42 #ifndef _UCOMMON_SECURE_H_ 43 #define _UCOMMON_SECURE_H_ 45 #ifndef _UCOMMON_CONFIG_H_ 49 #ifndef _UCOMMON_UCOMMON_H_ 53 #define MAX_CIPHER_KEYSIZE 512 54 #define MAX_DIGEST_HASHSIZE 512 58 class __SHARED AutoClear
61 __DELETE_DEFAULTS(AutoClear);
67 AutoClear(
size_t alloc);
74 class autoclear :
public AutoClear
77 __DELETE_COPY(autoclear);
80 autoclear() : AutoClear(sizeof(T)) {};
83 return *(static_cast<T*>(pointer));
86 inline T& operator*() {
87 return *(static_cast<T*>(pointer));
90 inline T* operator->() {
91 return static_cast<T*>(pointer);
96 class autoclear<char *> :
public AutoClear
99 __DELETE_COPY(autoclear);
102 autoclear(
size_t len) : AutoClear(len) {};
104 inline char *operator*() {
105 return (
char *)pointer;
110 class autoclear<uint8_t *> :
public AutoClear
113 __DELETE_COPY(autoclear);
116 autoclear(
size_t len) : AutoClear(len) {};
118 inline char *operator*() {
119 return (
char *)pointer;
134 typedef enum {OK=0, INVALID, MISSING_CERTIFICATE, MISSING_PRIVATEKEY, INVALID_CERTIFICATE, INVALID_AUTHORITY, INVALID_PEERNAME, INVALID_CIPHER} error_t;
136 typedef enum {NONE, SIGNED, VERIFIED} verify_t;
138 typedef stringref<secure_release> string;
140 typedef byteref<secure_release> keybytes;
143 __DELETE_COPY(secure);
151 inline secure() {error = OK;}
187 static bool init(
void);
195 static bool fips(
void);
202 static int oscerts(
const char *path);
208 static const char *oscerts(
void);
219 static server_t server(
const char *
keyfile = NULL,
const char *authority = NULL);
228 static client_t client(
const char *authority = NULL,
const char *paths = NULL);
236 static client_t user(
const char *authority);
243 static void cipher(
secure *context,
const char *ciphers);
265 static void uuid(
char *
string);
267 static secure::string pass(
const char *prompt,
size_t size);
269 static secure::string uuid(
void);
271 inline operator bool()
const {
275 inline bool operator!()
const {
292 typedef enum {ENCRYPT = 1, DECRYPT = 0} mode_t;
307 const void *algotype;
312 const void *hashtype;
319 uint8_t keybuf[MAX_CIPHER_KEYSIZE / 8], ivbuf[MAX_CIPHER_KEYSIZE / 8];
322 size_t keysize, blksize;
324 Key(
const char *ciper);
326 void set(
const char *cipher);
331 Key(
const char *cipher,
const char *digest,
const char *text,
size_t size = 0,
const uint8_t *salt = NULL,
unsigned rounds = 1);
333 Key(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
335 Key(
const char *cipher, secure::keybytes& iv);
337 Key(
const char *cipher,
const char *digest);
341 void set(
const uint8_t *key,
size_t size);
343 inline secure::keybytes key() {
344 return secure::keybytes(keybuf, keysize);
347 inline secure::keybytes iv() {
348 return secure::keybytes(ivbuf, blksize);
351 bool set(
const secure::keybytes& key);
353 void set(
const char *cipher,
const char *digest);
355 void set(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
357 void assign(
const char *key,
size_t size,
const uint8_t *salt,
unsigned rounds);
359 bool set(
const char *cipher,
const secure::keybytes& iv);
361 void assign(
const char *key,
size_t size = 0);
365 secure::string b64(
void);
367 void b64(
const char *
string);
369 size_t get(uint8_t *key, uint8_t *ivout = NULL);
371 inline size_t size(
void)
const {
375 inline size_t iosize(
void)
const {
379 inline operator bool()
const {
383 inline bool operator!()
const {
387 inline Key& operator=(
const char *pass) {
392 bool operator==(
const Key& other)
const;
394 inline bool operator!=(
const Key& other)
const {
395 return !operator==(other);
398 static void options(
const uint8_t *salt = NULL,
unsigned rounds = 1);
405 size_t bufsize, bufpos;
413 virtual void push(uint8_t *address,
size_t size);
420 Cipher(
const key_t key, mode_t mode, uint8_t *address = NULL,
size_t size = 0);
424 void set(uint8_t *address,
size_t size = 0);
426 void set(
const key_t key, mode_t mode, uint8_t *address,
size_t size = 0);
428 inline secure::keybytes iv() {
432 inline secure::keybytes key() {
450 size_t put(
const uint8_t *data,
size_t size);
458 size_t puts(
const char *
string);
471 size_t pad(
const uint8_t *address,
size_t size);
481 size_t process(uint8_t *address,
size_t size,
bool flag =
false);
483 inline size_t size(
void)
const {
487 inline size_t pos(
void)
const {
491 inline size_t align(
void)
const {
492 return keys.iosize();
500 static bool has(
const char *name);
515 const void *hashtype;
520 uint8_t buffer[MAX_DIGEST_HASHSIZE / 8];
521 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
528 const uint8_t *get(
void);
537 inline bool puts(
const char *str) {
538 return put(str, strlen(str));
541 inline Digest &operator<<(
const char *str) {
546 inline Digest &operator<<(int16_t value) {
547 int16_t v = htons(value);
552 inline Digest &operator<<(int32_t value) {
553 int32_t v = htonl(value);
559 const char *cp = p.
_print();
565 bool put(
const void *memory,
size_t size);
567 inline unsigned size()
const {
571 secure::keybytes key(
void);
573 secure::string str(
void);
575 inline operator secure::string() {
579 void set(
const char *
id);
581 inline Digest& operator=(
const char *
id) {
586 inline bool operator *=(
const char *text) {
590 inline bool operator +=(
const char *text) {
594 inline secure::string operator*() {
598 inline bool operator!()
const {
599 return !bufsize && context == NULL;
602 inline operator bool()
const {
603 return bufsize > 0 || context != NULL;
611 void recycle(
bool binary =
false);
623 static bool has(
const char *name);
625 static secure::string uuid(
const char *name,
const uint8_t *ns = NULL);
632 static secure::string md5(
const char *text);
634 static secure::string sha1(
const char *text);
636 static secure::string sha256(
const char *text);
638 static secure::string sha384(
const char *text);
640 static secure::keybytes md5(
const uint8_t *mem,
size_t size);
642 static secure::keybytes sha1(
const uint8_t *mem,
size_t size);
644 static secure::keybytes sha256(
const uint8_t *mem,
size_t size);
646 static secure::keybytes sha384(
const uint8_t *mem,
size_t size);
662 const void *hmactype;
667 uint8_t buffer[MAX_DIGEST_HASHSIZE / 8];
668 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
675 const uint8_t *get(
void);
678 HMAC(
const char *digest,
const secure::keybytes& key);
684 inline bool puts(
const char *str) {
685 return put(str, strlen(str));
688 inline HMAC &operator<<(
const char *str) {
693 inline HMAC &operator<<(int16_t value) {
694 int16_t v = htons(value);
699 inline HMAC &operator<<(int32_t value) {
700 int32_t v = htonl(value);
706 const char *cp = p.
_print();
712 bool put(
const void *memory,
size_t size);
714 inline unsigned size()
const {
718 secure::string str(
void);
720 secure::keybytes key(
void);
722 inline operator secure::string() {
726 inline bool operator *=(
const char *text) {
730 void set(
const char *digest,
const secure::keybytes& key);
732 inline bool operator +=(
const char *text) {
736 inline secure::string operator*() {
740 inline bool operator!()
const {
741 return !bufsize && context == NULL;
744 inline operator bool()
const {
745 return bufsize > 0 || context != NULL;
753 static bool has(
const char *name);
755 static secure::keybytes sha256(secure::keybytes key,
const uint8_t *mem,
size_t size);
757 static secure::keybytes sha384(secure::keybytes key,
const uint8_t *mem,
size_t soze);
768 __DELETE_DEFAULTS(
Random);
777 static bool seed(
const uint8_t *buffer,
size_t size);
782 static void seed(
void);
792 static size_t key(uint8_t *memory,
size_t size);
802 static size_t fill(uint8_t *memory,
size_t size);
808 static int get(
void);
816 static int get(
int min,
int max);
822 static double real(
void);
830 static double real(
double min,
double max);
837 static bool status(
void);
843 static void uuid(
char *
string);
845 static secure::string uuid(
void);
848 inline static T value(
void) {
850 Random::key(reinterpret_cast<uint8_t *>(&tmp),
sizeof(tmp));
855 inline static T value(T
max) {
860 slice = 0xffffffff /
max;
861 while(value >=
max) {
862 value = Random::value<T>() / slice;
868 inline static T value(T
min, T
max)
870 return min + Random::value<T>(
max -
min);
895 inline void zerofill(
void *
addr,
size_t size)
897 ::memset(
addr, 0, size);
900 #ifndef UCOMMON_SYSRUNTIME 917 secure::verify_t verified;
920 ssize_t _write(
const char *address,
size_t size) __OVERRIDE;
922 ssize_t _read(
char *address,
size_t size) __OVERRIDE;
924 bool _wait(
void) __OVERRIDE;
954 void open(
const char *host,
const char *service,
size_t size = 536);
966 int sync() __OVERRIDE;
968 inline void flush(
void) {
1001 return verified == secure::VERIFIED;
1009 return verified != secure::NONE;
1016 template<
typename T>
1017 void clearmem(T &var)
1019 memset(&var, 0,
sizeof(var));
1022 typedef secure::string keystring_t;
Cipher cipher_t
Convenience type for generic ciphers.
Traditional keypair config file parsing class.
T &() max(T &o1, T &o2)
Convenience function to return max of two objects.
Secure socket using std::iostream.
A generic tcp server class.
Digest digest_t
Convenience type for generic digests.
A generic data ciphering class.
static size_t key(uint8_t *memory, size_t size)
Get high-entropy random data.
Top level include file for the GNU uCommon C++ core library.
T * init(T *memory)
Template function to initialize memory by invoking default constructor.
void * bufio_t
Convenience type to represent a secure socket buf i/o stream.
Common secure socket support.
secure::cert_t certificate(void) const
Get peer (x509) certificate for current stream if present.
virtual const char * _print(void) const =0
Extract formatted string for object.
bool is_verified(void) const
Check if peer certificate is verified through an authority.
Cipher::Key skey_t
Convenience type for generic cipher key.
bool is_secure(void) const
Check if ssl session active, otherwise pure tcp.
A cryptographic digest class.
bool is_valid(void) const
Determine if the current security context is valid.
bool is_certificate(void) const
Check if a peer certificate is present.
const struct sockaddr * addr(Socket::address &address)
A convenience function to convert a socket address list into a socket address.
T &() min(T &o1, T &o2)
Convenience function to return min of two objects.
error_t
Different error states of the security context.
error_t error
Last error flagged for this context.
Cryptographically relevant random numbers.
Various miscellaneous platform specific headers and defines.
Common namespace for all ucommon objects.
secure * client_t
Convenience type to represent a security context.
HMAC hmac_t
Convenience type for generic digests.
void * cert_t
Convenience type to represent a ssl certificate object.
bool is_signed(void) const
Check if peer certificate is present and at least self-signed.
Streamable tcp connection between client and server.
error_t err(void) const
Get last error code associated with the security context.
Cipher key formed by hash algorithm.
void * session_t
Convenience type to represent a secure socket session.
A cryptographic message authentication code class.
Used for forming stream output.