1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
/*
* PKCS#11 Mechanism
* (C) 2016 Daniel Neus, Sirrix AG
* (C) 2016 Philipp Weber, Sirrix AG
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_P11_MECHANISM_H_
#define BOTAN_P11_MECHANISM_H_
#include <botan/p11.h>
#include <utility>
#include <string>
#include <memory>
namespace Botan {
namespace PKCS11 {
/**
* Simple class to build and hold the data for a CK_MECHANISM struct
* for RSA (encryption/decryption, signature/verification)
* and EC (ECDSA signature/verification, ECDH key derivation).
*/
class MechanismWrapper final
{
public:
/// @param mechanism_type the CK_MECHANISM_TYPE for the `mechanism` field of the CK_MECHANISM struct
explicit MechanismWrapper(MechanismType mechanism_type);
/**
* Creates the CK_MECHANISM data for RSA encryption/decryption
* @param padding supported paddings are Raw (X.509), EME-PKCS1-v1_5 (PKCS#1 v1.5) and OAEP (PKCS#1 OAEP)
*/
static MechanismWrapper create_rsa_crypt_mechanism(const std::string& padding);
/**
* Creates the CK_MECHANISM data for RSA signature/verification
* @param padding supported paddings are Raw (X.509), EMSA3 (PKCS#1 v1.5), EMSA4 (PKCS#1 PSS),
* EMSA2 (ANSI X9.31) and ISO9796 (ISO/IEC 9796)
*/
static MechanismWrapper create_rsa_sign_mechanism(const std::string& padding);
/**
* Creates the CK_MECHANISM data for ECDSA signature/verification
* @param hash the hash algorithm used to hash the data to sign.
* supported hash functions are Raw and SHA-160 to SHA-512
*/
static MechanismWrapper create_ecdsa_mechanism(const std::string& hash);
/**
* Creates the CK_MECHANISM data for ECDH key derivation (CKM_ECDH1_DERIVE or CKM_ECDH1_COFACTOR_DERIVE)
* @param params specifies the key derivation function to use.
* Supported KDFs are Raw and SHA-160 to SHA-512.
* Params can also include the string "Cofactor" if the cofactor
* key derivation mechanism should be used, for example "SHA-512,Cofactor"
*/
static MechanismWrapper create_ecdh_mechanism(const std::string& params);
/**
* Sets the salt for the ECDH mechanism parameters.
* @param salt the salt
* @param salt_len size of the salt in bytes
*/
inline void set_ecdh_salt(const uint8_t salt[], size_t salt_len)
{
m_parameters->ecdh_params.pSharedData = const_cast<uint8_t*>(salt);
m_parameters->ecdh_params.ulSharedDataLen = static_cast<Ulong>(salt_len);
}
/**
* Sets the public key of the other party for the ECDH mechanism parameters.
* @param other_key key of the other party
* @param other_key_len size of the key of the other party in bytes
*/
inline void set_ecdh_other_key(const uint8_t other_key[], size_t other_key_len)
{
m_parameters->ecdh_params.pPublicData = const_cast<uint8_t*>(other_key);
m_parameters->ecdh_params.ulPublicDataLen = static_cast<Ulong>(other_key_len);
}
/// @return a pointer to the CK_MECHANISM struct that can be passed to the cryptoki functions
inline Mechanism* data() const
{
return const_cast<Mechanism*>(&m_mechanism);
}
/// @return the size of the padding in bytes (for encryption/decryption)
inline size_t padding_size() const
{
return m_padding_size;
}
/// Holds the mechanism parameters for OEAP, PSS and ECDH
union MechanismParameters
{
MechanismParameters()
{
std::memset(this, 0, sizeof(MechanismParameters));
}
RsaPkcsOaepParams oaep_params;
RsaPkcsPssParams pss_params;
Ecdh1DeriveParams ecdh_params;
};
private:
Mechanism m_mechanism;
std::shared_ptr<MechanismParameters> m_parameters;
size_t m_padding_size = 0;
};
}
}
#endif
|