/usr/include/xsec/enc/NSS/NSSCryptoKeyRSA.hpp is in libxml-security-c-dev 1.7.3-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 | /**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/*
* XSEC
*
* NSSCryptoKeyRSA := NSS implementation of RSA Keys
*
* Author(s): Milan Tomic
*
*/
#ifndef NSSCRYPTOKEYRSA_INCLUDE
#define NSSCRYPTOKEYRSA_INCLUDE
#include <xsec/enc/XSECCryptoKeyRSA.hpp>
#if defined (XSEC_HAVE_NSS)
#include <pk11func.h>
#include <keyhi.h>
#include <nss.h>
class NSSCryptoProvider;
/**
* \ingroup nsscrypto
* @{
*/
/**
* \brief NSS implementation of the interface class for RSA keys.
*
* The library uses classes derived from this to process RSA keys.
*/
class DSIG_EXPORT NSSCryptoKeyRSA : public XSECCryptoKeyRSA {
public :
/** @name Constructors and Destructors */
//@{
/**
* \brief Create an RSA key
*
* @param pubkey A handle to the public key (optional)
* @param privkey A handle to the private key (optional)
*/
NSSCryptoKeyRSA(SECKEYPublicKey * pubkey = NULL, SECKEYPrivateKey * privkey = NULL);
virtual ~NSSCryptoKeyRSA();
//@}
/** @name Key Interface methods */
//@{
/**
* \brief Return the type of this key.
*
* For RSA keys, this allows people to determine whether this is a
* public key, private key or a key pair
*/
virtual XSECCryptoKey::KeyType getKeyType() const;
/**
* \brief Return the NSS identifier string
*/
virtual const XMLCh * getProviderName() const {return DSIGConstants::s_unicodeStrPROVNSS;}
/**
* \brief Replicate key
*/
virtual XSECCryptoKey * clone() const;
//@}
/** @name Mandatory RSA interface methods
*
* These classes are required by the library.
*/
//@{
/**
* \brief Set the OAEPparams string
*
* By default, the library expects crypto implementations to perform
* OAEP padding with no params. This call allows the library (or user)
* to set a params value prior to an encrypt/decrypt operation.
*
* @param params buffer containing the params data. Pass in NULL to clear any
* old paramters.
* @param paramsLen number of bytes in buffer to use. Pass in 0 to clear any
* old parameters.
* @note NSS do not support the ability to set OAEP parameters, so this will
* throw an XSECCryptoException::UnsupportedError, unless the passed in
* paramters are NULL and 0 (to clear).
*/
virtual void setOAEPparams(unsigned char * params, unsigned int paramsLen);
/**
* \brief Get OAEPparams Length
*
* @returns the number of bytes of the OAEPparams buffer (assuming it has been set)
* @note NSS do not support the ability to set OAEP parameters, so this will always
* return 0
*/
virtual unsigned int getOAEPparamsLen(void) const;
/**
* \brief Get the OAEPparams
*
* @returns a pointer to the (crypto object owned) buffer holding the OAEPparams
* or NULL if no params are held
* @note NSS do not support the ability to set OAEP parameters, so this will always
* return NULL
*/
virtual const unsigned char * getOAEPparams(void) const;
/**
* \brief Set the MGF
*
* By default, the library expects crypto implementations to perform
* OAEP padding with MGF_SHA1. This call allows the library (or user)
* to set a different choice.
*
* @param mgf the MGF constant identifying the function to use
*/
virtual void setMGF(maskGenerationFunc mgf);
/**
* \brief Get the MGF
*
* @returns the MGF constant in use
*/
virtual enum maskGenerationFunc getMGF(void) const;
/**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
* The standard by default uses SHA1 in a PKCS1 encoding.
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Length of the data in the digest buffer
* @param base64Signature Buffer containing the Base64 encoded signature
* @param sigLen Length of the data in the signature buffer
* @param hm The hash method that was used to create the hash that is being
* passed in
* @returns true if the signature was valid, false otherwise
*/
virtual bool verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf,
unsigned int hashLen,
const char * base64Signature,
unsigned int sigLen,
hashMethod hm);
/**
* \brief Create a signature
*
* The library will call this function to create a signature from
* a pre-calculated digest. The output signature will
* be Base64 encoded such that it can be placed directly into the
* XML document
*
* @param hashBuf Buffer containing the pre-calculated (binary) digest
* @param hashLen Number of bytes of hash in the hashBuf
* @param base64SignatureBuf Buffer to place the base64 encoded result
* in.
* @param base64SignatureBufLen Implementations need to ensure they do
* not write more bytes than this into the buffer
* @param hm Hash Method used in order to embed correct OID for sig
*/
virtual unsigned int signSHA1PKCS1Base64Signature(unsigned char * hashBuf,
unsigned int hashLen,
char * base64SignatureBuf,
unsigned int base64SignatureBufLen,
hashMethod hm);
/**
* \brief Decrypt using private key
*
* The library will call this function to decrypt a piece of cipher
* text using the private component of this key.
*
* @param inBuf cipher text to decrypt
* @param plainBuf output buffer for decrypted bytes
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hm Hash Method for OAEP encryption (OAEPParams should be
* set using setOAEPparams()
*/
virtual unsigned int privateDecrypt(const unsigned char * inBuf,
unsigned char * plainBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
hashMethod hm);
/**
* \brief Encrypt using a public key
*
* The library will call this function to encrypt a plain text buffer
* using the public component of this key.
*
* @param inBuf plain text to decrypt
* @param cipherBuf output buffer for decrypted bytes
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hm Hash Method for OAEP encryption (OAEPParams should be
* set using setOAEPparams()
*/
virtual unsigned int publicEncrypt(const unsigned char * inBuf,
unsigned char * cipherBuf,
unsigned int inLength,
unsigned int maxOutLength,
PaddingType padding,
hashMethod hm);
/**
* \brief Obtain the length of an RSA key
*
* @returns The length of the rsa key (in bytes)
*/
virtual unsigned int getLength(void) const;
//@}
/** @name Optional Interface methods
*
* Have been implemented to allow interoperability testing
*/
//@{
/**
* \brief Load the modulus
*
* Load the modulus from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicModulusBase64BigNums(const char * b64, unsigned int len);
/**
* \brief Load the exponent
*
* Load the exponent from a Base64 encoded string
*
* param b64 A buffer containing the encoded string
* param len The length of the data in the buffer
*/
virtual void loadPublicExponentBase64BigNums(const char * b64, unsigned int len);
//@}
/** @name NSS Specific Functions */
//@{
/**
* \brief Retrieve the exponent
*
* Retrieves the exponent in ds:CryptoBinary encoded format
*
* @param b64 Buffer to place encoded exponent into
* @param len Maximum number of bytes to place in buffer
* @returns The number of bytes placed in the buffer
*/
unsigned int getExponentBase64BigNums(char * b64, unsigned int len);
/**
* \brief Retrieve the modulus
*
* Retrieves the modulus in ds:CryptoBinary encoded format
*
* @param b64 Buffer to place the encoded modulus into
* @param len Maximum number of bytes to place in buffer
* @returns The number of bytes placed in the buffer
*/
unsigned int getModulusBase64BigNums(char * b64, unsigned int len);
//@}
private:
SECKEYPublicKey * mp_pubkey;
SECKEYPrivateKey * mp_privkey;
SECItem * mp_modulus;
SECItem * mp_exponent;
// Instruct to import from parameters
void importKey(void);
void loadParamsFromKey(void);
};
#endif /* XSEC_HAVE_NSS */
#endif /* NSSCRYPTOKEYRSA_INCLUDE */
|