PKIFCryptoPPCredential.cpp

Go to the documentation of this file.

#include "PKIFCryptoPPCredential.h"

#include "ToolkitUtils.h"
#include "PKIFMemoryUtils.h"
#include "components.h"
#include "PKIFCryptoPPErrors.h"
#include "PKIFCryptoException.h"
#include "Name.h"
#include "Buffer.h"

#include "Certificate.h"
#include "SubjectKeyIdentifier.h"
#include "Buffer.h"
#include "PKIFAlgorithm.h"

#include "PKIFKeyMaterial.h"
#include "PKIFCryptoPPKeyMaterial.h"
#include "OID.h"

#include "cryptlib.h"
#include "asn.h"
#include "rsa.h"
#include "dsa.h"
#include "eccrypto.h"

using namespace std;

CPKIFCryptoPPCredential::CPKIFCryptoPPCredential()
:m_pkifCert((CPKIFCertificate *)0),m_keyBuf((CPKIFBuffer *)0),m_keyAlg(0)
{
    LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_CRYPTO_CRYPTOPPCRED,0,this);
        
}
CPKIFCryptoPPCredential::~CPKIFCryptoPPCredential(void)
{
    LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_CRYPTO_CRYPTOPPCRED,0,this);
    if(m_keyBuf) {
        unsigned char * keydata = const_cast<unsigned char *>(m_keyBuf->GetBuffer());
        PKIFZero(keydata,m_keyBuf->GetLength());
    }
    /*if(m_password) {
        PKIFZero(m_password,m_pwLen);
        PKIFDelete(m_password);
        m_password = 0;
    }
    if(m_privateKey) {
        SECKEY_DestroyPrivateKey(m_privateKey);
        m_privateKey = 0;
    }*/
}

void CPKIFCryptoPPCredential::SetPassword(
    unsigned char* password, 
    int len)
{
    LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_CRYPTO_CRYPTOPPCRED,0,this);
    RAISE_CRYPTO_EXCEPTION("Crypto++ does not support password-protected credentials",
        TOOLKIT_CRYPTO_CRYPTOPPCRED,COMMON_NOT_IMPLEMENTED,this);

}
CPKIFCertificatePtr CPKIFCryptoPPCredential::GetCertificate() const
{
    LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_CRYPTO_CRYPTOPPCRED,0,this);
    return m_pkifCert;
}

CPKIFKeyMaterialPtr CPKIFCryptoPPCredential::GetPublicKey() const
{
    CPKIFKeyMaterialPtr rv;
    // if there is a certificate, the base class method is fine
    if(m_pkifCert) {
        return CPKIFCredential::GetPublicKey();
    }
    // if the algorithm wasn't set and there's no certificate, we cannot attempt
    // to derive from the private key.
    if(!m_keyAlg) return rv;

    // if there's no certificate, attempt to derive from a private key.
    // applications are responsible for maintaining this separately or using
    // a certificate if the public key cannot be derived the private.
    CryptoPP::ASN1CryptoMaterial<CryptoPP::PrivateKey> * privKey = 0;
    CryptoPP::ASN1CryptoMaterial<CryptoPP::PublicKey> * pubKey = 0;
        
    // these are the algs for which we know how to derive a public key from a private key
    switch(m_keyAlg->AsymkeyAlg())
    {
    case PKIFCRYPTO::RSA:
        privKey = new CryptoPP::RSA::PrivateKey();
        break;
    case PKIFCRYPTO::DSS:
        privKey = new CryptoPP::DSA::PrivateKey();
        break;
    case PKIFCRYPTO::ECC:
        privKey = new CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP>();
        break;
    }
    if(!privKey) {
        return rv;
    }
    
    CryptoPP::ByteQueue privq;
    privq.Put(m_keyBuf->GetBuffer(), m_keyBuf->GetLength());

    try {
        privKey->BERDecode(privq);
    } catch(CryptoPP::BERDecodeErr &) {
        RAISE_CRYPTO_EXCEPTION("Internal consistency error in PKIFCryptoPPCredential. Unable to BER decode private key.",
            TOOLKIT_CRYPTO_CRYPTOPPCRED,PKIF_CRYPTOPP_RAW_IMPORT_FAILED,this);
    }
    
    switch(m_keyAlg->AsymkeyAlg())
    {
    case PKIFCRYPTO::RSA:
        {
            CryptoPP::RSA::PrivateKey * k = dynamic_cast<CryptoPP::RSA::PrivateKey *>(privKey);
            CryptoPP::RSAES_OAEP_SHA_Decryptor d(*k);
            CryptoPP::RSAES_OAEP_SHA_Encryptor e(d);
            pubKey = new CryptoPP::RSA::PublicKey(e.AccessKey());
            break;
        }
    case PKIFCRYPTO::DSS:
        {
            CryptoPP::DSA::PrivateKey * k = dynamic_cast<CryptoPP::DSA::PrivateKey *>(privKey);
            CryptoPP::DSA::PublicKey pk;
            k->MakePublicKey(pk);
            pubKey = new CryptoPP::DSA::PublicKey(pk);
            break;
        }
    case PKIFCRYPTO::ECC:
        {
            CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP> * k = dynamic_cast<CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP> * >(privKey);
            CryptoPP::DL_PublicKey_EC<CryptoPP::ECP> pk;
            k->MakePublicKey(pk);
            pubKey = new CryptoPP::DL_PublicKey_EC<CryptoPP::ECP>(pk);
            break;
        }
    }

    // if there was no public key, we may have some alg where crypto++ can't derive public from private
    if(!pubKey) {
        if(privKey) delete privKey;
        return rv;
    }

    CryptoPP::ByteQueue pubq;
    pubKey->DEREncode(pubq);
    delete privKey;
    delete pubKey;
    privKey = 0;
    pubKey = 0;

    CPKIFBufferPtr spkiBuf(new CPKIFBuffer);
    // given the sizes in question, this should be safe
    unsigned char * rawBuf = spkiBuf->AllocateBuffer((int)pubq.MaxRetrievable());
    pubq.Get(rawBuf,spkiBuf->GetLength());

    CPKIFCryptoPPKeyMaterialPtr cppKM(new CPKIFCryptoPPKeyMaterial());
    cppKM->SetRawSPKI(spkiBuf);

    rv = boost::dynamic_pointer_cast<CPKIFKeyMaterial, CPKIFCryptoPPKeyMaterial>(cppKM);
    return rv;

}

void CPKIFCryptoPPCredential::SetCertificate(CPKIFCertificatePtr & cert)
{
    LOG_STRING_DEBUG(__FUNCTION__,TOOLKIT_CRYPTO_CRYPTOPPCRED,0,this);
    m_pkifCert = cert;
}

void CPKIFCryptoPPCredential::SetPrivateKey(
                   CPKIFBufferPtr & key
                   )
{
    m_keyBuf = key;
}

void CPKIFCryptoPPCredential::SetAlgorithm(
    CPKIFAlgorithm * alg
    )
{
    m_keyAlg = alg;
}

CPKIFAlgorithm * CPKIFCryptoPPCredential::GetAlgorithm()
{
    return m_keyAlg;
}