NAME
Crypt::HSM::Mechanism - A PKCS11 mechanism
VERSION
version 0.017
SYNOPSIS
my @signers = grep { $_->has_flags('sign', 'verify') } $slot->mechanisms;
DESCRIPTION
This represents a mechanism in a PKCS implementation.
METHODS
name()
This returns the name of the mechanism
min_key_size()
This returns the minimum key size for this mechanism.
max_key_size()
This returns the maximum key size for this mechanism.
flags()
This array lists properties of the mechanism. It may contain values like 'encrypt'
, 'decrypt'
, 'sign'
, 'verify'
, 'generate'
, 'wrap'
and 'unwrap'
.
has_flags(@flags)
This returns true the flags contain all of @flags
.
info()
This returns a hash with information about the mechanism. This includes the following fields.
min-key-size
The minimum key size
max-key-size
The maximum key size
flags
This contains the flags much like the
flags
method.
ADDITIONAL ARGUMENTS
The following mechanism types have the following additional arguments for their respective operations:
'aes-cbc'
'aes-cbc-pad'
'aes-ofb'
'aes-cfb8'
'aes-cfb128'
'des-cbc'
'des-cbc-pad'
'des-ofb'
'des-cfb8'
'des-cfb128'
'des3-cbc'
These take an IV as mandatory additional argument.
'aes-ctr'
This take an IV as mandatory additional argument. It also takes a counter length (in bits) as an optional argument, defaulting to 128.
'aes-gcm'
This take an IV as mandatory additional argument. It also takes an additional authenticated data section argument (defaulting to empty), and a tag length (in bits), defaulting to 128.
'chacha20-poly1305'
'salsa20-poly1305'
These take a nonce as mandatory additional argument. It also takes an additional authenticated data section argument (defaulting to empty).
'rsa-pkcs-pss'
This takes a hash and generator function as mandatory arguments, and optionally a salt length in bits (defaulting to 0).
'sha224-rsa-pkcs-pss'
'sha256-rsa-pkcs-pss'
'sha384-rsa-pkcs-pss'
'sha512-rsa-pkcs-pss'
These take an optional salt length in bits (defaulting to 0).
'ecdh1-derive'
'ecdh1-cofactor-derive'
These takes one mandatory argument: the public key to derive the new key with. It also takes two option arguments: the first is the key derivation function (defaulting to
"null"
), the second is the shared data for key derivation (defaulting to none).'concatenate-data-and-base'
'concatenate-base-and-data'
'aes-ecb-encrypt-data'
'des-ecb-encrypt-data'
These takes the public data as mandatory additional argument.
'concatenate-base-and-key'
This takes a key identifier as mandatory additional argument.
'aes-cbc-encrypt-data'
'des-cbc-encrypt-data'
These takes the public data and an IV as mandatory additional arguments.
'rsa-pkcs-oaep'
This takes two mandatory arguments: the hash and the generator function.
'eddsa'
This takes two optional arguments. If no arguments are given it's run in pure mode, if they are given it's run in contextual mode. The first argument is the context data. The second is the pre-hash flag: if true it will enable pre-hashing mode.
AUTHOR
Leon Timmermans <fawaka@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2023 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.