From 3f1811b9c036e75c5f1790d99150806b17848034 Mon Sep 17 00:00:00 2001 From: anwleung Date: Mon, 22 Jan 2007 20:43:56 +0000 Subject: [PATCH] added the base crypto packages...requires crypto++5.2 git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1026 29311d96-e01e-0410-9327-a35deaab8ce9 --- .../aleung/security1/ceph/crypto/CryptoLib.cc | 304 ++++++++++++++++++ .../aleung/security1/ceph/crypto/CryptoLib.h | 106 ++++++ .../aleung/security1/ceph/crypto/Makefile | 42 +++ 3 files changed, 452 insertions(+) create mode 100644 branches/aleung/security1/ceph/crypto/CryptoLib.cc create mode 100644 branches/aleung/security1/ceph/crypto/CryptoLib.h create mode 100644 branches/aleung/security1/ceph/crypto/Makefile diff --git a/branches/aleung/security1/ceph/crypto/CryptoLib.cc b/branches/aleung/security1/ceph/crypto/CryptoLib.cc new file mode 100644 index 0000000000000..d3e550db81d50 --- /dev/null +++ b/branches/aleung/security1/ceph/crypto/CryptoLib.cc @@ -0,0 +1,304 @@ +/****************************** + * Cryptographic library for Ceph. + * + * This class implements all of the cryptgraphic functions + * necessary to protect and secure Ceph. This includes + * on-wire protection, enforced access control, prevention + * of replay,M-in-M attcks, DDOS, etc... + * + * This library exports a flat cryptographic suite + * which exposes templated functions. Each function + * supports multiple + * + * Author: Andrew Leung Nov., 2006 + ******************************/ + +#include"CryptoLib.h" + +using namespace CryptoPP; +using namespace std; + +/********** + * Generates a Cipher Feedback Mode + * encryption mode for use with symmetric + * block ciphers. This returns a encryptor mode + * for encrypting using AC5. + **********/ +CryptoLib::cfbRC5Enc CryptoLib::getRC5Enc(byte* key, + const unsigned int keyLen, + byte* iv) { + cfbRC5Enc cfbEncryption(key, keyLen, iv); + return cfbEncryption; +} + +/********** + * Generates a Cipher Feedback Mode + * decryption mode for use with symmetric + * block ciphers. This returns a decryptor mode + * for decrypting using RC5. + **********/ +CryptoLib::cfbRC5Dec CryptoLib::getRC5Dec(byte* key, + const unsigned int keyLen, + byte* iv) { + cfbRC5Dec cfbDecryption(key, keyLen, iv); + return cfbDecryption; +} + +/********** + * Encrypts a block of data using Rijndael. + * This assumes the out buffer is already + * allocated to the right size. + **********/ +void CryptoLib::encryptRC5(byte* plain, const unsigned int plainLen, + byte* cipher, CryptoLib::cfbRC5Enc cfbEncryption) { + cfbEncryption.ProcessData(cipher, plain, plainLen); +} + +/********** + * Decrypts a block of data using Rijndael. + * This assumes the out buffer is already + * allocated to the right size. + **********/ +void CryptoLib::decryptRC5(byte* cipher, const unsigned int cipherLen, + byte* plain, CryptoLib::cfbRC5Dec cfbDecryption) { + cfbDecryption.ProcessData(plain, cipher, cipherLen); +} + +/********** + * Generates a Cipher Feedback Mode + * encryption mode for use with symmetric + * block ciphers. This returns a encryptor mode + * for encrypting using Rijndael. + **********/ +CryptoLib::cfbModeEnc CryptoLib::getCFBModeEnc(byte* key, + const unsigned int keyLen, + byte* iv) { + cfbModeEnc cfbEncryption(key, keyLen, iv); + return cfbEncryption; +} + +/********** + * Generates a Cipher Feedback Mode + * decryption mode for use with symmetric + * block ciphers. This returns a decryptor mode + * for decrypting using Rijndael. + **********/ +CryptoLib::cfbModeDec CryptoLib::getCFBModeDec(byte* key, + const unsigned int keyLen, + byte* iv) { + cfbModeDec cfbDecryption(key, keyLen, iv); + return cfbDecryption; +} + +/********** + * Encrypts a block of data using Rijndael. + * This assumes the out buffer is already + * allocated to the right size. + **********/ +void CryptoLib::encryptCFB(byte* plain, const unsigned int plainLen, + byte* cipher, CryptoLib::cfbModeEnc cfbEncryption) { + cfbEncryption.ProcessData(cipher, plain, plainLen); +} + +/********** + * Decrypts a block of data using Rijndael. + * This assumes the out buffer is already + * allocated to the right size. + **********/ +void CryptoLib::decryptCFB(byte* cipher, const unsigned int cipherLen, + byte* plain, CryptoLib::cfbModeDec cfbDecryption) { + cfbDecryption.ProcessData(plain, cipher, cipherLen); +} + +/********** + * Generate an RSA private(Signer) key + * from a seed input string + **********/ +CryptoLib::rsaPriv CryptoLib::rsaPrivKey(char* seedPath) { + FileSource ss(seedPath, true, new HexDecoder); + rsaPriv priv(ss); + return priv; +} + +/********** + * Generate an RSA public(Verifier) key + * from a RSA private(Signer) key + **********/ +CryptoLib::rsaPub CryptoLib::rsaPubKey(CryptoLib::rsaPriv seedKey) { + CryptoLib::rsaPub pub(seedKey); + return pub; +} + +/********** + * Signs a data buffer using the RSA signature scheme + * and returns the signature as a SecByteBlock + **********/ +CryptoLib::SigBuf CryptoLib::rsaSig(byte* dataBuf, + const unsigned int dataLen, + CryptoLib::rsaPriv privKey) { + // a linear congruential random num gen + LC_RNG rng(time(NULL)); + SecByteBlock signature(privKey.SignatureLength()); + privKey.SignMessage(rng, dataBuf, dataLen, signature); + + return signature; +} + +/********** + * Verifies a signature using the RSA signature + * Receives the message, its length, the signature, + * and the public key + **********/ +bool CryptoLib::rsaVer(byte* dataBuf, const unsigned int dataLen, + SigBuf signature, CryptoLib::rsaPub pubKey) { + if (pubKey.VerifyMessage(dataBuf, dataLen, signature, signature.size())) { + return true; + } + return false; +} + +/********** + * Generate an ESIGN private(Signer) key + * from a seed input string + **********/ +ESIGN::Signer CryptoLib::esignPrivKey(char* seedPath) { + //StringSource ss(seedData, true, + // new SignerFilter(c,new HexEncoder(new ArraySink(seedData,dataLen)))); + FileSource ss(seedPath, true, new HexDecoder); + ESIGN::Signer priv(ss); + return priv; +} + +/********** + * Generate an ESIGN public(Verifier) key + * from a ESIGN private(Signer) key + **********/ +ESIGN::Verifier CryptoLib::esignPubKey(ESIGN::Signer seedKey) { + ESIGN::Verifier pub(seedKey); + return pub; +} + +/********** + * Signs a data buffer using the ESIGN signature scheme + * and returns the signature as a SecByteBlock + **********/ +CryptoLib::SigBuf CryptoLib::esignSig(byte* dataBuf, + const unsigned int dataLen, + CryptoLib::esignPriv privKey) { + // a linear congruential random num gen + LC_RNG rng(time(NULL)); + SecByteBlock signature(privKey.SignatureLength()); + //rnLibg.GenerateBlock(dataBuf, dataLen); + privKey.SignMessage(rng, dataBuf, dataLen, signature); + + return signature; +} + +/********** + * Verifies a signature using the ESIGN signature + * Receives the message, its length, the signature, + * and the public key + **********/ +bool CryptoLib::esignVer(byte* dataBuf, const unsigned int dataLen, + SigBuf signature, CryptoLib::esignPub pubKey) { + if (pubKey.VerifyMessage(dataBuf, dataLen, signature, signature.size())) { + return true; + } + return false; +} + +/********** + * Public MD5 function + * Takes in an allocated buffer, + * hashes the buffer and stores the data + * in an empty allocated buffer of size >= + * DIGESTSIZE, denoted by len + **********/ +void CryptoLib::md5(const byte* dataBuf, byte* hashBuf, unsigned int dataLen) { + MD5 c; + hashFunc(dataBuf, hashBuf, dataLen, "MD5", c); +} + +/********** + * Public SHA-1 function + * Takes in an allocated buffer, + * hashes the buffer and stores the data + * in an empty allocated buffer of size >= + * DIGESTSIZE, denoted by len + **********/ +void CryptoLib::sha1(const byte* dataBuf, byte* hashBuf, unsigned int dataLen) { + SHA c; + //byte buffer[2* SHA::DIGESTSIZE]; + //StringSource f("Hash Me", true, + // new HashFilter(c,new HexEncoder(new ArraySink(buffer, 2*SHA::DIGESTSIZE)))); + //cout << "The FileSource hash: " << string((const char*)buffer,2*SHA::DIGESTSIZE) << " Size " << SHA::DIGESTSIZE << endl; + + hashFunc(dataBuf, hashBuf, dataLen, "SHA-1", c); +} + +/********** + * Public SHA-256 function + * Takes in an allocated buffer, + * hashes the buffer and stores the data + * in an empty allocated buffer of size >= + * DIGESTSIZE, denoted by len + **********/ +void CryptoLib::sha256(const byte* dataBuf, byte* hashBuf, unsigned int dataLen) { + SHA256 c; + hashFunc(dataBuf, hashBuf, dataLen, "SHA-256", c); +} + +/********** + * Public SHA-384 function + * Takes in an allocated buffer, + * hashes the buffer and stores the data + * in an empty allocated buffer of size >= + * DIGESTSIZE, denoted by len + **********/ +void CryptoLib::sha384(const byte* dataBuf, byte* hashBuf, unsigned int dataLen) { + SHA384 c; + hashFunc(dataBuf, hashBuf, dataLen, "SHA-384", c); +} + +/********** + * Public SHA-512 function + * Takes in an allocated buffer, + * hashes the buffer and stores the data + * in an empty allocated buffer of size >= + * DIGESTSIZE, denoted by len + **********/ +void CryptoLib::sha512(const byte* dataBuf, byte* hashBuf, unsigned int dataLen) { + SHA512 c; + hashFunc(dataBuf, hashBuf, dataLen, "SHA-512", c); +} + +/********** + * Public hex conversion function + * Takes in a byte string to convert + * The buffer is required (assumed) to be + * of an adequate size (len). + **********/ +void CryptoLib::toHex(const byte* dataBuf, byte* hexBuf, unsigned int dataLen, unsigned int hexLen) { + HexEncoder hexEnc; + hexEnc.Put(dataBuf, dataLen); + hexEnc.MessageEnd(); + hexEnc.Get(hexBuf, hexLen); +} + +//BenchMarkSignature >("esig1023.dat", "ESIGN 1023", t); +//BenchMarkKeyless("SHA-1", t); + +/****** + * Performs a generic hash digest + * Should not be used externally + * @param dataBuf the buffer containg the data to hash + * @param hashBuf the buffer which will contain the hash value + * @param dataLen the length of the data buffer + * @param scheme the hash algorithm to use + * @param ht an uninitialized instance of the hash algorithm + ******/ +void CryptoLib::hashFunc(const byte* dataBuf, byte* hashBuf, + unsigned int dataLen, + char* scheme, HashTransformation &ht) { + ht.CalculateDigest(hashBuf, dataBuf, dataLen); +} diff --git a/branches/aleung/security1/ceph/crypto/CryptoLib.h b/branches/aleung/security1/ceph/crypto/CryptoLib.h new file mode 100644 index 0000000000000..194411745d459 --- /dev/null +++ b/branches/aleung/security1/ceph/crypto/CryptoLib.h @@ -0,0 +1,106 @@ +/****************************** + * Cryptographic library for Ceph. + * + * This class implements all of the cryptgraphic functions + * necessary to protect and secure Ceph. This includes + * on-wire protection, enforced access control, prevention + * of replay,M-in-M attcks, DDOS, etc... + * + * This library exports a flat cryptographic suite + * which exposes templated functions. Each function + * supports multiple + * + * Author: Andrew Leung Nov., 2006 + ******************************/ + +#ifndef __CRYPTOLIB_H +#define __CRYPTOLIB_H + +#include +//one-way functions +#include +#include +#include +#include +//PK signatures +#include +#include +#include +#include +#include +//encryption/decryption +#include +#include +#include +#include + +#include + +using namespace std; + +class CryptoLib { + + typedef CryptoLib ThisClass; + + public: + enum {MD5DIGESTSIZE=16, SHA1DIGESTSIZE=20, SHA256DIGESTSIZE=32, + SHA384DIGESTSIZE=48, SHA512DIGESTSIZE=64}; + enum {RJ128KEYSIZE=16, RJBLOCKSIZE=16, RC5KEYSIZE=16, RC5BLOCKSIZE=8}; + + typedef CryptoPP::SecByteBlock SigBuf; + typedef CryptoPP::ESIGN::Signer esignPriv; + typedef CryptoPP::ESIGN::Verifier esignPub; + typedef CryptoPP::RSASSA_PKCS1v15_SHA_Signer rsaPriv; + typedef CryptoPP::RSASSA_PKCS1v15_SHA_Verifier rsaPub; + typedef CryptoPP::CFB_Mode::Encryption cfbModeEnc; + typedef CryptoPP::CFB_Mode::Decryption cfbModeDec; + typedef CryptoPP::CFB_Mode::Encryption cfbRC5Enc; + typedef CryptoPP::CFB_Mode::Decryption cfbRC5Dec; + + // symmetric block modes + cfbModeEnc getCFBModeEnc(byte*, const unsigned int, byte*); + cfbModeDec getCFBModeDec(byte*, const unsigned int, byte*); + void encryptCFB(byte*, const unsigned int, byte*, cfbModeEnc); + void decryptCFB(byte*, const unsigned int, byte*, cfbModeDec); + cfbRC5Enc getRC5Enc(byte*, const unsigned int, byte*); + cfbRC5Dec getRC5Dec(byte*, const unsigned int, byte*); + void encryptRC5(byte*, const unsigned int, byte*, cfbRC5Enc); + void decryptRC5(byte*, const unsigned int, byte*, cfbRC5Dec); + + // asymmetric key generation + esignPriv esignPrivKey(char*); + esignPub esignPubKey(CryptoPP::ESIGN::Signer); + rsaPriv rsaPrivKey(char*); + rsaPub rsaPubKey(rsaPriv); + + + // asymmetric signature functions + SigBuf esignSig(byte*, const unsigned int, + esignPriv); + bool esignVer(byte*, const unsigned int, SigBuf, esignPub); + SigBuf rsaSig(byte*, const unsigned int, rsaPriv); + bool rsaVer(byte*, const unsigned int, SigBuf, rsaPub); + + // one-way hash functions + void md5(const byte*, byte*, unsigned int); + void sha1(const byte*, byte*, unsigned int); + void sha256(const byte*, byte*, unsigned int); + void sha384(const byte*, byte*, unsigned int); + void sha512(const byte*, byte*, unsigned int); + + // string encoding + void toHex(const byte*, byte*, unsigned int, unsigned int); + + protected: + private: + /* Templated one-way hash function*/ + void hashFunc(const byte*, byte*, unsigned int, + char*, CryptoPP::HashTransformation &); + /* Templated signature function */ + /* Templated verification function */ + /* Templated encryption function */ + /* Templated decryption function */ + /* Templated asymmetric key generation */ + /* Templated symmetric key generation */ +}; +#endif diff --git a/branches/aleung/security1/ceph/crypto/Makefile b/branches/aleung/security1/ceph/crypto/Makefile new file mode 100644 index 0000000000000..88a70f8e540f7 --- /dev/null +++ b/branches/aleung/security1/ceph/crypto/Makefile @@ -0,0 +1,42 @@ +# Makefile for Ceph crypto library + +CC = g++ +CFLAGS = -g -Wall -I. +LIBS = -lpthread +CRYPTOLIBS = /usr/lib/libcrypto++5.2.so + +SRCS=*.cc */*.cc *.h */*.h */*/*.h + +TARGETS = cryptolib driver +CRYPT_TARGETS = crypt +TEST_TARGETS = test + +all: depend ${TARGETS} + +driver: driver.cc CryptoLib.o + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +cryptolib: CryptoLib.cc + ${CC} ${CFLAGS} $^ -c + +crypt: cryptTest.cc + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +encrypt: encTest.cc CryptoLib.o + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +retest: retest.cc CryptoLib.o + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +multiplex: multiplex.cc CryptoLib.o + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +test: test.cc + ${CC} ${CFLAGS} ${CRYPTOLIBS} ${LIBS} $^ -o $@ + +clean: + rm -f *.o */*.o *~ *.core ${TARGETS} ${TEST_TARGETS} + +depend: + $(RM) .depend + makedepend -f- -- $(CFLAGS) -- $(SRCS) > .depend 2>/dev/null \ No newline at end of file -- 2.39.5