PKIFAlgorithm.cpp

Go to the documentation of this file.

#include "PKIFAlgorithm.h"
#include "ToolkitUtils.h"
#include "OID.h"

static CPKIFAlgorithm md5("MD5",PKIFCRYPTO::MD5,16);
static CPKIFAlgorithm sha1("SHA-1",PKIFCRYPTO::SHA1,20);
static CPKIFAlgorithm sha256("SHA-256",PKIFCRYPTO::SHA256,32);
static CPKIFAlgorithm sha384("SHA-384",PKIFCRYPTO::SHA384,48);
static CPKIFAlgorithm sha512("SHA-512",PKIFCRYPTO::SHA512,64);
static CPKIFAlgorithm sha224("SHA-224",PKIFCRYPTO::SHA224,28);

static CPKIFAlgorithm desECB("DES ECB",PKIFCRYPTO::DES,PKIFCRYPTO::ECB,8,8);
static CPKIFAlgorithm tdesECB("Triple DES ECB",PKIFCRYPTO::TDES,PKIFCRYPTO::ECB,24,8);
static CPKIFAlgorithm aes128ECB("AES-128 ECB",PKIFCRYPTO::AES128,PKIFCRYPTO::ECB,16,16);
static CPKIFAlgorithm aes192ECB("AES-192 ECB",PKIFCRYPTO::AES192,PKIFCRYPTO::ECB,24,16);
static CPKIFAlgorithm aes256ECB("AES-256 ECB",PKIFCRYPTO::AES256,PKIFCRYPTO::ECB,32,16);

static CPKIFAlgorithm aes128Wrap("AES-128 Wrap",PKIFCRYPTO::AES128Wrap,PKIFCRYPTO::ECB,16,8);
static CPKIFAlgorithm aes192Wrap("AES-192 Wrap",PKIFCRYPTO::AES192Wrap,PKIFCRYPTO::ECB,24,8);
static CPKIFAlgorithm aes256Wrap("AES-256 Wrap",PKIFCRYPTO::AES256Wrap,PKIFCRYPTO::ECB,32,8);

static CPKIFAlgorithm desCBC("DES CBC",PKIFCRYPTO::DES,PKIFCRYPTO::CBC,8,8);
static CPKIFAlgorithm tdesCBC("Triple DES CBC",PKIFCRYPTO::TDES,PKIFCRYPTO::CBC,24,8);
static CPKIFAlgorithm aes128CBC("AES-128 CBC",PKIFCRYPTO::AES128,PKIFCRYPTO::CBC,16,16);
static CPKIFAlgorithm aes192CBC("AES-192 CBC",PKIFCRYPTO::AES192,PKIFCRYPTO::CBC,24,16);
static CPKIFAlgorithm aes256CBC("AES-256 CBC",PKIFCRYPTO::AES256,PKIFCRYPTO::CBC,32,16);

static CPKIFAlgorithm rsa("RSA",PKIFCRYPTO::RSA);
static CPKIFAlgorithm dss("DSS",PKIFCRYPTO::DSS);
static CPKIFAlgorithm ecc("ECC",PKIFCRYPTO::ECC);

static CPKIFAlgorithm rsasha512("RSA with SHA512",PKIFCRYPTO::RSA,PKIFCRYPTO::SHA512);
static CPKIFAlgorithm rsasha384("RSA with SHA384",PKIFCRYPTO::RSA,PKIFCRYPTO::SHA384);
static CPKIFAlgorithm rsasha256("RSA with SHA256",PKIFCRYPTO::RSA,PKIFCRYPTO::SHA256);
static CPKIFAlgorithm rsasha224("RSA with SHA224",PKIFCRYPTO::RSA,PKIFCRYPTO::SHA224);
static CPKIFAlgorithm rsasha1("RSA with SHA1",PKIFCRYPTO::RSA,PKIFCRYPTO::SHA1);
static CPKIFAlgorithm rsamd5("RSA with MD5",PKIFCRYPTO::RSA,PKIFCRYPTO::MD5);
static CPKIFAlgorithm dsasha1("DSA with SHA1",PKIFCRYPTO::DSS,PKIFCRYPTO::SHA1);
static CPKIFAlgorithm ecdsasha1("ECDSA with SHA1",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA1);
static CPKIFAlgorithm ecdsasha224("ECDSA with SHA224",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA224);
static CPKIFAlgorithm ecdsasha256("ECDSA with SHA256",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA256);
static CPKIFAlgorithm ecdsasha384("ECDSA with SHA384",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA384);
static CPKIFAlgorithm ecdsasha512("ECDSA with SHA512",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA512);

//static CPKIFAlgorithm ecdhStandardDHSHA1KDF("Standard ECDH with SHA1 KDF",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA1);
//static CPKIFAlgorithm ecdhCofactorDHSHA1KDF("Cofactor ECDH with SHA1 KDF",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA1);
//static CPKIFAlgorithm ecmqvSinglePassSHA1KDF("Single Pass ECMQV",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA1);
static CPKIFAlgorithm ecdhStandardDHSHA256KDF("Standard ECDH with SHA256 KDF",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA256);
static CPKIFAlgorithm ecdhStandardDHSHA384KDF("Standard ECDH with SHA384 KDF",PKIFCRYPTO::ECC,PKIFCRYPTO::SHA384);

static CPKIFAlgorithm invalid;

static bool s_initialized = false;
struct PKIFAlgorithmImpl
{
    // with the introduction of signature algs,
    // this can no longer be a union since both
    // the asymAlg member and the hashAlg member
    // need to be populated.
    PKIFCRYPTO::HASH_ALG hashAlg;
    PKIFCRYPTO::SYMKEY_ALG symAlg;
    PKIFCRYPTO::ASYMKEY_ALG asymAlg;
    int blocklen;
    int keylen;
    int digestlen;
    PKIFCRYPTO::SYMKEY_MODE mode;
    CPKIFOIDPtr oid;
    std::string description;

    PKIFAlgorithmImpl();
};

PKIFAlgorithmImpl::PKIFAlgorithmImpl()
{
    blocklen = -1;
    keylen = -1;
    digestlen = -1;
    description = "Uninitialized";
}

CPKIFAlgorithm::CPKIFAlgorithm(
    const std::string & description,
    PKIFCRYPTO::HASH_ALG alg, 
    int digestsize)
:m_impl(new PKIFAlgorithmImpl)
{
    m_impl->hashAlg = alg;
    m_impl->digestlen = digestsize;
    m_impl->description = description;
}
CPKIFAlgorithm::CPKIFAlgorithm(
    const std::string & description,
    PKIFCRYPTO::SYMKEY_ALG alg, 
    PKIFCRYPTO::SYMKEY_MODE mode, 
    int keylen, 
    int blocksize)
:m_impl(new PKIFAlgorithmImpl)
{
    m_impl->symAlg = alg;
    m_impl->keylen = keylen;
    m_impl->blocklen = blocksize;
    m_impl->description = description;
    m_impl->mode = mode;
}
CPKIFAlgorithm::CPKIFAlgorithm(
    const std::string & description, 
    PKIFCRYPTO::ASYMKEY_ALG alg)
:m_impl(new PKIFAlgorithmImpl)
{
    m_impl->asymAlg = alg;
    m_impl->description = description;
}

CPKIFAlgorithm::CPKIFAlgorithm(
    const std::string & description,
    PKIFCRYPTO::ASYMKEY_ALG ka,
    PKIFCRYPTO::HASH_ALG ha)
:m_impl(new PKIFAlgorithmImpl)
{
    m_impl->asymAlg = ka;
    m_impl->hashAlg = ha;
    m_impl->description = description;
}
CPKIFAlgorithm::CPKIFAlgorithm(void)
:m_impl(new PKIFAlgorithmImpl)
{
}
CPKIFAlgorithm::~CPKIFAlgorithm(void)
{
    PKIFDelete(m_impl);
    m_impl = 0;
}
CPKIFAlgorithm * CPKIFAlgorithm::GetAlg(
    PKIFCRYPTO::HASH_ALG alg)
{
    if(!s_initialized) {
        init();
    }
    switch(alg)
    {
    case PKIFCRYPTO::MD5:
        return &md5;
        break;
    case PKIFCRYPTO::SHA1:
        return &sha1;
        break;
    case PKIFCRYPTO::SHA256:
        return &sha256;
        break;
    case PKIFCRYPTO::SHA384:
        return &sha384;
        break;
    case PKIFCRYPTO::SHA512:
        return &sha512;
        break;
    default:
        break;
    }
    return &invalid;
}
CPKIFAlgorithm * CPKIFAlgorithm::GetAlg(
    PKIFCRYPTO::SYMKEY_ALG alg, 
    PKIFCRYPTO::SYMKEY_MODE mode)
{
    if(!s_initialized) {
        init();
    }
    switch(alg)
    {
    case PKIFCRYPTO::DES:
        return (mode == PKIFCRYPTO::ECB) ? &desECB : &desCBC;
        break;
    case PKIFCRYPTO::TDES:
        return (mode == PKIFCRYPTO::ECB) ? &tdesECB : &tdesCBC;
        break;
    case PKIFCRYPTO::AES:
    case PKIFCRYPTO::AES128:
        return (mode == PKIFCRYPTO::ECB) ? &aes128ECB : &aes128CBC;
        break;
    case PKIFCRYPTO::AES192:
        return (mode == PKIFCRYPTO::ECB) ? &aes192ECB : &aes192CBC;
        break;
    case PKIFCRYPTO::AES256:
        return (mode == PKIFCRYPTO::ECB) ? &aes256ECB : &aes256CBC;
        break;
    case PKIFCRYPTO::AES128Wrap:
        return &aes128Wrap;
        break;
    case PKIFCRYPTO::AES192Wrap:
        return &aes192Wrap;
        break;
    case PKIFCRYPTO::AES256Wrap:
        return &aes256Wrap;
        break;
    default:
        break;
    }
    return &invalid;
}
CPKIFAlgorithm * CPKIFAlgorithm::GetAlg(
    PKIFCRYPTO::ASYMKEY_ALG alg)
{
    if(!s_initialized) {
        init();
    }
    switch(alg)
    {
    case PKIFCRYPTO::RSA:
        return &rsa;
        break;
    case PKIFCRYPTO::DSS:
        return &dss;
        break;
    case PKIFCRYPTO::ECC:
        return &ecc;
        break;
    default:
        break;
    }
    return &invalid;
}
CPKIFAlgorithm * CPKIFAlgorithm::GetAlg(
    CPKIFOIDPtr oid)
{
    if(!s_initialized) init();
    if(*oid == *g_md5) return &md5;
    if(*oid == *g_sha1) return &sha1;
    if(*oid == *g_sha256) return &sha256;
    if(*oid == *g_sha384) return &sha384;
    if(*oid == *g_sha512) return &sha512;
    if(*oid == *g_sha224) return &sha224;

    if(*oid == *g_desECB) return &desECB;
    if(*oid == *g_tdesECB) return &tdesECB;
    if(*oid == *g_aes128ECB) return &aes128ECB;
    if(*oid == *g_aes192ECB) return &aes192ECB;
    if(*oid == *g_aes256ECB) return &aes256ECB;

    if(*oid == *g_desCBC) return &desCBC;
    if(*oid == *g_tdesCBC) return &tdesCBC;
    if(*oid == *g_aes128CBC) return &aes128CBC;
    if(*oid == *g_aes192CBC) return &aes192CBC;
    if(*oid == *g_aes256CBC) return &aes256CBC;

    if(*oid == *g_aes128Wrap) return &aes128Wrap;
    if(*oid == *g_aes192Wrap) return &aes192Wrap;
    if(*oid == *g_aes256Wrap) return &aes256Wrap;
    
    if(*oid == *g_rsa) return &rsa;
    if(*oid == *g_dsa) return &dss;
    if(*oid == *g_ecc) return &ecc;

    if(*oid == g_md5WithRSAEncryption) return &rsamd5;
    if(*oid == g_sha1WithRSAEncryption) return &rsasha1;
    if(*oid == g_sha224WithRSAEncryption) return &rsasha224;
    if(*oid == g_sha256WithRSAEncryption) return &rsasha256;
    if(*oid == g_sha384WithRSAEncryption) return &rsasha384;
    if(*oid == g_sha512WithRSAEncryption) return &rsasha512;
    if(*oid == g_dsaWithSHA1) return &dsasha1;
    if(*oid == g_dsaWithSHA1Alternative) return &dsasha1;

    if(*oid == g_ecdsa_sha1) return &ecdsasha1;
    if(*oid == g_ecdsa_sha224) return &ecdsasha224;
    if(*oid == g_ecdsa_sha256) return &ecdsasha256;
    if(*oid == g_ecdsa_sha384) return &ecdsasha384;
    if(*oid == g_ecdsa_sha512) return &ecdsasha512;

    // We were misusing the old OIDs before, pairing them with
    // the draft suite b standard KDF. Now that it's standardized
    // and has its own OIDs, use those instead and disable support
    // for the old ones, which might not interoperate well anyway.
    // if support for these OIDs returns, implement the X9.63 KDF
    // to accompany them
    // if(*oid == g_ecdh_std_sha1kdf) return &ecdhStandardDH;
    //if(*oid == g_ecdh_cofactor_sha1kdf) return &ecdhCofactorDH;
    //if(*oid == g_ecmqv_sha1kdf) return &ecmqvSinglePass;
    if(*oid == g_ecdh_std_sha256kdf) return &ecdhStandardDHSHA256KDF;
    if(*oid == g_ecdh_std_sha384kdf) return &ecdhStandardDHSHA384KDF;

    return 0;

}

// the OIDs need to be initialized here rather than in c'tors because
// at the time the c'tors are called the global oids may be invalid
void CPKIFAlgorithm::init(void)
{
    if(s_initialized) return;
    md5.m_impl->oid = g_md5;
    sha1.m_impl->oid = g_sha1;
    sha256.m_impl->oid = g_sha256;
    sha384.m_impl->oid = g_sha384;
    sha512.m_impl->oid = g_sha512;
    sha224.m_impl->oid = g_sha224;

    desECB.m_impl->oid = g_desECB;
    tdesECB.m_impl->oid = g_tdesECB;
    aes128ECB.m_impl->oid = g_aes128ECB;
    aes192ECB.m_impl->oid = g_aes192ECB;
    aes256ECB.m_impl->oid = g_aes256ECB;

    desCBC.m_impl->oid = g_desCBC;
    tdesCBC.m_impl->oid = g_tdesCBC;
    aes128CBC.m_impl->oid = g_aes128CBC;
    aes192CBC.m_impl->oid = g_aes192CBC;
    aes256CBC.m_impl->oid = g_aes256CBC;

    aes128Wrap.m_impl->oid = g_aes128Wrap;
    aes192Wrap.m_impl->oid = g_aes192Wrap;
    aes256Wrap.m_impl->oid = g_aes256Wrap;
    
    rsa.m_impl->oid = g_rsa;
    dss.m_impl->oid = g_dsa;
    ecc.m_impl->oid = g_ecc;

    rsasha1.m_impl->oid = g_sha1WithRSAEncryption;
    rsasha224.m_impl->oid = g_sha224WithRSAEncryption;
    rsasha256.m_impl->oid = g_sha256WithRSAEncryption;
    rsasha384.m_impl->oid = g_sha384WithRSAEncryption;
    rsasha512.m_impl->oid = g_sha512WithRSAEncryption;
    rsamd5.m_impl->oid = g_md5WithRSAEncryption;
    dsasha1.m_impl->oid = g_dsaWithSHA1;

    ecdsasha1.m_impl->oid = g_ecdsa_sha1;
    ecdsasha224.m_impl->oid = g_ecdsa_sha224;
    ecdsasha256.m_impl->oid = g_ecdsa_sha256;
    ecdsasha384.m_impl->oid = g_ecdsa_sha384;
    ecdsasha512.m_impl->oid = g_ecdsa_sha512;
    
    ecdhStandardDHSHA256KDF.m_impl->oid = g_ecdh_std_sha256kdf;
    ecdhStandardDHSHA384KDF.m_impl->oid = g_ecdh_std_sha384kdf;
    
    s_initialized = true;

}
const std::string & CPKIFAlgorithm::Description(void) const
{
    return m_impl->description;
}
int CPKIFAlgorithm::BlockSize(void) const
{
    return m_impl->blocklen;
}
int CPKIFAlgorithm::DigestSize(void) const
{
    return m_impl->digestlen;
}
int CPKIFAlgorithm::KeySize(void) const
{
    return m_impl->keylen;
}
CPKIFOIDPtr CPKIFAlgorithm::OID() const
{
    return m_impl->oid;
}
bool CPKIFAlgorithm::NeedsIV() const
{
    switch(m_impl->mode)
    {
    case PKIFCRYPTO::CBC:
    case PKIFCRYPTO::CFB8:
    case PKIFCRYPTO::CFB64:
    case PKIFCRYPTO::OFB8:
    case PKIFCRYPTO::OFB64:
        return true;

    case PKIFCRYPTO::ECB:
    default:
        return false;
        break;
    }
    return false;
}
PKIFCRYPTO::HASH_ALG CPKIFAlgorithm::HashAlg(void) const
{
    return m_impl->hashAlg;
}
PKIFCRYPTO::SYMKEY_ALG CPKIFAlgorithm::SymkeyAlg(void) const
{
    return m_impl->symAlg;
}
PKIFCRYPTO::SYMKEY_MODE CPKIFAlgorithm::SymkeyMode(void) const
{
    return m_impl->mode;
}
PKIFCRYPTO::ASYMKEY_ALG CPKIFAlgorithm::AsymkeyAlg(void) const
{
    return m_impl->asymAlg;
}