# MBS Xojo Encryption Kit 1.0

CommonCryptoMB module:

Module CommonCryptoMB

Const CC_MD2_DIGEST_LENGTH = 16

Const CC_MD4_DIGEST_LENGTH = 16

Const CC_MD5_DIGEST_LENGTH = 16

Const CC_SHA1_DIGEST_LENGTH = 20

Const CC_SHA224_DIGEST_LENGTH = 28

Const CC_SHA256_DIGEST_LENGTH = 32

Const CC_SHA384_DIGEST_LENGTH = 48

Const CC_SHA512_DIGEST_LENGTH = 64

Const kCCAlignmentError = -4303

Const kCCBufferTooSmall = -4301

Const kCCDecodeError = -4304

Const kCCMemoryFailure = -4302

Const kCCOptionECBMode = 2

Const kCCOptionPKCS7Padding = 1

Const kCCOverflow = -4306

Const kCCParamError = -4300

Const kCCRNGFailure = -4307

Const kCCSuccess = 0

Const kCCUnimplemented = -4305

Const 9/0 = /usr/lib/system/libcommonCrypto.dylib

Const 1/0 = System.framework

Const kLibrary =

Enum CryptBlockSize
kCCBlockSizeAES128 = 16
kCCBlockSizeDES = 8
kCCBlockSize3DES = 8
kCCBlockSizeCAST = 8
kCCBlockSizeRC2 = 8
kCCBlockSizeBlowfish = 8
End Enum

Enum CryptKeySize
kCCKeySizeAES128 = 16
kCCKeySizeAES192 = 24
kCCKeySizeAES256 = 256
kCCKeySizeDES = 8
kCCKeySize3DES = 24
kCCKeySizeMinCAST = 5
kCCKeySizeMaxCAST = 16
kCCKeySizeMinRC4 = 1
kCCKeySizeMaxRC4 = 512
kCCKeySizeMinRC2 = 1
kCCKeySizeMaxRC2 = 128
kCCKeySizeMinBlowfish = 8
kCCKeySizeMaxBlowfish = 56
End Enum

Enum CryptoAlgorithm
AES128 = 0
AES = 0
DES = 1
ThreeDES = 2
CAST = 3
RC4 = 4
RC2 = 5
Blowfish = 6
End Enum

Enum CryptoMode
kCCModeECB = 1
kCCModeCBC = 2
kCCModeCFB = 3
kCCModeCTR = 4
kCCModeF8 = 5
kCCModeLRW = 6
kCCModeOFB = 7
kCCModeXTS = 8
kCCModeRC4 = 9
kCCModeCFB8 = 10
End Enum

Enum CryptoOperation
Encrypt = 0
Decrypt = 1
End Enum

Enum CryptoPadding
No = 0
PKCS7 = 1
End Enum

Enum HMacAlgorithm
SHA1 = 0
MD5 = 1
SHA256 = 2
SHA384 = 3
SHA512 = 4
SHA224 = 5
End Enum

Enum Hashes
MD2 = 2
MD4 = 4
MD5 = 5
SHA1 = 1
SHA224 = 224
SHA384 = 384
SHA256 = 256
SHA512 = 512
End Enum

Enum PseudoRandomAlgorithm
SHA1 = 1
SHA224 = 2
SHA256 = 3
SHA384 = 4
SHA512 = 5
End Enum

Enum WrappingAlgorithm
AES = 1
End Enum

Protected Function CalibratePBKDF2(passwordLength as Integer, SaltLength as Integer, algorithm as PseudoRandomAlgorithm, msec as Integer = 1000) As Integer
// Determine the number of PRF rounds to use for a specific delay on the current platform.
//
// algorithm Currently only PBKDF2 is available via kCCPBKDF2
// passwordLen The length of the text password in bytes.
// saltLen The length of the salt in bytes.
// prf The Pseudo Random Algorithm to use for the derivation iterations.
// derivedKeyLen The expected length of the derived key in bytes.
// msec The targetted duration we want to achieve for a key derivation with these parameters.
//
// the number of iterations to use for the desired processing time.
End

Protected Function Crypt(Operation as CryptoOperation, Algorithm as CryptoAlgorithm, Options as Integer, key as MemoryBlock, Data as MemoryBlock, IV as MemoryBlock = nil) As MemoryBlock
End

Protected Function Crypt(Operation as CryptoOperation, Algorithm as CryptoAlgorithm, Options as Integer, key as xojo.core.MemoryBlock, Data as xojo.core.MemoryBlock, IV as xojo.core.MemoryBlock = nil) As xojo.core.MemoryBlock
End

Protected Function EncodeHex(data as xojo.Core.MemoryBlock) As text
// encodes MemoryBlock as text
End

Protected Function HMAC(HashType as HMacAlgorithm, Key as MemoryBlock, Data as MemoryBlock) As MemoryBlock
// Stateless, one-shot HMAC function.
// Returns hash as memoryblock
End

Protected Function HMAC(HashType as HMacAlgorithm, Key as String, Data as string) As MemoryBlock
// Stateless, one-shot HMAC function.
// Returns hash as memoryblock
// convert string in current encoding to MemoryBlock
End

Protected Function HMAC(HashType as HMacAlgorithm, Key as Text, Data as text) As xojo.Core.MemoryBlock
// Stateless, one-shot HMAC function.
// Returns hash as memoryblock
End

Protected Function HMAC(HashType as HMacAlgorithm, Key as Xojo.Core.MemoryBlock, Data as xojo.Core.MemoryBlock) As xojo.Core.MemoryBlock
// Stateless, one-shot HMAC function.
// Returns hash as memoryblock
End

Protected Function HMacHashSize(h as HMacAlgorithm) As integer
// size of hash in bytes
End

Protected Function Hash(HashType as Hashes, Data as MemoryBlock) As MemoryBlock
// one shot hash function
// calculates hash for given data
End

Protected Function Hash(HashType as Hashes, Data as string) As MemoryBlock
// one shot hash function
// calculates hash for given data
// convert string in current encoding to MemoryBlock
End

Protected Function Hash(HashType as Hashes, Data as text) As xojo.Core.MemoryBlock
// one shot hash function
// calculates hash for given data
End

Protected Function Hash(HashType as Hashes, Data as xojo.Core.MemoryBlock) As xojo.Core.MemoryBlock
// one shot hash function
// calculates hash for given data
End

Protected Function KeyDerivationPBKDF2(password as MemoryBlock, salt as MemoryBlock, algorithm as PseudoRandomAlgorithm, rounds as Integer) As MemoryBlock
// Derive a key from a text password/passphrase
//
// algorithm Currently only PBKDF2 is available via kCCPBKDF2
// password The text password used as input to the derivation function. The actual octets present in this string will be used with no additional processing. It's extremely important that the same encoding and normalization be used each time this routine is called if the same key is expected to be derived.
// salt The salt byte values used as input to the derivation function.
// prf The Pseudo Random Algorithm to use for the derivation iterations.
// rounds The number of rounds of the Pseudo Random Algorithm to use.
//
// The following values are used to designate the PRF:
//
// * PseudoRandomAlgorithm.SHA1
// * PseudoRandomAlgorithm.SHA224
// * PseudoRandomAlgorithm.SHA256
// * PseudoRandomAlgorithm.SHA384
// * PseudoRandomAlgorithm.SHA512
//
// Raises exception with Parameter error in case of bad values for the password, salt, and unwrapped key pointers as well as a bad value for the prf function.
//
// PS: Maybe before putting password or salt here, push them through hash function first?
End

Protected Function KeyDerivationPBKDF2(password as xojo.core.MemoryBlock, salt as xojo.core.MemoryBlock, algorithm as PseudoRandomAlgorithm, rounds as Integer) As xojo.core.MemoryBlock
// Derive a key from a text password/passphrase
//
// algorithm Currently only PBKDF2 is available via kCCPBKDF2
// password The text password used as input to the derivation function. The actual octets present in this string will be used with no additional processing. It's extremely important that the same encoding and normalization be used each time this routine is called if the same key is expected to be derived.
// salt The salt byte values used as input to the derivation function.
// prf The Pseudo Random Algorithm to use for the derivation iterations.
// rounds The number of rounds of the Pseudo Random Algorithm to use.
//
// The following values are used to designate the PRF:
//
// * PseudoRandomAlgorithm.SHA1
// * PseudoRandomAlgorithm.SHA224
// * PseudoRandomAlgorithm.SHA256
// * PseudoRandomAlgorithm.SHA384
// * PseudoRandomAlgorithm.SHA512
//
// Raises exception with Parameter error in case of bad values for the password, salt, and unwrapped key pointers as well as a bad value for the prf function.
//
// PS: Maybe before putting password or salt here, push them through hash function first?
End

Protected Function SymmetricKeyUnwrap(algorithm as WrappingAlgorithm, IV as MemoryBlock, kek as MemoryBlock, wrappedKey as MemoryBlock) As MemoryBlock
// Unwrap a symmetric key with a Key Encryption Key (KEK).
//
// algorithm Currently only AES Keywrapping (rfc3394) is available via WrappingAlgorithm.AES
// iv The initialization value to be used. rfc3394_iv1 is available as a constant for the standard IV to use.
// kek The Key Encryption Key to be used to unwrap the raw key.
// wrappedKey The wrapped key bytes.
//
// The algorithm chosen is determined by the algorithm parameter and the size of the key being wrapped (ie aes128 for 128 bit keys).
//
// May raise CommonCryptoExceptionMB with BufferTooSmall indicates insufficent space in the rawKey buffer.
// ParamError can result from bad values for the kek, rawKey, and wrappedKey key pointers.
End

Protected Function SymmetricKeyUnwrap(algorithm as WrappingAlgorithm, IV as xojo.Core.MemoryBlock, kek as xojo.Core.MemoryBlock, wrappedKey as xojo.core.MemoryBlock) As xojo.core.MemoryBlock
// Unwrap a symmetric key with a Key Encryption Key (KEK).
//
// algorithm Currently only AES Keywrapping (rfc3394) is available via WrappingAlgorithm.AES
// iv The initialization value to be used. rfc3394_iv1 is available as a constant for the standard IV to use.
// kek The Key Encryption Key to be used to unwrap the raw key.
// wrappedKey The wrapped key bytes.
//
// The algorithm chosen is determined by the algorithm parameter and the size of the key being wrapped (ie aes128 for 128 bit keys).
//
// May raise CommonCryptoExceptionMB with BufferTooSmall indicates insufficent space in the rawKey buffer.
// ParamError can result from bad values for the kek, rawKey, and wrappedKey key pointers.
End

Protected Function SymmetricKeyWrap(algorithm as WrappingAlgorithm, IV as MemoryBlock, kek as MemoryBlock, rawKey as MemoryBlock) As MemoryBlock
// Wrap a symmetric key with a Key Encryption Key (KEK).
//
// algorithm Currently only AES Keywrapping (rfc3394) is available via WrappingAlgorithm.AES
// iv The initialization value to be used. rfc3394iv1 is available as a constant for the standard IV to use.
// kek The Key Encryption Key to be used to wrap the raw key.
// rawKey The raw key bytes to be wrapped.
//
// Returns the wrapped key as memoryblock.
//
// Can raise CommonCryptoExceptionMB with BufferTooSmall indicates insufficent space in the wrappedKey buffer.
// ParamError can result from bad values for the kek, rawKey, and wrappedKey key pointers.
End

Protected Function SymmetricKeyWrap(algorithm as WrappingAlgorithm, IV as xojo.Core.MemoryBlock, kek as xojo.Core.MemoryBlock, rawKey as xojo.core.MemoryBlock) As xojo.core.MemoryBlock
// Wrap a symmetric key with a Key Encryption Key (KEK).
//
// algorithm Currently only AES Keywrapping (rfc3394) is available via WrappingAlgorithm.AES
// iv The initialization value to be used. rfc3394iv1 is available as a constant for the standard IV to use.
// kek The Key Encryption Key to be used to wrap the raw key.
// rawKey The raw key bytes to be wrapped.
//
// Returns the wrapped key as memoryblock.
//
// Can raise CommonCryptoExceptionMB with BufferTooSmall indicates insufficent space in the wrappedKey buffer.
// ParamError can result from bad values for the kek, rawKey, and wrappedKey key pointers.
End

Protected Sub TestRandom()
// test random function
End

Protected Sub checkResult(e as Int32)
// raises exception in case something went wrong
End

Protected Function generateBytes1(count as integer) As xojo.core.MemoryBlock
// Return random bytes in a buffer allocated by the caller.
// The PRNG returns cryptographically strong random bits suitable for use as cryptographic keys, IVs, nonces etc.
// count Number of random bytes to return.
// Returns MemoryBlock with data or raises exception
// available in Mac OS X 10.10 or iOS 8.0
End

Protected Function generateBytes2(count as integer) As MemoryBlock
// Return random bytes in a buffer allocated by the caller.
// The PRNG returns cryptographically strong random bits suitable for use as cryptographic keys, IVs, nonces etc.
// count Number of random bytes to return.
// Returns MemoryBlock with data or raises exception
// available in Mac OS X 10.10 or iOS 8.0
End

Protected Function rfc3394iv1() As xojo.Core.MemoryBlock
// returns RFC 3394 Initial Vector
// new framework
End

Protected Function rfc3394iv2() As MemoryBlock
// returns RFC 3394 Initial Vector
// old framework
End

Protected Sub test()
End

Protected Sub testCrypt()
// test encryption
End

Protected Sub testHMAC()
// test hmac functions
End

Protected Sub testHash()
// test hash functions
End

Protected Sub testKeyGen()
// test key derivation
End

Protected Sub testKeyWrap()
End

Note Info

Note License

End Module

Links

MBS FileMaker blog