Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SecurityAPI - Cryptography and related functions using public key outside a certificate implementation #789

Merged
merged 3 commits into from
Apr 24, 2023
Merged

SecurityAPI - Cryptography and related functions using public key outside a certificate implementation #789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
16331af
Add public keys to the modules
sgrampone Sep 29, 2022
b28a008
Fix error meesages and codes
sgrampone Oct 7, 2022
554b379
Merge branch 'master' into public_key
claudiamurialdo Mar 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .../SecurityAPI/dotnet/dotnetcore/SecurityAPICommonsNetCore/SecurityAPICommonsNetCore.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<TargetFrameworks>net6.0</TargetFrameworks>
Expand All @@ -16,7 +16,8 @@
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Certificate.cs" Link="Commons\Certificate.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Error.cs" Link="Commons\Error.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\Key.cs" Link="Commons\Key.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PrivateKey.cs" Link="Commons\PrivateKey.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PublicKey.cs" Link="Commons\PublicKey.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\PrivateKey.cs" Link="Commons\PrivateKey.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Commons\SecurityAPIObject.cs" Link="Commons\SecurityAPIObject.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Config\AvailableEncoding.cs" Link="Config\AvailableEncoding.cs" />
<Compile Include="..\..\dotnetframework\SecurityAPICommons\Config\EncodingUtil.cs" Link="Config\EncodingUtil.cs" />
Expand Down
131 changes: 106 additions & 25 deletions ...ons/SecurityAPI/dotnet/dotnetframework/GeneXusCryptography/Asymmetric/AsymmetricCipher.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Utilities.Encoders;
using System.Security;

using SecurityAPICommons.Utils;

namespace GeneXusCryptography.Asymmetric
{
Expand All @@ -34,46 +34,122 @@ public AsymmetricCipher() : base()

[SecuritySafeCritical]
public string DoEncrypt_WithPrivateKey(string hashAlgorithm, string asymmetricEncryptionPadding, PrivateKeyManager key, string plainText)
{
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("plainText", plainText, this.error);
SecurityUtils.validateObjectInput("key", key, this.error);
if (this.HasError())
{
return "";
}

/******* INPUT VERIFICATION - END *******/
return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, plainText, false);
}

[SecuritySafeCritical]
#pragma warning disable CA1707 // Identifiers should not contain underscores
public string DoEncrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, PublicKey key, string plainText)
#pragma warning restore CA1707 // Identifiers should not contain underscores
{

if (this.HasError() || key == null)
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("plainText", plainText, this.error);
SecurityUtils.validateObjectInput("key", key, this.error);
if (this.HasError())
{
return "";
}
return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, plainText);

/******* INPUT VERIFICATION - END *******/

return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, false, plainText, true);
}

[SecuritySafeCritical]
public string DoEncrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string plainText)
public string DoEncrypt_WithCertificate(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string plainText)
{

if (this.HasError() || certificate == null)
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("plainText", plainText, this.error);
SecurityUtils.validateObjectInput("certificate", certificate, this.error);
if (this.HasError())
{
return "";
}
return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, plainText);

/******* INPUT VERIFICATION - END *******/

return DoEncryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, plainText, false);
}

[SecuritySafeCritical]
public string DoDecrypt_WithPrivateKey(string hashAlgorithm, string asymmetricEncryptionPadding, PrivateKeyManager key, string encryptedInput)
{
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
SecurityUtils.validateObjectInput("key", key, this.error);
if (this.HasError())
{
return "";
}

/******* INPUT VERIFICATION - END *******/

if (this.HasError() || key == null)
return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, encryptedInput, false);
}

[SecuritySafeCritical]
public string DoDecrypt_WithCertificate(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string encryptedInput)
{
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
SecurityUtils.validateObjectInput("certificate", certificate, this.error);
if (this.HasError())
{
return "";
}
return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, true, encryptedInput);

/******* INPUT VERIFICATION - END *******/

return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, encryptedInput, false);
}

[SecuritySafeCritical]
public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, CertificateX509 certificate, string encryptedInput)
#pragma warning disable CA1707 // Identifiers should not contain underscores
public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEncryptionPadding, PublicKey key, string encryptedInput)
#pragma warning restore CA1707 // Identifiers should not contain underscores
{

if (this.HasError() || certificate == null)
this.error.cleanError();
/******* INPUT VERIFICATION - BEGIN *******/
SecurityUtils.validateObjectInput("hashAlgorithm", hashAlgorithm, this.error);
SecurityUtils.validateStringInput("asymmetricEncryptionPadding", asymmetricEncryptionPadding, this.error);
SecurityUtils.validateStringInput("encryptedInput", encryptedInput, this.error);
SecurityUtils.validateObjectInput("key", key, this.error);
if (this.HasError())
{
return "";
}
return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, certificate, false, encryptedInput);

/******* INPUT VERIFICATION - END *******/

return DoDecryptInternal(hashAlgorithm, asymmetricEncryptionPadding, key, false, encryptedInput, true);
}


Expand All @@ -92,7 +168,7 @@ public string DoDecrypt_WithPublicKey(string hashAlgorithm, string asymmetricEnc
/// <param name="password">Srting keysore/certificate pkcs12 format alias</param>
/// <param name="plainText">string to encrypt</param>
/// <returns>string Base64 encrypted plainText text</returns>
private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string plainText)
private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string plainText, bool isPublicKey)
{
this.error.cleanError();

Expand All @@ -113,9 +189,9 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
this.error = keyMan.GetError();
return "";
}
asymmetricEncryptionAlgorithm = keyMan.getPrivateKeyAlgorithm();
asymmetricEncryptionAlgorithm = keyMan.getAlgorithm();

asymKey = keyMan.getPrivateKeyParameterForEncryption();
asymKey = keyMan.getAsymmetricKeyParameter();
if (keyMan.HasError())
{
this.error = keyMan.GetError();
Expand All @@ -124,14 +200,19 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
}
else
{
CertificateX509 cert = (CertificateX509)key;
if (!cert.Inicialized || cert.HasError())
PublicKey cert = isPublicKey ? (PublicKey)key : (CertificateX509)key;
if (cert.HasError())
{
this.error = cert.GetError();
return "";
}
asymmetricEncryptionAlgorithm = cert.getPublicKeyAlgorithm();
asymKey = cert.getPublicKeyParameterForEncryption();
if (cert.HasError())
{
this.error = cert.GetError();
return "";
}
asymmetricEncryptionAlgorithm = cert.getAlgorithm();
asymKey = cert.getAsymmetricKeyParameter();
if (cert.HasError())
{
this.error = cert.GetError();
Expand Down Expand Up @@ -166,7 +247,7 @@ private string DoEncryptInternal(string hashAlgorithm, string asymmetricEncrypti
/// <param name="password">Srting keysore/certificate pkcs12 format alias</param>
/// <param name="encryptedInput"></param>
/// <returns>string decypted encryptedInput text</returns>
private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string encryptedInput)
private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncryptionPadding, Key key, bool isPrivate, string encryptedInput, bool isPublicKey)
{
this.error.cleanError();

Expand All @@ -187,9 +268,9 @@ private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncrypti
this.error = keyMan.GetError();
return "";
}
asymmetricEncryptionAlgorithm = keyMan.getPrivateKeyAlgorithm();
asymmetricEncryptionAlgorithm = keyMan.getAlgorithm();

asymKey = keyMan.getPrivateKeyParameterForEncryption();
asymKey = keyMan.getAsymmetricKeyParameter();
if (keyMan.HasError())
{
this.error = keyMan.GetError();
Expand All @@ -198,14 +279,14 @@ private string DoDecryptInternal(string hashAlgorithm, string asymmetricEncrypti
}
else
{
CertificateX509 cert = (CertificateX509)key;
if (!cert.Inicialized || cert.HasError())
PublicKey cert = isPublicKey ? (PublicKey)key : (CertificateX509)key;
if (cert.HasError())
{
this.error = cert.GetError();
return "";
}
asymmetricEncryptionAlgorithm = cert.getPublicKeyAlgorithm();
asymKey = cert.getPublicKeyParameterForEncryption();
asymmetricEncryptionAlgorithm = cert.getAlgorithm();
asymKey = cert.getAsymmetricKeyParameter();
if (cert.HasError())
{
this.error = cert.GetError();
Expand Down
Loading