PKIFCryptUtils.h File Reference
Detailed Description
Subsystem: Cryptography (PKIFCRYPTO)Module: PKIFCRYPTUtils
- Id
- PKIFCryptUtils.h 9935 2009-05-15 14:16:49Z gbeier
Definition in file PKIFCryptUtils.h.
#include "PKIFdll.h"
Go to the source code of this file.
Typedefs | |
| typedef IPKIFCryptoRawOperations | IPKIFCryptoRaw |
Functions | |
| FD_SMART_PTR (IPKIFColleague) | |
| FD_SMART_PTR (CPKIFKeyMaterial) | |
| FD_SMART_PTR (CPKIFBuffer) | |
| CAC_API IPKIFCryptoRaw * | GetPlatformCryptoRaw (void) |
| CAC_API IPKIFCryptoMisc * | GetPlatformCryptoMisc (void) |
| CAC_API IPKIFColleaguePtr | MakeDefaultKeyIDColleague (void) |
| CAC_API IPKIFColleaguePtr | MakeDefaultRawColleague (void) |
| CAC_API void | ShutdownCrypto (void) |
| CAC_API std::string | GetCurrentNSSDBDir (void) |
| CAC_API bool | IsNSSDBInitialized (void) |
| CAC_API CPKIFBufferPtr | WrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFKeyMaterialPtr &key, const IPKIFCryptoRawOperations *crypto=0) |
| CAC_API CPKIFKeyMaterialPtr | UnwrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFBufferPtr &key, const IPKIFCryptoRawOperations *crypto) |
Typedef Documentation
Definition at line 14 of file PKIFCryptUtils.h.
Function Documentation
| FD_SMART_PTR | ( | CPKIFBuffer | ) |
| FD_SMART_PTR | ( | CPKIFKeyMaterial | ) |
| FD_SMART_PTR | ( | IPKIFColleague | ) |
| CAC_API std::string GetCurrentNSSDBDir | ( | void | ) |
Interface: External
This function returns the path to NSS DB directory
- Returns:
- std::string containing the path to the NSS DB directory. IsNSSDBInitialized() should be called first to determine if the database was initialized.
Definition at line 179 of file PKIFPlatformCryptUtils.cpp.
References CPKIFNSSDatabase::GetDBDir(), and CPKIFNSSDatabase::GetInstance().
Referenced by SaveCryptoComponents(), and SaveStorageAndRetrievalComponents().
| CAC_API IPKIFCryptoMisc* GetPlatformCryptoMisc | ( | void | ) |
Interface: Subsystem
Get a statically allocated instance of the platform's default raw crypto interface. Must not be freed by caller. Should be used rather than allocating a specific instance of IPKIFCAPIRaw or IPKIFNSSRaw on the stack to avoid platform dependency.
- Returns:
- Pointer to a statically allocated IPKIFCryptoMisc interface
Definition at line 85 of file PKIFPlatformCryptUtils.cpp.
References CPKIFCryptoPPRaw::Initialize().
Referenced by CertReferenceMatchesCertificate(), GetThumbprint(), GetThumbprintForSubjectAndIssuerPair(), CPKIFMessageImprint::HashAndSet(), HashBuffer(), OcspResponseCoversCertificate(), CPKIFESSCertId::SetCertificate(), and VerifyCertificateWithCryptoPP().
| CAC_API IPKIFCryptoRaw* GetPlatformCryptoRaw | ( | void | ) |
Interface: Subsystem
Get a statically allocated instance of the platform's default raw crypto interface. Must not be freed by caller. Should be used rather than allocating a specific instance of IPKIFCAPIRaw or IPKIFNSSRaw on the stack to avoid platform dependency.
- Returns:
- Pointer to a statically allocated IPKIFCryptoRaw interface
Definition at line 66 of file PKIFPlatformCryptUtils.cpp.
References CPKIFCryptoPPRaw::Initialize().
Referenced by CheckKIDsAndSignatures(), CPKIFCertificate::IsSelfSigned(), CPKIFDefaultScoring::ScoreAndSortNodes(), UnwrapSymmKey(), and WrapSymmKey().
| CAC_API bool IsNSSDBInitialized | ( | void | ) |
Interface: External
This function returns the path to NSS DB directory
- Returns:
- True if DB has been initialized false otherwise
Definition at line 193 of file PKIFPlatformCryptUtils.cpp.
References CPKIFNSSDatabase::IsInitialized().
Referenced by SaveCryptoComponents(), and SaveStorageAndRetrievalComponents().
| CAC_API IPKIFColleaguePtr MakeDefaultKeyIDColleague | ( | void | ) |
Interface: Subsystem
Get a newly allocated platform-default KeyID colleague (suitable for MakeDefaultMediator()). Must be freed by caller.
- Returns:
- Pointer to IPKIFCryptoKeyID colleague
Definition at line 103 of file PKIFPlatformCryptUtils.cpp.
References CPKIFBCryptGuard::IsCNGAvailable().
Referenced by CPKIFCryptoMediator2::InitializeMediator().
| CAC_API IPKIFColleaguePtr MakeDefaultRawColleague | ( | void | ) |
Interface: Subsystem
Get a newly allocated platform-default Raw colleague (suitable for MakeDefaultMediator()). Must be freed by caller.
- Returns:
- Pointer to IPKIFCryptoRaw colleague
Definition at line 129 of file PKIFPlatformCryptUtils.cpp.
References CPKIFBCryptGuard::IsCNGAvailable().
Referenced by CPKIFCryptoMediator2::InitializeMediator().
| CAC_API void ShutdownCrypto | ( | void | ) |
Interface: Subsystem
This function shuts down nss crypto
- Returns:
- None
Definition at line 154 of file PKIFPlatformCryptUtils.cpp.
References CPKIFNSSDatabase::GetInstance(), CPKIFNSSPasswordStorage::SetUserCallback(), and CPKIFNSSDatabase::Shutdown().
Referenced by FreeDefaultMediator(), and FreeDefaultMediatorNSS().
| CAC_API CPKIFKeyMaterialPtr UnwrapSymmKey | ( | const CPKIFKeyMaterialPtr & | kek, | |
| const CPKIFBufferPtr & | key, | |||
| const IPKIFCryptoRawOperations * | crypto | |||
| ) |
Interface: External
Unwrapp a key that has been wrapped with the supplied KEK.
Currently, this supports only AES key wrap as needed for suite B. Other algorithms may be supported in the future.
If the KEK has no IV set, the default from RFC 3394 will be used: A6A6A6A6A6A6A6A6
If a different IV is set in the KEK, that will be used instead.
The IV will be checked prior to returning the key material pointer
- Returns:
- a key material object with the unwrapped key. caller is responsible for setting the algorithm, mode, IV, etc., as we don't have that information here.
- Parameters:
-
kek [IN] kek which will be used to encrypt the inbound key. key [IN] key to be unwrapped crypto [IN] (optional) mediator set (or single colleague) that supports the algorithm
Definition at line 350 of file PKIFPlatformCryptUtils.cpp.
References CPKIFAlgorithm::BlockSize(), COMMON_INVALID_INPUT, CPKIFKeyMaterial::CreateWithSymmetricKey(), CRYPTO_ALG_NOT_SUPPORTED, IPKIFCryptoRawOperations::Decrypt(), g_aes128Wrap, g_aes192Wrap, g_aes256Wrap, CPKIFAlgorithm::GetAlg(), GetPlatformCryptoRaw(), CPKIFAlgorithm::OID(), PKIFZero(), CPKIFAlgorithm::SymkeyAlg(), CPKIFAlgorithm::SymkeyMode(), and TOOLKIT_CRYPTO_MISC.
| CAC_API CPKIFBufferPtr WrapSymmKey | ( | const CPKIFKeyMaterialPtr & | kek, | |
| const CPKIFKeyMaterialPtr & | key, | |||
| const IPKIFCryptoRawOperations * | crypto | |||
| ) |
Interface: External
Wrap a key using the specified KEK and algorithm.
Currently, this supports only AES key wrap as needed for suite B. Other algorithms may be supported in the future.
If the KEK has no IV set, the default from RFC 3394 will be used: A6A6A6A6A6A6A6A6
If a different IV is set in the KEK, that will be used instead.
- Returns:
- a buffer containing an encrypted key
- Parameters:
-
kek [IN] kek which will be used to encrypt the inbound key. key [IN] key to be wrapped crypto [IN] (optional) mediator set (or single colleague) that supports the algorithm
Definition at line 213 of file PKIFPlatformCryptUtils.cpp.
References CPKIFAlgorithm::BlockSize(), COMMON_INVALID_INPUT, CPKIFKeyMaterial::CreateWithSymmetricKey(), CRYPTO_ALG_NOT_SUPPORTED, IPKIFCryptoRawOperations::Encrypt(), g_aes128Wrap, g_aes192Wrap, g_aes256Wrap, CPKIFAlgorithm::GetAlg(), GetPlatformCryptoRaw(), CPKIFAlgorithm::OID(), PKIFZero(), IPKIFCryptoAlgSupport::SupportsAlgorithm(), CPKIFAlgorithm::SymkeyAlg(), CPKIFAlgorithm::SymkeyMode(), and TOOLKIT_CRYPTO_MISC.
