5 #include <client-key-impl.h>
6 #include <client-certificate-impl.h>
7 #include <ckm/key-manager.h>
8 #include <ckm/ckm-type.h>
10 #include <openssl/evp.h>
11 #include <openssl/obj_mac.h>
12 #include <openssl/ec.h>
13 #include <openssl/dsa.h>
14 #include <openssl/dh.h>
15 #include <openssl/rsa.h>
16 #include <openssl/bio.h>
17 #include <openssl/rand.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
21 #define DEV_RANDOM_FILE "/dev/random"
23 #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
24 #define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
26 #define CKM_CRYPTO_CTX_ERROR 2
27 #define CKM_CRYPTO_PKEYINIT_ERROR 3
28 #define CKM_CRYPTO_PKEYSET_ERROR 4
29 #define CKM_CRYPTO_PKEYGEN_ERROR 5
30 #define CKM_CRYPTO_CREATEKEY_SUCCESS 6
31 #define CKM_CRYPTO_KEYGEN_ERROR 7
32 #define CKM_SIG_GEN_ERROR 8
33 #define CKM_CRYPTO_NOT_SUPPORT_ALGO_ERROR 9
34 #define CKM_SIG_VERIFY_OPER_ERROR 10
35 #define CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE 11
36 #define CKM_CRYPTO_INIT_ERROR 12
37 #define CKM_CRYPTO_INIT_SUCCESS 13
41 // typedef std::vector<unsigned char> RawData; this must be defined in common header.
42 // This is internal api so all functions should throw exception on errors.
46 virtual ~CryptoService();
48 // During initialization, FIPS_MODE and the antropy source are set.
49 // And system certificates are loaded in the memory during initialization.
50 // FIPS_MODE - ON, OFF(Default)
51 // antropy source - /dev/random,/dev/urandom(Default)
52 static int initalize();
54 int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
55 KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
56 KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
58 int createKeyPairECDSA(const Key::ECType type1,
59 KeyImpl &createdPrivateKey, // returned value
60 KeyImpl &createdPublicKey); // returned value
62 int createSignature(const KeyImpl &privateKey,
63 const RawBuffer &message,
64 const HashAlgorithm hashAlgo,
65 const RSAPaddingAlgorithm padAlgo,
66 RawBuffer &signature);
68 int verifySignature(const KeyImpl &publicKey,
69 const RawBuffer &message,
70 const RawBuffer &signature,
71 const HashAlgorithm hashAlgo,
72 const RSAPaddingAlgorithm padAlgo);
74 int verifyCertificateChain(const CertificateImpl &certificate,
75 const CertificateImplVector &untrustedCertificates,
76 const CertificateImplVector &userTrustedCertificates,
77 CertificateImplVector &certificateChainVector);