
void)
689 {
return secure::string(c_str());}
691 inline operator secure::string()
692 {
return secure::string(c_str());}
694 void set(
const char *
id);
696 inline void operator=(
const char *
id)
699 inline bool operator *=(
const char *text)
702 inline bool operator +=(
const char *text)
705 inline const char *operator*()
708 inline bool operator!()
const
709 {
return !bufsize && context == NULL;}
711 inline operator bool()
const
712 {
return bufsize > 0 || context != NULL;}
719 void recycle(
bool binary =
false);
731 static bool has(
const char *name);
733 static void uuid(
char *
string,
const char *name,
const unsigned char *ns = NULL);
735 static secure::string uuid(
const char *name,
const unsigned char *ns = NULL);
742 static secure::string md5(
const char *text);
744 static secure::string sha1(
const char *text);
746 static secure::string sha256(
const char *text);
748 static secure::string sha384(
const char *text);
750 static secure::keybytes md5(
const uint8_t *mem,
size_t size);
752 static secure::keybytes sha1(
const uint8_t *mem,
size_t size);
754 static secure::keybytes sha256(
const uint8_t *mem,
size_t size);
756 static secure::keybytes sha384(
const uint8_t *mem,
size_t size);
772 const void *hmactype;
777 unsigned char buffer[MAX_DIGEST_HASHSIZE / 8];
778 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
784 HMAC(
const char *digest,
const char *key,
size_t keylen = 0);
786 HMAC(
const char *digest,
const secure::keybytes& key);
792 inline bool puts(
const char *str)
793 {
return put(str, strlen(str));}
795 inline HMAC &operator<<(
const char *str)
796 {puts(str);
return *
this;}
798 inline HMAC &operator<<(int16_t value)
799 {int16_t v = htons(value); put(&v, 2);
return *
this;}
801 inline HMAC &operator<<(int32_t value)
802 {int32_t v = htonl(value); put(&v, 4);
return *
this;}
805 {
const char *cp = p.
_print();
if(cp) puts(cp);
return *
this;}
807 bool put(
const void *memory,
size_t size);
809 inline unsigned size()
const
812 const unsigned char *
get(void);
814 const char *c_str(
void);
816 inline secure::string str(
void)
817 {
return secure::string(c_str());}
819 inline operator secure::string()
820 {
return secure::string(c_str());}
822 void set(
const char *digest,
const char *key,
size_t len);
824 void set(
const char *digest,
const secure::keybytes& key);
826 inline bool operator *=(
const char *text)
829 inline bool operator +=(
const char *text)
832 inline const char *operator*()
835 inline bool operator!()
const
836 {
return !bufsize && context == NULL;}
838 inline operator bool()
const
839 {
return bufsize > 0 || context != NULL;}
846 static bool has(
const char *name);
848 static secure::keybytes sha256(secure::keybytes key,
const uint8_t *mem,
size_t size);
850 static secure::keybytes sha384(secure::keybytes key,
const uint8_t *mem,
size_t soze);
861 RSA(secure::string privkey, secure::string pubkey);
865 secure::string pem(secure::strtype_t type);
876 __DELETE_DEFAULTS(
Random);
885 static bool seed(
const unsigned char *buffer,
size_t size);
890 static void seed(
void);
900 static size_t key(
unsigned char *memory,
size_t size);
910 static size_t fill(
unsigned char *memory,
size_t size);
916 static int get(void);
924 static int get(
int min,
int max);
930 static double real(
void);
938 static double real(
double min,
double max);
945 static bool status(
void);
951 static void uuid(
char *
string);
953 static secure::string uuid(
void);
956 inline static T value(
void) {
958 Random::key(reinterpret_cast<unsigned char *>(&tmp),
sizeof(tmp));
963 inline static T value(T max) {
968 slice = 0xffffffff /
max;
969 while(value >= max) {
970 value = Random::value<T>() / slice;
976 inline static T value(T min, T max)
978 return min + Random::value<T>(max -
min);
1007 inline void zerofill(
void *
addr,
size_t size)
1009 ::memset(addr, 0, size);
1012 #ifndef UCOMMON_SYSRUNTIME
1038 void open(
const char *host,
const char *service,
size_t size = 536);
1046 ssize_t _write(
const char *address,
size_t size);
1048 ssize_t _read(
char *address,
size_t size);
1052 inline void flush(
void)
1055 inline bool is_secure(
void)
const
1056 {
return bio != NULL;}
1059 typedef secure::string keystring_t;
1070 unsigned char buffer[S];
1085 {memset(buffer, 0, S);}
1097 {memset(buffer, 0, S);}
1103 inline operator unsigned char *()
SSLBuffer ssl_t
Convenience type for secure socket.
A generic data ciphering class.
void release(SharedAccess &object)
Convenience function to unlock shared object through it's protocol.
Secure socket using std::iostream.
Cipher::Key skey_t
Convenience type for generic cipher key.
A cryptographic message authentication code class.
Various miscellaneous platform specific headers and defines.
Common secure socket support.
bool is_valid(void) const
Determine if the current security context is valid.
error_t error
Last error flagged for this context.
A generic tcp socket class that offers i/o buffering.
Digest digest_t
Convenience type for generic digests.
Cipher key formed by hash algorithm.
Traditional keypair config file parsing class.
error_t err(void) const
Get last error code associated with the security context.
A template to create a random generated key of specified size.
ObjectProtocol * copy(ObjectProtocol *object)
Convenience function to access object copy.
secure * client_t
Convenience type to represent a security context.
Used for forming stream output.
void update(void)
Update with new random key.
T * init(T *memory)
Template function to initialize memory by invoking default constructor.
Cryptographically relevant random numbers.
static size_t key(unsigned char *memory, size_t size)
Get high-entropy random data.
void * bufio_t
Convenience type to represent a secure socket buf i/o stream.
struct sockaddr * addr(Socket::address &address)
A convenience function to convert a socket address list into a socket address.
keyrandom()
Create a new character buffer with an empty string.
A cryptographic digest class.
error_t
Different error states of the security context.
Streamable tcp connection between client and server.
Common namespace for all ucommon objects.
void * session_t
Convenience type to represent a secure socket session.
void clear(void)
Clear current key memory.
virtual const char * _print(void) const =0
Extract formatted string for object.
Cipher cipher_t
Convenience type for generic ciphers.
unsigned char * operator*()
Get text by object pointer reference.
T &() min(T &o1, T &o2)
Convenience function to return min of two objects.
Top level include file for the GNU uCommon C++ core library.
HMAC hmac_t
Convenience type for generic digests.
T &() max(T &o1, T &o2)
Convenience function to return max of two objects.
A generic tcp server class.
~keyrandom()
Clear memory when destroyed.
A generic socket address class.
size_t size(void) const
Get allocated size of the object.