blautenb 2003/10/13 04:08:02
Modified: c/src/tools/cipher MerlinFiveInteropResolver.cpp
MerlinFiveInteropResolver.hpp cipher.cpp
c/src/tools/xtest xtest.cpp
Log:
Implementation of Symmetric Encryption in WinCAPI
Revision Changes Path
1.3 +47 -10
xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp
Index: MerlinFiveInteropResolver.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- MerlinFiveInteropResolver.cpp 3 Oct 2003 09:52:02 -0000 1.2
+++ MerlinFiveInteropResolver.cpp 13 Oct 2003 11:08:02 -0000 1.3
@@ -76,7 +76,7 @@
#include <xsec/dsig/DSIGKeyInfoName.hpp>
#include <xsec/utils/XSECDOMUtils.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp>
-
+#include <xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp>
#include <xercesc/util/Janitor.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
@@ -84,7 +84,9 @@
#include <iostream>
-#if defined (HAVE_OPENSSL)
+#if !defined (HAVE_OPENSSL) && !defined (HAVE_WINCAPI)
+# error Require OpenSSL or Windows Crypto API for the Merlin Resolver
+#endif
//
--------------------------------------------------------------------------------
// Strings and keys
@@ -133,7 +135,33 @@
delete[]mp_baseURI;
}
+//
--------------------------------------------------------------------------------
+// Utility functions
+//
--------------------------------------------------------------------------------
+
+XSECCryptoSymmetricKey *
MerlinFiveInteropResolver::makeSymmetricKey(XSECCryptoSymmetricKey::SymmetricKeyType
type) {
+
+#if defined (HAVE_OPENSSL)
+
+ OpenSSLCryptoSymmetricKey * k;
+ k = new OpenSSLCryptoSymmetricKey(type);
+
+ return k;
+
+#else
+
+ WinCAPICryptoSymmetricKey * k;
+ k = new WinCAPICryptoSymmetricKey(0, type);
+
+ return k;
+
+#endif
+
+}
+//
--------------------------------------------------------------------------------
+// Resolver
+//
--------------------------------------------------------------------------------
XSECCryptoKey * MerlinFiveInteropResolver::resolveKey(DSIGKeyInfoList * lst)
{
@@ -152,15 +180,25 @@
// Check if this is a key we know
if (strEquals(s_bobName, name)) {
- OpenSSLCryptoSymmetricKey * k;
- k = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
- k->setKey((unsigned char *) s_bobKey,
strlen(s_bobKey));
+ XSECCryptoSymmetricKey * k =
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+ try {
+ k->setKey((unsigned char *) s_bobKey,
strlen(s_bobKey));
+ } catch (...) {
+ delete k;
+ throw;
+ }
return k;
}
if (strEquals(s_jobName, name)) {
- OpenSSLCryptoSymmetricKey * k;
- k = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
- k->setKey((unsigned char *) s_jobKey,
strlen(s_bobKey));
+ XSECCryptoSymmetricKey * k =
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+ try {
+ k->setKey((unsigned char *) s_jobKey,
strlen(s_jobKey));
+ } catch(...) {
+ delete k;
+ throw;
+ }
return k;
}
@@ -182,4 +220,3 @@
-#endif /* HAVE_OPENSSL */
1.2 +4 -5
xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.hpp
Index: MerlinFiveInteropResolver.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.hpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- MerlinFiveInteropResolver.hpp 15 Sep 2003 11:55:55 -0000 1.1
+++ MerlinFiveInteropResolver.hpp 13 Oct 2003 11:08:02 -0000 1.2
@@ -73,6 +73,7 @@
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECKeyInfoResolver.hpp>
+#include <xsec/enc/XSECCryptoSymmetricKey.hpp>
#if defined (_WIN32)
# include <io.h>
@@ -80,9 +81,6 @@
# include <glob.h>
#endif
-#if defined (HAVE_OPENSSL)
-# include <openssl/x509.h>
-
class MerlinFiveInteropResolver : public XSECKeyInfoResolver {
public :
@@ -99,6 +97,8 @@
private:
+ XSECCryptoSymmetricKey *
makeSymmetricKey(XSECCryptoSymmetricKey::SymmetricKeyType);
+
XMLCh * mp_baseURI;
#if defined (_WIN32)
@@ -111,4 +111,3 @@
};
-#endif /* HAVE_OPENSSL */
1.4 +23 -10 xml-security/c/src/tools/cipher/cipher.cpp
Index: cipher.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/cipher/cipher.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- cipher.cpp 15 Sep 2003 11:55:55 -0000 1.3
+++ cipher.cpp 13 Oct 2003 11:08:02 -0000 1.4
@@ -137,6 +137,10 @@
#endif
+#if !defined (HAVE_OPENSSL) && !defined(HAVE_WINCAPI)
+# error No available cryptoAPI
+#endif
+
#if defined (HAVE_OPENSSL)
// OpenSSL
@@ -148,6 +152,7 @@
#if defined (HAVE_WINCAPI)
# include <xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp>
+# include <xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp>
# include <xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp>
#endif
@@ -179,10 +184,8 @@
cerr << " Decrypt the first encrypted element found\n";
cerr << " --key/-k [key string]\n";
cerr << " Use the key provided in [key string] to
encrypt/decrypt\n";
-#if defined (HAVE_OPENSSL)
cerr << " --interop/-i\n";
cerr << " Use the interop resolver for Baltimore interop
examples\n";
-#endif
cerr << "\n Exits with codes :\n";
cerr << " 0 = Decrypt/Encrypt OK\n";
@@ -201,7 +204,11 @@
#if defined(_WIN32) && defined (HAVE_WINCAPI)
HCRYPTPROV win32DSSCSP = 0;
// Crypto Providers
- HCRYPTPROV win32RSACSP = 0;
+ HCRYPTPROV win32RSACSP = 0;
+
+ CryptAcquireContext(&win32DSSCSP, NULL, NULL, PROV_DSS,
CRYPT_VERIFYCONTEXT);
+ CryptAcquireContext(&win32RSACSP, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT);
+
#endif
if (argc < 2) {
@@ -219,13 +226,11 @@
paramCount++;
doDecryptElement = true;
}
-#if defined (HAVE_OPENSSL)
else if (stricmp(argv[paramCount], "--interop") == 0 ||
stricmp(argv[paramCount], "-i") == 0) {
// Use the interop key resolver
useInteropResolver = true;
paramCount++;
}
-#endif
else if (stricmp(argv[paramCount], "--key") == 0 ||
stricmp(argv[paramCount], "-k") == 0) {
// Have set a key string
@@ -308,21 +313,29 @@
try {
+#if defined (HAVE_OPENSSL)
OpenSSLCryptoSymmetricKey * k;
if (keyStr != NULL) {
k = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
k->setKey((unsigned char *) keyStr, strlen(keyStr));
cipher->setKey(k);
}
+#else
+ WinCAPICryptoSymmetricKey * k;
+ if (keyStr != NULL) {
+ k = new WinCAPICryptoSymmetricKey(win32RSACSP,
XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+ k->setKey((unsigned char *) keyStr, strlen(keyStr));
+ cipher->setKey(k);
+ }
+#endif
-#if defined (HAVE_OPENSSL)
if (useInteropResolver == true) {
MerlinFiveInteropResolver ires(NULL);
cipher->setKeyInfoResolver(&ires);
}
-#endif
+
cipher->decryptElement(static_cast<DOMElement *>(n));
// Output the result
@@ -357,14 +370,14 @@
catch (XSECException &e) {
char * msg = XMLString::transcode(e.getMsg());
- cerr << "An error occured during signature verification\n
Message: "
+ cerr << "An error occured during encryption/decryption
operation\n Message: "
<< msg << endl;
delete [] msg;
errorsOccured = true;
return 2;
}
catch (XSECCryptoException &e) {
- cerr << "An error occured during signature verification\n
Message: "
+ cerr << "An error occured during encryption/decryption
operation\n Message: "
<< e.getMsg() << endl;
errorsOccured = true;
1.24 +12 -18 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- xtest.cpp 12 Oct 2003 06:23:40 -0000 1.23
+++ xtest.cpp 13 Oct 2003 11:08:02 -0000 1.24
@@ -125,9 +125,10 @@
#include <xsec/xenc/XENCCipher.hpp>
#include <xsec/xenc/XENCEncryptedData.hpp>
+#include <xsec/enc/XSECCryptoSymmetricKey.hpp>
+
#if defined (HAVE_OPENSSL)
# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp>
-# include <xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp>
# include <openssl/rand.h>
#endif
#if defined (HAVE_WINCAPI)
@@ -780,19 +781,12 @@
// Generate a key
unsigned char randomBuffer[256];
-#if defined (HAVE_OPENSSL)
- if (RAND_status() != 1) {
-
- cerr << "Warning - OpenSSL random not properly
initialised" << endl;
-
- }
+ if
(XSECPlatformUtils::g_cryptoProvider->getRandom(randomBuffer, 256) != 256) {
- if (RAND_bytes(randomBuffer, 128) != 1) {
-
- cerr << "Error - OpenSSL random did not generate data"
<< endl;
+ cerr << "Unable to obtain enough random bytes from
Crypto Provider" << endl;
exit(1);
+
}
-#endif
static char keyStr[] = "abcdefghijklmnopqrstuvwx";
@@ -802,8 +796,8 @@
// Set a key
- OpenSSLCryptoSymmetricKey * k;
- k = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+ XSECCryptoSymmetricKey * k =
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
k->setKey((unsigned char *) randomBuffer, 24);
cipher->setKey(k);
@@ -831,8 +825,8 @@
cerr << "Encrypting symmetric key ... " << endl;
- OpenSSLCryptoSymmetricKey * kek;
- kek = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+ XSECCryptoSymmetricKey * kek =
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
kek->setKey((unsigned char *) keyStr, 16);
cipher->setKEK(kek);
@@ -851,8 +845,8 @@
XENCCipher * cipher2 = prov.newCipher(doc);
- OpenSSLCryptoSymmetricKey * k2;
- k2 = new
OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+ XSECCryptoSymmetricKey * k2 =
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
k2->setKey((unsigned char *) keyStr, 16);
cipher2->setKEK(k2);
