CPKIFCryptoPP Class Reference

#include <PKIFCryptoPP.h>

Inheritance diagram for CPKIFCryptoPP:

Inheritance graph
[legend]
Collaboration diagram for CPKIFCryptoPP:

Collaboration graph
[legend]

List of all members.

Detailed Description

Applications do not typically operate directly on colleague objects. Information provided in this section is intended for developers exercising this class with non-default constructor parameters or creating custom colleagues that implement similar functionality.

This colleague class provides a PKIF interface to crypto++ functionality for stored key operations.

TSP-enforcing: No

Definition at line 33 of file PKIFCryptoPP.h.


Public Types

enum  { thisComponent = TOOLKIT_CRYPTO_CRYPTOPP }

Public Member Functions

 CPKIFCryptoPP ()
virtual ~CPKIFCryptoPP (void)
void Initialize ()
void GetKeyList (CPKIFCredentialList &v, std::bitset< 9 > *=NULL)
void GetKeyList (CPKIFCredentialList &v, CPKIFKeyUsagePtr &ku)
bool OwnsKey (const CPKIFCredential &keyID) const
CPKIFCredentialPtr MakeKeyID (const std::string &asciiHexKeyID)
void Sign (const CPKIFCredential &key, unsigned char *pHashData, int nHashDataLen, unsigned char *pSignature, int *nSignatureLen, PKIFCRYPTO::HASH_ALG ha)
void Decrypt (const CPKIFCredential &key, unsigned char *pData, int nDataLen, unsigned char *pResult, int *pnResultLen)
void Encrypt (const CPKIFCredential &key, unsigned char *pData, int nDataLen, unsigned char *pResult, int *pnResultLen)
bool Verify (const CPKIFCredential &key, unsigned char *pHashData, int nHashDataLen, unsigned char *pSignature, int nSignatureLen, PKIFCRYPTO::HASH_ALG ha)
IPKIFCryptContextCryptInit (CPKIFCredentialPtr &key, bool pad=true)
void Decrypt (IPKIFCryptContext *cryptContext, unsigned char *pData, int nDataLen, unsigned char *pResult, int *pnResultLen, bool final)
void Encrypt (IPKIFCryptContext *cryptContext, unsigned char *pData, int nDataLen, unsigned char *pResult, int *pnResultLen, bool final)
virtual IPKIFKeyAgreeContextPtr SecretAgree (CPKIFCredentialPtr &myPrivateKey, const CPKIFCertificatePtr &theirCert, const CPKIFAlgorithm *alg)
virtual IPKIFKeyAgreeContextPtr SecretAgree (CPKIFCredentialPtr &myPrivateKey, const CPKIFBufferPtr &theirPublicKey, const CPKIFAlgorithm *alg)
virtual IPKIFKeyAgreeContextPtr SecretAgree (const CPKIFCredentialPtr &myPrivateKey, CPKIFCredentialPtr &ephemeralKeyPair, const CPKIFCertificatePtr &theirCert, const CPKIFAlgorithm *alg)
virtual IPKIFKeyAgreeContextPtr SecretAgree (const CPKIFCredentialPtr &myPrivateKey, CPKIFCredentialPtr &ephemeralKeyPair, const CPKIFBufferPtr &theirPublicKey, const CPKIFAlgorithm *alg)
virtual IPKIFKeyAgreeContextPtr SecretAgree (const CPKIFCredentialPtr &myPrivateKey, const CPKIFBufferPtr &ephemeralPublicKey, const CPKIFCertificatePtr &theirCert, const CPKIFAlgorithm *alg)
virtual IPKIFKeyAgreeContextPtr SecretAgree (const CPKIFCredentialPtr &myPrivateKey, const CPKIFBufferPtr &ephemeralPublicKey, const CPKIFBufferPtr &theirPublicKey, const CPKIFAlgorithm *alg)
virtual CPKIFKeyMaterialPtr DeriveKey (const IPKIFKeyAgreeContextPtr &context, unsigned long keyLen)

Member Enumeration Documentation

anonymous enum

Enumerator:
thisComponent 

Definition at line 81 of file PKIFCryptoPP.h.

Constructor & Destructor Documentation

CPKIFCryptoPP::CPKIFCryptoPP (  ) 

Interface: External

This function creates CPKIFCryptoPP objects. As with all colleague objects, a call to Initialize is necessary before using instances of this class, i.e. construction and initialization requires two steps.

Returns:
None

Definition at line 85 of file PKIFCryptoPP.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_CRYPTOPP.

CPKIFCryptoPP::~CPKIFCryptoPP ( void   )  [virtual]

Interface: External

This function destroys CPKIFCryptoPP objects.

Returns:
None

Definition at line 97 of file PKIFCryptoPP.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_CRYPTOPP.

Member Function Documentation

void CPKIFCryptoPP::Initialize ( void   )  [virtual]

Interface: External

This function initializes an instance of CPKIFCryptoPP for use.

If NSS has not been initialized using the appropriate database directory an exception is thrown.

Returns:
None

Reimplemented from IPKIFColleague.

Definition at line 115 of file PKIFCryptoPP.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_CRYPTOPP.

void CPKIFCryptoPP::GetKeyList ( CPKIFCredentialList v,
std::bitset< 9 > *  ku = NULL 
) [virtual]

Interface: External

This function returns a list of available credentials. The returned list is scoped by the ku parameter passed to this function. Credentials must match at least one of the key usage bits identified by the ku parameter.

The crypto++ colleague does not store keys and therefore can't support this.

Returns:
None
Parameters:
v  [out] Reference to a list of CPKIFCredential objects
ku  [in] Pointer to a bitset indicating the types of keys to return

Implements IPKIFCryptoKeyIDOperations.

Definition at line 149 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, and TOOLKIT_CRYPTO_CRYPTOPP.

void CPKIFCryptoPP::GetKeyList ( CPKIFCredentialList v,
CPKIFKeyUsagePtr &  ku 
) [virtual]

Interface: External

This function returns a list of available credentials. The returned list is scoped by the ku parameter passed to this function. Credentials must match at least one of the key usage bits identified by the ku parameter.

The crypto++ colleague does not store keys and therefore can't support this.

Returns:
None
Parameters:
v  [out] Reference to a list of CPKIFCredential objects
ku  [in] Areference to a smart pointer to a CPKIFKeyUsage object indicating the types of keys to return

Implements IPKIFCryptoKeyIDOperations.

Definition at line 130 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, and TOOLKIT_CRYPTO_CRYPTOPP.

bool CPKIFCryptoPP::OwnsKey ( const CPKIFCredential keyID  )  const [virtual]

Interface: External

This function is not typically invoked by applications. Mediators use this function to determine if a specific colleague is associated with a given credential prior to invoking a operation on the colleague using the credential.

Returns:
This function returns true if the credential passed via the keyID parameter is compatible with an instance of CPKIFCryptoPP.
Parameters:
keyID  [in] Reference to a smart pointer to a CPKIFCredential object to check

Implements IPKIFCryptoKeyManagement.

Definition at line 167 of file PKIFCryptoPP.cpp.

References LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_CRYPTOPP.

CPKIFCredentialPtr CPKIFCryptoPP::MakeKeyID ( const std::string &  asciiHexKeyID  )  [virtual]

Interface: External

The crypto++ colleague does not support this

Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
asciiHexKeyID  [in] Reference to a std::string object containing a NULL-terminated ASCII hexadecimal representation of a key identifier

Implements IPKIFCryptoKeyManagement.

Definition at line 184 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, LOG_STRING_DEBUG, and TOOLKIT_CRYPTO_CRYPTOPP.

void CPKIFCryptoPP::Sign ( const CPKIFCredential key,
unsigned char *  pHashData,
int  nHashDataLen,
unsigned char *  pSignature,
int *  nSignatureLen,
PKIFCRYPTO::HASH_ALG  ha 
) [virtual]

Interface: External

PKIF was designed to function with common access cards. No support has been provided for signature generation using raw key material.

This function takes a reference to a credential object.

All Sign functions assume the data passed is a hash of the data to be signed, i.e. these functions perform no hashing.

This function may generate an exception containing one of the following error codes CRYPTO_SIGN_FAILED, CRYPTO_UNRECOGNIZED_CREDENTIALD, and COMMON_INVALID_INPUT.

Returns:
None
Exceptions:
CPKIFCryptoException(CRYPTO_SIGN_FAILED) 
CPKIFCryptoException(CRYPTO_UNRECOGNIZED_CREDENTIAL) 
CPKIFCryptoException(COMMON_INVALID_INPUT) 
Parameters:
key  [in] Reference to a CPKIFCredential object containing key material to use for signature generation
pHashData  [in] Pointer to a buffer containing the message digest to sign
nHashDataLen  [in] Integer indicating the length of the buffer passed via the pHashData parameter
pSignature  [out] Pointer to a buffer to receive the generated digital signature
nSignatureLen  [in/out] Pointer to a integer used to pass the size of the pSignature buffer to Sign and to return the size of the generated signature from Sign
ha  [in] the hash algorithm used to calculate the message digest

Implements IPKIFCryptoKeyIDOperations.

Definition at line 212 of file PKIFCryptoPP.cpp.

References CPKIFAlgorithm::AsymkeyAlg(), COMMON_INVALID_INPUT, CRYPTO_UNRECOGNIZED_CREDENTIAL, PKIFCRYPTO::DSS, PKIFCRYPTO::ECC, CPKIFCryptoPPCredential::GetAlgorithm(), LOG_STRING_DEBUG, CPKIFCryptoPPCredential::m_keyBuf, PKIFCRYPTO::MD5, NewEDAccumulator(), PKIF_CRYPTOPP_UNSUPPORTED_ALG, RAISE_CRYPTO_EXCEPTION, PKIFCRYPTO::RSA, PKIFCRYPTO::SHA1, PKIFCRYPTO::SHA256, PKIFCRYPTO::SHA384, PKIFCRYPTO::SHA512, thisComponent, and TOOLKIT_CRYPTO_CRYPTOPP.

void CPKIFCryptoPP::Decrypt ( const CPKIFCredential key,
unsigned char *  pData,
int  nDataLen,
unsigned char *  pResult,
int *  pnResultLen 
) [virtual]

Interface: External

This function performs decryption using asymmetric key material.

The crypto++ colleague does not support this

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
key  [in] Reference to a CPKIFCredential object associated with the key material to use when decrypting the data
pData  [in] Pointer to a buffer containing ciphertext to decrypt
nDataLen  [in] Integer indicating the size of the buffer passed via the pData parameter
pResult  [out] Pointer to a buffer to receive the decrypted data
pnResultLen  [in/out] Pointer to an integer used to pass the size of the pResult parameter to Decrypt and to return the size of the decrypted data from

Implements IPKIFCryptoKeyIDOperations.

Definition at line 345 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, CRYPTO_UNRECOGNIZED_CREDENTIAL, LOG_STRING_DEBUG, RAISE_CRYPTO_EXCEPTION, thisComponent, and TOOLKIT_CRYPTO_CRYPTOPP.

void CPKIFCryptoPP::Encrypt ( const CPKIFCredential key,
unsigned char *  pData,
int  nDataLen,
unsigned char *  pResult,
int *  pnResultLen 
) [virtual]

Interface: External

This function performs encryption using asymmetric key material.

ENCRYPTION IS UNIMPLEMENTED FOR STORED KEY MATERIAL!

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
key  [in] Reference to a CPKIFCredential object associated with the key material to use when encrypting the data
pData  [in] Pointer to a buffer containing plaintext to encrypt
nDataLen  [in] Integer indicating the size of the buffer passed via the pData parameter
pResult  [out] Pointer to a buffer to receive the encrypted data
pnResultLen  [in/out] Pointer to an integer used to pass the size of the pResult parameter to Encrypt and to return the size of the encrypted data from Encrypt

Implements IPKIFCryptoKeyIDOperations.

Definition at line 380 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, RAISE_CRYPTO_EXCEPTION, and thisComponent.

bool CPKIFCryptoPP::Verify ( const CPKIFCredential key,
unsigned char *  pHashData,
int  nHashDataLen,
unsigned char *  pSignature,
int  nSignatureLen,
PKIFCRYPTO::HASH_ALG  ha 
) [virtual]

Interface: External

This function verifies a digital signature over the given data using the public key from the specified credential. All Verify functions assume the data passed is a hash of the data to be verified, i.e. this function perform no hashing.

VERIFICATION IS UNIMPLEMENTED FOR STORED KEY MATERIAL.

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
key  [in] Reference to a CPKIFCredential object associated with the key material to use when verifying the signature
pHashData  [in] Pointer to a buffer containing the message digest that was signed to produce the signature conveyed via the pSignature parameter
nHashDataLen  [in] Integer indicating the length of the value passed via the pHashData parameter
pSignature  [in] Pointer to a buffer containing the signature to verify
nSignatureLen  [in] Integer indicating the size of the value passed via the pSignature parameter
ha  [in] Hash algorithm used to calculate the message digest

Implements IPKIFCryptoKeyIDOperations.

Definition at line 409 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, RAISE_CRYPTO_EXCEPTION, and thisComponent.

IPKIFCryptContext * CPKIFCryptoPP::CryptInit ( CPKIFCredentialPtr &  key,
bool  pad = true 
) [virtual]

Interface: External

This function is used to prepare a crypt context object with presented key material. The crypt context object may then be passed to operations that perform cryptographic operations using the key material. This function is typically used to prepare for operations on large amounts of data.

CONTEXT-BASED OPERATIONS ARE UNIMPLEMENTED FOR NSS STORED KEY MATERIAL!

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
key  [in] Reference to a smart pointer to a CPKIFCredential object associated with stored key material to use for a cryptographic operation
pad  [in] Boolean value indicating if padding will be applied

Implements IPKIFCryptoKeyIDOperations.

Definition at line 442 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, RAISE_CRYPTO_EXCEPTION, and thisComponent.

void CPKIFCryptoPP::Decrypt ( IPKIFCryptContext cryptContext,
unsigned char *  pData,
int  nDataLen,
unsigned char *  pResult,
int *  pnResultLen,
bool  final 
) [virtual]

Interface: External

This function performs decryption using asymmetric key material. This function takes a crypto context and can be used when operating on large blocks of data.

CONTEXT-BASED DECRYPTION IS UNIMPLEMENTED FOR STORED KEY MATERIAL!

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 
Parameters:
cryptContext  [in] Pointer to an IPKIFCryptContext object created via a call to CryptInit and containing the key material to use when decrypting the data
pData  [in] Pointer to a buffer containing ciphertext to decrypt
nDataLen  [in] Integer indicating the size of the buffer passed via the pData parameter
pResult  [out] Pointer to a buffer to receive the decrypted data
pnResultLen  [in/out] Pointer to an integer used to pass the size of the pResult parameter to Decrypt and to return the size of the decrypted data from
final  [in] Boolean that indicates if more data will be passed via a subsequent call to Decrypt (false if more data will be passed and true if this is the final call to Decrypt for this ciphertext)

Implements IPKIFCryptoKeyIDOperations.

Definition at line 464 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, RAISE_CRYPTO_EXCEPTION, and thisComponent.

void CPKIFCryptoPP::Encrypt ( IPKIFCryptContext cryptContext,
unsigned char *  pData,
int  nDataLen,
unsigned char *  pResult,
int *  pnResultLen,
bool  final 
) [virtual]

Interface: External

This function performs encryption using asymmetric key material. This function takes a crypto context and can be used when operating on large blocks of data.

ENCRYPTION IS UNIMPLEMENTED FOR STORED KEY MATERIAL!

Returns:
None
Exceptions:
CPKIFCryptoException(COMMON_NOT_IMPLEMENTED) 

Implements IPKIFCryptoKeyIDOperations.

Definition at line 495 of file PKIFCryptoPP.cpp.

References COMMON_NOT_IMPLEMENTED, RAISE_CRYPTO_EXCEPTION, and thisComponent.

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( CPKIFCredentialPtr &  myPrivateKey,
const CPKIFCertificatePtr &  theirCert,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using an unauthenticated key agreement scheme such as ECDH. It operates in both ephemeral-static mode and static-static mode.

If myPrivateKey is an invalid smart pointer, an ephemeral keypair will be generated and handed to the pointer.

If myPrivateKey is supplied, it must share appropriate domain parameters for the key agreement scheme specified.

Returns:
None
Parameters:
myPrivateKey  [IN/OUT] A key pair used for the key agreement operation. If this is NULL one will be generated using parameters from the other party's key
theirCert  [IN] A certificate containing the other party's public key.
alg  [IN] A pointer to the CPKIFAlgorithm object describing the agreement scheme

Implements IPKIFCryptoKeyAgree.

Definition at line 547 of file PKIFCryptoPP.cpp.

Referenced by SecretAgree().

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( CPKIFCredentialPtr &  myPrivateKey,
const CPKIFBufferPtr &  theirPublicKey,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using an unauthenticated key agreement scheme such as ECDH. It operates in both ephemeral-static mode and static-static mode.

If myPrivateKey is an invalid smart pointer, an ephemeral keypair will be generated and handed to the pointer.

if myPrivateKey is supplied, it must share appropriate domain parameters for the key agreement scheme specified.

If no private key is supplied, theirPublicKey must point to an encoded subjectPublicKeyInfo structure containing parameters used for key generation. If a private key is supplied, theirPublicKey must contain only the public key bitstring extracted from that structure.

Returns:
None
Parameters:
myPrivateKey  [IN/OUT] A key pair used for the key agreement operation. If this is NULL one will be generated using parameters from the other party's key
theirPublicKey  [IN] A buffer containing the other party's public key. This must be a fully populated, encoded subjectPublicKeyInfo structure if myPrivateKey is NULL.
alg  [IN] A pointer to the CPKIFAlgorithm object describing the agreement scheme

Implements IPKIFCryptoKeyAgree.

Definition at line 583 of file PKIFCryptoPP.cpp.

References COMMON_UNKNOWN_ERROR, CRYPTO_UNRECOGNIZED_CREDENTIAL, PKIFCRYPTO::ECC, g_ecdh_std_sha256kdf, g_ecdh_std_sha384kdf, CPKIFAlgorithm::GetAlg(), GetEncodedPublicKey(), GetPrivateExponent(), CPKIFAlgorithm::OID(), PKIF_CRYPTOPP_INVALID_KEY_AGREEMENT, PKIF_CRYPTOPP_UNSUPPORTED_ALG, RAISE_CRYPTO_EXCEPTION, CPKIFCryptoPPCredential::SetPrivateKey(), and thisComponent.

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( const CPKIFCredentialPtr &  myPrivateKey,
CPKIFCredentialPtr &  ephemeralKeyPair,
const CPKIFCertificatePtr &  theirCert,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using a one pass authenticated key agreement scheme such as ECMQV. This variant is called by the originator. Since this is only for one-pass schemes, there is no recipient ephemeral keypair.

If ephemeralKeyPair is not supplied, it will be generated and returned to the caller for possible re-use or additional encoding.

myPrivateKey, ephemeralKeyPair and theirCert must all share domain parameters for alg.

Returns:
None
Parameters:
myPrivateKey  [IN] originator's static keypair
ephemeralKeyPair  [IN/OUT] originator's ephemeral keypair
theirCert  [IN] a certificate containing the recipient's public key
alg  [IN] a pointer to a CPKIFAlgorithm object describing the key agreement scheme to use

Implements IPKIFCryptoKeyAgree.

Definition at line 703 of file PKIFCryptoPP.cpp.

References SecretAgree().

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( const CPKIFCredentialPtr &  myPrivateKey,
CPKIFCredentialPtr &  ephemeralKeyPair,
const CPKIFBufferPtr &  theirPublicKey,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using a one pass authenticated key agreement scheme such as ECMQV. This variant is called by the originator. Since this is only for one-pass schemes, there is no recipient ephemeral keypair.

If ephemeralKeyPair is not supplied, it will be generated and returned to the caller for possible re-use or additional encoding.

myPrivateKey, ephemeralKeyPair and theirPublicKey must all share domain parameters for alg.

theirPublicKey must be a buffer containing a bitstring which represents their key (extracted from a subjectPublicKeyInfo structure)

Returns:
None
Parameters:
myPrivateKey  [IN] originator's static keypair
ephemeralKeyPair  [IN/OUT] originator's ephemeral keypair
theirPublicKey  [IN] a buffer containing the recipient's public key
alg  [IN] a pointer to a CPKIFAlgorithm object describing the key agreement scheme to use

Implements IPKIFCryptoKeyAgree.

Definition at line 737 of file PKIFCryptoPP.cpp.

References CRYPTO_ALG_NOT_SUPPORTED, CRYPTO_UNRECOGNIZED_CREDENTIAL, g_ecmqv_sha1kdf, GetEncodedPublicKey(), GetPrivateExponent(), CPKIFAlgorithm::OID(), PKIF_CRYPTOPP_INVALID_KEY_AGREEMENT, RAISE_CRYPTO_EXCEPTION, CPKIFCryptoPPCredential::SetAlgorithm(), CPKIFCryptoPPCredential::SetPrivateKey(), and thisComponent.

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( const CPKIFCredentialPtr &  myPrivateKey,
const CPKIFBufferPtr &  ephemeralPublicKey,
const CPKIFCertificatePtr &  theirCert,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using a one pass authenticated key agreement scheme such as ECMQV. This variant is called by the recipient. Since this is only for one-pass schemes, there is no recipient ephemeral keypair.

ephemeralPublicKey must be a buffer containing a bitstring which corresponds the ephemeral private key used by the originator. As domain parameters will be taken from the recipient's static keypair, this MUST NOT be a full subjectPublicKeyInfo structure

myPrivateKey, ephemeralPublicKey and theirPublicKey must all share domain parameters for alg.

Returns:
None
Parameters:
myPrivateKey  [IN] recipient's keypair
ephemeralPublicKey  [IN] ephemeral public key corresponding to the ephemeral private key used by the originator
theirCert  [IN] a certificate containing the originator's static public key
alg  [IN] a pointer to a CPKIFAlgorithm object describing the key agreement scheme and KDF

Implements IPKIFCryptoKeyAgree.

Definition at line 874 of file PKIFCryptoPP.cpp.

References SecretAgree().

IPKIFKeyAgreeContextPtr CPKIFCryptoPP::SecretAgree ( const CPKIFCredentialPtr &  myPrivateKey,
const CPKIFBufferPtr &  ephemeralPublicKey,
const CPKIFBufferPtr &  theirPublicKey,
const CPKIFAlgorithm alg 
) [virtual]

Interface: External

This function is used to agree on a shared secret using a one pass authenticated key agreement scheme such as ECMQV. This variant is called by the recipient. Since this is only for one-pass schemes, there is no recipient ephemeral keypair.

ephemeralPublicKey must be a buffer containing a bitstring which corresponds the ephemeral private key used by the originator. As domain parameters will be taken from the recipient's static keypair, this MUST NOT be a full subjectPublicKeyInfo structure

myPrivateKey, ephemeralPublicKey and theirPublicKey must all share domain parameters for alg.

theirPublicKey must be a buffer containing a bitstring which represents their key (extracted from a subjectPublicKeyInfo structure)

Returns:
None
Parameters:
myPrivateKey  [IN] recipient's keypair
ephemeralPublicKey  [IN] ephemeral public key corresponding to the ephemeral private key used by the originator
theirPublicKey  [IN] a certificate containing the originator's static public key
alg  [IN] a pointer to a CPKIFAlgorithm object describing the key agreement scheme to use

Implements IPKIFCryptoKeyAgree.

Definition at line 908 of file PKIFCryptoPP.cpp.

References CRYPTO_ALG_NOT_SUPPORTED, CRYPTO_UNRECOGNIZED_CREDENTIAL, g_ecmqv_sha1kdf, GetEncodedPublicKey(), GetPrivateExponent(), CPKIFAlgorithm::OID(), PKIF_CRYPTOPP_INVALID_KEY_AGREEMENT, RAISE_CRYPTO_EXCEPTION, and thisComponent.

CPKIFKeyMaterialPtr CPKIFCryptoPP::DeriveKey ( const IPKIFKeyAgreeContextPtr &  context,
unsigned long  keyLen 
) [virtual]

Interface: External

This function is used to derive a key from an agreed-upon secret and other shared info dictated by a protocol. The context maintains both the secret and the shared info.

This is the simplified implementation from RFC 5008.

Returns:
CPKIFKeyMaterialPtr to the key derived from information in context
Parameters:
context  [IN] context from SecretAgree()
keyLen  [IN] lentth of key to derive

Implements IPKIFCryptoKeyAgree.

Definition at line 1000 of file PKIFCryptoPP.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, CPKIFAlgorithm::DigestSize(), g_ecdh_std_sha256kdf, g_ecdh_std_sha384kdf, CPKIFAlgorithm::HashAlg(), CPKIFAlgorithm::OID(), RAISE_CRYPTO_EXCEPTION, PKIFCRYPTO::SHA256, PKIFCRYPTO::SHA384, thisComponent, and TOOLKIT_CRYPTO.

The documentation for this class was generated from the following files:
Generated on Mon Nov 15 11:20:11 2010 for PublicKeyInfrastructureFramework(PKIF) by  doxygen 1.5.6