Google Git
Sign in
apache / santuario-cpp / 81e253ca00b900e7f84f8bf4e8e2f0309a94ae30 / . / xsec / enc / WinCAPI / WinCAPICryptoProvider.cpp
blob: 3daf6bfd4bac3f79fb3db0b7a5e4119b2cb0edaa [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/*
* XSEC
*
* WinCAPICryptoProvider := Provider to support Windows Crypto API
*
* Author(s): Berin Lautenbach
*
* $Id$
*
*/
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoX509.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHash.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#if defined (XSEC_HAVE_WINCAPI)
#include <xercesc/util/Janitor.hpp>
XSEC_USING_XERCES(ArrayJanitor);
static char s_xsecKeyStoreName[] = "ApacheXML-SecurityKeyStore";
WinCAPICryptoProvider::WinCAPICryptoProvider(
LPCSTR provDSSName,
LPCSTR provRSAName,
DWORD dwFlags) {
if (!CryptAcquireContext(&m_provDSS,
NULL,
provDSSName,
PROV_DSS,
CRYPT_VERIFYCONTEXT))
{
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error obtaining default PROV_DSS");
}
if (!CryptAcquireContext(&m_provRSA,
NULL,
provRSAName,
PROV_RSA_AES,
CRYPT_VERIFYCONTEXT))
{
// Check of we maybe don't understand AES
DWORD error = GetLastError();
if (error == NTE_PROV_TYPE_NOT_DEF || error == 0) {
// This system does not have AES!
m_haveAES = false;
m_provRSAType = PROV_RSA_FULL;
if (!CryptAcquireContext(&m_provRSA,
NULL,
provRSAName,
PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error obtaining default PROV_RSA_FULL");
}
}
else {
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error obtaining default PROV_RSA_AES");
}
}
else {
m_haveAES = true;
m_provRSAType = PROV_RSA_AES;
}
// Now obtain our internal (library) key store
if (!CryptAcquireContext(&m_provApacheKeyStore,
s_xsecKeyStoreName,
provRSAName,
m_provRSAType,
dwFlags))
{
if (GetLastError() == NTE_BAD_KEYSET) {
CryptAcquireContext(&m_provApacheKeyStore,
s_xsecKeyStoreName,
provRSAName,
m_provRSAType,
CRYPT_DELETEKEYSET);
}
// Try to create
if (!CryptAcquireContext(&m_provApacheKeyStore,
s_xsecKeyStoreName,
provRSAName,
m_provRSAType,
dwFlags | CRYPT_NEWKEYSET)) {
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error obtaining generating internal key store for PROV_RSA_FULL");
}
else {
HCRYPTKEY k;
if (!CryptGenKey(m_provApacheKeyStore, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &k)) {
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error generating internal key set for PROV_RSA_FULL");
}
CryptDestroyKey(k);
}
}
// Copy parameters for later use
if (provDSSName != NULL)
m_provDSSName = strdup(provDSSName);
else
m_provDSSName = NULL;
if (provRSAName != NULL)
m_provRSAName = strdup(provRSAName);
else
m_provRSAName = NULL;
}
WinCAPICryptoProvider::~WinCAPICryptoProvider() {
CryptReleaseContext(m_provRSA, 0);
CryptReleaseContext(m_provDSS, 0);
CryptReleaseContext(m_provApacheKeyStore, 0);
}
const XMLCh * WinCAPICryptoProvider::getProviderName() const {
return DSIGConstants::s_unicodeStrPROVWinCAPI;
}
// Hashing classes
XSECCryptoHash * WinCAPICryptoProvider::hashSHA1() const {
WinCAPICryptoHash * ret;
XSECnew(ret, WinCAPICryptoHash(m_provDSS, XSECCryptoHash::HASH_SHA1));
return ret;
}
XSECCryptoHash * WinCAPICryptoProvider::hashHMACSHA1() const {
WinCAPICryptoHashHMAC * ret;
XSECnew(ret, WinCAPICryptoHashHMAC(m_provDSS, XSECCryptoHash::HASH_SHA1));
return ret;
}
XSECCryptoHash * WinCAPICryptoProvider::hashSHA(int length) const {
if (length == 160)
return hashSHA1();
else return NULL;
}
XSECCryptoHash * WinCAPICryptoProvider::hashHMACSHA(int length) const {
if (length == 160)
return hashHMACSHA1();
else return NULL;
}
XSECCryptoHash * WinCAPICryptoProvider::hashMD5() const {
WinCAPICryptoHash * ret;
XSECnew(ret, WinCAPICryptoHash(m_provDSS, XSECCryptoHash::HASH_MD5));
return ret;
}
XSECCryptoHash * WinCAPICryptoProvider::hashHMACMD5() const {
WinCAPICryptoHashHMAC * ret;
XSECnew(ret, WinCAPICryptoHashHMAC(m_provDSS, XSECCryptoHash::HASH_MD5));
return ret;
}
XSECCryptoKeyHMAC * WinCAPICryptoProvider::keyHMAC(void) const {
WinCAPICryptoKeyHMAC * ret;
XSECnew(ret, WinCAPICryptoKeyHMAC(m_provDSS));
return ret;
}
XSECCryptoKeyDSA * WinCAPICryptoProvider::keyDSA() const {
WinCAPICryptoKeyDSA * ret;
XSECnew(ret, WinCAPICryptoKeyDSA(m_provDSS));
return ret;
}
XSECCryptoKeyRSA * WinCAPICryptoProvider::keyRSA() const {
WinCAPICryptoKeyRSA * ret;
XSECnew(ret, WinCAPICryptoKeyRSA(m_provRSA));
return ret;
}
XSECCryptoX509 * WinCAPICryptoProvider::X509() const {
WinCAPICryptoX509 * ret;
XSECnew(ret, WinCAPICryptoX509(m_provRSA, m_provDSS));
return ret;
}
XSECCryptoBase64 * WinCAPICryptoProvider::base64() const {
// The Windows CAPI does not provide a Base64 decoder/encoder.
// Use the internal implementation.
XSCryptCryptoBase64 * ret;
XSECnew(ret, XSCryptCryptoBase64());
return ret;
}
bool WinCAPICryptoProvider::algorithmSupported(XSECCryptoSymmetricKey::SymmetricKeyType alg) const {
switch (alg) {
case (XSECCryptoSymmetricKey::KEY_AES_128) :
case (XSECCryptoSymmetricKey::KEY_AES_192) :
case (XSECCryptoSymmetricKey::KEY_AES_256) :
return m_haveAES;
case (XSECCryptoSymmetricKey::KEY_3DES_192) :
return true;
default:
return false;
}
return false;
}
bool WinCAPICryptoProvider::algorithmSupported(XSECCryptoHash::HashType alg) const {
switch (alg) {
case (XSECCryptoHash::HASH_SHA1) :
case (XSECCryptoHash::HASH_MD5) :
return true;
case (XSECCryptoHash::HASH_SHA224) :
case (XSECCryptoHash::HASH_SHA256) :
case (XSECCryptoHash::HASH_SHA384) :
case (XSECCryptoHash::HASH_SHA512) :
return false;
default:
return false;
}
return false;
}
XSECCryptoSymmetricKey * WinCAPICryptoProvider::keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType alg) const {
// Only temporary
WinCAPICryptoSymmetricKey * ret;
XSECnew(ret, WinCAPICryptoSymmetricKey(m_provApacheKeyStore, alg));
return ret;
}
unsigned int WinCAPICryptoProvider::getRandom(unsigned char * buffer, unsigned int numOctets) const {
if (!CryptGenRandom(m_provApacheKeyStore, numOctets, buffer)) {
throw XSECException(XSECException::InternalError,
"WinCAPICryptoProvider() - Error generating Random data");
}
return numOctets;
}
// --------------------------------------------------------------------------------
// Translate a Base64 number to a Windows (little endian) integer
// --------------------------------------------------------------------------------
BYTE * WinCAPICryptoProvider::b642WinBN(const char * b64, unsigned int b64Len, unsigned int &retLen) {
BYTE * os;
XSECnew(os, BYTE[b64Len]);
ArrayJanitor<BYTE> j_os(os);
// Decode
XSCryptCryptoBase64 b;
b.decodeInit();
retLen = b.decode((unsigned char *) b64, b64Len, os, b64Len);
retLen += b.decodeFinish(&os[retLen], b64Len - retLen);
BYTE * ret;
XSECnew(ret, BYTE[retLen]);
BYTE * j = os;
BYTE * k = ret + retLen - 1;
for (unsigned int i = 0; i < retLen ; ++i)
*k-- = *j++;
return ret;
}
// --------------------------------------------------------------------------------
// Translate a Windows integer to a Base64 I2OSP number
// --------------------------------------------------------------------------------
unsigned char * WinCAPICryptoProvider::WinBN2b64(BYTE * n, DWORD nLen, unsigned int &retLen) {
// First reverse
BYTE * rev;;
XSECnew(rev, BYTE[nLen]);
ArrayJanitor<BYTE> j_rev(rev);
BYTE * j = n;
BYTE * k = rev + nLen - 1;
for (unsigned int i = 0; i < nLen ; ++i)
*k-- = *j++;
unsigned char * b64;
// Naieve length calculation
unsigned int bufLen = nLen * 2 + 4;
XSECnew(b64, unsigned char[bufLen]);
ArrayJanitor<unsigned char> j_b64(b64);
XSCryptCryptoBase64 b;
b.encodeInit();
retLen = b.encode(rev, (unsigned int) nLen, b64, bufLen);
retLen += b.encodeFinish(&b64[retLen], bufLen - retLen);
j_b64.release();
return b64;
}
#endif /* XSEC_HAVE_WINCAPI */