9#include <botan/p11_ecdh.h>
11#if defined(BOTAN_HAS_ECDH)
13 #include <botan/der_enc.h>
14 #include <botan/pk_ops.h>
15 #include <botan/rng.h>
16 #include <botan/internal/p11_mechanism.h>
20ECDH_PublicKey PKCS11_ECDH_PublicKey::export_key()
const {
21 return ECDH_PublicKey(domain(), public_point());
24ECDH_PrivateKey PKCS11_ECDH_PrivateKey::export_key()
const {
31std::unique_ptr<Public_Key> PKCS11_ECDH_PrivateKey::public_key()
const {
32 return std::make_unique<ECDH_PublicKey>(domain(), public_point());
36 return export_key().private_key_bits();
40class PKCS11_ECDH_KA_Operation
final :
public PK_Ops::Key_Agreement {
42 PKCS11_ECDH_KA_Operation(
const PKCS11_EC_PrivateKey& key, std::string_view params) :
43 PK_Ops::Key_Agreement(), m_key(key), m_mechanism(MechanismWrapper::create_ecdh_mechanism(params)) {}
45 size_t agreed_value_size()
const override {
return m_key.domain().get_p_bytes(); }
49 secure_vector<uint8_t> agree(
size_t key_len,
50 std::span<const uint8_t> other_key,
51 std::span<const uint8_t> salt)
override {
52 std::vector<uint8_t> der_encoded_other_key;
53 if(m_key.point_encoding() == PublicPointEncoding::Der) {
54 DER_Encoder(der_encoded_other_key).encode(other_key.data(), other_key.size(), ASN1_Type::OctetString);
55 m_mechanism.set_ecdh_other_key(der_encoded_other_key.data(), der_encoded_other_key.size());
57 m_mechanism.set_ecdh_other_key(other_key.data(), other_key.size());
61 m_mechanism.set_ecdh_salt(salt.data(), salt.size());
65 AttributeContainer attributes;
66 attributes.add_bool(AttributeType::Sensitive,
false);
67 attributes.add_bool(AttributeType::Extractable,
true);
68 attributes.add_numeric(AttributeType::Class,
static_cast<CK_OBJECT_CLASS>(ObjectClass::SecretKey));
69 attributes.add_numeric(AttributeType::KeyType,
static_cast<CK_KEY_TYPE>(KeyType::GenericSecret));
70 attributes.add_numeric(AttributeType::ValueLen,
static_cast<CK_ULONG>(key_len));
71 m_key.module()->C_DeriveKey(m_key.session().handle(),
75 static_cast<Ulong>(attributes.count()),
78 Object secret_object(m_key.session(), secret_handle);
79 secure_vector<uint8_t> secret = secret_object.get_attribute_value(AttributeType::Value);
80 if(secret.size() < key_len) {
81 throw PKCS11_Error(
"ECDH key derivation secret length is too short");
83 secret.resize(key_len);
88 const PKCS11_EC_PrivateKey& m_key;
89 MechanismWrapper m_mechanism;
94std::unique_ptr<PK_Ops::Key_Agreement> PKCS11_ECDH_PrivateKey::create_key_agreement_op(
95 RandomNumberGenerator& , std::string_view params, std::string_view )
const {
96 return std::make_unique<PKCS11_ECDH_KA_Operation>(*
this, params);
99PKCS11_ECDH_KeyPair generate_ecdh_keypair(Session& session,
100 const EC_PublicKeyGenerationProperties& pub_props,
101 const EC_PrivateKeyGenerationProperties& priv_props) {
107 session.module()->C_GenerateKeyPair(session.handle(),
110 static_cast<Ulong>(pub_props.count()),
112 static_cast<Ulong>(priv_props.count()),
116 return std::make_pair(PKCS11_ECDH_PublicKey(session, pub_key_handle),
117 PKCS11_ECDH_PrivateKey(session, priv_key_handle));
static BigInt from_bytes(std::span< const uint8_t > bytes)
int(* final)(unsigned char *, CTX *)
CK_OBJECT_HANDLE ObjectHandle
std::vector< T, secure_allocator< T > > secure_vector
unsigned long int CK_ULONG
CK_ULONG CK_MECHANISM_TYPE