Botan  2.4.0
Crypto and TLS for C++11
p11_ecc_key.cpp
Go to the documentation of this file.
1 /*
2 * PKCS#11 ECC
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/p11_ecc_key.h>
10 
11 #if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO)
12 
13 #include <botan/workfactor.h>
14 #include <botan/ber_dec.h>
15 
16 namespace Botan {
17 namespace PKCS11 {
18 namespace {
19 /// Converts a DER-encoded ANSI X9.62 ECPoint to PointGFp
20 PointGFp decode_public_point(const secure_vector<uint8_t>& ec_point_data, const CurveGFp& curve)
21  {
22  secure_vector<uint8_t> ec_point;
23  BER_Decoder(ec_point_data).decode(ec_point, OCTET_STRING);
24  return OS2ECP(ec_point, curve);
25  }
26 }
27 
28 EC_PublicKeyGenerationProperties::EC_PublicKeyGenerationProperties(const std::vector<uint8_t>& ec_params)
29  : PublicKeyProperties(KeyType::Ec), m_ec_params(ec_params)
30  {
31  add_binary(AttributeType::EcParams, m_ec_params);
32  }
33 
34 EC_PublicKeyImportProperties::EC_PublicKeyImportProperties(const std::vector<uint8_t>& ec_params,
35  const std::vector<uint8_t>& ec_point)
36  : PublicKeyProperties(KeyType::Ec), m_ec_params(ec_params), m_ec_point(ec_point)
37  {
38  add_binary(AttributeType::EcParams, m_ec_params);
39  add_binary(AttributeType::EcPoint, m_ec_point);
40  }
41 
42 PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, ObjectHandle handle)
43  : Object(session, handle)
44  {
45  secure_vector<uint8_t> ec_parameters = get_attribute_value(AttributeType::EcParams);
46  m_domain_params = EC_Group(unlock(ec_parameters));
47  m_public_key = decode_public_point(get_attribute_value(AttributeType::EcPoint), m_domain_params.get_curve());
48  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
49  }
50 
51 PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImportProperties& props)
52  : Object(session, props)
53  {
54  m_domain_params = EC_Group(props.ec_params());
55 
56  secure_vector<uint8_t> ec_point;
57  BER_Decoder(props.ec_point()).decode(ec_point, OCTET_STRING);
58  m_public_key = OS2ECP(ec_point, m_domain_params.get_curve());
59  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
60  }
61 
62 EC_PrivateKeyImportProperties::EC_PrivateKeyImportProperties(const std::vector<uint8_t>& ec_params, const BigInt& value)
63  : PrivateKeyProperties(KeyType::Ec), m_ec_params(ec_params), m_value(value)
64  {
65  add_binary(AttributeType::EcParams, m_ec_params);
66  add_binary(AttributeType::Value, BigInt::encode(m_value));
67  }
68 
69 PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, ObjectHandle handle)
70  : Object(session, handle), m_domain_params(), m_public_key()
71  {
72  secure_vector<uint8_t> ec_parameters = get_attribute_value(AttributeType::EcParams);
73  m_domain_params = EC_Group(unlock(ec_parameters));
74  }
75 
76 PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, const EC_PrivateKeyImportProperties& props)
77  : Object(session, props)
78  {
79  m_domain_params = EC_Group(props.ec_params());
80  }
81 
82 PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, const std::vector<uint8_t>& ec_params,
83  const EC_PrivateKeyGenerationProperties& props)
84  : Object(session)
85  {
86  m_domain_params = EC_Group(ec_params);
87 
88  EC_PublicKeyGenerationProperties pub_key_props(ec_params);
89  pub_key_props.set_verify(true);
90  pub_key_props.set_private(false);
91  pub_key_props.set_token(false); // don't create a persistent public key object
92 
93  ObjectHandle pub_key_handle = CK_INVALID_HANDLE;
94  ObjectHandle priv_key_handle = CK_INVALID_HANDLE;
95  Mechanism mechanism = { CKM_EC_KEY_PAIR_GEN, nullptr, 0 };
96  session.module()->C_GenerateKeyPair(session.handle(), &mechanism,
97  pub_key_props.data(), pub_key_props.count(), props.data(), props.count(),
98  &pub_key_handle, &priv_key_handle);
99 
100  this->reset_handle(priv_key_handle);
101 
102  Object public_key(session, pub_key_handle);
103  m_public_key = decode_public_point(public_key.get_attribute_value(AttributeType::EcPoint), m_domain_params.get_curve());
104  }
105 
106 size_t PKCS11_EC_PrivateKey::key_length() const
107  {
108  return m_domain_params.get_order().bits();
109  }
110 
111 std::vector<uint8_t> PKCS11_EC_PrivateKey::public_key_bits() const
112  {
113  return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED));
114  }
115 
116 size_t PKCS11_EC_PrivateKey::estimated_strength() const
117  {
118  return ecp_work_factor(key_length());
119  }
120 
121 bool PKCS11_EC_PrivateKey::check_key(RandomNumberGenerator&, bool) const
122  {
123  return m_public_key.on_the_curve();
124  }
125 
126 AlgorithmIdentifier PKCS11_EC_PrivateKey::algorithm_identifier() const
127  {
128  return AlgorithmIdentifier(get_oid(), domain().DER_encode(EC_DOMPAR_ENC_EXPLICIT));
129  }
130 }
131 
132 }
133 
134 #endif
#define CK_INVALID_HANDLE
Definition: pkcs11t.h:75
size_t ecp_work_factor(size_t bits)
Definition: workfactor.cpp:14
secure_vector< uint8_t > EC2OSP(const PointGFp &point, uint8_t format)
Definition: point_gfp.cpp:469
#define CKM_EC_KEY_PAIR_GEN
Definition: pkcs11t.h:889
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
Definition: alg_id.cpp:13
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:846
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
static std::vector< uint8_t > encode(const BigInt &n, Base base=Binary)
Definition: big_code.cpp:54
PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: point_gfp.cpp:543