Botan  2.15.0
Crypto and TLS for C++11
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::PKCS11::MechanismWrapper Class Referencefinal

#include <p11_mechanism.h>

Classes

union  MechanismParameters
 Holds the mechanism parameters for OAEP, PSS and ECDH. More...
 

Public Member Functions

Mechanismdata () const
 
 MechanismWrapper (MechanismType mechanism_type)
 
size_t padding_size () const
 
void set_ecdh_other_key (const uint8_t other_key[], size_t other_key_len)
 
void set_ecdh_salt (const uint8_t salt[], size_t salt_len)
 

Static Public Member Functions

static MechanismWrapper create_ecdh_mechanism (const std::string &params)
 
static MechanismWrapper create_ecdsa_mechanism (const std::string &hash)
 
static MechanismWrapper create_rsa_crypt_mechanism (const std::string &padding)
 
static MechanismWrapper create_rsa_sign_mechanism (const std::string &padding)
 

Detailed Description

Simple class to build and hold the data for a CK_MECHANISM struct for RSA (encryption/decryption, signature/verification) and EC (ECDSA signature/verification, ECDH key derivation).

Definition at line 26 of file p11_mechanism.h.

Constructor & Destructor Documentation

◆ MechanismWrapper()

Botan::PKCS11::MechanismWrapper::MechanismWrapper ( MechanismType  mechanism_type)
explicit
Parameters
mechanism_typethe CK_MECHANISM_TYPE for the mechanism field of the CK_MECHANISM struct

Definition at line 170 of file p11_mechanism.cpp.

Referenced by create_ecdsa_mechanism().

171  : m_mechanism( { static_cast<CK_MECHANISM_TYPE>(mechanism_type), nullptr, 0 }), m_parameters(nullptr)
172  {}
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583

Member Function Documentation

◆ create_ecdh_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism ( const std::string &  params)
static

Creates the CK_MECHANISM data for ECDH key derivation (CKM_ECDH1_DERIVE or CKM_ECDH1_COFACTOR_DERIVE)

Parameters
paramsspecifies the key derivation function to use. Supported KDFs are Raw and SHA-160 to SHA-512. Params can also include the string "Cofactor" if the cofactor key derivation mechanism should be used, for example "SHA-512,Cofactor"

Definition at line 240 of file p11_mechanism.cpp.

References Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::PKCS11::Ecdh1CofactorDerive, Botan::PKCS11::Ecdh1Derive, hash, CK_MECHANISM::pParameter, Botan::split_on(), and CK_MECHANISM::ulParameterLen.

241  {
242  std::vector<std::string> param_parts = split_on(params, ',');
243 
244  if(param_parts.empty() || param_parts.size() > 2)
245  throw Invalid_Argument("PKCS #11 ECDH key derivation bad params " + params);
246 
247  const bool use_cofactor =
248  (param_parts[0] == "Cofactor") ||
249  (param_parts.size() == 2 && param_parts[1] == "Cofactor");
250 
251  std::string kdf_name = (param_parts[0] == "Cofactor" ? param_parts[1] : param_parts[0]);
252  std::string hash = kdf_name;
253 
254  if(kdf_name != "Raw")
255  {
256  SCAN_Name kdf_hash(kdf_name);
257 
258  if(kdf_hash.arg_count() > 0)
259  {
260  hash = kdf_hash.arg(0);
261  }
262  }
263 
264  auto kdf = EcdhHash.find(hash);
265  if(kdf == EcdhHash.end())
266  {
267  throw Lookup_Error("PKCS#11 ECDH key derivation does not support KDF " + kdf_name);
268  }
270  mech.m_parameters = std::make_shared<MechanismParameters>();
271  mech.m_parameters->ecdh_params.kdf = static_cast<CK_EC_KDF_TYPE>(kdf->second);
272  mech.m_mechanism.pParameter = mech.m_parameters.get();
273  mech.m_mechanism.ulParameterLen = sizeof(Ecdh1DeriveParams);
274  return mech;
275  }
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:148
MechanismWrapper(MechanismType mechanism_type)
CK_ECDH1_DERIVE_PARAMS Ecdh1DeriveParams
Definition: p11.h:850
MechanismType hash
CK_ULONG CK_EC_KDF_TYPE
Definition: pkcs11t.h:1287

◆ create_ecdsa_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_ecdsa_mechanism ( const std::string &  hash)
static

Creates the CK_MECHANISM data for ECDSA signature/verification

Parameters
hashthe hash algorithm used to hash the data to sign. supported hash functions are Raw and SHA-160 to SHA-512

Definition at line 223 of file p11_mechanism.cpp.

References hash, Botan::hash_for_emsa(), and MechanismWrapper().

224  {
225  std::string hash_name = hash;
226 
227  if(hash_name != "Raw")
228  {
229  hash_name = hash_for_emsa(hash);
230  }
231 
232  auto mechanism_type = EcdsaHash.find(hash_name);
233  if(mechanism_type == EcdsaHash.end())
234  {
235  throw Lookup_Error("PKCS#11 ECDSA sign/verify does not support " + hash);
236  }
237  return MechanismWrapper(mechanism_type->second);
238  }
MechanismWrapper(MechanismType mechanism_type)
std::string hash_for_emsa(const std::string &algo_spec)
Definition: emsa.cpp:189
MechanismType hash

◆ create_rsa_crypt_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_rsa_crypt_mechanism ( const std::string &  padding)
static

Creates the CK_MECHANISM data for RSA encryption/decryption

Parameters
paddingsupported paddings are Raw (X.509), EME-PKCS1-v1_5 (PKCS#1 v1.5) and OAEP (PKCS#1 OAEP)

Definition at line 174 of file p11_mechanism.cpp.

References CKZ_DATA_SPECIFIED, CK_MECHANISM::pParameter, Botan::PKCS11::RsaPkcsOaep, and CK_MECHANISM::ulParameterLen.

175  {
176  auto mechanism_info_it = CryptMechanisms.find(padding);
177  if(mechanism_info_it == CryptMechanisms.end())
178  {
179  // at this point it would be possible to support additional configurations that are not predefined above by parsing `padding`
180  throw Lookup_Error("PKCS#11 RSA encrypt/decrypt does not support EME " + padding);
181  }
182  RSA_CryptMechanism mechanism_info = mechanism_info_it->second;
183 
184  MechanismWrapper mech(mechanism_info.type);
185  if(mechanism_info.type == MechanismType::RsaPkcsOaep)
186  {
187  mech.m_parameters = std::make_shared<MechanismParameters>();
188  mech.m_parameters->oaep_params.hashAlg = static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash);
189  mech.m_parameters->oaep_params.mgf = static_cast<CK_RSA_PKCS_MGF_TYPE>(mechanism_info.mgf);
190  mech.m_parameters->oaep_params.source = CKZ_DATA_SPECIFIED;
191  mech.m_parameters->oaep_params.pSourceData = nullptr;
192  mech.m_parameters->oaep_params.ulSourceDataLen = 0;
193  mech.m_mechanism.pParameter = mech.m_parameters.get();
194  mech.m_mechanism.ulParameterLen = sizeof(RsaPkcsOaepParams);
195  }
196  mech.m_padding_size = mechanism_info.padding_size;
197  return mech;
198  }
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
MechanismWrapper(MechanismType mechanism_type)
#define CKZ_DATA_SPECIFIED
Definition: pkcs11t.h:1261
CK_RSA_PKCS_OAEP_PARAMS RsaPkcsOaepParams
Definition: p11.h:848
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241

◆ create_rsa_sign_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_rsa_sign_mechanism ( const std::string &  padding)
static

Creates the CK_MECHANISM data for RSA signature/verification

Parameters
paddingsupported paddings are Raw (X.509), EMSA3 (PKCS#1 v1.5), EMSA4 (PKCS#1 PSS), EMSA2 (ANSI X9.31) and ISO9796 (ISO/IEC 9796)

Definition at line 200 of file p11_mechanism.cpp.

References CK_MECHANISM::pParameter, and CK_MECHANISM::ulParameterLen.

201  {
202  auto mechanism_info_it = SignMechanisms.find(padding);
203  if(mechanism_info_it == SignMechanisms.end())
204  {
205  // at this point it would be possible to support additional configurations that are not predefined above by parsing `padding`
206  throw Lookup_Error("PKCS#11 RSA sign/verify does not support EMSA " + padding);
207  }
208  RSA_SignMechanism mechanism_info = mechanism_info_it->second;
209 
210  MechanismWrapper mech(mechanism_info.type);
211  if(PssOptions.find(mechanism_info.type) != PssOptions.end())
212  {
213  mech.m_parameters = std::make_shared<MechanismParameters>();
214  mech.m_parameters->pss_params.hashAlg = static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash);
215  mech.m_parameters->pss_params.mgf = static_cast<CK_RSA_PKCS_MGF_TYPE>(mechanism_info.mgf);
216  mech.m_parameters->pss_params.sLen = static_cast<Ulong>(mechanism_info.salt_size);
217  mech.m_mechanism.pParameter = mech.m_parameters.get();
218  mech.m_mechanism.ulParameterLen = sizeof(RsaPkcsPssParams);
219  }
220  return mech;
221  }
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
CK_ULONG Ulong
Definition: p11.h:836
MechanismWrapper(MechanismType mechanism_type)
CK_RSA_PKCS_PSS_PARAMS RsaPkcsPssParams
Definition: p11.h:849
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241

◆ data()

Mechanism* Botan::PKCS11::MechanismWrapper::data ( ) const
inline
Returns
a pointer to the CK_MECHANISM struct that can be passed to the cryptoki functions

Definition at line 84 of file p11_mechanism.h.

85  {
86  return const_cast<Mechanism*>(&m_mechanism);
87  }

◆ padding_size()

size_t Botan::PKCS11::MechanismWrapper::padding_size ( ) const
inline
Returns
the size of the padding in bytes (for encryption/decryption)

Definition at line 90 of file p11_mechanism.h.

91  {
92  return m_padding_size;
93  }

◆ set_ecdh_other_key()

void Botan::PKCS11::MechanismWrapper::set_ecdh_other_key ( const uint8_t  other_key[],
size_t  other_key_len 
)
inline

Sets the public key of the other party for the ECDH mechanism parameters.

Parameters
other_keykey of the other party
other_key_lensize of the key of the other party in bytes

Definition at line 77 of file p11_mechanism.h.

78  {
79  m_parameters->ecdh_params.pPublicData = const_cast<uint8_t*>(other_key);
80  m_parameters->ecdh_params.ulPublicDataLen = static_cast<Ulong>(other_key_len);
81  }
CK_ULONG Ulong
Definition: p11.h:836

◆ set_ecdh_salt()

void Botan::PKCS11::MechanismWrapper::set_ecdh_salt ( const uint8_t  salt[],
size_t  salt_len 
)
inline

Sets the salt for the ECDH mechanism parameters.

Parameters
saltthe salt
salt_lensize of the salt in bytes

Definition at line 66 of file p11_mechanism.h.

References salt_len.

67  {
68  m_parameters->ecdh_params.pSharedData = const_cast<uint8_t*>(salt);
69  m_parameters->ecdh_params.ulSharedDataLen = static_cast<Ulong>(salt_len);
70  }
CK_ULONG Ulong
Definition: p11.h:836
size_t salt_len
Definition: x509_obj.cpp:25

The documentation for this class was generated from the following files: