Google Git
Sign in
apache / santuario-cpp / 3d9538ff2ef1a2cb56cce0bc0f16faa7cbcbedfd / . / xsec / enc / NSS / NSSCryptoKeyRSA.hpp
blob: 231a1659a7538451f89846036cfdde546acfabe2 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/*
* XSEC
*
* NSSCryptoKeyRSA := NSS implementation of RSA Keys
*
* Author(s): Milan Tomic
*
*/
#ifndef NSSCRYPTOKEYRSA_INCLUDE
#define NSSCRYPTOKEYRSA_INCLUDE
#include <xsec/enc/XSECCryptoKeyRSA.hpp>
#if defined (XSEC_HAVE_NSS)
#include <pk11func.h>
#include <keyhi.h>
#include <nss.h>
class NSSCryptoProvider;
/**
* \ingroup nsscrypto
* @{
*/
/**
* \brief NSS implementation of the interface class for RSA keys.
*
* The library uses classes derived from this to process RSA keys.
*/
class XSEC_EXPORT NSSCryptoKeyRSA : public XSECCryptoKeyRSA {
public :
/** @name Constructors and Destructors */
//@{
/**
* \brief Create an RSA key
*
* @param pubkey A handle to the public key (optional)
* @param privkey A handle to the private key (optional)
*/
NSSCryptoKeyRSA(SECKEYPublicKey* pubkey = NULL, SECKEYPrivateKey* privkey = NULL);
virtual ~NSSCryptoKeyRSA();
//@}
/** @name Key Interface methods */
//@{
/**
* \brief Return the type of this key.
*
* For RSA keys, this allows people to determine whether this is a
* public key, private key or a key pair
*/
virtual XSECCryptoKey::KeyType getKeyType() const;
/**
* \brief Return the NSS identifier string
*/
virtual const XMLCh* getProviderName() const;
/**
* \brief Replicate key
*/
virtual XSECCryptoKey* clone() const;
//@}
/** @name Mandatory RSA interface methods
*
* These classes are required by the library.
*/
//@{
/**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
* The standard by default uses SHA1 in a PKCS1 encoding.
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Length of the data in the digest buffer
* @param base64Signature Buffer containing the Base64 encoded signature
* @param sigLen Length of the data in the signature buffer
* @param type The hash method that was used to create the hash that is being
* passed in
* @returns true if the signature was valid, false otherwise
*/
virtual bool verifySHA1PKCS1Base64Signature(const unsigned char* hashBuf,
unsigned int hashLen,
const char* base64Signature,
unsigned int sigLen,
XSECCryptoHash::HashType type) const;
/**
* \brief Create a signature
*
* The library will call this function to create a signature from
* a pre-calculated digest. The output signature will
* be Base64 encoded such that it can be placed directly into the
* XML document
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Number of bytes of hash in the hashBuf
* @param base64SignatureBuf Buffer to place the base64 encoded result
* in.
* @param base64SignatureBufLen Implementations need to ensure they do
* not write more bytes than this into the buffer
* @param type Hash Method used in order to embed correct OID for sig
*/
virtual unsigned int signSHA1PKCS1Base64Signature(unsigned char* hashBuf,
unsigned int hashLen,
char* base64SignatureBuf,
unsigned int base64SignatureBufLen,
XSECCryptoHash::HashType type) const;
/**
* \brief Decrypt using private key
*
* The library will call this function to decrypt a piece of cipher
* text using the private component of this key.
*
* @param inBuf cipher text to decrypt
* @param plainBuf output buffer for decrypted bytes
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
* @param params raw OAEP parameter data, if any
* @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
unsigned char* plainBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
const XMLCh* mgfURI=NULL,
unsigned char* params=NULL,
unsigned int paramsLen=0) const;
/**
* \brief Encrypt using a public key
*
* The library will call this function to encrypt a plain text buffer
* using the public component of this key.
*
* @param inBuf plain text to decrypt
* @param cipherBuf output buffer for decrypted bytes
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
* @param params raw OAEP parameter data, if any
* @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
unsigned char* cipherBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
const XMLCh* mgfURI=NULL,
unsigned char* params=NULL,
unsigned int paramsLen=0) const;
/**
* \brief Obtain the length of an RSA key
*
* @returns The length of the rsa key (in bytes)
*/
virtual unsigned int getLength() const;
//@}
/** @name Optional Interface methods
*
* Have been implemented to allow interoperability testing
*/
//@{
/**
* \brief Load the modulus
*
* Load the modulus from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicModulusBase64BigNums(const char* b64, unsigned int len);
/**
* \brief Load the exponent
*
* Load the exponent from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicExponentBase64BigNums(const char* b64, unsigned int len);
//@}
/** @name NSS Specific Functions */
//@{
/**
* \brief Retrieve the exponent
*
* Retrieves the exponent in ds:CryptoBinary encoded format
*
* @param b64 Buffer to place encoded exponent into
* @param len Maximum number of bytes to place in buffer
* @returns The number of bytes placed in the buffer
*/
unsigned int getExponentBase64BigNums(char* b64, unsigned int len);
/**
* \brief Retrieve the modulus
*
* Retrieves the modulus in ds:CryptoBinary encoded format
*
* @param b64 Buffer to place the encoded modulus into
* @param len Maximum number of bytes to place in buffer
* @returns The number of bytes placed in the buffer
*/
unsigned int getModulusBase64BigNums(char* b64, unsigned int len);
//@}
private:
mutable SECKEYPublicKey* mp_pubkey;
SECKEYPrivateKey* mp_privkey;
SECItem* mp_modulus;
SECItem* mp_exponent;
// Instruct to import from parameters
void importKey(void) const;
void loadParamsFromKey(void);
};
#endif /* XSEC_HAVE_NSS */
#endif /* NSSCRYPTOKEYRSA_INCLUDE */