SecurityAPI - Cryptography and related functions using public key out…

…side a certificate implementation (#789) * Add public keys to the modules * Fix error meesages and codes --------- Co-authored-by: claudiamurialdo <33756655+claudiamurialdo@users.noreply.github.com>
genexuslabs · Apr 24, 2023 · 98a3969 · 98a3969
1 parent 6703d77
commit 98a3969
Show file tree

Hide file tree

Showing 40 changed files with 2,669 additions and 1,107 deletions.
diff --git a/.../SecurityAPI/dotnet/dotnetcore/SecurityAPICommonsNetCore/SecurityAPICommonsNetCore.csproj b/.../SecurityAPI/dotnet/dotnetcore/SecurityAPICommonsNetCore/SecurityAPICommonsNetCore.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
 		<TargetFrameworks>net6.0</TargetFrameworks>
@@ -16,7 +16,8 @@
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Certificate.cs" Link="Commons\Certificate.cs" />
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Error.cs" Link="Commons\Error.cs" />
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Key.cs" Link="Commons\Key.cs" />
-    <Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PrivateKey.cs" Link="Commons\PrivateKey.cs" />
+		<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PublicKey.cs" Link="Commons\PublicKey.cs" />
+		<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PrivateKey.cs" Link="Commons\PrivateKey.cs" />
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\SecurityAPIObject.cs" Link="Commons\SecurityAPIObject.cs" />
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Config\AvailableEncoding.cs" Link="Config\AvailableEncoding.cs" />
     <Compile Include="..\..\dotnetframework\SecurityAPICommons\Config\EncodingUtil.cs" Link="Config\EncodingUtil.cs" />

diff --git a/...ons/SecurityAPI/dotnet/dotnetframework/GeneXusCryptography/Asymmetric/AsymmetricCipher.cs b/...ons/SecurityAPI/dotnet/dotnetframework/GeneXusCryptography/Asymmetric/AsymmetricCipher.cs
@@ -11,7 +11,7 @@
 using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Utilities.Encoders;
 using System.Security;
-
+using SecurityAPICommons.Utils;
 
 namespace GeneXusCryptography.Asymmetric
 {
@@ -34,46 +34,122 @@ public AsymmetricCipher() : base()
 
 		[SecuritySafeCritical]
 		public string DoEncrypt_WithPrivateKey(string hashAlgorithm, string asymmetricEncryptionPadding, PrivateKeyManager key, string plainText)
+		{
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("plainText", plainText, this.error);
+			SecurityUtils.validateObjectInput("key", key, this.error);
+			if (this.HasError())
+			{
+				return "";
+			}
+
+			/******* INPUT VERIFICATION - END *******/
+			return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, plainText, false);
+		}
+
+		[SecuritySafeCritical]
+#pragma warning disable CA1707 // Identifiers should not contain underscores
+		public string DoEncrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, PublicKey key, string plainText)
+#pragma warning restore CA1707 // Identifiers should not contain underscores
 		{
 
-			if (this.HasError() || key == null)
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("plainText", plainText, this.error);
+			SecurityUtils.validateObjectInput("key", key, this.error);
+			if (this.HasError())
 			{
 				return "";
 			}
-			return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, plainText);
+
+			/******* INPUT VERIFICATION - END *******/
+
+			return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, false, plainText, true);
 		}
 
 		[SecuritySafeCritical]
-		public string DoEncrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string plainText)
+		public string DoEncrypt_WithCertificate(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string plainText)
 		{
 
-			if (this.HasError() || certificate == null)
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("plainText", plainText, this.error);
+			SecurityUtils.validateObjectInput("certificate", certificate, this.error);
+			if (this.HasError())
 			{
 				return "";
 			}
-			return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, plainText);
+
+			/******* INPUT VERIFICATION - END *******/
+
+			return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, plainText, false);
 		}
 
 		[SecuritySafeCritical]
 		public string DoDecrypt_WithPrivateKey(string hashAlgorithm, string asymmetricEncryptionPadding, PrivateKeyManager key, string encryptedInput)
 		{
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
+			SecurityUtils.validateObjectInput("key", key, this.error);
+			if (this.HasError())
+			{
+				return "";
+			}
+
+			/******* INPUT VERIFICATION - END *******/
 
-			if (this.HasError() || key == null)
+			return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, encryptedInput, false);
+		}
+
+		[SecuritySafeCritical]
+		public string DoDecrypt_WithCertificate(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string encryptedInput)
+		{
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
+			SecurityUtils.validateObjectInput("certificate", certificate, this.error);
+			if (this.HasError())
 			{
 				return "";
 			}
-			return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, encryptedInput);
+
+			/******* INPUT VERIFICATION - END *******/
+
+			return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, encryptedInput, false);
 		}
 
 		[SecuritySafeCritical]
-		public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string encryptedInput)
+#pragma warning disable CA1707 // Identifiers should not contain underscores
+		public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, PublicKey key, string encryptedInput)
+#pragma warning restore CA1707 // Identifiers should not contain underscores
 		{
 
-			if (this.HasError() || certificate == null)
+			this.error.cleanError();
+			/******* INPUT VERIFICATION - BEGIN *******/
+			SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
+			SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
+			SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
+			SecurityUtils.validateObjectInput("key", key, this.error);
+			if (this.HasError())
 			{
 				return "";
 			}
-			return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, encryptedInput);
+
+			/******* INPUT VERIFICATION - END *******/
+
+			return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, false, encryptedInput, true);
 		}
 
 
@@ -92,7 +168,7 @@ public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEnc
 		/// <param name="password">Srting keysore/certificate pkcs12 format alias</param>
 		/// <param name="plainText">string to encrypt</param>
 		/// <returns>string Base64 encrypted plainText text</returns>
-		private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string plainText)
+		private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string plainText, bool isPublicKey)
 		{
 			this.error.cleanError();
 
@@ -113,9 +189,9 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
 					this.error = keyMan.GetError();
 					return "";
 				}
-				asymmetricEncryptionAlgorithm = keyMan.getPrivateKeyAlgorithm();
+				asymmetricEncryptionAlgorithm = keyMan.getAlgorithm();
 
-				asymKey = keyMan.getPrivateKeyParameterForEncryption();
+				asymKey = keyMan.getAsymmetricKeyParameter();
 				if (keyMan.HasError())
 				{
 					this.error = keyMan.GetError();
@@ -124,14 +200,19 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
 			}
 			else
 			{
-				CertificateX509 cert = (CertificateX509)key;
-				if (!cert.Inicialized || cert.HasError())
+				PublicKey cert = isPublicKey ? (PublicKey)key : (CertificateX509)key;
+				if (cert.HasError())
 				{
 					this.error = cert.GetError();
 					return "";
 				}
-				asymmetricEncryptionAlgorithm = cert.getPublicKeyAlgorithm();
-				asymKey = cert.getPublicKeyParameterForEncryption();
+				if (cert.HasError())
+				{
+					this.error = cert.GetError();
+					return "";
+				}
+				asymmetricEncryptionAlgorithm = cert.getAlgorithm();
+				asymKey = cert.getAsymmetricKeyParameter();
 				if (cert.HasError())
 				{
 					this.error = cert.GetError();
@@ -166,7 +247,7 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
 		/// <param name="password">Srting keysore/certificate pkcs12 format alias</param>
 		/// <param name="encryptedInput"></param>
 		/// <returns>string decypted encryptedInput text</returns>
-		private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string encryptedInput)
+		private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string encryptedInput, bool isPublicKey)
 		{
 			this.error.cleanError();
 
@@ -187,9 +268,9 @@ private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncrypti
 					this.error = keyMan.GetError();
 					return "";
 				}
-				asymmetricEncryptionAlgorithm = keyMan.getPrivateKeyAlgorithm();
+				asymmetricEncryptionAlgorithm = keyMan.getAlgorithm();
 
-				asymKey = keyMan.getPrivateKeyParameterForEncryption();
+				asymKey = keyMan.getAsymmetricKeyParameter();
 				if (keyMan.HasError())
 				{
 					this.error = keyMan.GetError();
@@ -198,14 +279,14 @@ private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncrypti
 			}
 			else
 			{
-				CertificateX509 cert = (CertificateX509)key;
-				if (!cert.Inicialized || cert.HasError())
+				PublicKey cert = isPublicKey ? (PublicKey)key : (CertificateX509)key;
+				if (cert.HasError())
 				{
 					this.error = cert.GetError();
 					return "";
 				}
-				asymmetricEncryptionAlgorithm = cert.getPublicKeyAlgorithm();
-				asymKey = cert.getPublicKeyParameterForEncryption();
+				asymmetricEncryptionAlgorithm = cert.getAlgorithm();
+				asymKey = cert.getAsymmetricKeyParameter();
 				if (cert.HasError())
 				{
 					this.error = cert.GetError();