PKIFPlatformCryptUtils.cpp File Reference

Detailed Description

Subsystem: Cryptography (PKIFCRYPTO)

Module: PKIFCryptUtils

Id: PKIFPlatformCryptUtils.cpp 11149 2010-01-21 16:40:51Z agalustyan

Definition in file PKIFPlatformCryptUtils.cpp.

#include "PKIFCryptUtils.h"
#include "PKIFNSSDatabase.h"
#include "PKIFNSSPasswordStorage.h"
#include "PKIFCryptoPPRaw.h"
#include "PKIFKeyMaterial.h"
#include "Buffer.h"
#include "IPKIFCryptoRaw.h"
#include "ToolkitUtils.h"
#include "components.h"
#include "PKIFAlgorithm.h"
#include "PKIFCryptoConstants.h"
#include "PKIFCryptoErrors.h"
#include "PKIFCryptoException.h"
#include "PKIFMemoryUtils.h"
#include "OID.h"
#include <cstring>
#include <sstream>
#include <boost/scoped_array.hpp>
#include <boost/cstdint.hpp>

Include dependency graph for PKIFPlatformCryptUtils.cpp:

Go to the source code of this file.

Functions

IPKIFCryptoRaw * GetPlatformCryptoRaw (void)

IPKIFCryptoMisc * GetPlatformCryptoMisc (void)

IPKIFColleaguePtr MakeDefaultKeyIDColleague (void)

IPKIFColleaguePtr MakeDefaultRawColleague (void)

void ShutdownCrypto (void)

std::string GetCurrentNSSDBDir (void)

bool IsNSSDBInitialized (void)

CPKIFBufferPtr WrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFKeyMaterialPtr &key, const IPKIFCryptoRawOperations *crypto)

CPKIFKeyMaterialPtr UnwrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFBufferPtr &key, const IPKIFCryptoRawOperations *crypto)

Function Documentation

std::string GetCurrentNSSDBDir ( void )

Interface: External

This function returns the path to NSS DB directory

Returns:: std::string containing the path to the NSS DB directory. IsNSSDBInitialized() should be called first to determine if the database was initialized.

Definition at line 179 of file PKIFPlatformCryptUtils.cpp.

References CPKIFNSSDatabase::GetDBDir(), and CPKIFNSSDatabase::GetInstance().

Referenced by SaveCryptoComponents(), and SaveStorageAndRetrievalComponents().

IPKIFCryptoMisc* GetPlatformCryptoMisc ( void )

Interface: Subsystem

Get a statically allocated instance of the platform's default raw crypto interface. Must not be freed by caller. Should be used rather than allocating a specific instance of IPKIFCAPIRaw or IPKIFNSSRaw on the stack to avoid platform dependency.

Returns:: Pointer to a statically allocated IPKIFCryptoMisc interface

Definition at line 85 of file PKIFPlatformCryptUtils.cpp.

References CPKIFCryptoPPRaw::Initialize().

Referenced by CertReferenceMatchesCertificate(), GetThumbprint(), GetThumbprintForSubjectAndIssuerPair(), CPKIFMessageImprint::HashAndSet(), HashBuffer(), OcspResponseCoversCertificate(), CPKIFESSCertId::SetCertificate(), and VerifyCertificateWithCryptoPP().

IPKIFCryptoRaw* GetPlatformCryptoRaw ( void )

Interface: Subsystem

Get a statically allocated instance of the platform's default raw crypto interface. Must not be freed by caller. Should be used rather than allocating a specific instance of IPKIFCAPIRaw or IPKIFNSSRaw on the stack to avoid platform dependency.

Returns:: Pointer to a statically allocated IPKIFCryptoRaw interface

Definition at line 66 of file PKIFPlatformCryptUtils.cpp.

References CPKIFCryptoPPRaw::Initialize().

Referenced by CheckKIDsAndSignatures(), CPKIFCertificate::IsSelfSigned(), CPKIFDefaultScoring::ScoreAndSortNodes(), UnwrapSymmKey(), and WrapSymmKey().

bool IsNSSDBInitialized ( void )

Interface: External

This function returns the path to NSS DB directory

Returns:: True if DB has been initialized false otherwise

Definition at line 193 of file PKIFPlatformCryptUtils.cpp.

References CPKIFNSSDatabase::IsInitialized().

Referenced by SaveCryptoComponents(), and SaveStorageAndRetrievalComponents().

IPKIFColleaguePtr MakeDefaultKeyIDColleague ( void )

Interface: Subsystem

Get a newly allocated platform-default KeyID colleague (suitable for MakeDefaultMediator()). Must be freed by caller.

Returns:: Pointer to IPKIFCryptoKeyID colleague

Definition at line 103 of file PKIFPlatformCryptUtils.cpp.

References CPKIFBCryptGuard::IsCNGAvailable().

Referenced by CPKIFCryptoMediator2::InitializeMediator().

IPKIFColleaguePtr MakeDefaultRawColleague ( void )

Interface: Subsystem

Get a newly allocated platform-default Raw colleague (suitable for MakeDefaultMediator()). Must be freed by caller.

Returns:: Pointer to IPKIFCryptoRaw colleague

Definition at line 129 of file PKIFPlatformCryptUtils.cpp.

References CPKIFBCryptGuard::IsCNGAvailable().

Referenced by CPKIFCryptoMediator2::InitializeMediator().

void ShutdownCrypto ( void )

Interface: Subsystem

This function shuts down nss crypto

Returns:: None

Definition at line 154 of file PKIFPlatformCryptUtils.cpp.

References CPKIFNSSDatabase::GetInstance(), CPKIFNSSPasswordStorage::SetUserCallback(), and CPKIFNSSDatabase::Shutdown().

Referenced by FreeDefaultMediator(), and FreeDefaultMediatorNSS().

CPKIFKeyMaterialPtr UnwrapSymmKey	(	const CPKIFKeyMaterialPtr &	kek,
		const CPKIFBufferPtr &	key,
		const IPKIFCryptoRawOperations *	crypto
	)

Interface: External

Unwrapp a key that has been wrapped with the supplied KEK.

Currently, this supports only AES key wrap as needed for suite B. Other algorithms may be supported in the future.

If the KEK has no IV set, the default from RFC 3394 will be used: A6A6A6A6A6A6A6A6

If a different IV is set in the KEK, that will be used instead.

The IV will be checked prior to returning the key material pointer

Returns:: a key material object with the unwrapped key. caller is responsible for setting the algorithm, mode, IV, etc., as we don't have that information here.

Parameters:

kek	[IN] kek which will be used to encrypt the inbound key.
key	[IN] key to be unwrapped
crypto	[IN] (optional) mediator set (or single colleague) that supports the algorithm

Definition at line 350 of file PKIFPlatformCryptUtils.cpp.

References CPKIFAlgorithm::BlockSize(), COMMON_INVALID_INPUT, CPKIFKeyMaterial::CreateWithSymmetricKey(), CRYPTO_ALG_NOT_SUPPORTED, IPKIFCryptoRawOperations::Decrypt(), g_aes128Wrap, g_aes192Wrap, g_aes256Wrap, CPKIFAlgorithm::GetAlg(), GetPlatformCryptoRaw(), CPKIFAlgorithm::OID(), PKIFZero(), CPKIFAlgorithm::SymkeyAlg(), CPKIFAlgorithm::SymkeyMode(), and TOOLKIT_CRYPTO_MISC.

CPKIFBufferPtr WrapSymmKey	(	const CPKIFKeyMaterialPtr &	kek,
		const CPKIFKeyMaterialPtr &	key,
		const IPKIFCryptoRawOperations *	crypto
	)

Interface: External

Wrap a key using the specified KEK and algorithm.

Currently, this supports only AES key wrap as needed for suite B. Other algorithms may be supported in the future.

If the KEK has no IV set, the default from RFC 3394 will be used: A6A6A6A6A6A6A6A6

If a different IV is set in the KEK, that will be used instead.

Returns:: a buffer containing an encrypted key

Parameters:

kek	[IN] kek which will be used to encrypt the inbound key.
key	[IN] key to be wrapped
crypto	[IN] (optional) mediator set (or single colleague) that supports the algorithm

Definition at line 213 of file PKIFPlatformCryptUtils.cpp.

References CPKIFAlgorithm::BlockSize(), COMMON_INVALID_INPUT, CPKIFKeyMaterial::CreateWithSymmetricKey(), CRYPTO_ALG_NOT_SUPPORTED, IPKIFCryptoRawOperations::Encrypt(), g_aes128Wrap, g_aes192Wrap, g_aes256Wrap, CPKIFAlgorithm::GetAlg(), GetPlatformCryptoRaw(), CPKIFAlgorithm::OID(), PKIFZero(), IPKIFCryptoAlgSupport::SupportsAlgorithm(), CPKIFAlgorithm::SymkeyAlg(), CPKIFAlgorithm::SymkeyMode(), and TOOLKIT_CRYPTO_MISC.


Functions
IPKIFCryptoRaw *	GetPlatformCryptoRaw (void)
IPKIFCryptoMisc *	GetPlatformCryptoMisc (void)
IPKIFColleaguePtr	MakeDefaultKeyIDColleague (void)
IPKIFColleaguePtr	MakeDefaultRawColleague (void)
void	ShutdownCrypto (void)
std::string	GetCurrentNSSDBDir (void)
bool	IsNSSDBInitialized (void)
CPKIFBufferPtr	WrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFKeyMaterialPtr &key, const IPKIFCryptoRawOperations *crypto)
CPKIFKeyMaterialPtr	UnwrapSymmKey (const CPKIFKeyMaterialPtr &kek, const CPKIFBufferPtr &key, const IPKIFCryptoRawOperations *crypto)