diff -r 675a964f4eb5 -r 35751d3474b7 crypto/weakcryptospi/inc/asymmetric.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/crypto/weakcryptospi/inc/asymmetric.h Thu Sep 10 14:01:51 2009 +0300 @@ -0,0 +1,782 @@ +/* +* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* ** IMPORTANT ** API's in this file are published to 3rd party developers via the +* Symbian website. Changes to these API's should be treated as PublishedAll API changes and the Security TA should be consulted. +* Asymmetric crypto implementation +* +*/ + + +/** + @file + @publishedAll + @released +*/ + +#ifndef __ASYMMETRIC_H__ +#define __ASYMMETRIC_H__ + +#include +#include +#include +#include + +// All the classes in this file have their default constructors and +// assignment operators defined private, but not implemented, in order to +// prevent their use. + +/** +* Mixin class defining common operations for public key encryption and +* decryption classes. +* +*/ +class MCryptoSystem + { +public: + /** + * Gets the maximum size of input accepted by this object. + * + * @return The maximum input length allowed in bytes. + */ + virtual TInt MaxInputLength(void) const = 0; + + /** + * Gets the maximum size of output that can be generated by this object. + * + * @return The maximum output length in bytes. + */ + virtual TInt MaxOutputLength(void) const = 0; +protected: + /** + * Constructor + */ + IMPORT_C MCryptoSystem(void); +private: + MCryptoSystem(const MCryptoSystem&); + MCryptoSystem& operator=(const MCryptoSystem&); + }; + +/** +* Abstract base class for all public key encryptors. +* +*/ +class CEncryptor : public CBase, public MCryptoSystem + { +public: + /** + * Encrypts the specified plaintext into ciphertext. + * + * @param aInput The plaintext + * @param aOutput On return, the ciphertext + * + * @panic KCryptoPanic If the input data is too long. + * See ECryptoPanicInputTooLarge + * @panic KCryptoPanic If the supplied output descriptor is not large enough to store the result. + * See ECryptoPanicOutputDescriptorOverflow + */ + virtual void EncryptL(const TDesC8& aInput, TDes8& aOutput) const = 0; +protected: + /** Default constructor */ + IMPORT_C CEncryptor(void); +private: + CEncryptor(const CEncryptor&); + CEncryptor& operator=(const CEncryptor&); + }; + +/** +* Abstract base class for all public key decryptors. +* +*/ +class CDecryptor : public CBase, public MCryptoSystem + { +public: + /** + * Decrypts the specified ciphertext into plaintext + * + * @param aInput The ciphertext to be decrypted + * @param aOutput On return, the plaintext + * + * @panic KCryptoPanic If the input data is too long. + * See ECryptoPanicInputTooLarge + * @panic KCryptoPanic If the supplied output descriptor is not large enough to store the result. + * See ECryptoPanicOutputDescriptorOverflow + */ + virtual void DecryptL(const TDesC8& aInput, TDes8& aOutput) const = 0; +protected: + /** Default constructor */ + IMPORT_C CDecryptor(void); +private: + CDecryptor(const CDecryptor&); + CDecryptor& operator=(const CDecryptor&); + }; + +/** +* Implementation of RSA encryption as described in PKCS#1 v1.5. +* +*/ +class CRSAPKCS1v15Encryptor : public CEncryptor + { +public: + /** + * Creates a new RSA encryptor object using PKCS#1 v1.5 padding. + * + * @param aKey The RSA encryption key + * @return A pointer to a new CRSAPKCS1v15Encryptor object + * + * @leave KErrKeyNotWeakEnough If the key size is larger than that allowed by the + * cipher strength restrictions of the crypto library. + * See TCrypto::IsAsymmetricWeakEnoughL() + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Encryptor* NewL(const CRSAPublicKey& aKey); + + /** + * Creates a new RSA encryptor object using PKCS#1 v1.5 padding. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The RSA encryption key + * @return A pointer to a new CRSAPKCS1v15Encryptor object + * + * @leave KErrKeyNotWeakEnough If the key size is larger than that allowed by the + * cipher strength restrictions of the crypto library. + * See TCrypto::IsAsymmetricWeakEnoughL() + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Encryptor* NewLC(const CRSAPublicKey& aKey); + void EncryptL(const TDesC8& aInput, TDes8& aOutput) const; + TInt MaxInputLength(void) const; + TInt MaxOutputLength(void) const; + /** The destructor frees all resources owned by the object, prior to its destruction. */ + virtual ~CRSAPKCS1v15Encryptor(void); +protected: + /** @internalAll */ + CRSAPKCS1v15Encryptor(const CRSAPublicKey& aKey); + /** @internalAll */ + void ConstructL(void); +protected: + /** The RSA public key */ + const CRSAPublicKey& iPublicKey; + /** The PKCS#1 v1.5 encryption padding */ + CPaddingPKCS1Encryption* iPadding; +private: + CRSAPKCS1v15Encryptor(const CRSAPKCS1v15Encryptor&); + CRSAPKCS1v15Encryptor& operator=(const CRSAPKCS1v15Encryptor&); + }; + +/** +* Implementation of RSA decryption as described in PKCS#1 v1.5. +* +*/ +class CRSAPKCS1v15Decryptor : public CDecryptor + { +public: + /** + * Creates a new RSA decryptor object using PKCS#1 v1.5 padding. + * + * @param aKey The RSA private key for decryption + * + * @leave KErrKeyNotWeakEnough If the key size is larger than that allowed by the + * cipher strength restrictions of the crypto library. + * See TCrypto::IsAsymmetricWeakEnoughL() + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Decryptor* NewL(const CRSAPrivateKey& aKey); + + /** + * Creates a new RSA decryptor object using PKCS#1 v1.5 padding + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The RSA private key for decryption + * + * @leave KErrKeyNotWeakEnough If the key size is larger than that allowed by the + * cipher strength restrictions of the crypto library. + * See TCrypto::IsAsymmetricWeakEnoughL() + * @leave KErrKeySize If the key length is too small + * @leave KErrNotSupported If the RSA private key is not a supported TRSAPrivateKeyType + */ + IMPORT_C static CRSAPKCS1v15Decryptor* NewLC(const CRSAPrivateKey& aKey); + void DecryptL(const TDesC8& aInput, TDes8& aOutput) const; + TInt MaxInputLength(void) const; + TInt MaxOutputLength(void) const; + /** The destructor frees all resources owned by the object, prior to its destruction. */ + virtual ~CRSAPKCS1v15Decryptor(void); +protected: + /** @internalAll */ + CRSAPKCS1v15Decryptor(const CRSAPrivateKey& aKey); + /** @internalAll */ + void ConstructL(void); +protected: + /** The RSA private key */ + const CRSAPrivateKey& iPrivateKey; + /** The PKCS#1 v1.5 encryption padding */ + CPaddingPKCS1Encryption* iPadding; +private: + CRSAPKCS1v15Decryptor(const CRSAPKCS1v15Decryptor&); + CRSAPKCS1v15Decryptor& operator=(const CRSAPKCS1v15Decryptor&); + }; + +/** +* Mixin class defining operations common to all public key signature systems. +* +*/ +class MSignatureSystem + { +public: + /** + * Gets the maximum size of input accepted by this object. + * + * @return The maximum length allowed in bytes + */ + virtual TInt MaxInputLength(void) const = 0; +protected: + /** Constructor */ + IMPORT_C MSignatureSystem(void); +private: + MSignatureSystem(const MSignatureSystem&); + MSignatureSystem& operator=(const MSignatureSystem&); + }; + +/** +* Abstract base class for all public key signers. +* +* The template parameter, CSignature, should be a class that encapsulates the +* concept of a digital signature. Derived signature classes must own their +* respective signatures (and hence be CBase derived). There are no other +* restrictions on the formation of the signature classes. +* +*/ +template class CSigner : public CBase, public MSignatureSystem + { +public: + /** + * Digitally signs the specified input message + * + * @param aInput The raw data to sign, typically a hash of the actual message + * @return A pointer to a new CSignature object + * + * @panic ECryptoPanicInputTooLarge If aInput is larger than MaxInputLength(), + * which is likely to happen if the caller + * has passed in something that has not been + * hashed. + */ + virtual CSignature* SignL(const TDesC8& aInput) const = 0; +protected: + /** @internalAll */ + CSigner(void); +private: + CSigner(const CSigner&); + CSigner& operator=(const CSigner&); + }; + +/** +* Abstract class for all public key verifiers. +* +* The template parameter, CSignature, should be a class that encapsulates the +* concept of a digital signature. Derived signature classes must own their +* respective signatures (and hence be CBase derived). There are no other +* restrictions on the formation of the signature classes. +* +*/ +template class CVerifier : public CBase, public MSignatureSystem + { +public: + /** + * Verifies the specified digital signature + * + * @param aInput The message digest that was originally signed + * @param aSignature The signature to be verified + * + * @return Whether the signature is the result of signing + * aInput with the supplied key + */ + virtual TBool VerifyL(const TDesC8& aInput, + const CSignature& aSignature) const = 0; +protected: + /** @internalAll */ + CVerifier(void); +private: + CVerifier(const CVerifier&); + CVerifier& operator=(const CVerifier&); + }; + +/* Template nastiness for CVerifier and CSigner in asymmetric.inl */ + +#include + +/** +* An encapsulation of a RSA signature. +* +*/ +class CRSASignature : public CBase + { +public: + /** + * Creates a new CRSASignature object from the integer value + * output of a previous RSA signing operation. + * + * @param aS The integer value output from a previous RSA signing operation + * @return A pointer to the new CRSASignature object. + */ + IMPORT_C static CRSASignature* NewL(RInteger& aS); + + /** + * Creates a new CRSASignature object from the integer value + * output of a previous RSA signing operation. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aS The integer value output from a previous RSA signing operation + * @return A pointer to the new CRSASignature object. + */ + IMPORT_C static CRSASignature* NewLC(RInteger& aS); + + /** + * Gets the integer value of the RSA signature + * + * @return The integer value of the RSA signature + */ + IMPORT_C const TInteger& S(void) const; + + /** + * Whether this RSASignature is identical to a specified RSASignature + * + * @param aSig The RSASignature for comparison + * @return ETrue, if the two signatures are identical; EFalse, otherwise. + */ + IMPORT_C TBool operator== (const CRSASignature& aSig) const; + + /** Destructor */ + /** The destructor frees all resources owned by the object, prior to its destruction. */ + IMPORT_C virtual ~CRSASignature(void); +protected: + /** + * Second phase constructor + * + * @see CRSASignature::NewL() + * + * @param aS The integer value output from a previous RSA signing operation + */ + IMPORT_C CRSASignature(RInteger& aS); + + /** Default constructor */ + IMPORT_C CRSASignature(void); +protected: + /** An integer value; the output from a previous RSA signing operation. */ + RInteger iS; +private: + CRSASignature(const CRSASignature&); + CRSASignature& operator=(const CRSASignature); + }; + +/** +* Abstract base class for all RSA Signers. +* +*/ +class CRSASigner : public CSigner + { +public: + /** + * Gets the maximum size of output that can be generated by this object. + * + * @return The maximum output length in bytes + */ + virtual TInt MaxOutputLength(void) const = 0; +protected: + /** Default constructor */ + IMPORT_C CRSASigner(void); +private: + CRSASigner(const CRSASigner&); + CRSASigner& operator=(const CRSASigner&); + }; + +/** +* Implementation of RSA signing as described in PKCS#1 v1.5. +* +* This class creates RSA signatures following the RSA PKCS#1 v1.5 standard (with +* the one caveat noted below) and using PKCS#1 v1.5 signature padding. The only +* exception is that the SignL() function simply performs a 'raw' PKCS#1 v1.5 sign +* operation on whatever it is given. It does not hash or in any way +* manipulate the input data before signing. +* +*/ +class CRSAPKCS1v15Signer : public CRSASigner + { +public: + /** + * Creates a new CRSAPKCS1v15Signer object from a specified RSA private key. + * + * @param aKey The RSA private key to be used for signing + * @return A pointer to the new CRSAPKCS1v15Signer object + * + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Signer* NewL(const CRSAPrivateKey& aKey); + + /** + * Creates a new CRSAPKCS1v15Signer object from a specified RSA private key. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The RSA private key to be used for signing + * @return A pointer to the new CRSAPKCS1v15Signer object + * + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Signer* NewLC(const CRSAPrivateKey& aKey); + /** + * Digitally signs the specified input message + * + * @param aInput The raw data to sign, typically a hash of the actual message + * @return A pointer to a new CSignature object + * + * @leave KErrNotSupported If the private key is not a supported TRSAPrivateKeyType + * @panic ECryptoPanicInputTooLarge If aInput is larger than MaxInputLength(), + * which is likely to happen if the caller + * has passed in something that has not been hashed. + */ + virtual CRSASignature* SignL(const TDesC8& aInput) const; + virtual TInt MaxInputLength(void) const; + virtual TInt MaxOutputLength(void) const; + /** The destructor frees all resources owned by the object, prior to its destruction. + * @internalAll */ + ~CRSAPKCS1v15Signer(void); +protected: + /** @internalAll */ + CRSAPKCS1v15Signer(const CRSAPrivateKey& aKey); + /** @internalAll */ + void ConstructL(void); +protected: + /** The RSA private key to be used for signing */ + const CRSAPrivateKey& iPrivateKey; + /** The PKCS#1 v1.5 signature padding */ + CPaddingPKCS1Signature* iPadding; +private: + CRSAPKCS1v15Signer(const CRSAPKCS1v15Signer&); + CRSAPKCS1v15Signer& operator=(const CRSAPKCS1v15Signer&); + }; + +/** +* Abstract base class for all RSA Verifiers. +* +*/ +class CRSAVerifier : public CVerifier + { +public: + /** + * Gets the maximum size of output that can be generated by this object. + * + * @return The maximum output length in bytes + */ + virtual TInt MaxOutputLength(void) const = 0; + + /** + * Performs a decryption operation on a signature using the public key. + * + * This is the inverse of the sign operation, which performs a encryption + * operation on its input data using the private key. Although this can be + * used to verify signatures, CRSAVerifier::VerifyL should be used in + * preference. This method is however required by some security protocols. + * + * @param aSignature The signature to be verified + * @return A pointer to a new buffer containing the result of the + * operation. The pointer is left on the cleanup stack. + */ + virtual HBufC8* InverseSignLC(const CRSASignature& aSignature) const = 0; + + IMPORT_C virtual TBool VerifyL(const TDesC8& aInput, + const CRSASignature& aSignature) const; +protected: + /** Default constructor */ + IMPORT_C CRSAVerifier(void); +private: + CRSAVerifier(const CRSAVerifier&); + CRSAVerifier& operator=(const CRSAVerifier&); + }; + +/** +* This class verifies RSA signatures given a message and its supposed +* signature. It follows the RSA PKCS#1 v1.5 with PKCS#1 v1.5 padding specification +* with the following exception: the VerifyL() function does not hash or +* in any way manipulate the input data before checking. Thus in order to verify +* RSA signatures in PKCS#1 v1.5 format, the input data needs to follow PKCS#1 v1.5 +* specification, i.e. be ASN.1 encoded and prefixed by ASN.1 encoded digestId. +* +*/ +class CRSAPKCS1v15Verifier : public CRSAVerifier + { +public: + /** + * Creates a new CRSAPKCS1v15Verifier object from a specified RSA public key. + * + * @param aKey The RSA public key to be used for verifying + * @return A pointer to the new CRSAPKCS1v15Verifier object + * + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Verifier* NewL(const CRSAPublicKey& aKey); + + /** + * Creates a new CRSAPKCS1v15Verifier object from a specified RSA public key. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The RSA public key to be used for verifying + * @return A pointer to the new CRSAPKCS1v15Verifier object + * + * @leave KErrKeySize If the key length is too small + */ + IMPORT_C static CRSAPKCS1v15Verifier* NewLC(const CRSAPublicKey& aKey); + virtual HBufC8* InverseSignLC(const CRSASignature& aSignature) const; + virtual TInt MaxInputLength(void) const; + virtual TInt MaxOutputLength(void) const; + /** The destructor frees all resources owned by the object, prior to its destruction. */ + virtual ~CRSAPKCS1v15Verifier(void); +protected: + /** @internalAll */ + CRSAPKCS1v15Verifier(const CRSAPublicKey& aKey); + /** @internalAll */ + void ConstructL(void); +protected: + /** The RSA public key to be used for verification */ + const CRSAPublicKey& iPublicKey; + /** The PKCS#1 v1.5 signature padding */ + CPaddingPKCS1Signature* iPadding; +private: + CRSAPKCS1v15Verifier(const CRSAPKCS1v15Verifier&); + CRSAPKCS1v15Verifier& operator=(const CRSAPKCS1v15Verifier&); + }; + +/** +* An encapsulation of a DSA signature. +* +*/ +class CDSASignature : public CBase + { +public: + /** + * Creates a new CDSASignature object from the specified R and S values. + * + * @param aR The DSA signature's R value + * @param aS The DSA signature's S value + * @return A pointer to the new CDSASignature object + */ + IMPORT_C static CDSASignature* NewL(RInteger& aR, RInteger& aS); + + /** + * Creates a new CDSASignature object from the specified R and S values. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aR The DSA signature's R value + * @param aS The DSA signature's S value + * @return A pointer to the new CDSASignature object + */ + IMPORT_C static CDSASignature* NewLC(RInteger& aR, RInteger& aS); + + /** + * Gets the DSA signature's R value + * + * @return The R value + */ + IMPORT_C const TInteger& R(void) const; + + /** + * Gets the DSA signature's S value + * + * @return The S value + */ + IMPORT_C const TInteger& S(void) const; + + /** + * Whether this DSASignature is identical to a specified DSASignature + * + * @param aSig The DSASignature for comparison + * @return ETrue, if the two signatures are identical; EFalse, otherwise. + */ + IMPORT_C TBool operator== (const CDSASignature& aSig) const; + + /** The destructor frees all resources owned by the object, prior to its destruction. */ + IMPORT_C virtual ~CDSASignature(void); +protected: + /** + * Protected constructor + * + * @param aR The DSA signature's R value + * @param aS The DSA signature's S value + */ + IMPORT_C CDSASignature(RInteger& aR, RInteger& aS); + + /** Default constructor */ + IMPORT_C CDSASignature(void); +protected: + /** The DSA signature's R value */ + RInteger iR; + /** The DSA signature's S value */ + RInteger iS; +private: + CDSASignature(const CDSASignature&); + CDSASignature& operator=(const CDSASignature&); + }; + +/** +* Implementation of DSA signing as specified in FIPS 186-2 change request 1. +* +*/ +class CDSASigner : public CSigner + { +public: + /** + * Creates a new CDSASigner object from a specified DSA private key. + * + * @param aKey The DSA private key to be used for signing + * @return A pointer to the new CDSASigner object + */ + IMPORT_C static CDSASigner* NewL(const CDSAPrivateKey& aKey); + + /** + * Creates a new CDSASigner object from a specified DSA private key. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The DSA private key to be used for signing + * @return A pointer to the new CDSASigner object + */ + IMPORT_C static CDSASigner* NewLC(const CDSAPrivateKey& aKey); + /** + * Digitally signs the specified input message + * + * Note that in order to be interoperable and compliant with the DSS, aInput + * must be the result of a SHA-1 hash. + * + * @param aInput A SHA-1 hash of the message to sign + * @return A pointer to a new CSignature object + * + * @panic ECryptoPanicInputTooLarge If aInput is larger than MaxInputLength(), + * which is likely to happen if the caller + * has passed in something that has not been hashed. + */ + virtual CDSASignature* SignL(const TDesC8& aInput) const; + virtual TInt MaxInputLength(void) const; +protected: + /** @internalAll */ + CDSASigner(const CDSAPrivateKey& aKey); +protected: + /** The DSA private key to be used for signing */ + const CDSAPrivateKey& iPrivateKey; +private: + CDSASigner(const CDSASigner&); + CDSASigner& operator=(const CDSASigner&); + }; + +/** +* Implementation of DSA signature verification as specified in FIPS 186-2 change +* request 1. +* +*/ +class CDSAVerifier : public CVerifier + { +public: + /** + * Creates a new CDSAVerifier object from a specified DSA public key. + * + * @param aKey The DSA public key to be used for verifying + * @return A pointer to the new CDSAVerifier object + */ + IMPORT_C static CDSAVerifier* NewL(const CDSAPublicKey& aKey); + + /** + * Creates a new CDSAVerifier object from a specified DSA public key. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aKey The DSA public key to be used for verifying + * @return A pointer to the new CDSAVerifier object + */ + IMPORT_C static CDSAVerifier* NewLC(const CDSAPublicKey& aKey); + /** + * Verifies the specified digital signature + * + * Note that in order to be interoperable and compliant with the DSS, aInput + * must be the result of a SHA-1 hash. + * + * @param aInput A SHA-1 hash of the received message + * @param aSignature The signature to be verified + * + * @return Whether the signature is the result of signing + * aInput with the supplied key + */ + virtual TBool VerifyL(const TDesC8& aInput, const CDSASignature& aSignature) const; + virtual TInt MaxInputLength(void) const; +protected: + /** @internalAll */ + CDSAVerifier(const CDSAPublicKey& aKey); +protected: + /** The DSA public key to be used for verification */ + const CDSAPublicKey& iPublicKey; +private: + CDSAVerifier(const CDSAVerifier&); + CDSAVerifier& operator=(const CDSAVerifier&); + }; + +/** +* Implementation of Diffie-Hellman key agreement as specified in PKCS#3. +* +*/ +class CDH : public CBase + { +public: + /** + * Creates a new CDH object from a specified DH private key. + * + * @param aPrivateKey The private key of this party + * @return A pointer to the new CDH object + */ + IMPORT_C static CDH* NewL(const CDHPrivateKey& aPrivateKey); + + /** + * Creates a new CDH object from a specified DH private key. + * + * The returned pointer is put onto the cleanup stack. + * + * @param aPrivateKey The private key of this party + * @return A pointer to the new CDH object + */ + IMPORT_C static CDH* NewLC(const CDHPrivateKey& aPrivateKey); + + /** + * Performs the key agreement operation. + * + * @param aPublicKey The public key of the other party + * @return The agreed key + */ + IMPORT_C HBufC8* AgreeL(const CDHPublicKey& aPublicKey) const; +protected: + /** + * Constructor + * + * @param aPrivateKey The DH private key + */ + IMPORT_C CDH(const CDHPrivateKey& aPrivateKey); +protected: + /** The DH private key */ + const CDHPrivateKey& iPrivateKey; +private: + CDH(const CDH&); + CDH& operator=(const CDH&); + }; + +#endif // __ASYMMETRIC_H__