MySQL 5.6.14 Source Code Document
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
crypto_wrapper.hpp
1 /*
2  Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
3 
4  This program is free software; you can redistribute it and/or modify
5  it under the terms of the GNU General Public License as published by
6  the Free Software Foundation; version 2 of the License.
7 
8  This program is distributed in the hope that it will be useful,
9  but WITHOUT ANY WARRANTY; without even the implied warranty of
10  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  GNU General Public License for more details.
12 
13  You should have received a copy of the GNU General Public License
14  along with this program; see the file COPYING. If not, write to the
15  Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
16  MA 02110-1301 USA.
17 */
18 
19 
20 /* The crypto wrapper header is used to define policies for the cipher
21  * components used by SSL. There are 3 policies to consider:
22  *
23  * 1) MAC, the Message Authentication Code used for each Message
24  * 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message
25  * 3) Atuhentication, the Digitial Signing/Verifiaction scheme used
26  *
27  * This header doesn't rely on a specific crypto libraries internals,
28  * only the implementation should.
29  */
30 
31 
32 #ifndef yaSSL_CRYPTO_WRAPPER_HPP
33 #define yaSSL_CRYPTO_WRAPPER_HPP
34 
35 #include "yassl_types.hpp"
36 #include <stdio.h> // FILE
37 
38 
39 namespace yaSSL {
40 
41 
42 // Digest policy should implement a get_digest, update, and get sizes for pad
43 // and digest
44 struct Digest : public virtual_base {
45  virtual void get_digest(byte*) = 0;
46  virtual void get_digest(byte*, const byte*, unsigned int) = 0;
47  virtual void update(const byte*, unsigned int) = 0;
48  virtual uint get_digestSize() const = 0;
49  virtual uint get_padSize() const = 0;
50  virtual ~Digest() {}
51 };
52 
53 
54 // For use with NULL Digests
55 struct NO_MAC : public Digest {
56  void get_digest(byte*);
57  void get_digest(byte*, const byte*, unsigned int);
58  void update(const byte*, unsigned int);
59  uint get_digestSize() const;
60  uint get_padSize() const;
61 };
62 
63 
64 // MD5 Digest
65 class MD5 : public Digest {
66 public:
67  void get_digest(byte*);
68  void get_digest(byte*, const byte*, unsigned int);
69  void update(const byte*, unsigned int);
70  uint get_digestSize() const;
71  uint get_padSize() const;
72  MD5();
73  ~MD5();
74  MD5(const MD5&);
75  MD5& operator=(const MD5&);
76 private:
77  struct MD5Impl;
78  MD5Impl* pimpl_;
79 };
80 
81 
82 // SHA-1 Digest
83 class SHA : public Digest {
84 public:
85  void get_digest(byte*);
86  void get_digest(byte*, const byte*, unsigned int);
87  void update(const byte*, unsigned int);
88  uint get_digestSize() const;
89  uint get_padSize() const;
90  SHA();
91  ~SHA();
92  SHA(const SHA&);
93  SHA& operator=(const SHA&);
94 private:
95  struct SHAImpl;
96  SHAImpl* pimpl_;
97 
98 };
99 
100 
101 // RIPEMD-160 Digest
102 class RMD : public Digest {
103 public:
104  void get_digest(byte*);
105  void get_digest(byte*, const byte*, unsigned int);
106  void update(const byte*, unsigned int);
107  uint get_digestSize() const;
108  uint get_padSize() const;
109  RMD();
110  ~RMD();
111  RMD(const RMD&);
112  RMD& operator=(const RMD&);
113 private:
114  struct RMDImpl;
115  RMDImpl* pimpl_;
116 
117 };
118 
119 
120 // HMAC_MD5
121 class HMAC_MD5 : public Digest {
122 public:
123  void get_digest(byte*);
124  void get_digest(byte*, const byte*, unsigned int);
125  void update(const byte*, unsigned int);
126  uint get_digestSize() const;
127  uint get_padSize() const;
128  HMAC_MD5(const byte*, unsigned int);
129  ~HMAC_MD5();
130 private:
131  struct HMAC_MD5Impl;
132  HMAC_MD5Impl* pimpl_;
133 
134  HMAC_MD5(const HMAC_MD5&);
135  HMAC_MD5& operator=(const HMAC_MD5&);
136 };
137 
138 
139 // HMAC_SHA-1
140 class HMAC_SHA : public Digest {
141 public:
142  void get_digest(byte*);
143  void get_digest(byte*, const byte*, unsigned int);
144  void update(const byte*, unsigned int);
145  uint get_digestSize() const;
146  uint get_padSize() const;
147  HMAC_SHA(const byte*, unsigned int);
148  ~HMAC_SHA();
149 private:
150  struct HMAC_SHAImpl;
151  HMAC_SHAImpl* pimpl_;
152 
153  HMAC_SHA(const HMAC_SHA&);
154  HMAC_SHA& operator=(const HMAC_SHA&);
155 };
156 
157 
158 // HMAC_RMD
159 class HMAC_RMD : public Digest {
160 public:
161  void get_digest(byte*);
162  void get_digest(byte*, const byte*, unsigned int);
163  void update(const byte*, unsigned int);
164  uint get_digestSize() const;
165  uint get_padSize() const;
166  HMAC_RMD(const byte*, unsigned int);
167  ~HMAC_RMD();
168 private:
169  struct HMAC_RMDImpl;
170  HMAC_RMDImpl* pimpl_;
171 
172  HMAC_RMD(const HMAC_RMD&);
173  HMAC_RMD& operator=(const HMAC_RMD&);
174 };
175 
176 
177 // BulkCipher policy should implement encrypt, decrypt, get block size,
178 // and set keys for encrypt and decrypt
179 struct BulkCipher : public virtual_base {
180  virtual void encrypt(byte*, const byte*, unsigned int) = 0;
181  virtual void decrypt(byte*, const byte*, unsigned int) = 0;
182  virtual void set_encryptKey(const byte*, const byte* = 0) = 0;
183  virtual void set_decryptKey(const byte*, const byte* = 0) = 0;
184  virtual uint get_blockSize() const = 0;
185  virtual int get_keySize() const = 0;
186  virtual int get_ivSize() const = 0;
187  virtual ~BulkCipher() {}
188 };
189 
190 
191 // For use with NULL Ciphers
192 struct NO_Cipher : public BulkCipher {
193  void encrypt(byte*, const byte*, unsigned int) {}
194  void decrypt(byte*, const byte*, unsigned int) {}
195  void set_encryptKey(const byte*, const byte*) {}
196  void set_decryptKey(const byte*, const byte*) {}
197  uint get_blockSize() const { return 0; }
198  int get_keySize() const { return 0; }
199  int get_ivSize() const { return 0; }
200 };
201 
202 
203 // SSLv3 and TLSv1 always use DES in CBC mode so IV is required
204 class DES : public BulkCipher {
205 public:
206  void encrypt(byte*, const byte*, unsigned int);
207  void decrypt(byte*, const byte*, unsigned int);
208  void set_encryptKey(const byte*, const byte*);
209  void set_decryptKey(const byte*, const byte*);
210  uint get_blockSize() const { return DES_BLOCK; }
211  int get_keySize() const { return DES_KEY_SZ; }
212  int get_ivSize() const { return DES_IV_SZ; }
213  DES();
214  ~DES();
215 private:
216  struct DESImpl;
217  DESImpl* pimpl_;
218 
219  DES(const DES&); // hide copy
220  DES& operator=(const DES&); // & assign
221 };
222 
223 
224 // 3DES Encrypt-Decrypt-Encrypt in CBC mode
225 class DES_EDE : public BulkCipher {
226 public:
227  void encrypt(byte*, const byte*, unsigned int);
228  void decrypt(byte*, const byte*, unsigned int);
229  void set_encryptKey(const byte*, const byte*);
230  void set_decryptKey(const byte*, const byte*);
231  uint get_blockSize() const { return DES_BLOCK; }
232  int get_keySize() const { return DES_EDE_KEY_SZ; }
233  int get_ivSize() const { return DES_IV_SZ; }
234  DES_EDE();
235  ~DES_EDE();
236 private:
237  struct DES_EDEImpl;
238  DES_EDEImpl* pimpl_;
239 
240  DES_EDE(const DES_EDE&); // hide copy
241  DES_EDE& operator=(const DES_EDE&); // & assign
242 };
243 
244 
245 // Alledged RC4
246 class RC4 : public BulkCipher {
247 public:
248  void encrypt(byte*, const byte*, unsigned int);
249  void decrypt(byte*, const byte*, unsigned int);
250  void set_encryptKey(const byte*, const byte*);
251  void set_decryptKey(const byte*, const byte*);
252  uint get_blockSize() const { return 0; }
253  int get_keySize() const { return RC4_KEY_SZ; }
254  int get_ivSize() const { return 0; }
255  RC4();
256  ~RC4();
257 private:
258  struct RC4Impl;
259  RC4Impl* pimpl_;
260 
261  RC4(const RC4&); // hide copy
262  RC4& operator=(const RC4&); // & assign
263 };
264 
265 
266 // AES
267 class AES : public BulkCipher {
268 public:
269  void encrypt(byte*, const byte*, unsigned int);
270  void decrypt(byte*, const byte*, unsigned int);
271  void set_encryptKey(const byte*, const byte*);
272  void set_decryptKey(const byte*, const byte*);
273  uint get_blockSize() const { return AES_BLOCK_SZ; }
274  int get_keySize() const;
275  int get_ivSize() const { return AES_IV_SZ; }
276  explicit AES(unsigned int = AES_128_KEY_SZ);
277  ~AES();
278 private:
279  struct AESImpl;
280  AESImpl* pimpl_;
281 
282  AES(const AES&); // hide copy
283  AES& operator=(const AES&); // & assign
284 };
285 
286 
287 // Random number generator
288 class RandomPool {
289 public:
290  void Fill(opaque* dst, uint sz) const;
291  RandomPool();
292  ~RandomPool();
293 
294  int GetError() const;
295 
296  friend class RSA;
297  friend class DSS;
298  friend class DiffieHellman;
299 private:
300  struct RandomImpl;
301  RandomImpl* pimpl_;
302 
303  RandomPool(const RandomPool&); // hide copy
304  RandomPool& operator=(const RandomPool&); // & assign
305 };
306 
307 
308 // Authentication policy should implement sign, and verify
309 struct Auth : public virtual_base {
310  virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0;
311  virtual bool verify(const byte*, unsigned int, const byte*,
312  unsigned int) = 0;
313  virtual uint get_signatureLength() const = 0;
314  virtual ~Auth() {}
315 };
316 
317 
318 // For use with NULL Authentication schemes
319 struct NO_Auth : public Auth {
320  void sign(byte*, const byte*, unsigned int, const RandomPool&) {}
321  bool verify(const byte*, unsigned int, const byte*, unsigned int)
322  { return true; }
323 };
324 
325 
326 // Digitial Signature Standard scheme
327 class DSS : public Auth {
328 public:
329  void sign(byte*, const byte*, unsigned int, const RandomPool&);
330  bool verify(const byte*, unsigned int, const byte*, unsigned int);
331  uint get_signatureLength() const;
332  DSS(const byte*, unsigned int, bool publicKey = true);
333  ~DSS();
334 private:
335  struct DSSImpl;
336  DSSImpl* pimpl_;
337 
338  DSS(const DSS&);
339  DSS& operator=(const DSS&);
340 };
341 
342 
343 // RSA Authentication and exchange
344 class RSA : public Auth {
345 public:
346  void sign(byte*, const byte*, unsigned int, const RandomPool&);
347  bool verify(const byte*, unsigned int, const byte*, unsigned int);
348  void encrypt(byte*, const byte*, unsigned int, const RandomPool&);
349  void decrypt(byte*, const byte*, unsigned int, const RandomPool&);
350  uint get_signatureLength() const;
351  uint get_cipherLength() const;
352  RSA(const byte*, unsigned int, bool publicKey = true);
353  ~RSA();
354 private:
355  struct RSAImpl;
356  RSAImpl* pimpl_;
357 
358  RSA(const RSA&); // hide copy
359  RSA& operator=(const RSA&); // & assing
360 };
361 
362 
363 class Integer;
364 
365 // Diffie-Hellman agreement
366 // hide for now TODO: figure out a way to give access to C clients p and g args
367 class DiffieHellman {
368 public:
369  DiffieHellman(const byte*, unsigned int, const byte*, unsigned int,
370  const byte*, unsigned int, const RandomPool& random);
371  //DiffieHellman(const char*, const RandomPool&);
372  DiffieHellman(const Integer&, const Integer&, const RandomPool&);
373  ~DiffieHellman();
374 
375  DiffieHellman(const DiffieHellman&);
376  DiffieHellman& operator=(const DiffieHellman&);
377 
378  uint get_agreedKeyLength() const;
379  const byte* get_agreedKey() const;
380  const byte* get_publicKey() const;
381  void makeAgreement(const byte*, unsigned int);
382 
383  void set_sizes(int&, int&, int&) const;
384  void get_parms(byte*, byte*, byte*) const;
385 private:
386  struct DHImpl;
387  DHImpl* pimpl_;
388 };
389 
390 
391 // Lagrge Integer
392 class Integer {
393 public:
394  Integer();
395  ~Integer();
396 
397  Integer(const Integer&);
398  Integer& operator=(const Integer&);
399 
400  void assign(const byte*, unsigned int);
401 
402  friend class DiffieHellman;
403 private:
404  struct IntegerImpl;
405  IntegerImpl* pimpl_;
406 };
407 
408 
409 class x509;
410 
411 
412 struct EncryptedInfo {
413  enum { IV_SZ = 32, NAME_SZ = 80 };
414  char name[NAME_SZ]; // max one line
415  byte iv[IV_SZ]; // in base16 rep
416  uint ivSz;
417  bool set;
418 
419  EncryptedInfo() : ivSz(0), set(false) {}
420 };
421 
422 x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0);
423 
424 
425 } // naemspace
426 
427 #endif // yaSSL_CRYPTO_WRAPPER_HPP