From 2ea6f9b1963795dad74489b41bc7d37f897d7a21 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Fri, 17 Jun 2016 11:37:18 +0200 Subject: add PKCS#11 support --- src/lib/prov/pkcs11/p11_ecc_key.h | 229 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 src/lib/prov/pkcs11/p11_ecc_key.h (limited to 'src/lib/prov/pkcs11/p11_ecc_key.h') diff --git a/src/lib/prov/pkcs11/p11_ecc_key.h b/src/lib/prov/pkcs11/p11_ecc_key.h new file mode 100644 index 000000000..a32a78339 --- /dev/null +++ b/src/lib/prov/pkcs11/p11_ecc_key.h @@ -0,0 +1,229 @@ +/* +* PKCS#11 ECC +* (C) 2016 Daniel Neus, Sirrix AG +* (C) 2016 Philipp Weber, Sirrix AG +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_P11_ECC_H__ +#define BOTAN_P11_ECC_H__ + +#include +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) + +#include +#include +#include +#include +#include +#include + +#include + +namespace Botan { +namespace PKCS11 { + +class Session; + +/// Properties for generating a PKCS#11 EC public key +class BOTAN_DLL EC_PublicKeyGenerationProperties final : public PublicKeyProperties + { + public: + /// @param ec_params DER-encoding of an ANSI X9.62 Parameters value + EC_PublicKeyGenerationProperties(const std::vector& ec_params); + + /// @return the DER-encoding of the ec parameters according to ANSI X9.62 + inline const std::vector& ec_params() const + { + return m_ec_params; + } + + private: + const std::vector m_ec_params; + }; + +/// Properties for importing a PKCS#11 EC public key +class BOTAN_DLL EC_PublicKeyImportProperties final : public PublicKeyProperties + { + public: + /** + * @param ec_params DER-encoding of an ANSI X9.62 Parameters value + * @param ec_point DER-encoding of ANSI X9.62 ECPoint value Q + */ + EC_PublicKeyImportProperties(const std::vector& ec_params, const std::vector& ec_point); + + /// @return the DER-encoding of the ec parameters according to ANSI X9.62 + inline const std::vector& ec_params() const + { + return m_ec_params; + } + + /// @return the DER-encoding of the ec public point according to ANSI X9.62 + inline const std::vector& ec_point() const + { + return m_ec_point; + } + + private: + const std::vector m_ec_params; + const std::vector m_ec_point; + }; + +/// Represents a PKCS#11 EC public key +class BOTAN_DLL PKCS11_EC_PublicKey : public virtual EC_PublicKey, + public Object + { + public: + static const ObjectClass Class = ObjectClass::PublicKey; + + /** + * Creates a PKCS11_EC_PublicKey object from an existing PKCS#11 EC public key + * @param session the session to use + * @param handle the handle of the ecc public key + */ + PKCS11_EC_PublicKey(Session& session, ObjectHandle handle); + + /** + * Imports an EC public key + * @param session the session to use + * @param props the attributes of the public key + */ + PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImportProperties& props); + + size_t max_input_bits() const override; + }; + +/// Properties for generating a PKCS#11 EC private key +class BOTAN_DLL EC_PrivateKeyGenerationProperties final : public PrivateKeyProperties + { + public: + EC_PrivateKeyGenerationProperties() + : PrivateKeyProperties(KeyType::Ec) + {} + }; + +/// Properties for importing a PKCS#11 EC private key +class BOTAN_DLL EC_PrivateKeyImportProperties final : public PrivateKeyProperties + { + public: + /** + * @param ec_params DER-encoding of an ANSI X9.62 Parameters value + * @param value ANSI X9.62 private value d + */ + EC_PrivateKeyImportProperties(const std::vector& ec_params, const BigInt& value); + + /// @return the DER-encoding of the ec parameters according to ANSI X9.62 + inline const std::vector& ec_params() const + { + return m_ec_params; + } + + /// @return the value of the ec private key + inline const BigInt& value() const + { + return m_value; + } + + private: + const std::vector m_ec_params; + const BigInt m_value; + }; + +// note: don't inherit from PKCS11_EC_PublicKey: a private key object IS NOT A public key object on a smartcard (-> two different objects) +// note: don't inherit from EC_PublicKey: the public key can not be extracted from a PKCS11-EC-PrivateKey (its only attributes are CKA_EC_PARAMS and CKA_VALUE) +/// Represents a PKCS#11 EC private key +class BOTAN_DLL PKCS11_EC_PrivateKey : public virtual Private_Key, + public Object + { + public: + static const ObjectClass Class = ObjectClass::PrivateKey; + + /** + * Creates a PKCS11_EC_PrivateKey object from an existing PKCS#11 EC private key + * @param session the session to use + * @param handle the handle of the EC private key + */ + PKCS11_EC_PrivateKey(Session& session, ObjectHandle handle); + + /** + * Imports an EC private key + * @param session the session to use + * @param props the attributes of the private key + */ + PKCS11_EC_PrivateKey(Session& session, const EC_PrivateKeyImportProperties& props); + + /** + * Generates a PKCS#11 EC private key + * @param session the session to use + * @param ec_params DER-encoding of an ANSI X9.62 Parameters value + * @param props the attributes of the private key + * @note no persistent public key object will be created + */ + PKCS11_EC_PrivateKey(Session& session, const std::vector& ec_params, + const EC_PrivateKeyGenerationProperties& props); + + /// @returns the domain of the EC private key + inline const EC_Group& domain() const + { + return m_domain_params; + } + + /** + * Sets the associated public point of this private key + * @param point the public point + * @param point_encoding encoding of the point (default DER-encoded) + */ + void set_public_point(const PointGFp& point, PublicPointEncoding point_encoding = PublicPointEncoding::Der) + { + m_public_key = point; + m_point_encoding = point_encoding; + } + + /** + * Gets the public_point + * @note: the public key must be set using `set_public_point` + * because it is not possible to infer the public key from a PKCS#11 EC private key + * @return the public point of the private key + * @throws Exception if the public point was not set using set_public_point() + */ + + const PointGFp& public_point() const + { + if(m_public_key.is_zero()) + { + throw Exception("Public point not set. Inferring the public key from a PKCS#11 ec private key is not possible."); + } + return m_public_key; + } + + /// @return the encoding format for the public point when it is passed to cryptoki functions as an argument + PublicPointEncoding point_encoding() const + { + return m_point_encoding; + } + + // Private_Key methods + + std::size_t max_input_bits() const override; + + std::vector x509_subject_public_key() const override; + + std::size_t estimated_strength() const override; + + bool check_key(RandomNumberGenerator&, bool) const override; + + AlgorithmIdentifier algorithm_identifier() const override; + + private: + EC_Group m_domain_params; + PointGFp m_public_key; + PublicPointEncoding m_point_encoding; + }; +} + +} + +#endif + +#endif -- cgit v1.2.3 From 3c39fd81b905db2532c6e63b3f5f13be706ca7c1 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 23 Aug 2016 12:13:22 -0400 Subject: Work around some amalgamation issues. I think probably what these headers had should work, but end up confusing the generator and breaking the build: https://travis-ci.org/randombit/botan/jobs/154197472 --- src/lib/prov/pkcs11/p11_ecc_key.h | 5 ++--- src/lib/prov/pkcs11/p11_rsa.h | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'src/lib/prov/pkcs11/p11_ecc_key.h') diff --git a/src/lib/prov/pkcs11/p11_ecc_key.h b/src/lib/prov/pkcs11/p11_ecc_key.h index a32a78339..ac0667f89 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.h +++ b/src/lib/prov/pkcs11/p11_ecc_key.h @@ -10,15 +10,14 @@ #define BOTAN_P11_ECC_H__ #include -#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) - #include #include + +#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) #include #include #include #include - #include namespace Botan { diff --git a/src/lib/prov/pkcs11/p11_rsa.h b/src/lib/prov/pkcs11/p11_rsa.h index bf1422dc2..2739cf3e5 100644 --- a/src/lib/prov/pkcs11/p11_rsa.h +++ b/src/lib/prov/pkcs11/p11_rsa.h @@ -10,13 +10,12 @@ #define BOTAN_P11_RSA_H__ #include -#if defined(BOTAN_HAS_RSA) - #include #include #include -#include +#if defined(BOTAN_HAS_RSA) +#include #include namespace Botan { -- cgit v1.2.3 From 91474f60d72937ad3c21d8aa53c14f7a0cceb9ca Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Tue, 23 Aug 2016 13:09:35 -0400 Subject: Another PKCS #11 amalg fix --- src/lib/prov/pkcs11/p11_ecc_key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib/prov/pkcs11/p11_ecc_key.h') diff --git a/src/lib/prov/pkcs11/p11_ecc_key.h b/src/lib/prov/pkcs11/p11_ecc_key.h index ac0667f89..3d10ae85e 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.h +++ b/src/lib/prov/pkcs11/p11_ecc_key.h @@ -11,9 +11,9 @@ #include #include -#include #if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO) +#include #include #include #include -- cgit v1.2.3