XRootD
XrdCryptosslCipher.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLCIPHER_H__
2 #define __CRYPTO_SSLCIPHER_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o S s l C i p h e r . h h */
6 /* */
7 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* Produced by Gerri Ganis for CERN */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* OpenSSL implementation of XrdCryptoCipher */
34 /* */
35 /* ************************************************************************** */
36 
38 
39 #include <openssl/evp.h>
40 #include <openssl/dh.h>
41 
42 // This is not used as we no longer dynamically generate the DH parameters;
43 // see the comments in XrdCryptosslCipher.cc for more context.
44 // Purposely keeping it around to help make the issue visible to future readers
45 // of the code.
46 //
47 // #define kDHMINBITS 512
48 
49 // ---------------------------------------------------------------------------//
50 //
51 // OpenSSL Cipher Implementation
52 //
53 // ---------------------------------------------------------------------------//
55 {
56 private:
57  char *fIV;
58  int lIV;
59  const EVP_CIPHER *cipher;
60  EVP_CIPHER_CTX *ctx;
61  EVP_PKEY *fDH;
62  bool deflength;
63  bool valid;
64 
65  void GenerateIV();
66  int EncDec(int encdec, const char *bin, int lin, char *out);
67  void PrintPublic(BIGNUM *pub);
68  int Publen();
69 
70 public:
71  XrdCryptosslCipher(const char *t, int l = 0);
72  XrdCryptosslCipher(const char *t, int l, const char *k,
73  int liv, const char *iv);
75  XrdCryptosslCipher(bool padded, int len, char *pub, int lpub, const char *t);
77  virtual ~XrdCryptosslCipher();
78 
79  // Finalize key computation (key agreement)
80  bool Finalize(bool padded, char *pub, int lpub, const char *t);
81  void Cleanup();
82 
83  // Validity
84  bool IsValid() { return valid; }
85 
86  // Support
87  static bool IsSupported(const char *cip);
88 
89  // Required buffer size for encrypt / decrypt operations on l bytes
90  int EncOutLength(int l);
91  int DecOutLength(int l);
92  char *Public(int &lpub);
93 
94  // Additional getter
96  char *IV(int &l) const { l = lIV; return fIV; }
97  bool IsDefaultLength() const { return deflength; }
98  int MaxIVLength() const;
99 
100  // Additional setter
101  void SetIV(int l, const char *iv);
102 
103  // Additional methods
104  int Encrypt(const char *bin, int lin, char *out);
105  int Decrypt(const char *bin, int lin, char *out);
106  char *RefreshIV(int &l);
107 };
108 #endif
void SetIV(int l, const char *iv)
char * IV(int &l) const
XrdSutBucket * AsBucket()
int Encrypt(const char *bin, int lin, char *out)
XrdCryptosslCipher(const char *t, int l=0)
bool IsDefaultLength() const
static bool IsSupported(const char *cip)
int Decrypt(const char *bin, int lin, char *out)
char * Public(int &lpub)
bool Finalize(bool padded, char *pub, int lpub, const char *t)