From 1d8445b8461f558987067d870f0f11cdc84b4f35 Mon Sep 17 00:00:00 2001 From: manuel Date: Sat, 31 Oct 2009 16:11:26 +0100 Subject: pushing task1 to repo --- task1/security.h | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 task1/security.h (limited to 'task1/security.h') diff --git a/task1/security.h b/task1/security.h new file mode 100644 index 0000000..b85266c --- /dev/null +++ b/task1/security.h @@ -0,0 +1,119 @@ +/** + * Wrapper for OpenSSL cryptographic functions. + * @author SE/Linux Team + * + * NOTE: you need to link with -lcrypto when using this class! + */ + +#ifndef _SECURITY_H +#define _SECURITY_H + +#include +#include +#include + +#include // For Ice::Byte + +//! Exception thrown by security class +class SecurityException : public std::exception { + public: + //! Construtor. + //! @param what Error message. + SecurityException(const std::string& what); + //! Returns the error message + virtual const char *what() const throw() { return _what.c_str(); } + virtual ~SecurityException() throw() {} + private: + std::string _what; +}; + +//! Interface of the Security class. +//! Use the instance() member to get the singleton instance. +class Security { + + public: + virtual ~Security() + {}; + + //! Definition of Byte, for compatibility with ICE. + typedef Ice::Byte Byte; + + //! Vector (sequence) of Bytes. + typedef std::vector ByteStream; + + //! Returns the singleton Security instance. + static Security& instance(); + + //! Encrypts binary data using envelope encryption (RSA + aes_256_cbc). + //! See the man page for EVP_SealInit(3SSL) for an explenation of envelope + //! ecnryption. + //! @param certificateFile Path to certificate in PEM format used for + //! encryption. + //! @param data Data to encrypt. + //! @param iv Output parameter. Randoml initia vector for AES. + //! @param ek Output parameter. Ramdom AES key encrypted with RSA. + //! @param output Output paramenter. Encrypted data. + //! @throws SecurityException on error. + virtual void encryptPublic( + const std::string& certificateFile, + const ByteStream& data, + ByteStream& iv, + ByteStream& ek, + ByteStream& output + ) = 0; + + //! Decrypts binary data using envelope encryption (RSA + aes_256_cbc) + //! See the man page for EVP_SealInit(3SSL) for an expenation of envelope + //! ecnryption. + //! @param privateKeyFile Path to private key in PEM format used for + //! decryption. + //! @param data Data to decrypt. + //! @param iv Initial vector for AES. + //! @param ek Key for AES encrypted with RSA. + //! @param output. Output parameter. Decrypted data. + //! @throws SecurityException on error. + virtual void decryptPrivate( + const std::string& privateKeyFile, + const ByteStream& data, + const ByteStream& iv, + const ByteStream& ek, + ByteStream& output + ) = 0; + + //! Signs binary data using SHA1 + RSA. + //! @param privateKeyFile Path to private key in PEM format used for + //! encryption. + //! @param data Data to sign. + //! @param output Output parameter. The signature. + //! @throws SecurityException on error. + virtual void sign( + const std::string& privateKeyFile, + const ByteStream& data, + ByteStream& output + ) = 0; + + //! Verifies a signature using SHA1 + RSA. + //! @param certificateFile Path to certificate file in PEM format used for + //! decryption. + //! @param data Data to verify. + //! @param signature Signature to verify. + //! @throws SecurityException On error or if the signature could not be verified. + virtual void verifySignature( + const std::string& certificateFile, + const ByteStream& data, + const ByteStream& signature + ) = 0; + + //! Returns the common name (CN) field of a certificate. + //! @param certificateFile Path to certificate in PEM format. + //! @throws SecurityException on error. + virtual std::string getCommonName( + const std::string& certificateFile + ) = 0; + + private: + + static Security *_instance; +}; + +#endif -- cgit v1.2.3