10 #ifndef DIGITALAUTHENTICATIONFRAMEWORK_H 11 #define DIGITALAUTHENTICATIONFRAMEWORK_H 90 DEVICE_DISCONNECTED = 5,
91 DEVICE_PROTOCOL_ERR = 6,
100 UNSUPPORTED_HASH = 15,
113 virtual int getCode() =0;
118 bool isError() {
return getCode() != SUCCESS; };
123 virtual void clear() =0;
130 virtual void getAsStringUTF8(std::string &errmsg) =0;
134 #define ALL_ERRORS(F) \ 135 F(DAError::SUCCESS, "Success") \ 136 F(DAError::NO_MEMORY, "General memory allocation failure") \ 137 F(DAError::NOT_PROVISIONED, "Driver has not been set up with a device") \ 138 F(DAError::DEVICE_NOT_FOUND, "Cannot find the device") \ 139 F(DAError::NO_MORE_SESSIONS, "The maximum allowed number of concurrent sessions are already connected") \ 140 F(DAError::DEVICE_DISCONNECTED, "Link to device lost unexpectedly") \ 141 F(DAError::DEVICE_PROTOCOL_ERR, "Error from protocol stack talking to device") \ 142 F(DAError::BAD_AUTH_TOKEN, "authToken provided to CreateSession was bad") \ 143 F(DAError::KEY_NOT_FOUND, "Requested key does not exist") \ 144 F(DAError::ATTRIB_NOT_FOUND, "Requested attribute not available") \ 145 F(DAError::MECH_NOT_FOUND, "Requested mechanism is not supported") \ 146 F(DAError::VERIFY_FAILED, "Invalid signature or ciphertext") \ 147 F(DAError::NOT_IMPLEMENTED, "Function or method is not implemented") \ 148 F(DAError::BAD_PARAMETERS, "Missing or invalid parameters to method") \ 149 F(DAError::OS_ERROR, "Operating system call failed") \ 150 F(DAError::UNSUPPORTED_HASH, "Requested hash function cannot be used here") 223 virtual bool isConnected() =0;
229 virtual int getKeyCount() =0;
239 virtual DAKey *getKey(
int index) =0;
248 virtual DAKey *getKey(
const std::string &serial) =0;
300 virtual bool getData(
DAData &data)=0;
313 virtual bool setData(
const DAData &data)=0;
325 virtual bool generateMaterial()=0;
329 virtual std::vector<DAMechanism> getMechanisms() =0;
331 static const int STORAGE_MESSAGE_SIZE = 32;
335 static const int ENCRYPT_MESSAGE_SIZE = 32;
339 static const int ONEWAY_MESSAGE_SIZE = 32;
398 if (m_flags & HAVE_MECH)
411 if (m_flags & HAVE_IV)
424 if (m_flags & HAVE_PLAINTEXT)
437 if (m_flags & HAVE_CIPHERTEXT)
459 m_flags |= HAVE_MECH;
470 bool setMechanismForRSAPkcs1Signature();
480 bool setMechanismForDSA();
490 bool setMechanismForECDSA();
505 m_flags |= HAVE_PLAINTEXT;
513 m_flags |= HAVE_CIPHERTEXT;
520 m_digestType = dtype;
527 m_flags &= ~HAVE_MECH;
541 m_flags &= ~HAVE_PLAINTEXT;
548 m_flags &= ~HAVE_CIPHERTEXT;
576 bool applyDefaultDigest();
587 bool getPkcs1SignatureData(
DAData &msg );
668 virtual bool getString(
DAAttrib which, std::string &data) =0;
681 virtual bool getFlag(
DAAttrib which) =0;
695 virtual bool getData(
DAAttrib which,
DAData &data,
size_t index=0) =0;
709 virtual bool getSize(
DAAttrib which,
size_t &len_r) =0;
726 const uint8_t *ptr =
static_cast<const uint8_t *
>(data);
728 ret.push_back(*ptr++);
738 return mkData(str.data(), str.size());
747 return mkData(str, strlen(str));
DAData m_plaintext
Plaintext bytes.
Definition: DigitalAuthenticationFramework.h:598
void unsetPlaintext()
Remove plaintext.
Definition: DigitalAuthenticationFramework.h:538
Encapsulates a message and various (optional) crypto parameters.
Definition: DigitalAuthenticationFramework.h:369
bool getPlaintext(DAData &data) const
Get the original plaintext/signed message.
Definition: DigitalAuthenticationFramework.h:422
(flag) True if both sign() and verify() work
Definition: DigitalAuthenticationFramework.h:637
unsigned m_flags
Flags (HAVE_PLAINTEXT etc)
Definition: DigitalAuthenticationFramework.h:602
Interface to "session" object.
Definition: DigitalAuthenticationFramework.h:196
DAMechanism m_mech
Mechanism (OID)
Definition: DigitalAuthenticationFramework.h:601
DAData m_ciphertext
Ciphertext bytes.
Definition: DigitalAuthenticationFramework.h:599
(data) X.509 certificate for key
Definition: DigitalAuthenticationFramework.h:639
36-byte MD5+SHA1 dual hash, used by SSL3 and TLS 1.0-1.1
Definition: DigitalAuthenticationFramework.h:360
(flag) True if key can be used for user authentication
Definition: DigitalAuthenticationFramework.h:632
void setIV(const DAData &iv)
Set IV.
Definition: DigitalAuthenticationFramework.h:494
void setDigestType(DADigestType dtype)
Set digest type.
Definition: DigitalAuthenticationFramework.h:518
virtual ~DASession()
virtual destructor
Definition: DigitalAuthenticationFramework.h:202
bool getCiphertext(DAData &data) const
Get the final encrypted message or signature.
Definition: DigitalAuthenticationFramework.h:435
(size) Max size of a decrypted plaintext (in bytes)
Definition: DigitalAuthenticationFramework.h:642
virtual ~DAKey()
virtual destructor
Definition: DigitalAuthenticationFramework.h:266
(string) User-visible name of device or key
Definition: DigitalAuthenticationFramework.h:622
DADigestType getDigestType() const
Gets digest (hash) type used for signature.
Definition: DigitalAuthenticationFramework.h:449
static DAData mkData(std::string &str)
Create a DAData from a std::string.
Definition: DigitalAuthenticationFramework.h:736
static void initialize()
Initialization function.
General metadata interface.
Definition: DigitalAuthenticationFramework.h:652
DAAttrib
Attribute selector.
Definition: DigitalAuthenticationFramework.h:620
void unsetDigestType()
Unset digestType.
Definition: DigitalAuthenticationFramework.h:552
void setMechanism(const DAMechanism &mech)
Set Crypto Algorithm.
Definition: DigitalAuthenticationFramework.h:456
(flag) True if SetData() and/or GenerateMaterial() work
Definition: DigitalAuthenticationFramework.h:634
std::vector< uint8_t > DAMechanism
Identifier of a cryptographic mechanism.
Definition: DigitalAuthenticationFramework.h:37
SHA-512 hash (64 bytes)
Definition: DigitalAuthenticationFramework.h:358
Message has not been hashed.
Definition: DigitalAuthenticationFramework.h:352
(flag) True if authentication token is regular password
Definition: DigitalAuthenticationFramework.h:628
void unsetMechanism()
Remove Crypto Algorithm.
Definition: DigitalAuthenticationFramework.h:524
static DAData mkData(const char *str)
Create a DAData from a C string.
Definition: DigitalAuthenticationFramework.h:745
void unsetIV()
Remove IV.
Definition: DigitalAuthenticationFramework.h:531
Interface for error reporting.
Definition: DigitalAuthenticationFramework.h:81
virtual ~DADevice()
virtual destructor
Definition: DigitalAuthenticationFramework.h:165
SHA-1 hash (20 bytes)
Definition: DigitalAuthenticationFramework.h:354
Utility functions.
Definition: DigitalAuthenticationFramework.h:716
DAMessage()
Constructor Creates an empty message with all zero-length entries.
Definition: DigitalAuthenticationFramework.h:375
DAData m_iv
IV bytes.
Definition: DigitalAuthenticationFramework.h:600
SHA-256 hash (32 bytes)
Definition: DigitalAuthenticationFramework.h:356
bool getMechanism(DAMechanism &mech) const
Return cryptographic mechanism identifier.
Definition: DigitalAuthenticationFramework.h:396
(flag) True if key can be used for SSL/TLS client auth
Definition: DigitalAuthenticationFramework.h:633
SHA-384 hash (48 bytes)
Definition: DigitalAuthenticationFramework.h:357
(flag) True if key can be used for S/MIME decryption
Definition: DigitalAuthenticationFramework.h:631
(size) Size of signature in bytes
Definition: DigitalAuthenticationFramework.h:641
virtual ~DAError()
virtual destructor
Definition: DigitalAuthenticationFramework.h:107
bool getIV(DAData &iv) const
Return IV.
Definition: DigitalAuthenticationFramework.h:409
(flag) True if GetData() and SetData() work
Definition: DigitalAuthenticationFramework.h:635
std::vector< uint8_t > DAData
A data block represented as a sequence of bytes.
Definition: DigitalAuthenticationFramework.h:28
(flag) True if key can be used for S/MIME signing
Definition: DigitalAuthenticationFramework.h:630
Top-level functions provided by the device driver.
Definition: DigitalAuthenticationFramework.h:51
static DAData mkData(const void *data, size_t len)
Create a DAData from pointer and length.
Definition: DigitalAuthenticationFramework.h:723
(flag) True if path to device has eavesdropping protection
Definition: DigitalAuthenticationFramework.h:626
DADigestType m_digestType
Digest used for signed message.
Definition: DigitalAuthenticationFramework.h:603
static DADevice * getDevice()
Returns pointer to device object.
(flag) True if path to device is authenticated
Definition: DigitalAuthenticationFramework.h:627
void setPlaintext(const DAData &data)
Set plaintext buffer.
Definition: DigitalAuthenticationFramework.h:502
SHA-224 hash (28 bytes)
Definition: DigitalAuthenticationFramework.h:355
Interface to device object.
Definition: DigitalAuthenticationFramework.h:159
(flag) True if both encrypt() and decrypt() work
Definition: DigitalAuthenticationFramework.h:636
virtual ~DAMetaData()
Virtual Destructor.
Definition: DigitalAuthenticationFramework.h:658
(string) Unique serial number of device or key
Definition: DigitalAuthenticationFramework.h:623
void unsetCiphertext()
Remove ciphertext.
Definition: DigitalAuthenticationFramework.h:545
void setCiphertext(const DAData &data)
Set ciphertext buffer.
Definition: DigitalAuthenticationFramework.h:510
static DAError & getLastError()
Get current error status for device driver.
(flag) True if implemented in hardware
Definition: DigitalAuthenticationFramework.h:625
bool isError()
test if error has occurred
Definition: DigitalAuthenticationFramework.h:118
Interface to Key objects.
Definition: DigitalAuthenticationFramework.h:260
DADigestType
Identification of hash algorithm used for signature.
Definition: DigitalAuthenticationFramework.h:350
const char * DAF_SDK_VERSION_string
Identifies the version of the DAF SDK.
Definition: DigitalAuthenticationFramework.h:20