Botan 3.3.0
Crypto and TLS for C&
Classes | Public Member Functions | Static Public Member Functions | List of all members
Botan::PKCS11::MechanismWrapper Class Referencefinal

#include <p11_mechanism.h>

Classes

union  MechanismParameters
 Holds the mechanism parameters for OAEP, PSS and ECDH. More...
 

Public Member Functions

Mechanismdata () const
 
MechanismType mechanism_type () const
 
 MechanismWrapper (MechanismType mechanism_type)
 
size_t padding_size () const
 
void set_ecdh_other_key (const uint8_t other_key[], size_t other_key_len)
 
void set_ecdh_salt (const uint8_t salt[], size_t salt_len)
 

Static Public Member Functions

static MechanismWrapper create_ecdh_mechanism (std::string_view params)
 
static MechanismWrapper create_ecdsa_mechanism (std::string_view hash)
 
static MechanismWrapper create_rsa_crypt_mechanism (std::string_view padding)
 
static MechanismWrapper create_rsa_sign_mechanism (std::string_view padding)
 

Detailed Description

Simple class to build and hold the data for a CK_MECHANISM struct for RSA (encryption/decryption, signature/verification) and EC (ECDSA signature/verification, ECDH key derivation).

Definition at line 26 of file p11_mechanism.h.

Constructor & Destructor Documentation

◆ MechanismWrapper()

Botan::PKCS11::MechanismWrapper::MechanismWrapper ( MechanismType mechanism_type)
explicit
Parameters
mechanism_typethe CK_MECHANISM_TYPE for the mechanism field of the CK_MECHANISM struct

Definition at line 180 of file p11_mechanism.cpp.

180 :
181 m_mechanism({static_cast<CK_MECHANISM_TYPE>(mechanism_type), nullptr, 0}), m_parameters(nullptr) {}
MechanismType mechanism_type() const
CK_ULONG CK_MECHANISM_TYPE
Definition pkcs11t.h:583

References mechanism_type().

Referenced by create_ecdsa_mechanism().

Member Function Documentation

◆ create_ecdh_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_ecdh_mechanism ( std::string_view params)
static

Creates the CK_MECHANISM data for ECDH key derivation (CKM_ECDH1_DERIVE or CKM_ECDH1_COFACTOR_DERIVE)

Parameters
paramsspecifies the key derivation function to use. Supported KDFs are Raw and SHA-1 to SHA-512. Params can also include the string "Cofactor" if the cofactor key derivation mechanism should be used, for example "SHA-512,Cofactor"

Definition at line 247 of file p11_mechanism.cpp.

247 {
248 std::vector<std::string> param_parts = split_on(params, ',');
249
250 if(param_parts.empty() || param_parts.size() > 2) {
251 throw Invalid_Argument(fmt("PKCS #11 ECDH key derivation bad params {}", params));
252 }
253
254 const bool use_cofactor =
255 (param_parts[0] == "Cofactor") || (param_parts.size() == 2 && param_parts[1] == "Cofactor");
256
257 std::string kdf_name = (param_parts[0] == "Cofactor" ? param_parts[1] : param_parts[0]);
258 std::string hash = kdf_name;
259
260 if(kdf_name != "Raw") {
261 SCAN_Name kdf_hash(kdf_name);
262
263 if(kdf_hash.arg_count() > 0) {
264 hash = kdf_hash.arg(0);
265 }
266 }
267
268 auto kdf = EcdhHash.find(hash);
269 if(kdf == EcdhHash.end()) {
270 throw Lookup_Error("PKCS#11 ECDH key derivation does not support KDF " + kdf_name);
271 }
273 mech.m_parameters = std::make_shared<MechanismParameters>();
274 mech.m_parameters->ecdh_params.kdf = static_cast<CK_EC_KDF_TYPE>(kdf->second);
275 mech.m_mechanism.pParameter = mech.m_parameters.get();
276 mech.m_mechanism.ulParameterLen = sizeof(Ecdh1DeriveParams);
277 return mech;
278}
MechanismWrapper(MechanismType mechanism_type)
CK_ECDH1_DERIVE_PARAMS Ecdh1DeriveParams
Definition p11.h:828
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
std::vector< std::string > split_on(std::string_view str, char delim)
Definition parsing.cpp:111
CK_ULONG CK_EC_KDF_TYPE
Definition pkcs11t.h:1287

References Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::PKCS11::Ecdh1CofactorDerive, Botan::PKCS11::Ecdh1Derive, Botan::fmt(), CK_MECHANISM::pParameter, Botan::split_on(), and CK_MECHANISM::ulParameterLen.

◆ create_ecdsa_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_ecdsa_mechanism ( std::string_view hash)
static

Creates the CK_MECHANISM data for ECDSA signature/verification

Parameters
hashthe hash algorithm used to hash the data to sign. supported hash functions are Raw and SHA-1 to SHA-512

Definition at line 228 of file p11_mechanism.cpp.

228 {
229 const std::string hash_spec(hash_spec_view);
230 auto mechanism = EcdsaHash.find(hash_spec);
231 if(mechanism != EcdsaHash.end()) {
232 return MechanismWrapper(mechanism->second);
233 }
234
235 SCAN_Name req(hash_spec);
236
237 if(req.algo_name() == "EMSA1" && req.arg_count() == 1) {
238 mechanism = EcdsaHash.find(req.arg(0));
239 if(mechanism != EcdsaHash.end()) {
240 return MechanismWrapper(mechanism->second);
241 }
242 }
243
244 throw Lookup_Error(fmt("PKCS #11 ECDSA sign/verify does not support {}", hash_spec));
245}

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::fmt(), and MechanismWrapper().

◆ create_rsa_crypt_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_rsa_crypt_mechanism ( std::string_view padding)
static

Creates the CK_MECHANISM data for RSA encryption/decryption

Parameters
paddingsupported paddings are Raw (X.509), EME-PKCS1-v1_5 (PKCS#1 v1.5) and OAEP (PKCS#1 OAEP)

Definition at line 183 of file p11_mechanism.cpp.

183 {
184 const std::string padding(padding_view);
185 auto mechanism_info_it = CryptMechanisms.find(padding);
186 if(mechanism_info_it == CryptMechanisms.end()) {
187 // at this point it would be possible to support additional configurations that are not predefined above by parsing `padding`
188 throw Lookup_Error("PKCS#11 RSA encrypt/decrypt does not support EME " + padding);
189 }
190 RSA_CryptMechanism mechanism_info = mechanism_info_it->second;
191
192 MechanismWrapper mech(mechanism_info.type());
193 if(mechanism_info.type() == MechanismType::RsaPkcsOaep) {
194 mech.m_parameters = std::make_shared<MechanismParameters>();
195 mech.m_parameters->oaep_params.hashAlg = static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash());
196 mech.m_parameters->oaep_params.mgf = static_cast<CK_RSA_PKCS_MGF_TYPE>(mechanism_info.mgf());
197 mech.m_parameters->oaep_params.source = CKZ_DATA_SPECIFIED;
198 mech.m_parameters->oaep_params.pSourceData = nullptr;
199 mech.m_parameters->oaep_params.ulSourceDataLen = 0;
200 mech.m_mechanism.pParameter = mech.m_parameters.get();
201 mech.m_mechanism.ulParameterLen = sizeof(RsaPkcsOaepParams);
202 }
203 mech.m_padding_size = mechanism_info.padding_size();
204 return mech;
205}
CK_RSA_PKCS_OAEP_PARAMS RsaPkcsOaepParams
Definition p11.h:826
#define CKZ_DATA_SPECIFIED
Definition pkcs11t.h:1261
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition pkcs11t.h:1241

References CKZ_DATA_SPECIFIED, CK_MECHANISM::pParameter, Botan::PKCS11::RsaPkcsOaep, and CK_MECHANISM::ulParameterLen.

◆ create_rsa_sign_mechanism()

MechanismWrapper Botan::PKCS11::MechanismWrapper::create_rsa_sign_mechanism ( std::string_view padding)
static

Creates the CK_MECHANISM data for RSA signature/verification

Parameters
paddingsupported paddings are Raw (X.509), EMSA3 (PKCS#1 v1.5), EMSA4 (PKCS#1 PSS), EMSA2 (ANSI X9.31) and ISO9796 (ISO/IEC 9796)

Definition at line 207 of file p11_mechanism.cpp.

207 {
208 const std::string padding(padding_view);
209 auto mechanism_info_it = SignMechanisms.find(padding);
210 if(mechanism_info_it == SignMechanisms.end()) {
211 // at this point it would be possible to support additional configurations that are not predefined above by parsing `padding`
212 throw Lookup_Error("PKCS#11 RSA sign/verify does not support EMSA " + padding);
213 }
214 RSA_SignMechanism mechanism_info = mechanism_info_it->second;
215
216 MechanismWrapper mech(mechanism_info.type());
217 if(PssOptions.find(mechanism_info.type()) != PssOptions.end()) {
218 mech.m_parameters = std::make_shared<MechanismParameters>();
219 mech.m_parameters->pss_params.hashAlg = static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash());
220 mech.m_parameters->pss_params.mgf = static_cast<CK_RSA_PKCS_MGF_TYPE>(mechanism_info.mgf());
221 mech.m_parameters->pss_params.sLen = static_cast<Ulong>(mechanism_info.salt_size());
222 mech.m_mechanism.pParameter = mech.m_parameters.get();
223 mech.m_mechanism.ulParameterLen = sizeof(RsaPkcsPssParams);
224 }
225 return mech;
226}
CK_ULONG Ulong
Definition p11.h:814
CK_RSA_PKCS_PSS_PARAMS RsaPkcsPssParams
Definition p11.h:827

References CK_MECHANISM::pParameter, and CK_MECHANISM::ulParameterLen.

◆ data()

Mechanism * Botan::PKCS11::MechanismWrapper::data ( ) const
inline
Returns
a pointer to the CK_MECHANISM struct that can be passed to the cryptoki functions

Definition at line 81 of file p11_mechanism.h.

81{ return const_cast<Mechanism*>(&m_mechanism); }
CK_MECHANISM Mechanism
Definition p11.h:817

◆ mechanism_type()

MechanismType Botan::PKCS11::MechanismWrapper::mechanism_type ( ) const
inline

Definition at line 83 of file p11_mechanism.h.

83{ return static_cast<MechanismType>(m_mechanism.mechanism); }
CK_MECHANISM_TYPE mechanism
Definition pkcs11t.h:984

References CK_MECHANISM::mechanism.

Referenced by MechanismWrapper().

◆ padding_size()

size_t Botan::PKCS11::MechanismWrapper::padding_size ( ) const
inline
Returns
the size of the padding in bytes (for encryption/decryption)

Definition at line 86 of file p11_mechanism.h.

86{ return m_padding_size; }

◆ set_ecdh_other_key()

void Botan::PKCS11::MechanismWrapper::set_ecdh_other_key ( const uint8_t other_key[],
size_t other_key_len )
inline

Sets the public key of the other party for the ECDH mechanism parameters.

Parameters
other_keykey of the other party
other_key_lensize of the key of the other party in bytes

Definition at line 75 of file p11_mechanism.h.

75 {
76 m_parameters->ecdh_params.pPublicData = const_cast<uint8_t*>(other_key);
77 m_parameters->ecdh_params.ulPublicDataLen = static_cast<Ulong>(other_key_len);
78 }

◆ set_ecdh_salt()

void Botan::PKCS11::MechanismWrapper::set_ecdh_salt ( const uint8_t salt[],
size_t salt_len )
inline

Sets the salt for the ECDH mechanism parameters.

Parameters
saltthe salt
salt_lensize of the salt in bytes

Definition at line 65 of file p11_mechanism.h.

65 {
66 m_parameters->ecdh_params.pSharedData = const_cast<uint8_t*>(salt);
67 m_parameters->ecdh_params.ulSharedDataLen = static_cast<Ulong>(salt_len);
68 }

The documentation for this class was generated from the following files: