Botan 3.5.0
Crypto and TLS for C&
p11_rsa.h
Go to the documentation of this file.
1/*
2* PKCS#11 RSA
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_RSA_H_
10#define BOTAN_P11_RSA_H_
11
12#include <botan/bigint.h>
13#include <botan/p11_object.h>
14#include <botan/p11_types.h>
15#include <botan/pk_keys.h>
16
17#if defined(BOTAN_HAS_RSA)
18 #include <botan/rsa.h>
19 #include <utility>
20
21namespace Botan::PKCS11 {
22
23/// Properties for generating a PKCS#11 RSA public key
24class BOTAN_PUBLIC_API(2, 0) RSA_PublicKeyGenerationProperties final : public PublicKeyProperties {
25 public:
26 /// @param bits length in bits of modulus n
27 explicit RSA_PublicKeyGenerationProperties(Ulong bits);
28
29 /// @param pub_exponent public exponent e
30 inline void set_pub_exponent(const BigInt& pub_exponent = BigInt::from_word(0x10001)) {
31 add_binary(AttributeType::PublicExponent, pub_exponent.serialize());
32 }
33
34 ~RSA_PublicKeyGenerationProperties() override = default;
35};
36
37/// Properties for importing a PKCS#11 RSA public key
38class BOTAN_PUBLIC_API(2, 0) RSA_PublicKeyImportProperties final : public PublicKeyProperties {
39 public:
40 /// @param modulus modulus n
41 /// @param pub_exponent public exponent e
42 RSA_PublicKeyImportProperties(const BigInt& modulus, const BigInt& pub_exponent);
43
44 /// @return the modulus
45 inline const BigInt& modulus() const { return m_modulus; }
46
47 /// @return the public exponent
48 inline const BigInt& pub_exponent() const { return m_pub_exponent; }
49
50 ~RSA_PublicKeyImportProperties() override = default;
51
52 private:
53 const BigInt m_modulus;
54 const BigInt m_pub_exponent;
55};
56
57/// Represents a PKCS#11 RSA public key
58class BOTAN_PUBLIC_API(2, 0) PKCS11_RSA_PublicKey : public Object,
59 public RSA_PublicKey {
60 public:
61 static const ObjectClass Class = ObjectClass::PublicKey;
62
63 /**
64 * Creates a PKCS11_RSA_PublicKey object from an existing PKCS#11 RSA public key
65 * @param session the session to use
66 * @param handle the handle of the RSA public key
67 */
68 PKCS11_RSA_PublicKey(Session& session, ObjectHandle handle);
69
70 /**
71 * Imports a RSA public key
72 * @param session the session to use
73 * @param pubkey_props the attributes of the public key
74 */
75 PKCS11_RSA_PublicKey(Session& session, const RSA_PublicKeyImportProperties& pubkey_props);
76
77 /**
78 * @throws Not_Implemented
79 */
80 std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator&) const final {
81 throw Not_Implemented("Cannot generate a new PKCS#11 RSA keypair from this public key");
82 }
83
84 std::unique_ptr<PK_Ops::Encryption> create_encryption_op(RandomNumberGenerator& rng,
85 std::string_view params,
86 std::string_view provider) const override;
87
88 std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
89 std::string_view provider) const override;
90};
91
92/// Properties for importing a PKCS#11 RSA private key
93class BOTAN_PUBLIC_API(2, 0) RSA_PrivateKeyImportProperties final : public PrivateKeyProperties {
94 public:
95 /**
96 * @param modulus modulus n
97 * @param priv_exponent private exponent d
98 */
99 RSA_PrivateKeyImportProperties(const BigInt& modulus, const BigInt& priv_exponent);
100
101 /// @param pub_exponent public exponent e
102 inline void set_pub_exponent(const BigInt& pub_exponent) {
103 add_binary(AttributeType::PublicExponent, pub_exponent.serialize());
104 }
105
106 /// @param prime1 prime p
107 inline void set_prime_1(const BigInt& prime1) { add_binary(AttributeType::Prime1, prime1.serialize()); }
108
109 /// @param prime2 prime q
110 inline void set_prime_2(const BigInt& prime2) { add_binary(AttributeType::Prime2, prime2.serialize()); }
111
112 /// @param exp1 private exponent d modulo p-1
113 inline void set_exponent_1(const BigInt& exp1) { add_binary(AttributeType::Exponent1, exp1.serialize()); }
114
115 /// @param exp2 private exponent d modulo q-1
116 inline void set_exponent_2(const BigInt& exp2) { add_binary(AttributeType::Exponent2, exp2.serialize()); }
117
118 /// @param coeff CRT coefficient q^-1 mod p
119 inline void set_coefficient(const BigInt& coeff) { add_binary(AttributeType::Coefficient, coeff.serialize()); }
120
121 /// @return the modulus
122 inline const BigInt& modulus() const { return m_modulus; }
123
124 /// @return the private exponent
125 inline const BigInt& priv_exponent() const { return m_priv_exponent; }
126
127 ~RSA_PrivateKeyImportProperties() override = default;
128
129 private:
130 const BigInt m_modulus;
131 const BigInt m_priv_exponent;
132};
133
134/// Properties for generating a PKCS#11 RSA private key
135class BOTAN_PUBLIC_API(2, 0) RSA_PrivateKeyGenerationProperties final : public PrivateKeyProperties {
136 public:
137 RSA_PrivateKeyGenerationProperties() : PrivateKeyProperties(KeyType::Rsa) {}
138
139 ~RSA_PrivateKeyGenerationProperties() override = default;
140};
141
142/// Represents a PKCS#11 RSA private key
143
146
147class BOTAN_PUBLIC_API(2, 0) PKCS11_RSA_PrivateKey final : public Object,
148 public Private_Key,
149 public RSA_PublicKey {
150 public:
151 static const ObjectClass Class = ObjectClass::PrivateKey;
152
153 /// Creates a PKCS11_RSA_PrivateKey object from an existing PKCS#11 RSA private key
154 PKCS11_RSA_PrivateKey(Session& session, ObjectHandle handle);
155
156 /**
157 * Imports a RSA private key
158 * @param session the session to use
159 * @param priv_key_props the properties of the RSA private key
160 */
161 PKCS11_RSA_PrivateKey(Session& session, const RSA_PrivateKeyImportProperties& priv_key_props);
162
163 /**
164 * Generates a PKCS#11 RSA private key
165 * @param session the session to use
166 * @param bits length in bits of modulus n
167 * @param priv_key_props the properties of the RSA private key
168 * @note no persistent public key object will be created
169 */
170 PKCS11_RSA_PrivateKey(Session& session, uint32_t bits, const RSA_PrivateKeyGenerationProperties& priv_key_props);
171
172 /// @return the exported RSA private key
173 RSA_PrivateKey export_key() const;
174
175 /**
176 * If enabled, the PKCS#11 module gets to perform the raw RSA decryption
177 * using a blinded ciphertext. The EME unpadding is performed in software.
178 * This essenially hides the plaintext value from the PKCS#11 module.
179 *
180 * @param software_padding if true, perform the unpadding in software
181 */
182 void set_use_software_padding(bool software_padding) { m_use_software_padding = software_padding; }
183
184 bool uses_software_padding() const { return m_use_software_padding; }
185
186 secure_vector<uint8_t> private_key_bits() const override;
187
188 std::unique_ptr<Public_Key> public_key() const override;
189
190 std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng,
191 std::string_view params,
192 std::string_view provider) const override;
193
194 std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
195 std::string_view params,
196 std::string_view provider) const override;
197
198 private:
199 bool m_use_software_padding = false;
200};
201
203
204using PKCS11_RSA_KeyPair = std::pair<PKCS11_RSA_PublicKey, PKCS11_RSA_PrivateKey>;
205
206/**
207* RSA key pair generation
208* @param session the session that should be used for the key generation
209* @param pub_props properties of the public key
210* @param priv_props properties of the private key
211*/
213PKCS11_RSA_KeyPair generate_rsa_keypair(Session& session,
214 const RSA_PublicKeyGenerationProperties& pub_props,
215 const RSA_PrivateKeyGenerationProperties& priv_props);
216} // namespace Botan::PKCS11
217#endif
218
219#endif
int(* final)(unsigned char *, CTX *)
#define BOTAN_DIAGNOSTIC_POP
Definition compiler.h:191
#define BOTAN_DIAGNOSTIC_PUSH
Definition compiler.h:188
#define BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
Definition compiler.h:190
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31