You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/10/12 08:23:17 UTC
cvs commit: xml-security/c/src/enc/WinCAPI WinCAPICryptoHash.cpp WinCAPICryptoHash.hpp WinCAPICryptoHashHMAC.cpp WinCAPICryptoHashHMAC.hpp WinCAPICryptoKeyDSA.cpp WinCAPICryptoKeyDSA.hpp WinCAPICryptoKeyHMAC.cpp WinCAPICryptoKeyHMAC.hpp WinCAPICryptoKeyRSA.cpp WinCAPICryptoKeyRSA.hpp WinCAPICryptoProvider.cpp WinCAPICryptoX509.cpp WinCAPICryptoX509.hpp
blautenb 2003/10/11 23:23:17
Modified: c/src/enc/WinCAPI WinCAPICryptoHash.cpp
WinCAPICryptoHash.hpp WinCAPICryptoHashHMAC.cpp
WinCAPICryptoHashHMAC.hpp WinCAPICryptoKeyDSA.cpp
WinCAPICryptoKeyDSA.hpp WinCAPICryptoKeyHMAC.cpp
WinCAPICryptoKeyHMAC.hpp WinCAPICryptoKeyRSA.cpp
WinCAPICryptoKeyRSA.hpp WinCAPICryptoProvider.cpp
WinCAPICryptoX509.cpp WinCAPICryptoX509.hpp
Log:
All Windows CAPI code now using new model of passing in handles to providers
Revision Changes Path
1.4 +4 -4 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.cpp
Index: WinCAPICryptoHash.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WinCAPICryptoHash.cpp 5 Jul 2003 10:30:33 -0000 1.3
+++ WinCAPICryptoHash.cpp 12 Oct 2003 06:23:17 -0000 1.4
@@ -76,9 +76,9 @@
// Constructors/Destructors
-WinCAPICryptoHash::WinCAPICryptoHash(WinCAPICryptoProvider * owner, HashType alg) {
+WinCAPICryptoHash::WinCAPICryptoHash(HCRYPTPROV prov, HashType alg) {
- mp_ownerProvider = owner;
+ m_p = prov;
m_hashType = alg;
m_h = 0;
@@ -131,7 +131,7 @@
}
fResult = CryptCreateHash(
- mp_ownerProvider->getProviderDSS(),
+ m_p,
alg_id,
0,
0,
1.4 +14 -5 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.hpp
Index: WinCAPICryptoHash.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WinCAPICryptoHash.hpp 5 Jul 2003 10:30:33 -0000 1.3
+++ WinCAPICryptoHash.hpp 12 Oct 2003 06:23:17 -0000 1.4
@@ -103,8 +103,18 @@
/** @name Constructors/Destructors */
//@{
-
- WinCAPICryptoHash(WinCAPICryptoProvider * owner, XSECCryptoHash::HashType alg);
+ /**
+ * \brief Construct a Hash object
+ *
+ * Creates a Windows Crypto API based hash object of the required
+ * type.
+ *
+ * @param prov handle to a provider that supports the required algorithm.
+ * Both PROV_RSA_FULL and PROV_DSS support MD5 and SHA1
+ * @param alg The algorithm to use for digest operations
+ */
+
+ WinCAPICryptoHash(HCRYPTPROV prov, XSECCryptoHash::HashType alg);
virtual ~WinCAPICryptoHash();
//@}
@@ -187,13 +197,12 @@
// Not implemented constructors
WinCAPICryptoHash();
- WinCAPICryptoProvider * mp_ownerProvider;
-
unsigned char m_mdValue[WINCAPI_MAX_HASH_SIZE]; // Final output
unsigned int m_mdLen;
XSECCryptoHash::HashType m_hashType;
+ HCRYPTPROV m_p;
HCRYPTHASH m_h;
};
1.5 +8 -6 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp
Index: WinCAPICryptoHashHMAC.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoHashHMAC.cpp 12 Oct 2003 01:29:46 -0000 1.4
+++ WinCAPICryptoHashHMAC.cpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -108,9 +108,9 @@
// Constructors/Destructors
// --------------------------------------------------------------------------------
-WinCAPICryptoHashHMAC::WinCAPICryptoHashHMAC(WinCAPICryptoProvider * owner, HashType alg) {
+WinCAPICryptoHashHMAC::WinCAPICryptoHashHMAC(HCRYPTPROV prov, HashType alg) {
- mp_ownerProvider = owner;
+ m_p = prov;
m_h = 0;
m_blockSize = 64; // We only know SHA-1 and MD5 at this time - both are 64 bytes
@@ -199,6 +199,8 @@
if (strEquals(key->getProviderName(), DSIGConstants::s_unicodeStrPROVWinCAPI) &&
((WinCAPICryptoKeyHMAC *) key)->getWinKey() != 0) {
+ // Over-ride the local provider for this
+
HCRYPTPROV p = ((WinCAPICryptoKeyHMAC *) key)->getWinKeyProv();
HCRYPTKEY k = ((WinCAPICryptoKeyHMAC *) key)->getWinKey();
@@ -252,7 +254,7 @@
HCRYPTHASH h;
fResult = CryptCreateHash(
- mp_ownerProvider->getProviderDSS(),
+ m_p,
m_algId,
0,
0,
@@ -307,7 +309,7 @@
// Now create the hash object, and start with the ipad operation
fResult = CryptCreateHash(
- mp_ownerProvider->getProviderDSS(),
+ m_p,
m_algId,
0,
0,
@@ -379,7 +381,7 @@
// Perform the opad operation
HCRYPTHASH h;
fResult = CryptCreateHash(
- mp_ownerProvider->getProviderDSS(),
+ m_p,
m_algId,
0,
0,
1.5 +5 -5 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp
Index: WinCAPICryptoHashHMAC.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoHashHMAC.hpp 5 Jul 2003 10:30:33 -0000 1.4
+++ WinCAPICryptoHashHMAC.hpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -121,11 +121,12 @@
* (Currently supports MD5 and SHA1)
*
*
- * @param owner Owning XSECCryptoProvider instance
+ * @param prov handle to a provider that supports the required algorithm.
+ * Both PROV_RSA_FULL and PROV_DSS support MD5 and SHA1
* @param alg Digest algorithm to use
*/
- WinCAPICryptoHashHMAC(WinCAPICryptoProvider * owner, XSECCryptoHash::HashType alg);
+ WinCAPICryptoHashHMAC(HCRYPTPROV prov, XSECCryptoHash::HashType alg);
virtual ~WinCAPICryptoHashHMAC();
//@}
@@ -209,14 +210,13 @@
// Not implemented constructors
WinCAPICryptoHashHMAC();
- WinCAPICryptoProvider * mp_ownerProvider;
-
unsigned char m_mdValue[XSEC_MAX_HASH_SIZE]; // Final output
unsigned int m_mdLen;
ALG_ID m_algId;
XSECCryptoHash::HashType m_hashType;
+ HCRYPTPROV m_p;
HCRYPTHASH m_h;
unsigned char m_ipadKeyed[XSEC_MAX_HASH_SIZE];
1.4 +61 -31 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp
Index: WinCAPICryptoKeyDSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WinCAPICryptoKeyDSA.cpp 5 Jul 2003 10:30:33 -0000 1.3
+++ WinCAPICryptoKeyDSA.cpp 12 Oct 2003 06:23:17 -0000 1.4
@@ -78,12 +78,13 @@
XSEC_USING_XERCES(ArrayJanitor);
-WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner) {
+WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(HCRYPTPROV prov) {
// Create a new key to be loaded as we go
m_key = 0;
- mp_ownerProvider = owner;
+ m_p = prov;
+ m_keySpec = 0;
mp_P = NULL;
mp_Q = NULL;
@@ -94,14 +95,33 @@
// "Hidden" WinCAPI constructor
-WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner,
- HCRYPTKEY k,
- bool havePrivate) :
-mp_ownerProvider(owner),
-m_havePrivate(havePrivate) {
+WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(HCRYPTPROV prov,
+ HCRYPTKEY k) :
+m_p(prov) {
- mp_ownerProvider = owner;
m_key = k; // NOTE - We OWN this handle
+ m_keySpec = 0;
+
+ mp_P = mp_Q = mp_G = mp_Y = NULL;
+ m_PLen = m_QLen = m_GLen = m_YLen = 0;
+
+}
+
+WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(HCRYPTPROV prov,
+ DWORD keySpec,
+ bool isPrivate) :
+m_p(prov) {
+
+ if (isPrivate == false) {
+
+ throw XSECCryptoException(XSECCryptoException::DSAError,
+ "Public keys defined via keySpec ctor not yet supported");
+
+
+ }
+
+ m_key = 0;
+ m_keySpec = keySpec;
mp_P = mp_Q = mp_G = mp_Y = NULL;
m_PLen = m_QLen = m_GLen = m_YLen = 0;
@@ -134,6 +154,10 @@
// Find out what we have
if (m_key == NULL) {
+ // For now we don't really understand Private Windows keys
+ if (m_keySpec != 0)
+ return KEY_DSA_PRIVATE;
+
// Check if we have parameters loaded
if (mp_P == NULL ||
mp_Q == NULL ||
@@ -144,8 +168,12 @@
return KEY_DSA_PUBLIC;
}
- // For now we don't really understand Private Windows keys
- return (m_havePrivate ? KEY_DSA_PAIR : KEY_DSA_PUBLIC);
+ if (m_keySpec != 0)
+ return KEY_DSA_PAIR;
+
+ // If we have m_key - it must be public
+
+ return KEY_DSA_PUBLIC;
}
@@ -277,7 +305,7 @@
// Now that we have the blob, import
BOOL fResult = CryptImportKey(
- mp_ownerProvider->getProviderDSS(),
+ m_p,
blobBuffer,
blobBufferLen,
0, // Not signed
@@ -346,7 +374,7 @@
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProviderDSS(),
+ fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
@@ -411,22 +439,16 @@
// Sign a pre-calculated hash using this key
- if (m_key == NULL) {
-
- throw XSECCryptoException(XSECCryptoException::DSAError,
- "WinCAPI:DSA - Attempt to sign data with empty key");
- }
-
- if (m_havePrivate == false) {
+ if (m_keySpec == 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
- "WinCAPI:DSA - Attempt to sign data a public key");
+ "WinCAPI:DSA - Attempt to sign data a public or non-existent key");
}
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProviderDSS(),
+ fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
@@ -454,7 +476,7 @@
DWORD rawSigLen = 50;
fResult = CryptSignHash(
h,
- AT_SIGNATURE,
+ m_keySpec,
NULL,
0,
rawSig,
@@ -500,7 +522,7 @@
WinCAPICryptoKeyDSA * ret;
- XSECnew(ret, WinCAPICryptoKeyDSA(mp_ownerProvider));
+ XSECnew(ret, WinCAPICryptoKeyDSA(m_p));
if (m_key != 0) {
@@ -512,7 +534,7 @@
CryptExportKey(m_key, 0, PUBLICKEYBLOB, 0, keyBuf, &keyBufLen);
// Now re-import
- CryptImportKey(mp_ownerProvider->getProviderDSS(), keyBuf, keyBufLen, NULL, 0, &ret->m_key);
+ CryptImportKey(m_p, keyBuf, keyBufLen, NULL, 0, &ret->m_key);
}
ret->m_PLen = m_PLen;
@@ -559,8 +581,16 @@
void WinCAPICryptoKeyDSA::loadParamsFromKey(void) {
- if (m_key == 0)
- return;
+ if (m_key == 0) {
+
+ if (m_keySpec == 0)
+ return;
+
+ // See of we can get the user key
+ if (!CryptGetUserKey(m_p, m_keySpec, &m_key))
+ return;
+
+ }
// Export key into a keyblob
BOOL fResult;
@@ -649,7 +679,7 @@
unsigned int WinCAPICryptoKeyDSA::getPBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_P == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_P == NULL) {
return 0; // Nothing we can do
@@ -674,7 +704,7 @@
unsigned int WinCAPICryptoKeyDSA::getQBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_Q == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_Q == NULL) {
return 0; // Nothing we can do
@@ -699,7 +729,7 @@
unsigned int WinCAPICryptoKeyDSA::getGBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_G == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_G == NULL) {
return 0; // Nothing we can do
@@ -724,7 +754,7 @@
unsigned int WinCAPICryptoKeyDSA::getYBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_Y == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_Y == NULL) {
return 0; // Nothing we can do
1.5 +37 -11 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp
Index: WinCAPICryptoKeyDSA.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoKeyDSA.hpp 5 Jul 2003 10:30:33 -0000 1.4
+++ WinCAPICryptoKeyDSA.hpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -100,23 +100,49 @@
/** @name Constructors and Destructors */
//@{
- WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner);
+ /**
+ * \brief Ctor for DSA keys
+ *
+ * This constructor should be used for public keys that are going to be
+ * loaded later via P, Q etc.
+ *
+ * @param prov A handle to the provider (and key store) that will be
+ * used to hold the key being built (Obviously a provider type that supports
+ * DSS, such as DSS_PROV)
+ */
+
+ WinCAPICryptoKeyDSA(HCRYPTPROV prov);
+
virtual ~WinCAPICryptoKeyDSA();
/**
- * \brief WinCAPI Specific constructor
+ * \brief WinCAPI Specific constructor for public keys
*
- * Create a DSA key for use in XSEC from an existing HCRYPTKEY
+ * Create a DSA key for use in XSEC from an existing public HCRYPTKEY
*
- * @param owner The owner provider object (needed to find CSP)
+ * @param prov A handle to the CSP to be used for operations under this key.
* @param k The key to use
- * @param havePrivate The CSP holds the private key as well as public
* @note k is owned by the library. When the wrapper
* WinCAPICryptoKeyDSA is deleted, k will be destroyed using
- * CryptDestroyKey()
+ * CryptDestroyKey(). Note also that prov will not be released.
+ */
+
+ WinCAPICryptoKeyDSA(HCRYPTPROV prov, HCRYPTKEY k);
+
+ /**
+ * \brief WinCAPI Specific constructor for private keys
+ *
+ * Create a DSA key for use in XSEC from a passed in handle to a provider
+ * and associated key store
+ *
+ * @param prov A handle to the CSP to be used and read for the key.
+ * @param keySpec The Key to use (AT_SIGNATURE or AT_KEYEXCHANGE)
+ * @param isPrivate Should be true. In future, may be able to define public
+ * keys this way as well.
+ * @note The prov will not be released on close.
*/
- WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner, HCRYPTKEY k, bool havePrivate = false);
+ WinCAPICryptoKeyDSA(HCRYPTPROV prov, DWORD keySpec, bool isPrivate);
//@}
@@ -289,9 +315,9 @@
private:
- HCRYPTKEY m_key;
- WinCAPICryptoProvider * mp_ownerProvider;
- bool m_havePrivate; // Do we have the private key?
+ HCRYPTPROV m_p;
+ HCRYPTKEY m_key; // For a public key
+ DWORD m_keySpec; // For a private key
BYTE * mp_P;
BYTE * mp_Q;
1.5 +5 -8 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp
Index: WinCAPICryptoKeyHMAC.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoKeyHMAC.cpp 12 Oct 2003 01:29:46 -0000 1.4
+++ WinCAPICryptoKeyHMAC.cpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -72,12 +72,12 @@
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
-WinCAPICryptoKeyHMAC::WinCAPICryptoKeyHMAC() :m_keyBuf("") {
+WinCAPICryptoKeyHMAC::WinCAPICryptoKeyHMAC(HCRYPTPROV prov) :m_keyBuf("") {
m_keyBuf.isSensitive();
m_keyLen = 0;
m_k = 0;
- m_p = 0;
+ m_p = prov;
};
@@ -99,13 +99,11 @@
WinCAPICryptoKeyHMAC * ret;
- XSECnew(ret, WinCAPICryptoKeyHMAC());
+ XSECnew(ret, WinCAPICryptoKeyHMAC(m_p));
ret->m_keyBuf = m_keyBuf;
ret->m_keyLen = m_keyLen;
- ret->m_p = m_p;
-
if (m_k != 0) {
#if (_WIN32_WINNT > 0x0400)
if (CryptDuplicateKey(m_k,
@@ -133,7 +131,7 @@
// Windows Specific Keys
// --------------------------------------------------------------------------------
-void WinCAPICryptoKeyHMAC::setWinKey(HCRYPTPROV p, HCRYPTKEY k) {
+void WinCAPICryptoKeyHMAC::setWinKey(HCRYPTKEY k) {
if (m_k != 0) {
@@ -142,7 +140,6 @@
}
m_k = k;
- m_p = p;
}
1.5 +12 -5 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp
Index: WinCAPICryptoKeyHMAC.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoKeyHMAC.hpp 12 Oct 2003 01:29:46 -0000 1.4
+++ WinCAPICryptoKeyHMAC.hpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -106,8 +106,17 @@
/** @name Constructors and Destructors */
//@{
+ /**
+ * \brief Constructor
+ *
+ * @param prov The handle to the provider context that was used to
+ * create any Windows keys (later set via setKey). If this is not
+ * to be used for a windows key (i.e. will be used for a "normal"
+ * buffer of bytes as a key, then this value can be set to 0
+ */
+
+ WinCAPICryptoKeyHMAC(HCRYPTPROV prov);
- WinCAPICryptoKeyHMAC();
virtual ~WinCAPICryptoKeyHMAC() {};
//@}
@@ -178,13 +187,11 @@
* Set a Windows Crypto key that has been either derived via the
* various Crypt functions or has been loaded from an encrypted BLOB
*
- * @param p Handle to provider context used to create this key. Note
- * it is the responsibility of the caller to release the context.
* @param k Windows CAPI key to load
* Note that the library now owns this key (and will destroy it).
*/
- void setWinKey(HCRYPTPROV p, HCRYPTKEY k);
+ void setWinKey(HCRYPTKEY k);
/**
* \brief Get a windows key
1.3 +54 -30 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp
Index: WinCAPICryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WinCAPICryptoKeyRSA.cpp 5 Jul 2003 10:30:33 -0000 1.2
+++ WinCAPICryptoKeyRSA.cpp 12 Oct 2003 06:23:17 -0000 1.3
@@ -79,13 +79,13 @@
XSEC_USING_XERCES(ArrayJanitor);
-WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(WinCAPICryptoProvider * owner) {
+WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(HCRYPTPROV prov) {
// Create a new key to be loaded as we go
m_key = 0;
- mp_ownerProvider = owner;
- m_havePrivate = false;
+ m_p = prov;
+ m_keySpec = 0;
mp_exponent = NULL;
m_exponentLen = 0;
@@ -109,20 +109,38 @@
};
-WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(WinCAPICryptoProvider * owner,
- HCRYPTKEY k,
- bool havePrivate) :
-mp_ownerProvider(owner),
-m_havePrivate(havePrivate) {
+WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(HCRYPTPROV prov,
+ HCRYPTKEY k) :
+m_p(prov) {
- mp_ownerProvider = owner;
m_key = k; // NOTE - We OWN this handle
+ m_keySpec = 0;
mp_exponent = mp_modulus = NULL;
m_exponentLen = m_modulusLen = 0;
}
+WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(HCRYPTPROV prov,
+ DWORD keySpec,
+ bool isPrivate) :
+m_p(prov) {
+
+ if (isPrivate == false) {
+
+ throw XSECCryptoException(XSECCryptoException::RSAError,
+ "WinCAPICryptoKeyRSA - Public keys defined via keySpec ctor not yet supported");
+
+
+ }
+
+ m_key = 0;
+ m_keySpec = keySpec;
+
+ mp_exponent = mp_modulus = NULL;
+ m_exponentLen = m_modulusLen = 0;
+
+}
// Generic key functions
@@ -131,6 +149,9 @@
// Find out what we have
if (m_key == 0) {
+ if (m_keySpec != 0)
+ return KEY_RSA_PRIVATE;
+
if (mp_exponent == NULL ||
mp_modulus == NULL)
return KEY_NONE;
@@ -139,7 +160,7 @@
}
- if (m_havePrivate == true)
+ if (m_keySpec != 0)
return KEY_RSA_PAIR;
return KEY_RSA_PUBLIC;
@@ -216,7 +237,7 @@
// Now that we have the blob, import
BOOL fResult = CryptImportKey(
- mp_ownerProvider->getProviderRSA(),
+ m_p,
blobBuffer,
blobBufferLen,
0, // Not signed
@@ -283,7 +304,7 @@
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProviderRSA(),
+ fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
@@ -343,22 +364,16 @@
// Sign a pre-calculated hash using this key
- if (m_key == NULL) {
-
- throw XSECCryptoException(XSECCryptoException::RSAError,
- "WinCAPI:RSA - Attempt to sign data with empty key");
- }
-
- if (m_havePrivate == false) {
+ if (m_keySpec == 0) {
throw XSECCryptoException(XSECCryptoException::RSAError,
- "WinCAPI:RSA - Attempt to sign data a public key");
+ "WinCAPI:RSA - Attempt to sign data using a public or un-loaded key");
}
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
- fResult = CryptCreateHash(mp_ownerProvider->getProviderRSA(),
+ fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
@@ -385,7 +400,7 @@
DWORD rawSigLen;
fResult = CryptSignHash(
h,
- AT_SIGNATURE,
+ m_keySpec,
NULL,
0,
NULL,
@@ -403,7 +418,7 @@
fResult = CryptSignHash(
h,
- AT_SIGNATURE,
+ m_keySpec,
NULL,
0,
rawSig,
@@ -443,7 +458,7 @@
WinCAPICryptoKeyRSA * ret;
- XSECnew(ret, WinCAPICryptoKeyRSA(mp_ownerProvider));
+ XSECnew(ret, WinCAPICryptoKeyRSA(m_p));
if (m_key != 0) {
@@ -455,9 +470,11 @@
CryptExportKey(m_key, 0, PUBLICKEYBLOB, 0, keyBuf, &keyBufLen);
// Now re-import
- CryptImportKey(mp_ownerProvider->getProviderRSA(), keyBuf, keyBufLen, NULL, 0, &ret->m_key);
+ CryptImportKey(m_p, keyBuf, keyBufLen, NULL, 0, &ret->m_key);
}
+ ret->m_keySpec = m_keySpec;
+
ret->m_exponentLen = m_exponentLen;
if (mp_exponent != NULL) {
XSECnew(ret->mp_exponent, BYTE[m_exponentLen]);
@@ -483,8 +500,15 @@
void WinCAPICryptoKeyRSA::loadParamsFromKey(void) {
- if (m_key == 0)
- return;
+ if (m_key == 0) {
+
+ if (m_keySpec == 0)
+ return;
+
+ // See of we can get the user key
+ if (!CryptGetUserKey(m_p, m_keySpec, &m_key))
+ return;
+ }
// Export key into a keyblob
BOOL fResult;
@@ -549,7 +573,7 @@
unsigned int WinCAPICryptoKeyRSA::getExponentBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_exponent == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_exponent == NULL) {
return 0; // Nothing we can do
@@ -574,7 +598,7 @@
unsigned int WinCAPICryptoKeyRSA::getModulusBase64BigNums(char * b64, unsigned int len) {
- if (m_key == 0 && mp_modulus == NULL) {
+ if (m_key == 0 && m_keySpec == 0 && mp_modulus == NULL) {
return 0; // Nothing we can do
1.4 +32 -17 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp
Index: WinCAPICryptoKeyRSA.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WinCAPICryptoKeyRSA.hpp 5 Jul 2003 10:30:33 -0000 1.3
+++ WinCAPICryptoKeyRSA.hpp 12 Oct 2003 06:23:17 -0000 1.4
@@ -99,22 +99,44 @@
/** @name Constructors and Destructors */
//@{
- WinCAPICryptoKeyRSA(WinCAPICryptoProvider * owner);
+ /**
+ * \brief Create an RSA key
+ *
+ * Constructor used to create an "empty" RSA key, that the
+ * library will later set parameters for the public key within.
+ *
+ * @param prov A handle to a PROV_RSA_FULL provider that the
+ * library will eventually import the key into
+ */
+
+ WinCAPICryptoKeyRSA(HCRYPTPROV prov);
/**
- * \brief Dedicated WinCAPI constructor
+ * \brief Dedicated WinCAPI constructor for a public RSA key
*
- * Create a RSA key for use in XSEC from an existing HCRYPTKEY
+ * Create a public RSA key for use in XSEC from an existing HCRYPTKEY
*
- * @param owner The owner provider object (needed to find CSP)
+ * @param prov The handle to the provider that was used to create the key
* @param k The key to use
- * @param havePrivate The CSP holds the private key as well as public
* @note k is owned by the library. When the wrapper
* WinCAPICryptoKeyRSA is deleted, k will be destroyed using
* CryptDestroyKey()
*/
- WinCAPICryptoKeyRSA(WinCAPICryptoProvider * owner, HCRYPTKEY k, bool havePrivate = false);
+ WinCAPICryptoKeyRSA(HCRYPTPROV prov, HCRYPTKEY k);
+
+ /**
+ * \brief Dedicated WinCAPI constructor for a private RSA key
+ *
+ * Create a public RSA key for use in XSEC from an keySpec
+ *
+ * @param prov The handle to the provider that was used to create the key
+ * @param keySpec The key to use (AT_SIGNATURE or AT_KEYEXCHANGE
+ * @param isPrivate Should be true. May be used later for public
+ * keys created this way
+ */
+
+ WinCAPICryptoKeyRSA(HCRYPTPROV prov, DWORD keySpec, bool isPrivate);
virtual ~WinCAPICryptoKeyRSA();
@@ -227,13 +249,6 @@
/** @name WinCAPI Specific Functions */
//@{
- /**
- * \brief Constructor that loads the Windows CAPI key directly
- *
- * @param k The key to load
- */
-
- WinCAPICryptoKeyRSA(HCRYPTKEY k);
/**
* \brief Retrieve the exponent
@@ -263,9 +278,9 @@
private:
- HCRYPTKEY m_key;
- WinCAPICryptoProvider * mp_ownerProvider;
- bool m_havePrivate; // Do we have the private key?
+ HCRYPTPROV m_p;
+ HCRYPTKEY m_key; // For a public key
+ DWORD m_keySpec; // For a private key
BYTE * mp_modulus;
BYTE * mp_exponent;
1.8 +8 -8 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp
Index: WinCAPICryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- WinCAPICryptoProvider.cpp 12 Oct 2003 01:29:46 -0000 1.7
+++ WinCAPICryptoProvider.cpp 12 Oct 2003 06:23:17 -0000 1.8
@@ -136,7 +136,7 @@
WinCAPICryptoHash * ret;
- XSECnew(ret, WinCAPICryptoHash(this, XSECCryptoHash::HASH_SHA1));
+ XSECnew(ret, WinCAPICryptoHash(m_provDSS, XSECCryptoHash::HASH_SHA1));
return ret;
@@ -146,7 +146,7 @@
WinCAPICryptoHashHMAC * ret;
- XSECnew(ret, WinCAPICryptoHashHMAC(this, XSECCryptoHash::HASH_SHA1));
+ XSECnew(ret, WinCAPICryptoHashHMAC(m_provDSS, XSECCryptoHash::HASH_SHA1));
return ret;
@@ -156,7 +156,7 @@
WinCAPICryptoHash * ret;
- XSECnew(ret, WinCAPICryptoHash(this, XSECCryptoHash::HASH_MD5));
+ XSECnew(ret, WinCAPICryptoHash(m_provDSS, XSECCryptoHash::HASH_MD5));
return ret;
@@ -166,7 +166,7 @@
WinCAPICryptoHashHMAC * ret;
- XSECnew(ret, WinCAPICryptoHashHMAC(this, XSECCryptoHash::HASH_MD5));
+ XSECnew(ret, WinCAPICryptoHashHMAC(m_provDSS, XSECCryptoHash::HASH_MD5));
return ret;
@@ -176,7 +176,7 @@
WinCAPICryptoKeyDSA * ret;
- XSECnew(ret, WinCAPICryptoKeyDSA(this));
+ XSECnew(ret, WinCAPICryptoKeyDSA(m_provDSS));
return ret;
@@ -186,7 +186,7 @@
WinCAPICryptoKeyRSA * ret;
- XSECnew(ret, WinCAPICryptoKeyRSA(this));
+ XSECnew(ret, WinCAPICryptoKeyRSA(m_provRSA));
return ret;
@@ -197,7 +197,7 @@
WinCAPICryptoX509 * ret;
- XSECnew(ret, WinCAPICryptoX509(this));
+ XSECnew(ret, WinCAPICryptoX509(m_provRSA, m_provDSS));
return ret;
1.4 +7 -7 xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.cpp
Index: WinCAPICryptoX509.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WinCAPICryptoX509.cpp 5 Jul 2003 10:30:33 -0000 1.3
+++ WinCAPICryptoX509.cpp 12 Oct 2003 06:23:17 -0000 1.4
@@ -81,8 +81,8 @@
XSEC_USING_XERCES(ArrayJanitor);
-WinCAPICryptoX509::WinCAPICryptoX509(WinCAPICryptoProvider * owner) :
-m_DERX509(""), mp_certContext(NULL), mp_ownerProvider(owner) {
+WinCAPICryptoX509::WinCAPICryptoX509(HCRYPTPROV provRSA, HCRYPTPROV provDSS) :
+m_DERX509(""), mp_certContext(NULL), m_pRSA(provRSA), m_pDSS(provDSS) {
}
@@ -164,7 +164,7 @@
if (getPublicKeyType() == XSECCryptoKey::KEY_DSA_PUBLIC) {
fResult= CryptImportPublicKeyInfo(
- mp_ownerProvider->getProviderDSS(),
+ m_pDSS,
X509_ASN_ENCODING,
&(mp_certContext->pCertInfo->SubjectPublicKeyInfo),
&key);
@@ -179,7 +179,7 @@
// wrap it in
WinCAPICryptoKeyDSA * ret;
- XSECnew(ret, WinCAPICryptoKeyDSA(mp_ownerProvider, key));
+ XSECnew(ret, WinCAPICryptoKeyDSA(m_pDSS, key));
return ret;
@@ -188,7 +188,7 @@
if (getPublicKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC) {
fResult= CryptImportPublicKeyInfo(
- mp_ownerProvider->getProviderRSA(),
+ m_pRSA,
X509_ASN_ENCODING,
&(mp_certContext->pCertInfo->SubjectPublicKeyInfo),
&key);
@@ -203,7 +203,7 @@
// wrap it in
WinCAPICryptoKeyRSA * ret;
- XSECnew(ret, WinCAPICryptoKeyRSA(mp_ownerProvider, key));
+ XSECnew(ret, WinCAPICryptoKeyRSA(m_pRSA, key));
return ret;
1.5 +16 -3 xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.hpp
Index: WinCAPICryptoX509.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WinCAPICryptoX509.hpp 5 Jul 2003 10:30:33 -0000 1.4
+++ WinCAPICryptoX509.hpp 12 Oct 2003 06:23:17 -0000 1.5
@@ -94,7 +94,19 @@
/** @name Constructors and Destructors */
//@{
- WinCAPICryptoX509(WinCAPICryptoProvider * owner);
+ /**
+ * \brief Constructor for X509 objects
+ *
+ * The windows constructor requires RSA or DSS crypto providers,
+ * depending on the key type within the cert.
+ *
+ * @param provRSA A handle to the PROV_RSA_FULL type provider that the
+ * interface should use when importing keys and manipulating certs
+ * @param provDSS A handle to the PROV_DSS type provider that the
+ * interface should use when importing keys and manipulating certs
+ */
+
+ WinCAPICryptoX509(HCRYPTPROV provRSA, HCRYPTPROV provDSS);
virtual ~WinCAPICryptoX509();
//@}
@@ -152,7 +164,8 @@
safeBuffer m_DERX509;
PCCERT_CONTEXT mp_certContext;
- WinCAPICryptoProvider * mp_ownerProvider;
+ HCRYPTPROV m_pRSA;
+ HCRYPTPROV m_pDSS;
};