3
* (C) 2016 Daniel Neus, Sirrix AG
4
* (C) 2016 Philipp Weber, Sirrix AG
6
* Botan is released under the Simplified BSD License (see license.txt)
9
#include <botan/p11_ecdsa.h>
11
#if defined(BOTAN_HAS_ECDSA)
13
#include <botan/internal/p11_mechanism.h>
14
#include <botan/pk_ops.h>
15
#include <botan/keypair.h>
16
#include <botan/rng.h>
21
ECDSA_PublicKey PKCS11_ECDSA_PublicKey::export_key() const
23
return ECDSA_PublicKey(domain(), public_point());
26
bool PKCS11_ECDSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
28
if(!public_point().on_the_curve())
38
ECDSA_PublicKey pubkey(domain(), public_point());
39
return KeyPair::signature_consistency_check(rng, *this, pubkey, "EMSA1(SHA-256)");
42
ECDSA_PrivateKey PKCS11_ECDSA_PrivateKey::export_key() const
44
auto priv_key = get_attribute_value(AttributeType::Value);
47
return ECDSA_PrivateKey(rng, domain(), BigInt::decode(priv_key));
50
secure_vector<uint8_t> PKCS11_ECDSA_PrivateKey::private_key_bits() const
52
return export_key().private_key_bits();
57
class PKCS11_ECDSA_Signature_Operation final : public PK_Ops::Signature
60
PKCS11_ECDSA_Signature_Operation(const PKCS11_EC_PrivateKey& key, const std::string& emsa)
61
: PK_Ops::Signature(), m_key(key), m_order(key.domain().get_order()), m_mechanism(MechanismWrapper::create_ecdsa_mechanism(emsa))
64
void update(const uint8_t msg[], size_t msg_len) override
68
// first call to update: initialize and cache message because we can not determine yet whether a single- or multiple-part operation will be performed
69
m_key.module()->C_SignInit(m_key.session().handle(), m_mechanism.data(), m_key.handle());
71
m_first_message = secure_vector<uint8_t>(msg, msg + msg_len);
75
if(!m_first_message.empty())
77
// second call to update: start multiple-part operation
78
m_key.module()->C_SignUpdate(m_key.session().handle(), m_first_message);
79
m_first_message.clear();
82
m_key.module()->C_SignUpdate(m_key.session().handle(), const_cast<Byte*>(msg), msg_len);
85
secure_vector<uint8_t> sign(RandomNumberGenerator&) override
87
secure_vector<uint8_t> signature;
88
if(!m_first_message.empty())
90
// single call to update: perform single-part operation
91
m_key.module()->C_Sign(m_key.session().handle(), m_first_message, signature);
92
m_first_message.clear();
96
// multiple calls to update (or none): finish multiple-part operation
97
m_key.module()->C_SignFinal(m_key.session().handle(), signature);
99
m_initialized = false;
104
const PKCS11_EC_PrivateKey& m_key;
105
const BigInt& m_order;
106
MechanismWrapper m_mechanism;
107
secure_vector<uint8_t> m_first_message;
108
bool m_initialized = false;
112
class PKCS11_ECDSA_Verification_Operation final : public PK_Ops::Verification
115
PKCS11_ECDSA_Verification_Operation(const PKCS11_EC_PublicKey& key, const std::string& emsa)
116
: PK_Ops::Verification(), m_key(key), m_order(key.domain().get_order()), m_mechanism(MechanismWrapper::create_ecdsa_mechanism(emsa))
119
void update(const uint8_t msg[], size_t msg_len) override
123
// first call to update: initialize and cache message because we can not determine yet whether a single- or multiple-part operation will be performed
124
m_key.module()->C_VerifyInit(m_key.session().handle(), m_mechanism.data(), m_key.handle());
125
m_initialized = true;
126
m_first_message = secure_vector<uint8_t>(msg, msg + msg_len);
130
if(!m_first_message.empty())
132
// second call to update: start multiple-part operation
133
m_key.module()->C_VerifyUpdate(m_key.session().handle(), m_first_message);
134
m_first_message.clear();
137
m_key.module()->C_VerifyUpdate(m_key.session().handle(), const_cast<Byte*>(msg), msg_len);
140
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
142
ReturnValue return_value = ReturnValue::SignatureInvalid;
143
if(!m_first_message.empty())
145
// single call to update: perform single-part operation
146
m_key.module()->C_Verify(m_key.session().handle(), m_first_message.data(), m_first_message.size(),
147
const_cast<Byte*>(sig), sig_len, &return_value);
148
m_first_message.clear();
152
// multiple calls to update (or none): finish multiple-part operation
153
m_key.module()->C_VerifyFinal(m_key.session().handle(), const_cast<Byte*>(sig), sig_len, &return_value);
155
m_initialized = false;
156
if(return_value != ReturnValue::OK && return_value != ReturnValue::SignatureInvalid)
158
throw PKCS11_ReturnError(return_value);
160
return return_value == ReturnValue::OK;
164
const PKCS11_EC_PublicKey& m_key;
165
const BigInt& m_order;
166
MechanismWrapper m_mechanism;
167
secure_vector<uint8_t> m_first_message;
168
bool m_initialized = false;
173
std::unique_ptr<PK_Ops::Verification>
174
PKCS11_ECDSA_PublicKey::create_verification_op(const std::string& params,
175
const std::string& /*provider*/) const
177
return std::unique_ptr<PK_Ops::Verification>(new PKCS11_ECDSA_Verification_Operation(*this, params));
180
std::unique_ptr<PK_Ops::Signature>
181
PKCS11_ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/,
182
const std::string& params,
183
const std::string& /*provider*/) const
185
return std::unique_ptr<PK_Ops::Signature>(new PKCS11_ECDSA_Signature_Operation(*this, params));
188
PKCS11_ECDSA_KeyPair generate_ecdsa_keypair(Session& session, const EC_PublicKeyGenerationProperties& pub_props,
189
const EC_PrivateKeyGenerationProperties& priv_props)
191
ObjectHandle pub_key_handle = 0;
192
ObjectHandle priv_key_handle = 0;
194
Mechanism mechanism = { static_cast<CK_MECHANISM_TYPE>(MechanismType::EcKeyPairGen), nullptr, 0 };
196
session.module()->C_GenerateKeyPair(session.handle(), &mechanism,
197
pub_props.data(), pub_props.count(), priv_props.data(), priv_props.count(),
198
&pub_key_handle, &priv_key_handle);
200
return std::make_pair(PKCS11_ECDSA_PublicKey(session, pub_key_handle), PKCS11_ECDSA_PrivateKey(session,