diff options
| author | Jack Lloyd <[email protected]> | 2016-09-04 10:04:02 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-10-07 19:27:56 -0400 |
| commit | 25b6fb53eec30620d084411fb1dbc8913142fc6d (patch) | |
| tree | 6ffa291a3f4a74cac23bce304a42f4c26e33bcda /src/lib/prov/pkcs11 | |
| parent | 62cd6e3651711f759f870460599596ff5be904a5 (diff) | |
Remove Algo_Registry usage from public key code.
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
Diffstat (limited to 'src/lib/prov/pkcs11')
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecdh.cpp | 38 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecdh.h | 5 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecdsa.cpp | 22 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecdsa.h | 10 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_mechanism.cpp | 12 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_mechanism.h | 8 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_rsa.cpp | 53 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_rsa.h | 20 |
8 files changed, 117 insertions, 51 deletions
diff --git a/src/lib/prov/pkcs11/p11_ecdh.cpp b/src/lib/prov/pkcs11/p11_ecdh.cpp index de24d6da4..8d8d79db7 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.cpp +++ b/src/lib/prov/pkcs11/p11_ecdh.cpp @@ -14,7 +14,7 @@ #include <botan/ber_dec.h> #include <botan/der_enc.h> #include <botan/internal/algo_registry.h> -#include <botan/internal/pk_utils.h> +#include <botan/pk_ops.h> #include <botan/rng.h> namespace Botan { @@ -43,26 +43,8 @@ namespace { class PKCS11_ECDH_KA_Operation : public PK_Ops::Key_Agreement { public: - typedef PKCS11_EC_PrivateKey Key_Type; - - static PKCS11_ECDH_KA_Operation* make_ecdh(const Spec& spec, bool use_cofactor) - { - try - { - if(auto* key = dynamic_cast< const PKCS11_EC_PrivateKey* >(&spec.key())) - { - return new PKCS11_ECDH_KA_Operation(*key, spec.padding(), use_cofactor); - } - } - catch(...) - { - } - - return nullptr; - } - - PKCS11_ECDH_KA_Operation(const PKCS11_EC_PrivateKey& key, const std::string& kdf, bool use_cofactor) - : PK_Ops::Key_Agreement(), m_key(key), m_mechanism(MechanismWrapper::create_ecdh_mechanism(kdf, use_cofactor)) + PKCS11_ECDH_KA_Operation(const PKCS11_EC_PrivateKey& key, const std::string& params) + : PK_Ops::Key_Agreement(), m_key(key), m_mechanism(MechanismWrapper::create_ecdh_mechanism(params)) {} @@ -112,14 +94,16 @@ class PKCS11_ECDH_KA_Operation : public PK_Ops::Key_Agreement MechanismWrapper m_mechanism; }; -Algo_Registry<PK_Ops::Key_Agreement>::Add g_PKCS11_ECDH_KA_Operation_reg("ECDH", - std::bind(&PKCS11_ECDH_KA_Operation::make_ecdh, std::placeholders::_1, false), "pkcs11", BOTAN_PKCS11_ECDH_PRIO); - -Algo_Registry<PK_Ops::Key_Agreement>::Add g_PKCS11_ECDHC_KA_Operation_reg("ECDHC", - std::bind(&PKCS11_ECDH_KA_Operation::make_ecdh, std::placeholders::_1, true), "pkcs11", BOTAN_PKCS11_ECDH_PRIO); - } +std::unique_ptr<PK_Ops::Key_Agreement> +PKCS11_ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator&, + const std::string& params, + const std::string& /*provider*/) const + { + return std::unique_ptr<PK_Ops::Key_Agreement>(new PKCS11_ECDH_KA_Operation(*this, params)); + } + PKCS11_ECDH_KeyPair generate_ecdh_keypair(Session& session, const EC_PublicKeyGenerationProperties& pub_props, const EC_PrivateKeyGenerationProperties& priv_props) { diff --git a/src/lib/prov/pkcs11/p11_ecdh.h b/src/lib/prov/pkcs11/p11_ecdh.h index 749a00d52..ef9ccb250 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.h +++ b/src/lib/prov/pkcs11/p11_ecdh.h @@ -102,6 +102,11 @@ class BOTAN_DLL PKCS11_ECDH_PrivateKey final : public virtual PKCS11_EC_PrivateK ECDH_PrivateKey export_key() const; secure_vector<byte> pkcs8_private_key() const override; + + std::unique_ptr<PK_Ops::Key_Agreement> + create_key_agreement_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; }; using PKCS11_ECDH_KeyPair = std::pair<PKCS11_ECDH_PublicKey, PKCS11_ECDH_PrivateKey>; diff --git a/src/lib/prov/pkcs11/p11_ecdsa.cpp b/src/lib/prov/pkcs11/p11_ecdsa.cpp index 078bc429d..9e21a3701 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.cpp +++ b/src/lib/prov/pkcs11/p11_ecdsa.cpp @@ -12,7 +12,7 @@ #include <botan/internal/p11_mechanism.h> #include <botan/internal/algo_registry.h> -#include <botan/internal/pk_utils.h> +#include <botan/pk_ops.h> #include <botan/keypair.h> #include <botan/rng.h> @@ -198,13 +198,23 @@ class PKCS11_ECDSA_Verification_Operation : public PK_Ops::Verification bool m_initialized = false; }; -BOTAN_REGISTER_TYPE(PK_Ops::Signature, PKCS11_ECDSA_Signature_Operation, "ECDSA", - (make_pk_op<PK_Ops::Signature, PKCS11_ECDSA_Signature_Operation>), "pkcs11", BOTAN_PKCS11_ECDSA_PRIO); +} -BOTAN_REGISTER_TYPE(PK_Ops::Verification, PKCS11_ECDSA_Verification_Operation, "ECDSA", - (make_pk_op<PK_Ops::Verification, PKCS11_ECDSA_Verification_Operation>), "pkcs11", BOTAN_PKCS11_ECDSA_PRIO); +std::unique_ptr<PK_Ops::Verification> +PKCS11_ECDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const + { + return std::unique_ptr<PK_Ops::Verification>(new PKCS11_ECDSA_Verification_Operation(*this, params)); + } -} +std::unique_ptr<PK_Ops::Signature> +PKCS11_ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const + { + return std::unique_ptr<PK_Ops::Signature>(new PKCS11_ECDSA_Signature_Operation(*this, params)); + } PKCS11_ECDSA_KeyPair generate_ecdsa_keypair(Session& session, const EC_PublicKeyGenerationProperties& pub_props, const EC_PrivateKeyGenerationProperties& priv_props) diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h index d3d07a780..d391ce0b9 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.h +++ b/src/lib/prov/pkcs11/p11_ecdsa.h @@ -55,6 +55,11 @@ class BOTAN_DLL PKCS11_ECDSA_PublicKey final : public PKCS11_EC_PublicKey, publi /// @return the exported ECDSA public key ECDSA_PublicKey export_key() const; + + std::unique_ptr<PK_Ops::Verification> + create_verification_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; }; /// Represents a PKCS#11 ECDSA private key @@ -107,6 +112,11 @@ class BOTAN_DLL PKCS11_ECDSA_PrivateKey final : public PKCS11_EC_PrivateKey secure_vector<byte> pkcs8_private_key() const override; bool check_key(RandomNumberGenerator&, bool) const override; + + std::unique_ptr<PK_Ops::Signature> + create_signature_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; }; using PKCS11_ECDSA_KeyPair = std::pair<PKCS11_ECDSA_PublicKey, PKCS11_ECDSA_PrivateKey>; diff --git a/src/lib/prov/pkcs11/p11_mechanism.cpp b/src/lib/prov/pkcs11/p11_mechanism.cpp index 07ac00770..a4c6e73a7 100644 --- a/src/lib/prov/pkcs11/p11_mechanism.cpp +++ b/src/lib/prov/pkcs11/p11_mechanism.cpp @@ -219,8 +219,18 @@ MechanismWrapper MechanismWrapper::create_ecdsa_mechanism(const std::string& has return MechanismWrapper(mechanism_type->second); } -MechanismWrapper MechanismWrapper::create_ecdh_mechanism(const std::string& kdf_name, bool use_cofactor) +MechanismWrapper MechanismWrapper::create_ecdh_mechanism(const std::string& params) { + std::vector<std::string> param_parts = split_on(params, ','); + + if(param_parts.empty() || param_parts.size() > 2) + throw Invalid_Argument("PKCS #11 ECDH key derivation bad params " + params); + + const bool use_cofactor = + (param_parts[0] == "Cofactor") || + (param_parts.size() == 2 && param_parts[1] == "Cofactor"); + + std::string kdf_name = (param_parts[0] == "Cofactor" ? param_parts[1] : param_parts[0]); std::string hash = kdf_name; if(kdf_name != "Raw") diff --git a/src/lib/prov/pkcs11/p11_mechanism.h b/src/lib/prov/pkcs11/p11_mechanism.h index 5d8c826ee..0f7b6f07c 100644 --- a/src/lib/prov/pkcs11/p11_mechanism.h +++ b/src/lib/prov/pkcs11/p11_mechanism.h @@ -51,10 +51,12 @@ class MechanismWrapper final /** * Creates the CK_MECHANISM data for ECDH key derivation (CKM_ECDH1_DERIVE or CKM_ECDH1_COFACTOR_DERIVE) - * @param kdf_name the key derivation function to use. Supported KDFs are Raw and SHA-160 to SHA-512 - * @param use_cofactor true if the cofactor key derivation mechanism should be used + * @param params specifies the key derivation function to use. + * Supported KDFs are Raw and SHA-160 to SHA-512. + * Params can also include the string "Cofactor" if the cofactor + * key derivation mechanism should be used, for example "SHA-512,Cofactor" */ - static MechanismWrapper create_ecdh_mechanism(const std::string& kdf_name, bool use_cofactor); + static MechanismWrapper create_ecdh_mechanism(const std::string& params); /// Sets the salt for the ECDH mechanism parameters inline void set_ecdh_salt(const byte salt[], size_t salt_len) diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index 9e5675301..18965fd95 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -13,7 +13,7 @@ #include <botan/internal/p11_mechanism.h> #include <botan/pk_ops.h> #include <botan/internal/algo_registry.h> -#include <botan/internal/pk_utils.h> +#include <botan/pk_ops.h> #include <botan/rng.h> #include <botan/blinding.h> @@ -125,14 +125,18 @@ secure_vector<byte> PKCS11_RSA_PrivateKey::pkcs8_private_key() const namespace { // note: multiple-part decryption operations (with C_DecryptUpdate/C_DecryptFinal) // are not supported (PK_Ops::Decryption does not provide an `update` method) -class PKCS11_RSA_Decryption_Operation : public PK_Ops::Decryption +class PKCS11_RSA_Decryption_Operation final : public PK_Ops::Decryption { public: typedef PKCS11_RSA_PrivateKey Key_Type; - PKCS11_RSA_Decryption_Operation(const PKCS11_RSA_PrivateKey& key, const std::string& padding) - : m_key(key), m_mechanism(MechanismWrapper::create_rsa_crypt_mechanism(padding)), - m_powermod(m_key.get_e(), m_key.get_n()), m_blinder(m_key.get_n(), + PKCS11_RSA_Decryption_Operation(const PKCS11_RSA_PrivateKey& key, + const std::string& padding, + RandomNumberGenerator& rng) + : m_key(key), + m_mechanism(MechanismWrapper::create_rsa_crypt_mechanism(padding)), + m_powermod(m_key.get_e(), m_key.get_n()), + m_blinder(m_key.get_n(), rng, [ this ](const BigInt& k) { return m_powermod(k); }, [ this ](const BigInt& k) { return inverse_mod(k, m_key.get_n()); }) { @@ -343,19 +347,39 @@ class PKCS11_RSA_Verification_Operation : public PK_Ops::Verification MechanismWrapper m_mechanism; }; -BOTAN_REGISTER_TYPE(PK_Ops::Decryption, PKCS11_RSA_Decryption_Operation, "RSA", - (make_pk_op<PK_Ops::Decryption, PKCS11_RSA_Decryption_Operation>), "pkcs11", BOTAN_PKCS11_RSA_PRIO); +} -BOTAN_REGISTER_TYPE(PK_Ops::Encryption, PKCS11_RSA_Encryption_Operation, "RSA", - (make_pk_op<PK_Ops::Encryption, PKCS11_RSA_Encryption_Operation>), "pkcs11", BOTAN_PKCS11_RSA_PRIO); +std::unique_ptr<PK_Ops::Encryption> +PKCS11_RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& /*provider*/) const + { + return std::unique_ptr<PK_Ops::Encryption>(new PKCS11_RSA_Encryption_Operation(*this, params)); + } -BOTAN_REGISTER_TYPE(PK_Ops::Signature, PKCS11_RSA_Signature_Operation, "RSA", - (make_pk_op<PK_Ops::Signature, PKCS11_RSA_Signature_Operation>), "pkcs11", BOTAN_PKCS11_RSA_PRIO); +std::unique_ptr<PK_Ops::Verification> +PKCS11_RSA_PublicKey::create_verification_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& /*provider*/) const + { + return std::unique_ptr<PK_Ops::Verification>(new PKCS11_RSA_Verification_Operation(*this, params)); + } -BOTAN_REGISTER_TYPE(PK_Ops::Verification, PKCS11_RSA_Verification_Operation, "RSA", - (make_pk_op<PK_Ops::Verification, PKCS11_RSA_Verification_Operation>), "pkcs11", BOTAN_PKCS11_RSA_PRIO); +std::unique_ptr<PK_Ops::Decryption> +PKCS11_RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& /*provider*/) const + { + return std::unique_ptr<PK_Ops::Decryption>(new PKCS11_RSA_Decryption_Operation(*this, params, rng)); + } -} +std::unique_ptr<PK_Ops::Signature> +PKCS11_RSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& /*provider*/) const + { + return std::unique_ptr<PK_Ops::Signature>(new PKCS11_RSA_Signature_Operation(*this, params)); + } PKCS11_RSA_KeyPair generate_rsa_keypair(Session& session, const RSA_PublicKeyGenerationProperties& pub_props, const RSA_PrivateKeyGenerationProperties& priv_props) @@ -374,4 +398,5 @@ PKCS11_RSA_KeyPair generate_rsa_keypair(Session& session, const RSA_PublicKeyGen } } + #endif diff --git a/src/lib/prov/pkcs11/p11_rsa.h b/src/lib/prov/pkcs11/p11_rsa.h index 2739cf3e5..6a085a7d7 100644 --- a/src/lib/prov/pkcs11/p11_rsa.h +++ b/src/lib/prov/pkcs11/p11_rsa.h @@ -83,6 +83,16 @@ class BOTAN_DLL PKCS11_RSA_PublicKey final : public RSA_PublicKey, * @param pubkey_props the attributes of the public key */ PKCS11_RSA_PublicKey(Session& session, const RSA_PublicKeyImportProperties& pubkey_props); + + std::unique_ptr<PK_Ops::Encryption> + create_encryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; + + std::unique_ptr<PK_Ops::Verification> + create_verification_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; }; /// Properties for importing a PKCS#11 RSA private key @@ -192,6 +202,16 @@ class BOTAN_DLL PKCS11_RSA_PrivateKey final : public Private_Key, RSA_PrivateKey export_key() const; secure_vector<byte> pkcs8_private_key() const override; + + std::unique_ptr<PK_Ops::Decryption> + create_decryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; + + std::unique_ptr<PK_Ops::Signature> + create_signature_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; }; using PKCS11_RSA_KeyPair = std::pair<PKCS11_RSA_PublicKey, PKCS11_RSA_PrivateKey>; |