Botan 3.5.0
Crypto and TLS for C&
p11_ecc_key.h
Go to the documentation of this file.
1/*
2* PKCS#11 ECC
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_ECC_H_
10#define BOTAN_P11_ECC_H_
11
12#include <botan/p11_object.h>
13#include <botan/pk_keys.h>
14
15#if defined(BOTAN_HAS_ECC_PUBLIC_KEY_CRYPTO)
16 #include <botan/asn1_obj.h>
17 #include <botan/ec_group.h>
18 #include <botan/ecc_key.h>
19 #include <vector>
20
21namespace Botan::PKCS11 {
22
23class Session;
24
25/// Properties for generating a PKCS#11 EC public key
26class BOTAN_PUBLIC_API(2, 0) EC_PublicKeyGenerationProperties final : public PublicKeyProperties {
27 public:
28 /// @param ec_params DER-encoding of an ANSI X9.62 Parameters value
29 EC_PublicKeyGenerationProperties(const std::vector<uint8_t>& ec_params);
30
31 /// @return the DER-encoding of the ec parameters according to ANSI X9.62
32 inline const std::vector<uint8_t>& ec_params() const { return m_ec_params; }
33
34 private:
35 const std::vector<uint8_t> m_ec_params;
36};
37
38/// Properties for importing a PKCS#11 EC public key
39class BOTAN_PUBLIC_API(2, 0) EC_PublicKeyImportProperties final : public PublicKeyProperties {
40 public:
41 /**
42 * @param ec_params DER-encoding of an ANSI X9.62 Parameters value
43 * @param ec_point DER-encoding of ANSI X9.62 ECPoint value Q
44 */
45 EC_PublicKeyImportProperties(const std::vector<uint8_t>& ec_params, const std::vector<uint8_t>& ec_point);
46
47 /// @return the DER-encoding of the ec parameters according to ANSI X9.62
48 inline const std::vector<uint8_t>& ec_params() const { return m_ec_params; }
49
50 /// @return the DER-encoding of the ec public point according to ANSI X9.62
51 inline const std::vector<uint8_t>& ec_point() const { return m_ec_point; }
52
53 private:
54 const std::vector<uint8_t> m_ec_params;
55 const std::vector<uint8_t> m_ec_point;
56};
57
58/// Represents a PKCS#11 EC public key
59class BOTAN_PUBLIC_API(2, 0) PKCS11_EC_PublicKey : public virtual EC_PublicKey,
60 public Object {
61 public:
62 static const ObjectClass Class = ObjectClass::PublicKey;
63
64 /**
65 * Creates a PKCS11_EC_PublicKey object from an existing PKCS#11 EC public key
66 * @param session the session to use
67 * @param handle the handle of the ecc public key
68 */
69 PKCS11_EC_PublicKey(Session& session, ObjectHandle handle);
70
71 /**
72 * Imports an EC public key
73 * @param session the session to use
74 * @param props the attributes of the public key
75 */
76 PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImportProperties& props);
77};
78
79/// Properties for generating a PKCS#11 EC private key
80class BOTAN_PUBLIC_API(2, 0) EC_PrivateKeyGenerationProperties final : public PrivateKeyProperties {
81 public:
82 EC_PrivateKeyGenerationProperties() : PrivateKeyProperties(KeyType::Ec) {}
83};
84
85/// Properties for importing a PKCS#11 EC private key
86class BOTAN_PUBLIC_API(2, 0) EC_PrivateKeyImportProperties final : public PrivateKeyProperties {
87 public:
88 /**
89 * @param ec_params DER-encoding of an ANSI X9.62 Parameters value
90 * @param value ANSI X9.62 private value d
91 */
92 EC_PrivateKeyImportProperties(const std::vector<uint8_t>& ec_params, const BigInt& value);
93
94 /// @return the DER-encoding of the ec parameters according to ANSI X9.62
95 inline const std::vector<uint8_t>& ec_params() const { return m_ec_params; }
96
97 /// @return the value of the ec private key
98 inline const BigInt& value() const { return m_value; }
99
100 private:
101 const std::vector<uint8_t> m_ec_params;
102 const BigInt m_value;
103};
104
105// note: don't inherit from PKCS11_EC_PublicKey: a private key object IS NOT A public key object on a smartcard (-> two different objects)
106// note: don't inherit from EC_PublicKey: the public key can not be extracted from a PKCS11-EC-PrivateKey (its only attributes are CKA_EC_PARAMS and CKA_VALUE)
107/// Represents a PKCS#11 EC private key
108class BOTAN_PUBLIC_API(2, 0) PKCS11_EC_PrivateKey : public virtual Private_Key,
109 public Object {
110 public:
111 static const ObjectClass Class = ObjectClass::PrivateKey;
112
113 /**
114 * Creates a PKCS11_EC_PrivateKey object from an existing PKCS#11 EC private key
115 * @param session the session to use
116 * @param handle the handle of the EC private key
117 */
118 PKCS11_EC_PrivateKey(Session& session, ObjectHandle handle);
119
120 /**
121 * Imports an EC private key
122 * @param session the session to use
123 * @param props the attributes of the private key
124 */
125 PKCS11_EC_PrivateKey(Session& session, const EC_PrivateKeyImportProperties& props);
126
127 /**
128 * Generates a PKCS#11 EC private key
129 * @param session the session to use
130 * @param ec_params DER-encoding of an ANSI X9.62 Parameters value
131 * @param props the attributes of the private key
132 * @note no persistent public key object will be created
133 */
134 PKCS11_EC_PrivateKey(Session& session,
135 const std::vector<uint8_t>& ec_params,
136 const EC_PrivateKeyGenerationProperties& props);
137
138 /// @returns the domain of the EC private key
139 inline const EC_Group& domain() const { return m_domain_params; }
140
141 /**
142 * Sets the associated public point of this private key
143 * @param point the public point
144 * @param point_encoding encoding of the point (default DER-encoded)
145 */
146 void set_public_point(const EC_Point& point, PublicPointEncoding point_encoding = PublicPointEncoding::Der) {
147 m_public_key = point;
148 m_point_encoding = point_encoding;
149 }
150
151 /**
152 * Sets the public desired public point encoding of this private key, when it is passed to cryptoki functions.
153 * This could be either `PublicPointEncoding::Raw` or `PublicPointEncoding::Der`. By default this is set to `Der`,
154 * but some tokens might expect `Raw`-encoded public keys, e.g. when using this private key for key agreement.
155 */
156 void set_point_encoding(PublicPointEncoding point_encoding) { m_point_encoding = point_encoding; }
157
158 /**
159 * Gets the public_point
160 * @note the public key must be set using `set_public_point`
161 * because it is not possible to infer the public key from a PKCS#11 EC private key
162 * @return the public point of the private key
163 * @throws Exception if the public point was not set using set_public_point()
164 */
165 const EC_Point& public_point() const {
166 if(m_public_key.is_zero()) {
167 throw Invalid_State(
168 "Public point not set. Inferring the public key from a PKCS#11 ec private key is not possible.");
169 }
170 return m_public_key;
171 }
172
173 /// @return the encoding format for the public point when it is passed to cryptoki functions as an argument
174 PublicPointEncoding point_encoding() const { return m_point_encoding; }
175
176 // Private_Key methods
177
178 std::vector<uint8_t> raw_public_key_bits() const override;
179
180 std::vector<uint8_t> public_key_bits() const override;
181
182 std::size_t key_length() const override;
183
184 std::size_t estimated_strength() const override;
185
186 bool check_key(RandomNumberGenerator&, bool) const override;
187
188 AlgorithmIdentifier algorithm_identifier() const override;
189
190 private:
191 EC_Group m_domain_params;
192 EC_Point m_public_key;
193 PublicPointEncoding m_point_encoding = PublicPointEncoding::Der;
194};
195} // namespace Botan::PKCS11
196
197#endif
198
199#endif
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
PublicPointEncoding
Definition p11.h:803