PKIFXSECCryptoSymmetricKey.cpp

Go to the documentation of this file.

#include "PKIFXSECCrypto.h"
#include "PKIFXSECCryptoSymmetricKey.h"
#include "PKIFXSECCryptoKeyRaw.h"

#include "PKIFAlgorithm.h"

#include <xsec/utils/XSECPlatformUtils.hpp>
struct PKIFXSECCryptoSymmetricKeyImpl
{
    IPKIFCryptoRawOperations * m_raw; //WEAK
    IPKIFRawCryptContext * m_ctx;
    XSECCryptoSymmetricKey::SymmetricKeyType m_kt;
    bool m_bIVSent;
};

XSECCryptoSymmetricKey::SymmetricKeyType getXSECKeyType(PKIFCRYPTO::SYMKEY_ALG alg)
{
    switch(alg) {
        case PKIFCRYPTO::TDES:
            return XSECCryptoSymmetricKey::KEY_3DES_192;
            break;
        case PKIFCRYPTO::AES128:
            return XSECCryptoSymmetricKey::KEY_AES_128;
            break;
        case PKIFCRYPTO::AES192:
            return XSECCryptoSymmetricKey::KEY_AES_192;
            break;
        case PKIFCRYPTO::AES256:
            return XSECCryptoSymmetricKey::KEY_AES_256;
            break;
    }
    // default: but without compiler warnings
    return XSECCryptoSymmetricKey::KEY_NONE;
}
PKIFCRYPTO::SYMKEY_ALG getPKIFKeyType(XSECCryptoSymmetricKey::SymmetricKeyType alg)
{
    switch(alg) {
        case XSECCryptoSymmetricKey::KEY_3DES_192:
            return PKIFCRYPTO::TDES;
            break;
        case XSECCryptoSymmetricKey::KEY_AES_128:
            return PKIFCRYPTO::AES128;
            break;
        case XSECCryptoSymmetricKey::KEY_AES_192:
            return PKIFCRYPTO::AES192;
            break;
        case XSECCryptoSymmetricKey::KEY_AES_256:
            return PKIFCRYPTO::AES256;
            break;
    }
    // the library's default, in case we somehow got the NONE type
    return PKIFCRYPTO::AES128;
}

PKIFCRYPTO::SYMKEY_MODE getPKIFMode(XSECCryptoSymmetricKey::SymmetricKeyMode mode)
{
    switch(mode) {
        case XSECCryptoSymmetricKey::MODE_CBC:
            return PKIFCRYPTO::CBC;
            break;
        case XSECCryptoSymmetricKey::MODE_ECB:
            return PKIFCRYPTO::ECB;
            break;
    }
    // default: but without compiler warnings
    return PKIFCRYPTO::ECB;
}

PKIFXSECCryptoSymmetricKey::PKIFXSECCryptoSymmetricKey()
:m_rawKey(new PKIFXSECCryptoKeyRaw()),m_impl(new PKIFXSECCryptoSymmetricKeyImpl)
{
    m_impl->m_raw = 0;
    m_impl->m_ctx = 0;
    m_impl->m_bIVSent = false;
}

PKIFXSECCryptoSymmetricKey::PKIFXSECCryptoSymmetricKey(
    IPKIFCryptoRawOperations * raw)
:m_rawKey(new PKIFXSECCryptoKeyRaw()), m_impl(new PKIFXSECCryptoSymmetricKeyImpl)
{
    m_impl->m_raw = raw;
    m_impl->m_ctx = 0;
    m_impl->m_bIVSent = false;
}

PKIFXSECCryptoSymmetricKey::~PKIFXSECCryptoSymmetricKey()
{
    if(m_rawKey) {
        delete m_rawKey;
        m_rawKey = 0;
    }
    if(m_impl) {
        // don't free the mediator. we don't own it
        delete m_impl;
        m_impl = 0;
    }
}

XSECCryptoKey * PKIFXSECCryptoSymmetricKey::clone() const
{
    CPKIFKeyMaterialPtr kp = m_rawKey->getPKIFKeyMaterial();
    PKIFXSECCryptoSymmetricKey * rv = new PKIFXSECCryptoSymmetricKey(m_impl->m_raw);
    rv->setPKIFKeyMaterial(kp);
    // XXX *** !!! should the context be cloned too?
    return rv;
}

void PKIFXSECCryptoSymmetricKey::setKey(
    const unsigned char * inBuf,
    unsigned int inLength)
{
    m_rawKey->setKey(inBuf,inLength);
    m_rawKey->getPKIFKeyMaterial()->SetSymmetricKeyAlgorithm(getPKIFKeyType(m_impl->m_kt));
}

unsigned int PKIFXSECCryptoSymmetricKey::getKey(
    safeBuffer &outBuf)
{
    return m_rawKey->getKey(outBuf);
}

CPKIFKeyMaterialPtr PKIFXSECCryptoSymmetricKey::getPKIFKeyMaterial()
{
    return m_rawKey->getPKIFKeyMaterial();
}

void PKIFXSECCryptoSymmetricKey::setPKIFKeyMaterial(
    CPKIFKeyMaterialPtr & km)
{
    m_rawKey->setPKIFKeyMaterial(km);
}

const XMLCh * PKIFXSECCryptoSymmetricKey::getProviderName() const
{
    return m_rawKey->getProviderName();
}

XSECCryptoSymmetricKey::SymmetricKeyType PKIFXSECCryptoSymmetricKey::getSymmetricKeyType() const
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return XSECCryptoSymmetricKey::KEY_NONE;
    return getXSECKeyType(m_rawKey->getPKIFKeyMaterial()->GetSymmetricKeyAlgorithm());
}

void PKIFXSECCryptoSymmetricKey::setSymmetricType(XSECCryptoSymmetricKey::SymmetricKeyType type)
{
    m_impl->m_kt = type;
}

bool PKIFXSECCryptoSymmetricKey::decryptInit(
    bool doPad,
    SymmetricKeyMode mode,
    const unsigned char * iv)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return false;
    if(XSECCryptoSymmetricKey::MODE_NONE == mode) return false;
    if(!m_impl->m_raw) return false;
    PKIFCRYPTO::SYMKEY_MODE pkifMode = getPKIFMode(mode);
    CPKIFKeyMaterialPtr km = m_rawKey->getPKIFKeyMaterial();
    km->SetMode(pkifMode);
    if(iv) {
        CPKIFAlgorithm * alg = CPKIFAlgorithm::GetAlg(km->GetSymmetricKeyAlgorithm(),pkifMode);
        if(!alg) return false;
        km->SetIV(iv,alg->BlockSize());
    }
    if(m_impl->m_ctx) {
        delete m_impl->m_ctx;
        m_impl->m_ctx = 0;
    }
    // API change means the real init needs to be done later
    //m_impl->m_ctx = m_impl->m_raw->CryptInit(*km);
    //return (m_impl->m_ctx != 0);
    return true;
}

unsigned int PKIFXSECCryptoSymmetricKey::decrypt(
    const unsigned char * inBuf,
    unsigned char * plainBuf,
    unsigned int inLength,
    unsigned int maxOutLength)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return 0;
    // Due to API change, this context will no longer ever be set up by now.
    //if(!m_impl->m_ctx) return 0;
    CPKIFKeyMaterialPtr km = m_rawKey->getPKIFKeyMaterial();
    unsigned int processedLength = 0;
    unsigned char * ctCurr = const_cast<unsigned char *>(inBuf);
    // the only mode supported by both PKIF and xsec that requires an IV is CBC.
    // if xsec didn't pass it in before, it'll be the first block
    CPKIFAlgorithm * alg = CPKIFAlgorithm::GetAlg(km->GetSymmetricKeyAlgorithm(),km->GetMode());
    if(!alg) return 0;
    if(inLength < alg->BlockSize()) return 0;
    if(alg->NeedsIV() && !km->GetIV()) {
        km->SetIV(inBuf,alg->BlockSize());
        processedLength += alg->BlockSize();
        ctCurr += alg->BlockSize();
    }
    int outLen = maxOutLength;
    if(!m_impl->m_ctx) m_impl->m_ctx = m_impl->m_raw->CryptInit(*km);
    if(!m_impl->m_ctx) return 0;
    m_impl->m_raw->Decrypt(m_impl->m_ctx,ctCurr,inLength - processedLength,plainBuf,&outLen,false);
    return outLen;
}
unsigned int PKIFXSECCryptoSymmetricKey::decryptFinish(
    unsigned char * plainBuf,
    unsigned int maxOutLength)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return false;
    if(!m_impl->m_ctx) return false;
    int outLen = maxOutLength;
    m_impl->m_raw->Decrypt(m_impl->m_ctx,0,0,plainBuf,&outLen,true);
    return outLen;
}

bool PKIFXSECCryptoSymmetricKey::encryptInit(
    bool doPad,
    SymmetricKeyMode mode,
    const unsigned char * iv)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return false;
    if(XSECCryptoSymmetricKey::MODE_NONE == mode) return false;
    if(!m_impl->m_raw) return false;
    PKIFCRYPTO::SYMKEY_MODE pkifMode = getPKIFMode(mode);
    CPKIFKeyMaterialPtr km = m_rawKey->getPKIFKeyMaterial();
    km->SetMode(pkifMode);
    CPKIFAlgorithm * alg = CPKIFAlgorithm::GetAlg(km->GetSymmetricKeyAlgorithm(),pkifMode);
    if(!alg) return false;
    if(iv) {
        km->SetIV(iv,alg->BlockSize());
    
    } else if(!iv && alg->NeedsIV()) {
        PKIFXSECCrypto * cp = dynamic_cast<PKIFXSECCrypto *>(XSECPlatformUtils::g_cryptoProvider);
        if(!cp) return false;
        int ivLen = alg->BlockSize();
        unsigned char * ivBuf = new unsigned char[ivLen];
        cp->getRandom(ivBuf,ivLen);
        km->SetIV(ivBuf,ivLen);
        delete[] ivBuf;
    }
    if(m_impl->m_ctx) {
        delete m_impl->m_ctx;
        m_impl->m_ctx = 0;
    }
    m_impl->m_ctx = m_impl->m_raw->CryptInit(*km);
    return (m_impl->m_ctx != 0);
}

unsigned int PKIFXSECCryptoSymmetricKey::encrypt(
    const unsigned char * inBuf,
    unsigned char * cipherBuf,
    unsigned int inLength,
    unsigned int maxOutLength)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return 0;
    if(!m_impl->m_ctx) return 0;
    CPKIFKeyMaterialPtr km = m_rawKey->getPKIFKeyMaterial();
    unsigned int processedLength = 0;
    
    // the only mode supported by both PKIF and xsec that requires an IV is CBC.
    // if xsec didn't pass it in before, it'll be the first block
    CPKIFAlgorithm * alg = CPKIFAlgorithm::GetAlg(km->GetSymmetricKeyAlgorithm(),km->GetMode());
    if(!alg) return 0;
    if(inLength < alg->BlockSize()) return 0;
    if(alg->NeedsIV() && !m_impl->m_bIVSent) {
        memcpy(cipherBuf,km->GetIV(),alg->BlockSize());
        processedLength += alg->BlockSize();
        m_impl->m_bIVSent = true;
    }
    
    int outLen = maxOutLength - processedLength;
    unsigned char * ptBuf = const_cast<unsigned char *>(inBuf);
    m_impl->m_raw->Encrypt(m_impl->m_ctx,ptBuf,inLength,cipherBuf+processedLength,&outLen,false);
    processedLength += outLen;
    return processedLength;
}

unsigned int PKIFXSECCryptoSymmetricKey::encryptFinish(
    unsigned char * plainBuf,
    unsigned int maxOutLength)
{
    if(!m_rawKey || !m_rawKey->getPKIFKeyMaterial()) return false;
    if(!m_impl->m_ctx) return false;
    int outLen = maxOutLength;
    m_impl->m_raw->Encrypt(m_impl->m_ctx,0,0,plainBuf,&outLen,true);
    return outLen;
}