SAP ABAP ENCRIPTACION
From SapWiki
Ejemplo AES 256 mode CBC
*&---------------------------------------------------------------------* *& Report YENCRIPT2_DO *&---------------------------------------------------------------------* *& *&---------------------------------------------------------------------* REPORT yencript2_do. * equivale a AES 256 mode CBC * basado en CL_SEC_SXML_WRITER=>CRYPT_AES_CTR * para test https://www.devglan.com/online-tools/aes-encryption-decryption DATA: blocksize TYPE i , keysize TYPE i , cipher TYPE xstring , block TYPE xstring , rest TYPE i , offset TYPE i , l_iv TYPE xstring , emptyiv TYPE xstring , counter(4) TYPE x , ctroffset TYPE i . DATA iv TYPE xstring. DATA key TYPE xstring. DATA input TYPE xstring. DATA result TYPE xstring. DATA l_plaintext TYPE string. DATA l_plaintext_x TYPE xstring. DATA l_key TYPE string. DATA l_key_x TYPE xstring. DATA lv_message TYPE xstring. DATA lv_message_decrypted TYPE xstring. DATA lr_xstring TYPE xstring. DATA l_base64 TYPE string. DATA lv_message_string TYPE string. DATA i_iv TYPE xstring. DATA: lf_bindata TYPE xstring. *--------------------------------------------------------------------* * *--------------------------------------------------------------------* * ejemplo: archivo JSON o XML PARAMETERS gf_xfile TYPE string LOWER CASE. *--------------------------------------------------------------------* AT SELECTION-SCREEN ON VALUE-REQUEST FOR gf_xfile. *--------------------------------------------------------------------* DATA: window_title TYPE string. window_title = 'Archivo de entrada'. cl_secxml_helper=>file_f4( EXPORTING window_title = window_title IMPORTING filename = gf_xfile ). *--------------------------------------------------------------------* START-OF-SELECTION. *--------------------------------------------------------------------* *--------------------------------------------------------------------* * read xml data *--------------------------------------------------------------------* IF gf_xfile IS NOT INITIAL. cl_secxml_helper=>upload_file( EXPORTING filename = gf_xfile IMPORTING bindata = lf_bindata ). ENDIF. blocksize = 16. keysize = 32. ctroffset = 12. emptyiv = '00000000000000000000000000000000'. i_iv = emptyiv. l_key = '12345678901234567890123456789012'. l_key_x = cl_abap_hmac=>string_to_xstring( l_key ). IF lf_bindata IS INITIAL. l_plaintext = 'Texto a encriptar'. l_plaintext_x = cl_abap_hmac=>string_to_xstring( l_plaintext ). ELSE. MOVE lf_bindata TO l_plaintext_x. ENDIF. iv = i_iv. key = l_key_x. input = l_plaintext_x. IF xstrlen( iv ) NE blocksize OR xstrlen( key ) NE keysize. WRITE:/ 'error en llave o IV'. RETURN. ENDIF. rest = xstrlen( input ). IF rest < 1. RETURN. "nothing to encrypt ENDIF. *--------------------------------------------------------------------* * encrypt *--------------------------------------------------------------------* CALL METHOD cl_sec_sxml_writer=>encrypt_iv( EXPORTING plaintext = input key = key iv = iv algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING ciphertext = cipher ). * padding lr_xstring = cipher+blocksize. *--------------------------------------------------------------------* * codificar archivo encriptado en BASE64 *--------------------------------------------------------------------* PERFORM encode_base_64x USING lr_xstring CHANGING l_base64. *--------------------------------------------------------------------* * decrypt message *--------------------------------------------------------------------* cl_sec_sxml_writer=>decrypt( EXPORTING ciphertext = cipher key = l_key_x algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem IMPORTING plaintext = lv_message_decrypted ). " convert xstring to string for output cl_abap_conv_in_ce=>create( input = lv_message_decrypted )->read( IMPORTING data = lv_message_string ). " output secret message WRITE lv_message_string. *----------------------------------------------------------------------* * FORM ....... *----------------------------------------------------------------------* * text *----------------------------------------------------------------------* * --> p1 text * <-- p2 text *----------------------------------------------------------------------* FORM encode_base_64x USING p_xstring TYPE xstring CHANGING p_string_base64 TYPE string. DATA: l_http_utility TYPE REF TO cl_http_utility. DATA: l_string TYPE string. CREATE OBJECT l_http_utility. CALL METHOD l_http_utility->encode_x_base64 EXPORTING unencoded = p_xstring RECEIVING encoded = p_string_base64. ENDFORM.
Uso de OPENSSL
METHOD encrypt. DATA lt_btcxpm TYPE TABLE OF btcxpm. DATA lv_parameter type BTCXPGPAR. IF i_iv_key IS NOT INITIAL. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -iv &4 -out &5|. ELSE. lv_parameter = |enc -&1 -e -a -A -in &2 -K &3 -out &5|. ENDIF. REPLACE FIRST OCCURRENCE OF '&1' IN lv_parameter WITH i_mode. REPLACE FIRST OCCURRENCE OF '&2' IN lv_parameter WITH i_in_file. REPLACE FIRST OCCURRENCE OF '&3' IN lv_parameter WITH i_key. REPLACE FIRST OCCURRENCE OF '&4' IN lv_parameter WITH i_iv_key. REPLACE FIRST OCCURRENCE OF '&5' IN lv_parameter WITH i_out_file. CALL FUNCTION 'SXPG_COMMAND_EXECUTE' EXPORTING commandname = 'ZOPENSSL' additional_parameters = lv_parameter TABLES exec_protocol = lt_btcxpm EXCEPTIONS no_permission = 1 command_not_found = 2 parameters_too_long = 3 security_risk = 4 wrong_check_call_interface = 5 program_start_error = 6 program_termination_error = 7 x_error = 8 parameter_expected = 9 too_many_parameters = 10 illegal_command = 11 wrong_asynchronous_parameters = 12 cant_enq_tbtco_entry = 13 jobcount_generation_error = 14 OTHERS = 15. IF sy-subrc <> 0. e_subrc = sy-subrc. e_message = 'Error al ejecutar comando OPENSSL(ZOPENSSL)'. RETURN. ENDIF. IF lt_btcxpm[] IS NOT INITIAL. e_subrc = 16. LOOP AT lt_btcxpm INTO DATA(ls_btcxmp). ENDLOOP. e_message = |Error en ecriptación { ls_btcxmp-message }|. RETURN. ENDIF. OPEN DATASET i_out_file FOR input IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 17. e_message = |Error en abrir archivo de salida { i_out_file }|. RETURN. ENDIF. READ DATASET i_out_file INTO e_base54_enc. IF sy-subrc <> 0. e_subrc = 18. e_message = |Error en leer archivo de salida { i_out_file }|. close DATASET i_out_file. RETURN. ENDIF. close DATASET i_out_file. e_subrc = 0. ENDMETHOD. METHOD encrypt_sac_aes256. DATA lv_key TYPE string. DATA lv_key_iv TYPE string. DATA lv_infile TYPE oiuh_char56. DATA lv_outfile TYPE oiuh_char56. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-KEY' RECEIVING r_key = lv_key. CALL METHOD zcl_hr_sac_sap=>get_aes256_key_hex EXPORTING i_parametro = 'AES256-IV' RECEIVING r_key = lv_key_iv. lv_infile = '/tmp'. CONCATENATE lv_infile '/' i_id '.dat' INTO lv_infile. lv_outfile = '/tmp'. CONCATENATE lv_outfile '/' i_id '.enc' INTO lv_outfile. OPEN DATASET lv_infile FOR OUTPUT IN TEXT MODE ENCODING DEFAULT. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error en abrir archivo de entrada(IN) { lv_infile }|. RETURN. ENDIF. TRANSFER i_text TO lv_infile. IF sy-subrc <> 0. e_subrc = 4. e_message = |Error al escribir en archivo de entrada(IN) { lv_infile }|. CLOSE DATASET lv_infile. RETURN. ENDIF. CLOSE DATASET lv_infile. CALL METHOD zcl_hr_sac_sap=>encrypt EXPORTING * i_mode = 'aes-256-cbc' i_in_file = lv_infile i_out_file = lv_outfile i_key = lv_key i_iv_key = lv_key_iv IMPORTING e_base54_enc = e_base54_enc e_subrc = e_subrc e_message = e_message. DELETE DATASET lv_infile. DELETE DATASET lv_outfile. ENDMETHOD.