src/manager/service/CryptoService.h

   1 #pragma once
   2
   3 #include <iostream>
   4 #include <generic-key.h>
   5 #include <certificate-impl.h>
   6 #include <ckm/ckm-type.h>
   7 #include <vector>
   8 #include <openssl/evp.h>
   9 #include <openssl/obj_mac.h>
  10 #include <openssl/ec.h>
  11 #include <openssl/dsa.h>
  12 #include <openssl/dh.h>
  13 #include <openssl/rsa.h>
  14 #include <openssl/bio.h>
  15 #include <openssl/rand.h>
  16 #include <openssl/crypto.h>
  17 #include <openssl/err.h>
  18 #include <dpl/exception.h>
  19
  20 #define DEV_HW_RANDOM_FILE      "/dev/hwrng"
  21 #define DEV_URANDOM_FILE        "/dev/urandom"
  22
  23 #define EVP_SUCCESS     1       // DO NOTCHANGE THIS VALUE
  24 #define EVP_FAIL        0       // DO NOTCHANGE THIS VALUE
  25
  26 #define CKM_CRYPTO_INIT_SUCCESS 1
  27 #define CKM_CRYPTO_CREATEKEY_SUCCESS 2
  28 #define CKM_CREATE_SIGNATURE_SUCCESS 3
  29 #define CKM_VERIFY_SIGNATURE_SUCCESS 4
  30 #define CKM_VERIFY_CHAIN_SUCCESS 5
  31 #define NOT_DEFINED -1
  32
  33 namespace CKM {
  34
  35  // typedef std::vector<unsigned char> RawData; this must be defined in common header.
  36  // This is internal api so all functions should throw exception on errors.
  37 class CryptoService {
  38  public:
  39      CryptoService();
  40      virtual ~CryptoService();
  41
  42      class Exception {
  43         public:
  44              DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
  45                  DECLARE_EXCEPTION_TYPE(Base, Crypto_internal);
  46              DECLARE_EXCEPTION_TYPE(Base, opensslError);
  47      };
  48
  49      // During initialization, FIPS_MODE and the antropy source are set.
  50      // And system certificates are loaded in the memory during initialization.
  51      //    FIPS_MODE - ON, OFF(Default)
  52      //    antropy source - /dev/random,/dev/urandom(Default)
  53      static int initialize();
  54
  55      static int createKeyPairRSA(const int size,      // size in bits [1024, 2048, 4096]
  56                          GenericKey &createdPrivateKey,  // returned value ==> Key &createdPrivateKey,
  57                          GenericKey &createdPublicKey);  // returned value ==> Key &createdPublicKey
  58
  59      static int createKeyPairECDSA(ElipticCurve type1,
  60                                          GenericKey &createdPrivateKey,  // returned value
  61                                          GenericKey &createdPublicKey);  // returned value
  62
  63      int createSignature(const GenericKey &privateKey,
  64                          const RawBuffer &message,
  65                          const HashAlgorithm hashAlgo,
  66                          const RSAPaddingAlgorithm padAlgo,
  67                          RawBuffer &signature);
  68
  69      int verifySignature(const GenericKey &publicKey,
  70                          const RawBuffer &message,
  71                          const RawBuffer &signature,
  72                          const HashAlgorithm hashAlgo,
  73                          const RSAPaddingAlgorithm padAlgo);
  74
  75      int verifyCertificateChain(const CertificateImpl &certificate,
  76                             const CertificateImplVector &untrustedCertificates,
  77                             const CertificateImplVector &userTrustedCertificates,
  78                            CertificateImplVector &certificateChainVector);
  79
  80  private:
  81      std::vector<X509 *> verifyCertChain(X509 *cert,
  82                      std::vector<X509 *> &trustedCerts,
  83                      std::vector<X509 *> &userTrustedCerts,
  84                      std::vector<X509 *> &untrustedchain);
  85
  86     bool hasValidCAFlag(std::vector<X509 *> &certChain);
  87 };
  88 }
  89
  90