Difference between revisions of "SAP ABAP ENCRIPTACION"
From SapWiki
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Ejemplo AES 256 mode CBC== | ==Ejemplo AES 256 mode CBC== | ||
− | *&---------------------------------------------------------------------* | + | <nowiki>*&---------------------------------------------------------------------* |
− | + | *& Report YENCRIPT2_DO | |
− | + | *&---------------------------------------------------------------------* | |
− | + | *& | |
− | + | *&---------------------------------------------------------------------* | |
− | + | REPORT yencript2_do. | |
− | + | * equivale a AES 256 mode CBC | |
− | + | * basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR | |
− | + | * para test https://www.devglan.com/online-tools/aes-encryption-decryption | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | DATA: blocksize TYPE i | |
− | + | , keysize TYPE i | |
− | + | , cipher TYPE xstring | |
− | + | , block TYPE xstring | |
− | + | , rest TYPE i | |
− | + | , offset TYPE i | |
− | + | , l_iv TYPE xstring | |
− | + | , emptyiv TYPE xstring | |
− | + | , counter(4) TYPE x | |
− | + | , ctroffset TYPE i | |
− | + | . | |
− | + | DATA iv TYPE xstring. | |
− | + | DATA key TYPE xstring. | |
− | + | DATA input TYPE xstring. | |
− | + | DATA result TYPE xstring. | |
− | + | DATA l_plaintext TYPE string. | |
− | + | DATA l_plaintext_x TYPE xstring. | |
− | + | DATA l_key TYPE string. | |
− | + | DATA l_key_x TYPE xstring. | |
− | + | DATA lv_message TYPE xstring. | |
− | + | DATA lv_message_decrypted TYPE xstring. | |
− | + | DATA lr_xstring TYPE xstring. | |
− | + | DATA l_base64 TYPE string. | |
− | + | DATA lv_message_string TYPE string. | |
− | + | DATA i_iv TYPE xstring. | |
− | + | DATA: lf_bindata TYPE xstring. | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | * | |
− | + | *--------------------------------------------------------------------* | |
− | + | * ejemplo: archivo JSON o XML | |
− | + | PARAMETERS gf_xfile TYPE string LOWER CASE. | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile. | |
− | + | *--------------------------------------------------------------------* | |
− | + | DATA: window_title TYPE string. | |
− | + | ||
− | + | window_title = 'Archivo de entrada'. | |
− | + | cl_secxml_helper=>file_f4( | |
− | + | EXPORTING window_title = window_title | |
− | + | IMPORTING filename = gf_xfile ). | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | START-OF-SELECTION. | |
− | + | *--------------------------------------------------------------------* | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | * read xml data | |
− | + | *--------------------------------------------------------------------* | |
− | + | IF gf_xfile IS NOT INITIAL. | |
− | + | cl_secxml_helper=>upload_file( | |
− | + | EXPORTING filename = gf_xfile | |
− | + | IMPORTING bindata = lf_bindata ). | |
− | + | ENDIF. | |
− | + | ||
− | + | blocksize = 16. | |
− | + | keysize = 32. | |
− | + | ctroffset = 12. | |
− | + | emptyiv = '00000000000000000000000000000000'. | |
− | + | ||
− | + | i_iv = emptyiv. | |
− | + | l_key = '12345678901234567890123456789012'. | |
− | + | l_key_x = cl_abap_hmac=>string_to_xstring( l_key ). | |
− | + | ||
− | + | IF lf_bindata IS INITIAL. | |
− | + | l_plaintext = 'Texto a encriptar'. | |
− | + | l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ). | |
− | + | ELSE. | |
− | + | MOVE lf_bindata TO l_plaintext_x. | |
− | + | ENDIF. | |
− | + | ||
− | + | iv = i_iv. | |
− | + | key = l_key_x. | |
− | + | input = l_plaintext_x. | |
− | + | ||
− | + | IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize. | |
− | + | WRITE:/ 'error en llave o IV'. | |
− | + | RETURN. | |
− | + | ENDIF. | |
− | + | ||
− | + | rest = xstrlen( input ). | |
− | + | IF rest < 1. | |
− | + | RETURN. "nothing to encrypt | |
− | + | ENDIF. | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | * encrypt | |
− | + | *--------------------------------------------------------------------* | |
− | + | CALL METHOD cl_sec_sxml_writer=>encrypt_iv( | |
− | + | EXPORTING | |
− | + | plaintext = input | |
− | + | key = key | |
− | + | iv = iv | |
− | + | algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem | |
− | + | IMPORTING | |
− | + | ciphertext = cipher ). | |
− | + | ||
− | + | * padding | |
− | + | lr_xstring = cipher+blocksize. | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | * codificar archivo encriptado en BASE64 | |
− | + | *--------------------------------------------------------------------* | |
− | + | PERFORM encode_base_64x USING lr_xstring CHANGING l_base64. | |
− | + | ||
− | + | *--------------------------------------------------------------------* | |
− | + | * decrypt message | |
− | + | *--------------------------------------------------------------------* | |
− | + | cl_sec_sxml_writer=>decrypt( | |
− | + | EXPORTING | |
− | + | ciphertext = cipher | |
− | + | key = l_key_x | |
− | + | algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem | |
− | + | IMPORTING | |
− | + | plaintext = lv_message_decrypted ). | |
− | + | ||
+ | " convert xstring to string for output | ||
+ | cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ). | ||
+ | |||
+ | " output secret message | ||
+ | WRITE lv_message_string. | ||
+ | |||
+ | *----------------------------------------------------------------------* | ||
+ | * FORM ....... | ||
+ | *----------------------------------------------------------------------* | ||
+ | * text | ||
+ | *----------------------------------------------------------------------* | ||
+ | * --> p1 text | ||
+ | * <-- p2 text | ||
+ | *----------------------------------------------------------------------* | ||
+ | FORM encode_base_64x USING p_xstring TYPE xstring | ||
+ | CHANGING p_string_base64 TYPE string. | ||
+ | DATA: l_http_utility TYPE REF TO cl_http_utility. | ||
+ | DATA: l_string TYPE string. | ||
+ | |||
+ | CREATE OBJECT l_http_utility. | ||
+ | |||
+ | CALL METHOD l_http_utility->encode_x_base64 | ||
+ | EXPORTING | ||
+ | unencoded = p_xstring | ||
+ | RECEIVING | ||
+ | encoded = p_string_base64. | ||
+ | ENDFORM.</nowiki> | ||
+ | |||
+ | ===Uso de OPENSSL=== | ||
+ | <nowiki> | ||
+ | METHOD encrypt. | ||
+ | DATA lt_btcxpm TYPE TABLE OF btcxpm. | ||
+ | |||
+ | DATA lv_parameter type BTCXPGPAR. | ||
+ | |||
+ | IF i_iv_key IS NOT INITIAL. | ||
+ | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. | ||
+ | ELSE. | ||
+ | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. | ||
+ | ENDIF. | ||
+ | |||
+ | REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. | ||
+ | REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. | ||
+ | REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. | ||
+ | REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. | ||
+ | REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. | ||
+ | |||
+ | * crear comando openssl en trn. SM69 | ||
+ | CALL FUNCTION 'SXPG_COMMAND_EXECUTE' | ||
+ | EXPORTING | ||
+ | commandname = 'ZOPENSSL' | ||
+ | additional_parameters = lv_parameter | ||
+ | TABLES | ||
+ | exec_protocol = lt_btcxpm | ||
+ | EXCEPTIONS | ||
+ | no_permission = 1 | ||
+ | command_not_found = 2 | ||
+ | parameters_too_long = 3 | ||
+ | security_risk = 4 | ||
+ | wrong_check_call_interface = 5 | ||
+ | program_start_error = 6 | ||
+ | program_termination_error = 7 | ||
+ | x_error = 8 | ||
+ | parameter_expected = 9 | ||
+ | too_many_parameters = 10 | ||
+ | illegal_command = 11 | ||
+ | wrong_asynchronous_parameters = 12 | ||
+ | cant_enq_tbtco_entry = 13 | ||
+ | jobcount_generation_error = 14 | ||
+ | OTHERS = 15. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = sy-subrc. | ||
+ | e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | IF lt_btcxpm[] IS NOT INITIAL. | ||
+ | e_subrc = 16. | ||
+ | LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). | ||
+ | ENDLOOP. | ||
+ | e_message = |Error en ecriptación { ls_btcxmp-message }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 17. | ||
+ | e_message = |Error en abrir archivo de salida { i_out_file }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | READ DATASET i_out_file INTO e_base54_enc. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 18. | ||
+ | e_message = |Error en leer archivo de salida { i_out_file }|. | ||
+ | close DATASET i_out_file. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | close DATASET i_out_file. | ||
+ | e_subrc = 0. | ||
+ | ENDMETHOD. | ||
+ | |||
+ | METHOD encrypt_sac_aes256. | ||
+ | DATA lv_key TYPE string. | ||
+ | DATA lv_key_iv TYPE string. | ||
+ | DATA lv_infile TYPE oiuh_char56. | ||
+ | DATA lv_outfile TYPE oiuh_char56. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
+ | EXPORTING | ||
+ | i_parametro = 'AES256-KEY' | ||
+ | RECEIVING | ||
+ | r_key = lv_key. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
+ | EXPORTING | ||
+ | i_parametro = 'AES256-IV' | ||
+ | RECEIVING | ||
+ | r_key = lv_key_iv. | ||
+ | |||
+ | lv_infile = '/tmp'. | ||
+ | CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. | ||
+ | |||
+ | lv_outfile = '/tmp'. | ||
+ | CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. | ||
+ | |||
+ | OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 4. | ||
+ | e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | |||
+ | TRANSFER i_text TO lv_infile. | ||
+ | IF sy-subrc <> 0. | ||
+ | e_subrc = 4. | ||
+ | e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. | ||
+ | CLOSE DATASET lv_infile. | ||
+ | RETURN. | ||
+ | ENDIF. | ||
+ | CLOSE DATASET lv_infile. | ||
+ | |||
+ | CALL METHOD zcl_hr_sac_sap=>encrypt | ||
+ | EXPORTING | ||
+ | * i_mode = 'aes-256-cbc' | ||
+ | i_in_file = lv_infile | ||
+ | i_out_file = lv_outfile | ||
+ | i_key = lv_key | ||
+ | i_iv_key = lv_key_iv | ||
+ | IMPORTING | ||
+ | e_base54_enc = e_base54_enc | ||
+ | e_subrc = e_subrc | ||
+ | e_message = e_message. | ||
+ | |||
+ | DELETE DATASET lv_infile. | ||
+ | DELETE DATASET lv_outfile. | ||
+ | |||
+ | ENDMETHOD. | ||
+ | </nowiki> | ||
+ | |||
+ | [[Category:ABAP]] |
Latest revision as of 19:14, 24 July 2024
Ejemplo AES 256 mode CBC
*&---------------------------------------------------------------------* *& Report YENCRIPT2_DO *&---------------------------------------------------------------------* *& *&---------------------------------------------------------------------* REPORT yencript2_do. * equivale a AES 256 mode CBC * basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR * para test https://www.devglan.com/online-tools/aes-encryption-decryption DATA: blocksize TYPE i , keysize TYPE i , cipher TYPE xstring , block TYPE xstring , rest TYPE i , offset TYPE i , l_iv TYPE xstring , emptyiv TYPE xstring , counter(4) TYPE x , ctroffset TYPE i . DATA iv TYPE xstring. DATA key TYPE xstring. DATA input TYPE xstring. DATA result TYPE xstring. DATA l_plaintext TYPE string. DATA l_plaintext_x TYPE xstring. DATA l_key TYPE string. DATA l_key_x TYPE xstring. DATA lv_message TYPE xstring. DATA lv_message_decrypted TYPE xstring. DATA lr_xstring TYPE xstring. DATA l_base64 TYPE string. DATA lv_message_string TYPE string. DATA i_iv TYPE xstring. DATA: lf_bindata TYPE xstring. *--------------------------------------------------------------------* * *--------------------------------------------------------------------* * ejemplo: archivo JSON o XML PARAMETERS gf_xfile TYPE string LOWER CASE. *--------------------------------------------------------------------* AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile. *--------------------------------------------------------------------* DATA: window_title TYPE string. window_title = 'Archivo de entrada'. cl_secxml_helper=>file_f4( EXPORTING window_title = window_title IMPORTING filename = gf_xfile ). *--------------------------------------------------------------------* START-OF-SELECTION. *--------------------------------------------------------------------* *--------------------------------------------------------------------* * read xml data *--------------------------------------------------------------------* IF gf_xfile IS NOT INITIAL. cl_secxml_helper=>upload_file( EXPORTING filename = gf_xfile IMPORTING bindata = lf_bindata ). ENDIF. blocksize = 16. keysize = 32. ctroffset = 12. emptyiv = '00000000000000000000000000000000'. i_iv = emptyiv. l_key = '12345678901234567890123456789012'. l_key_x = cl_abap_hmac=>string_to_xstring( l_key ). IF lf_bindata IS INITIAL. l_plaintext = 'Texto a encriptar'. l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ). ELSE. MOVE lf_bindata TO l_plaintext_x. ENDIF. iv = i_iv. key = l_key_x. input = l_plaintext_x. IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize. WRITE:/ 'error en llave o IV'. RETURN. ENDIF. rest = xstrlen( input ). IF rest < 1. RETURN. "nothing to encrypt ENDIF. *--------------------------------------------------------------------* * encrypt *--------------------------------------------------------------------* CALL METHOD cl_sec_sxml_writer=>encrypt_iv( EXPORTING plaintext = input key = key iv = iv algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING ciphertext = cipher ). * padding lr_xstring = cipher+blocksize. *--------------------------------------------------------------------* * codificar archivo encriptado en BASE64 *--------------------------------------------------------------------* PERFORM encode_base_64x USING lr_xstring CHANGING l_base64. *--------------------------------------------------------------------* * decrypt message *--------------------------------------------------------------------* cl_sec_sxml_writer=>decrypt( EXPORTING ciphertext = cipher key = l_key_x algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING plaintext = lv_message_decrypted ). " convert xstring to string for output cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ). " output secret message WRITE lv_message_string. *----------------------------------------------------------------------* * FORM ....... *----------------------------------------------------------------------* * text *----------------------------------------------------------------------* * --> p1 text * <-- p2 text *----------------------------------------------------------------------* FORM encode_base_64x USING p_xstring TYPE xstring CHANGING p_string_base64 TYPE string. DATA: l_http_utility TYPE REF TO cl_http_utility. DATA: l_string TYPE string. CREATE OBJECT l_http_utility. CALL METHOD l_http_utility->encode_x_base64 EXPORTING unencoded = p_xstring RECEIVING encoded = p_string_base64. ENDFORM.
Uso de OPENSSL
METHOD encrypt. DATA lt_btcxpm TYPE TABLE OF btcxpm. DATA lv_parameter type BTCXPGPAR. IF i_iv_key IS NOT INITIAL. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. ELSE. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. ENDIF. REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. * crear comando openssl en trn. SM69 CALL FUNCTION 'SXPG_COMMAND_EXECUTE' EXPORTING commandname = 'ZOPENSSL' additional_parameters = lv_parameter TABLES exec_protocol = lt_btcxpm EXCEPTIONS no_permission = 1 command_not_found = 2 parameters_too_long = 3 security_risk = 4 wrong_check_call_interface = 5 program_start_error = 6 program_termination_error = 7 x_error = 8 parameter_expected = 9 too_many_parameters = 10 illegal_command = 11 wrong_asynchronous_parameters = 12 cant_enq_tbtco_entry = 13 jobcount_generation_error = 14 OTHERS = 15. IF sy-subrc <> 0. e_subrc = sy-subrc. e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. RETURN. ENDIF. IF lt_btcxpm[] IS NOT INITIAL. e_subrc = 16. LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). ENDLOOP. e_message = |Error en ecriptación { ls_btcxmp-message }|. RETURN. ENDIF. OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 17. e_message = |Error en abrir archivo de salida { i_out_file }|. RETURN. ENDIF. READ DATASET i_out_file INTO e_base54_enc. IF sy-subrc <> 0. e_subrc = 18. e_message = |Error en leer archivo de salida { i_out_file }|. close DATASET i_out_file. RETURN. ENDIF. close DATASET i_out_file. e_subrc = 0. ENDMETHOD. METHOD encrypt_sac_aes256. DATA lv_key TYPE string. DATA lv_key_iv TYPE string. DATA lv_infile TYPE oiuh_char56. DATA lv_outfile TYPE oiuh_char56. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-KEY' RECEIVING r_key = lv_key. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-IV' RECEIVING r_key = lv_key_iv. lv_infile = '/tmp'. CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. lv_outfile = '/tmp'. CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. RETURN. ENDIF. TRANSFER i_text TO lv_infile. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. CLOSE DATASET lv_infile. RETURN. ENDIF. CLOSE DATASET lv_infile. CALL METHOD zcl_hr_sac_sap=>encrypt EXPORTING * i_mode = 'aes-256-cbc' i_in_file = lv_infile i_out_file = lv_outfile i_key = lv_key i_iv_key = lv_key_iv IMPORTING e_base54_enc = e_base54_enc e_subrc = e_subrc e_message = e_message. DELETE DATASET lv_infile. DELETE DATASET lv_outfile. ENDMETHOD.