blob: 03024d56fdde455f40f2074a7c509226359f510b [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/*
* XSEC
*
* XSECCryptoKeyRSA := RSA Keys
*
* Author(s): Berin Lautenbach
*
* $Id$
*
*/
#ifndef XSECCRYPTOKEYRSA_INCLUDE
#define XSECCRYPTOKEYRSA_INCLUDE
#include <xsec/enc/XSECCryptoHash.hpp>
#include <xsec/enc/XSECCryptoKey.hpp>
/**
* \ingroup crypto
*/
/**
* \brief Interface class for RSA keys.
*
* The library uses classes derived from this to process RSA keys.
*/
class XSEC_EXPORT XSECCryptoKeyRSA : public XSECCryptoKey {
public :
/**
* \brief Padding type
*
* Type of padding to be used for RSA encrypt/decrypt operations
*/
enum PaddingType {
PAD_NONE = 0, /** No padding (Illegal for all enc ops) */
PAD_PKCS_1_5 = 1, /** PKCS 1.5 padding */
PAD_OAEP = 2 /** OAEP */
};
/** @name Constructors and Destructors */
//@{
XSECCryptoKeyRSA() {};
virtual ~XSECCryptoKeyRSA() {};
//@}
/** @name Key Interface methods */
//@{
/**
* \brief Return the type of this key.
*
* For RSA keys, this allows people to determine whether this is a
* public key, private key or a key pair
*/
virtual XSECCryptoKey::KeyType getKeyType() const {return KEY_NONE;}
/**
* \brief Replicate key
*/
virtual XSECCryptoKey* clone() const = 0;
//@}
/** @name Mandatory RSA interface methods
*
* These methods are required by the library.
*/
//@{
/**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
* The standard by default uses SHA1 in a PKCS1 encoding.
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Length of the data in the digest buffer
* @param base64Signature Buffer containing the Base64 encoded signature
* @param sigLen Length of the data in the signature buffer
* @param type The type of hash that the signature is accross - must be a SHA variant
* @returns true if the signature was valid, false otherwise
*/
virtual bool verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf,
unsigned int hashLen,
const char* base64Signature,
unsigned int sigLen,
XSECCryptoHash::HashType type) const = 0;
/**
* \brief Create a signature
*
* The library will call this function to create a signature from
* a pre-calculated digest. The output signature is required to
* be Base64 encoded such that it can be placed directly into the
* XML document
*
* This call needs to do a PKCS1 encode for a SHA-1 signature.
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Number of bytes of hash in the hashBuf
* @param base64SignatureBuf Buffer to place the base64 encoded result
* in.
* @param base64SignatureBufLen Implementations need to ensure they do
* not write more bytes than this into the buffer
* @param type Hash method used to calculate the Hash - needs to be passed
* in order to calculate correct OID to be embedded in signature
*/
virtual unsigned int signSHA1PKCS1Base64Signature(unsigned char* hashBuf,
unsigned int hashLen,
char* base64SignatureBuf,
unsigned int base64SignatureBufLen,
XSECCryptoHash::HashType type) const = 0;
/**
* \brief Decrypt using private key
*
* The library will call this function to decrypt a piece of cipher
* text using the private component of this key.
*
* @param inBuf cipher text to decrypt
* @param plainBuf output buffer for decrypted bytes
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
* @param params raw OAEP parameter data, if any
* @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
unsigned char* plainBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
const XMLCh* mgfURI=NULL,
unsigned char* params=NULL,
unsigned int paramsLen=0) const = 0;
/**
* \brief Encrypt using a public key
*
* The library will call this function to encrypt a plain text buffer
* using the public component of this key.
*
* @param inBuf plain text to decrypt
* @param cipherBuf output buffer for decrypted bytes
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
* @param params raw OAEP parameter data, if any
* @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
unsigned char* cipherBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
const XMLCh* mgfURI=NULL,
unsigned char* params=NULL,
unsigned int paramsLen=0) const = 0;
/**
* \brief Obtain the length of an RSA key
*
* @returns The length of the rsa key (in bytes)
*/
virtual unsigned int getLength() const = 0;
//@}
/** @name Optional Interface methods
*
* These functions do not necessarily have to be implmented. They
* are used by XSECKeyInfoResolverDefault to try to create a key from
* KeyInfo elements without knowing anything else.
*
* If an interface class does not implement these functions, a simple
* stub that does nothing should be used.
*/
//@{
/**
* \brief Load the modulus
*
* Load the modulus from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicModulusBase64BigNums(const char* b64, unsigned int len) = 0;
/**
* \brief Load the exponent
*
* Load the exponent from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicExponentBase64BigNums(const char* b64, unsigned int len) = 0;
//@}
};
#endif /* XSECCRYPTOKEYRSA_INCLUDE */