The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Crypt-HSM-0.017
River stage one • 2 direct dependents • 2 total dependents
/ Crypt::HSM::Mechanism

NAME

Crypt::HSM::Mechanism - A PKCS11 mechanism

VERSION

version 0.017

SYNOPSIS

 my @signers = grep { $_->has_flags('sign', 'verify') } $slot->mechanisms;

DESCRIPTION

This represents a mechanism in a PKCS implementation.

METHODS

name()

This returns the name of the mechanism

min_key_size()

This returns the minimum key size for this mechanism.

max_key_size()

This returns the maximum key size for this mechanism.

flags()

This array lists properties of the mechanism. It may contain values like 'encrypt', 'decrypt', 'sign', 'verify', 'generate', 'wrap' and 'unwrap'.

has_flags(@flags)

This returns true the flags contain all of @flags.

info()

This returns a hash with information about the mechanism. This includes the following fields.

  • min-key-size

    The minimum key size

  • max-key-size

    The maximum key size

  • flags

    This contains the flags much like the flags method.

ADDITIONAL ARGUMENTS

The following mechanism types have the following additional arguments for their respective operations:

  • 'aes-cbc'

  • 'aes-cbc-pad'

  • 'aes-ofb'

  • 'aes-cfb8'

  • 'aes-cfb128'

  • 'des-cbc'

  • 'des-cbc-pad'

  • 'des-ofb'

  • 'des-cfb8'

  • 'des-cfb128'

  • 'des3-cbc'

    These take an IV as mandatory additional argument.

  • 'aes-ctr'

    This take an IV as mandatory additional argument. It also takes a counter length (in bits) as an optional argument, defaulting to 128.

  • 'aes-gcm'

    This take an IV as mandatory additional argument. It also takes an additional authenticated data section argument (defaulting to empty), and a tag length (in bits), defaulting to 128.

  • 'chacha20-poly1305'

  • 'salsa20-poly1305'

    These take a nonce as mandatory additional argument. It also takes an additional authenticated data section argument (defaulting to empty).

  • 'rsa-pkcs-pss'

    This takes a hash and generator function as mandatory arguments, and optionally a salt length in bits (defaulting to 0).

  • 'sha224-rsa-pkcs-pss'

  • 'sha256-rsa-pkcs-pss'

  • 'sha384-rsa-pkcs-pss'

  • 'sha512-rsa-pkcs-pss'

    These take an optional salt length in bits (defaulting to 0).

  • 'ecdh1-derive'

  • 'ecdh1-cofactor-derive'

    These takes one mandatory argument: the public key to derive the new key with. It also takes two option arguments: the first is the key derivation function (defaulting to "null"), the second is the shared data for key derivation (defaulting to none).

  • 'concatenate-data-and-base'

  • 'concatenate-base-and-data'

  • 'aes-ecb-encrypt-data'

  • 'des-ecb-encrypt-data'

    These takes the public data as mandatory additional argument.

  • 'concatenate-base-and-key'

    This takes a key identifier as mandatory additional argument.

  • 'aes-cbc-encrypt-data'

  • 'des-cbc-encrypt-data'

    These takes the public data and an IV as mandatory additional arguments.

  • 'rsa-pkcs-oaep'

    This takes two mandatory arguments: the hash and the generator function.

  • 'eddsa'

    This takes two optional arguments. If no arguments are given it's run in pure mode, if they are given it's run in contextual mode. The first argument is the context data. The second is the pre-hash flag: if true it will enable pre-hashing mode.

AUTHOR

Leon Timmermans <fawaka@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2023 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.