/* mecevp.h gSOAP interface for streaming message encryption and decryption gSOAP XML Web services tools Copyright (C) 2000-2015, Robert van Engelen, Genivia Inc., All Rights Reserved. This part of the software is released under one of the following licenses: GPL or the gSOAP public license. -------------------------------------------------------------------------------- gSOAP public license. The contents of this file are subject to the gSOAP Public License Version 1.3 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.cs.fsu.edu/~engelen/soaplicense.html Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Initial Developer of the Original Code is Robert A. van Engelen. Copyright (C) 2000-2015, Robert van Engelen, Genivia, Inc., All Rights Reserved. -------------------------------------------------------------------------------- GPL license. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Author contact information: engelen@genivia.com / engelen@acm.org This program is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed. -------------------------------------------------------------------------------- A commercial use license is available from Genivia, Inc., contact@genivia.com -------------------------------------------------------------------------------- */ #ifndef MECEVP_H #define MECEVP_H #include "stdsoap2.h" #include #include #include #ifdef __cplusplus extern "C" { #endif /** Expose EVP_PKEY in a portable representation */ #define SOAP_MEC_KEY_TYPE EVP_PKEY /******************************************************************************\ * * Supported algorithms * \******************************************************************************/ /** Engine off */ #define SOAP_MEC_NONE (0) /** Cipher type (triple 3DES EDE CBC) */ #define SOAP_MEC_DES_CBC (0x0010) /** Cipher type (AES128 CBC) */ #define SOAP_MEC_AES128_CBC (0x0020) /** Cipher type (AES192 CBC) */ #define SOAP_MEC_AES192_CBC (0x0040) /** Cipher type (AES256 CBC) */ #define SOAP_MEC_AES256_CBC (0x0080) /** Cipher type (AES512 CBC) */ #define SOAP_MEC_AES512_CBC (0x0100) /** Enable Galois Counter Mode (GCM) */ #define SOAP_MEC_GCM (0x1000) /** Algorithm */ #define SOAP_MEC_ALGO (0x1FFF) /** Cipher type (AES128 GCM) */ #define SOAP_MEC_AES128_GCM (SOAP_MEC_AES128_CBC | SOAP_MEC_GCM) /** Cipher type (AES192 GCM) */ #define SOAP_MEC_AES192_GCM (SOAP_MEC_AES192_CBC | SOAP_MEC_GCM) /** Cipher type (AES256 GCM) */ #define SOAP_MEC_AES256_GCM (SOAP_MEC_AES256_CBC | SOAP_MEC_GCM) /** Cipher type (AES512 GCM) */ #define SOAP_MEC_AES512_GCM (SOAP_MEC_AES512_CBC | SOAP_MEC_GCM) /** Encode mode */ #define SOAP_MEC_ENC (0x2000) /** Decode mode */ #define SOAP_MEC_DEC (0x0000) /** Envelope mode */ #define SOAP_MEC_ENV (0x4000) /** Envelope encryption mode */ #define SOAP_MEC_ENV_ENC (SOAP_MEC_ENV | SOAP_MEC_ENC) /** Envelope decryption mode */ #define SOAP_MEC_ENV_DEC (SOAP_MEC_ENV | SOAP_MEC_DEC) /** Mask */ #define SOAP_MEC_MASK (0xFFFF) /** Enable store (in buffer) instead of streaming mode */ #define SOAP_MEC_STORE (0x010000) /** RSA-OAEP padding */ #define SOAP_MEC_OAEP (0x020000) /* Encode and decode types */ /** Symmetric secret key encryption */ #define SOAP_MEC_ENC_DES_CBC (SOAP_MEC_DES_CBC | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES128_CBC (SOAP_MEC_AES128_CBC | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES192_CBC (SOAP_MEC_AES192_CBC | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES256_CBC (SOAP_MEC_AES256_CBC | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES512_CBC (SOAP_MEC_AES512_CBC | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES128_GCM (SOAP_MEC_AES128_GCM | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES192_GCM (SOAP_MEC_AES192_GCM | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES256_GCM (SOAP_MEC_AES256_GCM | SOAP_MEC_ENC) #define SOAP_MEC_ENC_AES512_GCM (SOAP_MEC_AES512_GCM | SOAP_MEC_ENC) /** Symmetric secret key decryption */ #define SOAP_MEC_DEC_DES_CBC (SOAP_MEC_DES_CBC | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES128_CBC (SOAP_MEC_AES128_CBC | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES192_CBC (SOAP_MEC_AES192_CBC | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES256_CBC (SOAP_MEC_AES256_CBC | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES512_CBC (SOAP_MEC_AES512_CBC | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES128_GCM (SOAP_MEC_AES128_GCM | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES192_GCM (SOAP_MEC_AES192_GCM | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES256_GCM (SOAP_MEC_AES256_GCM | SOAP_MEC_DEC) #define SOAP_MEC_DEC_AES512_GCM (SOAP_MEC_AES512_GCM | SOAP_MEC_DEC) /* Envelope types */ /** Envelope (using RSA public key) encryption */ #define SOAP_MEC_ENV_ENC_DES_CBC (SOAP_MEC_ENC_DES_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES128_CBC (SOAP_MEC_ENC_AES128_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES192_CBC (SOAP_MEC_ENC_AES192_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES256_CBC (SOAP_MEC_ENC_AES256_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES512_CBC (SOAP_MEC_ENC_AES512_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES128_GCM (SOAP_MEC_ENC_AES128_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES192_GCM (SOAP_MEC_ENC_AES192_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES256_GCM (SOAP_MEC_ENC_AES256_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_ENC_AES512_GCM (SOAP_MEC_ENC_AES512_GCM | SOAP_MEC_ENV) /** Envelope (using RSA private key) decryption */ #define SOAP_MEC_ENV_DEC_DES_CBC (SOAP_MEC_DEC_DES_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES128_CBC (SOAP_MEC_DEC_AES128_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES192_CBC (SOAP_MEC_DEC_AES192_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES256_CBC (SOAP_MEC_DEC_AES256_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES512_CBC (SOAP_MEC_DEC_AES512_CBC | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES128_GCM (SOAP_MEC_DEC_AES128_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES192_GCM (SOAP_MEC_DEC_AES192_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES256_GCM (SOAP_MEC_DEC_AES256_GCM | SOAP_MEC_ENV) #define SOAP_MEC_ENV_DEC_AES512_GCM (SOAP_MEC_DEC_AES512_GCM | SOAP_MEC_ENV) /** Decryption engine states */ enum SOAP_MEC_STATE { SOAP_MEC_STATE_NONE, SOAP_MEC_STATE_INIT, SOAP_MEC_STATE_IV, SOAP_MEC_STATE_DECRYPT, SOAP_MEC_STATE_FINAL, SOAP_MEC_STATE_FLUSH }; /** @struct soap_mec_data @brief The mecevp engine context data */ struct soap_mec_data { int alg; /**< The algorithm used */ enum SOAP_MEC_STATE state; /**< Decryption state */ EVP_CIPHER_CTX *ctx; /**< EVP_CIPHER_CTX context */ const EVP_CIPHER *type; /**< type for OpenInit/DecryptInit */ char tag[16]; /**< GCM authentication tag buffer */ char taglen; /**< GCM authentication tag buffer length */ const EVP_PKEY *pkey; /**< private key for OpenInit */ unsigned char ekey[EVP_MAX_KEY_LENGTH];/**< ephemeral key */ const unsigned char *key; /**< secret key */ int keylen; /**< secret key length */ char *buf; /**< iv and stream buffer */ size_t bufidx; /**< current buffer index */ size_t buflen; /**< buffer max length */ char *rest; /**< rest-append buffer */ size_t restidx; /**< rest-append buffer index */ size_t restlen; /**< rest-append buffer max length */ int i; /**< base64 conversion */ unsigned long m; /**< base64 conversion */ soap_mode mode; int (*ffiltersend)(struct soap*, const char**, size_t*); int (*ffilterrecv)(struct soap*, char*, size_t*, size_t); }; /******************************************************************************\ * * soap_mec API functions * \******************************************************************************/ SOAP_FMAC1 int SOAP_FMAC2 soap_mec_begin(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_start(struct soap *soap, const unsigned char *key); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_stop(struct soap *soap); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_end(struct soap *soap, struct soap_mec_data *data); SOAP_FMAC1 size_t SOAP_FMAC2 soap_mec_size(int alg, SOAP_MEC_KEY_TYPE *pkey); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_init(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_update(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n); SOAP_FMAC1 int SOAP_FMAC2 soap_mec_final(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n); SOAP_FMAC1 void SOAP_FMAC2 soap_mec_cleanup(struct soap *soap, struct soap_mec_data *data); #ifdef __cplusplus } #endif #endif