github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/src/support_libraries/tao_support/ssl_helpers.h (about) 1 // Copyright 2015 Google Corporation, All Rights Reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // http://www.apache.org/licenses/LICENSE-2.0 7 // or in the the file LICENSE-2.0.txt in the top level sourcedirectory 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License 13 // 14 // Portions of this code were derived TPM2.0-TSS published 15 // by Intel under the license set forth in intel_license.txt 16 // and downloaded on or about August 6, 2015. 17 // File: openssl_helpers.cc 18 19 // standard buffer size 20 21 #ifndef __OPENSSL_HELPERS__ 22 #define __OPENSSL_HELPERS__ 23 #include <stdio.h> 24 #include <stdlib.h> 25 #include <sys/types.h> 26 #include <sys/stat.h> 27 #include <fcntl.h> 28 #include <unistd.h> 29 #include <string.h> 30 #include <errno.h> 31 32 #include <openssl/ssl.h> 33 #include <openssl/rsa.h> 34 #include <openssl/x509.h> 35 #include <openssl/x509v3.h> 36 #include <openssl/bn.h> 37 38 #include "messages.pb.h" 39 40 #include <string> 41 #include <memory> 42 43 using std::string; 44 45 #define AESBLKSIZE 16 46 47 #ifndef byte 48 typedef unsigned char byte; 49 typedef long long unsigned int64; 50 #endif 51 52 bool GenerateX509CertificateRequest(EVP_PKEY* subjectKey, string& common_name, 53 bool sign_request, X509_REQ* req); 54 bool SignX509Certificate(EVP_PKEY* signingKey, bool f_isCa, bool f_canSign, 55 string& signing_issuer,string& keyUsage, 56 string& extendedKeyUsage, 57 int64 duration, EVP_PKEY* signedKey, 58 X509_REQ* req, bool verify_req_sig, X509* cert); 59 bool VerifyX509CertificateChain(X509* cacert, X509* cert); 60 61 BIGNUM* bin_to_BN(int len, byte* buf); 62 string* BN_to_bin(BIGNUM& n); 63 bool BN_to_string(BIGNUM& n, string* out); 64 65 void XorBlocks(int size, byte* in1, byte* in2, byte* out); 66 bool AesCtrCrypt(string& iv, int key_size_bits, byte* key, int size, 67 byte* in, byte* out); 68 #define SSL_NO_SERVER_VERIFY_NO_CLIENT_AUTH 0 69 #define SSL_NO_SERVER_VERIFY_NO_CLIENT_VERIFY 1 70 #define SSL_SERVER_VERIFY_NO_CLIENT_VERIFY 2 71 #define SSL_SERVER_VERIFY_CLIENT_VERIFY 3 72 73 int SslMessageRead(SSL* ssl, int size, byte* buf); 74 int SslMessageWrite(SSL* ssl, int size, byte* buf); 75 int SslRead(SSL* ssl, int size, byte* buf); 76 int SslWrite(SSL* ssl, int size, byte* buf); 77 78 class SslChannel { 79 private: 80 bool server_role_; 81 int fd_; 82 SSL_CTX *ssl_ctx_; 83 SSL* ssl_; 84 X509* peer_cert_; 85 X509_STORE *store_; 86 EVP_PKEY* private_key_; 87 public: 88 SslChannel(); 89 ~SslChannel(); 90 91 int CreateClientSocket(string& addr, string& port); 92 int CreateServerSocket(string& addr, string& port); 93 bool InitClientSslChannel(string& network, string& address, string& port, 94 X509* caCert, X509* programCert, 95 string& keyType, EVP_PKEY* key, 96 int verify = SSL_SERVER_VERIFY_CLIENT_VERIFY); 97 bool InitServerSslChannel(string& network, string& address, string& port, 98 X509* caCert, X509* programCert, 99 string& keyType, EVP_PKEY* key, 100 int verify = SSL_SERVER_VERIFY_CLIENT_VERIFY); 101 bool ServerLoop(void(*Handle)(SslChannel*, SSL*, int)); 102 void Close(); 103 SSL* GetSslChannel() {return ssl_;}; 104 105 X509* GetPeerCert(); 106 }; 107 108 bool EC_SIG_serialize(ECDSA_SIG* sig, string* out); 109 bool EC_SIG_deserialize(string& in, ECDSA_SIG* sig); 110 111 string* ByteToHexRightToLeft(int size, byte* in); 112 string* ByteToHexLeftToRight(int size, byte* in); 113 #endif 114