Navigation

← Previous Changeset
Next Changeset →

Changeset 4639

Timestamp:

02/16/07 17:15:20 (2 years ago)

Author:

morris

Message:

Refactor encryption interface, don't use envelope methods, do it ourselves instead

Fix reading of XML messages with no fields

Rename p7.encryption.cipher_key_iv to p7.encryption.cipher_iv

Various refactorings

Files:

libwired/trunk/libwired/p7/wi-p7-crypto.c (modified) (25 diffs)
libwired/trunk/libwired/p7/wi-p7-crypto.h (modified) (3 diffs)
libwired/trunk/libwired/p7/wi-p7-message.c (modified) (3 diffs)
libwired/trunk/libwired/p7/wi-p7-private.h (modified) (1 diff)
libwired/trunk/libwired/p7/wi-p7-socket.c (modified) (23 diffs)
libwired/trunk/libwired/p7/wi-p7-spec.c (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

libwired/trunk/libwired/p7/wi-p7-crypto.c

r4629	r4639
38	38
39	39	#include <openssl/pem.h>
	40	#include <openssl/rand.h>
40	41	#include <openssl/rsa.h>
41	42	#include <openssl/x509.h>
…	…
45	46
46	47	RSA *rsa;
47		wi_data_t *public_key~~_data~~;
	48	wi_data_t *public_key;
48	49	};
49	50
…	…
51	52	static wi_string_t * _wi_p7_rsa_description(wi_runtime_instance_t *);
52	53
53		static wi_data_t * _wi_p7_rsa_public_key~~_data~~(wi_p7_rsa_t *);
	54	static wi_data_t * _wi_p7_rsa_public_key(wi_p7_rsa_t *);
54	55
55	56	static wi_runtime_id_t _wi_p7_rsa_runtime_id = WI_RUNTIME_ID_NULL;
…	…
68	69	wi_runtime_base_t base;
69	70
70		~~EVP_PKEY *aes~~;
	71	wi_p7_cipher_type_t type;
71	72	const EVP_CIPHER *cipher;
72		EVP_CIPHER_CTX cipher_ctx;
73		wi_data_t *key_data;
74		wi_data_t *iv_data;
	73	EVP_CIPHER_CTX encrypt_ctx;
	74	EVP_CIPHER_CTX decrypt_ctx;
	75	wi_data_t *key;
	76	wi_data_t *iv;
75	77	};
76	78
…	…
78	80	static wi_string_t * _wi_p7_cipher_description(wi_runtime_instance_t *);
79	81
80		static const EVP_CIPHER * _wi_p7_cipher_cipher~~_for_type(wi_p7_cipher_t *, wi_p7_cipher_type_t~~);
81		static void _wi_p7_cipher_configure_cipher~~_for_type(wi_p7_cipher_t *, wi_p7_cipher_type_t~~);
	82	static const EVP_CIPHER * _wi_p7_cipher_cipher(wi_p7_cipher_t *);
	83	static void _wi_p7_cipher_configure_cipher(wi_p7_cipher_t *);
82	84
83	85	static wi_runtime_id_t _wi_p7_cipher_runtime_id = WI_RUNTIME_ID_NULL;
…	…
130	132	}
131	133
132		p7_rsa->public_key~~_data = wi_retain(_wi_p7_rsa_public_key_data~~(p7_rsa));
133
134		if(!p7_rsa->public_key~~_data~~) {
	134	p7_rsa->public_key = wi_retain(_wi_p7_rsa_public_key(p7_rsa));
	135
	136	if(!p7_rsa->public_key) {
135	137	wi_release(p7_rsa);
136	138
…	…
168	170	}
169	171
170		p7_rsa->public_key~~_data = wi_retain(_wi_p7_rsa_public_key_data~~(p7_rsa));
171
172		if(!p7_rsa->public_key~~_data~~) {
	172	p7_rsa->public_key = wi_retain(_wi_p7_rsa_public_key(p7_rsa));
	173
	174	if(!p7_rsa->public_key) {
173	175	wi_release(p7_rsa);
174	176
…	…
181	183
182	184
183		wi_p7_rsa_t * wi_p7_rsa_init_with_public_key~~_data~~(wi_p7_rsa_t p7_rsa, wi_data_t data) {
	185	wi_p7_rsa_t * wi_p7_rsa_init_with_public_key(wi_p7_rsa_t p7_rsa, wi_data_t data) {
184	186	unsigned char *buffer;
185	187	long length;
…	…
198	200	}
199	201
200		p7_rsa->public_key~~_data~~ = wi_retain(data);
	202	p7_rsa->public_key = wi_retain(data);
201	203
202	204	return p7_rsa;
…	…
209	211
210	212	RSA_free(p7_rsa->rsa);
211		wi_release(p7_rsa->public_key~~_data~~);
	213	wi_release(p7_rsa->public_key);
212	214	}
213	215
…	…
228	230	#pragma mark -
229	231
230		static wi_data_t * _wi_p7_rsa_public_key~~_data~~(wi_p7_rsa_t *p7_rsa) {
	232	static wi_data_t * _wi_p7_rsa_public_key(wi_p7_rsa_t *p7_rsa) {
231	233	wi_data_t *data;
232	234	unsigned char *buffer;
…	…
253	255	#pragma mark -
254	256
255		wi_data_t * wi_p7_rsa_public_key_data(wi_p7_rsa_t *p7_rsa) {
256		return p7_rsa->public_key_data;
257		}
258
259
260
261		#pragma mark -
262
263		wi_boolean_t wi_p7_rsa_public_encrypt_bytes(wi_p7_rsa_t p7_rsa, const void decrypted_buffer, wi_uinteger_t decrypted_length, void *out_buffer, wi_uinteger_t out_length) {
264		void *encrypted_buffer;
265		int32_t encrypted_length;
266
267		encrypted_buffer = wi_malloc(RSA_size(p7_rsa->rsa));
268		encrypted_length = RSA_public_encrypt(decrypted_length, decrypted_buffer, encrypted_buffer, p7_rsa->rsa, RSA_PKCS1_PADDING);
269
270		if(encrypted_length == -1) {
271		wi_error_set_openssl_error();
272
273		wi_free(encrypted_buffer);
274
275		return false;
276		}
277
278		*out_buffer = encrypted_buffer;
279		*out_length = encrypted_length;
280
281		return true;
282		}
283
284
285
286		wi_data_t * wi_p7_rsa_public_encrypt_data(wi_p7_rsa_t p7_rsa, wi_data_t decrypted_data) {
	257	wi_data_t * wi_p7_rsa_public_key(wi_p7_rsa_t *p7_rsa) {
	258	return p7_rsa->public_key;
	259	}
	260
	261
	262
	263	#pragma mark -
	264
	265	wi_data_t * wi_p7_rsa_encrypt(wi_p7_rsa_t p7_rsa, wi_data_t decrypted_data) {
287	266	const void *decrypted_buffer;
288	267	void *encrypted_buffer;
…	…
292	271	decrypted_length = wi_data_length(decrypted_data);
293	272
294		if(!wi_p7_rsa_~~public_~~encrypt_bytes(p7_rsa, decrypted_buffer, decrypted_length, &encrypted_buffer, &encrypted_length))
	273	if(!wi_p7_rsa_encrypt_bytes(p7_rsa, decrypted_buffer, decrypted_length, &encrypted_buffer, &encrypted_length))
295	274	return NULL;
296	275
…	…
300	279
301	280
302		wi_boolean_t wi_p7_rsa_~~private_decrypt_bytes(wi_p7_rsa_t p7_rsa, const void encrypted_buffer, wi_uinteger_t en~~crypted_length, void *out_buffer, wi_uinteger_t out_length) {
303		void *decrypted_buffer;
304		int32_t decrypted_length;
305
306		decrypted_buffer = wi_malloc(RSA_size(p7_rsa->rsa));
307		~~decrypted_length = RSA_private_decrypt(encrypted_length, encrypted_buffer, de~~crypted_buffer, p7_rsa->rsa, RSA_PKCS1_PADDING);
308
309		if(decrypted_length == -1) {
310		wi_error_set_openssl_error();
311
312		wi_free(decrypted_buffer);
313
	281	wi_boolean_t wi_p7_rsa_encrypt_bytes(wi_p7_rsa_t p7_rsa, const void decrypted_buffer, wi_uinteger_t decrypted_length, void *out_buffer, wi_uinteger_t out_length) {
	282	void *encrypted_buffer;
	283	int32_t encrypted_length;
	284
	285	encrypted_buffer = wi_malloc(RSA_size(p7_rsa->rsa));
	286	encrypted_length = RSA_public_encrypt(decrypted_length, decrypted_buffer, encrypted_buffer, p7_rsa->rsa, RSA_PKCS1_PADDING);
	287
	288	if(encrypted_length == -1) {
	289	wi_error_set_openssl_error();
	290
	291	wi_free(encrypted_buffer);
	292
314	293	return false;
315	294	}
316	295
317		*out_buffer = decrypted_buffer;
318		*out_length = decrypted_length;
	296	*out_buffer = encrypted_buffer;
	297	*out_length = encrypted_length;
319	298
320	299	return true;
…	…
323	302
324	303
325		wi_data_t * wi_p7_rsa_~~private_decrypt_data~~(wi_p7_rsa_t p7_rsa, wi_data_t encrypted_data) {
	304	wi_data_t * wi_p7_rsa_decrypt(wi_p7_rsa_t p7_rsa, wi_data_t encrypted_data) {
326	305	const void *encrypted_buffer;
327	306	void *decrypted_buffer;
…	…
331	310	encrypted_length = wi_data_length(encrypted_data);
332	311
333		if(!wi_p7_rsa_~~private_~~decrypt_bytes(p7_rsa, encrypted_buffer, encrypted_length, &decrypted_buffer, &decrypted_length))
	312	if(!wi_p7_rsa_decrypt_bytes(p7_rsa, encrypted_buffer, encrypted_length, &decrypted_buffer, &decrypted_length))
334	313	return NULL;
335	314
336	315	return wi_data_with_bytes_no_copy(decrypted_buffer, decrypted_length, true);
	316	}
	317
	318
	319
	320	wi_boolean_t wi_p7_rsa_decrypt_bytes(wi_p7_rsa_t p7_rsa, const void encrypted_buffer, wi_uinteger_t encrypted_length, void *out_buffer, wi_uinteger_t out_length) {
	321	void *decrypted_buffer;
	322	int32_t decrypted_length;
	323
	324	decrypted_buffer = wi_malloc(RSA_size(p7_rsa->rsa));
	325	decrypted_length = RSA_private_decrypt(encrypted_length, encrypted_buffer, decrypted_buffer, p7_rsa->rsa, RSA_PKCS1_PADDING);
	326
	327	if(decrypted_length == -1) {
	328	wi_error_set_openssl_error();
	329
	330	wi_free(decrypted_buffer);
	331
	332	return false;
	333	}
	334
	335	*out_buffer = decrypted_buffer;
	336	*out_length = decrypted_length;
	337
	338	return true;
337	339	}
338	340
…	…
354	356
355	357
356		wi_p7_cipher_t * wi_p7_cipher_init_with_public_rsa(wi_p7_cipher_t p7_cipher, wi_p7_cipher_type_t type, wi_p7_rsa_t p7_rsa) {
357		EVP_PKEY *private_cipher;
	358
	359	wi_p7_cipher_t * wi_p7_cipher_init_with_key(wi_p7_cipher_t p7_cipher, wi_p7_cipher_type_t type, wi_data_t key, wi_data_t *iv) {
	360	unsigned char key_buffer, iv_buffer;
	361
	362	p7_cipher->type = type;
	363	p7_cipher->cipher = _wi_p7_cipher_cipher(p7_cipher);
	364
	365	key_buffer = (unsigned char *) wi_data_bytes(key);
	366	iv_buffer = iv ? (unsigned char *) wi_data_bytes(iv) : NULL;
	367
	368	if(EVP_EncryptInit(&p7_cipher->encrypt_ctx, p7_cipher->cipher, NULL, NULL) != 1) {
	369	wi_error_set_openssl_error();
	370
	371	wi_release(p7_cipher);
	372
	373	return NULL;
	374	}
	375
	376	if(EVP_DecryptInit(&p7_cipher->decrypt_ctx, p7_cipher->cipher, NULL, NULL) != 1) {
	377	wi_error_set_openssl_error();
	378
	379	wi_release(p7_cipher);
	380
	381	return NULL;
	382	}
	383
	384	_wi_p7_cipher_configure_cipher(p7_cipher);
	385
	386	if(EVP_EncryptInit(&p7_cipher->encrypt_ctx, p7_cipher->cipher, key_buffer, iv_buffer) != 1) {
	387	wi_error_set_openssl_error();
	388
	389	wi_release(p7_cipher);
	390
	391	return NULL;
	392	}
	393
	394	if(EVP_DecryptInit(&p7_cipher->decrypt_ctx, p7_cipher->cipher, key_buffer, iv_buffer) != 1) {
	395	wi_error_set_openssl_error();
	396
	397	wi_release(p7_cipher);
	398
	399	return NULL;
	400	}
	401
	402	p7_cipher->key = wi_retain(key);
	403	p7_cipher->iv = wi_retain(iv);
	404
	405	return p7_cipher;
	406	}
	407
	408
	409
	410	wi_p7_cipher_t * wi_p7_cipher_init_with_random_key(wi_p7_cipher_t *p7_cipher, wi_p7_cipher_type_t type) {
358	411	unsigned char key_buffer, iv_buffer;
359	412	int key_length, iv_length;
360	413
361		p7_cipher->cipher = _wi_p7_cipher_cipher_for_type(p7_cipher, type);
362
363		if(EVP_SealInit(&p7_cipher->cipher_ctx, p7_cipher->cipher, NULL, NULL, NULL, NULL, 1) != 1) {
364		wi_error_set_openssl_error();
365
366		wi_release(p7_cipher);
367
368		return NULL;
369		}
370
371		_wi_p7_cipher_configure_cipher_for_type(p7_cipher, type);
372
373		private_cipher = EVP_PKEY_new();
374
375		EVP_PKEY_set1_RSA(private_cipher, p7_rsa->rsa);
376
377		key_buffer = wi_malloc(EVP_PKEY_size(private_cipher));
	414	p7_cipher->type = type;
	415	p7_cipher->cipher = _wi_p7_cipher_cipher(p7_cipher);
	416
	417	key_length = EVP_MAX_KEY_LENGTH;
	418	key_buffer = wi_malloc(key_length);
378	419	iv_length = EVP_CIPHER_iv_length(p7_cipher->cipher);
379		iv_buffer = wi_malloc(iv_length);
380
381		if(EVP_SealInit(&p7_cipher->cipher_ctx, NULL, &key_buffer, &key_length, iv_buffer, &private_cipher, 1) != 1) {
382		wi_error_set_openssl_error();
383
384		EVP_PKEY_free(private_cipher);
385		wi_free(key_buffer);
386		wi_free(iv_buffer);
387		wi_release(p7_cipher);
388
389		return NULL;
390		}
391
392		p7_cipher->key_data = wi_data_init_with_bytes_no_copy(wi_data_alloc(), key_buffer, key_length, true);
393		p7_cipher->iv_data = wi_data_init_with_bytes_no_copy(wi_data_alloc(), iv_buffer, iv_length, true);
394
395		EVP_PKEY_free(private_cipher);
396
397		return p7_cipher;
398		}
399
400
401
402		wi_p7_cipher_t * wi_p7_cipher_init_with_private_rsa(wi_p7_cipher_t p7_cipher, wi_p7_cipher_type_t type, wi_p7_rsa_t p7_rsa, wi_data_t key_data, wi_data_t iv_data) {
403		EVP_PKEY *private_rsa;
404		unsigned char key_buffer, iv_buffer;
405		int key_length;
406
407		p7_cipher->cipher = _wi_p7_cipher_cipher_for_type(p7_cipher, type);
408
409		if(EVP_OpenInit(&p7_cipher->cipher_ctx, p7_cipher->cipher, NULL, 0, NULL, NULL) != 1) {
410		wi_error_set_openssl_error();
411
412		wi_release(p7_cipher);
413
414		return NULL;
415		}
416
417		_wi_p7_cipher_configure_cipher_for_type(p7_cipher, type);
418
419		private_rsa = EVP_PKEY_new();
420
421		EVP_PKEY_set1_RSA(private_rsa, p7_rsa->rsa);
422
423		key_buffer = (unsigned char *) wi_data_bytes(key_data);
424		key_length = wi_data_length(key_data);
425		iv_buffer = iv_data ? (unsigned char *) wi_data_bytes(iv_data) : NULL;
426
427		if(EVP_OpenInit(&p7_cipher->cipher_ctx, NULL, key_buffer, key_length, iv_buffer, private_rsa) != 1) {
428		wi_error_set_openssl_error();
429
430		EVP_PKEY_free(private_rsa);
431		wi_release(p7_cipher);
432
433		return NULL;
434		}
435
436		p7_cipher->key_data = wi_retain(key_data);
437		p7_cipher->iv_data = wi_retain(iv_data);
438
439		EVP_PKEY_free(private_rsa);
	420	iv_buffer = (iv_length > 0) ? wi_malloc(iv_length) : NULL;
	421
	422	if(RAND_bytes(key_buffer, key_length) <= 0) {
	423	wi_error_set_openssl_error();
	424
	425	wi_release(p7_cipher);
	426
	427	return NULL;
	428	}
	429
	430	if(EVP_EncryptInit(&p7_cipher->encrypt_ctx, p7_cipher->cipher, NULL, NULL) != 1) {
	431	wi_error_set_openssl_error();
	432
	433	wi_release(p7_cipher);
	434
	435	return NULL;
	436	}
	437
	438	if(EVP_DecryptInit(&p7_cipher->decrypt_ctx, p7_cipher->cipher, NULL, NULL) != 1) {
	439	wi_error_set_openssl_error();
	440
	441	wi_release(p7_cipher);
	442
	443	return NULL;
	444	}
	445
	446	_wi_p7_cipher_configure_cipher(p7_cipher);
	447
	448	if(EVP_EncryptInit(&p7_cipher->encrypt_ctx, p7_cipher->cipher, key_buffer, iv_buffer) != 1) {
	449	wi_error_set_openssl_error();
	450
	451	wi_release(p7_cipher);
	452
	453	return NULL;
	454	}
	455
	456	if(EVP_DecryptInit(&p7_cipher->decrypt_ctx, p7_cipher->cipher, key_buffer, iv_buffer) != 1) {
	457	wi_error_set_openssl_error();
	458
	459	wi_release(p7_cipher);
	460
	461	return NULL;
	462	}
	463
	464	p7_cipher->key = wi_data_init_with_bytes_no_copy(wi_data_alloc(), key_buffer, key_length, true);
	465	p7_cipher->iv = (iv_length > 0) ? wi_data_init_with_bytes_no_copy(wi_data_alloc(), iv_buffer, iv_length, true) : NULL;
440	466
441	467	return p7_cipher;
…	…
447	473	wi_p7_cipher_t *p7_cipher = instance;
448	474
449		wi_release(p7_cipher->key_data);
450		wi_release(p7_cipher->iv_data);
	475	EVP_CIPHER_CTX_cleanup(&p7_cipher->encrypt_ctx);
	476	EVP_CIPHER_CTX_cleanup(&p7_cipher->decrypt_ctx);
	477
	478	wi_release(p7_cipher->key);
	479	wi_release(p7_cipher->iv);
451	480	}
452	481
…	…
456	485	wi_p7_cipher_t *p7_cipher = instance;
457	486
458		return wi_string_with_format(WI_STR("<%@ %p>{name = %@, bits = %u}"),
	487	return wi_string_with_format(WI_STR("<%@ %p>{name = %@, bits = %u, iv = %@, key = %@}"),
459	488	wi_runtime_class_name(p7_cipher),
460	489	p7_cipher,
461	490	wi_p7_cipher_name(p7_cipher),
462		wi_p7_cipher_bits(p7_cipher));
463		}
464
465
466
467		#pragma mark -
468
469		static const EVP_CIPHER * _wi_p7_cipher_cipher_for_type(wi_p7_cipher_t *p7_cipher, wi_p7_cipher_type_t type) {
470		switch(type) {
471		case WI_P7_CIPHER_NULL: return EVP_enc_null();
	491	wi_p7_cipher_bits(p7_cipher),
	492	wi_p7_cipher_iv(p7_cipher),
	493	wi_p7_cipher_key(p7_cipher));
	494	}
	495
	496
	497
	498	#pragma mark -
	499
	500	static const EVP_CIPHER * _wi_p7_cipher_cipher(wi_p7_cipher_t *p7_cipher) {
	501	switch(p7_cipher->type) {
472	502	case WI_P7_CIPHER_AES_256: return EVP_aes_256_cbc();
473	503	case WI_P7_CIPHER_BF_128: return EVP_bf_cbc();
…	…
479	509
480	510
481		static void _wi_p7_cipher_configure_cipher_for_type(wi_p7_cipher_t *p7_cipher, wi_p7_cipher_type_t type) {
482		if(type == WI_P7_CIPHER_BF_128)
483		EVP_CIPHER_CTX_set_key_length(&p7_cipher->cipher_ctx, 16);
484		}
485
486
487
488		#pragma mark -
489
490		wi_data_t * wi_p7_cipher_key_data(wi_p7_cipher_t *p7_cipher) {
491		return p7_cipher->key_data;
492		}
493
494
495
496		wi_data_t * wi_p7_cipher_iv_data(wi_p7_cipher_t *p7_cipher) {
497		return p7_cipher->iv_data;
	511	static void _wi_p7_cipher_configure_cipher(wi_p7_cipher_t *p7_cipher) {
	512	if(p7_cipher->type == WI_P7_CIPHER_BF_128) {
	513	EVP_CIPHER_CTX_set_key_length(&p7_cipher->encrypt_ctx, 16);
	514	EVP_CIPHER_CTX_set_key_length(&p7_cipher->decrypt_ctx, 16);
	515	}
	516	}
	517
	518
	519
	520	#pragma mark -
	521
	522	wi_data_t * wi_p7_cipher_key(wi_p7_cipher_t *p7_cipher) {
	523	return p7_cipher->key;
	524	}
	525
	526
	527
	528	wi_data_t * wi_p7_cipher_iv(wi_p7_cipher_t *p7_cipher) {
	529	return p7_cipher->iv;
498	530	}
499	531
…	…
503	535
504	536	wi_string_t * wi_p7_cipher_name(wi_p7_cipher_t *p7_cipher) {
505		return wi_string_with_cstring(EVP_CIPHER_name(p7_cipher->cipher));
	537	switch(p7_cipher->type) {
	538	case WI_P7_CIPHER_AES_256: return WI_STR("AES");
	539	case WI_P7_CIPHER_BF_128: return WI_STR("Blowfish");
	540	}
	541
	542	return NULL;
506	543	}
507	544
…	…
509	546
510	547	wi_uinteger_t wi_p7_cipher_bits(wi_p7_cipher_t *p7_cipher) {
511		return EVP_CIPHER_key_length(&p7_cipher->cipher_ctx) * 8;
512		}
513
514
515
516		#pragma mark -
517
518		wi_boolean_t wi_p7_cipher_encrypt_bytes(wi_p7_cipher_t p7_cipher, const void decrypted_buffer, wi_uinteger_t decrypted_length, void *out_buffer, wi_uinteger_t out_length) {
519		void *encrypted_buffer;
520		wi_uinteger_t encrypted_length, padded_length;
521
522		encrypted_buffer = wi_malloc(decrypted_length + EVP_CIPHER_block_size(p7_cipher->cipher));
523
524		if(EVP_SealUpdate(&p7_cipher->cipher_ctx, encrypted_buffer, (int *) &encrypted_length, decrypted_buffer, decrypted_length) != 1) {
525		wi_error_set_openssl_error();
526
527		wi_free(encrypted_buffer);
528
529		return false;
530		}
531
532		if(EVP_SealFinal(&p7_cipher->cipher_ctx, encrypted_buffer + encrypted_length, (int *) &padded_length) != 1) {
533		wi_error_set_openssl_error();
534
535		wi_free(encrypted_buffer);
536
537		return false;
538		}
539
540		*out_buffer = encrypted_buffer;
541		*out_length = encrypted_length + padded_length;
542
543		return true;
544		}
545
546
547
548		wi_data_t * wi_p7_cipher_encrypt_data(wi_p7_cipher_t p7_cipher, wi_data_t decrypted_data) {
	548	return EVP_CIPHER_key_length(&p7_cipher->encrypt_ctx) * 8;
	549	}
	550
	551
	552
	553	#pragma mark -
	554
	555	wi_data_t * wi_p7_cipher_encrypt(wi_p7_cipher_t p7_cipher, wi_data_t decrypted_data) {
549	556	const void *decrypted_buffer;
550	557	void *encrypted_buffer;
…	…
562	569
563	570
564		wi_boolean_t wi_p7_cipher_~~decrypt_bytes(wi_p7_cipher_t p7_cipher, const void encrypted_buffer, wi_uinteger_t en~~crypted_length, void *out_buffer, wi_uinteger_t out_length) {
565		void *decrypted_buffer;
566		~~wi_uinteger_t de~~crypted_length, padded_length;
567
568		~~decrypted_buffer = wi_malloc(en~~crypted_length + EVP_CIPHER_block_size(p7_cipher->cipher));
569
570		if(EVP_~~OpenUpdate(&p7_cipher->cipher_ctx, decrypted_buffer, (int *) &decrypted_length, encrypted_buffer, en~~crypted_length) != 1) {
571		wi_error_set_openssl_error();
572
573		wi_free(decrypted_buffer);
	571	wi_boolean_t wi_p7_cipher_encrypt_bytes(wi_p7_cipher_t p7_cipher, const void decrypted_buffer, wi_uinteger_t decrypted_length, void *out_buffer, wi_uinteger_t out_length) {
	572	void *encrypted_buffer;
	573	int encrypted_length, padded_length;
	574
	575	encrypted_buffer = wi_malloc(decrypted_length + EVP_CIPHER_block_size(p7_cipher->cipher));
	576
	577	if(EVP_EncryptUpdate(&p7_cipher->encrypt_ctx, encrypted_buffer, &encrypted_length, decrypted_buffer, decrypted_length) != 1) {
	578	wi_error_set_openssl_error();
	579
	580	wi_free(encrypted_buffer);
574	581
575	582	return false;
576	583	}
577	584
578		if(EVP_~~OpenFinal(&p7_cipher->cipher_ctx, decrypted_buffer + decrypted_length, (int *)~~ &padded_length) != 1) {
579		wi_error_set_openssl_error();
580
581		wi_free(decrypted_buffer);
	585	if(EVP_EncryptFinal(&p7_cipher->encrypt_ctx, encrypted_buffer + encrypted_length, &padded_length) != 1) {
	586	wi_error_set_openssl_error();
	587
	588	wi_free(encrypted_buffer);
582	589
583	590	return false;
584	591	}
585
586		*out_buffer = decrypted_buffer;
587		*out_length = decrypted_length + padded_length;
	592
	593	*out_buffer = encrypted_buffer;
	594	*out_length = encrypted_length + padded_length;
588	595
589	596	return true;
…	…
592	599
593	600
594		wi_data_t * wi_p7_cipher_decrypt~~_data~~(wi_p7_cipher_t p7_cipher, wi_data_t encrypted_data) {
	601	wi_data_t * wi_p7_cipher_decrypt(wi_p7_cipher_t p7_cipher, wi_data_t encrypted_data) {
595	602	const void *encrypted_buffer;
596	603	void *decrypted_buffer;
…	…
606	613	}
607	614
	615
	616
	617	wi_boolean_t wi_p7_cipher_decrypt_bytes(wi_p7_cipher_t p7_cipher, const void encrypted_buffer, wi_uinteger_t encrypted_length, void *out_buffer, wi_uinteger_t out_length) {
	618	void *decrypted_buffer;
	619	int decrypted_length, padded_length;
	620
	621	decrypted_buffer = wi_malloc(encrypted_length + EVP_CIPHER_block_size(p7_cipher->cipher));
	622
	623	if(EVP_DecryptUpdate(&p7_cipher->decrypt_ctx, decrypted_buffer, &decrypted_length, encrypted_buffer, encrypted_length) != 1) {
	624	wi_error_set_openssl_error();
	625
	626	wi_free(decrypted_buffer);
	627
	628	return false;
	629	}
	630
	631	if(EVP_DecryptFinal(&p7_cipher->decrypt_ctx, decrypted_buffer + decrypted_length, &padded_length) != 1) {
	632	wi_error_set_openssl_error();
	633
	634	wi_free(decrypted_buffer);
	635
	636	return false;
	637	}
	638
	639	*out_buffer = decrypted_buffer;
	640	*out_length = decrypted_length + padded_length;
	641
	642	return true;
	643	}
	644
608	645	#endif

libwired/trunk/libwired/p7/wi-p7-crypto.h

r4629	r4639
35	35
36	36	enum _wi_p7_cipher_type {
37		~~WI_P7_CIPHER_NULL,~~
38	37	WI_P7_CIPHER_AES_256,
39	38	WI_P7_CIPHER_BF_128
…	…
51	50	WI_EXPORT wi_p7_rsa_t * wi_p7_rsa_init_with_bits(wi_p7_rsa_t *, wi_uinteger_t);
52	51	WI_EXPORT wi_p7_rsa_t * wi_p7_rsa_init_with_pem_file(wi_p7_rsa_t , wi_string_t );
53		WI_EXPORT wi_p7_rsa_t * wi_p7_rsa_init_with_public_key~~_data~~(wi_p7_rsa_t , wi_data_t );
	52	WI_EXPORT wi_p7_rsa_t * wi_p7_rsa_init_with_public_key(wi_p7_rsa_t , wi_data_t );
54	53
55		WI_EXPORT wi_data_t * wi_p7_rsa_public_key~~_data~~(wi_p7_rsa_t *);
	54	WI_EXPORT wi_data_t * wi_p7_rsa_public_key(wi_p7_rsa_t *);
56	55
57		WI_EXPORT wi_~~boolean_t wi_p7_rsa_public_encrypt_bytes(wi_p7_rsa_t , const void , wi_uinteger_t, void *, wi_uinteger~~_t );
58		WI_EXPORT wi_~~data_t * wi_p7_rsa_public_encrypt_data(wi_p7_rsa_t , wi_data~~_t );
59		WI_EXPORT wi_~~boolean_t wi_p7_rsa_private_decrypt_bytes(wi_p7_rsa_t , const void , wi_uinteger_t, void *, wi_uinteger~~_t );
60		WI_EXPORT wi_~~data_t * wi_p7_rsa_private_decrypt_data(wi_p7_rsa_t , wi_data~~_t );
	56	WI_EXPORT wi_data_t * wi_p7_rsa_encrypt(wi_p7_rsa_t , wi_data_t );
	57	WI_EXPORT wi_boolean_t wi_p7_rsa_encrypt_bytes(wi_p7_rsa_t , const void , wi_uinteger_t, void *, wi_uinteger_t );
	58	WI_EXPORT wi_data_t * wi_p7_rsa_decrypt(wi_p7_rsa_t , wi_data_t );
	59	WI_EXPORT wi_boolean_t wi_p7_rsa_decrypt_bytes(wi_p7_rsa_t , const void , wi_uinteger_t, void *, wi_uinteger_t );
61	60
62	61
…	…
64	63
65	64	WI_EXPORT wi_p7_cipher_t * wi_p7_cipher_alloc(void);
66		WI_EXPORT wi_p7_cipher_t * wi_p7_cipher_init_with_~~public_rsa(wi_p7_cipher_t , wi_p7_cipher_type_t, wi_p7_rs~~a_t );
67		WI_EXPORT wi_p7_cipher_t * wi_p7_cipher_init_with_private_rsa(wi_p7_cipher_t , wi_p7_cipher_type_t, wi_p7_rsa_t , wi_data_t , wi_data_t );
	65	WI_EXPORT wi_p7_cipher_t * wi_p7_cipher_init_with_key(wi_p7_cipher_t , wi_p7_cipher_type_t, wi_data_t , wi_data_t *);
	66	WI_EXPORT wi_p7_cipher_t * wi_p7_cipher_init_with_random_key(wi_p7_cipher_t *, wi_p7_cipher_type_t);
68	67
69		WI_EXPORT wi_data_t * wi_p7_cipher_key~~_data~~(wi_p7_cipher_t *);
70		WI_EXPORT wi_data_t * wi_p7_cipher_iv~~_data~~(wi_p7_cipher_t *);
	68	WI_EXPORT wi_data_t * wi_p7_cipher_key(wi_p7_cipher_t *);
	69	WI_EXPORT wi_data_t * wi_p7_cipher_iv(wi_p7_cipher_t *);
71	70
72	71	WI_EXPORT wi_string_t * wi_p7_cipher_name(wi_p7_cipher_t *);
73	72	WI_EXPORT wi_uinteger_t wi_p7_cipher_bits(wi_p7_cipher_t *);
74	73
	74	WI_EXPORT wi_data_t * wi_p7_cipher_encrypt(wi_p7_cipher_t , wi_data_t );
75	75	WI_EXPORT wi_boolean_t wi_p7_cipher_encrypt_bytes(wi_p7_cipher_t , const void , wi_uinteger_t, void *, wi_uinteger_t );
76		WI_EXPORT wi_data_t * wi_p7_cipher_~~encrypt_data~~(wi_p7_cipher_t , wi_data_t );
	76	WI_EXPORT wi_data_t * wi_p7_cipher_decrypt(wi_p7_cipher_t , wi_data_t );
77	77	WI_EXPORT wi_boolean_t wi_p7_cipher_decrypt_bytes(wi_p7_cipher_t , const void , wi_uinteger_t, void *, wi_uinteger_t );
78		~~WI_EXPORT wi_data_t * wi_p7_cipher_decrypt_data(wi_p7_cipher_t , wi_data_t );~~
79	78
80	79	#endif /* WI_P7_CRYPTO_H */

libwired/trunk/libwired/p7/wi-p7-message.c

r4623	r4639
121	121
122	122	if(p7_message->serialization == WI_P7_BINARY) {
123		p7_message->binary_~~buffer_size~~ = _WI_P7_MESSAGE_BINARY_BUFFER_INITIAL_SIZE;
124		p7_message->binary_buffer ~~= wi_malloc(p7_message->binary_buffer~~_size);
125		p7_message->binary_length = _WI_P7_MESSAGE_BINARY_HEADER_SIZE;
126		} else {
127		p7_message->xml_doc = xmlNewDoc((xmlChar *) "1.0");
128		p7_message->xml_root_node = xmlNewNode(NULL, (xmlChar *) "message");
	123	p7_message->binary_size = _WI_P7_MESSAGE_BINARY_BUFFER_INITIAL_SIZE;
	124	p7_message->binary_buffer = wi_malloc(p7_message->binary_size);
	125	p7_message->binary_length = _WI_P7_MESSAGE_BINARY_HEADER_SIZE;
	126	} else {
	127	p7_message->xml_doc = xmlNewDoc((xmlChar *) "1.0");
	128	p7_message->xml_root_node = xmlNewNode(NULL, (xmlChar *) "message");
129	129
130	130	xmlDocSetRootElement(p7_message->xml_doc, p7_message->xml_root_node);
…	…
173	173	p7_message,
174	174	p7_message->name,
175		p7_message->serialization == WI_P7_BINARY ? WI_STR("binary") : WI_STR("~~XML~~"));
	175	p7_message->serialization == WI_P7_BINARY ? WI_STR("binary") : WI_STR("xml"));
176	176
177	177	if(p7_message->serialization == WI_P7_BINARY) {
…	…
550	550	new_length += sizeof(length);
551	551
552		if(p7_message->binary_length + new_length > p7_message->binary_~~buffer_~~size) {
553		p7_message->binary_~~buffer_size~~ *= 2;
554		p7_message->binary_buffer ~~= wi_realloc(p7_message->binary_buffer, p7_message->binary_buffer~~_size);
	552	if(p7_message->binary_length + new_length > p7_message->binary_size) {
	553	p7_message->binary_size *= 2;
	554	p7_message->binary_buffer = wi_realloc(p7_message->binary_buffer, p7_message->binary_size);
555	555	}
556	556

libwired/trunk/libwired/p7/wi-p7-private.h

r4629	r4639
46	46
47	47	unsigned char *binary_buffer;
48		uint32_t binary_~~buffer_~~size;
	48	uint32_t binary_size;
49	49	uint32_t binary_length;
50	50	uint32_t binary_id;

libwired/trunk/libwired/p7/wi-p7-socket.c

r4629	r4639
255	255	wi_p7_message_set_uuid_for_name(p7_message, wi_p7_spec_id(p7_socket->spec), WI_STR("p7.handshake.protocol"));
256	256
257		if(~~options & WI_P7_COMPRESSION_DEFLATE)~~
258		~~wi_p7_message_set_enum_for_name(p7_message, 0, WI_STR("p7.handshake.compression"));~~
259
260		~~wi_log_info(WI_STR("should set %u for encryption"), wi_p7_spec_enum_value(p7_socket->spec, 4, WI_STR("p7.handshake.encryption.rsa_aes_256")));~~
261
262		~~if(options & WI_P7_ENCRYPTION_RSA_AES_256)~~
263		~~wi_p7_message_set_enum_for_name(p7_message, 0, WI_STR("p7.handshake.encryption"));~~
264		~~else if(options & WI_P7_ENCRYPTION_RSA_BF_128)~~
265		~~wi_p7_message_set_enum_for_name(p7_message, 1, WI_STR("p7.handshake.encryption"));~~
	257	if(p7_socket->serialization == WI_P7_BINARY) {
	258	if(options & WI_P7_COMPRESSION_DEFLATE)
	259	wi_p7_message_set_enum_for_name(p7_message, 0, WI_STR("p7.handshake.compression"));
	260
	261	if(options & WI_P7_ENCRYPTION_RSA_AES_256)
	262	wi_p7_message_set_enum_for_name(p7_message, 0, WI_STR("p7.handshake.encryption"));
	263	else if(options & WI_P7_ENCRYPTION_RSA_BF_128)
	264	wi_p7_message_set_enum_for_name(p7_message, 1, WI_STR("p7.handshake.encryption"));
	265	}
266	266
267	267	if(!wi_p7_socket_write_message(p7_socket, timeout, p7_message)) {
…	…
374	374	p7_socket->local_compatibility_check = !wi_p7_spec_is_compatible_with_id(p7_socket->spec, protocol);
375	375
376		if(~~wi_p7_message_get_enum_for_name(p7_message, &compression, WI_STR("p7.handshake.compression"))~~) {
377		if(~~compression == 0 && options & WI_P7_COMPRESSION_DEFLATE)~~
378		~~p7_socket->options \|= WI_P7_COMPRESSION_DEFLATE;~~
379		}
380
381		~~if(wi_p7_message_get_enum_for_name(p7_message, &encryption, WI_STR("p7.handshake.encryption"))) {~~
382		~~wi_log_info(WI_STR("should get %@ for %u"), wi_p7_spec_enum_name(p7_socket->spec, 4, encryption), encryption);~~
383
384		~~if(encryption == 0 && options & WI_P7_ENCRYPTION_RSA_AES_256)~~
385		~~p7_socket->options \|= WI_P7_ENCRYPTION_RSA_AES_256;~~
386		~~else if(encryption == 1 && options & WI_P7_ENCRYPTION_RSA_BF_128)~~
387		~~p7_socket->options \|= WI_P7_ENCRYPTION_RSA_BF_128;~~
	376	if(p7_socket->serialization == WI_P7_BINARY) {
	377	if(wi_p7_message_get_enum_for_name(p7_message, &compression, WI_STR("p7.handshake.compression"))) {
	378	if(compression == 0 && options & WI_P7_COMPRESSION_DEFLATE)
	379	p7_socket->options \|= WI_P7_COMPRESSION_DEFLATE;
	380	}
	381
	382	if(wi_p7_message_get_enum_for_name(p7_message, &encryption, WI_STR("p7.handshake.encryption"))) {
	383	if(encryption == 0 && options & WI_P7_ENCRYPTION_RSA_AES_256)
	384	p7_socket->options \|= WI_P7_ENCRYPTION_RSA_AES_256;
	385	else if(encryption == 1 && options & WI_P7_ENCRYPTION_RSA_BF_128)
	386	p7_socket->options \|= WI_P7_ENCRYPTION_RSA_BF_128;
	387	}
388	388	}
389	389
…	…
440	440	static wi_boolean_t _wi_p7_socket_connect_key_exchange(wi_p7_socket_t p7_socket, wi_time_interval_t timeout, wi_string_t username, wi_string_t *password) {
441	441	wi_p7_message_t *p7_message;
442		wi_data_t data, rsa~~_data~~;
	442	wi_data_t data, rsa;
443	443	wi_string_t client_password1, client_password2, *server_password;
444	444
…	…
457	457	}
458	458
459		rsa~~_data~~ = wi_p7_message_data_for_name(p7_message, WI_STR("p7.encryption.envelope_key"));
460
461		if(!rsa~~_data~~) {
	459	rsa = wi_p7_message_data_for_name(p7_message, WI_STR("p7.encryption.envelope_key"));
	460
	461	if(!rsa) {
462	462	wi_log_warn(WI_STR("no certificate"));
463	463
…	…
465	465	}
466	466
467		p7_socket->rsa = wi_p7_rsa_init_with_public_key~~_data(wi_p7_rsa_alloc(), rsa_dat~~a);
	467	p7_socket->rsa = wi_p7_rsa_init_with_public_key(wi_p7_rsa_alloc(), rsa);
468	468
469	469	if(!p7_socket->rsa) {
…	…
473	473	}
474	474
475		p7_socket->cipher = wi_p7_cipher_init_with_public_rsa(wi_p7_cipher_alloc(),
476		_wi_p7_socket_cipher(p7_socket),
477		p7_socket->rsa);
	475	p7_socket->cipher = wi_p7_cipher_init_with_random_key(wi_p7_cipher_alloc(), _wi_p7_socket_cipher(p7_socket));
478	476
479	477	if(!p7_socket->cipher) {
…	…
491	489	}
492	490
493		wi_p7_message_set_data_for_name(p7_message, wi_p7_cipher_key_data(p7_socket->cipher), WI_STR("p7.encryption.cipher_key"));
494		wi_p7_message_set_data_for_name(p7_message, wi_p7_cipher_iv_data(p7_socket->cipher), WI_STR("p7.encryption.cipher_key_iv"));