Botan 3.9.0
Crypto and TLS for C&
p11_rsa.h
Go to the documentation of this file.
1/*
2* PKCS#11 RSA
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_RSA_H_
10#define BOTAN_P11_RSA_H_
11
12#include <botan/bigint.h>
13#include <botan/p11_object.h>
14#include <botan/p11_types.h>
15#include <botan/pk_keys.h>
16
17#if defined(BOTAN_HAS_RSA)
18 #include <botan/rsa.h>
19 #include <utility>
20
21namespace Botan::PKCS11 {
22
23/// Properties for generating a PKCS#11 RSA public key
24class BOTAN_PUBLIC_API(2, 0) RSA_PublicKeyGenerationProperties final : public PublicKeyProperties {
25 public:
26 /// @param bits length in bits of modulus n
27 explicit RSA_PublicKeyGenerationProperties(Ulong bits);
28
29 /// @param pub_exponent public exponent e
30 inline void set_pub_exponent(const BigInt& pub_exponent = BigInt::from_word(0x10001)) {
31 add_binary(AttributeType::PublicExponent, pub_exponent.serialize());
32 }
33};
34
35/// Properties for importing a PKCS#11 RSA public key
36class BOTAN_PUBLIC_API(2, 0) RSA_PublicKeyImportProperties final : public PublicKeyProperties {
37 public:
38 /// @param modulus modulus n
39 /// @param pub_exponent public exponent e
40 RSA_PublicKeyImportProperties(const BigInt& modulus, const BigInt& pub_exponent);
41
42 /// @return the modulus
43 inline const BigInt& modulus() const { return m_modulus; }
44
45 /// @return the public exponent
46 inline const BigInt& pub_exponent() const { return m_pub_exponent; }
47
48 private:
49 const BigInt m_modulus;
50 const BigInt m_pub_exponent;
51};
52
53/// Represents a PKCS#11 RSA public key
54class BOTAN_PUBLIC_API(2, 0) PKCS11_RSA_PublicKey : public Object,
55 public RSA_PublicKey {
56 public:
57 static const ObjectClass Class = ObjectClass::PublicKey;
58
59 /**
60 * Creates a PKCS11_RSA_PublicKey object from an existing PKCS#11 RSA public key
61 * @param session the session to use
62 * @param handle the handle of the RSA public key
63 */
64 PKCS11_RSA_PublicKey(Session& session, ObjectHandle handle);
65
66 /**
67 * Imports a RSA public key
68 * @param session the session to use
69 * @param pubkey_props the attributes of the public key
70 */
71 PKCS11_RSA_PublicKey(Session& session, const RSA_PublicKeyImportProperties& pubkey_props);
72
73 /**
74 * @throws Not_Implemented as this operation is not possible in PKCS11
75 */
76 std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& /*rng*/) const final {
77 throw Not_Implemented("Cannot generate a new PKCS#11 RSA keypair from this public key");
78 }
79
80 std::unique_ptr<PK_Ops::Encryption> create_encryption_op(RandomNumberGenerator& rng,
81 std::string_view params,
82 std::string_view provider) const override;
83
84 std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
85 std::string_view provider) const override;
86};
87
88/// Properties for importing a PKCS#11 RSA private key
89class BOTAN_PUBLIC_API(2, 0) RSA_PrivateKeyImportProperties final : public PrivateKeyProperties {
90 public:
91 /**
92 * @param modulus modulus n
93 * @param priv_exponent private exponent d
94 */
95 RSA_PrivateKeyImportProperties(const BigInt& modulus, const BigInt& priv_exponent);
96
97 /// @param pub_exponent public exponent e
98 inline void set_pub_exponent(const BigInt& pub_exponent) {
99 add_binary(AttributeType::PublicExponent, pub_exponent.serialize());
100 }
101
102 /// @param prime1 prime p
103 inline void set_prime_1(const BigInt& prime1) { add_binary(AttributeType::Prime1, prime1.serialize()); }
104
105 /// @param prime2 prime q
106 inline void set_prime_2(const BigInt& prime2) { add_binary(AttributeType::Prime2, prime2.serialize()); }
107
108 /// @param exp1 private exponent d modulo p-1
109 inline void set_exponent_1(const BigInt& exp1) { add_binary(AttributeType::Exponent1, exp1.serialize()); }
110
111 /// @param exp2 private exponent d modulo q-1
112 inline void set_exponent_2(const BigInt& exp2) { add_binary(AttributeType::Exponent2, exp2.serialize()); }
113
114 /// @param coeff CRT coefficient q^-1 mod p
115 inline void set_coefficient(const BigInt& coeff) { add_binary(AttributeType::Coefficient, coeff.serialize()); }
116
117 /// @return the modulus
118 inline const BigInt& modulus() const { return m_modulus; }
119
120 /// @return the private exponent
121 inline const BigInt& priv_exponent() const { return m_priv_exponent; }
122
123 private:
124 const BigInt m_modulus;
125 const BigInt m_priv_exponent;
126};
127
128/// Properties for generating a PKCS#11 RSA private key
129class BOTAN_PUBLIC_API(2, 0) RSA_PrivateKeyGenerationProperties final : public PrivateKeyProperties {
130 public:
131 RSA_PrivateKeyGenerationProperties() : PrivateKeyProperties(KeyType::Rsa) {}
132};
133
134/// Represents a PKCS#11 RSA private key
135
138
139class BOTAN_PUBLIC_API(2, 0) PKCS11_RSA_PrivateKey final : public Object,
140 public Private_Key,
141 public RSA_PublicKey {
142 public:
143 static const ObjectClass Class = ObjectClass::PrivateKey;
144
145 /// Creates a PKCS11_RSA_PrivateKey object from an existing PKCS#11 RSA private key
146 PKCS11_RSA_PrivateKey(Session& session, ObjectHandle handle);
147
148 /**
149 * Imports a RSA private key
150 * @param session the session to use
151 * @param priv_key_props the properties of the RSA private key
152 */
153 PKCS11_RSA_PrivateKey(Session& session, const RSA_PrivateKeyImportProperties& priv_key_props);
154
155 /**
156 * Generates a PKCS#11 RSA private key
157 * @param session the session to use
158 * @param bits length in bits of modulus n
159 * @param priv_key_props the properties of the RSA private key
160 * @note no persistent public key object will be created
161 */
162 PKCS11_RSA_PrivateKey(Session& session, uint32_t bits, const RSA_PrivateKeyGenerationProperties& priv_key_props);
163
164 /// @return the exported RSA private key
165 RSA_PrivateKey export_key() const;
166
167 /**
168 * If enabled, the PKCS#11 module gets to perform the raw RSA decryption
169 * using a blinded ciphertext. The EME unpadding is performed in software.
170 * This essenially hides the plaintext value from the PKCS#11 module.
171 *
172 * @param software_padding if true, perform the unpadding in software
173 */
174 void set_use_software_padding(bool software_padding) { m_use_software_padding = software_padding; }
175
176 bool uses_software_padding() const { return m_use_software_padding; }
177
178 secure_vector<uint8_t> private_key_bits() const override;
179
180 std::unique_ptr<Public_Key> public_key() const override;
181
182 std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng,
183 std::string_view params,
184 std::string_view provider) const override;
185
186 std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
187 std::string_view params,
188 std::string_view provider) const override;
189
190 private:
191 bool m_use_software_padding = false;
192};
193
195
196using PKCS11_RSA_KeyPair = std::pair<PKCS11_RSA_PublicKey, PKCS11_RSA_PrivateKey>;
197
198/**
199* RSA key pair generation
200* @param session the session that should be used for the key generation
201* @param pub_props properties of the public key
202* @param priv_props properties of the private key
203*/
205PKCS11_RSA_KeyPair generate_rsa_keypair(Session& session,
206 const RSA_PublicKeyGenerationProperties& pub_props,
207 const RSA_PrivateKeyGenerationProperties& priv_props);
208} // namespace Botan::PKCS11
209#endif
210
211#endif
#define BOTAN_DIAGNOSTIC_POP
Definition api.h:122
#define BOTAN_DIAGNOSTIC_PUSH
Definition api.h:119
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition api.h:121
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
Common attributes of all private keys.
Definition p11_object.h:340
Common attributes of all public key objects.
Definition p11_object.h:295
Represents a PKCS#11 session.
Definition p11_types.h:122