ESAPI-C 1.0
The OWASP Enterprise Security API for C
|
A Cryptographic module implementation. More...
#include <gcrypt.h>
#include <stdio.h>
#include <stdbool.h>
#include "crypto.h"
#include "base64.h"
Go to the source code of this file.
Defines | |
#define | BUF_SIZE 1024 |
Functions | |
char * | esapi_encrypt (struct esapi_ctx *ctx, const char *s) |
Encrypts the provided plaintext characters using the cipher transformation specified by the property Encryptor.CipherTransformation and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file. | |
char * | esapi_decrypt (struct esapi_ctx *ctx, const char *s) |
Decrypts the provided cyphertext string using the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file. | |
void | esapi_crypto_init (struct esapi_ctx *ctx) |
Initializes the cryptographic engine. | |
char * | esapi_hash (struct esapi_ctx *ctx, const char *s) |
Returns a string representation of the hash of the provided plaintext and salt. | |
void | esapi_fill_crypto_key (struct esapi_ctx *ctx, char *buff, int len) |
Generate a random secret key using a cryptographic algorithm and entropy source appropriate for the generation of long term cryptographic keys. | |
void | esapi_fill_random_token (struct esapi_ctx *ctx, char *buff, int len) |
Generate a random secret key using a cryptographic algorithm and entropy source appropriate for the generation of short term unique keys. | |
gcry_sexp_t * | esapi_sign (struct esapi_ctx *ctx, void *msg, int len) |
Returns a signature of the given message. | |
gcry_sexp_t | convert_to_asymmetric_key (void *buff, int key_len) |
int | esapi_verify_signature (struct esapi_ctx *ctx, void *msg, int m_len, gcry_sexp_t *sig) |
Incomplete function implementation. | |
char * | encrypt_and_sign (struct esapi_ctx *ctx, void *msg, int len) |
Incomplete function implementation. | |
char * | decrypt_and_verify (struct esapi_ctx *ctx, void *msg, int len) |
Incomplete function implementation. | |
Variables | |
char | esapi_alphabet [] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" |
A Cryptographic module implementation.
This implementation wraps the GnuPG project's libgrypt library, which is available for many platforms. This library is designed to meet FIPS 140-2 requirements, and a version distributed for Redhat Linux is certified by NIST to be FIPS 1402 compliant at level 1.
Definition in file crypto.c.
char* decrypt_and_verify | ( | struct esapi_ctx * | ctx, |
void * | msg, | ||
int | len | ||
) |
char* encrypt_and_sign | ( | struct esapi_ctx * | ctx, |
void * | msg, | ||
int | len | ||
) |
void esapi_crypto_init | ( | struct esapi_ctx * | ) |
Initializes the cryptographic engine.
This function must be called before calling any of the other functions in this module.
ctx | A properly initialized ESAPI context structure returned by |
char* esapi_decrypt | ( | struct esapi_ctx * | , |
const char * | |||
) |
Decrypts the provided cyphertext string using the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
ciphertext | A Base64 encoded cyphertext character array to be decrypted. |
Definition at line 117 of file crypto.c.
Referenced by get_property().
char* esapi_encrypt | ( | struct esapi_ctx * | , |
const char * | |||
) |
Encrypts the provided plaintext characters using the cipher transformation specified by the property Encryptor.CipherTransformation
and the master encryption key as specified by the property Encryptor.MasterKey as defined in the ESAPI.properties file.
plaintext | A character array containing the plaintext to be encrypted. |
Definition at line 33 of file crypto.c.
Referenced by set_property().
void esapi_fill_crypto_key | ( | struct esapi_ctx * | , |
char * | , | ||
int | |||
) |
Generate a random secret key using a cryptographic algorithm and entropy source appropriate for the generation of long term cryptographic keys.
ctx | A properly initialized ESAPI context structure returned by |
buff | A character array to hold the resulting key |
len | The requested length of the key |
void esapi_fill_random_token | ( | struct esapi_ctx * | , |
char * | , | ||
int | |||
) |
Generate a random secret key using a cryptographic algorithm and entropy source appropriate for the generation of short term unique keys.
ctx | A properly initialized ESAPI context structure returned by |
buff | A character array to hold the resulting key |
len | The requested length of the key |
Definition at line 296 of file crypto.c.
Referenced by esapi_get_unique_reference().
char* esapi_hash | ( | struct esapi_ctx * | , |
const char * | |||
) |
Returns a string representation of the hash of the provided plaintext and salt.
The salt helps to protect against a rainbow table attack by mixing in some extra data with the plaintext. Some good choices for a salt might be an account name or some other string that is known to the application but not to an attacker. See this article for more information about hashing as it pertains to password schemes.
ctx | A valid esapi_ctx from which properly initialized cryptographic engine settings may be retrieved. |
plaintext | the plaintext String to encrypt |
salt | the salt to add to the plaintext String before hashing |
gcry_sexp_t* esapi_sign | ( | struct esapi_ctx * | , |
void * | , | ||
int | |||
) |
Returns a signature of the given message.
ctx | A valid esapi_ctx from which properly initialized cryptographic engine settings may be retrieved. |
msg | A character array containing the message |
len | The length of the message |