blautenb 2003/04/07 05:13:36
Added: c/src/enc/WinCAPI WinCAPICryptoHash.cpp
WinCAPICryptoHash.hpp WinCAPICryptoHashHMAC.cpp
WinCAPICryptoHashHMAC.hpp WinCAPICryptoKeyDSA.cpp
WinCAPICryptoKeyDSA.hpp WinCAPICryptoKeyHMAC.cpp
WinCAPICryptoKeyHMAC.hpp WinCAPICryptoKeyHash.hpp
WinCAPICryptoProvider.cpp WinCAPICryptoProvider.hpp
WinCAPICryptoX509.cpp WinCAPICryptoX509.hpp
Log:
Initial checkin of alpha support for Windows Crypto API as crypto provider
for signatures
Revision Changes Path
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.cpp
Index: WinCAPICryptoHash.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoHash := Windows CAPI Implementation of Message digests
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoHash.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/enc/WinCAPI/WinCAPICryptoHash.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <memory.h>
// Constructors/Destructors
WinCAPICryptoHash::WinCAPICryptoHash(WinCAPICryptoProvider * owner, HashType
alg) {
mp_ownerProvider = owner;
m_hashType = alg;
m_h = 0;
reset();
}
WinCAPICryptoHash::~WinCAPICryptoHash() {
if (m_h != 0)
CryptDestroyHash(m_h);
}
// Hashing Activities
void WinCAPICryptoHash::reset(void) {
if (m_h != 0)
CryptDestroyHash(m_h);
m_h = 0;
BOOL fResult;
ALG_ID alg_id;
switch (m_hashType) {
case (XSECCryptoHash::HASH_SHA1) :
alg_id = CALG_SHA;
break;
default :
alg_id = 0;
}
if(alg_id == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Unknown algorithm");
}
fResult = CryptCreateHash(
mp_ownerProvider->getProvider(),
alg_id,
0,
0,
&m_h);
if (fResult == 0 || m_h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Error creating hash object");
}
}
void WinCAPICryptoHash::hash(unsigned char * data,
unsigned int
length) {
BOOL fResult = CryptHashData(
m_h,
data,
length,
0);
if (fResult == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Error Hashing Data");
}
}
unsigned int WinCAPICryptoHash::finish(unsigned char * hash,
unsigned int maxLength) {
DWORD retLen;
BOOL fResult;
retLen = WINCAPI_MAX_HASH_SIZE;
fResult = CryptGetHashParam(
m_h,
HP_HASHVAL,
m_mdValue,
&retLen,
0);
if (fResult == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Error getting hash value");
}
m_mdLen = retLen;
retLen = (maxLength > m_mdLen ? m_mdLen : maxLength);
memcpy(hash, m_mdValue, retLen);
return (unsigned int) retLen;
}
// Get information
XSECCryptoHash::HashType WinCAPICryptoHash::getHashType(void) {
return m_hashType; // This could be any kind of
hash
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHash.hpp
Index: WinCAPICryptoHash.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoHash := Windows CAPI Implementation of Message digests
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoHash.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOHASH_INCLUDE
#define WINCAPICRYPTOHASH_INCLUDE
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoHash.hpp>
#if !defined(_WIN32_WINNT)
# define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
#define WINCAPI_MAX_HASH_SIZE 256
class WinCAPICryptoProvider;
class DSIG_EXPORT WinCAPICryptoHash : public XSECCryptoHash {
public :
// Constructors/Destructors
WinCAPICryptoHash(WinCAPICryptoProvider * owner,
XSECCryptoHash::HashType alg);
virtual ~WinCAPICryptoHash();
// Key activities
virtual void setKey(XSECCryptoKey * key) {}
// Hashing Activities
virtual void reset(void);
// Reset the hash
virtual void hash(unsigned char * data,
unsigned int length);
// Hash some data
virtual unsigned int finish(unsigned char * hash,
unsigned int
maxLength);// Finish and get hash
// Get information
virtual HashType getHashType(void);
private:
// Not implemented constructors
WinCAPICryptoHash();
WinCAPICryptoProvider * mp_ownerProvider;
unsigned char
m_mdValue[WINCAPI_MAX_HASH_SIZE]; // Final output
unsigned int m_mdLen;
XSECCryptoHash::HashType m_hashType;
HCRYPTHASH m_h;
};
#endif /* WINCAPICRYPTOHASHSHA1_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp
Index: WinCAPICryptoHashHMAC.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoHashHMAC := Windows CAPI Implementation of Message digests
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoHashHMAC.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp>
#include <xsec/utils/XSECDOMUtils.hpp>
#include <memory.h>
//
--------------------------------------------------------------------------------
// IPAD/OPAD definitions
//
--------------------------------------------------------------------------------
unsigned char ipad[] = {
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
};
unsigned char opad[] = {
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
};
//
--------------------------------------------------------------------------------
// Constructors/Destructors
//
--------------------------------------------------------------------------------
WinCAPICryptoHashHMAC::WinCAPICryptoHashHMAC(WinCAPICryptoProvider * owner,
HashType alg) {
mp_ownerProvider = owner;
m_h = 0;
m_blockSize = 64; // We only know SHA-1 and MD5 at this
time - both are 64 bytes
switch (alg) {
case (XSECCryptoHash::HASH_SHA1) :
m_algId = CALG_SHA;
break;
default :
m_algId = 0;
}
if(m_algId == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Unknown algorithm");
}
m_hashType = alg;
}
void WinCAPICryptoHashHMAC::reset() {
if (m_h != 0)
CryptDestroyHash(m_h);
}
WinCAPICryptoHashHMAC::~WinCAPICryptoHashHMAC() {
if (m_h != 0)
CryptDestroyHash(m_h);
}
//
--------------------------------------------------------------------------------
// Key manipulation
//
--------------------------------------------------------------------------------
void WinCAPICryptoHashHMAC::eraseKeys(void) {
// Overwrite the ipad/opad calculated key values
unsigned char * i = m_ipadKeyed;
unsigned char * j = m_opadKeyed;
for (unsigned int k = 0; k < XSEC_MAX_HASH_BLOCK_SIZE; ++k) {
*i++ = 0;
*j++ = 0;
}
}
void WinCAPICryptoHashHMAC::setKey(XSECCryptoKey *key) {
BOOL fResult;
// Use this to initialise the ipadKeyed/opadKeyed values
if (key->getKeyType() != XSECCryptoKey::KEY_HMAC) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:HashHMAC - Non HMAC Key passed to HashHMAC");
}
if (m_blockSize > XSEC_MAX_HASH_BLOCK_SIZE) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:HashHMAC - Internal error - have got a
blocksize bigger than I can handle");
}
// Check to see if this is an internal Windows Key
if (strEquals(key->getProviderName(),
DSIGConstants::s_unicodeStrPROVWinCAPI) &&
((WinCAPICryptoKeyHMAC *) key)->getWinKey() != 0) {
HCRYPTKEY k = ((WinCAPICryptoKeyHMAC *) key)->getWinKey();
fResult = CryptCreateHash(
mp_ownerProvider->getProvider(),
m_algId,
k,
0,
&m_h);
if (fResult == 0 || m_h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::setKey - Error creating
internally keyed hash object");
}
return;
}
// Need to load from raw bit string
safeBuffer keyBuf;
unsigned int keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(keyBuf);
if (keyLen > m_blockSize) {
HCRYPTHASH h;
fResult = CryptCreateHash(
mp_ownerProvider->getProvider(),
m_algId,
0,
0,
&h);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::setKey - Error creating hash
object");
}
fResult = CryptHashData(
h,
keyBuf.rawBuffer(),
keyLen,
0);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::setKey - Error hashing key
data");
}
BYTE outData[XSEC_MAX_HASH_SIZE];
DWORD outDataLen = XSEC_MAX_HASH_SIZE;
CryptGetHashParam(
h,
HP_HASHVAL,
outData,
&outDataLen,
0);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::setKey - Error getting hash
result");
}
keyBuf.sbMemcpyIn(outData, outDataLen);
keyLen = outDataLen;
}
// Now create the ipad and opad keyed values
memcpy(m_ipadKeyed, ipad, m_blockSize);
memcpy(m_opadKeyed, opad, m_blockSize);
// XOR with the key
for (unsigned int i = 0; i < keyLen; ++i) {
m_ipadKeyed[i] = keyBuf[i] ^ m_ipadKeyed[i];
m_opadKeyed[i] = keyBuf[i] ^ m_opadKeyed[i];
}
// Now create the hash object, and start with the ipad operation
fResult = CryptCreateHash(
mp_ownerProvider->getProvider(),
m_algId,
0,
0,
&m_h);
if (fResult == 0 || m_h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:HashHMAC - Error creating hash object");
}
fResult = CryptHashData(
m_h,
m_ipadKeyed,
m_blockSize,
0);
if (fResult == 0 || m_h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:HashHMAC - Error performing initial ipad
digest");
}
}
//
--------------------------------------------------------------------------------
// Hash operations
//
--------------------------------------------------------------------------------
void WinCAPICryptoHashHMAC::hash(unsigned char * data,
unsigned int
length) {
if (m_h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:HashHMAC::hash() - Called prior to setting
key");
}
BOOL fResult = CryptHashData(
m_h,
data,
length,
0);
if (fResult == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Error Hashing Data");
}
}
unsigned int WinCAPICryptoHashHMAC::finish(unsigned char * hash,
unsigned int maxLength) {
DWORD retLen;
BOOL fResult;
retLen = XSEC_MAX_HASH_SIZE;
fResult = CryptGetHashParam(
m_h,
HP_HASHVAL,
m_mdValue,
&retLen,
0);
if (fResult == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash - Error getting hash value");
}
// Perform the opad operation
HCRYPTHASH h;
fResult = CryptCreateHash(
mp_ownerProvider->getProvider(),
m_algId,
0,
0,
&h);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::finish - Error creating hash object for
opad operation");
}
fResult = CryptHashData(
h,
m_opadKeyed,
m_blockSize,
0);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::finish - Error hashing opad data");
}
fResult = CryptHashData(
h,
m_mdValue,
retLen,
0);
if (fResult == 0 || h == 0) {
throw XSECCryptoException(XSECCryptoException::MDError,
"WinCAPI:Hash::finish - Error hashing ipad hash to
opad");
}
// Read out the final hash
retLen = XSEC_MAX_HASH_SIZE;
fResult = CryptGetHashParam(
h,
HP_HASHVAL,
m_mdValue,
&retLen,
0);
CryptDestroyHash(h);
m_mdLen = retLen;
retLen = (maxLength > m_mdLen ? m_mdLen : maxLength);
memcpy(hash, m_mdValue, retLen);
return (unsigned int) retLen;
}
// Get information
XSECCryptoHash::HashType WinCAPICryptoHashHMAC::getHashType(void) {
return m_hashType; // This could be any kind of
hash
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp
Index: WinCAPICryptoHashHMAC.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoHashHMAC := Windows CAPI Implementation of HMAC
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoHashHMAC.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOHASHHMAC_INCLUDE
#define WINCAPICRYPTOHASHHMAC_INCLUDE
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoHash.hpp>
#if !defined(_WIN32_WINNT)
# define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
class WinCAPICryptoProvider;
class DSIG_EXPORT WinCAPICryptoHashHMAC : public XSECCryptoHash {
public :
// Constructors/Destructors
WinCAPICryptoHashHMAC(WinCAPICryptoProvider * owner,
XSECCryptoHash::HashType alg);
virtual ~WinCAPICryptoHashHMAC();
// Key activities
virtual void setKey(XSECCryptoKey * key);
// Hashing Activities
virtual void reset(void);
// Reset the hash
virtual void hash(unsigned char * data,
unsigned int length);
// Hash some data
virtual unsigned int finish(unsigned char * hash,
unsigned int
maxLength);// Finish and get hash
// Get information
virtual HashType getHashType(void);
private:
// Not implemented constructors
WinCAPICryptoHashHMAC();
WinCAPICryptoProvider * mp_ownerProvider;
unsigned char m_mdValue[XSEC_MAX_HASH_SIZE];
// Final output
unsigned int m_mdLen;
ALG_ID m_algId;
XSECCryptoHash::HashType m_hashType;
HCRYPTHASH m_h;
unsigned char m_ipadKeyed[XSEC_MAX_HASH_SIZE];
unsigned char m_opadKeyed[XSEC_MAX_HASH_SIZE];
unsigned int m_blockSize; //
Block size (bytes) for used alg.
// Internal functions
void eraseKeys();
};
#endif /* WINCAPICRYPTOHASHHMAC_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp
Index: WinCAPICryptoKeyDSA.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoKeyDSA := DSA Keys
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoKeyDSA.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/framework/XSECError.hpp>
#include <xercesc/util/Janitor.hpp>
XSEC_USING_XERCES(ArrayJanitor);
#define BLOBHEADERLEN 0x08
#define DSSPUBKEYLEN 0x08
#define DSSSEEDLEN 0x18
WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner) {
// Create a new key to be loaded as we go
m_key = 0;
mp_ownerProvider = owner;
mp_P = NULL;
mp_Q = NULL;
mp_G = NULL;
mp_Y = NULL;
};
// "Hidden" WinCAPI constructor
WinCAPICryptoKeyDSA::WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner,
HCRYPTKEY k,
bool havePrivate) :
mp_ownerProvider(owner),
m_havePrivate(havePrivate) {
mp_ownerProvider = owner;
m_key = k; // NOTE - We OWN this handle
mp_P = mp_Q = mp_G = mp_Y = NULL;
m_PLen = m_QLen = m_GLen = m_YLen = 0;
}
WinCAPICryptoKeyDSA::~WinCAPICryptoKeyDSA() {
// If we have a DSA, delete it
if (m_key != 0)
CryptDestroyKey(m_key);
if (mp_P != NULL)
delete[] mp_P;
if (mp_Q != NULL)
delete[] mp_Q;
if (mp_G != NULL)
delete[] mp_G;
if (mp_Y != NULL)
delete[] mp_Y;
};
// Generic key functions
XSECCryptoKey::KeyType WinCAPICryptoKeyDSA::getKeyType() {
// Find out what we have
if (m_key == NULL) {
// Check if we have parameters loaded
if (mp_P == NULL ||
mp_Q == NULL ||
mp_G == NULL ||
mp_Y == NULL)
return KEY_NONE;
else
return KEY_DSA_PUBLIC;
}
// For now we don't really understand Private Windows keys
return (m_havePrivate ? KEY_DSA_PAIR : KEY_DSA_PUBLIC);
}
void WinCAPICryptoKeyDSA::loadPBase64BigNums(const char * b64, unsigned int
len) {
if (mp_P != NULL) {
delete[] mp_P;
mp_P = NULL; // In case we get an exception
}
mp_P = WinCAPICryptoProvider::b642WinBN(b64, len, m_PLen);
}
void WinCAPICryptoKeyDSA::loadQBase64BigNums(const char * b64, unsigned int
len) {
if (mp_Q != NULL) {
delete[] mp_Q;
mp_Q = NULL; // In case we get an exception
}
mp_Q = WinCAPICryptoProvider::b642WinBN(b64, len, m_QLen);
}
void WinCAPICryptoKeyDSA::loadGBase64BigNums(const char * b64, unsigned int
len) {
if (mp_G != NULL) {
delete[] mp_G;
mp_G = NULL; // In case we get an exception
}
mp_G = WinCAPICryptoProvider::b642WinBN(b64, len, m_GLen);
}
void WinCAPICryptoKeyDSA::loadYBase64BigNums(const char * b64, unsigned int
len) {
if (mp_Y != NULL) {
delete[] mp_Y;
mp_Y = NULL; // In case we get an exception
}
mp_Y = WinCAPICryptoProvider::b642WinBN(b64, len, m_YLen);
}
void WinCAPICryptoKeyDSA::loadJBase64BigNums(const char * b64, unsigned int
len) {
/*
Do nothing
*/
}
//
--------------------------------------------------------------------------------
// Verify a signature encoded as a Base64 string
//
--------------------------------------------------------------------------------
void WinCAPICryptoKeyDSA::importKey(void) {
if (m_key != 0 ||
mp_P == NULL ||
mp_Q == NULL ||
mp_G == NULL ||
mp_Y == NULL)
return;
// Do some basic checks
if ((m_QLen > 20) |
(m_GLen > m_PLen) |
(m_YLen > m_PLen)) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Parameter lengths inconsistent");
}
// Create a DSS Public-Key blob
// First build a buffer to hold everything
BYTE * blobBuffer;
unsigned int blobBufferLen = BLOBHEADERLEN + DSSPUBKEYLEN + (3 *
m_PLen) + 0x14 + DSSSEEDLEN;
XSECnew(blobBuffer, BYTE[blobBufferLen]);
ArrayJanitor<BYTE> j_blobBuffer(blobBuffer);
// Blob header
BLOBHEADER * header = (BLOBHEADER *) blobBuffer;
header->bType = PUBLICKEYBLOB;
header->bVersion = 0x02; // We are using a
version 2 blob
header->reserved = 0;
header->aiKeyAlg = CALG_DSS_SIGN;
// Now the public key header
DSSPUBKEY * pubkey = (DSSPUBKEY *) (blobBuffer + BLOBHEADERLEN);
pubkey->magic = 0x31535344; // ASCII encoding of DSS1
pubkey->bitlen = m_PLen * 8; // Number of bits in prime
modulus
// Now copy in each of the keys
BYTE * i = (BYTE *) (pubkey);
i += DSSPUBKEYLEN;
memcpy(i, mp_P, m_PLen);
i+= m_PLen;
// Q
memcpy(i, mp_Q, m_QLen);
i += m_QLen;
// Pad with 0s
unsigned int j;
for (j = m_QLen; j < 20 ; ++j)
*i++ = 0;
// Generator
memcpy(i, mp_G, m_GLen);
i += m_GLen;
// Pad
for (j = m_GLen; j < m_PLen ; ++j)
*i++ = 0;
// Public key
memcpy(i, mp_Y, m_YLen);
i += m_YLen;
// Pad
for (j = m_YLen; j < m_PLen ; ++j)
*i++ = 0;
// Set seed to 0
for (j = 0; j < DSSSEEDLEN; ++j)
*i++ = 0xFF; // SEED Counter set to 0xFFFFFFFF will cause
seed to be ignored
// Now that we have the blob, import
BOOL fResult = CryptImportKey(
mp_ownerProvider->getProvider(),
blobBuffer,
blobBufferLen,
0, // Not
signed
0, // No
flags
&m_key);
if (fResult == 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA Error attempting to import key
parameters");
}
}
bool WinCAPICryptoKeyDSA::verifyBase64Signature(unsigned char * hashBuf,
unsigned int
hashLen,
char *
base64Signature,
unsigned int
sigLen) {
// Use the currently loaded key to validate the Base64 encoded signature
if (m_key == 0) {
// Try to import from the parameters
importKey();
if (m_key == 0) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Attempt to validate signature
with empty key");
}
}
// Decode the signature
unsigned char * rawSig;
DWORD rawSigLen;
XSECnew(rawSig, BYTE [sigLen]);
ArrayJanitor<BYTE> j_rawSig(rawSig);
// Decode the signature
XSCryptCryptoBase64 b64;
b64.decodeInit();
rawSigLen = b64.decode((unsigned char *) base64Signature, sigLen,
rawSig, sigLen);
rawSigLen += b64.decodeFinish(&rawSig[rawSigLen], sigLen - rawSigLen);
if (rawSigLen != 40) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA::VerifyBase64Signature - Expect 40 bytes
in a DSA signature");
}
// Reverse the sig - Windows stores integers as octet streams in little
endian
// order. The I2OSP algorithm used by XMLDSig to store integers is big
endian
BYTE rawSigFinal[40];
BYTE * j, *k, *l, *m;
j = rawSig;
k = rawSig + 20;
l = rawSigFinal + 19;
m = rawSigFinal + 39;
while (l >= rawSigFinal) {
*l-- = *j++;
*m-- = *k++;
}
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
fResult = CryptCreateHash(mp_ownerProvider->getProvider(),
CALG_SHA1,
0,
0,
&h);
if (!fResult) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error creating Windows Hash Object");
}
// Feed the hash value into the newly created hash object
fResult = CryptSetHashParam(
h,
HP_HASHVAL,
hashBuf,
0);
if (!fResult) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error Setting Hash Value in Windows Hash
object");
}
// Now validate
fResult = CryptVerifySignature(
h,
rawSigFinal,
40,
m_key,
NULL,
0);
if (!fResult) {
DWORD error = GetLastError();
/* For some reason, the default Microsoft DSS provider
generally returns
* NTE_FAIL (which denotes an internal failure in the provider)
for a
* failed signature rather than NTE_BAD_SIGNATURE
*/
if (error != NTE_BAD_SIGNATURE && error != NTE_FAIL) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error occurred in DSA validation");
}
return false;
}
return true;
}
//
--------------------------------------------------------------------------------
// Sign and encode result as a Base64 string
//
--------------------------------------------------------------------------------
unsigned int WinCAPICryptoKeyDSA::signBase64Signature(unsigned char * hashBuf,
unsigned int hashLen,
char * base64SignatureBuf,
unsigned int base64SignatureBufLen) {
// Sign a pre-calculated hash using this key
if (m_key == NULL) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Attempt to sign data with empty key");
}
if (m_havePrivate == false) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Attempt to sign data a public key");
}
// Have to create a Windows hash object and feed in the hash
BOOL fResult;
HCRYPTHASH h;
fResult = CryptCreateHash(mp_ownerProvider->getProvider(),
CALG_SHA1,
0,
0,
&h);
if (!fResult) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error creating Windows Hash Object");
}
// Feed the hash value into the newly created hash object
fResult = CryptSetHashParam(
h,
HP_HASHVAL,
hashBuf,
0);
if (!fResult) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error Setting Hash Value in Windows Hash
object");
}
// Now sign
BYTE rawSig[50];
DWORD rawSigLen = 50;
fResult = CryptSignHash(
h,
AT_SIGNATURE,
NULL,
0,
rawSig,
&rawSigLen);
if (!fResult || rawSigLen != 40) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error occurred in DSA signing");
}
// Now encode into a signature block
BYTE rawSigFinal[40];
BYTE * i, * j, * m, * n;
i = rawSig;
j = rawSig + 20;
m = rawSigFinal + 19;
n = rawSigFinal + 39;
while (m >= rawSigFinal) {
*m-- = *i++;
*n-- = *j++;
}
// Now encode
XSCryptCryptoBase64 b64;
b64.encodeInit();
unsigned int ret = b64.encode(rawSigFinal, 40, (unsigned char *)
base64SignatureBuf, base64SignatureBufLen);
ret += b64.encodeFinish((unsigned char *) &base64SignatureBuf[ret],
base64SignatureBufLen - ret);
return ret;
}
//
--------------------------------------------------------------------------------
// Clone key
//
--------------------------------------------------------------------------------
XSECCryptoKey * WinCAPICryptoKeyDSA::clone() {
WinCAPICryptoKeyDSA * ret;
XSECnew(ret, WinCAPICryptoKeyDSA(mp_ownerProvider));
if (m_key != 0) {
// CryptDuplicateKey is not supported in Windows NT, so we need
to export and then
// reimport the key to get a copy
BYTE keyBuf[2048];
DWORD keyBufLen = 2048;
CryptExportKey(m_key, 0, PUBLICKEYBLOB, 0, keyBuf, &keyBufLen);
// Now re-import
CryptImportKey(mp_ownerProvider->getProvider(), keyBuf,
keyBufLen, NULL, 0, &ret->m_key);
}
ret->m_PLen = m_PLen;
if (mp_P != NULL) {
XSECnew(ret->mp_P, BYTE[m_PLen]);
memcpy(ret->mp_P, mp_P, m_PLen);
}
else
ret->mp_P = NULL;
ret->m_QLen = m_QLen;
if (mp_Q != NULL) {
XSECnew(ret->mp_Q, BYTE[m_QLen]);
memcpy(ret->mp_Q, mp_Q, m_QLen);
}
else
ret->mp_Q = NULL;
ret->m_GLen = m_GLen;
if (mp_G != NULL) {
XSECnew(ret->mp_G, BYTE[m_GLen]);
memcpy(ret->mp_G, mp_G, m_GLen);
}
else
ret->mp_G = NULL;
ret->m_YLen = m_YLen;
if (mp_Y != NULL) {
XSECnew(ret->mp_Y, BYTE[m_YLen]);
memcpy(ret->mp_Y, mp_Y, m_YLen);
}
else
ret->mp_Y = NULL;
return ret;
}
//
--------------------------------------------------------------------------------
// Some utility functions
//
--------------------------------------------------------------------------------
void WinCAPICryptoKeyDSA::loadParamsFromKey(void) {
if (m_key == 0)
return;
// Export key into a keyblob
BOOL fResult;
DWORD blobLen;
fResult = CryptExportKey(
m_key,
0,
PUBLICKEYBLOB,
0,
NULL,
&blobLen);
if (fResult == 0 || blobLen < 1) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error exporting public key");
}
BYTE * blob;
XSECnew(blob, BYTE[blobLen]);
ArrayJanitor<BYTE> j_blob(blob);
fResult = CryptExportKey(
m_key,
0,
PUBLICKEYBLOB,
0,
blob,
&blobLen);
if (fResult == 0 || blobLen < 1) {
throw XSECCryptoException(XSECCryptoException::DSAError,
"WinCAPI:DSA - Error exporting public key");
}
DSSPUBKEY * pk = (DSSPUBKEY *) ( blob + BLOBHEADERLEN );
DWORD keyLen = pk->bitlen / 8;
// Copy the keys
BYTE * i = (BYTE *) ( pk );
i += DSSPUBKEYLEN;
if (mp_P != NULL)
delete[] mp_P;
XSECnew(mp_P, BYTE[keyLen]);
memcpy(mp_P, i, keyLen);
m_PLen = keyLen;
i+=keyLen;
if (mp_Q != NULL)
delete[] mp_Q;
m_QLen = 20;
while (i[m_QLen - 1] == 0 && m_QLen > 0)
m_QLen--;
XSECnew(mp_Q, BYTE[m_QLen]);
memcpy(mp_Q, i, m_QLen);
i+=20;
if (mp_G != NULL)
delete[] mp_G;
m_GLen = keyLen;
while(i[m_GLen - 1] == 0 && m_GLen > 0)
m_GLen--;
XSECnew(mp_G, BYTE[m_GLen]);
memcpy(mp_G, i, m_GLen);
i+=keyLen;
if (mp_Y != NULL)
delete[] mp_Y;
m_YLen = keyLen;
while (i[m_YLen] == 0 && m_YLen > 0)
m_YLen--;
XSECnew(mp_Y, BYTE[m_YLen]);
memcpy(mp_Y, i, m_YLen);
}
unsigned int WinCAPICryptoKeyDSA::getPBase64BigNums(char * b64, unsigned int
len) {
if (m_key == 0 && mp_P == NULL) {
return 0; // Nothing we can do
}
if (mp_P == NULL) {
loadParamsFromKey();
}
unsigned int bLen;
unsigned char * b = WinCAPICryptoProvider::WinBN2b64(mp_P, m_PLen,
bLen);
if (bLen > len)
bLen = len;
memcpy(b64, b, bLen);
delete[] b;
return bLen;
}
unsigned int WinCAPICryptoKeyDSA::getQBase64BigNums(char * b64, unsigned int
len) {
if (m_key == 0 && mp_Q == NULL) {
return 0; // Nothing we can do
}
if (mp_Q == NULL) {
loadParamsFromKey();
}
unsigned int bLen;
unsigned char * b = WinCAPICryptoProvider::WinBN2b64(mp_Q, m_QLen,
bLen);
if (bLen > len)
bLen = len;
memcpy(b64, b, bLen);
delete[] b;
return bLen;
}
unsigned int WinCAPICryptoKeyDSA::getGBase64BigNums(char * b64, unsigned int
len) {
if (m_key == 0 && mp_G == NULL) {
return 0; // Nothing we can do
}
if (mp_G == NULL) {
loadParamsFromKey();
}
unsigned int bLen;
unsigned char * b = WinCAPICryptoProvider::WinBN2b64(mp_G, m_GLen,
bLen);
if (bLen > len)
bLen = len;
memcpy(b64, b, bLen);
delete[] b;
return bLen;
}
unsigned int WinCAPICryptoKeyDSA::getYBase64BigNums(char * b64, unsigned int
len) {
if (m_key == 0 && mp_Y == NULL) {
return 0; // Nothing we can do
}
if (mp_Y == NULL) {
loadParamsFromKey();
}
unsigned int bLen;
unsigned char * b = WinCAPICryptoProvider::WinBN2b64(mp_Y, m_YLen,
bLen);
if (bLen > len)
bLen = len;
memcpy(b64, b, bLen);
delete[] b;
return bLen;
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp
Index: WinCAPICryptoKeyDSA.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoKeyDSA := DSA Keys
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoKeyDSA.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOKEYDSA_INCLUDE
#define WINCAPICRYPTOKEYDSA_INCLUDE
#include <xsec/enc/XSECCryptoKeyDSA.hpp>
#if !defined(_WIN32_WINNT)
# define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
class WinCAPICryptoProvider;
class DSIG_EXPORT WinCAPICryptoKeyDSA : public XSECCryptoKeyDSA {
public :
// Constructors/Destructors
WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner);
virtual ~WinCAPICryptoKeyDSA();
/**
* \brief Dedicated WinCAPI constructor
*
* Create a DSA key for use in XSEC from an existing HCRYPTKEY
*
* @param owner The owner provider object (needed to find CSP)
* @param k The key to use
* @param havePrivate The CSP holds the private key as well as public
* @note k is owned by the library. When the wrapper
* WinCAPICryptoKeyDSA is deleted, k will be destroyed using
* CryptDestroyKey()
*/
WinCAPICryptoKeyDSA(WinCAPICryptoProvider * owner, HCRYPTKEY k, bool
havePrivate = false);
// Generic key functions
virtual XSECCryptoKey::KeyType getKeyType();
virtual const XMLCh * getProviderName() {return
DSIGConstants::s_unicodeStrPROVWinCAPI;}
virtual XSECCryptoKey * clone();
// DSA Specific Functions
virtual void loadPBase64BigNums(const char * b64, unsigned int len);
virtual void loadQBase64BigNums(const char * b64, unsigned int len);
virtual void loadGBase64BigNums(const char * b64, unsigned int len);
virtual void loadYBase64BigNums(const char * b64, unsigned int len);
virtual void loadJBase64BigNums(const char * b64, unsigned int len);
// Signatures
virtual bool verifyBase64Signature(unsigned char * hashBuf,
unsigned int hashLen,
char * base64Signature,
unsigned int sigLen);
virtual unsigned int signBase64Signature(unsigned char * hashBuf,
unsigned int hashLen,
char * base64SignatureBuf,
unsigned int base64SignatureBufLen);
// Some useful functions for extracting parameters from a Windows key
unsigned int getPBase64BigNums(char * b64, unsigned int len);
unsigned int getQBase64BigNums(char * b64, unsigned int len);
unsigned int getGBase64BigNums(char * b64, unsigned int len);
unsigned int getYBase64BigNums(char * b64, unsigned int len);
private:
HCRYPTKEY m_key;
WinCAPICryptoProvider * mp_ownerProvider;
bool m_havePrivate;
// Do we have the private key?
BYTE * mp_P;
BYTE * mp_Q;
BYTE * mp_G;
BYTE * mp_Y;
unsigned int m_PLen;
unsigned int m_QLen;
unsigned int m_GLen;
unsigned int m_YLen;
// Instruct to import from parameters
void importKey(void);
void loadParamsFromKey(void);
// No default constructor
WinCAPICryptoKeyDSA();
};
#endif /* WINCAPICRYPTOKEYDSA_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp
Index: WinCAPICryptoKeyHMAC.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoKeyHMAC := Windows HMAC keys
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoKeyHMAC.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp>
#include <xsec/framework/XSECError.hpp>
WinCAPICryptoKeyHMAC::WinCAPICryptoKeyHMAC() :m_keyBuf("") {
m_keyLen = 0;
m_k = 0;
};
void WinCAPICryptoKeyHMAC::setKey(unsigned char * inBuf, unsigned int
inLength) {
m_keyBuf.sbMemcpyIn(inBuf, inLength);
m_keyLen = inLength;
}
unsigned int WinCAPICryptoKeyHMAC::getKey(safeBuffer &outBuf) {
outBuf = m_keyBuf;
return m_keyLen;
}
XSECCryptoKey * WinCAPICryptoKeyHMAC::clone() {
WinCAPICryptoKeyHMAC * ret;
XSECnew(ret, WinCAPICryptoKeyHMAC());
ret->m_keyBuf = m_keyBuf;
ret->m_keyLen = m_keyLen;
return ret;
}
//
--------------------------------------------------------------------------------
// Windows Specific Keys
//
--------------------------------------------------------------------------------
void WinCAPICryptoKeyHMAC::setWinKey(HCRYPTKEY k) {
if (m_k != 0) {
CryptDestroyKey(m_k);
}
m_k = k;
}
HCRYPTKEY WinCAPICryptoKeyHMAC::getWinKey(void) {
return m_k;
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp
Index: WinCAPICryptoKeyHMAC.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoKeyHMAC := HMAC Keys
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoKeyHMAC.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOKEYHMAC_INCLUDE
#define WINCAPICRYPTOKEYHMAC_INCLUDE
#include <xsec/enc/XSECCryptoKeyHMAC.hpp>
#if !defined(_WIN32_WINNT)
# define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h>
class DSIG_EXPORT WinCAPICryptoKeyHMAC : public XSECCryptoKeyHMAC {
public :
// Constructors/Destructors
WinCAPICryptoKeyHMAC();
virtual ~WinCAPICryptoKeyHMAC() {};
virtual XSECCryptoKey * clone();
// Generic key functions
virtual XSECCryptoKey::KeyType getKeyType() {return KEY_HMAC;}
virtual const XMLCh * getProviderName() {return
DSIGConstants::s_unicodeStrPROVWinCAPI;}
// HMAC Key functions
virtual void setKey(unsigned char * inBuf, unsigned int inLength);
virtual unsigned int getKey(safeBuffer &outBuf);
// Windows specific Key Functions
void setWinKey(HCRYPTKEY k);
HCRYPTKEY getWinKey(void);
private:
safeBuffer m_keyBuf;
unsigned int m_keyLen;
HCRYPTKEY m_k;
};
#endif /* WINCAPICRYPTOKEYHMAC_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHash.hpp
Index: WinCAPICryptoKeyHash.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoHash := Windows CAPI Implementation of Message digests
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoKeyHash.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOHASH_INCLUDE
#define WINCAPICRYPTOHASH_INCLUDE
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoHash.hpp>
#define WINCAPI_MAX_HASH_SIZE 256
class DSIG_EXPORT WinCAPICryptoHash : public XSECCryptoHash {
public :
// Constructors/Destructors
WinCAPICryptoHash(XSECCryptoHash::HashType alg);
virtual ~WinCAPICryptoHash();
// Key activities
virtual void setKey(XSECCryptoKey * key) {}
// Hashing Activities
virtual void reset(void);
// Reset the hash
virtual void hash(unsigned char * data,
unsigned int length);
// Hash some data
virtual unsigned int finish(unsigned char * hash,
unsigned int
maxLength);// Finish and get hash
// Get information
virtual HashType getHashType(void);
private:
// Not implemented constructors
WinCAPICryptoHash();
HCRYPTHASH m_h;
unsigned char m_mdValue[WINCAPI_MAX_HASH_SIZE];
// Final output
};
#endif /* WINCAPICRYPTOHASHSHA1_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp
Index: WinCAPICryptoProvider.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoProvider := Provider to support Windows Crypto API
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoProvider.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoX509.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHash.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
/*
* For now, we rely on OpenSSL for many functions as we
* build the interface
*/
#include <xsec/enc/OpenSSL/OpenSSLCryptoProvider.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xercesc/util/Janitor.hpp>
XSEC_USING_XERCES(ArrayJanitor);
WinCAPICryptoProvider::WinCAPICryptoProvider(
HCRYPTPROV provDSS) {
OpenSSL_add_all_digests(); // Initialise Openssl
SSLeay_add_all_algorithms();
// Copy parameters for later use
m_provDSS = provDSS;
}
WinCAPICryptoProvider::~WinCAPICryptoProvider() {
}
// Hashing classes
XSECCryptoHash * WinCAPICryptoProvider::hashSHA1() {
WinCAPICryptoHash * ret;
XSECnew(ret, WinCAPICryptoHash(this, XSECCryptoHash::HASH_SHA1));
return ret;
}
XSECCryptoHash * WinCAPICryptoProvider::hashHMACSHA1() {
WinCAPICryptoHashHMAC * ret;
XSECnew(ret, WinCAPICryptoHashHMAC(this, XSECCryptoHash::HASH_SHA1));
return ret;
}
XSECCryptoKeyDSA * WinCAPICryptoProvider::keyDSA() {
WinCAPICryptoKeyDSA * ret;
XSECnew(ret, WinCAPICryptoKeyDSA(this));
return ret;
}
XSECCryptoKeyRSA * WinCAPICryptoProvider::keyRSA() {
OpenSSLCryptoKeyRSA * ret;
XSECnew(ret, OpenSSLCryptoKeyRSA());
return ret;
}
XSECCryptoX509 * WinCAPICryptoProvider::X509() {
WinCAPICryptoX509 * ret;
XSECnew(ret, WinCAPICryptoX509(this));
return ret;
}
XSECCryptoBase64 * WinCAPICryptoProvider::base64() {
// The Windows CAPI does not provide a Base64 decoder/encoder.
// Use the internal implementation.
XSCryptCryptoBase64 * ret;
XSECnew(ret, XSCryptCryptoBase64());
return ret;
}
//
--------------------------------------------------------------------------------
// Translate a Base64 number to a Windows (little endian) integer
//
--------------------------------------------------------------------------------
BYTE * WinCAPICryptoProvider::b642WinBN(const char * b64, unsigned int
b64Len, unsigned int &retLen) {
BYTE * os;
XSECnew(os, BYTE[b64Len]);
ArrayJanitor<BYTE> j_os(os);
// Decode
XSCryptCryptoBase64 b;
b.decodeInit();
retLen = b.decode((unsigned char *) b64, b64Len, os, b64Len);
retLen += b.decodeFinish(&os[retLen], b64Len - retLen);
BYTE * ret;
XSECnew(ret, BYTE[retLen]);
BYTE * j = os;
BYTE * k = ret + retLen - 1;
for (unsigned int i = 0; i < retLen ; ++i)
*k-- = *j++;
return ret;
}
//
--------------------------------------------------------------------------------
// Translate a Windows integer to a Base64 I2OSP number
//
--------------------------------------------------------------------------------
unsigned char * WinCAPICryptoProvider::WinBN2b64(BYTE * n, DWORD nLen,
unsigned int &retLen) {
// First reverse
BYTE * rev;;
XSECnew(rev, BYTE[nLen]);
ArrayJanitor<BYTE> j_rev(rev);
BYTE * j = n;
BYTE * k = rev + nLen - 1;
for (unsigned int i = 0; i < nLen ; ++i)
*k-- = *j++;
unsigned char * b64;
// Naieve length calculation
unsigned int bufLen = nLen * 2;
XSECnew(b64, unsigned char[bufLen]);
ArrayJanitor<unsigned char> j_b64(b64);
XSCryptCryptoBase64 b;
b.encodeInit();
retLen = b.encode(rev, (unsigned int) nLen, b64, bufLen);
retLen += b.encodeFinish(&b64[retLen], bufLen - retLen);
j_b64.release();
return b64;
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp
Index: WinCAPICryptoProvider.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoProvider := Base class to handle Windows Crypto API
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoProvider.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOPROVIDER_INCLUDE
#define WINCAPICRYPTOPROVIDER_INCLUDE
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoProvider.hpp>
#define _WIN32_WINNT 0x0400
#include <wincrypt.h>
// Required for windows functions
/**
* @defgroup wincapicrypto Windows Crypto API Interface
* @ingroup crypto
* The WinCAPI crypto provides an experimental inerface to
* the Windows Cryptographic API
*/
/[EMAIL PROTECTED]/
class DSIG_EXPORT WinCAPICryptoProvider : public XSECCryptoProvider {
public :
// Constructors/Destructors
/**
* \brief Create a Windows CAPI interface layer
*
* Windows CSPs work under a provider model. The user should specify
* which CSP to use and which key container to use.
*
* @param pszContainer Key container (NULL for default)
* @param pszProvider Cryptographic provider (NULL for default)
*/
WinCAPICryptoProvider(HCRYPTPROV provDSS);
virtual ~WinCAPICryptoProvider();
// Hashing classes
virtual XSECCryptoHash * hashSHA1();
virtual XSECCryptoHash * hashHMACSHA1();
// Encode/Decode
virtual XSECCryptoBase64 * base64();
// Keys
virtual XSECCryptoKeyDSA * keyDSA();
virtual XSECCryptoKeyRSA * keyRSA();
// X509
virtual XSECCryptoX509 * X509();
// WinCAPI Unique
HCRYPTPROV getProvider(void) {return m_provDSS;}
/**
* \brief Translate B64 I2OS integer to a WinCAPI int.
*
* Decodes a Base64 integer and reverses the order to allow loading into
* a Windows CAPI function. (CAPI uses Little Endian storage of
integers).
*
* @param b64 Base 64 string
* @param b64Len Length of base64 string
* @param retLen Parameter to hold length of return integer
*/
static BYTE * b642WinBN(const char * b64, unsigned int b64Len, unsigned
int &retLen);
/**
* \brief Translate a WinCAPI int to a B64 I2OS integer .
*
* Encodes a Windows integer in I2OSP base64 encoded format.
*
* @param b64 Base 64 buffer
* @param b64Len Length of base64 buffer
* @param retLen Parameter to hold length of return integer
*/
static unsigned char * WinBN2b64(BYTE * n, DWORD nLen, unsigned int
&retLen);
/[EMAIL PROTECTED]/
private:
// Default constructor not used
WinCAPICryptoProvider();
HCRYPTPROV m_provDSS;
};
#endif /* WINCAPICRYPTOPROVIDER_INCLUDE */
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.cpp
Index: WinCAPICryptoX509.cpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoX509:= Windows CAPI based class for handling X509 (V3)
certificates
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoX509.cpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoX509.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
//#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xercesc/util/Janitor.hpp>
XSEC_USING_XERCES(ArrayJanitor);
WinCAPICryptoX509::WinCAPICryptoX509(WinCAPICryptoProvider * owner) :
m_DERX509(""), mp_certContext(NULL), mp_ownerProvider(owner) {
}
WinCAPICryptoX509::~WinCAPICryptoX509() {
if (mp_certContext != NULL)
CertFreeCertificateContext(mp_certContext);
}
// load functions
void WinCAPICryptoX509::loadX509Base64Bin(const char * buf, unsigned int len)
{
unsigned char * rawCert;
XSECnew(rawCert, unsigned char [len]);
ArrayJanitor<unsigned char> j_rawCert(rawCert);
// Base64 Decode
XSCryptCryptoBase64 b64;
b64.decodeInit();
unsigned int rawCertLen = b64.decode((unsigned char *) buf, len,
rawCert, len);
rawCertLen += b64.decodeFinish(&rawCert[rawCertLen], len - rawCertLen);
// Now load certificate into Win32 CSP
mp_certContext = CertCreateCertificateContext(
X509_ASN_ENCODING,
rawCert,
rawCertLen);
if (mp_certContext == 0) {
throw XSECCryptoException(XSECCryptoException::X509Error,
"WinCAPIX509:loadX509Base64Bin - Error decoding
certificate");
}
m_DERX509.sbMemcpyIn(buf, len);
m_DERX509[len] = '\0';
}
// Info functions
XSECCryptoKey::KeyType WinCAPICryptoX509::getPublicKeyType() {
if (mp_certContext == NULL) {
throw XSECCryptoException(XSECCryptoException::X509Error,
"WinCAPI:X509 - getSigningKeyType called before X509
loaded");
}
if
(lstrcmp(mp_certContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,
CRYPTO_OID_DSA) == 0)
return XSECCryptoKey::KEY_DSA_PUBLIC;
if
(lstrcmp(mp_certContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,
"RSA") == 0)
return XSECCryptoKey::KEY_RSA_PUBLIC;
return XSECCryptoKey::KEY_NONE;
}
// Get functions
XSECCryptoKey * WinCAPICryptoX509::clonePublicKey() {
if (mp_certContext == NULL) {
throw XSECCryptoException(XSECCryptoException::X509Error,
"WinCAPI:X509 - getSigningKeyType called before X509
loaded");
}
// Import the key into the provider to get a pointer to the key
HCRYPTKEY key;
BOOL fResult;
if (getPublicKeyType() == XSECCryptoKey::KEY_DSA_PUBLIC) {
fResult= CryptImportPublicKeyInfo(
mp_ownerProvider->getProvider(),
X509_ASN_ENCODING,
&(mp_certContext->pCertInfo->SubjectPublicKeyInfo),
&key);
if (fResult == FALSE) {
throw
XSECCryptoException(XSECCryptoException::X509Error,
"WinCAPI:X509 - Error loading public key info
from certificate");
}
// Now that we have a handle for the DSA key, create a DSA Key
object to
// wrap it in
WinCAPICryptoKeyDSA * ret;
XSECnew(ret, WinCAPICryptoKeyDSA(mp_ownerProvider, key));
return ret;
}
return NULL; // Unknown key type, but not necessarily an
error
}
1.1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoX509.hpp
Index: WinCAPICryptoX509.hpp
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "<WebSig>" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 2001, Institute for
* Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>.
* The development of this software was partly funded by the European
* Commission in the <WebSig> project in the ISIS Programme.
* For more information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* XSEC
*
* WinCAPICryptoX509:= Windows CAPI based class for handling X509 (V3)
certificates
*
* Author(s): Berin Lautenbach
*
* $Id: WinCAPICryptoX509.hpp,v 1.1 2003/04/07 12:13:35 blautenb Exp $
*
*/
#ifndef WINCAPICRYPTOX509_INCLUDE
#define WINCAPICRYPTOX509_INCLUDE
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoX509.hpp>
#define _WIN32_WINNT 0x0400
#include <wincrypt.h>
class WinCAPICryptoProvider;
class DSIG_EXPORT WinCAPICryptoX509 : public XSECCryptoX509 {
public :
WinCAPICryptoX509(WinCAPICryptoProvider * owner);
virtual ~WinCAPICryptoX509();
// load functions
virtual void loadX509Base64Bin(const char * buf, unsigned int len);
// Info functions
virtual XSECCryptoKey::KeyType getPublicKeyType();
// Get functions
virtual XSECCryptoKey * clonePublicKey();
virtual safeBuffer &getDEREncodingSB(void) {return m_DERX509;}
private:
safeBuffer m_DERX509;
PCCERT_CONTEXT mp_certContext;
WinCAPICryptoProvider * mp_ownerProvider;
};
#endif /* WINCAPICRYPTOX509_INCLUDE */
