MechanismParameter Class Reference

Constructs mechanism parameter that are used on cryptographic operations. A mechanism parameter consists of a mechanism specifier and optional parameters. More...

Inheritance diagram for MechanismParameter:

Collaboration diagram for MechanismParameter:

Public Member Functions
	MechanismParameter (int mech)
	MechanismParameter (int mech, int mgf_algo, char *label)
	MechanismParameter (int mech, int mgf_algo, int salt_len)
	MechanismParameter (const MechanismParameter &mp)
void	removeAAD ()
void	set (int mech)
void	setVDM (int vdmMech, int mode)
void	setOAEP (int mech, int mgf_algo, const char *label)
void	setPSS (int mech, int mgf_algo, int salt_len)
void	setECIES (int mech, int hash_algo, int crypt_algo, int crypt_mech, int crypt_len, int mac_algo, int mac_mech, int mac_len, const char *p_secret1, int l_secret1, const char *p_secret2, int l_secret2)
void	setGCM (int mech, const char *p_iv_init, int l_iv_init, const char *p_ad, int l_ad, int tag_bits=128, int iv_gen_func=CXI_MECH_PARAM_IV_NO_GENERATE)
void	setGMAC (int mech, const char *p_iv_init, int l_iv_init, int iv_gen_func=CXI_MECH_PARAM_IV_NO_GENERATE)
void	setCCM (int mech, const char *p_nonce, unsigned int l_nonce, const char *p_ad, unsigned int l_ad, unsigned int l_data, unsigned int l_mac, int nonce_gen_func=CXI_MECH_PARAM_NONCE_NO_GENERATE)
void	operator|= (const int mech)
Public Member Functions inherited from ByteArray
	ByteArray (void)
	ByteArray (int len)
	ByteArray (const char *data, int len)
	ByteArray (const char *str)
	ByteArray (int val, int len)
	ByteArray (const ByteArray &ba)
virtual	~ByteArray (void)
void	clear (void)
int	length (void) const
char *	get (void)
const char *	get (void) const
void	set (const char *data, int len)
void	append (const char *data, int len)
void	append (const ByteArray &ba)
void	insert (const char *data, int len, int offset)
void	fill (char value, int len, int offset)
int	getInt (int def_val=0) const
void	setInt (int val, int len)
void	appendInt (int val, int len)
void	getString (char *str, int max_size) const
void	setString (const char *str)
void	appendString (const char *str)
std::string	toString (void) const
std::string	toHexString (void) const
int	compare (const ByteArray &ba) const
ByteArray	sub (int offset, int len=-1) const
ByteArray	lstrip (void) const
ByteArray	rstrip (const std::set< char > &charsToBeStripped) const
void	read (const char *filename)
void	write (const char *filename) const
void	xtrace (const char *text=0) const
ByteArray &	operator= (const ByteArray &ba)
const ByteArray &	operator+= (const ByteArray &ba)
const ByteArray &	operator|= (const ByteArray &ba)
const ByteArray &	operator^= (const ByteArray &ba)
char &	operator[] (int idx)

Detailed Description

Constructs mechanism parameter that are used on cryptographic operations. A mechanism parameter consists of a mechanism specifier and optional parameters.

Note

The class MechanismParameter meanwhile has been superseeded by the following classes:

• MechParam
• MechParamOAEP
• MechParamPSS
• MechParamECIES
• MechParamGCM

The following example illustrates the usage of the MechanismParameter class:

// encrypt data in AES CBC mode
MechanismParameter mechParam = MechanismParameter(CXI_MECH_MODE_ENCRYPT | CXI_MECH_CHAIN_CBC);
 
ByteArray crypt = cxi->crypt(0, aesKey, mechParam, data, iv);
 
// ...
 
// sign data with RSA
mechParam = MechanismParameter(CXI_MECH_PAD_PKCS1|CXI_MECH_HASH_ALGO_SHA512);
 
ByteArray sign = cxi->sign(0, rsaKey, mechParam, hash);

Constructor & Destructor Documentation

MechanismParameter() [1/4]

MechanismParameter

(

int

mech

)

Constructs a mechanism parameter that consists of a mechanism specifier without additional data.

Parameters

mech	mechanism specifier, see /tmp/ci_workspace/sw/cxi_api_c/src/mechparam.cpp

MechanismParameter() [2/4]

MechanismParameter	(	int	mech,
		int	mgf_algo,
		char *	label
	)

Constructs a mechanism specifier and parameter for PKCS#1, v2.1 RSAES-OAEP encryption / decryption padding scheme.

Parameters

mech	mechanism specifier, XOR combination of: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT padding mode (see Padding Modes) CXI_MECH_PAD_OAEP (default) hash algorithm (OAEP only, see Hash Algorithms)
mgf_algo	algorithm specifier for the MGF algorithm to be used, see Hash Algorithms
label	label string to be used

MechanismParameter() [3/4]

MechanismParameter	(	int	mech,
		int	mgf_algo,
		int	salt_len
	)

Constructs a mechanism specifier and parameters for PKCS#1, v2.1 RSAES-PSS signature creation / verification padding scheme.

Parameters

mech	mechanism specifier, XOR combination of: padding mode (see Padding Modes) CXI_MECH_PAD_PSS (default) hash algorithm (see Hash Algorithms)
mgf_algo	algorithm specifier for the MGF algorithm to be used, see Hash Algorithms
salt_len	length of the random salt value to be generated

MechanismParameter() [4/4]

MechanismParameter

(

const MechanismParameter &

mp

)

Copy constructor for MechanismParameter class.

Member Function Documentation

removeAAD()

void removeAAD

(

)

Removes any Additional Authenticated Data (AAD) from the mechanism parameter. This may be used to prepare an AEAD mode mechanism parameter for subsequent calls following the initial call, if the inital call carried AAD.

set()

void set

(

int

mech

)

Constructs a mechanism parameter that consists of a mechanism specifier without additional data.

Parameters

mech	mechanism specifier, see Mechanism Parameter

setVDM()

void setVDM	(	int	vdmMech,
		int	mode
	)

Constructs a mechanism parameter that consists of an VDM specifier without additional data.

Parameters

vdmMech	vendor defined mechanism (VDM) specifier
mode	crypt mode, see Mode Parameter

setOAEP()

void setOAEP	(	int	mech,
		int	mgf_algo,
		const char *	label
	)

Constructs a mechanism specifier and parameter for PKCS#1, v2.1 RSAES-OAEP encryption / decryption padding scheme.

Parameters

mech	mechanism specifier, XOR combination of: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT padding mode (see Padding Modes) CXI_MECH_PAD_OAEP (default) hash algorithm (OAEP only, see Hash Algorithms)
mgf_algo	algorithm specifier for the MGF algorithm to be used, see Hash Algorithms
label	label string to be used

setPSS()

void setPSS	(	int	mech,
		int	mgf_algo,
		int	salt_len
	)

Constructs a mechanism specifier and parameters for PKCS#1, v2.1 RSAES-PSS signature creation / verification padding scheme.

Parameters

mech	mechanism specifier, XOR combination of: padding mode (see Padding Modes) CXI_MECH_PAD_PSS (default) hash algorithm (see Hash Algorithms)
mgf_algo	algorithm specifier for the MGF algorithm to be used, see Hash Algorithms
salt_len	length of the random salt value to be generated

setECIES()

void setECIES	(	int	mech,
		int	hash_algo,
		int	crypt_algo,
		int	crypt_mech,
		int	crypt_len,
		int	mac_algo,
		int	mac_mech,
		int	mac_len,
		const char *	p_secret1,
		int	l_secret1,
		const char *	p_secret2,
		int	l_secret2
	)

Constructs a mechanism parameter for 'Elliptic Curve (Augmented) Encryption Scheme' (ECIES, see ANSI X9.63).

Parameters

mech	XOR combination of mechanism specifier: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT random generator mode (see Random Generation Parameter) CXI_MECH_RND_REAL CXI_MECH_RND_PSEUDO key generation format mode (see Key Generation Parameter) CXI_MECH_KEYGEN_UNCOMP CXI_MECH_KEYGEN_COMP key derivation mode (see Key Derivation Functions) CXI_MECH_KDF_ECDH_COF
hash_algo	hash algorithm,see Hash Algorithms
crypt_algo	algorithm: CXI_KEY_ALGO_AES CXI_KEY_ALGO_RAW (crypt_mech := CXI_MECH_KDF_XOR_DATA)
crypt_mech	mechanism: chaining mode (AES only), see Chaining Modes key derivation mode (raw mode only): CXI_MECH_KDF_XOR_DATA
crypt_len	AES key size (128,192 or 256) or zero on raw mode
mac_algo	algorithm: CXI_KEY_ALGO_AES CXI_KEY_ALGO_RAW (mac_mech := CXI_MECH_MODE_HMAC)
mac_mech	mechanism: Mechanism Parameter hash mode: CXI_MECH_MODE_HMAC or CXI_MECH_MODE_MAC1 underlying hash algorithm on HMAC, see Hash Algorithms
mac_len	AES key size (128,192 or 256) or zero on HMAC optional: mac size in byte for truncated macs when using CXI_MECH_MODE_MAC1.
p_secret1	pointer to secret value #1 or NULL
l_secret1	length of secret value #1 or 0
p_secret2	pointer to secret value #2 or NULL
l_secret2	length of secret value #2 or 0

setGCM()

void setGCM	(	int	mech,
		const char *	p_iv_init,
		int	l_iv_init,
		const char *	p_ad,
		int	l_ad,
		int	tag_bits = 128,
		int	iv_gen_func = CXI_MECH_PARAM_IV_NO_GENERATE
	)

Constructs a mechanism parameter for Galois Counter Mode (see NIST SP-800-38D).

Parameters

mech	XOR combination of mechanism specifier: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT chaining mode: CXI_MECH_CHAIN_GCM (default)
p_iv_init	Pointer to Initialization Vector: The IV has to be given on the first call of the AES GCM algorithm.
l_iv_init	Length of the Initialization Vector: 96 bit (12 bytes) is recommended by the NIST, but other values are allowed as well.
p_ad	Additional Authenticated Data: Usually Additional Authenticated Data is only given once on the first call and has to be absent on subsequent calls.
l_ad	Length of the Additional Authenticated Data.
tag_bits	Desired length of authentication tag in bits: May only be 128, 120, 112, 104, 96, 64 or 32. It is recommended to use tags of 128 bits.
iv_gen_func	IV generation function: For encryption calls we recommend to use CXI_GCM_IV_GENERATE for this parameter. In this case the CryptoServer generates a random IV internally with l_iv_init bytes. This IV is returned by the final encryption call and must then be used as IV for the decryption.

Exceptions

std::bad_alloc

if allocation of AAD field fails, cxi::Exception if parameters are invalid.

setGMAC()

void setGMAC	(	int	mech,
		const char *	p_iv_init,
		int	l_iv_init,
		int	iv_gen_func = CXI_MECH_PARAM_IV_NO_GENERATE
	)

Constructs a mechanism parameter for Galois Counter MAC (see NIST SP-800-38D).

Parameters

mech	XOR combination of mechanism specifier: chaining mode: CXI_MECH_CHAIN_GCM (default)
p_iv_init	Pointer to Initialization Vector: The IV has to be given on the final GMAC call.
l_iv_init	Length of the Initialization Vector (< 2^16 - 1): 96 bit (12 bytes) is recommended by the NIST, but other values are allowed as well.
iv_gen_func	IV generation function: For signing calls we recommend to use CXI_GCM_IV_GENERATE for this parameter. In this case the CryptoServer generates a random IV internally with l_iv_init Bytes. This IV is returned by the final signing call and must then be used as IV for the verification.

setCCM()

void setCCM	(	int	mech,
		const char *	p_nonce,
		unsigned int	l_nonce,
		const char *	p_ad,
		unsigned int	l_ad,
		unsigned int	l_data,
		unsigned int	l_mac,
		int	nonce_gen_func = CXI_MECH_PARAM_NONCE_NO_GENERATE
	)

Constructs a mechanism parameter for "Counter with Cipher Block Chaining - Message Authentication Code", abbreviated CCM (see NIST SP 800-38C).

Parameters

mech	XOR combination of mechanism specifier: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT chaining mode: CXI_MECH_CHAIN_CCM (default)
p_nonce	pointer to the nonce
l_nonce	length of the nonce in bytes (range 7-13 for initial crypt call)
p_ad	Additional Authentication Data usually Additional Authentication Data is only given once on the first call and has to be absent on subsequent calls.
l_ad	length of the Additional Authentication Data
l_data	length total length of the data that will be passed to the crypt() call(s) later
l_mac	length of the MAC (range 4-16 for initial and final crypt call)
nonce_gen_func	nonce generation function: cxi_ccm_nonce_no_generate the host has to provide the nonce. cxi_ccm_nonce_generate the cryptoserver generates a random nonce with length l_nonce. This nonce is returned by the final encryption call and must then be used as nonce for the decryption.

operator|=()

void operator|=

(

const int

mech

)

ORs the given mechanism value to the existing mechanism parameter.

Parameters

mech	mechanism specifier to be ORed to the existing mechanism. Note: existing MechanismParameter has to be initialized.

Exceptions

cxi::Exception

if existing MechanismParameter was not initialized.