Cryptography API

For convenience, CCF provides access to commonly used cryptographic primitives to applications.

Note

This page describes the C++ API. For the API for TypeScript/JavaScript applications, see ccf-app/crypto.

Hashing

std::vector<uint8_t> crypto::sha256(const std::vector<uint8_t> &data)
HashBytes crypto::hmac(MDType type, const std::vector<uint8_t> &key, const std::vector<uint8_t> &data)

Compute the HMAC of key and data

class HashProvider

Subclassed by crypto::OpenSSLHashProvider

Public Functions

virtual HashBytes Hash(const uint8_t *data, size_t size, MDType type) const = 0

Generic Hash function

Parameters:
  • data – The data to hash

  • size – The size of data

  • type – The type of hash to compute

std::shared_ptr<HashProvider> crypto::make_hash_provider()

Create a default hash provider

Asymmetric Keys

CCF supports EC and RSA keys; public keys are held in (RSA)PublicKey objects and private keys in (RSA)KeyPair objects. (RSA)KeyPairs automatically generate random keys when constructed via KeyPairPtr crypto::make_key_pair(CurveID) or RSAKeyPairPtr crypto::make_rsa_key_pair(size_t, size_t).

class PublicKey

Subclassed by crypto::PublicKey_OpenSSL

Public Functions

virtual bool verify(const uint8_t *contents, size_t contents_size, const uint8_t *sig, size_t sig_size, MDType md_type, HashBytes &bytes) = 0

Verify that a signature was produced on contents with the private key associated with the public key held by the object.

Parameters:
  • contents – address of contents

  • contents_size – size of contents

  • sig – address of signature

  • sig_size – size of signature

  • md_type – Digest algorithm to use

  • bytes – Buffer to write the hash to

Returns:

Whether the signature matches the contents and the key

inline bool verify(const uint8_t *contents, size_t contents_size, const uint8_t *sig, size_t sig_size, MDType md_type = MDType::NONE)

Verify that a signature was produced on contents with the private key associated with the public key held by the object.

Parameters:
  • contents – address of contents

  • contents_size – size of contents

  • sig – address of signature

  • sig_size – size of signature

  • md_type – Digest algorithm to use (derived from the public key if md_type == MDType::None).

Returns:

Whether the signature matches the contents and the key

inline virtual bool verify(const std::vector<uint8_t> &contents, const std::vector<uint8_t> &signature)

Verify that a signature was produced on contents with the private key associated with the public key held by the object.

Parameters:
  • contents – Sequence of bytes that was signed

  • signature – Signature as a sequence of bytes

Returns:

Whether the signature matches the contents and the key

inline virtual bool verify_hash(const std::vector<uint8_t> &hash, const std::vector<uint8_t> &signature, MDType md_type)

Verify that a signature was produced on the hash of some contents with the private key associated with the public key held by the object.

Parameters:
  • hash – Hash of some content

  • signature – Signature as a sequence of bytes

  • md_type – Type of hash

Returns:

Whether the signature matches the hash and the key

virtual bool verify_hash(const uint8_t *hash, size_t hash_size, const uint8_t *sig, size_t sig_size, MDType md_type) = 0

Verify that a signature was produced on the hash of some contents with the private key associated with the public key held by the object.

Parameters:
  • hash – Hash of some content

  • hash_size – length of hash

  • sig – Signature as a sequence of bytes

  • sig_size – Length of sig

  • md_type – Digest algorithm

Returns:

Whether the signature matches the hash and the key

virtual Pem public_key_pem() const = 0

Get the public key in PEM format

virtual std::vector<uint8_t> public_key_der() const = 0

Get the public key in DER format

virtual std::vector<uint8_t> public_key_raw() const = 0

Get the raw bytes of the public key

virtual CurveID get_curve_id() const = 0

The curve ID

virtual Coordinates coordinates() const = 0

The x/y coordinates of the public key

struct Coordinates
class KeyPair

Subclassed by crypto::KeyPair_OpenSSL

class RSAPublicKey

Subclassed by crypto::RSAPublicKey_OpenSSL

Public Functions

RSAPublicKey(const Pem &pem)

Construct from PEM

RSAPublicKey(const std::vector<uint8_t> &der)

Construct from DER

RSAPublicKey(const JsonWebKeyRSAPublic &jwk)

Construct from JWK

virtual size_t key_size() const = 0

Get the key size in bits

virtual std::vector<uint8_t> rsa_oaep_wrap(const uint8_t *input, size_t input_size, const uint8_t *label = nullptr, size_t label_size = 0) = 0

Wrap data using RSA-OAEP-256 (CKM_RSA_PKCS_OAEP)

Parameters:
  • input – Pointer to raw data to wrap

  • input_size – Size of raw data

  • label – Optional string used as label during wrapping

  • label_size – Size of label

Returns:

Wrapped data

virtual std::vector<uint8_t> rsa_oaep_wrap(const std::vector<uint8_t> &input, const std::optional<std::vector<std::uint8_t>> &label = std::nullopt) = 0

Wrap data using RSA-OAEP-256 (CKM_RSA_PKCS_OAEP)

Parameters:
  • input – Raw data to wrap

  • label – Optional string used as label during wrapping

Returns:

Wrapped data

virtual Pem public_key_pem() const = 0

Get the public key in PEM format

virtual std::vector<uint8_t> public_key_der() const = 0

Get the public key in DER format

virtual JsonWebKeyRSAPublic public_key_jwk_rsa(const std::optional<std::string> &kid = std::nullopt) const = 0

Get the public key in JWK format

struct Components
class RSAKeyPair

Subclassed by crypto::RSAKeyPair_OpenSSL

Public Functions

virtual std::vector<uint8_t> rsa_oaep_unwrap(const std::vector<uint8_t> &input, const std::optional<std::vector<std::uint8_t>> &label = std::nullopt) = 0

Unwrap data using RSA-OAEP-256 (CKM_RSA_PKCS_OAEP)

Parameters:
  • input – Raw data to unwrap

  • label – Optional string used as label during unwrapping

Returns:

Unwrapped data

virtual Pem private_key_pem() const = 0

Get the private key in PEM format

virtual Pem public_key_pem() const = 0

Get the public key in PEM format

virtual std::vector<uint8_t> public_key_der() const = 0

Get the public key in DER format

enum class crypto::CurveID

Values:

enumerator NONE

No curve.

enumerator SECP384R1

The SECP384R1 curve.

enumerator SECP256R1

The SECP256R1 curve.

enumerator SECP256K1

The SECP256K1 curve.

enumerator CURVE25519

The CURVE25519 curve.

enumerator X25519
KeyPairPtr crypto::make_key_pair(CurveID curve_id = service_identity_curve_choice)

Create a new public / private ECDSA key pair on specified curve and implementation

Parameters:

curve_id – Elliptic curve to use

Returns:

Key pair

KeyPairPtr crypto::make_key_pair(const Pem &pkey)

Create a public / private ECDSA key pair from existing private key data

Parameters:

pkey – PEM key to load

Returns:

Key pair

RSAKeyPairPtr crypto::make_rsa_key_pair(size_t public_key_size = RSAKeyPair::default_public_key_size, size_t public_exponent = RSAKeyPair::default_public_exponent)

Create a new public / private RSA key pair with specified size and exponent

Symmetric Keys

Currently, only AES-GCM is supported for symmetric encryption. New keys are generated via crypto::Entropy::random()

std::vector<uint8_t> crypto::aes_gcm_encrypt(const std::vector<uint8_t> &key, std::vector<uint8_t> &plaintext, const std::vector<uint8_t> &iv = default_iv, const std::vector<uint8_t> &aad = {})

AES-GCM Encryption with key of data

Parameters:
  • key – The key

  • plaintext – The data

  • iv – Intialization vector

  • aad – Additional authenticated data

Returns:

ciphertext

std::vector<uint8_t> crypto::aes_gcm_decrypt(const std::vector<uint8_t> &key, std::vector<uint8_t> &ciphertext, const std::vector<uint8_t> &iv = default_iv, const std::vector<uint8_t> &aad = {})

AES-GCM Decryption with key of data

Parameters:
  • key – The key

  • ciphertext – The (encrypted) data

  • iv – Initialization vector

  • aad – Additional authenticated data

Returns:

plaintext

class Entropy

Subclassed by crypto::Entropy_OpenSSL, crypto::IntelDRNG

Public Functions

virtual std::vector<uint8_t> random(size_t len) = 0

Generate len random bytes

Parameters:

len – Number of random bytes to generate

Returns:

vector random bytes

virtual void random(unsigned char *data, size_t len) = 0

Generate len random bytes into data

Parameters:
  • len – Number of random bytes to generate

  • data – Buffer to fill

virtual uint64_t random64() = 0

Generate a random uint64_t

Returns:

a random uint64_t

Signatures

Verification of signatures is supported via the Verifier class.

class Verifier

Subclassed by crypto::Verifier_OpenSSL

Public Functions

inline virtual bool verify(const uint8_t *contents, size_t contents_size, const uint8_t *sig, size_t sig_size, MDType md_type = MDType::NONE) const

Verify a signature

Parameters:
  • contents – Contents over which the signature was generated

  • contents_size – Size of contents

  • sig – Signature

  • sig_size – Size of sig

  • md_type – Hash algorithm

Returns:

Boolean indicating success

inline virtual bool verify(std::span<const uint8_t> contents, std::span<const uint8_t> sig, MDType md_type = MDType::NONE) const

Verify a signature

Parameters:
  • contents – Contents over which the signature was generated

  • sig – Signature

  • md_type – Hash algorithm

Returns:

Boolean indicating success

inline virtual bool verify(const uint8_t *contents, size_t contents_size, const uint8_t *sig, size_t sig_size, MDType md_type, HashBytes &hash_bytes) const

Verify a signature

Parameters:
  • contents – Contents over which the signature was generated

  • contents_size – Size of contents

  • sig – Signature

  • sig_size – Size of sig

  • md_type – Hash algorithm

  • hash_bytes – Output buffer for the hash

Returns:

Boolean indicating success

inline virtual bool verify(const std::vector<uint8_t> &contents, const std::vector<uint8_t> &signature, MDType md_type = MDType::NONE) const

Verify a signature

Parameters:
  • contents – Contents over which the signature was generated

  • signature – Signature

  • md_type – Hash algorithm

Returns:

Boolean indicating success

inline virtual bool verify(const std::vector<uint8_t> &contents, const std::vector<uint8_t> &signature, MDType md_type, HashBytes &hash_bytes) const

Verify a signature

Parameters:
  • contents – Contents over which the signature was generated

  • signature – Signature

  • md_type – Hash algorithm

  • hash_bytes – Output buffer for the hash

Returns:

Boolean indicating success

inline virtual bool verify_hash(const uint8_t *hash, size_t hash_size, const uint8_t *sig, size_t sig_size, MDType md_type = MDType::NONE)

Verify a signature over a hash

Parameters:
  • hash – Hash over which the signature was generated

  • hash_size – Size of hash

  • sig – Signature

  • sig_size – Size of sig

  • md_type – Hash algorithm

Returns:

Boolean indicating success

inline virtual bool verify_hash(const std::vector<uint8_t> &hash, const std::vector<uint8_t> &signature, MDType md_type = MDType::NONE)

Verify a signature over a hash

Parameters:
  • hash – Hash over which the signature was generated

  • signature – Signature

  • md_type – Hash algorithm

Returns:

Boolean indicating success

template<size_t SIZE>
inline bool verify_hash(const std::array<uint8_t, SIZE> &hash, const std::vector<uint8_t> &signature, MDType md_type = MDType::NONE)

Verify a signature over a hash

Parameters:
  • hash – Hash over which the signature was generated

  • signature – Signature

  • md_type – Hash algorithm

Returns:

Boolean indicating success

inline virtual Pem public_key_pem() const

Extract the public key of the certificate in PEM format

Returns:

PEM encoded public key

inline virtual std::vector<uint8_t> public_key_der() const

Extract the public key of the certificate in DER format

Returns:

DER encoded public key

virtual bool verify_certificate(const std::vector<const Pem*> &trusted_certs, const std::vector<const Pem*> &chain = {}, bool ignore_time = false) = 0

Verify the certificate (held internally)

Parameters:
  • trusted_certs – Vector of trusted certificates

  • chain – Vector of ordered untrusted certificates used to build a chain to trusted certificates

  • ignore_time – Flag to disable certificate expiry checks

Returns:

true if the verification is successful

virtual bool is_self_signed() const = 0

Indicates whether the certificate (held intenally) is self-signed

virtual std::string serial_number() const = 0

The serial number of the certificate

virtual std::pair<std::string, std::string> validity_period() const = 0

The validity period of the certificate

virtual size_t remaining_seconds(const std::chrono::system_clock::time_point &now) const = 0

The number of seconds of the validity period of the certificate remaining

virtual double remaining_percentage(const std::chrono::system_clock::time_point &now) const = 0

The percentage of the validity period of the certificate remaining

virtual std::string subject() const = 0

The subject name of the certificate

Key Wrapping

PKCS11 2.1.8 CKM_RSA_PKCS_OAEP

std::vector<uint8_t> crypto::ckm_rsa_pkcs_oaep_wrap(RSAPublicKeyPtr wrapping_key, const std::vector<uint8_t> &unwrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.8 CKM_RSA_PKCS_OAEP wrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • unwrapped – The unwrapped key to be wrapped

  • label – Optional label

Returns:

Wrapped key

std::vector<uint8_t> crypto::ckm_rsa_pkcs_oaep_wrap(const Pem &wrapping_key, const std::vector<uint8_t> &unwrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.8 CKM_RSA_PKCS_OAEP

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • unwrapped – The unwrapped key to be wrapped

  • label – Optional label

Returns:

Wrapped key

std::vector<uint8_t> crypto::ckm_rsa_pkcs_oaep_unwrap(RSAKeyPairPtr wrapping_key, const std::vector<uint8_t> &wrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.8 CKM_RSA_PKCS_OAEP unwrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • wrapped – The wrapped key to unwrap

  • label – Optional label

Returns:

Unwrapped key

std::vector<uint8_t> crypto::ckm_rsa_pkcs_oaep_unwrap(const Pem &wrapping_key, const std::vector<uint8_t> &wrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.8 CKM_RSA_PKCS_OAEP

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • wrapped – The wrapped key to unwrap

  • label – Optional label

Returns:

Unwrapped key

PKCS11 2.14.3 CKM_AES_KEY_WRAP_PAD (RFC 5649)

std::vector<uint8_t> crypto::ckm_aes_key_wrap_pad(const std::vector<uint8_t> &wrapping_key, const std::vector<uint8_t> &unwrapped)

PKCS11 2.14.3 CKM_AES_KEY_WRAP_PAD wrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • unwrapped – The unwrapped key to be wrapped

Returns:

Wrapped key

std::vector<uint8_t> crypto::ckm_aes_key_unwrap_pad(const std::vector<uint8_t> &wrapping_key, const std::vector<uint8_t> &wrapped)

PKCS11 2.14.3 CKM_AES_KEY_WRAP_PAD unwrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • wrapped – The wrapped key to unwrap

Returns:

Unwrapped key

PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP

std::vector<uint8_t> crypto::ckm_rsa_aes_key_wrap(size_t aes_key_size, RSAPublicKeyPtr wrapping_key, const std::vector<uint8_t> &unwrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP wrap

Parameters:
  • aes_key_size – Key size 128, 192 or 256.

  • wrapping_key – The wrapping (encryption) key

  • unwrapped – The key to wrap

  • label – Optional label

Returns:

Wrapped key

std::vector<uint8_t> crypto::ckm_rsa_aes_key_wrap(size_t aes_key_size, const Pem &wrapping_key, const std::vector<uint8_t> &unwrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP wrap

Parameters:
  • aes_key_size – Key size 128, 192 or 256.

  • wrapping_key – The wrapping (encryption) key

  • unwrapped – The key to wrap

  • label – Optional label

Returns:

Wrapped key

std::vector<uint8_t> crypto::ckm_rsa_aes_key_unwrap(RSAKeyPairPtr wrapping_key, const std::vector<uint8_t> &wrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP unwrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • wrapped – The wrapped key to unwrap

  • label – Optional label

Returns:

Unwrapped key

std::vector<uint8_t> crypto::ckm_rsa_aes_key_unwrap(const Pem &wrapping_key, const std::vector<uint8_t> &wrapped, const std::optional<std::vector<uint8_t>> &label = {})

PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP unwrap

Parameters:
  • wrapping_key – The wrapping (encryption) key

  • wrapped – The wrapped key to unwrap

  • label – Optional label

Returns:

Unwrapped key