#include <cKeyWrap.h>
|
| | cKeyWrap () |
| |
| | ~cKeyWrap () |
| |
| bool | isZeroKey () const |
| |
| void | SetZeroKey () |
| |
| SSL_SIG_TYPE | get_SSLSIGType () const |
| |
| HRESULT | InitKeyType (SSL_Key_TYPE eKeyType) |
| |
| cKeyECPPair * | get_ECPPair () const |
| |
| const char * | get_KeyTypeName () const |
| |
| size_t | get_KeySize () const |
| |
| bool | HasKeyType (SSL_Key_TYPE eKeyType) const noexcept |
| |
| SSL_Key_TYPE | get_KeyType () const |
| |
| HRESULT | GetKeyValues (cKeyBase::cValue *items) const |
| |
| HRESULT | ReadPrivateKey (const cMemBlock &key, const cMemBlock &password) |
| |
| HRESULT | ReadPublicKey (cASNReader &r) |
| |
| HRESULT | ReadPublicKey (const BYTE *pKey, size_t nSizeKey) |
| |
| HRESULT | ReadPrivateKeyFile (const FILECHAR_t *pszFilePath, const char *pszPassword) |
| |
| HRESULT | ReadPublicKeyFile (const FILECHAR_t *pszFilePath) |
| |
| HRESULT | WritePrivateKey (cASNWriterRev &wr) const |
| |
| HRESULT | WritePublicKey2 (cASNWriterRev &wr) const |
| |
| HRESULT | WritePublicPEM (char *pOut, StrLen_t size) const |
| |
| HRESULT | WritePrivatePEM (char *pOut, StrLen_t size) const |
| |
| HRESULT | WritePublicKey (cASNWriterRev &w) const |
| |
| HRESULT | CheckPublicPrivatePair (const cKeyWrap *pKeyPrivate) const |
| |
| HRESULT | VerifySignature (SSL_Hash_TYPE eHashType, const BYTE *pHash, size_t nSizeHash, const BYTE *pSig, size_t nSizeSig) const |
| |
| HRESULT | VerifySignatureExt (const cKeySigAlg &sigalg, const cKeyRSASignOptions *pSignOptions, const BYTE *pHash, size_t nSizeHash, const cMemBlock &signBuffer) const |
| |
| HRESULT | MakeSignature (BYTE *pSig, SSL_Hash_TYPE eHashType, const BYTE *pHash, size_t nSizeHash, IRandomNoise *pRandom) const |
| |
| HRESULT | DecryptWithKey (BYTE *pOut, size_t nSizeOut, const BYTE *pInp, size_t nSizeIn, IRandomNoise *pRandom) |
| |
| HRESULT | EncryptWithKey (BYTE *pOut, size_t nSizeOut, const BYTE *pInp, size_t nSizeIn, IRandomNoise *pRandom) |
| |
Public key container. This might be an instance of any key type we support. (RSA or ECP via cKeyTypeDef) TODO roll more functionality into cKeyBase ??
◆ cKeyWrap()
| GrayLib::cKeyWrap::cKeyWrap |
( |
| ) |
|
|
inline |
◆ ~cKeyWrap()
| GrayLib::cKeyWrap::~cKeyWrap |
( |
| ) |
|
|
inline |
◆ CheckPublicPrivatePair()
| HRESULT GrayLib::cKeyWrap::CheckPublicPrivatePair |
( |
const cKeyWrap * |
pKeyPrivate | ) |
const |
Check if a public-private pair of keys matches.
- pKeyPrivate = a private (and public) key.
- Returns
- 0 = success or NTE_BAD_DATA
◆ DecryptWithKey()
| HRESULT GrayLib::cKeyWrap::DecryptWithKey |
( |
BYTE * |
pOut, |
|
|
size_t |
nSizeOut, |
|
|
const BYTE * |
pInp, |
|
|
size_t |
nSizeIn, |
|
|
IRandomNoise * |
pRandom |
|
) |
| |
RSA Decrypt message (including padding if relevant).
- pOut = Decrypted output
- nSizeOut = Size of the output buffer
- pInp = Input to decrypt
- nSizeIn = Input size
- pRandom = RNG parameter
- Note
- For RSA keys, the default padding type is PKCS#1 v1.5.
- Returns
- 0 on success, or a specific error code.
Decrypt message (cKeyRSA only) (Server only)
◆ EncryptWithKey()
| HRESULT GrayLib::cKeyWrap::EncryptWithKey |
( |
BYTE * |
pOut, |
|
|
size_t |
nSizeOut, |
|
|
const BYTE * |
pInp, |
|
|
size_t |
nSizeIn, |
|
|
IRandomNoise * |
pRandom |
|
) |
| |
RSA Encrypt message (including padding if relevant).
- pOut = Encrypted output
- nSizeOut = Size of the output buffer
- pInp = Message to encrypt
- nSizeIn = Message size
- pRandom = RNG parameter
- Note
- For RSA keys, the default padding type is PKCS#1 v1.5.
- Returns
- 0 on success, or a specific error code.
Encrypt message. (RSA only) (cSSLClient only)
◆ get_ECPPair()
Quick access to an EC m_pKeyBase.
- Note
- MUST be a EC type key SSL_Key_ECKEY should cKeyWrap have internal knowledge of key type?
◆ get_KeySize()
| size_t GrayLib::cKeyWrap::get_KeySize |
( |
| ) |
const |
|
inline |
Get key size in bytes Get the length in bytes of the underlying key
◆ get_KeyType()
Get the key type
- Returns
- Type on success, or SSL_Key_NONE
◆ get_KeyTypeName()
| const char* GrayLib::cKeyWrap::get_KeyTypeName |
( |
| ) |
const |
|
inline |
Access the type name
- Returns
- Type name on success, or "invalid PK"
◆ get_SSLSIGType()
Convert between SSL_Key_TYPE and SSL_SIG_TYPE
◆ GetHashSize()
| static bool GrayLib::cKeyWrap::GetHashSize |
( |
SSL_Hash_TYPE |
eHashType, |
|
|
size_t * |
pnHashSize |
|
) |
| |
|
inlinestatic |
Helper for MakeSignature and VerifySignature
◆ GetKeyTypeFromSSLSIG()
◆ GetKeyValues()
Export debug information
- items = Place to write debug items
◆ HasKeyType()
| bool GrayLib::cKeyWrap::HasKeyType |
( |
SSL_Key_TYPE |
eKeyType | ) |
const |
|
inlinenoexcept |
Tell if a context can do the operation given by type
- eKeyType = Target type. e.g. SSL_Key_ECKEY
- Returns
- 0 if context can't do the operations, 1 otherwise.
◆ InitKeyType()
Make this a key of type SSL_Key_TYPE
◆ isZeroKey()
| bool GrayLib::cKeyWrap::isZeroKey |
( |
| ) |
const |
|
inline |
◆ MakeSignature()
Make signature, including padding if relevant.
- pSig = Place to write the signature
- eHashType = Hash algorithm used (see notes)
- pHash = Hash of the message to sign
- nSizeHash = Hash length or 0 (see notes)
- pRandom = RNG parameter
- Returns
- 0 on success, or a specific error code.
- Note
- For RSA keys, the default padding type is PKCS#1 v1.5. There is no interface in the PK module to make RSASSA-PSS signatures yet.
-
If nSizeHash is 0, then the length associated with eHashType is used instead, or an error returned if it is invalid.
-
eHashType may be SSL_Hash_NONE, only if nSizeHash != 0
Make a signature for pHash
- nSizeHash = 0 = find the size.
◆ ReadPrivateKey()
Parse a private key
- key = input buffer
- password = password for decryption (optional)
- Note
- On entry, pKeyBase must be empty, either freshly initialized with pk_init() or reset with SetZeroKey(). If you need a specific key type, check the result with HasKeyType().
-
The key is also checked for correctness.
- Returns
- 0 if successful, or a specific PK or PEM error code
Parse a private pKey Try different formats until one works.
◆ ReadPrivateKeyFile()
| HRESULT GrayLib::cKeyWrap::ReadPrivateKeyFile |
( |
const FILECHAR_t * |
pszFilePath, |
|
|
const char * |
pszPassword |
|
) |
| |
Load and parse a private key
- pszFilePath = filename to read the private key from
- pszPassword = password to decrypt the file (can be NULL)
- Note
- On entry, pKeyBase must be empty, either freshly initialized with pk_init() or reset with SetZeroKey(). If you need a specific key type, check the result with HasKeyType().
-
The key is also checked for correctness.
- Returns
- 0 if successful, or a specific PK or PEM error code
◆ ReadPublicKey() [1/2]
Parse a SubjectPublicKeyInfo DER structure
- r = the position in the ASN.1 data
- Returns
- 0 if successful, or a specific PK error code
Read from ASN/DER SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
◆ ReadPublicKey() [2/2]
| HRESULT GrayLib::cKeyWrap::ReadPublicKey |
( |
const BYTE * |
pKey, |
|
|
size_t |
nSizeKey |
|
) |
| |
Parse a public key
- pKey = input buffer
- nSizeKey = size of the buffer
- Note
- On entry, pKeyBase must be empty, either freshly initialized with pk_init() or reset with SetZeroKey(). If you need a specific key type, check the result with HasKeyType().
-
The key is also checked for correctness.
- Returns
- 0 if successful, or a specific PK or PEM error code
Parse a public key in unknown format
◆ ReadPublicKeyFile()
Load and parse a public key
- pszFilePath = filename to read the private key from
- Note
- On entry, pKeyBase must be empty, either freshly initialized with pk_init() or reset with SetZeroKey(). If you need a specific key type, check the result with HasKeyType().
-
The key is also checked for correctness.
- Returns
- 0 if successful, or a specific PK or PEM error code
◆ SetZeroKey()
| void GrayLib::cKeyWrap::SetZeroKey |
( |
| ) |
|
◆ VerifySignature()
| HRESULT GrayLib::cKeyWrap::VerifySignature |
( |
SSL_Hash_TYPE |
eHashType, |
|
|
const BYTE * |
pHash, |
|
|
size_t |
nSizeHash, |
|
|
const BYTE * |
pSig, |
|
|
size_t |
nSizeSig |
|
) |
| const |
Verify signature (including padding if relevant).
- eHashType = Hash algorithm used (see notes)
- pHash = Hash of the message to sign
- nSizeHash = Hash length or 0 (see notes)
- pSig = Signature to verify
- nSizeSig = Signature length
- Returns
- 0 on success (signature is valid), NTE_BAD_LEN if the signature is valid but its actual length is less than nSizeSig,
- Note
- For RSA keys, the default padding type is PKCS#1 v1.5. Use
VerifySignatureExt( SSL_Key_RSASSA_PSS, ... ) to verify RSASSA_PSS signatures.
-
If nSizeHash is 0, then the length associated with eHashType is used instead, or an error returned if it is invalid.
-
eHashType may be SSL_Hash_NONE, only if nSizeHash != 0
Verify a signature
◆ VerifySignatureExt()
Verify signature, with options. (Includes verification of the padding depending on type.)
- eKeyType = Signature type (inc. possible padding type) to verify
- pSignOptions = Pointer to type-specific options, or NULL
- eHashType = Hash algorithm used (see notes)
- pHash = Hash of the message to sign
- nSizeHash = Hash length or 0 (see notes)
- signBuffer = Signature to verify
- Returns
- 0 on success (signature is valid), NTE_PROV_TYPE_NO_MATCH if the PK context can't be used for this type of signatures, NTE_BAD_LEN if the signature is valid but its actual length is less than nSizeSig, or a specific error code.
- Note
- If nSizeHash is 0, then the length associated with eHashType is used instead, or an error returned if it is invalid.
-
eHashType may be SSL_Hash_NONE, only if nSizeHash != 0
-
If type is SSL_Key_RSASSA_PSS, then options must point to a cKeyRSASignOptions structure, otherwise it must be NULL.
◆ WritePrivateKey()
Write a private key to a PKCS#1 or SEC1 DER structure
- Note
- data is written at the end of the buffer! Use the return value to determine where you should start using the buffer
- Returns
- length of data written if successful, or a specific error code
◆ WritePrivatePEM()
| HRESULT GrayLib::cKeyWrap::WritePrivatePEM |
( |
char * |
pOut, |
|
|
StrLen_t |
size |
|
) |
| const |
Write a private key to a PKCS#1 or SEC1 PEM string
- pOut = buffer to write to
- size = size of the buffer
- Returns
- 0 successful, or a specific error code
◆ WritePublicKey()
Write a subjectPublicKey to ASN.1 data
- Note
- function works backwards in data buffer
- w = reference to current position pointer
- Returns
- the length written or a negative error code
◆ WritePublicKey2()
Write a public key to a SubjectPublicKeyInfo DER structure
- Note
- data is written at the end of the buffer! Use the return value to determine where you should start using the buffer
- Returns
- length of data written if successful, or a specific error code
WritePublicKey plus extra stuff.
◆ WritePublicPEM()
| HRESULT GrayLib::cKeyWrap::WritePublicPEM |
( |
char * |
pOut, |
|
|
StrLen_t |
size |
|
) |
| const |
Write a public key to a PEM string
- pOut = buffer to write to
- size = size of the buffer
- Returns
- 0 successful, or a specific error code
- 1 + 1 + 9 (rsa oid)
- 1 + 1 (params null)
- 1 + 1 + 7 (ec oid)
- 1 + 1 + 9 (namedCurve oid)
- 1 (point format) [1]
- 2 * ECP_MAX (coords) [1]
◆ k_pszPEM_EC
| const char * GrayLib::cKeyWrap::k_pszPEM_EC = "EC PRIVATE KEY" |
|
static |
◆ k_pszPEM_EPK
| const char * GrayLib::cKeyWrap::k_pszPEM_EPK = "ENCRYPTED PRIVATE KEY" |
|
static |
◆ k_pszPEM_PK
| const char * GrayLib::cKeyWrap::k_pszPEM_PK = "PRIVATE KEY" |
|
static |
◆ k_pszPEM_Pub
| const char * GrayLib::cKeyWrap::k_pszPEM_Pub = "PUBLIC KEY" |
|
static |
◆ k_pszPEM_RSAPK
| const char * GrayLib::cKeyWrap::k_pszPEM_RSAPK = "RSA PRIVATE KEY" |
|
static |
◆ m_pKeyBase
◆ m_pKeyTypeDef
The documentation for this class was generated from the following files:
1.9.1