42#ifndef _UCOMMON_SECURE_H_
43#define _UCOMMON_SECURE_H_
45#ifndef _UCOMMON_CONFIG_H_
49#ifndef _UCOMMON_UCOMMON_H_
53#define MAX_CIPHER_KEYSIZE 512
54#define MAX_DIGEST_HASHSIZE 512
58class __SHARED AutoClear
61 __DELETE_DEFAULTS(AutoClear);
67 AutoClear(
size_t alloc);
74class autoclear :
public AutoClear
77 __DELETE_COPY(autoclear);
80 autoclear() : AutoClear(sizeof(T)) {};
83 return *(
static_cast<T*
>(pointer));
86 inline T& operator*() {
87 return *(
static_cast<T*
>(pointer));
90 inline T* operator->() {
91 return static_cast<T*
>(pointer);
96class autoclear<char *> :
public AutoClear
99 __DELETE_COPY(autoclear);
102 autoclear(
size_t len) : AutoClear(len) {};
104 inline char *operator*() {
105 return (
char *)pointer;
110class autoclear<uint8_t *> :
public AutoClear
113 __DELETE_COPY(autoclear);
116 autoclear(
size_t len) : AutoClear(len) {};
118 inline char *operator*() {
119 return (
char *)pointer;
134 typedef enum {OK=0, INVALID, MISSING_CERTIFICATE, MISSING_PRIVATEKEY, INVALID_CERTIFICATE, INVALID_AUTHORITY, INVALID_PEERNAME, INVALID_CIPHER} error_t;
136 typedef enum {NONE, SIGNED, VERIFIED} verify_t;
138 typedef stringref<secure_release> string;
140 typedef byteref<secure_release> keybytes;
143 __DELETE_COPY(secure);
151 inline secure() {error = OK;}
265 static void uuid(
char *
string);
267 static secure::string pass(
const char *prompt,
size_t size);
269 static secure::string uuid(
void);
271 inline operator bool()
const {
275 inline bool operator!()
const {
292 typedef enum {ENCRYPT = 1, DECRYPT = 0} mode_t;
307 const void *algotype;
312 const void *hashtype;
319 uint8_t keybuf[MAX_CIPHER_KEYSIZE / 8], ivbuf[MAX_CIPHER_KEYSIZE / 8];
322 size_t keysize, blksize;
324 Key(
const char *ciper);
326 void set(
const char *cipher);
331 Key(
const char *cipher,
const char *digest,
const char *text,
size_t size = 0,
const uint8_t *salt = NULL,
unsigned rounds = 1);
333 Key(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
335 Key(
const char *cipher, secure::keybytes& iv);
337 Key(
const char *cipher,
const char *digest);
341 void set(
const uint8_t *key,
size_t size);
343 inline secure::keybytes key() {
344 return secure::keybytes(keybuf, keysize);
347 inline secure::keybytes iv() {
348 return secure::keybytes(ivbuf, blksize);
351 bool set(
const secure::keybytes& key);
353 void set(
const char *cipher,
const char *digest);
355 void set(
const char *cipher,
const uint8_t *iv,
size_t ivsize);
357 void assign(
const char *key,
size_t size,
const uint8_t *salt,
unsigned rounds);
359 bool set(
const char *cipher,
const secure::keybytes& iv);
361 void assign(
const char *key,
size_t size = 0);
365 secure::string b64(
void);
367 void b64(
const char *
string);
369 size_t get(uint8_t *key, uint8_t *ivout = NULL);
371 inline size_t size(
void)
const {
375 inline size_t iosize(
void)
const {
379 inline operator bool()
const {
383 inline bool operator!()
const {
387 inline Key& operator=(
const char *pass) {
392 bool operator==(
const Key& other)
const;
394 inline bool operator!=(
const Key& other)
const {
395 return !operator==(other);
398 static void options(
const uint8_t *salt = NULL,
unsigned rounds = 1);
405 size_t bufsize, bufpos;
413 virtual void push(uint8_t *address,
size_t size);
420 Cipher(
const key_t key, mode_t mode, uint8_t *address = NULL,
size_t size = 0);
424 void set(uint8_t *address,
size_t size = 0);
426 void set(
const key_t key, mode_t mode, uint8_t *address,
size_t size = 0);
428 inline secure::keybytes iv() {
432 inline secure::keybytes key() {
450 size_t put(
const uint8_t *data,
size_t size);
458 size_t puts(
const char *
string);
471 size_t pad(
const uint8_t *address,
size_t size);
481 size_t process(uint8_t *address,
size_t size,
bool flag =
false);
483 inline size_t size(
void)
const {
487 inline size_t pos(
void)
const {
491 inline size_t align(
void)
const {
492 return keys.iosize();
500 static bool has(
const char *name);
515 const void *hashtype;
520 uint8_t buffer[MAX_DIGEST_HASHSIZE / 8];
521 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
528 const uint8_t *get(
void);
537 inline bool puts(
const char *str) {
538 return put(str, strlen(str));
541 inline Digest &operator<<(
const char *str) {
546 inline Digest &operator<<(int16_t value) {
547 int16_t v = htons(value);
552 inline Digest &operator<<(int32_t value) {
553 int32_t v = htonl(value);
559 const char *cp = p.
_print();
565 bool put(
const void *memory,
size_t size);
567 inline unsigned size()
const {
571 secure::keybytes key(
void);
573 secure::string str(
void);
575 inline operator secure::string() {
579 void set(
const char *
id);
581 inline Digest& operator=(
const char *
id) {
586 inline bool operator *=(
const char *text) {
590 inline bool operator +=(
const char *text) {
594 inline secure::string operator*() {
598 inline bool operator!()
const {
599 return !bufsize && context == NULL;
602 inline operator bool()
const {
603 return bufsize > 0 || context != NULL;
623 static bool has(
const char *name);
625 static secure::string uuid(
const char *name,
const uint8_t *ns = NULL);
632 static secure::string
md5(
const char *text);
634 static secure::string sha1(
const char *text);
636 static secure::string sha256(
const char *text);
638 static secure::string sha384(
const char *text);
640 static secure::keybytes md5(
const uint8_t *mem,
size_t size);
642 static secure::keybytes sha1(
const uint8_t *mem,
size_t size);
644 static secure::keybytes sha256(
const uint8_t *mem,
size_t size);
646 static secure::keybytes sha384(
const uint8_t *mem,
size_t size);
662 const void *hmactype;
667 uint8_t buffer[MAX_DIGEST_HASHSIZE / 8];
668 char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
675 const uint8_t *get(
void);
678 HMAC(
const char *digest,
const secure::keybytes& key);
684 inline bool puts(
const char *str) {
685 return put(str, strlen(str));
688 inline HMAC &operator<<(
const char *str) {
693 inline HMAC &operator<<(int16_t value) {
694 int16_t v = htons(value);
699 inline HMAC &operator<<(int32_t value) {
700 int32_t v = htonl(value);
706 const char *cp = p.
_print();
712 bool put(
const void *memory,
size_t size);
714 inline unsigned size()
const {
718 secure::string str(
void);
720 secure::keybytes key(
void);
722 inline operator secure::string() {
726 inline bool operator *=(
const char *text) {
730 void set(
const char *digest,
const secure::keybytes& key);
732 inline bool operator +=(
const char *text) {
736 inline secure::string operator*() {
740 inline bool operator!()
const {
741 return !bufsize && context == NULL;
744 inline operator bool()
const {
745 return bufsize > 0 || context != NULL;
753 static bool has(
const char *name);
755 static secure::keybytes sha256(secure::keybytes key,
const uint8_t *mem,
size_t size);
757 static secure::keybytes sha384(secure::keybytes key,
const uint8_t *mem,
size_t soze);
768 __DELETE_DEFAULTS(
Random);
777 static bool seed(
const uint8_t *buffer,
size_t size);
792 static size_t key(uint8_t *memory,
size_t size);
802 static size_t fill(uint8_t *memory,
size_t size);
816 static int get(
int min,
int max);
830 static double real(
double min,
double max);
843 static void uuid(
char *
string);
845 static secure::string uuid(
void);
848 inline static T value(
void) {
850 Random::key(
reinterpret_cast<uint8_t *
>(&tmp),
sizeof(tmp));
855 inline static T value(T max) {
860 slice = 0xffffffff /
max;
861 while(value >= max) {
862 value = Random::value<T>() / slice;
868 inline static T value(T min, T max)
870 return min + Random::value<T>(max - min);
895inline void zerofill(
void *
addr,
size_t size)
897 ::memset(
addr, 0, size);
900#ifndef UCOMMON_SYSRUNTIME
917 secure::verify_t verified;
920 ssize_t _write(
const char *address,
size_t size) __OVERRIDE;
922 ssize_t _read(
char *address,
size_t size) __OVERRIDE;
924 bool _wait(
void) __OVERRIDE;
954 void open(
const char *host,
const char *service,
size_t size = 536);
966 int sync() __OVERRIDE;
968 inline
void flush(
void) {
1001 return verified == secure::VERIFIED;
1009 return verified != secure::NONE;
1017void clearmem(T &var)
1019 memset(&var, 0,
sizeof(var));
1022typedef secure::string keystring_t;
Top level include file for the GNU uCommon C++ core library.
Various miscellaneous platform specific headers and defines.
Common namespace for all ucommon objects.
T & max(T &o1, T &o2)
Convenience function to return max of two objects.
Cipher cipher_t
Convenience type for generic ciphers.
Digest digest_t
Convenience type for generic digests.
HMAC hmac_t
Convenience type for generic digests.
Cipher::Key skey_t
Convenience type for generic cipher key.
const struct sockaddr * addr(Socket::address &address)
A convenience function to convert a socket address list into a socket address.
T & min(T &o1, T &o2)
Convenience function to return min of two objects.
Traditional keypair config file parsing class.
Used for forming stream output.
virtual const char * _print(void) const =0
Extract formatted string for object.
Common secure socket support.
error_t error
Last error flagged for this context.
void * session_t
Convenience type to represent a secure socket session.
static const char * oscerts(void)
Get path to system certificates.
bool is_valid(void) const
Determine if the current security context is valid.
static server_t server(const char *keyfile=NULL, const char *authority=NULL)
Create a sever context.
static int oscerts(const char *path)
Copy system certificates to a local path.
static client_t client(const char *authority=NULL, const char *paths=NULL)
Create an anonymous client context with an optional authority to validate.
static client_t user(const char *authority)
Create a peer user client context.
static bool init(void)
Initialize secure stack for first use, and report if SSL support is compiled in.
static bool fips(void)
Initialize secure stack with fips support.
static void uuid(char *string)
Create 36 character traditional version 1 uuid.
static void cipher(secure *context, const char *ciphers)
Assign a non-default cipher to the context.
error_t
Different error states of the security context.
void * bufio_t
Convenience type to represent a secure socket buf i/o stream.
void * cert_t
Convenience type to represent a ssl certificate object.
secure * client_t
Convenience type to represent a security context.
virtual ~secure()
This is derived in different back-end libraries, and will be used to clear certificate credentials.
error_t err(void) const
Get last error code associated with the security context.
A generic data ciphering class.
size_t process(uint8_t *address, size_t size, bool flag=false)
Process encrypted data in-place.
static bool has(const char *name)
Check if a specific cipher is supported.
size_t puts(const char *string)
This essentially encrypts a single string and pads with NULL bytes as needed.
size_t flush(void)
Push a final cipher block.
size_t pad(const uint8_t *address, size_t size)
This is used to process any data unaligned to the blocksize at the end of a cipher session.
size_t put(const uint8_t *data, size_t size)
Process cipher data.
Cipher key formed by hash algorithm.
A cryptographic digest class.
static secure::string md5(const char *text)
Shortcut for short md5 digests if supported...
void reset(void)
Reset and restart digest object.
void recycle(bool binary=false)
Finalize and recycle current digest to start a new digest.
static bool has(const char *name)
Test to see if a specific digest type is supported.
A cryptographic message authentication code class.
static bool has(const char *name)
Test to see if a specific digest type is supported.
Cryptographically relevant random numbers.
static void seed(void)
Re-seed pseudo-random generation and entropy pools.
static double real(void)
Get a pseudo-random floating point value.
static double real(double min, double max)
Get a pseudo-random floating point value in a preset range.
static size_t key(uint8_t *memory, size_t size)
Get high-entropy random data.
static int get(int min, int max)
Get a pseudo-random integer in a preset range.
static bool seed(const uint8_t *buffer, size_t size)
Push entropic seed.
static void uuid(char *string)
Create 36 character random uuid string.
static int get(void)
Get a pseudo-random integer, range 0 - 32767.
static bool status(void)
Determine if we have sufficient entropy to return random values.
static size_t fill(uint8_t *memory, size_t size)
Fill memory with pseudo-random values.
Secure socket using std::iostream.
bool is_certificate(void) const
Check if a peer certificate is present.
void release(void)
Release all ssl resources.
void open(const char *host, const char *service, size_t size=536)
Open a connection to a ssl server.
sstream(const TCPServer *server, secure::server_t context, size_t size=536)
Construct a ssl server stream.
void close(void)
Close a connection with a ssl server.
secure::cert_t certificate(void) const
Get peer (x509) certificate for current stream if present.
bool is_secure(void) const
Check if ssl session active, otherwise pure tcp.
bool is_signed(void) const
Check if peer certificate is present and at least self-signed.
~sstream()
Destroy ssl stream.
sstream(secure::client_t context)
Construct a ssl client stream.
bool is_verified(void) const
Check if peer certificate is verified through an authority.
A generic tcp server class.
Streamable tcp connection between client and server.