5 #include <certificate-impl.h>
6 #include <ckm/ckm-type.h>
8 #include <openssl/evp.h>
9 #include <openssl/obj_mac.h>
10 #include <openssl/ec.h>
11 #include <openssl/dsa.h>
12 #include <openssl/dh.h>
13 #include <openssl/rsa.h>
14 #include <openssl/bio.h>
15 #include <openssl/rand.h>
16 #include <openssl/crypto.h>
17 #include <openssl/err.h>
18 #include <dpl/exception.h>
20 #define DEV_HW_RANDOM_FILE "/dev/hwrng"
21 #define DEV_URANDOM_FILE "/dev/urandom"
23 #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
24 #define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
26 #define CKM_CRYPTO_INIT_SUCCESS 1
27 #define CKM_CRYPTO_CREATEKEY_SUCCESS 2
28 #define CKM_VERIFY_CHAIN_SUCCESS 5
29 #define NOT_DEFINED -1
35 // typedef std::vector<unsigned char> RawData; this must be defined in common header.
36 // This is internal api so all functions should throw exception on errors.
40 virtual ~CryptoService();
44 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
45 DECLARE_EXCEPTION_TYPE(Base, Crypto_internal);
46 DECLARE_EXCEPTION_TYPE(Base, opensslError);
49 // During initialization, FIPS_MODE and the antropy source are set.
50 // And system certificates are loaded in the memory during initialization.
51 // FIPS_MODE - ON, OFF(Default)
52 // antropy source - /dev/random,/dev/urandom(Default)
53 static int initialize();
55 static int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
56 KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
57 KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
59 static int createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
60 KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
61 KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
63 static int createKeyPairECDSA(ElipticCurve type1,
64 KeyImpl &createdPrivateKey, // returned value
65 KeyImpl &createdPublicKey); // returned value
67 int createSignature(const KeyImpl &privateKey,
68 const RawBuffer &message,
69 const HashAlgorithm hashAlgo,
70 const RSAPaddingAlgorithm padAlgo,
71 RawBuffer &signature);
73 int verifySignature(const KeyImpl &publicKey,
74 const RawBuffer &message,
75 const RawBuffer &signature,
76 const HashAlgorithm hashAlgo,
77 const RSAPaddingAlgorithm padAlgo);
81 const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo);
82 int getRsaPadding(const RSAPaddingAlgorithm padAlgo);
84 int signMessage(EVP_PKEY *privKey,
85 const RawBuffer &message,
86 const int rsa_padding,
87 RawBuffer &signature);
88 int digestSignMessage(EVP_PKEY *privKey,
89 const RawBuffer &message,
90 const EVP_MD *md_algo,
91 const int rsa_padding,
92 RawBuffer &signature);
94 int verifyMessage(EVP_PKEY *pubKey,
95 const RawBuffer &message,
96 const RawBuffer &signature,
97 const int rsa_padding);
98 int digestVerifyMessage(EVP_PKEY *pubKey,
99 const RawBuffer &message,
100 const RawBuffer &signature,
101 const EVP_MD *md_algo,
102 const int rsa_padding);
106 } // namespace Crypto