sec_de3s.h

伯克利做的SFTP安全文件传输协议

// sec_de3s.h
// X-SafeTP security mechanism
// (module name is abbreviation of DSA, ElGamal, 3DES, SHA)
// copyright SafeTP Development Group, Inc., 2000  Terms of use are as specified in license.txt

#ifndef __SEC_DE3S_H
#define __SEC_DE3S_H

#include "security.h"      // security superclasses
#include "sec_clr.h"       // CleartextDataSecurity
#include "datablok.h"      // DataBlock
#include "cryputil.h"      // CBC3DES{Enc,Dec}Trans


// fwd decls for this file
class DE3S_Provider;


// declarations shared by control and data objects
class DE3S_Declarations {
public:
  enum {
    FLAG_CONTROL = 0,
    FLAG_DATA = 0x80000000,
    FLAG_CLIENT = 0,
    FLAG_SERVER = 0x40000000,

    CHALLENGE_LENGTH = 16,
    MASTER_KEY_LENGTH = 40,

    INITIAL_SEQUENCE_NUMBER = 0,
    INITIAL_FILE_NUMBER = 0,
  };
};


// objects shared by the control and data objects
class DE3S_Shared {
public:    // data
  // keys
  DataBlock clientData3DesKey,
            serverData3DesKey;

  // cryptographic objects
  SHA1HMAC *sha1HMacSigner,
           *sha1HMacVerifier;

  // state
  bool amClient;

public:    // funcs
  DE3S_Shared(bool ac);
  ~DE3S_Shared();
};


// control-channel encryption
// this class gets to include DE3S_Shared directly, rather than
// by reference, because it does more direct manipulation and
// construction
class DE3S_Control : public ControlSecurity, private DE3S_Shared,
                     public DE3S_Declarations {
  friend class DE3S_Provider;    // to access DE3S_Shared

private:     // data
  // keys
  DataBlock masterKey,
            clientElGamalPublicKey,
            clientElGamalPrivateKey,
            brandedServerDSAPublicKey,
            serverDSAPublicKey,
            serverDSAPrivateKey,
            clientControl3DesKey,
            serverControl3DesKey,
            clientControl3DesIV,
            serverControl3DesIV,
            clientSha1HMacKey,
            serverSha1HMacKey;

  // challenges
  DataBlock clientChallenge,
            serverChallenge;

  // cryptographic objects
  CBC3DESEncTrans *controlTripleDesEnc;
  CBC3DESDecTrans *controlTripleDesDec;

  // protocol state
  enum State {
    // each state is named for the data that is sent in that state
    S_SERVER_PUBLIC_KEY=1,
    S_CLIENT_PUBLIC_KEY=2,
    S_MASTER_KEY=3,
    S_SERVER_CHALLENGE=4,
    S_AUTHENTICATED=5
  } state;
  int sendSequenceNumber;
  int receiveSequenceNumber;

  // protocol constants
  const IPAddress myAddress;
  const IPAddress peerAddress;
    // if I'm the client, peer is server, and vice-versa

  // key-handling policies
  KeyEnvironment *keyEnvironment;

private:     // funcs
  bool amClient() const { return keyEnvironment != NULL; }
  bool isSending(bool client) const;
  DataBlock make3DESKey(
    char const *leftTag, char const *rightTag) const;
  DataBlock makeShaHMacKey(char const *tag) const;
  DataBlock make3DESIV(char const *tag) const;
  void makeExtraKeys();

  static DataBlock makeUpChallenge();

public:      // funcs
  DE3S_Control(KeyEnvironment *env, IPAddress myAddr, IPAddress peerAddr);
  ~DE3S_Control();

  // SecureEndpoint fns
  virtual int maximumEncodedSize(int decodedSize) const;
  virtual int maximumDecodedSize(int encodedSize) const;
  virtual void encode(DataBlock &data);
  virtual void decode(DataBlock &data);

  // ControlSecurity fns
  virtual bool hasOutgoingAdat() const;
  virtual void getNextOutgoingAdat(DataBlock &block);
  virtual bool expectingIncomingAdat() const;
  virtual void incomingAdat(DataBlock &block);
};


// data-channel encryption
class DE3S_Data : public DataSecurity, public DE3S_Declarations {
private:    // data
  // crypto objects
  DE3S_Shared &shared;
  CBC3DESEncTrans *dataTripleDesEnc;
  CBC3DESDecTrans *dataTripleDesDec;

  // protocol state
  int sequenceNumber;              // block counter
  int fileNumber;                  // file counter
  DataSecurityLevel fileDSL;       // protection level for this file

private:    // funcs
  void deleteCryptoObjs();
  void buildCryptoObjs();
  void ensureCryptoObjs() const;
  
  // versions that know about the DataSecurityLevels (but they
  // are *not* sensitive to which mode we're in now, if any)
  int maximumEncodedSize(int decodedSize,
                         DataSecurityLevel level) const;
  int maximumDecodedSize(int encodedSize,
                         DataSecurityLevel level) const;

public:     // funcs
  DE3S_Data(DE3S_Shared &shared);
  ~DE3S_Data();

  // SecureEndpoint fns
  virtual int maximumEncodedSize(int decodedSize) const;
  virtual int maximumDecodedSize(int encodedSize) const;
  virtual void encode(DataBlock &data);
  virtual void decode(DataBlock &data);

  // DataSecurity fns
  virtual DataSecurityLevel getSupportedProtLevels() const;
  virtual void newFile(DataSecurityLevel level);
  virtual char getCodeForLevel(DataSecurityLevel level) const;
  virtual DataSecurityLevel getLevelForCode(char code) const;
};


// orchestrates control and data object communication
class DE3S_Provider : public SecurityProvider {
  DE3S_Control *_control;
  DE3S_Data *_data;

public:
  DE3S_Provider(KeyEnvironment *env, IPAddress myAddr, IPAddress peerAddr);
  ~DE3S_Provider();

  virtual ControlSecurity &control()
    { return *_control; }
  virtual DataSecurity &data()
    { return *_data; }
};

#endif // __SEC_DE3S_H