Cryptographic Abstraction Layer

Collaboration diagram for Cryptographic Abstraction Layer:

---

Detailed Description

The interface layer between the cryptographic modules and the XML Security library. It has been created to allow users to easily integrate other cryptographic libraries into the XML-Security library.

The XML-Security-C library itself makes calls to this interface layer to perform all cryptographic procedures. In order to instantiate the correct object (i.e. the object that belongs to the correct crypto library), XSEC makes calls to the virtual class XSECCryptoProvider, which returns pointers to particular virtual class objects.

The cryptographic interface has been kept as thin as possible. The classes are not meant to provide a complete wrapper for the cryptographic libraries involved. The application program is expected to deal directly with the chosen library. This ensures that the xml-security library can perform the functions it needs to, but does not constrain the application in what it can do.

Therefore, three type of methods are available on any cryptographic class.

• Required methods are those absolutely necessary for the library to operate. For example, these include the methods necessary for the library to decode a base64 encoded signature and validate it against a defined key.
• Optional methods are used by the ancillary classes in the library. For example, the default KeyInfoResolver can use an optional method to extract a public key from a certificate. This is not strictly necessary, as the calling application could provide a resolver that does this work directly rather than using the XSECCryptoX509 class.
• Library Specific methods are those methods that are unique to a particular library. For example, the OpenSSLCryptoX509 class has a Library Specific constructor that takes an OpenSSL X509 structure as its argument.

Unless marked otherwise, all methods defined in the XSECCrypto* classes are Required.

The particular instantiation of XSECCryptoProvider that is to be used is set via the XSECPlatformUtils::Initialise() function call. If no provider is passed in, the Initialise function generates an OpenSSLCryptoProvider class for use. If OpenSSL is not available under windows, the library will use the Windows CAPI instead.

The provider is kept in a global variable, and is used by all signature objects created by a particular application. At this time there is no way to have different signature objects use different CryptoProviders

Todo:

Add an ability to better handle "optional" functions. The library should make a call to the provider to see whether an optional function (e.g. extract key from X509) has been provided.

@{

Modules
	OpenSSL Interface
	Windows Crypto API Interface
	Internal Crypto API Interface
Classes
class	XSECCryptoBase64
	Base64 encode/decode handler interface class. More...
class	XSECCryptoException
	Exception class used by the cryptographic modules. More...
class	XSECCryptoHash
	Interface definition for Hash functions. More...
class	XSECCryptoKey
	Base interface class for key material. More...
class	XSECCryptoKeyDSA
	Interface class for DSA keys. More...
class	XSECCryptoKeyHMAC
	Interface class for HMAC keys. More...
class	XSECCryptoKeyRSA
	Interface class for RSA keys. More...
class	XSECCryptoSymmetricKey
	Base interface definition for symmetric key material. More...
class	XSECCryptoX509
	Interface class for X509 certificates. More...
Defines
#define	XKMSAuthenticationValue   0x01
	Helper utilities for crypto.
Variables
const char *	XSECCryptoExceptionStrings []
	Exception strings.

---

Define Documentation

#define XKMSAuthenticationValue   0x01

Helper utilities for crypto.

---

Variable Documentation

const char* XSECCryptoExceptionStrings[]

Exception strings. Global array of strings that can be looked up using the #type element of an XSECCryptoException to determine a default string for the erro

---