You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/04/11 14:24:41 UTC
cvs commit: xml-security/c/src/enc/WinCAPI WinCAPICryptoHash.cpp WinCAPICryptoHashHMAC.cpp WinCAPICryptoKeyDSA.cpp WinCAPICryptoProvider.cpp WinCAPICryptoProvider.hpp WinCAPICryptoX509.cpp
blautenb 2003/04/11 05:24:41
Modified: c/src/enc/WinCAPI WinCAPICryptoHash.cpp
WinCAPICryptoHashHMAC.cpp WinCAPICryptoKeyDSA.cpp
WinCAPICryptoProvider.cpp WinCAPICryptoProvider.hpp
WinCAPICryptoX509.cpp
Log:
Full implementation of WinCAPI
Revision Changes Path
1.2 +7 -2 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.cpp
Index: WinCAPICryptoHash.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoHash.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoHash.cpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -113,6 +113,11 @@
alg_id = CALG_SHA;
break;
+ case (XSECCryptoHash::HASH_MD5) :
+
+ alg_id = CALG_MD5;
+ break;
+
default :
alg_id = 0;
@@ -126,7 +131,7 @@
}
fResult = CryptCreateHash(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
alg_id,
0,
0,
1.2 +37 -8 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp
Index: WinCAPICryptoHashHMAC.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoHashHMAC.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoHashHMAC.cpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -80,7 +80,7 @@
// IPAD/OPAD definitions
// --------------------------------------------------------------------------------
-unsigned char ipad[] = {
+static unsigned char ipad[] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
@@ -92,7 +92,7 @@
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
};
-unsigned char opad[] = {
+static unsigned char opad[] = {
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
@@ -121,6 +121,11 @@
m_algId = CALG_SHA;
break;
+ case (XSECCryptoHash::HASH_MD5) :
+
+ m_algId = CALG_MD5;
+ break;
+
default :
m_algId = 0;
@@ -197,17 +202,41 @@
HCRYPTKEY k = ((WinCAPICryptoKeyHMAC *) key)->getWinKey();
fResult = CryptCreateHash(
- mp_ownerProvider->getProvider(),
- m_algId,
+ mp_ownerProvider->getProviderRSA(),
+ CALG_HMAC,
k,
0,
&m_h);
if (fResult == 0 || m_h == 0) {
+ DWORD error = GetLastError();
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::setKey - Error creating internally keyed hash object");
}
+ // Set the HMAC algorithm
+ HMAC_INFO hi;
+
+ hi.HashAlgid = m_algId;
+ hi.pbInnerString = NULL; // Use default inner and outer strings
+ hi.cbInnerString = 0;
+ hi.pbOuterString = NULL;
+ hi.cbOuterString = 0;
+
+ fResult = CryptSetHashParam(
+ m_h,
+ HP_HMAC_INFO,
+ (BYTE *) &hi,
+ 0);
+
+ if (fResult == 0 || m_h == 0) {
+ DWORD error = GetLastError();
+ throw XSECCryptoException(XSECCryptoException::MDError,
+ "WinCAPI:Hash::setKey - Error setting HASH_INFO object");
+ }
+
+
+
return;
}
@@ -222,7 +251,7 @@
HCRYPTHASH h;
fResult = CryptCreateHash(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
m_algId,
0,
0,
@@ -277,7 +306,7 @@
// Now create the hash object, and start with the ipad operation
fResult = CryptCreateHash(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
m_algId,
0,
0,
@@ -349,7 +378,7 @@
// Perform the opad operation
HCRYPTHASH h;
fResult = CryptCreateHash(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
m_algId,
0,
0,
1.2 +11 -16 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp
Index: WinCAPICryptoKeyDSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoKeyDSA.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoKeyDSA.cpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -78,11 +78,6 @@
XSEC_USING_XERCES(ArrayJanitor);
-#define BLOBHEADERLEN 0x08
-#define DSSPUBKEYLEN 0x08
-#define DSSSEEDLEN 0x18
-
-
WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner) {
// Create a new key to be loaded as we go
@@ -228,7 +223,7 @@
// First build a buffer to hold everything
BYTE * blobBuffer;
- unsigned int blobBufferLen = BLOBHEADERLEN + DSSPUBKEYLEN + (3 * m_PLen) + 0x14 + DSSSEEDLEN;
+ unsigned int blobBufferLen = WINCAPI_BLOBHEADERLEN + WINCAPI_DSSPUBKEYLEN + (3 * m_PLen) + 0x14 + WINCAPI_DSSSEEDLEN;
XSECnew(blobBuffer, BYTE[blobBufferLen]);
ArrayJanitor<BYTE> j_blobBuffer(blobBuffer);
@@ -241,14 +236,14 @@
header->aiKeyAlg = CALG_DSS_SIGN;
// Now the public key header
- DSSPUBKEY * pubkey = (DSSPUBKEY *) (blobBuffer + BLOBHEADERLEN);
+ DSSPUBKEY * pubkey = (DSSPUBKEY *) (blobBuffer + WINCAPI_BLOBHEADERLEN);
pubkey->magic = 0x31535344; // ASCII encoding of DSS1
pubkey->bitlen = m_PLen * 8; // Number of bits in prime modulus
// Now copy in each of the keys
BYTE * i = (BYTE *) (pubkey);
- i += DSSPUBKEYLEN;
+ i += WINCAPI_DSSPUBKEYLEN;
memcpy(i, mp_P, m_PLen);
i+= m_PLen;
@@ -277,12 +272,12 @@
*i++ = 0;
// Set seed to 0
- for (j = 0; j < DSSSEEDLEN; ++j)
+ for (j = 0; j < WINCAPI_DSSSEEDLEN; ++j)
*i++ = 0xFF; // SEED Counter set to 0xFFFFFFFF will cause seed to be ignored
// Now that we have the blob, import
BOOL fResult = CryptImportKey(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
blobBuffer,
blobBufferLen,
0, // Not signed
@@ -351,7 +346,7 @@
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProvider(),
+ fResult = CryptCreateHash(mp_ownerProvider->getProviderDSS(),
CALG_SHA1,
0,
0,
@@ -431,7 +426,7 @@
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProvider(),
+ fResult = CryptCreateHash(mp_ownerProvider->getProviderDSS(),
CALG_SHA1,
0,
0,
@@ -517,7 +512,7 @@
CryptExportKey(m_key, 0, PUBLICKEYBLOB, 0, keyBuf, &keyBufLen);
// Now re-import
- CryptImportKey(mp_ownerProvider->getProvider(), keyBuf, keyBufLen, NULL, 0, &ret->m_key);
+ CryptImportKey(mp_ownerProvider->getProviderDSS(), keyBuf, keyBufLen, NULL, 0, &ret->m_key);
}
ret->m_PLen = m_PLen;
@@ -601,13 +596,13 @@
"WinCAPI:DSA - Error exporting public key");
}
- DSSPUBKEY * pk = (DSSPUBKEY *) ( blob + BLOBHEADERLEN );
+ DSSPUBKEY * pk = (DSSPUBKEY *) ( blob + WINCAPI_BLOBHEADERLEN );
DWORD keyLen = pk->bitlen / 8;
// Copy the keys
BYTE * i = (BYTE *) ( pk );
- i += DSSPUBKEYLEN;
+ i += WINCAPI_DSSPUBKEYLEN;
if (mp_P != NULL)
delete[] mp_P;
1.2 +52 -16 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp
Index: WinCAPICryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoProvider.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoProvider.cpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -74,33 +74,49 @@
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoX509.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
+#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHash.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
- /*
- * For now, we rely on OpenSSL for many functions as we
- * build the interface
- */
-
-#include <xsec/enc/OpenSSL/OpenSSLCryptoProvider.hpp>
-#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
-
#include <xercesc/util/Janitor.hpp>
XSEC_USING_XERCES(ArrayJanitor);
WinCAPICryptoProvider::WinCAPICryptoProvider(
- HCRYPTPROV provDSS) {
-
- OpenSSL_add_all_digests(); // Initialise Openssl
- SSLeay_add_all_algorithms();
+ HCRYPTPROV provDSS,
+ HCRYPTPROV provRSA) {
// Copy parameters for later use
m_provDSS = provDSS;
+ m_provRSA = provRSA;
+
+}
+
+WinCAPICryptoProvider::WinCAPICryptoProvider() {
+ // Obtain default PROV_DSS and PROV_RSA_FULL, with default user key containers
+ if (!CryptAcquireContext(&m_provDSS,
+ NULL,
+ NULL,
+ PROV_DSS,
+ 0))
+ {
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error obtaining default PROV_DSS");
+ }
+
+ if (!CryptAcquireContext(&m_provRSA,
+ NULL,
+ NULL,
+ PROV_RSA_FULL,
+ 0))
+ {
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error obtaining default PROV_RSA_FULL");
+ }
}
@@ -130,6 +146,26 @@
}
+XSECCryptoHash * WinCAPICryptoProvider::hashMD5() {
+
+ WinCAPICryptoHash * ret;
+
+ XSECnew(ret, WinCAPICryptoHash(this, XSECCryptoHash::HASH_MD5));
+
+ return ret;
+
+}
+
+XSECCryptoHash * WinCAPICryptoProvider::hashHMACMD5() {
+
+ WinCAPICryptoHashHMAC * ret;
+
+ XSECnew(ret, WinCAPICryptoHashHMAC(this, XSECCryptoHash::HASH_MD5));
+
+ return ret;
+
+}
+
XSECCryptoKeyDSA * WinCAPICryptoProvider::keyDSA() {
WinCAPICryptoKeyDSA * ret;
@@ -142,9 +178,9 @@
XSECCryptoKeyRSA * WinCAPICryptoProvider::keyRSA() {
- OpenSSLCryptoKeyRSA * ret;
+ WinCAPICryptoKeyRSA * ret;
- XSECnew(ret, OpenSSLCryptoKeyRSA());
+ XSECnew(ret, WinCAPICryptoKeyRSA(this));
return ret;
@@ -225,7 +261,7 @@
unsigned char * b64;
// Naieve length calculation
- unsigned int bufLen = nLen * 2;
+ unsigned int bufLen = nLen * 2 + 4;
XSECnew(b64, unsigned char[bufLen]);
ArrayJanitor<unsigned char> j_b64(b64);
1.2 +24 -9 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp
Index: WinCAPICryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoProvider.hpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoProvider.hpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -78,7 +78,10 @@
#include <wincrypt.h>
-// Required for windows functions
+#define WINCAPI_BLOBHEADERLEN 0x08
+#define WINCAPI_DSSPUBKEYLEN 0x08
+#define WINCAPI_DSSSEEDLEN 0x18
+#define WINCAPI_RSAPUBKEYLEN 0x0C
/**
@@ -102,17 +105,30 @@
* Windows CSPs work under a provider model. The user should specify
* which CSP to use and which key container to use.
*
- * @param pszContainer Key container (NULL for default)
- * @param pszProvider Cryptographic provider (NULL for default)
+ * @param provDSS DSS provider - must be of type PROV_DSS
+ * @param provRSA RSA provider - must be of type PROV_RSA_FULL
*/
- WinCAPICryptoProvider(HCRYPTPROV provDSS);
+ WinCAPICryptoProvider(HCRYPTPROV provDSS, HCRYPTPROV provRSA);
+
+ /**
+ * \brief Create a Windows CAPI interface layer.
+ *
+ * The default constructor will use the default providers and containers
+ *
+ * @note This call will fail if the user has not generated keys in the
+ * default DSS and RSA provider containers
+ */
+
+ WinCAPICryptoProvider();
virtual ~WinCAPICryptoProvider();
// Hashing classes
virtual XSECCryptoHash * hashSHA1();
virtual XSECCryptoHash * hashHMACSHA1();
+ virtual XSECCryptoHash * hashMD5();
+ virtual XSECCryptoHash * hashHMACMD5();
// Encode/Decode
virtual XSECCryptoBase64 * base64();
@@ -126,7 +142,8 @@
// WinCAPI Unique
- HCRYPTPROV getProvider(void) {return m_provDSS;}
+ HCRYPTPROV getProviderDSS(void) {return m_provDSS;}
+ HCRYPTPROV getProviderRSA(void) {return m_provRSA;}
/**
* \brief Translate B64 I2OS integer to a WinCAPI int.
@@ -159,10 +176,8 @@
private:
- // Default constructor not used
- WinCAPICryptoProvider();
-
HCRYPTPROV m_provDSS;
+ HCRYPTPROV m_provRSA;
};
1.2 +28 -4 xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.cpp
Index: WinCAPICryptoX509.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoX509.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoX509.cpp 11 Apr 2003 12:24:41 -0000 1.2
@@ -73,7 +73,7 @@
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoX509.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
-//#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
+#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
@@ -139,7 +139,7 @@
if (lstrcmp(mp_certContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, CRYPTO_OID_DSA) == 0)
return XSECCryptoKey::KEY_DSA_PUBLIC;
- if (lstrcmp(mp_certContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, "RSA") == 0)
+ if (lstrcmp(mp_certContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA) == 0)
return XSECCryptoKey::KEY_RSA_PUBLIC;
return XSECCryptoKey::KEY_NONE;
@@ -164,7 +164,7 @@
if (getPublicKeyType() == XSECCryptoKey::KEY_DSA_PUBLIC) {
fResult= CryptImportPublicKeyInfo(
- mp_ownerProvider->getProvider(),
+ mp_ownerProvider->getProviderDSS(),
X509_ASN_ENCODING,
&(mp_certContext->pCertInfo->SubjectPublicKeyInfo),
&key);
@@ -180,6 +180,30 @@
WinCAPICryptoKeyDSA * ret;
XSECnew(ret, WinCAPICryptoKeyDSA(mp_ownerProvider, key));
+
+ return ret;
+
+ }
+
+ if (getPublicKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC) {
+
+ fResult= CryptImportPublicKeyInfo(
+ mp_ownerProvider->getProviderRSA(),
+ X509_ASN_ENCODING,
+ &(mp_certContext->pCertInfo->SubjectPublicKeyInfo),
+ &key);
+
+
+ if (fResult == FALSE) {
+ throw XSECCryptoException(XSECCryptoException::X509Error,
+ "WinCAPI:X509 - Error loading public key info from certificate");
+ }
+
+ // Now that we have a handle for the DSA key, create a DSA Key object to
+ // wrap it in
+
+ WinCAPICryptoKeyRSA * ret;
+ XSECnew(ret, WinCAPICryptoKeyRSA(mp_ownerProvider, key));
return ret;