Autore Topic: Nuovo componente: gb.openssl  (Letto 544 volte)

Offline vuott

  • Moderatore globale
  • Senatore Gambero
  • *****
  • Post: 11.723
  • Ne mors quidem nos iunget
    • Mostra profilo
Nuovo componente: gb.openssl
« il: 21 Maggio 2013, 14:05:27 »
Riporto questa comunicazione dalla Mailing List internazionale:


« I just committed a gb.openssl component
to wrap the cryptographic functions in OpenSSL's libcrypto.
The idea came actually from Sebastian in conjunction with his gambas-online
project. But maybe it's useful to someone else.

I've been working on it since yesterday. Even if I wrote almost straight
since then, this seemed kind of quick to me - which is usually not a good
sign regarding code quality :-)

Additionally, I'm not even a cryptography novice, so I encourage anyone with
knowledge of this matter to look at the code and report any (security)
problem (but not too much, please).

At least, the test cases (see attachment) work correctly and without crash
or memory leak (on non-Linux platforms, I can't promise anything, though;
there may trigger some assert()s!) and the design seems future-proof.

You basically have two classes which work somewhat alike: Digest and Cipher.
One gets access to an algorithm by giving its name to the array accessors:
»

    
Codice: gambas [Seleziona]
Digest["md5"].Hash("some string")


et voila.

The conversion between the string "md5" and the actual hashing function is
done by libcrypto itself. The names are *not* provided by my component. You
can get a full list of all supported algorithm names in the Digest.List:
»

    
Codice: gambas [Seleziona]
Dim sName As String

    For Each sName In Digest.List.Sort()
      Print sName ' May contain duplicates. Don't know why...
    Next


It's similar for the Cipher class. It has just Encrypt() and Decrypt() (and
EncryptSalted() and DecryptSalted()) methods instead of Hash().

There's also the HMac class for an HMAC authentication code because this
algorithm has (apparently) no such name to make it findable by the above two
classes.

Test project with changed settings attached.

Regards,
Tobi
»
« Chiunque, non ricorrendo lo stato di necessità, nel proprio progetto Gambas fa uso delle istruzioni Shell o Exec, è punito con la sanzione pecuniaria da euro 20,00 a euro 60,00. »