9#include <botan/ed448.h>
11#include <botan/ber_dec.h>
12#include <botan/der_enc.h>
13#include <botan/hash.h>
15#include <botan/internal/ed448_internal.h>
16#include <botan/internal/pk_ops_impl.h>
50 return std::make_unique<Ed448_PrivateKey>(rng);
60 m_private = std::move(bits);
74 m_private = {key_bits.begin(), key_bits.end()};
79 return std::make_unique<Ed448_PublicKey>(
m_public);
96 virtual void update(std::span<const uint8_t> msg) = 0;
97 virtual std::vector<uint8_t> get_and_clear() = 0;
99 Ed448_Message() =
default;
100 virtual ~Ed448_Message() =
default;
101 Ed448_Message(
const Ed448_Message&) =
delete;
102 Ed448_Message& operator=(
const Ed448_Message&) =
delete;
103 Ed448_Message(Ed448_Message&&) =
delete;
104 Ed448_Message& operator=(Ed448_Message&&) =
delete;
107class Prehashed_Ed448_Message
final :
public Ed448_Message {
109 void update(std::span<const uint8_t> msg)
override { m_hash->update(msg); }
111 std::vector<uint8_t> get_and_clear()
override {
return m_hash->final_stdvec(); }
113 Prehashed_Ed448_Message(std::string_view hash) : m_hash(HashFunction::create_or_throw(hash)) {}
116 std::unique_ptr<HashFunction> m_hash;
119class Pure_Ed448_Message
final :
public Ed448_Message {
121 void update(std::span<const uint8_t> msg)
override { m_msg.insert(m_msg.end(), msg.begin(), msg.end()); }
123 std::vector<uint8_t> get_and_clear()
override {
return std::exchange(m_msg, {}); }
126 std::vector<uint8_t> m_msg;
132class Ed448_Verify_Operation
final :
public PK_Ops::Verification {
134 explicit Ed448_Verify_Operation(
const Ed448_PublicKey& key,
135 std::optional<std::string> prehash_function = std::nullopt) :
136 m_prehash_function(std::move(prehash_function)) {
137 const auto pk_bits = key.public_key_bits();
138 copy_mem(m_pk, std::span(pk_bits).first<ED448_LEN>());
139 if(m_prehash_function) {
140 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
142 m_message = std::make_unique<Pure_Ed448_Message>();
146 void update(
const uint8_t msg[],
size_t msg_len)
override { m_message->update({msg, msg_len}); }
148 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override {
149 const auto msg = m_message->get_and_clear();
151 return verify_signature(m_pk, m_prehash_function.has_value(), {}, {sig, sig_len}, msg);
152 }
catch(Decoding_Error&) {
157 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
160 std::array<uint8_t, ED448_LEN> m_pk;
161 std::unique_ptr<Ed448_Message> m_message;
162 std::optional<std::string> m_prehash_function;
168class Ed448_Sign_Operation
final :
public PK_Ops::Signature {
170 explicit Ed448_Sign_Operation(
const Ed448_PrivateKey& key,
171 std::optional<std::string> prehash_function = std::nullopt) :
172 m_prehash_function(std::move(prehash_function)) {
173 const auto pk_bits = key.public_key_bits();
174 copy_mem(m_pk, std::span(pk_bits).first<ED448_LEN>());
175 const auto sk_bits = key.raw_private_key_bits();
177 m_sk = {sk_bits.begin(), sk_bits.end()};
178 if(m_prehash_function) {
179 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
181 m_message = std::make_unique<Pure_Ed448_Message>();
185 void update(
const uint8_t msg[],
size_t msg_len)
override { m_message->update({msg, msg_len}); }
187 secure_vector<uint8_t> sign(RandomNumberGenerator& )
override {
190 std::span(m_sk).first<ED448_LEN>(), m_pk, m_prehash_function.has_value(), {}, m_message->get_and_clear());
191 return {sig.begin(), sig.end()};
194 size_t signature_length()
const override {
return 2 *
ED448_LEN; }
196 AlgorithmIdentifier algorithm_identifier()
const override;
198 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
201 std::array<uint8_t, ED448_LEN> m_pk;
202 secure_vector<uint8_t> m_sk;
203 std::unique_ptr<Ed448_Message> m_message;
204 std::optional<std::string> m_prehash_function;
207AlgorithmIdentifier Ed448_Sign_Operation::algorithm_identifier()
const {
208 return AlgorithmIdentifier(OID::from_string(
"Ed448"), AlgorithmIdentifier::USE_EMPTY_PARAM);
214 std::string_view provider)
const {
215 if(provider ==
"base" || provider.empty()) {
216 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
217 return std::make_unique<Ed448_Verify_Operation>(*
this);
218 }
else if(params ==
"Ed448ph") {
219 return std::make_unique<Ed448_Verify_Operation>(*
this,
"SHAKE-256(512)");
221 return std::make_unique<Ed448_Verify_Operation>(*
this, std::string(params));
228 std::string_view provider)
const {
229 if(provider ==
"base" || provider.empty()) {
230 if(alg_id != this->algorithm_identifier()) {
231 throw Decoding_Error(
"Unexpected AlgorithmIdentifier for Ed448 X509 signature");
234 return std::make_unique<Ed448_Verify_Operation>(*
this);
240 std::string_view params,
241 std::string_view provider)
const {
242 if(provider ==
"base" || provider.empty()) {
243 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
244 return std::make_unique<Ed448_Sign_Operation>(*
this);
245 }
else if(params ==
"Ed448ph") {
246 return std::make_unique<Ed448_Sign_Operation>(*
this,
"SHAKE-256(512)");
248 return std::make_unique<Ed448_Sign_Operation>(*
this, std::string(params));
#define BOTAN_ASSERT_NOMSG(expr)
virtual OID object_identifier() const
BER_Decoder & decode(bool &out)
BER_Decoder & verify_end()
secure_vector< uint8_t > get_contents()
DER_Encoder & encode(bool b)
static Ed448Point decode(std::span< const uint8_t, ED448_LEN > enc)
Decode a point from its 57-byte encoding (RFC 8032 5.2.3)
Ed448_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
secure_vector< uint8_t > private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
A public key for Ed448/Ed448ph according to RFC 8032.
std::array< uint8_t, 57 > m_public
AlgorithmIdentifier algorithm_identifier() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
std::vector< uint8_t > public_key_bits() const override
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Ed448_PublicKey()=default
bool check_key(RandomNumberGenerator &rng, bool strong) const override
void randomize(std::span< uint8_t > output)
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
std::array< uint8_t, ED448_LEN > create_pk_from_sk(std::span< const uint8_t, ED448_LEN > sk)
Create a public key point from a secret key (RFC 8032 5.2.5)
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
constexpr size_t ED448_LEN
std::vector< T, secure_allocator< T > > secure_vector
std::array< uint8_t, 2 *ED448_LEN > sign_message(std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool pgflag, std::span< const uint8_t > context, std::span< const uint8_t > msg)
Sign a message using a keypair (RFC 8032 5.2.6)
constexpr void copy_mem(T *out, const T *in, size_t n)