/* * cypher.h * * Encryption support classes. * * Portable Windows Library * * Copyright (c) 1993-2002 Equivalence Pty. Ltd. * * The contents of this file are subject to the Mozilla Public License * Version 1.0 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See * the License for the specific language governing rights and limitations * under the License. * * The Original Code is Portable Windows Library. * * The Initial Developer of the Original Code is Equivalence Pty. Ltd. * * Contributor(s): ______________________________________. * * $Log: cypher.h,v $ * Revision 1.23 2005/11/30 12:47:37 csoutheren * Removed tabs, reformatted some code, and changed tags for Doxygen * * Revision 1.22 2005/01/26 05:37:40 csoutheren * Added ability to remove config file support * * Revision 1.21 2004/11/11 07:34:50 csoutheren * Added #include * * Revision 1.20 2004/03/23 05:59:17 csoutheren * Moved the Base64 routines into cypher.cxx, which is a more sensible * place and reduces the inclusion of unrelated code * * Revision 1.19 2004/02/04 02:31:34 csoutheren * Remove SHA-1 functions when OpenSSL is disabled * * Revision 1.18 2003/04/17 03:34:07 craigs * Fixed problem with delete'ing a void * * * Revision 1.17 2003/04/10 07:02:38 craigs * Fixed link problem in MD5 class * * Revision 1.16 2003/04/10 06:16:30 craigs * Added SHA-1 digest * * Revision 1.15 2002/11/06 22:47:23 robertj * Fixed header comment (copyright etc) * * Revision 1.14 2002/09/16 01:08:59 robertj * Added #define so can select if #pragma interface/implementation is used on * platform basis (eg MacOS) rather than compiler, thanks Robert Monaghan. * * Revision 1.13 2001/09/10 00:28:21 robertj * Fixed extra CR in comments. * * Revision 1.12 1999/03/09 08:01:46 robertj * Changed comments for doc++ support (more to come). * * Revision 1.11 1999/02/16 08:07:10 robertj * MSVC 6.0 compatibility changes. * * Revision 1.10 1998/09/23 06:19:24 robertj * Added open source copyright license. * * Revision 1.9 1997/10/10 10:44:01 robertj * Fixed bug in password encryption, missing string terminator. * * Revision 1.8 1996/11/16 10:50:24 robertj * Fixed bug in registration order form showing incorrect check code when have key. * * Revision 1.7 1996/07/15 10:29:38 robertj * Changed memory block cypher conversion functions to be void *. * Changed key types to be structures rather than arrays to avoid pinter/reference confusion by compilers. * * Revision 1.6 1996/03/17 05:47:00 robertj * Changed secured config to allow for expiry dates. * * Revision 1.5 1996/03/16 04:36:43 robertj * Redesign of secure config to accommodate expiry dates and option values passed in security key code. * * Revision 1.4 1996/02/25 02:52:46 robertj * Further secure config development. * * Revision 1.3 1996/01/28 14:16:11 robertj * Further implementation of secure config. * * Revision 1.2 1996/01/28 02:41:00 robertj * Removal of MemoryPointer classes as usage didn't work for GNU. * Added the secure configuration mechanism for protecting applications. * * Revision 1.1 1996/01/23 13:04:20 robertj * Initial revision * */ #ifndef _PCYPHER #define _PCYPHER #ifdef P_USE_PRAGMA #pragma interface #endif #include /** This class is used to encode/decode data using the MIME standard base64 encoding mechanism as defined in RFC1521. To encode a large block of data use the following seqeunce: \begin{verbatim} PBase64 base; base.StartEncoding(); while (Read(dataChunk)) { base.ProcessEncoding(dataChunk); out << base.GetEncodedString(); } out << base.CompleteEncoding(); \end{verbatim} if smaller blocks that fit easily in memory are to be encoded the #Encode()# functions can be used to everything in one go. To decode a large block of data use the following sequence: \begin{verbatim} PBase64 base; base.StartDecoding(); while (Read(str) && ProcessDecoding(str)) Write(base.GetDecodedData()); Write(base.GetDecodedData()); \end{verbatim} if smaller blocks that fit easily in memory are to be decoded the #Decode()# functions can be used to everything in one go. */ class PBase64 : public PObject { PCLASSINFO(PBase64, PObject); public: /** Construct a base 64 encoder/decoder and initialise both encode and decode members as in #StartEncoding()# and #StartDecoding()#. */ PBase64(); void StartEncoding( BOOL useCRLFs = TRUE // Use CR, LF pairs in end of line characters. ); // Begin a base 64 encoding operation, initialising the object instance. void ProcessEncoding( const PString & str // String to be encoded ); void ProcessEncoding( const char * cstr // C String to be encoded ); void ProcessEncoding( const PBYTEArray & data // Data block to be encoded ); void ProcessEncoding( const void * dataBlock, // Pointer to data to be encoded PINDEX length // Length of the data block. ); // Incorporate the specified data into the base 64 encoding. /** Get the partial Base64 string for the data encoded so far. @return Base64 encoded string for the processed data. */ PString GetEncodedString(); /** Complete the base 64 encoding and return the remainder of the encoded Base64 string. Previous data may have been already removed by the #GetInterim()# function. @return Base64 encoded string for the processed data. */ PString CompleteEncoding(); static PString Encode( const PString & str // String to be encoded to Base64 ); static PString Encode( const char * cstr // C String to be encoded to Base64 ); static PString Encode( const PBYTEArray & data // Data block to be encoded to Base64 ); static PString Encode( const void * dataBlock, // Pointer to data to be encoded to Base64 PINDEX length // Length of the data block. ); // Encode the data in memory to Base 64 data returnin the string. void StartDecoding(); // Begin a base 64 decoding operation, initialising the object instance. /** Incorporate the specified data into the base 64 decoding. @return TRUE if block was last in the Base64 encoded string. */ BOOL ProcessDecoding( const PString & str // String to be encoded ); BOOL ProcessDecoding( const char * cstr // C String to be encoded ); /** Get the data decoded so far from the Base64 strings processed. @return Decoded data for the processed Base64 string. */ BOOL GetDecodedData( void * dataBlock, // Pointer to data to be decoded from base64 PINDEX length // Length of the data block. ); PBYTEArray GetDecodedData(); /** Return a flag to indicate that the input was decoded without any extraneous or illegal characters in it that were ignored. This does not mean that the data is not valid, only that it is suspect. @return Decoded data for the processed Base64 string. */ BOOL IsDecodeOK() { return perfectDecode; } /** Convert a printable text string to binary data using the Internet MIME standard base 64 content transfer encoding. The base64 string is checked and TRUE returned if all perfectly correct. If FALSE is returned then the string had extraneous or illegal characters in it that were ignored. This does not mean that the data is not valid, only that it is suspect. @return Base 64 string decoded from input string. */ static PString Decode( const PString & str // Encoded base64 string to be decoded. ); static BOOL Decode( const PString & str, // Encoded base64 string to be decoded. PBYTEArray & data // Converted binary data from base64. ); static BOOL Decode( const PString & str, // Encoded base64 string to be decoded. void * dataBlock, // Pointer to data to be decoded from base64 PINDEX length // Length of the data block. ); private: void OutputBase64(const BYTE * data); PString encodedString; PINDEX encodeLength; BYTE saveTriple[3]; PINDEX saveCount; PINDEX nextLine; BOOL useCRLFs; BOOL perfectDecode; PINDEX quadPosition; PBYTEArray decodedData; PINDEX decodeSize; }; class PMessageDigest : public PObject { PCLASSINFO(PMessageDigest, PObject) public: /// Create a new message digestor PMessageDigest(); class Result { public: PINDEX GetSize() const { return value.GetSize(); } const BYTE * GetPointer() const { return (const BYTE *)value; } private: PBYTEArray value; friend class PMessageDigest5; friend class PMessageDigestSHA1; }; /// Begin a Message Digest operation, initialising the object instance. virtual void Start() = 0; virtual void Process( const void * dataBlock, ///< Pointer to data to be part of the MD5 PINDEX length ///< Length of the data block. ); /** Incorporate the specified data into the message digest. */ virtual void Process( const PString & str ///< String to be part of the MD5 ); /** Incorporate the specified data into the message digest. */ virtual void Process( const char * cstr ///< C String to be part of the MD5 ); /** Incorporate the specified data into the message digest. */ virtual void Process( const PBYTEArray & data ///< Data block to be part of the MD5 ); /** Complete the message digest and return the magic number result. The parameterless form returns the MD5 code as a Base64 string. @return Base64 encoded MD5 code for the processed data. */ virtual PString CompleteDigest(); virtual void CompleteDigest( Result & result ///< The resultant 128 bit MD5 code ); protected: virtual void InternalProcess( const void * dataBlock, ///< Pointer to data to be part of the MD5 PINDEX length ///< Length of the data block. ) = 0; virtual void InternalCompleteDigest( Result & result ///< The resultant 128 bit MD5 code ) = 0; }; /** MD5 Message Digest. A class to produce a Message Digest for a block of text/data using the MD5 algorithm as defined in RFC1321 by Ronald Rivest of MIT Laboratory for Computer Science and RSA Data Security, Inc. */ class PMessageDigest5 : public PMessageDigest { PCLASSINFO(PMessageDigest5, PMessageDigest) public: /// Create a new message digestor PMessageDigest5(); /// Begin a Message Digest operation, initialising the object instance. void Start(); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const PString & str ///< String to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PString & str, ///< String to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const char * cstr ///< C String to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const char * cstr, ///< C String to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const PBYTEArray & data ///< Data block to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PBYTEArray & data, ///< Data block to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const void * dataBlock, ///< Pointer to data to be encoded to MD5 PINDEX length ///< Length of the data block. ); /** Encode the data in memory to and MD5 hash value. @return Base64 encoded MD5 code for the processed data. */ static void Encode( const void * dataBlock, ///< Pointer to data to be encoded to MD5 PINDEX length, ///< Length of the data block. Result & result ///< The resultant 128 bit MD5 code ); // backwards compatibility functions class Code { private: PUInt32l value[4]; friend class PMessageDigest5; }; /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PString & str, ///< String to be encoded to MD5 Code & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const char * cstr, ///< C String to be encoded to MD5 Code & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PBYTEArray & data, ///< Data block to be encoded to MD5 Code & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. @return Base64 encoded MD5 code for the processed data. */ static void Encode( const void * dataBlock, ///< Pointer to data to be encoded to MD5 PINDEX length, ///< Length of the data block. Code & result ///< The resultant 128 bit MD5 code ); virtual void Complete( Code & result ///< The resultant 128 bit MD5 code ); virtual PString Complete(); protected: virtual void InternalProcess( const void * dataBlock, ///< Pointer to data to be part of the MD5 PINDEX length ///< Length of the data block. ); virtual void InternalCompleteDigest( Result & result ///< The resultant 128 bit MD5 code ); private: void Transform(const BYTE * block); /// input buffer BYTE buffer[64]; /// state (ABCD) DWORD state[4]; /// number of bits, modulo 2^64 (lsb first) PUInt64 count; }; #if P_SSL /** SHA1 Digest. A class to produce a Message Digest for a block of text/data using the SHA-1 algorithm */ class PMessageDigestSHA1 : public PMessageDigest { PCLASSINFO(PMessageDigestSHA1, PMessageDigest) public: /// Create a new message digestor PMessageDigestSHA1(); ~PMessageDigestSHA1(); /// Begin a Message Digest operation, initialising the object instance. void Start(); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const PString & str ///< String to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PString & str, ///< String to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const char * cstr ///< C String to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const char * cstr, ///< C String to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const PBYTEArray & data ///< Data block to be encoded to MD5 ); /** Encode the data in memory to and MD5 hash value. */ static void Encode( const PBYTEArray & data, ///< Data block to be encoded to MD5 Result & result ///< The resultant 128 bit MD5 code ); /** Encode the data in memory to and MD5 hash value. */ static PString Encode( const void * dataBlock, ///< Pointer to data to be encoded to MD5 PINDEX length ///< Length of the data block. ); /** Encode the data in memory to and MD5 hash value. @return Base64 encoded MD5 code for the processed data. */ static void Encode( const void * dataBlock, ///< Pointer to data to be encoded to MD5 PINDEX length, ///< Length of the data block. Result & result ///< The resultant 128 bit MD5 code ); protected: virtual void InternalProcess( const void * dataBlock, ///< Pointer to data to be part of the MD5 PINDEX length ///< Length of the data block. ); void InternalCompleteDigest( Result & result ///< The resultant 128 bit MD5 code ); private: void * shaContext; }; #endif /**This abstract class defines an encryption/decryption algortihm. A specific algorithm is implemented in a descendent class. */ class PCypher : public PObject { PCLASSINFO(PCypher, PObject) public: /// Mechanism by which sequential blocks are linked. enum BlockChainMode { ElectronicCodebook, ECB = ElectronicCodebook, CypherBlockChaining, CBC = CypherBlockChaining, OutputFeedback, OFB = OutputFeedback, CypherFeedback, CFB = CypherFeedback, NumBlockChainModes }; // New functions for class /**Encode the data. */ PString Encode( const PString & str ///< Clear text string to be encoded. ); /**Encode the data. */ PString Encode( const PBYTEArray & clear ///< Clear text binary data to be encoded. ); /**Encode the data. */ PString Encode( const void * data, ///< Clear text binary data to be encoded. PINDEX length ///< Number of bytes of data to be encoded. ); /**Encode the data. */ void Encode( const PBYTEArray & clear, ///< Clear text binary data to be encoded. PBYTEArray & coded ///< Encoded data. ); /**Encode the data. The data is encoded using the algorithm embodied by the descendent class and the key specifed in the construction of the objects instance. The first form takes a string and returns an encoded string. The second form takes arbitrary binary data bytes and returns an encoded string. In both cases the encoded string is always 7 bit printable ASCII suitable for use in mail systems etc. The final form takes and arbitrary block of bytes and encodes them into another block of binary data. @return encoded string. */ void Encode( const void * data, // Clear text binary data to be encoded. PINDEX length, // Number of bytes of data to be encoded. PBYTEArray & coded // Encoded data. ); /**Decode the data. */ PString Decode( const PString & cypher ///< Base64 Cypher text string to be decoded. ); /**Decode the data. */ BOOL Decode( const PString & cypher, ///< Base64 Cypher text string to be decoded. PString & clear ///< Clear text string decoded. ); /**Decode the data. */ BOOL Decode( const PString & cypher, ///< Base64 Cypher text string to be decoded. PBYTEArray & clear ///< Clear text binary data decoded. ); /**Decode the data. */ PINDEX Decode( const PString & cypher, ///< Base64 Cypher text string to be decoded. void * data, ///< Clear text binary data decoded. PINDEX length ///< Maximum number of bytes of data decoded. ); /**Decode the data. */ PINDEX Decode( const PBYTEArray & coded, ///< Encoded data (cyphertext). void * data, ///< Clear text binary data decoded. PINDEX length ///< Maximum number of bytes of data decoded. ); /**Decode the data. Decode the data using the algorithm embodied by the descendent class and the key specifed in the construction of the objects instance. The first form takes a string and returns a decoded string. The second form takes an encoded string and returns arbitrary binary data bytes. In both cases the encoded string is always 7 bit printable ASCII suitable for use in mail systems etc. The final form takes and arbitrary block of bytes and decodes them into another block of binary data. @return decoded string. */ BOOL Decode( const PBYTEArray & coded, ///< Encoded data (cyphertext). PBYTEArray & clear ///< Clear text binary data decoded. ); protected: /** Create a new encryption object instance. */ PCypher( PINDEX blockSize, ///< Size of encryption blocks (in bits) BlockChainMode chainMode ///< Block chain mode ); PCypher( const void * keyData, ///< Key for the encryption/decryption algorithm. PINDEX keyLength, ///< Length of the key. PINDEX blockSize, ///< Size of encryption blocks (in bits) BlockChainMode chainMode ///< Block chain mode ); /** Initialise the encoding/decoding sequence. */ virtual void Initialise( BOOL encoding ///< Flag for encoding/decoding sequence about to start. ) = 0; /** Encode an n bit block of memory according to the encryption algorithm. */ virtual void EncodeBlock( const void * in, ///< Pointer to clear n bit block. void * out ///< Pointer to coded n bit block. ) = 0; /** Dencode an n bit block of memory according to the encryption algorithm. */ virtual void DecodeBlock( const void * in, ///< Pointer to coded n bit block. void * out ///< Pointer to clear n bit block. ) = 0; /// Key for the encryption/decryption. PBYTEArray key; /// Size of each encryption block in bytes PINDEX blockSize; /// Mode for sequential encryption each block BlockChainMode chainMode; }; /** Tiny Encryption Algorithm. This class implements the Tiny Encryption Algorithm by David Wheeler and Roger Needham at Cambridge University. This is a simple algorithm using a 128 bit binary key and encrypts data in 64 bit blocks. */ class PTEACypher : public PCypher { PCLASSINFO(PTEACypher, PCypher) public: struct Key { BYTE value[16]; }; /** Create a new TEA encryption object instance. The parameterless version automatically generates a new, random, key. */ PTEACypher( BlockChainMode chainMode = ElectronicCodebook ///< Block chain mode ); PTEACypher( const Key & keyData, ///< Key for the encryption/decryption algorithm. BlockChainMode chainMode = ElectronicCodebook ///< Block chain mode ); /** Set the key used by this encryption method. */ void SetKey( const Key & newKey ///< Variable to take the key used by cypher. ); /** Get the key used by this encryption method. */ void GetKey( Key & newKey ///< Variable to take the key used by cypher. ) const; /** Generate a new key suitable for use for encryption using random data. */ static void GenerateKey( Key & newKey ///< Variable to take the newly generated key. ); protected: /** Initialise the encoding/decoding sequence. */ virtual void Initialise( BOOL encoding ///< Flag for encoding/decoding sequence about to start. ); /** Encode an n bit block of memory according to the encryption algorithm. */ virtual void EncodeBlock( const void * in, ///< Pointer to clear n bit block. void * out ///< Pointer to coded n bit block. ); /** Decode an n bit block of memory according to the encryption algorithm. */ virtual void DecodeBlock( const void * in, ///< Pointer to coded n bit block. void * out ///< Pointer to clear n bit block. ); private: DWORD k0, k1, k2, k3; }; #ifdef P_CONFIG_FILE class PSecureConfig : public PConfig { PCLASSINFO(PSecureConfig, PConfig) /* This class defines a set of configuration keys which may be secured by an encrypted hash function. Thus values contained in keys specified by this class cannot be changed without invalidating the hash function. */ public: PSecureConfig( const PTEACypher::Key & productKey, // Key to decrypt validation code. const PStringArray & securedKeys, // List of secured keys. Source src = Application // Standard source for the configuration. ); PSecureConfig( const PTEACypher::Key & productKey, // Key to decrypt validation code. const char * const * securedKeyArray, // List of secured keys. PINDEX count, // Number of secured keys in list. Source src = Application // Standard source for the configuration. ); /* Create a secured configuration. The default section for the configuration keys is "Secured Options", the default security key is "Validation" and the defualt prefix string is "Pending:". The user can descend from this class and change any of the member variable for the names of keys or the configuration file section. */ // New functions for class const PStringArray & GetSecuredKeys() const { return securedKeys; } /* Get the list of secured keys in the configuration file section. @return Array of strings for the secured keys. */ const PString & GetSecurityKey() const { return securityKey; } /* Get the security keys name in the configuration file section. @return String for the security values key. */ const PString & GetExpiryDateKey() const { return expiryDateKey; } /* Get the expiry date keys name in the configuration file section. @return String for the expiry date values key. */ const PString & GetOptionBitsKey() const { return optionBitsKey; } /* Get the Option Bits keys name in the configuration file section. @return String for the Option Bits values key. */ const PString & GetPendingPrefix() const { return pendingPrefix; } /* Get the pending prefix name in the configuration file section. @return String for the pending prefix. */ void GetProductKey( PTEACypher::Key & productKey // Variable to receive the product key. ) const; /* Get the pending prefix name in the configuration file section. @return String for the pending prefix. */ enum ValidationState { Defaults, Pending, IsValid, Expired, Invalid }; ValidationState GetValidation() const; /* Check the current values attached to the keys specified in the constructor against an encoded validation key. @return State of the validation keys. */ BOOL ValidatePending(); /* Validate a pending secured option list for the product. All secured keys with the pendingPrefix name will be checked against the value of the field securityKey. If they match then they are copied to the secured variables. @return TRUE if secure key values are valid. */ void ResetPending(); /* "Unvalidate" a security configuration going back to a pending state, usually used after an Invalid response was recieved from the GetValidation() function. */ protected: PTEACypher::Key productKey; PStringArray securedKeys; PString securityKey; PString expiryDateKey; PString optionBitsKey; PString pendingPrefix; }; #endif // P_CONFIG_FILE #endif // _PCYPHER // End Of File ///////////////////////////////////////////////////////////////