- Generated by
1.16.1
|
libcdoc 0.5.0
|
A convenience class for Windows NCrypt cryptographic operations. More...
#include <WinBackend.h>
Inherits libcdoc::CryptoBackend.
Public Member Functions | |
| result_t | useKey (const std::string &name, const std::string &pin) |
| Load the actual private key. | |
| virtual result_t | connectToKey (int idx, bool priv)=0 |
| loads key for encryption/decryption | |
| virtual result_t | usePSS (int idx) |
| whether to use PSS RSA padding | |
| virtual result_t | decryptRSA (std::vector< uint8_t > &dst, const std::vector< uint8_t > &data, bool oaep, unsigned int idx) |
| decryptRSA | |
| virtual result_t | deriveConcatKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::string &digest, const std::vector< uint8_t > &algorithm_id, const std::vector< uint8_t > &party_uinfo, const std::vector< uint8_t > &party_vinfo, unsigned int idx) |
| Derive key by ConcatKDF algorithm. | |
| virtual result_t | deriveHMACExtract (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::vector< uint8_t > &salt, unsigned int idx) |
| Get CDoc2 KEK pre-master from ECC key. | |
| virtual result_t | sign (std::vector< uint8_t > &dst, HashAlgorithm algorithm, const std::vector< uint8_t > &digest, unsigned int idx) |
| sign Sign message with given algorithm | |
| WinBackend (const std::string &provider) | |
| virtual | ~WinBackend () |
| Public Member Functions inherited from libcdoc::CryptoBackend | |
| CryptoBackend ()=default | |
| virtual | ~CryptoBackend () noexcept=default |
| CryptoBackend (const CryptoBackend &)=delete | |
| CryptoBackend & | operator= (const CryptoBackend &)=delete |
| CDOC_DISABLE_MOVE (CryptoBackend) | |
| virtual std::string | getLastErrorStr (result_t code) const |
| virtual result_t | random (std::vector< uint8_t > &dst, unsigned int size) |
| Fill vector with random bytes. | |
| virtual result_t | deriveECDH1 (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, unsigned int idx) |
| Derive shared secret. | |
| virtual result_t | getSecret (std::vector< uint8_t > &dst, unsigned int idx) |
| Get secret value (either password or symmetric key) for a lock. | |
| virtual result_t | getKeyMaterial (std::vector< uint8_t > &dst, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx) |
| Get CDoc2 key material for HKDF expansion. | |
| virtual result_t | extractHKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &salt, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx) |
| Get CDoc2 KEK pre-master from symmetric key. | |
| virtual int | test (libcdoc::Lock &lock) |
Additional Inherited Members | |
| Public Types inherited from libcdoc::CryptoBackend | |
| enum | HashAlgorithm : uint32_t { SHA_224 , SHA_256 , SHA_384 , SHA_512 } |
| Static Public Attributes inherited from libcdoc::CryptoBackend | |
| static constexpr int | INVALID_PARAMS = -201 |
| static constexpr int | OPENSSL_ERROR = -202 |
| static constexpr int | ECC_KEY_LEN = 32 |
A convenience class for Windows NCrypt cryptographic operations.
It has default implementations of all CryptoBackend methods. Instead the user has to implement connectToKey method. The latter should find the correct private or secret key for the lock and then call useKey to load the key.
| libcdoc::WinBackend::WinBackend | ( | const std::string & | provider | ) |
|
virtual |
|
pure virtual |
loads key for encryption/decryption
A method to load the correct private/secret key for given capsule or reciever. The subclass implementation should use useKey with proper name.
| idx | lock or recipient index (0-based) in CDoc container |
| priv | whether to connect to private or secret key |
|
virtual |
decryptRSA
| dst | the destination container for decrypted data |
| data | encrypted data |
| oaep | use OAEP padding |
| idx | lock index (0-based) in container |
Reimplemented from libcdoc::CryptoBackend.
|
virtual |
Derive key by ConcatKDF algorithm.
The ConcatKDF key derivation algorithm is defined in Section 5.8.1 of NIST SP 800-56A. The default implementation calls deriveECDH1 and performs local concatKDF
| dst | the container for derived key |
| public_key | ECDH public Key used to derive shared secret |
| digest | Digest method to use for ConcatKDF algorithm |
| algorithm_id | OtherInfo info parameters to input |
| party_uinfo | OtherInfo info parameters to input |
| party_vinfo | OtherInfo info parameters to input |
| idx | lock index (0-based) in container |
Reimplemented from libcdoc::CryptoBackend.
|
virtual |
Get CDoc2 KEK pre-master from ECC key.
Calculates KEK (Key Encryption Key) pre-master from an ECC public key. The default implementation calls deriveECDH1 and performs local HMAC extract
| dst | the container for derived key |
| public_key | ECDH public Key used to derive shared secret |
| salt | salt for key derivation |
| idx | lock index (0-based) in container |
Reimplemented from libcdoc::CryptoBackend.
|
virtual |
sign Sign message with given algorithm
| dst | the destination container for signed message |
| algorithm | hashing algorithm |
| digest | a message to sign |
| idx | lock or recipient index (0-based) in container |
Reimplemented from libcdoc::CryptoBackend.
| result_t libcdoc::WinBackend::useKey | ( | const std::string & | name, |
| const std::string & | pin ) |
Load the actual private key.
Loads the key internally for subsequent cryptographic operations.
| name | the name of key |
| pin | key pin |
|
inlinevirtual |
whether to use PSS RSA padding
A subclass should overwrite this to inform the backend about the correct padding.
| idx | a lock idx |
1.16.1