5 #include <certificate-impl.h>
6 #include <ckm/ckm-type.h>
8 #include <openssl/evp.h>
9 #include <openssl/obj_mac.h>
10 #include <openssl/ec.h>
11 #include <openssl/dsa.h>
12 #include <openssl/dh.h>
13 #include <openssl/rsa.h>
14 #include <openssl/bio.h>
15 #include <openssl/rand.h>
16 #include <openssl/crypto.h>
17 #include <openssl/err.h>
18 #include <dpl/exception.h>
20 #define DEV_HW_RANDOM_FILE "/dev/hwrng"
21 #define DEV_URANDOM_FILE "/dev/urandom"
23 #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
24 #define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
26 #define CKM_CRYPTO_CREATEKEY_SUCCESS 2
27 #define CKM_VERIFY_CHAIN_SUCCESS 5
28 #define NOT_DEFINED -1
32 // typedef std::vector<unsigned char> RawData; this must be defined in common header.
33 // This is internal api so all functions should throw exception on errors.
37 virtual ~CryptoService();
41 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
42 DECLARE_EXCEPTION_TYPE(Base, Crypto_internal);
43 DECLARE_EXCEPTION_TYPE(Base, opensslError);
46 // During initialization, FIPS_MODE and the antropy source are set.
47 // And system certificates are loaded in the memory during initialization.
48 // FIPS_MODE - ON, OFF(Default)
49 // antropy source - /dev/random,/dev/urandom(Default)
50 static void initialize();
52 static int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
53 KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
54 KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
56 static int createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
57 KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
58 KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
60 static int createKeyPairECDSA(ElipticCurve type1,
61 KeyImpl &createdPrivateKey, // returned value
62 KeyImpl &createdPublicKey); // returned value
64 int createSignature(const KeyImpl &privateKey,
65 const RawBuffer &message,
66 const HashAlgorithm hashAlgo,
67 const RSAPaddingAlgorithm padAlgo,
68 RawBuffer &signature);
70 int verifySignature(const KeyImpl &publicKey,
71 const RawBuffer &message,
72 const RawBuffer &signature,
73 const HashAlgorithm hashAlgo,
74 const RSAPaddingAlgorithm padAlgo);
78 const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo);
79 int getRsaPadding(const RSAPaddingAlgorithm padAlgo);
81 int signMessage(EVP_PKEY *privKey,
82 const RawBuffer &message,
83 const int rsa_padding,
84 RawBuffer &signature);
85 int digestSignMessage(EVP_PKEY *privKey,
86 const RawBuffer &message,
87 const EVP_MD *md_algo,
88 const int rsa_padding,
89 RawBuffer &signature);
91 int verifyMessage(EVP_PKEY *pubKey,
92 const RawBuffer &message,
93 const RawBuffer &signature,
94 const int rsa_padding);
95 int digestVerifyMessage(EVP_PKEY *pubKey,
96 const RawBuffer &message,
97 const RawBuffer &signature,
98 const EVP_MD *md_algo,
99 const int rsa_padding);