1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
/**
* Wrapper for OpenSSL cryptographic functions.
* @author SE/Linux Team <se-linux@inso.tuwien.ac.at>
*
* NOTE: you need to link with -lcrypto when using this class!
*/
#ifndef _SECURITY_H
#define _SECURITY_H
#include <string>
#include <vector>
#include <exception>
#include <Ice/Config.h> // For Ice::Byte
//! Exception thrown by security class
class SecurityException : public std::exception {
public:
//! Construtor.
//! @param what Error message.
SecurityException(const std::string& what);
//! Returns the error message
virtual const char *what() const throw() { return _what.c_str(); }
virtual ~SecurityException() throw() {}
private:
std::string _what;
};
//! Interface of the Security class.
//! Use the instance() member to get the singleton instance.
class Security {
public:
virtual ~Security()
{};
//! Definition of Byte, for compatibility with ICE.
typedef Ice::Byte Byte;
//! Vector (sequence) of Bytes.
typedef std::vector<Byte> ByteStream;
//! Returns the singleton Security instance.
static Security& instance();
//! Encrypts binary data using envelope encryption (RSA + aes_256_cbc).
//! See the man page for EVP_SealInit(3SSL) for an explenation of envelope
//! ecnryption.
//! @param certificateFile Path to certificate in PEM format used for
//! encryption.
//! @param data Data to encrypt.
//! @param iv Output parameter. Randoml initia vector for AES.
//! @param ek Output parameter. Ramdom AES key encrypted with RSA.
//! @param output Output paramenter. Encrypted data.
//! @throws SecurityException on error.
virtual void encryptPublic(
const std::string& certificateFile,
const ByteStream& data,
ByteStream& iv,
ByteStream& ek,
ByteStream& output
) = 0;
//! Decrypts binary data using envelope encryption (RSA + aes_256_cbc)
//! See the man page for EVP_SealInit(3SSL) for an expenation of envelope
//! ecnryption.
//! @param privateKeyFile Path to private key in PEM format used for
//! decryption.
//! @param data Data to decrypt.
//! @param iv Initial vector for AES.
//! @param ek Key for AES encrypted with RSA.
//! @param output. Output parameter. Decrypted data.
//! @throws SecurityException on error.
virtual void decryptPrivate(
const std::string& privateKeyFile,
const ByteStream& data,
const ByteStream& iv,
const ByteStream& ek,
ByteStream& output
) = 0;
//! Signs binary data using SHA1 + RSA.
//! @param privateKeyFile Path to private key in PEM format used for
//! encryption.
//! @param data Data to sign.
//! @param output Output parameter. The signature.
//! @throws SecurityException on error.
virtual void sign(
const std::string& privateKeyFile,
const ByteStream& data,
ByteStream& output
) = 0;
//! Verifies a signature using SHA1 + RSA.
//! @param certificateFile Path to certificate file in PEM format used for
//! decryption.
//! @param data Data to verify.
//! @param signature Signature to verify.
//! @throws SecurityException On error or if the signature could not be verified.
virtual void verifySignature(
const std::string& certificateFile,
const ByteStream& data,
const ByteStream& signature
) = 0;
//! Returns the common name (CN) field of a certificate.
//! @param certificateFile Path to certificate in PEM format.
//! @throws SecurityException on error.
virtual std::string getCommonName(
const std::string& certificateFile
) = 0;
private:
static Security *_instance;
};
#endif
|
