blautenb 2003/10/13 04:07:17
Modified: c/src/enc XSECCryptoSymmetricKey.hpp
c/src/enc/OpenSSL OpenSSLCryptoSymmetricKey.hpp
c/src/enc/WinCAPI WinCAPICryptoProvider.cpp
WinCAPICryptoProvider.hpp
Log:
Implementation of Symmetric Encryption in WinCAPI
Revision Changes Path
1.4 +3 -2 xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp
Index: XSECCryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XSECCryptoSymmetricKey.hpp 3 Oct 2003 09:54:46 -0000 1.3
+++ XSECCryptoSymmetricKey.hpp 13 Oct 2003 11:07:17 -0000 1.4
@@ -254,12 +254,13 @@
* but the algorithm requires one (e.g. 3DES_CBC), then
* implementations are required to generate one.
*
+ * @param doPad By default, we perform padding for last block
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV is to be generated
* @returns true if the initialisation succeeded.
*/
- virtual bool encryptInit(const unsigned char * iv = NULL) = 0;
+ virtual bool encryptInit(bool doPad = true, const unsigned char * iv =
NULL) = 0;
/**
* \brief Continue an encryption operation using this key.
1.4 +4 -2
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
Index: OpenSSLCryptoSymmetricKey.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- OpenSSLCryptoSymmetricKey.hpp 3 Oct 2003 09:54:46 -0000 1.3
+++ OpenSSLCryptoSymmetricKey.hpp 13 Oct 2003 11:07:17 -0000 1.4
@@ -77,6 +77,8 @@
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoSymmetricKey.hpp>
+#if defined (HAVE_OPENSSL)
+
// OpenSSL Includes
#include <openssl/evp.h>
@@ -325,5 +327,5 @@
bool m_doPad;
// Do we pad last block?
};
-
+#endif /* HAVE_OPENSSL */
#endif /* OPENSSLCRYPTOSYMMETRICKEY_INCLUDE */
1.9 +77 -8 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp
Index: WinCAPICryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- WinCAPICryptoProvider.cpp 12 Oct 2003 06:23:17 -0000 1.8
+++ WinCAPICryptoProvider.cpp 13 Oct 2003 11:07:17 -0000 1.9
@@ -77,6 +77,7 @@
#include <xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHash.hpp>
#include <xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp>
+#include <xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
@@ -84,6 +85,8 @@
XSEC_USING_XERCES(ArrayJanitor);
+static char s_xsecKeyStoreName[] = "ApacheXML-SecurityKeyStore";
+
WinCAPICryptoProvider::WinCAPICryptoProvider(
LPCSTR provDSSName,
LPCSTR provRSAName) {
@@ -101,11 +104,70 @@
if (!CryptAcquireContext(&m_provRSA,
NULL,
provRSAName,
- PROV_RSA_FULL,
+ PROV_RSA_AES,
CRYPT_VERIFYCONTEXT))
{
- throw XSECException(XSECException::InternalError,
- "WinCAPICryptoProvider() - Error obtaining default
PROV_RSA_FULL");
+ // Check of we maybe don't understand AES
+
+ DWORD error = GetLastError();
+ if (error == NTE_PROV_TYPE_NOT_DEF) {
+
+ // This system does not have AES!
+ m_haveAES = false;
+ m_provRSAType = PROV_RSA_FULL;
+
+ if (!CryptAcquireContext(&m_provRSA,
+ NULL,
+ provRSAName,
+ PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT))
+ {
+
+ throw
XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error
obtaining default PROV_RSA_FULL");
+ }
+
+ }
+
+ else {
+
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error obtaining
default PROV_RSA_AES");
+ }
+ }
+
+ else {
+ m_haveAES = true;
+ m_provRSAType = PROV_RSA_AES;
+ }
+
+ // Now obtain our internal (library) key store
+
+ if (!CryptAcquireContext(&m_provApacheKeyStore,
+ s_xsecKeyStoreName,
+ provRSAName,
+ m_provRSAType,
+ CRYPT_MACHINE_KEYSET))
+ {
+
+ // Try to create
+ if (!CryptAcquireContext(&m_provApacheKeyStore,
+ s_xsecKeyStoreName,
+ provRSAName,
+ PROV_RSA_FULL,
+ CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET)) {
+
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error obtaining
generating internal key store for PROV_RSA_FULL");
+ }
+ else {
+ HCRYPTKEY k;
+ if (!CryptGenKey(m_provApacheKeyStore, AT_KEYEXCHANGE,
CRYPT_EXPORTABLE, &k)) {
+ throw
XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error
generating internal key set for PROV_RSA_FULL");
+ }
+ CryptDestroyKey(k);
+ }
}
// Copy parameters for later use
@@ -127,6 +189,7 @@
CryptReleaseContext(m_provRSA, 0);
CryptReleaseContext(m_provDSS, 0);
+ CryptReleaseContext(m_provApacheKeyStore, 0);
}
@@ -220,16 +283,22 @@
// Only temporary
- throw XSECException(XSECException::InternalError,
- "WinCAPICryptoProvider() - SymmetricKeys not yet supported");
+ WinCAPICryptoSymmetricKey * ret;
+
+ XSECnew(ret, WinCAPICryptoSymmetricKey(m_provApacheKeyStore, alg));
+
+ return ret;
}
unsigned int WinCAPICryptoProvider::getRandom(unsigned char * buffer,
unsigned int numOctets) {
- throw XSECException(XSECException::InternalError,
- "WinCAPICryptoProvider() - Random generation not yet
supported");
+ if (!CryptGenRandom(m_provApacheKeyStore, numOctets, buffer)) {
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Error generating Random
data");
+ }
+ return numOctets;
}
1.9 +22 -1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp
Index: WinCAPICryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- WinCAPICryptoProvider.hpp 12 Oct 2003 01:29:46 -0000 1.8
+++ WinCAPICryptoProvider.hpp 13 Oct 2003 11:07:17 -0000 1.9
@@ -77,6 +77,18 @@
#define _WIN32_WINNT 0x0400
#include <wincrypt.h>
+// For older versions of wincrypt.h
+
+#if !defined (PROV_RSA_AES)
+# define PROV_RSA_AES 24
+# define ALG_SID_AES_128 14
+# define ALG_SID_AES_192 15
+# define ALG_SID_AES_256 16
+# define ALG_SID_AES 17
+# define CALG_AES_128
(ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128)
+# define CALG_AES_192
(ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192)
+# define CALG_AES_256
(ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256)
+#endif
#define WINCAPI_BLOBHEADERLEN 0x08
#define WINCAPI_DSSPUBKEYLEN 0x08
@@ -269,6 +281,12 @@
HCRYPTPROV getProviderRSA(void) {return m_provRSA;}
/**
+ * \brief Return the internal key store provider
+ */
+
+ HCRYPTPROV getApacheKeyStore(void) {return m_provApacheKeyStore;}
+
+ /**
* \brief Translate B64 I2OS integer to a WinCAPI int.
*
* Decodes a Base64 (ds:CryptoBinary) integer and reverses the order to
@@ -329,8 +347,11 @@
HCRYPTPROV m_provDSS;
HCRYPTPROV m_provRSA;
+ HCRYPTPROV m_provApacheKeyStore;
LPCSTR m_provDSSName;
LPCSTR m_provRSAName;
+ bool m_haveAES;
+ DWORD m_provRSAType;
};
