123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612 |
- /*##############################################################################
- HPCC SYSTEMS software Copyright (C) 2019 HPCC Systems®.
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ############################################################################## */
- #include "jutil.hpp"
- #include "jexcept.hpp"
- #include "digisign.hpp"
- #include "ske.hpp"
- #include <openssl/pem.h>
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #include <string>
- #include <unordered_map>
- #include "cryptolib.hpp"
- using namespace std;
- #define CRYPTOLIB_VERSION "CRYPTOLIB 1.0.00"
- using namespace cryptohelper;
- static const char * EclDefinition = nullptr;//Definitions specified in lib_cryptolib.ecllib
- CRYPTOLIB_API bool getECLPluginDefinition(ECLPluginDefinitionBlock *pb)
- {
- // Warning: This function may be called without the plugin being loaded fully.
- // It should not make any library calls or assume that dependent modules
- // have been loaded or that it has been initialized.
- //
- // Specifically: "The system does not call DllMain for process and thread
- // initialization and termination. Also, the system does not load
- // additional executable modules that are referenced by the specified module."
- if (pb->size != sizeof(ECLPluginDefinitionBlock))
- return false;
- pb->magicVersion = PLUGIN_VERSION;
- pb->version = CRYPTOLIB_VERSION;
- pb->moduleName = "lib_cryptolib";
- pb->ECL = EclDefinition;
- pb->flags = PLUGIN_IMPLICIT_MODULE;
- pb->description = "CryptoLib cryptography services library";
- return true;
- }
- namespace nsCryptolib {
- IPluginContext * parentCtx = nullptr;
- }
- using namespace nsCryptolib;
- CRYPTOLIB_API void setPluginContext(IPluginContext * _ctx) { parentCtx = _ctx; }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- // C++ to ECL helpers
- //-------------------------------------------------------------------------------------------------------------------------------------------
- size32_t addToECLSetOfString(void * set, const char * str)
- {
- size32_t len = strlen(str);
- if (len)
- {
- memcpy(set, &len, sizeof(len));//copy 4 byte length. String Set memory buffer should already be allocated within the context
- memcpy((char *)set + sizeof(len), str, strlen(str));//followed by string
- }
- return len + sizeof(len);//return length copied to memory buffer
- }
- void stringArrayToECLSetOfString(const StringArray & arr, void * * set, size32_t * len)
- {
- //STRING is a variable length string stored as a 4 byte length, followed by the string. A set of strings has
- //the strings in this format repeated, and the total size returned in the __lenResult parameter. The __result value should be allocated
- //on the heap.
- size32_t currLen = 0;
- for (aindex_t idx = 0; idx < arr.length(); idx++)
- currLen += strlen(arr.item(idx)) + sizeof(size32_t);
- void * pSet = CTXMALLOC(parentCtx, currLen);
- assertex(set);
- *len = currLen;
- *set = pSet;
- currLen = 0;
- for (aindex_t idx = 0; idx < arr.length(); idx++)
- currLen += addToECLSetOfString((char*)pSet + currLen, arr.item(idx));
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- // CIPHER SYMMETRIC SUPPORT
- //-------------------------------------------------------------------------------------------------------------------------------------------
- //NB: It should be noted that we count on the cryptohelper library to call OpenSSL_add_all_algorithms() at init time
- void my_clAlgorithmsCallback(const OBJ_NAME * _obj, void * _pRes)
- {
- ((StringArray*)_pRes)->append((const char*)_obj->name);//add this digest to string array
- }
- //NB: CRYPTOLIB call signatures can be gleaned from the generated workunit CPP file
- //Symmetric block/stream digest algorithms
- CRYPTOLIB_API void CRYPTOLIB_CALL clInstalledSymmetricCipherAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, my_clAlgorithmsCallback, (void*)&algorithms);
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clSupportedSymmetricCipherAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- algorithms.appendList("aes-256-cbc,aes-192-cbc,aes-128-cbc", ",");//make sure this list matches loadEVP_Cipher()
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- //Helpers to build the DATA buffer returned from clSymmetricEncrypt, and sent to clSymmetricDecrypt
- //Buffer is structured as:
- // (size32_t)lenIV, IV excluding NULL, (size32_t)LenPlainText excluding NULL, (size32_t)LenCipher, Cipher
- static void symmDeserialize(const void * pBuffer, StringBuffer & sbIV, StringBuffer & sbCipher, size32_t * lenPlainText)
- {
- size32_t len;
- const char * finger = (const char *)pBuffer;
- memcpy(&len, finger, sizeof(size32_t));//extract IV
- finger += sizeof(size32_t);
- sbIV.append(len, finger);
- finger += len;
- memcpy(lenPlainText, finger, sizeof(size32_t));//extract length of plain text
- finger += sizeof(size32_t);
- memcpy(&len, finger, sizeof(size32_t));//extract cipher
- finger += sizeof(size32_t);
- sbCipher.append(len, finger);
- }
- static void symmSerialize(void * & result, size32_t & lenResult, const char * pIV, size32_t lenIV, size32_t lenPlainText, size32_t lenCipherBuff, const void * pCipherBuff)
- {
- //Allocate return DATA buffer
- lenResult = sizeof(size32_t) + lenIV + sizeof(size32_t) + sizeof(size32_t) + lenCipherBuff;
- result = CTXMALLOC(parentCtx, lenResult);
- //build result DATA buffer in the form:
- char * pRes = (char *)result;
- memcpy(pRes, &lenIV, sizeof(size32_t));//copy size of IV
- pRes += sizeof(size32_t);
- memcpy(pRes, pIV, lenIV);//copy the IV
- pRes += lenIV;
- memcpy(pRes, &lenPlainText, sizeof(size32_t));
- pRes += sizeof(size32_t);
- memcpy(pRes, &lenCipherBuff, sizeof(size32_t));
- pRes += sizeof(size32_t);
- memcpy(pRes, pCipherBuff, lenCipherBuff);
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- void verifySymmetricAlgorithm(const char * algorithm, size32_t len)
- {
- if (strieq(algorithm, "aes-128-cbc"))
- {
- if (len != 16)
- throw MakeStringException(-1, "Invalid Key Length %d specified for algorithm %s, try 16", len, algorithm);
- }
- else if (strieq(algorithm, "aes-192-cbc"))
- {
- if (len != 24)
- throw MakeStringException(-1, "Invalid Key Length %d specified for algorithm %s, try 24", len, algorithm);
- }
- else if (strieq(algorithm, "aes-256-cbc"))
- {
- if (len != 32)
- throw MakeStringException(-1, "Invalid Key Length %d specified for algorithm %s, try 32", len, algorithm);
- }
- else
- throw MakeStringException(-1, "Unsupported symmetric algorithm (%s) specified", algorithm);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clSymmetricEncrypt(size32_t & __lenResult, void * & __result,
- const char * algorithm,
- const char * key,
- size32_t lenInputdata,const void * inputdata)
- {
- verifySymmetricAlgorithm(algorithm, strlen(key) );
- //Create a unique Initialization Vector
- unsigned char iv[EVP_MAX_IV_LENGTH];
- RAND_bytes(iv, EVP_MAX_IV_LENGTH);
- //temporary buffer for result
- MemoryBuffer out;
- aesEncrypt(out, lenInputdata, inputdata, strlen(key), key, (const char *)iv);
- //build result DATA buffer in the form:
- // (size32_t)EVP_MAX_IV_LENGTH, IV, (size32_t)LenPlainText excluding NULL, (size32_t)LenCipher, Cipher
- symmSerialize(__result, __lenResult, (const char *)iv, sizeof(iv), lenInputdata, out.length(), (const void *)out.bufferBase());
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clSymmetricDecrypt(size32_t & __lenResult,void * & __result,
- const char * algorithm,
- const char * key,
- size32_t lenEncrypteddata,const void * encrypteddata)
- {
- verifySymmetricAlgorithm(algorithm, strlen(key));
- //Decompose DATA buffer
- StringBuffer sbIV;
- StringBuffer sbCipher;
- size32_t lenPlainText;
- symmDeserialize(encrypteddata, sbIV, sbCipher, &lenPlainText);
- __result = (char *)CTXMALLOC(parentCtx, lenPlainText);
- __lenResult = lenPlainText;
- MemoryBuffer decrypted;
- size32_t len = aesDecrypt(decrypted, sbCipher.length(), sbCipher.str(), strlen(key), key, sbIV.str());
- memcpy(__result, decrypted.toByteArray(), __lenResult);
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- // HASH SUPPORT
- //-------------------------------------------------------------------------------------------------------------------------------------------
- CRYPTOLIB_API void CRYPTOLIB_CALL clInstalledHashAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, my_clAlgorithmsCallback, (void*)&algorithms);
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clSupportedHashAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- algorithms.appendList("SHA1,SHA224,SHA256,SHA384,SHA512", ",");//make sure these match algorithms in clHash()
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- void throwHashError(const char * str)
- {
- unsigned long err = ERR_get_error();
- char errStr[1024];
- ERR_error_string_n(err, errStr, sizeof(errStr));
- throw MakeStringException(-1, "%s : ERROR %ld (0x%lX) : %s", str, err, err, errStr);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clHash(size32_t & __lenResult, void * & __result,
- const char * algorithm,
- size32_t lenInputData, const void * inputData)
- {
- //Make sure each algorithm is included in clHashAlgorithms()
- if (strieq("SHA1", algorithm))
- {
- SHA_CTX context;
- if (!SHA1_Init(&context))
- throwHashError("OpenSSL ERROR calling SHA1_Init");
- if (!SHA1_Update(&context, (unsigned char*)inputData, lenInputData))
- throwHashError("OpenSSL ERROR calling SHA1_Update");
- __lenResult = SHA_DIGEST_LENGTH;//20 bytes
- __result = CTXMALLOC(parentCtx, __lenResult);
- if (!SHA1_Final((unsigned char *)__result, &context))
- {
- free(__result);
- throwHashError("OpenSSL ERROR calling SHA1_Final");
- }
- }
- else if (strieq("SHA224", algorithm))
- {
- SHA256_CTX context;//SHA224 uses the SHA256 context
- if (!SHA224_Init(&context))
- throwHashError("OpenSSL ERROR calling SHA224_Init");
- if (!SHA224_Update(&context, (unsigned char*)inputData, lenInputData))
- throwHashError("OpenSSL ERROR calling SHA224_Update");
- __lenResult = SHA224_DIGEST_LENGTH;//28 bytes
- __result = CTXMALLOC(parentCtx, __lenResult);
- if (!SHA224_Final((unsigned char *)__result, &context))
- {
- free(__result);
- throwHashError("OpenSSL ERROR calling SHA224_Final");
- }
- }
- else if (strieq("SHA256", algorithm))
- {
- SHA256_CTX context;
- if (!SHA256_Init(&context))
- throwHashError("OpenSSL ERROR calling SHA256_Init");
- if (!SHA256_Update(&context, (unsigned char*)inputData, lenInputData))
- throwHashError("OpenSSL ERROR calling SHA256_Update");
- __lenResult = SHA256_DIGEST_LENGTH;//32 bytes
- __result = CTXMALLOC(parentCtx, __lenResult);
- if (!SHA256_Final((unsigned char *)__result, &context))
- {
- free(__result);
- throwHashError("OpenSSL ERROR calling SHA256_Final");
- }
- }
- else if (strieq("SHA384", algorithm))
- {
- SHA512_CTX context;//SHA384 uses the SHA512 context
- if (!SHA384_Init(&context))
- throwHashError("OpenSSL ERROR calling SHA384_Init");
- if (!SHA384_Update(&context, (unsigned char*)inputData, lenInputData))
- throwHashError("OpenSSL ERROR calling SHA384_Update");
- __lenResult = SHA384_DIGEST_LENGTH;//48 bytes
- __result = CTXMALLOC(parentCtx, __lenResult);
- if (!SHA384_Final((unsigned char *)__result, &context))
- {
- free(__result);
- throwHashError("OpenSSL ERROR calling SHA384_Final");
- }
- }
- else if (strieq("SHA512", algorithm))
- {
- SHA512_CTX context;
- if (!SHA512_Init(&context))
- throwHashError("OpenSSL ERROR calling SHA512_Init");
- if (!SHA512_Update(&context, (unsigned char*)inputData, lenInputData))
- throwHashError("OpenSSL ERROR calling SHA512_Update");
- __lenResult = SHA512_DIGEST_LENGTH;//64 bytes
- __result = CTXMALLOC(parentCtx, __lenResult);
- if (!SHA512_Final((unsigned char *)__result, &context))
- {
- free(__result);
- throwHashError("OpenSSL ERROR calling SHA512_Final");
- }
- }
- else
- {
- throw MakeStringException(-1, "Unsupported hash algorithm '%s' specified", algorithm);
- }
- }
- //-------------------------------------------------------------------------------------------------------------------------------------------
- // PUBLIC KEY SUPPORT
- //-------------------------------------------------------------------------------------------------------------------------------------------
- CRYPTOLIB_API void CRYPTOLIB_CALL clInstalledPublicKeyAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_PKEY_METH, my_clAlgorithmsCallback, (void*)&algorithms);
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clSupportedPublicKeyAlgorithms(bool & __isAllResult, size32_t & __lenResult, void * & __result)
- {
- __isAllResult = false;
- StringArray algorithms;
- algorithms.appendList("SHA256", ",");
- stringArrayToECLSetOfString(algorithms, &__result, &__lenResult);
- }
- //signature helper function
- void doPKISign(size32_t & __lenResult, void * & __result,
- IDigitalSignatureManager * pDSM,
- size32_t lenInputdata, const void * inputdata)
- {
- StringBuffer sbSig;
- if (pDSM->digiSign(sbSig, lenInputdata, inputdata))
- {
- __result = CTXMALLOC(parentCtx, sbSig.length());
- __lenResult = sbSig.length();
- memcpy(__result, sbSig.str(), __lenResult);
- }
- else
- {
- throw MakeStringException(-1, "Unable to create Digital Signature");
- }
- }
- void verifyPKIAlgorithm(const char * pkAlgorithm)
- {
- if (!strieq(pkAlgorithm, "SHA256"))
- throw MakeStringException(-1, "Unsupported PKI algorithm (%s) specified", pkAlgorithm);
- }
- //-----------------------------------------------------------------
- // Simple cache for instances of Digital Signature Managers
- //-----------------------------------------------------------------
- class CDSMCache
- {
- private:
- CriticalSection csDSMCache;//guards modifications to the cache map
- typedef std::unordered_map<string, Owned<IDigitalSignatureManager>> DSMCache;
- DSMCache dsmCache;
- public:
- IDigitalSignatureManager * getInstance(const char * algo, const char * pubKeyFS, const char * pubKeyBuff, const char * privKeyFS, const char * privKeyBuff, const char * passphrase)
- {
- VStringBuffer searchKey("%s_%s_%s_%s_%s_%s", algo, isEmptyString(pubKeyFS) ? "" : pubKeyFS, isEmptyString(pubKeyBuff) ? "" : pubKeyBuff,
- isEmptyString(privKeyFS) ? "" : privKeyFS, isEmptyString(privKeyBuff) ? "" : privKeyBuff, passphrase);
- CriticalBlock block(csDSMCache);
- DSMCache::iterator it = dsmCache.find(searchKey.str());
- IDigitalSignatureManager * ret = nullptr;
- if (it != dsmCache.end())//exists in cache
- {
- ret = (*it).second;
- }
- else
- {
- IDigitalSignatureManager * pDSM = nullptr;
- if (!isEmptyString(pubKeyFS) && !isEmptyString(privKeyFS))
- pDSM = createDigitalSignatureManagerInstanceFromFiles(pubKeyFS, privKeyFS, passphrase);
- else
- pDSM = createDigitalSignatureManagerInstanceFromKeys(pubKeyBuff, privKeyBuff, passphrase);
- dsmCache.insert(pair<string, IDigitalSignatureManager*>(searchKey.str(), pDSM));
- ret = pDSM;
- }
- return LINK(ret);
- }
- };
- static CDSMCache g_DSMCache;
- //Sign given data using private key
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKISign(size32_t & __lenResult,void * & __result,
- const char * pkalgorithm,
- const char * privatekeyfile,
- const char * passphrase,
- size32_t lenInputdata,const void * inputdata)
- {
- verifyPKIAlgorithm(pkalgorithm);//TODO extend cryptohelper to support more algorithms
- Owned<IDigitalSignatureManager> pDSM = g_DSMCache.getInstance(pkalgorithm, nullptr, nullptr, privatekeyfile, nullptr, passphrase);
- if (pDSM)
- {
- doPKISign(__lenResult, __result, pDSM, lenInputdata, inputdata);
- }
- else
- {
- throw MakeStringException(-1, "Unable to create Digital Signature Manager");
- }
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKISignBuff(size32_t & __lenResult, void * & __result,
- const char * pkalgorithm,
- const char * privatekeybuff,
- const char * passphrase,
- size32_t lenInputdata, const void * inputdata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<IDigitalSignatureManager> pDSM = g_DSMCache.getInstance(pkalgorithm, nullptr, nullptr, nullptr, privatekeybuff, passphrase);
- if (pDSM)
- {
- doPKISign(__lenResult, __result, pDSM, lenInputdata, inputdata);
- }
- else
- {
- throw MakeStringException(-1, "Unable to create Digital Signature Manager");
- }
- }
- CRYPTOLIB_API bool CRYPTOLIB_CALL clPKIVerifySignature(const char * pkalgorithm,
- const char * publickeyfile,
- const char * passphrase,
- size32_t lenSignature,const void * signature,
- size32_t lenSigneddata,const void * signeddata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<IDigitalSignatureManager> pDSM = g_DSMCache.getInstance(pkalgorithm, publickeyfile, nullptr, nullptr, nullptr, passphrase);
- if (pDSM)
- {
- StringBuffer sbSig(lenSignature, (const char *)signature);
- bool rc = pDSM->digiVerify(sbSig.str(), lenSigneddata, signeddata);
- return rc;
- }
- else
- {
- throw MakeStringException(-1, "Unable to create Digital Signature Manager");
- }
- }
- CRYPTOLIB_API bool CRYPTOLIB_CALL clPKIVerifySignatureBuff(const char * pkalgorithm,
- const char * publicKeyBuff,
- const char * passphrase,
- size32_t lenSignature, const void * signature,
- size32_t lenSigneddata, const void * signeddata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<IDigitalSignatureManager> pDSM = g_DSMCache.getInstance(pkalgorithm, nullptr, publicKeyBuff, nullptr, nullptr, passphrase);
- if (pDSM)
- {
- StringBuffer sbSig(lenSignature, (const char *)signature);
- bool rc = pDSM->digiVerify(sbSig.str(), lenSigneddata, signeddata);
- return rc;
- }
- else
- {
- throw MakeStringException(-1, "Unable to create Digital Signature Manager");
- }
- }
- //------------------------------------
- //Encryption helper
- //------------------------------------
- static void doPKIEncrypt(size32_t & __lenResult,void * & __result,
- CLoadedKey * publicKey,
- size32_t lenInputdata,const void * inputdata)
- {
- MemoryBuffer pkeMb;
- __lenResult = publicKeyEncrypt(pkeMb, lenInputdata, inputdata, *publicKey);
- if (__lenResult)
- {
- __result = CTXMALLOC(parentCtx, __lenResult);
- memcpy(__result, pkeMb.bytes(), __lenResult);
- }
- }
- //------------------------------------
- //Decryption helper
- //------------------------------------
- static void doPKIDecrypt(size32_t & __lenResult,void * & __result,
- CLoadedKey * privateKey,
- size32_t lenInputdata,const void * inputdata)
- {
- MemoryBuffer pkeMb;
- __lenResult = privateKeyDecrypt(pkeMb, lenInputdata, inputdata, *privateKey);
- if (__lenResult)
- {
- __result = CTXMALLOC(parentCtx, __lenResult);
- memcpy(__result, pkeMb.bytes(), __lenResult);
- }
- }
- //encryption functions that take filespecs of key files
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKIEncrypt(size32_t & __lenResult,void * & __result,
- const char * pkalgorithm,
- const char * publickeyfile,
- const char * passphrase,
- size32_t lenInputdata,const void * inputdata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<CLoadedKey> publicKey = loadPublicKeyFromFile(publickeyfile, passphrase);
- doPKIEncrypt(__lenResult, __result, publicKey, lenInputdata, inputdata);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKIDecrypt(size32_t & __lenResult,void * & __result,
- const char * pkalgorithm,
- const char * privatekeyfile,
- const char * passphrase,
- size32_t lenEncrypteddata,const void * encrypteddata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<CLoadedKey> privateKey = loadPrivateKeyFromFile(privatekeyfile, passphrase);
- doPKIDecrypt(__lenResult, __result, privateKey, lenEncrypteddata, encrypteddata);
- }
- //encryption functions that take keys in a buffer
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKIEncryptBuff(size32_t & __lenResult,void * & __result,
- const char * pkalgorithm,
- const char * publickeybuff,
- const char * passphrase,
- size32_t lenInputdata,const void * inputdata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<CLoadedKey> publicKey = loadPublicKeyFromMemory(publickeybuff, passphrase);
- doPKIEncrypt(__lenResult, __result, publicKey, lenInputdata, inputdata);
- }
- CRYPTOLIB_API void CRYPTOLIB_CALL clPKIDecryptBuff(size32_t & __lenResult,void * & __result,
- const char * pkalgorithm,
- const char * privatekeybuff,
- const char * passphrase,
- size32_t lenEncrypteddata,const void * encrypteddata)
- {
- verifyPKIAlgorithm(pkalgorithm);
- Owned<CLoadedKey> privateKey = loadPrivateKeyFromMemory(privatekeybuff, passphrase);
- doPKIDecrypt(__lenResult, __result, privateKey, lenEncrypteddata, encrypteddata);
- }
|