Difference between revisions of "SAP ABAP ENCRIPTACION"
From SapWiki
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Ejemplo AES 256 mode CBC== | ==Ejemplo AES 256 mode CBC== | ||
| − | *&---------------------------------------------------------------------* | + | <nowiki>*&---------------------------------------------------------------------* |
| − | + | *& Report YENCRIPT2_DO | |
| − | + | *&---------------------------------------------------------------------* | |
| − | + | *& | |
| − | + | *&---------------------------------------------------------------------* | |
| − | + | REPORT yencript2_do. | |
| − | + | * equivale a AES 256 mode CBC | |
| − | + | * basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR | |
| − | + | * para test https://www.devglan.com/online-tools/aes-encryption-decryption | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | DATA: blocksize TYPE i | |
| − | + | , keysize TYPE i | |
| − | + | , cipher TYPE xstring | |
| − | + | , block TYPE xstring | |
| − | + | , rest TYPE i | |
| − | + | , offset TYPE i | |
| − | + | , l_iv TYPE xstring | |
| − | + | , emptyiv TYPE xstring | |
| − | + | , counter(4) TYPE x | |
| − | + | , ctroffset TYPE i | |
| − | + | . | |
| − | + | DATA iv TYPE xstring. | |
| − | + | DATA key TYPE xstring. | |
| − | + | DATA input TYPE xstring. | |
| − | + | DATA result TYPE xstring. | |
| − | + | DATA l_plaintext TYPE string. | |
| − | + | DATA l_plaintext_x TYPE xstring. | |
| − | + | DATA l_key TYPE string. | |
| − | + | DATA l_key_x TYPE xstring. | |
| − | + | DATA lv_message TYPE xstring. | |
| − | + | DATA lv_message_decrypted TYPE xstring. | |
| − | + | DATA lr_xstring TYPE xstring. | |
| − | + | DATA l_base64 TYPE string. | |
| − | + | DATA lv_message_string TYPE string. | |
| − | + | DATA i_iv TYPE xstring. | |
| − | + | DATA: lf_bindata TYPE xstring. | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | * | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | * ejemplo: archivo JSON o XML | |
| − | + | PARAMETERS gf_xfile TYPE string LOWER CASE. | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile. | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | DATA: window_title TYPE string. | |
| − | + | ||
| − | + | window_title = 'Archivo de entrada'. | |
| − | + | cl_secxml_helper=>file_f4( | |
| − | + | EXPORTING window_title = window_title | |
| − | + | IMPORTING filename = gf_xfile ). | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | START-OF-SELECTION. | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | * read xml data | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | IF gf_xfile IS NOT INITIAL. | |
| − | + | cl_secxml_helper=>upload_file( | |
| − | + | EXPORTING filename = gf_xfile | |
| − | + | IMPORTING bindata = lf_bindata ). | |
| − | + | ENDIF. | |
| − | + | ||
| − | + | blocksize = 16. | |
| − | + | keysize = 32. | |
| − | + | ctroffset = 12. | |
| − | + | emptyiv = '00000000000000000000000000000000'. | |
| − | + | ||
| − | + | i_iv = emptyiv. | |
| − | + | l_key = '12345678901234567890123456789012'. | |
| − | + | l_key_x = cl_abap_hmac=>string_to_xstring( l_key ). | |
| − | + | ||
| − | + | IF lf_bindata IS INITIAL. | |
| − | + | l_plaintext = 'Texto a encriptar'. | |
| − | + | l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ). | |
| − | + | ELSE. | |
| − | + | MOVE lf_bindata TO l_plaintext_x. | |
| − | + | ENDIF. | |
| − | + | ||
| − | + | iv = i_iv. | |
| − | + | key = l_key_x. | |
| − | + | input = l_plaintext_x. | |
| − | + | ||
| − | + | IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize. | |
| − | + | WRITE:/ 'error en llave o IV'. | |
| − | + | RETURN. | |
| − | + | ENDIF. | |
| − | + | ||
| − | + | rest = xstrlen( input ). | |
| − | + | IF rest < 1. | |
| − | + | RETURN. "nothing to encrypt | |
| − | + | ENDIF. | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | * encrypt | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | CALL METHOD cl_sec_sxml_writer=>encrypt_iv( | |
| − | + | EXPORTING | |
| − | + | plaintext = input | |
| − | + | key = key | |
| − | + | iv = iv | |
| − | + | algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem | |
| − | + | IMPORTING | |
| − | + | ciphertext = cipher ). | |
| − | + | ||
| − | + | * padding | |
| − | + | lr_xstring = cipher+blocksize. | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | * codificar archivo encriptado en BASE64 | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | PERFORM encode_base_64x USING lr_xstring CHANGING l_base64. | |
| − | + | ||
| − | + | *--------------------------------------------------------------------* | |
| − | + | * decrypt message | |
| − | + | *--------------------------------------------------------------------* | |
| − | + | cl_sec_sxml_writer=>decrypt( | |
| − | + | EXPORTING | |
| − | + | ciphertext = cipher | |
| − | + | key = l_key_x | |
| − | + | algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem | |
| − | + | IMPORTING | |
| − | + | plaintext = lv_message_decrypted ). | |
| − | + | ||
| + | " convert xstring to string for output | ||
| + | cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ). | ||
| + | |||
| + | " output secret message | ||
| + | WRITE lv_message_string. | ||
| + | |||
| + | *----------------------------------------------------------------------* | ||
| + | * FORM ....... | ||
| + | *----------------------------------------------------------------------* | ||
| + | * text | ||
| + | *----------------------------------------------------------------------* | ||
| + | * --> p1 text | ||
| + | * <-- p2 text | ||
| + | *----------------------------------------------------------------------* | ||
| + | FORM encode_base_64x USING p_xstring TYPE xstring | ||
| + | CHANGING p_string_base64 TYPE string. | ||
| + | DATA: l_http_utility TYPE REF TO cl_http_utility. | ||
| + | DATA: l_string TYPE string. | ||
| + | |||
| + | CREATE OBJECT l_http_utility. | ||
| + | |||
| + | CALL METHOD l_http_utility->encode_x_base64 | ||
| + | EXPORTING | ||
| + | unencoded = p_xstring | ||
| + | RECEIVING | ||
| + | encoded = p_string_base64. | ||
| + | ENDFORM.</nowiki> | ||
| + | |||
| + | ===Uso de OPENSSL=== | ||
| + | <nowiki> | ||
| + | METHOD encrypt. | ||
| + | DATA lt_btcxpm TYPE TABLE OF btcxpm. | ||
| + | |||
| + | DATA lv_parameter type BTCXPGPAR. | ||
| + | |||
| + | IF i_iv_key IS NOT INITIAL. | ||
| + | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. | ||
| + | ELSE. | ||
| + | lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. | ||
| + | ENDIF. | ||
| + | |||
| + | REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. | ||
| + | REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. | ||
| + | REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. | ||
| + | REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. | ||
| + | REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. | ||
| + | |||
| + | * crear comando openssl en trn. SM69 | ||
| + | CALL FUNCTION 'SXPG_COMMAND_EXECUTE' | ||
| + | EXPORTING | ||
| + | commandname = 'ZOPENSSL' | ||
| + | additional_parameters = lv_parameter | ||
| + | TABLES | ||
| + | exec_protocol = lt_btcxpm | ||
| + | EXCEPTIONS | ||
| + | no_permission = 1 | ||
| + | command_not_found = 2 | ||
| + | parameters_too_long = 3 | ||
| + | security_risk = 4 | ||
| + | wrong_check_call_interface = 5 | ||
| + | program_start_error = 6 | ||
| + | program_termination_error = 7 | ||
| + | x_error = 8 | ||
| + | parameter_expected = 9 | ||
| + | too_many_parameters = 10 | ||
| + | illegal_command = 11 | ||
| + | wrong_asynchronous_parameters = 12 | ||
| + | cant_enq_tbtco_entry = 13 | ||
| + | jobcount_generation_error = 14 | ||
| + | OTHERS = 15. | ||
| + | IF sy-subrc <> 0. | ||
| + | e_subrc = sy-subrc. | ||
| + | e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | |||
| + | IF lt_btcxpm[] IS NOT INITIAL. | ||
| + | e_subrc = 16. | ||
| + | LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). | ||
| + | ENDLOOP. | ||
| + | e_message = |Error en ecriptación { ls_btcxmp-message }|. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | |||
| + | OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. | ||
| + | IF sy-subrc <> 0. | ||
| + | e_subrc = 17. | ||
| + | e_message = |Error en abrir archivo de salida { i_out_file }|. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | |||
| + | READ DATASET i_out_file INTO e_base54_enc. | ||
| + | IF sy-subrc <> 0. | ||
| + | e_subrc = 18. | ||
| + | e_message = |Error en leer archivo de salida { i_out_file }|. | ||
| + | close DATASET i_out_file. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | close DATASET i_out_file. | ||
| + | e_subrc = 0. | ||
| + | ENDMETHOD. | ||
| + | |||
| + | METHOD encrypt_sac_aes256. | ||
| + | DATA lv_key TYPE string. | ||
| + | DATA lv_key_iv TYPE string. | ||
| + | DATA lv_infile TYPE oiuh_char56. | ||
| + | DATA lv_outfile TYPE oiuh_char56. | ||
| + | |||
| + | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
| + | EXPORTING | ||
| + | i_parametro = 'AES256-KEY' | ||
| + | RECEIVING | ||
| + | r_key = lv_key. | ||
| + | |||
| + | CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex | ||
| + | EXPORTING | ||
| + | i_parametro = 'AES256-IV' | ||
| + | RECEIVING | ||
| + | r_key = lv_key_iv. | ||
| + | |||
| + | lv_infile = '/tmp'. | ||
| + | CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. | ||
| + | |||
| + | lv_outfile = '/tmp'. | ||
| + | CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. | ||
| + | |||
| + | OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. | ||
| + | IF sy-subrc <> 0. | ||
| + | e_subrc = 4. | ||
| + | e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | |||
| + | TRANSFER i_text TO lv_infile. | ||
| + | IF sy-subrc <> 0. | ||
| + | e_subrc = 4. | ||
| + | e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. | ||
| + | CLOSE DATASET lv_infile. | ||
| + | RETURN. | ||
| + | ENDIF. | ||
| + | CLOSE DATASET lv_infile. | ||
| + | |||
| + | CALL METHOD zcl_hr_sac_sap=>encrypt | ||
| + | EXPORTING | ||
| + | * i_mode = 'aes-256-cbc' | ||
| + | i_in_file = lv_infile | ||
| + | i_out_file = lv_outfile | ||
| + | i_key = lv_key | ||
| + | i_iv_key = lv_key_iv | ||
| + | IMPORTING | ||
| + | e_base54_enc = e_base54_enc | ||
| + | e_subrc = e_subrc | ||
| + | e_message = e_message. | ||
| + | |||
| + | DELETE DATASET lv_infile. | ||
| + | DELETE DATASET lv_outfile. | ||
| + | |||
| + | ENDMETHOD. | ||
| + | </nowiki> | ||
[[Category:ABAP]] | [[Category:ABAP]] | ||
Latest revision as of 19:14, 24 July 2024
Ejemplo AES 256 mode CBC
*&---------------------------------------------------------------------*
*& Report YENCRIPT2_DO
*&---------------------------------------------------------------------*
*&
*&---------------------------------------------------------------------*
REPORT yencript2_do.
* equivale a AES 256 mode CBC
* basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR
* para test https://www.devglan.com/online-tools/aes-encryption-decryption
DATA: blocksize TYPE i
, keysize TYPE i
, cipher TYPE xstring
, block TYPE xstring
, rest TYPE i
, offset TYPE i
, l_iv TYPE xstring
, emptyiv TYPE xstring
, counter(4) TYPE x
, ctroffset TYPE i
.
DATA iv TYPE xstring.
DATA key TYPE xstring.
DATA input TYPE xstring.
DATA result TYPE xstring.
DATA l_plaintext TYPE string.
DATA l_plaintext_x TYPE xstring.
DATA l_key TYPE string.
DATA l_key_x TYPE xstring.
DATA lv_message TYPE xstring.
DATA lv_message_decrypted TYPE xstring.
DATA lr_xstring TYPE xstring.
DATA l_base64 TYPE string.
DATA lv_message_string TYPE string.
DATA i_iv TYPE xstring.
DATA: lf_bindata TYPE xstring.
*--------------------------------------------------------------------*
*
*--------------------------------------------------------------------*
* ejemplo: archivo JSON o XML
PARAMETERS gf_xfile TYPE string LOWER CASE.
*--------------------------------------------------------------------*
AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile.
*--------------------------------------------------------------------*
DATA: window_title TYPE string.
window_title = 'Archivo de entrada'.
cl_secxml_helper=>file_f4(
EXPORTING window_title = window_title
IMPORTING filename = gf_xfile ).
*--------------------------------------------------------------------*
START-OF-SELECTION.
*--------------------------------------------------------------------*
*--------------------------------------------------------------------*
* read xml data
*--------------------------------------------------------------------*
IF gf_xfile IS NOT INITIAL.
cl_secxml_helper=>upload_file(
EXPORTING filename = gf_xfile
IMPORTING bindata = lf_bindata ).
ENDIF.
blocksize = 16.
keysize = 32.
ctroffset = 12.
emptyiv = '00000000000000000000000000000000'.
i_iv = emptyiv.
l_key = '12345678901234567890123456789012'.
l_key_x = cl_abap_hmac=>string_to_xstring( l_key ).
IF lf_bindata IS INITIAL.
l_plaintext = 'Texto a encriptar'.
l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ).
ELSE.
MOVE lf_bindata TO l_plaintext_x.
ENDIF.
iv = i_iv.
key = l_key_x.
input = l_plaintext_x.
IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize.
WRITE:/ 'error en llave o IV'.
RETURN.
ENDIF.
rest = xstrlen( input ).
IF rest < 1.
RETURN. "nothing to encrypt
ENDIF.
*--------------------------------------------------------------------*
* encrypt
*--------------------------------------------------------------------*
CALL METHOD cl_sec_sxml_writer=>encrypt_iv(
EXPORTING
plaintext = input
key = key
iv = iv
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
ciphertext = cipher ).
* padding
lr_xstring = cipher+blocksize.
*--------------------------------------------------------------------*
* codificar archivo encriptado en BASE64
*--------------------------------------------------------------------*
PERFORM encode_base_64x USING lr_xstring CHANGING l_base64.
*--------------------------------------------------------------------*
* decrypt message
*--------------------------------------------------------------------*
cl_sec_sxml_writer=>decrypt(
EXPORTING
ciphertext = cipher
key = l_key_x
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
plaintext = lv_message_decrypted ).
" convert xstring to string for output
cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ).
" output secret message
WRITE lv_message_string.
*----------------------------------------------------------------------*
* FORM .......
*----------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
* --> p1 text
* <-- p2 text
*----------------------------------------------------------------------*
FORM encode_base_64x USING p_xstring TYPE xstring
CHANGING p_string_base64 TYPE string.
DATA: l_http_utility TYPE REF TO cl_http_utility.
DATA: l_string TYPE string.
CREATE OBJECT l_http_utility.
CALL METHOD l_http_utility->encode_x_base64
EXPORTING
unencoded = p_xstring
RECEIVING
encoded = p_string_base64.
ENDFORM.
Uso de OPENSSL
METHOD encrypt.
DATA lt_btcxpm TYPE TABLE OF btcxpm.
DATA lv_parameter type BTCXPGPAR.
IF i_iv_key IS NOT INITIAL.
lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|.
ELSE.
lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|.
ENDIF.
REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode.
REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file.
REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key.
REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key.
REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file.
* crear comando openssl en trn. SM69
CALL FUNCTION 'SXPG_COMMAND_EXECUTE'
EXPORTING
commandname = 'ZOPENSSL'
additional_parameters = lv_parameter
TABLES
exec_protocol = lt_btcxpm
EXCEPTIONS
no_permission = 1
command_not_found = 2
parameters_too_long = 3
security_risk = 4
wrong_check_call_interface = 5
program_start_error = 6
program_termination_error = 7
x_error = 8
parameter_expected = 9
too_many_parameters = 10
illegal_command = 11
wrong_asynchronous_parameters = 12
cant_enq_tbtco_entry = 13
jobcount_generation_error = 14
OTHERS = 15.
IF sy-subrc <> 0.
e_subrc = sy-subrc.
e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'.
RETURN.
ENDIF.
IF lt_btcxpm[] IS NOT INITIAL.
e_subrc = 16.
LOOP AT lt_btcxpm INTO DATA(ls_btcxmp).
ENDLOOP.
e_message = |Error en ecriptación { ls_btcxmp-message }|.
RETURN.
ENDIF.
OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT.
IF sy-subrc <> 0.
e_subrc = 17.
e_message = |Error en abrir archivo de salida { i_out_file }|.
RETURN.
ENDIF.
READ DATASET i_out_file INTO e_base54_enc.
IF sy-subrc <> 0.
e_subrc = 18.
e_message = |Error en leer archivo de salida { i_out_file }|.
close DATASET i_out_file.
RETURN.
ENDIF.
close DATASET i_out_file.
e_subrc = 0.
ENDMETHOD.
METHOD encrypt_sac_aes256.
DATA lv_key TYPE string.
DATA lv_key_iv TYPE string.
DATA lv_infile TYPE oiuh_char56.
DATA lv_outfile TYPE oiuh_char56.
CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
EXPORTING
i_parametro = 'AES256-KEY'
RECEIVING
r_key = lv_key.
CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex
EXPORTING
i_parametro = 'AES256-IV'
RECEIVING
r_key = lv_key_iv.
lv_infile = '/tmp'.
CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile.
lv_outfile = '/tmp'.
CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile.
OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
IF sy-subrc <> 0.
e_subrc = 4.
e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|.
RETURN.
ENDIF.
TRANSFER i_text TO lv_infile.
IF sy-subrc <> 0.
e_subrc = 4.
e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|.
CLOSE DATASET lv_infile.
RETURN.
ENDIF.
CLOSE DATASET lv_infile.
CALL METHOD zcl_hr_sac_sap=>encrypt
EXPORTING
* i_mode = 'aes-256-cbc'
i_in_file = lv_infile
i_out_file = lv_outfile
i_key = lv_key
i_iv_key = lv_key_iv
IMPORTING
e_base54_enc = e_base54_enc
e_subrc = e_subrc
e_message = e_message.
DELETE DATASET lv_infile.
DELETE DATASET lv_outfile.
ENDMETHOD.
