libcdoc 0.5.0
Public Member Functions | List of all members
libcdoc::WinBackend Struct Referenceabstract

A convenience class for Windows NCrypt cryptographic operations. More...

#include <WinBackend.h>

Inherits libcdoc::CryptoBackend.

Public Member Functions

result_t useKey (const std::string &name, const std::string &pin)
 Load the actual private key.
 
virtual result_t connectToKey (int idx, bool priv)=0
 loads key for encryption/decryption
 
virtual result_t usePSS (int idx)
 whether to use PSS RSA padding
 
virtual result_t decryptRSA (std::vector< uint8_t > &dst, const std::vector< uint8_t > &data, bool oaep, unsigned int idx)
 decryptRSA
 
virtual result_t deriveConcatKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::string &digest, const std::vector< uint8_t > &algorithm_id, const std::vector< uint8_t > &party_uinfo, const std::vector< uint8_t > &party_vinfo, unsigned int idx)
 Derive key by ConcatKDF algorithm.
 
virtual result_t deriveHMACExtract (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::vector< uint8_t > &salt, unsigned int idx)
 Get CDoc2 KEK pre-master from ECC key.
 
virtual result_t sign (std::vector< uint8_t > &dst, HashAlgorithm algorithm, const std::vector< uint8_t > &digest, unsigned int idx)
 sign Sign message with given algorithm
 
 WinBackend (const std::string &provider)
 
virtual ~WinBackend ()
 
- Public Member Functions inherited from libcdoc::CryptoBackend
 CryptoBackend ()=default
 
virtual ~CryptoBackend () noexcept=default
 
 CryptoBackend (const CryptoBackend &)=delete
 
CryptoBackendoperator= (const CryptoBackend &)=delete
 
 CDOC_DISABLE_MOVE (CryptoBackend)
 
virtual std::string getLastErrorStr (result_t code) const
 
virtual result_t random (std::vector< uint8_t > &dst, unsigned int size)
 Fill vector with random bytes.
 
virtual result_t deriveECDH1 (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, unsigned int idx)
 Derive shared secret.
 
virtual result_t decryptRSA (std::vector< uint8_t > &dst, const std::vector< uint8_t > &data, bool oaep, unsigned int idx)
 decryptRSA
 
virtual result_t deriveConcatKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::string &digest, const std::vector< uint8_t > &algorithm_id, const std::vector< uint8_t > &party_uinfo, const std::vector< uint8_t > &party_vinfo, unsigned int idx)
 Derive key by ConcatKDF algorithm.
 
virtual result_t deriveHMACExtract (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::vector< uint8_t > &salt, unsigned int idx)
 Get CDoc2 KEK pre-master from ECC key.
 
virtual result_t getSecret (std::vector< uint8_t > &dst, unsigned int idx)
 Get secret value (either password or symmetric key) for a lock.
 
virtual result_t getKeyMaterial (std::vector< uint8_t > &dst, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx)
 Get CDoc2 key material for HKDF expansion.
 
virtual result_t extractHKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &salt, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx)
 Get CDoc2 KEK pre-master from symmetric key.
 
virtual result_t sign (std::vector< uint8_t > &dst, HashAlgorithm algorithm, const std::vector< uint8_t > &digest, unsigned int idx)
 sign Sign message with given algorithm
 
virtual int test (libcdoc::Lock &lock)
 

Additional Inherited Members

- Public Types inherited from libcdoc::CryptoBackend
enum  HashAlgorithm : uint32_t { SHA_224 , SHA_256 , SHA_384 , SHA_512 }
 
- Static Public Attributes inherited from libcdoc::CryptoBackend
static constexpr int INVALID_PARAMS = -201
 
static constexpr int OPENSSL_ERROR = -202
 
static constexpr int ECC_KEY_LEN = 32
 

Detailed Description

A convenience class for Windows NCrypt cryptographic operations.

It has default implementations of all CryptoBackend methods. Instead the user has to implement connectToKey method. The latter should find the correct private or secret key for the lock and then call useKey to load the key.

Constructor & Destructor Documentation

◆ WinBackend()

libcdoc::WinBackend::WinBackend ( const std::string &  provider)

◆ ~WinBackend()

virtual libcdoc::WinBackend::~WinBackend ( )
virtual

Member Function Documentation

◆ connectToKey()

virtual result_t libcdoc::WinBackend::connectToKey ( int  idx,
bool  priv 
)
pure virtual

loads key for encryption/decryption

A method to load the correct private/secret key for given capsule or reciever. The subclass implementation should use useKey with proper name.

Parameters
idxlock or recipient index (0-based) in CDoc container
privwhether to connect to private or secret key
Returns
error code or OK

◆ decryptRSA()

virtual result_t libcdoc::WinBackend::decryptRSA ( std::vector< uint8_t > &  dst,
const std::vector< uint8_t > &  data,
bool  oaep,
unsigned int  idx 
)
virtual

decryptRSA

Parameters
dstthe destination container for decrypted data
dataencrypted data
oaepuse OAEP padding
idxlock index (0-based) in container
Returns
error code or OK

Reimplemented from libcdoc::CryptoBackend.

◆ deriveConcatKDF()

virtual result_t libcdoc::WinBackend::deriveConcatKDF ( std::vector< uint8_t > &  dst,
const std::vector< uint8_t > &  public_key,
const std::string &  digest,
const std::vector< uint8_t > &  algorithm_id,
const std::vector< uint8_t > &  party_uinfo,
const std::vector< uint8_t > &  party_vinfo,
unsigned int  idx 
)
virtual

Derive key by ConcatKDF algorithm.

The ConcatKDF key derivation algorithm is defined in Section 5.8.1 of NIST SP 800-56A. The default implementation calls deriveECDH1 and performs local concatKDF

Parameters
dstthe container for derived key
public_keyECDH public Key used to derive shared secret
digestDigest method to use for ConcatKDF algorithm
algorithm_idOtherInfo info parameters to input
party_uinfoOtherInfo info parameters to input
party_vinfoOtherInfo info parameters to input
idxlock index (0-based) in container
Returns
error code or OK

Reimplemented from libcdoc::CryptoBackend.

◆ deriveHMACExtract()

virtual result_t libcdoc::WinBackend::deriveHMACExtract ( std::vector< uint8_t > &  dst,
const std::vector< uint8_t > &  public_key,
const std::vector< uint8_t > &  salt,
unsigned int  idx 
)
virtual

Get CDoc2 KEK pre-master from ECC key.

Calculates KEK (Key Encryption Key) pre-master from an ECC public key. The default implementation calls deriveECDH1 and performs local HMAC extract

Parameters
dstthe container for derived key
public_keyECDH public Key used to derive shared secret
saltsalt for key derivation
idxlock index (0-based) in container
Returns
error code or OK

Reimplemented from libcdoc::CryptoBackend.

◆ sign()

virtual result_t libcdoc::WinBackend::sign ( std::vector< uint8_t > &  dst,
HashAlgorithm  algorithm,
const std::vector< uint8_t > &  digest,
unsigned int  idx 
)
virtual

sign Sign message with given algorithm

Parameters
dstthe destination container for signed message
algorithmhashing algorithm
digesta message to sign
idxlock or recipient index (0-based) in container
Returns
error code or OK

Reimplemented from libcdoc::CryptoBackend.

◆ useKey()

result_t libcdoc::WinBackend::useKey ( const std::string &  name,
const std::string &  pin 
)

Load the actual private key.

Loads the key internally for subsequent cryptographic operations.

Parameters
namethe name of key
pinkey pin
Returns
result_t error code ot OK

◆ usePSS()

virtual result_t libcdoc::WinBackend::usePSS ( int  idx)
inlinevirtual

whether to use PSS RSA padding

A subclass should overwrite this to inform the backend about the correct padding.

Parameters
idxa lock idx
Returns
true if PSS padding is sued
The documentation for this struct was generated from the following file: