A convenience class for Windows NCrypt cryptographic operations. More...
#include <WinBackend.h>
Inherits libcdoc::CryptoBackend.
Public Member Functions | |
| result_t | useKey (const std::string &name, const std::string &pin) |
| Load the actual private key. | |
| virtual result_t | connectToKey (int idx, bool priv)=0 |
| loads key for encryption/decryption | |
| virtual result_t | usePSS (int idx) |
| whether to use PSS RSA padding | |
| virtual result_t | decryptRSA (std::vector< uint8_t > &dst, const std::vector< uint8_t > &data, bool oaep, unsigned int idx) |
| decryptRSA | |
| virtual result_t | deriveConcatKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::string &digest, const std::vector< uint8_t > &algorithm_id, const std::vector< uint8_t > &party_uinfo, const std::vector< uint8_t > &party_vinfo, unsigned int idx) |
| Derive key by ConcatKDF algorithm. | |
| virtual result_t | deriveHMACExtract (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, const std::vector< uint8_t > &salt, unsigned int idx) |
| Get CDoc2 KEK pre-master from ECC key. | |
| virtual result_t | sign (std::vector< uint8_t > &dst, HashAlgorithm algorithm, const std::vector< uint8_t > &digest, unsigned int idx) |
| sign Sign message with given algorithm | |
| WinBackend (const std::string &provider) | |
| virtual | ~WinBackend () |
 Public Member Functions inherited from libcdoc::CryptoBackend | |
| CryptoBackend ()=default | |
| virtual | ~CryptoBackend () noexcept=default |
| CryptoBackend (const CryptoBackend &)=delete | |
| CryptoBackend & | operator= (const CryptoBackend &)=delete |
| CDOC_DISABLE_MOVE (CryptoBackend) | |
| virtual std::string | getLastErrorStr (result_t code) const |
| virtual result_t | random (std::vector< uint8_t > &dst, unsigned int size) |
| Fill vector with random bytes. | |
| virtual result_t | deriveECDH1 (std::vector< uint8_t > &dst, const std::vector< uint8_t > &public_key, unsigned int idx) |
| Derive shared secret. | |
| virtual result_t | getSecret (std::vector< uint8_t > &dst, unsigned int idx) |
| Get secret value (either password or symmetric key) for a lock. | |
| virtual result_t | getKeyMaterial (std::vector< uint8_t > &dst, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx) |
| Get CDoc2 key material for HKDF expansion. | |
| virtual result_t | extractHKDF (std::vector< uint8_t > &dst, const std::vector< uint8_t > &salt, const std::vector< uint8_t > &pw_salt, int32_t kdf_iter, unsigned int idx) |
| Get CDoc2 KEK pre-master from symmetric key. | |
| virtual int | test (libcdoc::Lock &lock) |
Additional Inherited Members | |
| Public Types inherited from libcdoc::CryptoBackend | |
| enum | HashAlgorithm : uint32_t { SHA_224 , SHA_256 , SHA_384 , SHA_512 } |
| Static Public Attributes inherited from libcdoc::CryptoBackend | |
| static constexpr int | INVALID_PARAMS = -201 |
| static constexpr int | OPENSSL_ERROR = -202 |
| static constexpr int | ECC_KEY_LEN = 32 |
Detailed Description
A convenience class for Windows NCrypt cryptographic operations.
It has default implementations of all CryptoBackend methods. Instead the user has to implement connectToKey method. The latter should find the correct private or secret key for the lock and then call useKey to load the key.
Constructor & Destructor Documentation
◆ WinBackend()
| libcdoc::WinBackend::WinBackend | ( | const std::string & | provider | ) |
◆ ~WinBackend()
|
virtual |
Member Function Documentation
◆ connectToKey()
|
pure virtual |
loads key for encryption/decryption
A method to load the correct private/secret key for given capsule or reciever. The subclass implementation should use useKey with proper name.
- Parameters
-
idx lock or recipient index (0-based) in CDoc container priv whether to connect to private or secret key
- Returns
- error code or OK
◆ decryptRSA()
|
virtual |
decryptRSA
- Parameters
-
dst the destination container for decrypted data data encrypted data oaep use OAEP padding idx lock index (0-based) in container
- Returns
- error code or OK
Reimplemented from libcdoc::CryptoBackend.
◆ deriveConcatKDF()
|
virtual |
Derive key by ConcatKDF algorithm.
The ConcatKDF key derivation algorithm is defined in Section 5.8.1 of NIST SP 800-56A. The default implementation calls deriveECDH1 and performs local concatKDF
- Parameters
-
dst the container for derived key public_key ECDH public Key used to derive shared secret digest Digest method to use for ConcatKDF algorithm algorithm_id OtherInfo info parameters to input party_uinfo OtherInfo info parameters to input party_vinfo OtherInfo info parameters to input idx lock index (0-based) in container
- Returns
- error code or OK
Reimplemented from libcdoc::CryptoBackend.
◆ deriveHMACExtract()
|
virtual |
Get CDoc2 KEK pre-master from ECC key.
Calculates KEK (Key Encryption Key) pre-master from an ECC public key. The default implementation calls deriveECDH1 and performs local HMAC extract
- Parameters
-
dst the container for derived key public_key ECDH public Key used to derive shared secret salt salt for key derivation idx lock index (0-based) in container
- Returns
- error code or OK
Reimplemented from libcdoc::CryptoBackend.
◆ sign()
|
virtual |
sign Sign message with given algorithm
- Parameters
-
dst the destination container for signed message algorithm hashing algorithm digest a message to sign idx lock or recipient index (0-based) in container
- Returns
- error code or OK
Reimplemented from libcdoc::CryptoBackend.
◆ useKey()
| result_t libcdoc::WinBackend::useKey | ( | const std::string & | name, |
| const std::string & | pin | ||
| ) |
Load the actual private key.
Loads the key internally for subsequent cryptographic operations.
- Parameters
-
name the name of key pin key pin
- Returns
- result_t error code ot OK
◆ usePSS()
|
inlinevirtual |
whether to use PSS RSA padding
A subclass should overwrite this to inform the backend about the correct padding.
- Parameters
-
idx a lock idx
- Returns
- true if PSS padding is sued
The documentation for this struct was generated from the following file:
- WinBackend.h
