1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
/*
* PKCS#11 RSA
* (C) 2016 Daniel Neus, Sirrix AG
* (C) 2016 Philipp Weber, Sirrix AG
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_P11_RSA_H_
#define BOTAN_P11_RSA_H_
#include <botan/p11_session.h>
#include <botan/p11_object.h>
#if defined(BOTAN_HAS_RSA)
#include <botan/rsa.h>
#include <utility>
namespace Botan {
namespace PKCS11 {
/// Properties for generating a PKCS#11 RSA public key
class BOTAN_PUBLIC_API(2,0) RSA_PublicKeyGenerationProperties final : public PublicKeyProperties
{
public:
/// @param bits length in bits of modulus n
explicit RSA_PublicKeyGenerationProperties(Ulong bits);
/// @param pub_exponent public exponent e
inline void set_pub_exponent(const BigInt& pub_exponent = BigInt(0x10001))
{
add_binary(AttributeType::PublicExponent, BigInt::encode(pub_exponent));
}
virtual ~RSA_PublicKeyGenerationProperties() = default;
};
/// Properties for importing a PKCS#11 RSA public key
class BOTAN_PUBLIC_API(2,0) RSA_PublicKeyImportProperties final : public PublicKeyProperties
{
public:
/// @param modulus modulus n
/// @param pub_exponent public exponent e
RSA_PublicKeyImportProperties(const BigInt& modulus, const BigInt& pub_exponent);
/// @return the modulus
inline const BigInt& modulus() const
{
return m_modulus;
}
/// @return the public exponent
inline const BigInt& pub_exponent() const
{
return m_pub_exponent;
}
virtual ~RSA_PublicKeyImportProperties() = default;
private:
const BigInt m_modulus;
const BigInt m_pub_exponent;
};
/// Represents a PKCS#11 RSA public key
class BOTAN_PUBLIC_API(2,0) PKCS11_RSA_PublicKey : public RSA_PublicKey,
public Object
{
public:
static const ObjectClass Class = ObjectClass::PublicKey;
/**
* Creates a PKCS11_RSA_PublicKey object from an existing PKCS#11 RSA public key
* @param session the session to use
* @param handle the handle of the RSA public key
*/
PKCS11_RSA_PublicKey(Session& session, ObjectHandle handle);
/**
* Imports a RSA public key
* @param session the session to use
* @param pubkey_props the attributes of the public key
*/
PKCS11_RSA_PublicKey(Session& session, const RSA_PublicKeyImportProperties& pubkey_props);
std::unique_ptr<PK_Ops::Encryption>
create_encryption_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const override;
std::unique_ptr<PK_Ops::Verification>
create_verification_op(const std::string& params,
const std::string& provider) const override;
};
/// Properties for importing a PKCS#11 RSA private key
class BOTAN_PUBLIC_API(2,0) RSA_PrivateKeyImportProperties final : public PrivateKeyProperties
{
public:
/**
* @param modulus modulus n
* @param priv_exponent private exponent d
*/
RSA_PrivateKeyImportProperties(const BigInt& modulus, const BigInt& priv_exponent);
/// @param pub_exponent public exponent e
inline void set_pub_exponent(const BigInt& pub_exponent)
{
add_binary(AttributeType::PublicExponent, BigInt::encode(pub_exponent));
}
/// @param prime1 prime p
inline void set_prime_1(const BigInt& prime1)
{
add_binary(AttributeType::Prime1, BigInt::encode(prime1));
}
/// @param prime2 prime q
inline void set_prime_2(const BigInt& prime2)
{
add_binary(AttributeType::Prime2, BigInt::encode(prime2));
}
/// @param exp1 private exponent d modulo p-1
inline void set_exponent_1(const BigInt& exp1)
{
add_binary(AttributeType::Exponent1, BigInt::encode(exp1));
}
/// @param exp2 private exponent d modulo q-1
inline void set_exponent_2(const BigInt& exp2)
{
add_binary(AttributeType::Exponent2, BigInt::encode(exp2));
}
/// @param coeff CRT coefficient q^-1 mod p
inline void set_coefficient(const BigInt& coeff)
{
add_binary(AttributeType::Coefficient, BigInt::encode(coeff));
}
/// @return the modulus
inline const BigInt& modulus() const
{
return m_modulus;
}
/// @return the private exponent
inline const BigInt& priv_exponent() const
{
return m_priv_exponent;
}
virtual ~RSA_PrivateKeyImportProperties() = default;
private:
const BigInt m_modulus;
const BigInt m_priv_exponent;
};
/// Properties for generating a PKCS#11 RSA private key
class BOTAN_PUBLIC_API(2,0) RSA_PrivateKeyGenerationProperties final : public PrivateKeyProperties
{
public:
RSA_PrivateKeyGenerationProperties()
: PrivateKeyProperties(KeyType::Rsa)
{}
virtual ~RSA_PrivateKeyGenerationProperties() = default;
};
/// Represents a PKCS#11 RSA private key
class BOTAN_PUBLIC_API(2,0) PKCS11_RSA_PrivateKey final : public Private_Key,
public RSA_PublicKey,
public Object
{
public:
static const ObjectClass Class = ObjectClass::PrivateKey;
/// Creates a PKCS11_RSA_PrivateKey object from an existing PKCS#11 RSA private key
PKCS11_RSA_PrivateKey(Session& session, ObjectHandle handle);
/**
* Imports a RSA private key
* @param session the session to use
* @param priv_key_props the properties of the RSA private key
*/
PKCS11_RSA_PrivateKey(Session& session, const RSA_PrivateKeyImportProperties& priv_key_props);
/**
* Generates a PKCS#11 RSA private key
* @param session the session to use
* @param bits length in bits of modulus n
* @param priv_key_props the properties of the RSA private key
* @note no persistent public key object will be created
*/
PKCS11_RSA_PrivateKey(Session& session, uint32_t bits, const RSA_PrivateKeyGenerationProperties& priv_key_props);
/// @return the exported RSA private key
RSA_PrivateKey export_key() const;
secure_vector<uint8_t> private_key_bits() const override;
std::unique_ptr<PK_Ops::Decryption>
create_decryption_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const override;
std::unique_ptr<PK_Ops::Signature>
create_signature_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const override;
};
using PKCS11_RSA_KeyPair = std::pair<PKCS11_RSA_PublicKey, PKCS11_RSA_PrivateKey>;
/**
* RSA key pair generation
* @param session the session that should be used for the key generation
* @param pub_props properties of the public key
* @param priv_props properties of the private key
*/
BOTAN_PUBLIC_API(2,0) PKCS11_RSA_KeyPair generate_rsa_keypair(Session& session, const RSA_PublicKeyGenerationProperties& pub_props,
const RSA_PrivateKeyGenerationProperties& priv_props);
}
}
#endif
#endif
|