7#include <botan/pubkey.h>
9#include <botan/ber_dec.h>
10#include <botan/bigint.h>
11#include <botan/der_enc.h>
12#include <botan/mem_ops.h>
13#include <botan/pk_ops.h>
15#include <botan/internal/ct_utils.h>
16#include <botan/internal/fmt.h>
17#include <botan/internal/parsing.h>
18#include <botan/internal/pss_params.h>
23 uint8_t valid_mask = 0;
28 throw Decoding_Error(
"Invalid public key ciphertext, cannot decrypt");
36 size_t expected_pt_len,
38 const uint8_t required_content_bytes[],
39 const uint8_t required_content_offsets[],
40 size_t required_contents_length)
const {
43 uint8_t decrypt_valid = 0;
49 decoded.resize(expected_pt_len);
51 for(
size_t i = 0; i != required_contents_length; ++i) {
63 const uint8_t exp = required_content_bytes[i];
64 const uint8_t off = required_content_offsets[i];
66 BOTAN_ASSERT(off < expected_pt_len,
"Offset in range of plaintext");
74 valid_mask.select_n(decoded.data(), decoded.data(), fake_pms.data(), expected_pt_len);
81 size_t expected_pt_len,
88 std::string_view padding,
89 std::string_view provider) {
105std::vector<uint8_t> PK_Encryptor_EME::enc(
const uint8_t in[],
size_t length,
RandomNumberGenerator& rng)
const {
106 return unlock(m_op->encrypt(in, length, rng));
110 return m_op->max_input_bits() / 8;
115 std::string_view padding,
116 std::string_view provider) {
132secure_vector<uint8_t> PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask,
const uint8_t in[],
size_t in_len)
const {
133 return m_op->decrypt(valid_mask, in, in_len);
153 return m_op->encapsulated_key_length();
157 std::span<uint8_t> out_shared_key,
159 size_t desired_shared_key_len,
160 std::span<const uint8_t> salt) {
163 "not enough space for shared key");
164 m_op->kem_encrypt(out_encapsulated_key, out_shared_key, rng, desired_shared_key_len, salt);
168 return m_op->shared_key_length(desired_shared_key_len);
172 return m_op->encapsulated_key_length();
177 std::string_view param,
178 std::string_view provider) {
191 std::span<const uint8_t> encap_key,
192 size_t desired_shared_key_len,
193 std::span<const uint8_t> salt) {
194 BOTAN_ARG_CHECK(out_shared_key.size() == shared_key_length(desired_shared_key_len),
195 "inconsistent size of shared key output buffer");
196 m_op->kem_decrypt(out_shared_key, encap_key, desired_shared_key_len, salt);
201 std::string_view kdf,
202 std::string_view provider) {
221 std::string_view params)
const {
226 const std::span<const uint8_t> in,
227 std::string_view params)
const {
232 size_t key_len,
const uint8_t in[],
size_t in_len,
const uint8_t salt[],
size_t salt_len)
const {
233 return SymmetricKey(m_op->agree(key_len, in, in_len, salt, salt_len));
248 std::string_view emsa,
250 std::string_view provider) {
255 m_sig_format = format;
258 check_der_format_supported(format, m_parts);
262 return m_op->algorithm_identifier();
266 return m_op->hash_function();
279 m_op->update(in, length);
284std::vector<uint8_t> der_encode_signature(
const std::vector<uint8_t>& sig,
size_t parts,
size_t part_size) {
285 if(sig.size() % parts != 0 || sig.size() != parts * part_size) {
289 std::vector<BigInt> sig_parts(parts);
290 for(
size_t i = 0; i != sig_parts.size(); ++i) {
291 sig_parts[i].binary_decode(&sig[part_size * i], part_size);
294 std::vector<uint8_t> output;
295 DER_Encoder(output).start_sequence().encode_list(sig_parts).end_cons();
303 return m_op->signature_length();
307 return m_op->signature_length() + (8 + 4 * m_parts);
314 std::vector<uint8_t> sig =
unlock(m_op->sign(rng));
319 return der_encode_signature(sig, m_parts, m_part_size);
326 std::string_view emsa,
328 std::string_view provider) {
333 m_sig_format = format;
336 check_der_format_supported(format, m_parts);
341 std::string_view provider) {
351 check_der_format_supported(m_sig_format, m_parts);
364 check_der_format_supported(format, m_parts);
365 m_sig_format = format;
378 m_op->update(in, length);
383std::vector<uint8_t> decode_der_signature(
const uint8_t sig[],
size_t length,
size_t sig_parts,
size_t sig_part_size) {
384 std::vector<uint8_t> real_sig;
399 if(count != sig_parts) {
400 throw Decoding_Error(
"PK_Verifier: signature size invalid");
403 const std::vector<uint8_t> reencoded = der_encode_signature(real_sig, sig_parts, sig_part_size);
405 if(reencoded.size() != length ||
CT::is_equal(reencoded.data(), sig, reencoded.size()).as_bool() ==
false) {
406 throw Decoding_Error(
"PK_Verifier: signature is not the canonical DER encoding");
416 return m_op->is_valid_signature(sig, length);
418 bool decoding_success =
false;
419 std::vector<uint8_t> real_sig;
422 real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
423 decoding_success =
true;
426 bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());
428 return accept && decoding_success;
430 throw Internal_Error(
"PK_Verifier: Invalid signature format enum");
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ARG_CHECK(expr, msg)
#define BOTAN_ASSERT(expr, assertion_made)
virtual std::string algo_name() const =0
BER_Decoder & decode(bool &out)
BER_Decoder start_sequence()
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
static Mask< T > is_equal(T x, T y)
PK_Decryptor_EME(const Private_Key &key, RandomNumberGenerator &rng, std::string_view eme, std::string_view provider="")
~PK_Decryptor_EME() override
size_t plaintext_length(size_t ptext_len) const override
secure_vector< uint8_t > decrypt_or_random(const uint8_t in[], size_t length, size_t expected_pt_len, RandomNumberGenerator &rng) const
secure_vector< uint8_t > decrypt(const uint8_t in[], size_t length) const
~PK_Encryptor_EME() override
PK_Encryptor_EME(const Public_Key &key, RandomNumberGenerator &rng, std::string_view padding, std::string_view provider="")
size_t maximum_input_size() const override
size_t ciphertext_length(size_t ptext_len) const override
size_t encapsulated_key_length() const
PK_KEM_Decryptor(const Private_Key &key, RandomNumberGenerator &rng, std::string_view kem_param="", std::string_view provider="")
size_t shared_key_length(size_t desired_shared_key_len) const
PK_KEM_Encryptor(const Public_Key &key, std::string_view kem_param="", std::string_view provider="")
KEM_Encapsulation encrypt(RandomNumberGenerator &rng, size_t desired_shared_key_len=32, std::span< const uint8_t > salt={})
size_t shared_key_length(size_t desired_shared_key_len) const
size_t encapsulated_key_length() const
size_t agreed_value_size() const
PK_Key_Agreement(const Private_Key &key, RandomNumberGenerator &rng, std::string_view kdf, std::string_view provider="")
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
PK_Signer(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
size_t signature_length() const
std::vector< uint8_t > signature(RandomNumberGenerator &rng)
std::string hash_function() const
AlgorithmIdentifier algorithm_identifier() const
void set_input_format(Signature_Format format)
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
std::string hash_function() const
PK_Verifier(const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
bool check_signature(const uint8_t sig[], size_t length)
virtual std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual Signature_Format default_x509_signature_format() const
virtual std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(std::string_view params, std::string_view provider) const
virtual size_t message_part_size() const
virtual size_t message_parts() const
void random_vec(std::span< uint8_t > v)
int(* update)(CTX *, const void *, CC_LONG len)
CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
std::string fmt(std::string_view format, const T &... args)
std::vector< T > unlock(const secure_vector< T > &in)
std::vector< T, secure_allocator< T > > secure_vector
const uint8_t * cast_char_ptr_to_uint8(const char *s)