9#include <botan/p11_mechanism.h>
11#include <botan/internal/fmt.h>
12#include <botan/internal/parsing.h>
13#include <botan/internal/scan_name.h>
19using PSS_Params = std::tuple<size_t, MechanismType, MGF>;
22const std::map<MechanismType, PSS_Params> PssOptions = {
34 MechanismData(
const MechanismData& other) =
default;
35 MechanismData(MechanismData&& other) =
default;
37 MechanismData& operator=(
const MechanismData& other) =
default;
38 MechanismData& operator=(MechanismData&& other) =
default;
40 virtual ~MechanismData() =
default;
49class RSA_SignMechanism
final :
public MechanismData {
53 auto pss_option = PssOptions.find(type());
54 if(pss_option != PssOptions.end()) {
55 m_hash = std::get<1>(pss_option->second);
56 m_mgf = std::get<2>(pss_option->second);
57 m_salt_size = std::get<0>(pss_option->second);
63 MGF mgf()
const {
return m_mgf; }
65 size_t salt_size()
const {
return m_salt_size; }
85const std::map<std::string, RSA_SignMechanism> SignMechanisms = {
155struct RSA_CryptMechanism
final :
public MechanismData {
158 MechanismData(typ), m_hash(hash), m_mgf(mgf), m_padding_size(padding_size) {}
165 MGF mgf()
const {
return m_mgf; }
167 size_t padding_size()
const {
return m_padding_size; }
177 size_t m_padding_size;
181const std::map<std::string, RSA_CryptMechanism> CryptMechanisms = {
217 const std::string padding(padding_view);
218 auto mechanism_info_it = CryptMechanisms.find(padding);
219 if(mechanism_info_it == CryptMechanisms.end()) {
221 throw Lookup_Error(
"PKCS#11 RSA encrypt/decrypt does not support EME " + padding);
223 RSA_CryptMechanism mechanism_info = mechanism_info_it->second;
227 mech.m_parameters = std::make_shared<MechanismParameters>();
228 mech.m_parameters->oaep_params.hashAlg =
static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash());
231 mech.m_parameters->oaep_params.pSourceData =
nullptr;
232 mech.m_parameters->oaep_params.ulSourceDataLen = 0;
233 mech.m_mechanism.
pParameter = mech.m_parameters.get();
236 mech.m_padding_size = mechanism_info.padding_size();
241 const std::string padding(padding_view);
242 auto mechanism_info_it = SignMechanisms.find(padding);
243 if(mechanism_info_it == SignMechanisms.end()) {
245 throw Lookup_Error(
"PKCS#11 RSA sign/verify does not support EMSA " + padding);
247 RSA_SignMechanism mechanism_info = mechanism_info_it->second;
250 if(PssOptions.find(mechanism_info.type()) != PssOptions.end()) {
251 mech.m_parameters = std::make_shared<MechanismParameters>();
252 mech.m_parameters->pss_params.hashAlg =
static_cast<CK_MECHANISM_TYPE>(mechanism_info.hash());
254 mech.m_parameters->pss_params.sLen =
static_cast<Ulong>(mechanism_info.salt_size());
255 mech.m_mechanism.
pParameter = mech.m_parameters.get();
262 const std::string hash_spec(hash_spec_view);
263 auto mechanism = EcdsaHash.find(hash_spec);
264 if(mechanism != EcdsaHash.end()) {
271 mechanism = EcdsaHash.find(req.
arg(0));
272 if(mechanism != EcdsaHash.end()) {
277 throw Lookup_Error(
fmt(
"PKCS #11 ECDSA sign/verify does not support {}", hash_spec));
281 std::vector<std::string> param_parts =
split_on(params,
',');
283 if(param_parts.empty() || param_parts.size() > 2) {
287 const bool use_cofactor =
288 (param_parts[0] ==
"Cofactor") || (param_parts.size() == 2 && param_parts[1] ==
"Cofactor");
290 std::string kdf_name = (param_parts[0] ==
"Cofactor" ? param_parts[1] : param_parts[0]);
291 std::string hash = kdf_name;
293 if(kdf_name !=
"Raw") {
297 hash = kdf_hash.
arg(0);
301 auto kdf = EcdhHash.find(hash);
302 if(kdf == EcdhHash.end()) {
303 throw Lookup_Error(
"PKCS#11 ECDH key derivation does not support KDF " + kdf_name);
306 mech.m_parameters = std::make_shared<MechanismParameters>();
307 mech.m_parameters->ecdh_params.kdf =
static_cast<CK_EC_KDF_TYPE>(kdf->second);
308 mech.m_mechanism.
pParameter = mech.m_parameters.get();
static MechanismWrapper create_rsa_sign_mechanism(std::string_view padding)
static MechanismWrapper create_ecdh_mechanism(std::string_view params)
MechanismType mechanism_type() const
static MechanismWrapper create_rsa_crypt_mechanism(std::string_view padding)
static MechanismWrapper create_ecdsa_mechanism(std::string_view hash)
MechanismWrapper(MechanismType mechanism_type)
std::string arg(size_t i) const
const std::string & algo_name() const
int(* final)(unsigned char *, CTX *)
CK_RSA_PKCS_OAEP_PARAMS RsaPkcsOaepParams
CK_ECDH1_DERIVE_PARAMS Ecdh1DeriveParams
CK_RSA_PKCS_PSS_PARAMS RsaPkcsPssParams
std::string fmt(std::string_view format, const T &... args)
std::vector< std::string > split_on(std::string_view str, char delim)
#define CKZ_DATA_SPECIFIED
CK_ULONG CK_RSA_PKCS_MGF_TYPE
CK_ULONG CK_MECHANISM_TYPE