/*
|
mecevp.c
|
|
gSOAP interface for streaming message encryption and decryption
|
|
gSOAP XML Web services tools
|
Copyright (C) 2000-2015, Robert van Engelen, Genivia Inc., All Rights Reserved.
|
This part of the software is released under one of the following licenses:
|
GPL or the gSOAP public license.
|
--------------------------------------------------------------------------------
|
gSOAP public license.
|
|
The contents of this file are subject to the gSOAP Public License Version 1.3
|
(the "License"); you may not use this file except in compliance with the
|
License. You may obtain a copy of the License at
|
http://www.cs.fsu.edu/~engelen/soaplicense.html
|
Software distributed under the License is distributed on an "AS IS" basis,
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
for the specific language governing rights and limitations under the License.
|
|
The Initial Developer of the Original Code is Robert A. van Engelen.
|
Copyright (C) 2000-2015, Robert van Engelen, Genivia, Inc., All Rights Reserved.
|
--------------------------------------------------------------------------------
|
GPL license.
|
|
This program is free software; you can redistribute it and/or modify it under
|
the terms of the GNU General Public License as published by the Free Software
|
Foundation; either version 2 of the License, or (at your option) any later
|
version.
|
|
This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
You should have received a copy of the GNU General Public License along with
|
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Author contact information:
|
engelen@genivia.com / engelen@acm.org
|
|
This program is released under the GPL with the additional exemption that
|
compiling, linking, and/or using OpenSSL is allowed.
|
--------------------------------------------------------------------------------
|
A commercial use license is available from Genivia, Inc., contact@genivia.com
|
--------------------------------------------------------------------------------
|
*/
|
|
/**
|
|
@page mecevp The mecevp streaming message encryption and decryption engine
|
|
The gSOAP mecevp engine encrypts and decrypts messages using the EVP interface
|
of OpenSSL. It supports envelope encryption/decryption with public and private
|
RSA keys and symmetric encryption with shared secret keys. Streaming and
|
buffered message encryption modes are supported.
|
|
An encryption and decryption algorithm and mode is selected with one of the
|
following:
|
|
- @ref SOAP_MEC_ENV_ENC_DES_CBC envelope encryption with triple DES EDE CBC
|
- @ref SOAP_MEC_ENV_ENC_AES256_CBC envelope encryption with AES256 CBC
|
- @ref SOAP_MEC_ENV_ENC_AES256_GCM envelope authenticated encryption with AES256 GCM
|
- @ref SOAP_MEC_ENC_DES_CBC symmetric encryption with triple DES EDE CBC
|
- @ref SOAP_MEC_ENC_AES256_CBC symmetric encryption with AES256 CBC
|
- @ref SOAP_MEC_ENC_AES256_GCM symmetric authenticated encryption with AES256 GCM
|
- @ref SOAP_MEC_ENV_DEC_DES_CBC envelope decryption with triple DES EDE CBC
|
- @ref SOAP_MEC_ENV_DEC_AES256_CBC envelope decryption with AES256 CBC
|
- @ref SOAP_MEC_ENV_DEC_AES256_GCM envelope authenticated decryption with AES256 GCM
|
- @ref SOAP_MEC_DEC_DES_CBC symmetric decryption with triple DES EDE CBC
|
- @ref SOAP_MEC_DEC_AES256_CBC symmetric decryption with AES256 CBC
|
- @ref SOAP_MEC_DEC_AES256_GCM symmetric authenticated decryption with AES256 GCM
|
|
where, in the above, AES256 can be replaced with AES128 ot AES192.
|
|
Algorithm options:
|
|
- @ref SOAP_MEC_STORE buffer all output in memory
|
- @ref SOAP_MEC_OAEP use OAEP padding for CBC
|
|
The mecevp engine wraps the EVP API with four new functions:
|
|
- @ref soap_mec_init to initialize the engine
|
- @ref soap_mec_update to encrypt/decrypt a message part
|
- @ref soap_mec_final to finalize encryption/decryption, does not deallocate
|
tne engine and buffers
|
- @ref soap_mec_cleanup to deallocate the engine and buffers
|
|
All cipher data is written and read in base64 format.
|
|
A higher-level interface for message encryption/decryption in parts (such as
|
individual XML elements) is defined by two new functions:
|
|
- @ref soap_mec_begin to begin a streaming sequence of encryptions/decryptions
|
- @ref soap_mec_start to start encryption/decryption of a message part
|
- @ref soap_mec_stop to stop encryption/decryption of a message part
|
- @ref soap_mec_end to end the sequence and deallocate the engine buffers
|
|
Compile all source codes with -DWITH_OPENSSL and link with ssl and crypto
|
libraries.
|
|
Here is an example to encrypt a message while streaming it to the output. The
|
example uses the public key of the recipient/reader of the message. The
|
recipient/reader uses its private key to decrypt. Envelope encryption is used
|
with SOAP_MEC_ENV_ENC_DES_CBC, which means an ephemeral secret key is generated
|
and encrypted with the public key. This encrypted secret key should be
|
communicated to the recipient/reader with the message to decrypt:
|
|
@code
|
#include "mecevp.h"
|
soap_mec_data mec;
|
ns__Object object;
|
int alg = SOAP_MEC_ENV_ENC_DES_CBC;
|
FILE *fd = fopen("key.pem", "r");
|
EVP_PKEY *pubk;
|
unsigned char *key;
|
int keylen;
|
if (...) // key file contains public key?
|
pubk = PEM_read_PUBKEY(fd, NULL, NULL, NULL);
|
else // key file contains certificate
|
{
|
X509 *cert = PEM_read_X509(fd, NULL, NULL, NULL);
|
pubk = X509_get_pubkey(cert);
|
X509_free(cert);
|
}
|
fclose(fd);
|
key = soap_malloc(soap, soap_mec_size(alg, pubk));
|
if (soap_begin_send(soap)
|
|| soap_mec_begin(soap, &mec, alg, pubk, key, &keylen)
|
|| soap_mec_start(soap, NULL)
|
|| soap_out_ns__Object(soap, "ns:Object", 0, &object, NULL)
|
|| soap_mec_stop(soap)
|
|| soap_mec_end(soap, &mec)
|
|| soap_end_send(soap))
|
{
|
soap_mec_cleanup(soap, &mec); // clean up when error
|
soap_print_fault(soap, stderr);
|
}
|
EVP_PKEY_free(pubk);
|
@endcode
|
|
The example given above sends the output to stdout. To save the output in a
|
string use the following in C:
|
|
@code
|
char *str = NULL; // string to be set to the encrypted output
|
soap->os = &str; // for C code only
|
if (soap_begin_send(soap)
|
...
|
soap->os = NULL;
|
... // use str, which is set to the encrypted output
|
soap_end(soap); // auto-deletes str
|
@endcode
|
|
With C++ you should use a string stream:
|
|
@code
|
std::stringstream ss;
|
soap->os = &ss;
|
if (soap_begin_send(soap)
|
...
|
soap->os = NULL;
|
... // use ss.str()
|
soap_destroy(soap); // cleanup
|
soap_end(soap); // cleanup
|
@endcode
|
|
The decryption by the recipient/reader requires the ephemeral encrypted secret
|
key generated by soap_mec_begin by the sender (as set above) to decrypt the
|
message using envelope decryption with SOAP_MEC_ENV_DEC_DES_CBC.
|
|
@code
|
#include "mecevp.h"
|
soap_mec_data mec;
|
ns__Object object;
|
int alg = SOAP_MEC_ENV_DEC_DES_CBC;
|
FILE *fd = fopen("key.pem", "r");
|
EVP_PKEY *privk = PEM_read_PrivateKey(fd, NULL, NULL, "password");
|
unsigned char *key;
|
int keylen;
|
fclose(fd);
|
key = ... // value set as above by sender
|
keylen = ... // value set as above by sender
|
if (soap_begin_recv(soap)
|
|| soap_mec_begin(soap, &mec, alg, privk, key, &keylen)
|
|| soap_mec_start(soap)
|
|| soap_in_ns__Object(soap, "ns:Object", &object, NULL) == NULL
|
|| soap_mec_stop(soap)
|
|| soap_mec_end(soap, &mec)
|
|| soap_end_recv(soap))
|
{
|
soap_mec_cleanup(soap, &mec); // clean up when error
|
soap_print_fault(soap, stderr);
|
}
|
EVP_PKEY_free(privk);
|
@endcode
|
|
The example given above reads the input from stdin. To read input from a string
|
use the following in C:
|
|
@code
|
char *str; // string with encrupted input
|
soap->is = str;
|
if (soap_begin_recv(soap)
|
...
|
soap->is = NULL;
|
soap_end(soap); // cleanup
|
@endcode
|
|
With C++ you should use a string stream:
|
|
@code
|
std::stringstream ss;
|
ss.str(...); // string with encrypted input
|
soap->is = &ss;
|
if (soap_begin_recv(soap)
|
...
|
soap->is = NULL;
|
soap_destroy(soap); // cleanup
|
soap_end(soap); // cleanup
|
@endcode
|
|
Note that the encrypted secret key can be sent in the clear or stored openly,
|
since only the recipient/reader will be able to decode it (with its private
|
key) and use it for message decryption.
|
|
Symmetric encryption and decryption can be used if both parties can safely
|
share a secret symmetric key that no other party has access to. We use
|
SOAP_MEC_ENC_DES_CBC for encryption and SOAP_MEC_DEC_DES_CBC for decryption
|
using a 160-bit triple DES key. You can also use AES128, AES192, AES256
|
ciphers.
|
|
Here is an example to encrypt a message using a shared secret key while
|
streaming it to the output.
|
|
@code
|
#include "mecevp.h"
|
soap_mec_data mec;
|
ns__Object object;
|
int alg = SOAP_MEC_ENC_DES_CBC;
|
unsigned char key[20] = { ... }; // shared secret triple DES key
|
int keylen = 20;
|
if (soap_begin_send(soap)
|
|| soap_mec_begin(soap, &mec, alg, NULL, key, &keylen)
|
|| soap_mec_start(soap, NULL)
|
|| soap_out_ns__Object(soap, "ns:Object", 0, &object, NULL)
|
|| soap_mec_stop(soap)
|
|| soap_mec_end(soap, &mec)
|
|| soap_end_send(soap))
|
{
|
soap_mec_cleanup(soap, &mec); // clean up when error
|
soap_print_fault(soap, stderr);
|
}
|
@endcode
|
|
The decryption by the recipient/reader requires the same shared secret key to
|
decrypt the message using envelope decryption with SOAP_MEC_DEC_DES_CBC. This
|
key is secret and unencrypted, so it should never be shared with any other
|
party besides the sender/writer and recipient/reader.
|
|
@code
|
#include "mecevp.h"
|
soap_mec_data mec;
|
ns__Object object;
|
int alg = SOAP_MEC_DEC_DES_CBC;
|
unsigned char key[20] = { ... }; // shared secret triple DES key
|
int keylen = 20;
|
if (soap_begin_recv(soap)
|
|| soap_mec_begin(soap, &mec, alg, NULL, key, &keylen)
|
|| soap_mec_start(soap)
|
|| soap_in_ns__Object(soap, "ns:Object", &object, NULL) == NULL
|
|| soap_mec_stop(soap)
|
|| soap_mec_end(soap, &mec)
|
|| soap_end_recv(soap))
|
{
|
soap_mec_cleanup(soap, &mec); // clean up when error
|
soap_print_fault(soap, stderr);
|
}
|
@endcode
|
|
@note
|
The mecevp engine uses callbacks of the gSOAP engine that were introduced in
|
version 2.8.1. Earlier gSOAP version releases are not compatible with the
|
mecevp plugin and engine.
|
|
*/
|
|
#include "mecevp.h"
|
|
#ifdef __cplusplus
|
extern "C" {
|
#endif
|
|
/******************************************************************************\
|
*
|
* Static protos
|
*
|
\******************************************************************************/
|
|
static int soap_mec_upd(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final);
|
static int soap_mec_upd_enc(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final);
|
static int soap_mec_upd_dec(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final);
|
|
static int soap_mec_check(struct soap *soap, struct soap_mec_data *data, int err, const char *msg);
|
|
static void soap_mec_put_base64(struct soap *soap, struct soap_mec_data *data, const unsigned char *s, int n);
|
static void soap_mec_end_base64(struct soap *soap, struct soap_mec_data *data);
|
static int soap_mec_get_base64(struct soap *soap, struct soap_mec_data *data, char *t, size_t *l, const char *s, size_t n, const char **r, size_t *k);
|
|
static int soap_mec_filtersend(struct soap *soap, const char **s, size_t *n);
|
static int soap_mec_filterrecv(struct soap *soap, char *buf, size_t *len, size_t maxlen);
|
|
/******************************************************************************\
|
*
|
* soap_mec API functions
|
*
|
\******************************************************************************/
|
|
/**
|
@fn int soap_mec_init(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
|
@brief Initialize mecevp engine state and create context for encryption/decryption algorithm using a private/public key or symmetric secret
|
key.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in] alg encryption/decryption algorithm
|
@param[in] pkey public/private key or NULL
|
@param[in,out] key secret key or encrypted ephemeral secret key set with envelope encryption, or NULL
|
@param[in,out] keylen secret key length
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_init(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
|
{
|
int ok = 1;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "soap_mec_init()\n"));
|
soap_ssl_init();
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
data->ctx = (EVP_CIPHER_CTX*)SOAP_MALLOC(soap, sizeof(EVP_CIPHER_CTX));
|
if (data->ctx)
|
EVP_CIPHER_CTX_init(data->ctx);
|
#else
|
data->ctx = EVP_CIPHER_CTX_new();
|
#endif
|
if (!data->ctx)
|
return soap->error = SOAP_EOM;
|
data->alg = alg;
|
data->state = SOAP_MEC_STATE_NONE;
|
data->restidx = 0;
|
data->taglen = 0;
|
switch (alg & SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_DES_CBC:
|
data->type = EVP_des_ede3_cbc();
|
break;
|
case SOAP_MEC_AES128_CBC:
|
data->type = EVP_aes_128_cbc();
|
break;
|
case SOAP_MEC_AES192_CBC:
|
data->type = EVP_aes_192_cbc();
|
break;
|
case SOAP_MEC_AES256_CBC:
|
data->type = EVP_aes_256_cbc();
|
break;
|
case SOAP_MEC_AES512_CBC:
|
data->type = NULL; /* N/A */
|
break;
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
case SOAP_MEC_AES128_GCM:
|
data->type = EVP_aes_128_gcm();
|
break;
|
case SOAP_MEC_AES192_GCM:
|
data->type = EVP_aes_192_gcm();
|
break;
|
case SOAP_MEC_AES256_GCM:
|
data->type = EVP_aes_256_gcm();
|
break;
|
case SOAP_MEC_AES512_GCM:
|
data->type = NULL; /* N/A */
|
break;
|
#endif
|
default:
|
data->type = NULL;
|
}
|
if (alg & SOAP_MEC_ENC)
|
{
|
if (!data->type)
|
return soap_mec_check(soap, data, 0, "soap_mec_init() failed: cannot load cipher");
|
ok = EVP_EncryptInit_ex(data->ctx, data->type, NULL, NULL, NULL);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_EncryptInit ok=%d\n", ok));
|
}
|
if (alg & SOAP_MEC_GCM)
|
EVP_CIPHER_CTX_set_padding(data->ctx, 0);
|
else
|
{
|
if (alg & SOAP_MEC_OAEP)
|
EVP_CIPHER_CTX_set_padding(data->ctx, RSA_PKCS1_OAEP_PADDING);
|
else
|
EVP_CIPHER_CTX_set_padding(data->ctx, RSA_PKCS1_PADDING);
|
}
|
switch (alg & SOAP_MEC_MASK & ~SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_ENV_ENC:
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
|
ok = EVP_CIPHER_CTX_rand_key(data->ctx, data->ekey);
|
#elif defined(EVP_CIPH_RAND_KEY)
|
if (data->ctx->cipher->flags & EVP_CIPH_RAND_KEY)
|
ok = EVP_CIPHER_CTX_ctrl(data->ctx, EVP_CTRL_RAND_KEY, 0, data->ekey);
|
else
|
ok = RAND_bytes(data->ekey, data->ctx->key_len);
|
#else
|
ok = RAND_bytes(data->ekey, data->ctx->key_len);
|
#endif
|
/* generate ephemeral secret key */
|
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
*keylen = EVP_PKEY_encrypt_old(key, data->ekey, EVP_CIPHER_CTX_key_length(data->ctx), pkey);
|
#else
|
*keylen = EVP_PKEY_encrypt(key, data->ekey, EVP_CIPHER_CTX_key_length(data->ctx), pkey);
|
#endif
|
key = data->ekey;
|
/* fall through to next arm */
|
case SOAP_MEC_ENC:
|
data->bufidx = 0;
|
data->buflen = 1024; /* > iv in base64 must fit */
|
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
|
data->key = key;
|
break;
|
case SOAP_MEC_ENV_DEC:
|
case SOAP_MEC_DEC:
|
data->pkey = pkey;
|
data->key = key;
|
data->keylen = *keylen;
|
break;
|
default:
|
return soap_set_receiver_error(soap, "Unsupported encryption algorithm", NULL, SOAP_SSL_ERROR);
|
}
|
return soap_mec_check(soap, data, ok, "soap_mec_init() failed");
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_update(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n)
|
@brief Update mecevp engine state: encrypts plain text (or raw data) or decrypts cipher data in base64 format.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in,out] s input data to convert, afterwards points to converted data (original content is unchanged)
|
@param[in,out] n size of input, afterwards size of output
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_update(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n)
|
{
|
return soap_mec_upd(soap, data, s, n, 0);
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_final(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n)
|
@brief Ends mecevp engine state: encrypt/decrypt remainder from buffers.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[out] s afterwards points to converted remaining data in streaming mode, or entire converted data in buffer mode (SOAP_MEC_STORE option)
|
@param[out] n afterwards size of remaining data
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
int
|
soap_mec_final(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "soap_mec_final()\n"));
|
*n = 0;
|
if (!data->ctx)
|
return SOAP_OK;
|
if (soap_mec_upd(soap, data, s, n, 1))
|
return soap->error;
|
return SOAP_OK;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn void soap_mec_cleanup(struct soap *soap, struct soap_mec_data *data)
|
@brief Clean up mecevp engine and deallocate cipher context and buffers.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
SOAP_FMAC1
|
void
|
SOAP_FMAC2
|
soap_mec_cleanup(struct soap *soap, struct soap_mec_data *data)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "soap_mec_cleanup()\n"));
|
data->alg = SOAP_MEC_NONE;
|
data->state = SOAP_MEC_STATE_NONE;
|
data->type = NULL;
|
if (data->ctx)
|
{
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
EVP_CIPHER_CTX_cleanup(data->ctx);
|
SOAP_FREE(soap, data->ctx);
|
#else
|
EVP_CIPHER_CTX_free(data->ctx);
|
#endif
|
data->ctx = NULL;
|
}
|
if (data->buf)
|
{
|
SOAP_FREE(soap, data->buf);
|
data->buf = NULL;
|
data->buflen = 0;
|
}
|
if (data->rest)
|
{
|
SOAP_FREE(soap, data->rest);
|
data->rest = NULL;
|
data->restlen = 0;
|
}
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_begin(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
|
@brief Initialize the mecevp engine data and begin encryption or decryption message sequence using a private/public key or symmetric secret key.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in] alg encryption/decryption algorithm
|
@param[in] pkey public/private key or NULL
|
@param[in,out] key secret key or encrypted ephemeral secret key set with envelope encryption, or NULL
|
@param[in,out] keylen secret key length
|
@return SOAP_OK or error code
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_begin(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Begin alg=0x%x\n", alg));
|
/* save and set the engine's 'data' field to pass data to the callbacks */
|
soap->data[1] = (void*)data;
|
data->ctx = NULL;
|
data->type = NULL;
|
data->pkey = NULL;
|
data->key = NULL;
|
data->buf = NULL;
|
data->bufidx = 0;
|
data->buflen = 0;
|
data->rest = NULL;
|
data->restidx = 0;
|
data->restlen = 0;
|
data->taglen = 0;
|
/* save the mode flag */
|
data->mode = soap->mode;
|
if (alg & SOAP_MEC_ENC)
|
{
|
/* clear the IO flags and DOM flag */
|
soap->mode &= ~(SOAP_IO | SOAP_IO_LENGTH | SOAP_ENC_ZLIB | SOAP_XML_DOM);
|
/* clear the XML attribute store */
|
soap_clr_attr(soap);
|
/* load the local XML namespaces store */
|
soap_set_local_namespaces(soap);
|
if (soap->mode & SOAP_XML_CANONICAL)
|
soap->ns = 0; /* for in c14n, we must have all xmlns bindings available */
|
}
|
else if (soap->ffilterrecv != soap_mec_filterrecv)
|
{
|
/* save and override the callbacks */
|
data->ffilterrecv = soap->ffilterrecv;
|
soap->ffilterrecv = soap_mec_filterrecv;
|
}
|
/* init the soap_mec engine */
|
return soap_mec_init(soap, data, alg, pkey, key, keylen);
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
|
@brief Start encryption or decryption of current message. If key is non-NULL, use the symmetric key with alg. Use soap_mec_start only after soap_mec_begin. The soap_mec_start should be followed by a soap_mec_stop call.
|
@param soap context
|
@param[in] alg algorithm
|
@param[in] key secret DES/AES key or NULL for private key
|
@return SOAP_OK or error code
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
|
{
|
struct soap_mec_data *data;
|
int ok = 1;
|
data = (struct soap_mec_data*)soap->data[1];
|
if (!data)
|
return soap->error = SOAP_USER_ERROR;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Start alg=0x%x\n", data->alg));
|
if (key)
|
data->key = key;
|
if (alg != SOAP_MEC_NONE)
|
data->alg = alg;
|
if (data->alg & SOAP_MEC_ENC)
|
{
|
unsigned char iv[EVP_MAX_IV_LENGTH];
|
int ivlen;
|
if (!data->type)
|
return soap_mec_check(soap, data, 0, "soap_mec_start_alg() failed: no cipher");
|
/* save and override the callbacks */
|
data->ffiltersend = soap->ffiltersend;
|
soap->ffiltersend = soap_mec_filtersend;
|
data->bufidx = 0;
|
data->i = 0;
|
data->m = 0;
|
ivlen = EVP_CIPHER_iv_length(data->type);
|
if (ivlen)
|
{
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
RAND_bytes(iv, ivlen);
|
#else
|
RAND_pseudo_bytes(iv, ivlen);
|
#endif
|
soap_mec_put_base64(soap, data, (unsigned char*)iv, ivlen);
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "IV = "));
|
DBGHEX(TEST, iv, ivlen);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n"));
|
ok = EVP_EncryptInit_ex(data->ctx, NULL, NULL, data->key, iv);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_EncryptInit ok=%d\n", ok));
|
}
|
else
|
{
|
size_t len;
|
/* algorithm */
|
switch (data->alg & SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_DES_CBC:
|
data->type = EVP_des_ede3_cbc();
|
break;
|
case SOAP_MEC_AES128_CBC:
|
data->type = EVP_aes_128_cbc();
|
break;
|
case SOAP_MEC_AES192_CBC:
|
data->type = EVP_aes_192_cbc();
|
break;
|
case SOAP_MEC_AES256_CBC:
|
data->type = EVP_aes_256_cbc();
|
break;
|
case SOAP_MEC_AES512_CBC:
|
data->type = NULL; /* N/A */
|
break;
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
case SOAP_MEC_AES128_GCM:
|
data->type = EVP_aes_128_gcm();
|
break;
|
case SOAP_MEC_AES192_GCM:
|
data->type = EVP_aes_192_gcm();
|
break;
|
case SOAP_MEC_AES256_GCM:
|
data->type = EVP_aes_256_gcm();
|
break;
|
case SOAP_MEC_AES512_GCM:
|
data->type = NULL; /* N/A */
|
break;
|
#endif
|
default:
|
data->type = NULL;
|
}
|
if (!data->type)
|
return soap_mec_check(soap, data, 0, "soap_mec_start_alg() failed: cannot load cipher");
|
len = 2 * sizeof(soap->buf) + EVP_CIPHER_block_size(data->type);
|
if (!data->buf || data->buflen < len)
|
{
|
if (data->buf)
|
SOAP_FREE(soap, data->buf);
|
data->buflen = len;
|
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
|
}
|
data->bufidx = soap->buflen - soap->bufidx;
|
/* copy buf[bufidx..buflen-1] to data buf */
|
(void)soap_memcpy((void*)data->buf, data->buflen, (const void*)(soap->buf + soap->bufidx), data->bufidx);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Alloc buf=%lu, copy %lu message bytes\n", (unsigned long)data->buflen, (unsigned long)data->bufidx));
|
/* trigger ffilterrecv() */
|
soap->bufidx = soap->buflen;
|
/* INIT state */
|
data->i = 0;
|
data->m = 0;
|
data->state = SOAP_MEC_STATE_INIT;
|
}
|
return soap_mec_check(soap, data, ok, "soap_mec_start() failed");
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_start(struct soap *soap, const unsigned char *key)
|
@brief Start encryption or decryption of current message. If key is non-NULL, use the symmetric key with alg. Use soap_mec_start only after soap_mec_begin. The soap_mec_start should be followed by a soap_mec_stop call.
|
@param soap context
|
@param[in] key secret DES/AES key or NULL
|
@return SOAP_OK or error code
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_start(struct soap *soap, const unsigned char *key)
|
{
|
return soap_mec_start_alg(soap, SOAP_MEC_NONE, key);
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_stop(struct soap *soap)
|
@brief Stops encryption or decryption of current message. Use after soap_mec_start.
|
@param soap context
|
@return SOAP_OK or error code
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_stop(struct soap *soap)
|
{
|
struct soap_mec_data *data;
|
int err = SOAP_OK;
|
data = (struct soap_mec_data*)soap->data[1];
|
if (!data)
|
return soap->error = SOAP_USER_ERROR;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Stop alg=0x%x\n", data->alg));
|
if (data->alg & SOAP_MEC_ENC)
|
{
|
const char *s = NULL;
|
size_t n = 0;
|
err = soap_mec_final(soap, data, &s, &n);
|
/* reset callbacks */
|
if (soap->ffiltersend == soap_mec_filtersend)
|
soap->ffiltersend = data->ffiltersend;
|
/* send remaining cipher data */
|
if (!err && n)
|
if (soap_send_raw(soap, s, n))
|
return soap->error;
|
}
|
return err;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_end(struct soap *soap, struct soap_mec_data *data)
|
@brief Ends encryption or decryption of a sequence of message parts that began
|
with soap_mec_begin.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@return SOAP_OK or error code
|
*/
|
SOAP_FMAC1
|
int
|
SOAP_FMAC2
|
soap_mec_end(struct soap *soap, struct soap_mec_data *data)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC End alg=0x%x\n", data->alg));
|
/* reset callbacks */
|
if (soap->ffiltersend == soap_mec_filtersend)
|
soap->ffiltersend = data->ffiltersend;
|
if (soap->ffilterrecv == soap_mec_filterrecv)
|
soap->ffilterrecv = data->ffilterrecv;
|
/* restore the mode flag */
|
soap->mode = data->mode;
|
/* cleanup and reset mecevp engine */
|
soap_mec_cleanup(soap, data);
|
soap->data[1] = NULL;
|
return SOAP_OK;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn size_t soap_mec_size(int alg, SOAP_MEC_KEY_TYPE *pkey)
|
@brief Returns the number of octets needed to store the public/private key or
|
the symmetric key, depending on the algorithm.
|
@param[in] alg is the algorithm to be used
|
@param[in] pkey is a pointer to an EVP_PKEY object or NULL for symmetric keys
|
@return size_t number of octets that is needed to hold the key.
|
*/
|
SOAP_FMAC1
|
size_t
|
SOAP_FMAC2
|
soap_mec_size(int alg, SOAP_MEC_KEY_TYPE *pkey)
|
{
|
if (alg & SOAP_MEC_ENV)
|
return (size_t)EVP_PKEY_size(pkey);
|
switch (alg & SOAP_MEC_ALGO & ~SOAP_MEC_GCM)
|
{
|
case SOAP_MEC_DES_CBC:
|
return 24;
|
case SOAP_MEC_AES128_CBC: /* CBC and GCM */
|
return 16;
|
case SOAP_MEC_AES192_CBC: /* CBC and GCM */
|
return 24;
|
case SOAP_MEC_AES256_CBC: /* CBC and GCM */
|
return 32;
|
case SOAP_MEC_AES512_CBC: /* CBC and GCM */
|
return 64;
|
}
|
return 0;
|
}
|
|
/******************************************************************************\
|
*
|
* Static local functions
|
*
|
\******************************************************************************/
|
|
/**
|
@fn int soap_mec_upd(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
@brief Update encryption/decryption state depending on the current algorithm
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in,out] s input data to convert, afterwards points to converted data (original content is unchanged)
|
@param[in,out] n size of input, afterwards size of output
|
@param[in] final flag to indicate no more input, output is flushed to s
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_upd(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
{
|
if (!data || !data->ctx)
|
return soap->error = SOAP_USER_ERROR;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MEC Update alg=0x%x n=%lu final=%d (%p) --\n", data->alg, (unsigned long)*n, final, data->ctx));
|
DBGMSG(TEST, *s, *n);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
if (data->alg & SOAP_MEC_ENC)
|
{
|
if (soap_mec_upd_enc(soap, data, s, n, final))
|
return soap->error;
|
}
|
else
|
{
|
if (soap_mec_upd_dec(soap, data, s, n, final))
|
return soap->error;
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
DBGMSG(TEST, *s, *n);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
return SOAP_OK;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_upd_enc(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
@brief Update encryption state with input plain text (or raw) data and output
|
in base64 format.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in,out] s input plain text, afterwards points to output cipher data
|
@param[in,out] n size of input text, afterwards size of cipher data
|
@param[in] final flag to indicate no more input, output is flushed to s
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_upd_enc(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
{
|
size_t k;
|
int m;
|
int ok = 0;
|
if (!data->type)
|
return soap_mec_check(soap, data, 0, "soap_mec_upd_enc() failed");
|
/* cipher size */
|
k = *n + EVP_CIPHER_block_size(data->type);
|
/* scale by base64 size + in-use part + 8 margin */
|
m = data->bufidx + 8 + (k + 2) / 3 * 4 + 1;
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
if (final && (data->alg & SOAP_MEC_GCM))
|
m += sizeof(data->tag);
|
#endif
|
/* fits in buf after bufidx? */
|
if (m > (int)data->buflen)
|
{
|
char *t = data->buf;
|
data->buflen = (size_t)m; /* + slack? */
|
data->buf = (char*)SOAP_MALLOC(soap, m);
|
if (t)
|
{
|
(void)soap_memcpy((void*)data->buf, (size_t)m, (const void*)t, data->bufidx); /* copy in-use part */
|
SOAP_FREE(soap, t);
|
}
|
}
|
if (!final)
|
{
|
/* envelope encryption or with shared key? */
|
if (data->alg & SOAP_MEC_ENV)
|
{
|
ok = EVP_SealUpdate(data->ctx, (unsigned char*)data->buf + data->buflen - k, &m, (unsigned char*)*s, (int)*n);
|
DBGHEX(TEST, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_SealUpdate ok=%d\n", ok));
|
}
|
else
|
{
|
ok = EVP_EncryptUpdate(data->ctx, (unsigned char*)data->buf + data->buflen - k, &m, (unsigned char*)*s, (int)*n);
|
DBGHEX(TEST, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_EncryptUpdate ok=%d\n", ok));
|
}
|
/* convert to base64 */
|
soap_mec_put_base64(soap, data, (unsigned char*)(data->buf + data->buflen - k), m);
|
*s = data->buf;
|
*n = data->bufidx;
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0;
|
}
|
else
|
{
|
/* envelope encryption or with shared key? */
|
if (data->alg & SOAP_MEC_ENV)
|
{
|
ok = EVP_SealFinal(data->ctx, (unsigned char*)data->buf + data->buflen - k, &m);
|
DBGHEX(TEST, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_SealFinal ok=%d\n", ok));
|
}
|
else
|
{
|
ok = EVP_EncryptFinal(data->ctx, (unsigned char*)data->buf + data->buflen - k, &m);
|
DBGHEX(TEST, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_EncryptFinal ok=%d\n", ok));
|
}
|
/* convert to base64 */
|
soap_mec_put_base64(soap, data, (unsigned char*)(data->buf + data->buflen - k), m);
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
if (data->alg & SOAP_MEC_GCM)
|
{
|
/* add GCM tag in base64 */
|
EVP_CIPHER_CTX_ctrl(data->ctx, EVP_CTRL_GCM_GET_TAG, sizeof(data->tag), data->tag);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Get GCM tag = "));
|
DBGHEX(TEST, data->tag, sizeof(data->tag));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n"));
|
soap_mec_put_base64(soap, data, (unsigned char*)(data->tag), sizeof(data->tag));
|
}
|
#endif
|
soap_mec_end_base64(soap, data);
|
*s = data->buf;
|
*n = data->bufidx;
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0;
|
}
|
if (m > (int)k)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Assertion m<=k failed k=%lu m=%lu\n", (unsigned long)k, (unsigned long)m));
|
return soap->error = SOAP_USER_ERROR;
|
}
|
return soap_mec_check(soap, data, ok, "soap_mec_upd_enc() failed");
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_upd_dec(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
@brief Update decryption state with input cipher data in base64 format and output in plain text (or raw) format
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in,out] s input cipher data, afterwards points to output plain text
|
@param[in,out] n size of input cipher data, afterwards size of plain text
|
@param[in] final flag to indicate no more input, output is flushed to s
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_upd_dec(struct soap *soap, struct soap_mec_data *data, const char **s, size_t *n, int final)
|
{
|
const char *r = NULL;
|
size_t k = 0, l = 0, m = 0;
|
int len = 0;
|
int ok = 1;
|
int rest = 0;
|
enum SOAP_MEC_STATE state = data->state;
|
if (!data->type)
|
return soap_mec_check(soap, data, 0, "soap_mec_upd_dec() failed");
|
if (final && state == SOAP_MEC_STATE_DECRYPT)
|
data->state = SOAP_MEC_STATE_FINAL;
|
/* if flushing the buf, no base64-decode or decryption to do */
|
if (state == SOAP_MEC_STATE_FLUSH || state == SOAP_MEC_STATE_NONE)
|
{
|
/* old + new fit in buf? */
|
if (data->bufidx + *n > data->buflen)
|
{
|
char *t = data->buf;
|
do
|
data->buflen += sizeof(soap->buf);
|
while (data->buflen < data->bufidx + *n);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Enlarging buffer n=%lu\n", (unsigned long)data->buflen));
|
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
|
if (t)
|
{
|
(void)soap_memcpy((void*)data->buf, data->buflen, (const void*)t, data->bufidx); /* copy old */
|
SOAP_FREE(soap, t);
|
}
|
}
|
/* concat old + new */
|
(void)soap_memcpy((void*)(data->buf + data->bufidx), data->buflen - data->bufidx, (const void*)*s, *n);
|
*s = data->buf;
|
*n += data->bufidx;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Flush state n=%lu\n", (unsigned long)*n));
|
/* release old + new for next round (assuming consumer fetches all) */
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0;
|
return SOAP_OK;
|
}
|
if (state == SOAP_MEC_STATE_INIT)
|
{
|
/* at init, base64 is in data->buf[bufidx] copied from buf[] */
|
data->i = 0;
|
data->m = 0;
|
k = (data->bufidx + *n + 3) / 4 * 3; /* decoded size from old + new */
|
data->taglen = 0; /* no GCM tag (yet) */
|
}
|
else
|
k = (*n + 3) / 4 * 3; /* base64-decoded size */
|
m = k + EVP_CIPHER_block_size(data->type); /* decrypted data size */
|
/* decrypted + base64-decoded + GCM tag all fit in current buf? */
|
if (data->buflen < data->bufidx + m + k + data->taglen)
|
{
|
/* no, need to enlarge */
|
char *t = data->buf;
|
do
|
data->buflen += sizeof(soap->buf);
|
while (data->buflen < data->bufidx + m + k + data->taglen);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Enlarging buffer n=%lu\n", (unsigned long)data->buflen));
|
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
|
if (t)
|
{
|
(void)soap_memcpy((void*)data->buf, data->buflen, (const void*)t, data->bufidx); /* copy old part */
|
SOAP_FREE(soap, t);
|
}
|
}
|
/* base64 decode */
|
if (state == SOAP_MEC_STATE_INIT)
|
{
|
/* base64 is in data buf[0..bufidx-1] and *s */
|
if (soap_mec_get_base64(soap, data, data->buf + data->buflen - k, &m, data->buf, data->bufidx, &r, &l))
|
return soap->error;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Base64 stage 1 s=%p n=%lu m=%lu r=%p l=%lu\n", *s, (unsigned long)data->bufidx, (unsigned long)m, r, (unsigned long)l));
|
/* position 'r' is at a spot that gets overwritten, copy to rest */
|
if (r)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Base64 stage 2 rest=%lu bytes\n", (unsigned long)*n));
|
rest = *n;
|
}
|
else
|
{
|
size_t j;
|
/* base64-decode *s */
|
if (soap_mec_get_base64(soap, data, data->buf + data->buflen - k + m, &j, *s, *n, &r, &l))
|
return soap->error;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Base64 stage 3 s=%p n=%lu m=%lu r=%p l=%lu\n", *s, (unsigned long)*n, (unsigned long)m, r, (unsigned long)l));
|
m += j;
|
}
|
data->bufidx = 0;
|
}
|
else if (state != SOAP_MEC_STATE_FINAL && state != SOAP_MEC_STATE_FLUSH)
|
{
|
/* base64-decode *s */
|
if (soap_mec_get_base64(soap, data, data->buf + data->buflen - k, &m, *s, *n, &r, &l))
|
return soap->error;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Base64 stage 4 n=%lu m=%lu l=%lu\n", (unsigned long)*n, (unsigned long)m, (unsigned long)l));
|
}
|
if (r)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Rest = %lu + %lu bytes\n", (unsigned long)l, (unsigned long)rest));
|
if (data->restlen < l + rest)
|
{
|
if (data->rest)
|
SOAP_FREE(soap, data->rest);
|
data->restlen = l + rest;
|
data->rest = (char*)SOAP_MALLOC(soap, data->restlen);
|
}
|
data->restidx = l + rest;
|
(void)soap_memcpy((void*)data->rest, data->restlen, (const void*)r, l);
|
(void)soap_memcpy((void*)(data->rest + l), data->restlen - l, (const void*)*s, rest);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "--\n"));
|
DBGMSG(TEST, data->rest, data->restidx);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
}
|
/* debug */
|
DBGHEX(TEST, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
|
/* decryption of data buf[buflen-k] */
|
switch (data->state)
|
{
|
case SOAP_MEC_STATE_INIT:
|
/* move to next state */
|
state = SOAP_MEC_STATE_IV;
|
case SOAP_MEC_STATE_IV:
|
/* get the IV data from buf[buflen-k] */
|
(void)soap_memmove((void*)(data->buf + data->bufidx), data->buflen - data->bufidx, (const void*)(data->buf + data->buflen - k), m);
|
/* add to IV */
|
data->bufidx += m;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Getting IV new size=%lu\n", data->bufidx));
|
/* got all IV data? */
|
if (data->bufidx >= (size_t)EVP_CIPHER_iv_length(data->type))
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Got IV = "));
|
DBGHEX(TEST, (unsigned char*)data->buf, EVP_CIPHER_iv_length(data->type));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\nInitializing alg=0x%x\n", data->alg));
|
switch (data->alg & SOAP_MEC_MASK & ~SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_ENV_DEC:
|
ok = EVP_OpenInit(data->ctx, data->type, (unsigned char*)data->key, data->keylen, (unsigned char*)data->buf, (EVP_PKEY*)data->pkey);
|
EVP_CIPHER_CTX_set_padding(data->ctx, 0); /* disable padding check when decrypting for interop */
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_OpenInit ok=%d\n", ok));
|
break;
|
case SOAP_MEC_DEC:
|
ok = EVP_DecryptInit_ex(data->ctx, data->type, NULL, data->key, (unsigned char*)data->buf);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_DecryptInit_ex ok=%d\n", ok));
|
break;
|
}
|
if (ok)
|
{
|
/* shift rest of data to cipher section */
|
m = k = data->bufidx - EVP_CIPHER_iv_length(data->type);
|
(void)soap_memmove((void*)(data->buf + data->buflen - k), m, (const void*)(data->buf + EVP_CIPHER_iv_length(data->type)), m);
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
if (data->alg & SOAP_MEC_GCM)
|
{
|
/* rotate the last 128 bits through tag[] buffer */
|
if (m < sizeof(data->tag))
|
{
|
(void)soap_memcpy((void*)data->tag, sizeof(data->tag), (const void*)(data->buf + data->buflen - k), m);
|
data->taglen = m;
|
m = 0;
|
}
|
else
|
{
|
m -= sizeof(data->tag);
|
(void)soap_memcpy((void*)data->tag, sizeof(data->tag), (const void*)(data->buf + data->buflen - k + m), sizeof(data->tag));
|
data->taglen = sizeof(data->tag);
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Init GCM tag with %lu bytes\n", (unsigned long)data->taglen));
|
}
|
#endif
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Decrypt %lu bytes\n", (unsigned long)m));
|
/* decrypt to buf */
|
len = 0;
|
switch (data->alg & SOAP_MEC_MASK & ~SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_ENV_DEC:
|
ok = EVP_OpenUpdate(data->ctx, (unsigned char*)data->buf, &len, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_OpenUpdate len=%d ok=%d\n", len, ok));
|
break;
|
case SOAP_MEC_DEC:
|
ok = EVP_DecryptUpdate(data->ctx, (unsigned char*)data->buf, &len, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_DecryptUpdate len=%d ok=%d\n", len, ok));
|
break;
|
}
|
*s = data->buf;
|
*n = (size_t)len;
|
}
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0; /* next decoded goes to start of buf */
|
else
|
data->bufidx = *n;
|
/* next state */
|
state = SOAP_MEC_STATE_DECRYPT;
|
}
|
else
|
{
|
/* nothing to return yet, need more data */
|
*n = 0;
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "IV/decrypt state n=%lu\n", (unsigned long)*n));
|
break;
|
case SOAP_MEC_STATE_DECRYPT:
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
if (data->alg & SOAP_MEC_GCM)
|
{
|
/* rotate the last 128 bits through tag[] buffer */
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Rotate GCM tag with %lu bytes\n", (unsigned long)data->taglen));
|
k += data->taglen;
|
m += data->taglen;
|
(void)soap_memcpy((void*)(data->buf + data->buflen - k), k, (const void*)data->tag, data->taglen);
|
if (m < sizeof(data->tag))
|
{
|
(void)soap_memcpy((void*)data->tag, sizeof(data->tag), (const void*)(data->buf + data->buflen - k), m);
|
data->taglen = m;
|
m = 0;
|
}
|
else
|
{
|
m -= sizeof(data->tag);
|
(void)soap_memcpy((void*)data->tag, sizeof(data->tag), (const void*)(data->buf + data->buflen - k + m), sizeof(data->tag));
|
data->taglen = sizeof(data->tag);
|
}
|
}
|
#endif
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Decrypt %lu bytes\n", (unsigned long)m));
|
len = 0;
|
switch (data->alg & SOAP_MEC_MASK & ~SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_ENV_DEC:
|
ok = EVP_OpenUpdate(data->ctx, (unsigned char*)(data->buf + data->bufidx), &len, (unsigned char*)(data->buf + data->buflen - k), m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_OpenUpdate len=%d ok=%d\n", len, ok));
|
break;
|
case SOAP_MEC_DEC:
|
ok = EVP_DecryptUpdate(data->ctx, (unsigned char*)(data->buf + data->bufidx), &len, (unsigned char*)data->buf + data->buflen - k, m);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_DecryptUpdate len=%d ok=%d\n", len, ok));
|
break;
|
}
|
*s = data->buf;
|
*n = data->bufidx + (size_t)len;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Decrypt state n=%lu\n", (unsigned long)*n));
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0; /* next decoded goes to start of buf */
|
break;
|
case SOAP_MEC_STATE_FINAL:
|
{
|
/* we know there is enough space to flush *s and *n through the buf */
|
const char *t = *s;
|
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
|
if (data->alg & SOAP_MEC_GCM)
|
{
|
/* use the tag[] buffer */
|
EVP_CIPHER_CTX_ctrl(data->ctx, EVP_CTRL_GCM_SET_TAG, sizeof(data->tag), data->tag);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Set GCM tag = "));
|
DBGHEX(TEST, data->tag, sizeof(data->tag));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n"));
|
}
|
#endif
|
k = *n;
|
len = 0;
|
switch (data->alg & SOAP_MEC_MASK & ~SOAP_MEC_ALGO)
|
{
|
case SOAP_MEC_ENV_DEC:
|
ok = EVP_OpenFinal(data->ctx, (unsigned char*)(data->buf + data->bufidx), &len);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_OpenFinal ok=%d\n", ok));
|
break;
|
case SOAP_MEC_DEC:
|
ok = EVP_DecryptFinal(data->ctx, (unsigned char*)(data->buf + data->bufidx), &len);
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "EVP_DecryptFinal ok=%d\n", ok));
|
break;
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Append %d bytes from decrypted\n", len));
|
*s = data->buf;
|
*n = data->bufidx + (size_t)len;
|
if (data->restidx)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Append %lu bytes from rest\n", data->restidx));
|
(void)soap_memcpy((void*)(data->buf + *n), data->buflen - *n, (const void*)data->rest, data->restidx);
|
*n += data->restidx;
|
}
|
if (k)
|
{
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Append %lu bytes from input\n", k));
|
(void)soap_memmove((void*)(data->buf + *n), data->buflen - *n, (const void*)t, k);
|
*n += k;
|
}
|
if (!(data->alg & SOAP_MEC_STORE))
|
data->bufidx = 0; /* next decoded goes to start of buf */
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Final len=%lu\n", (unsigned long)*n));
|
state = SOAP_MEC_STATE_FLUSH; /* flush data buf, if needed */
|
break;
|
}
|
default:
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Error in decryption state\n"));
|
return soap->error = SOAP_SSL_ERROR;
|
}
|
if (r)
|
{
|
if (state == SOAP_MEC_STATE_DECRYPT)
|
{
|
state = SOAP_MEC_STATE_FINAL;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Append rest of stream %lu (%lu <= %lu)\n", data->restidx, *n, data->buflen));
|
}
|
}
|
data->state = state;
|
return soap_mec_check(soap, data, ok, "soap_mec_upd_dec() failed");
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_check(struct soap *soap, struct soap_mec_data *data, int ok, const char *msg)
|
@brief Check result of init/update/final mecevp engine operations.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in] ok EVP error value
|
@param[in] msg error message
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_check(struct soap *soap, struct soap_mec_data *data, int ok, const char *msg)
|
{
|
if (ok <= 0)
|
{
|
unsigned long r;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MEC Error (%d)", ok));
|
while ((r = ERR_get_error()))
|
{
|
ERR_error_string_n(r, soap->msgbuf, sizeof(soap->msgbuf));
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, " %s: \"%s\";", msg, soap->msgbuf));
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n"));
|
/* cleanup and reset mecevp engine */
|
soap_mec_cleanup(soap, data);
|
return soap_set_receiver_error(soap, msg, soap->msgbuf, SOAP_SSL_ERROR);
|
}
|
return SOAP_OK;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn void soap_mec_put_base64(struct soap *soap, struct soap_mec_data *data, const unsigned char *s, int n)
|
@brief Write base64 formatted data stored in s of length n to internal buffer
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in] s data to convert
|
@param[in] n length of data to convert
|
*/
|
static void
|
soap_mec_put_base64(struct soap *soap, struct soap_mec_data *data, const unsigned char *s, int n)
|
{
|
char *t;
|
int i;
|
unsigned long m;
|
(void)soap;
|
if (!s || !n)
|
return;
|
t = data->buf + data->bufidx;
|
i = data->i;
|
m = data->m;
|
while (n--)
|
{
|
m = (m << 8) | *s++;
|
if (i++ == 2)
|
{
|
for (i = 4; i > 0; m >>= 6)
|
t[--i] = soap_base64o[m & 0x3F];
|
t += 4;
|
data->bufidx += 4;
|
}
|
}
|
data->i = i;
|
data->m = m;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn void soap_mec_end_base64(struct soap *soap, struct soap_mec_data *data)
|
@brief End writing base64 formatted data to internal buffer
|
@param soap context
|
@param[in,out] data mecevp engine context
|
*/
|
static void
|
soap_mec_end_base64(struct soap *soap, struct soap_mec_data *data)
|
{
|
(void)soap;
|
if (data->i)
|
{
|
char *t;
|
int i;
|
unsigned long m;
|
t = data->buf + data->bufidx;
|
i = data->i;
|
m = data->m;
|
for (; i < 3; i++)
|
m <<= 8;
|
for (i++; i > 0; m >>= 6)
|
t[--i] = soap_base64o[m & 0x3F];
|
for (i = 3; i > data->i; i--)
|
t[i] = '=';
|
data->bufidx += 4;
|
}
|
data->i = 0;
|
data->m = 0;
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_get_base64(struct soap *soap, struct soap_mec_data *data, char *t, size_t *l, const char *s, size_t n, const char **r, size_t *k)
|
@brief Convert base64-formatted data from s[0..n-1] into raw data in t[0..l-1]
|
where l is the max size and set equal or lower if data fits in t. If data does
|
not fit r points to remainder in s[0..n-1] of size k.
|
@param soap context
|
@param[in,out] data mecevp engine context
|
@param[in] t raw data (converted from base64)
|
@param[in,out] l max size of t[], afterwards actual size of data written to t[]
|
@param[in] s data in base64 format
|
@param[in] n size of base64 data
|
@param[out] r if data does not fit in t[], points to s[] remainder to convert
|
@param[out] k if data does not fit in t[], size of remainder in r[]
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_get_base64(struct soap *soap, struct soap_mec_data *data, char *t, size_t *l, const char *s, size_t n, const char **r, size_t *k)
|
{
|
int i;
|
unsigned long m;
|
size_t j;
|
int c;
|
i = data->i;
|
m = data->m;
|
j = 0;
|
for (;;)
|
{
|
do
|
{
|
if (!n--)
|
{
|
*l = j;
|
data->i = i;
|
data->m = m;
|
*r = NULL;
|
*k = 0;
|
return SOAP_OK;
|
}
|
c = *s++;
|
if (c == '=' || c == '<')
|
{
|
switch (i)
|
{
|
case 2:
|
*t++ = (char)((m >> 4) & 0xFF);
|
j++;
|
break;
|
case 3:
|
*t++ = (char)((m >> 10) & 0xFF);
|
*t++ = (char)((m >> 2) & 0xFF);
|
j += 2;
|
}
|
if (c == '<')
|
{
|
s--;
|
n++;
|
}
|
else if (n && *s == '=')
|
{
|
s++;
|
n--;
|
}
|
*l = j;
|
*k = n;
|
*r = s;
|
return SOAP_OK;
|
}
|
if (c >= '+' && c <= '+' + 79)
|
{
|
int b = soap_base64i[c - '+'];
|
if (b >= 64)
|
return soap->error = SOAP_SSL_ERROR;
|
m = (m << 6) + b;
|
i++;
|
}
|
else if (c < 0 || c > 32)
|
return soap->error = SOAP_SSL_ERROR;
|
} while (i < 4);
|
*t++ = (char)((m >> 16) & 0xFF);
|
*t++ = (char)((m >> 8) & 0xFF);
|
*t++ = (char)(m & 0xFF);
|
j += 3;
|
i = 0;
|
m = 0;
|
}
|
}
|
|
/******************************************************************************\
|
*
|
* Callbacks registered by plugin
|
*
|
\******************************************************************************/
|
|
/**
|
@fn int soap_mec_filtersend(struct soap *soap, const char **s, size_t *n)
|
@brief Callback to modify outbound messages by encrypting through the engine.
|
@param soap context
|
@param[in,out] s plain text message, afterwards set to encrypted message
|
@param[in,out] n plain text message size, afterwards set to encrypted message size
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_filtersend(struct soap *soap, const char **s, size_t *n)
|
{
|
struct soap_mec_data *data = (struct soap_mec_data*)soap->data[1];
|
if (!data)
|
return SOAP_OK;
|
/* encrypt to base64 */
|
return soap_mec_upd(soap, data, s, n, 0);
|
}
|
|
/******************************************************************************/
|
|
/**
|
@fn int soap_mec_filterrecv(struct soap *soap, char *buf, size_t *len, size_t maxlen)
|
@brief Callback to modify inbound messages by decrypting through the engine.
|
@param soap context
|
@param[in,out] buf encrypted message, afterwards contains decrypted content
|
@param[in,out] len encrypted message size, afterwards set to decrypted content size
|
@param[in] maxlen max length of allocated buf size to contain decrypted content
|
@return SOAP_OK or SOAP_SSL_ERROR
|
*/
|
static int
|
soap_mec_filterrecv(struct soap *soap, char *buf, size_t *len, size_t maxlen)
|
{
|
struct soap_mec_data *data = (struct soap_mec_data*)soap->data[1];
|
const char *s = buf;
|
if (!data || (data->alg & SOAP_MEC_MASK) == SOAP_MEC_NONE || (data->alg & SOAP_MEC_ENC))
|
return SOAP_OK;
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Filter recv len in=%lu maxlen=%lu\n", (unsigned long)*len, (unsigned long)maxlen));
|
/* convert s[len] to new s with len (new s = data->buf) */
|
if (soap_mec_upd(soap, data, &s, len, 0))
|
return soap->error;
|
/* need more data? */
|
if (*len == 0)
|
return SOAP_OK;
|
/* does the result fit in buf[maxlen]? */
|
if (*len <= maxlen)
|
{
|
(void)soap_memcpy((void*)buf, maxlen, (const void*)s, *len); /* yes: copy data to buf[] */
|
data->bufidx = 0;
|
}
|
else
|
{
|
(void)soap_memcpy((void*)buf, maxlen, (const void*)s, maxlen); /* no: copy first part to buf[maxlen] */
|
(void)soap_memmove((void*)data->buf, data->buflen, (const void*)(s + maxlen), *len - maxlen); /* shift rest to the left */
|
data->bufidx = *len - maxlen; /* keep rest of the data in s (data->buf) */
|
*len = maxlen;
|
}
|
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Filter recv len out=%lu\n", (unsigned long)*len));
|
return SOAP_OK;
|
}
|
|
/******************************************************************************/
|
|
#ifdef __cplusplus
|
}
|
#endif
|
