9#include <botan/ed448.h>
11#include <botan/ber_dec.h>
12#include <botan/der_enc.h>
13#include <botan/hash.h>
15#include <botan/internal/ct_utils.h>
16#include <botan/internal/ed448_internal.h>
17#include <botan/internal/pk_ops_impl.h>
55 return std::make_unique<Ed448_PrivateKey>(rng);
65 m_private = std::move(bits);
75 m_private.assign(key_bits.begin(), key_bits.end());
82 return std::make_unique<Ed448_PublicKey>(
m_public);
99 virtual void update(std::span<const uint8_t> msg) = 0;
100 virtual std::vector<uint8_t> get_and_clear() = 0;
102 Ed448_Message() =
default;
103 virtual ~Ed448_Message() =
default;
104 Ed448_Message(
const Ed448_Message&) =
delete;
105 Ed448_Message& operator=(
const Ed448_Message&) =
delete;
106 Ed448_Message(Ed448_Message&&) =
delete;
107 Ed448_Message& operator=(Ed448_Message&&) =
delete;
110class Prehashed_Ed448_Message final :
public Ed448_Message {
112 void update(std::span<const uint8_t> msg)
override { m_hash->update(msg); }
114 std::vector<uint8_t> get_and_clear()
override {
return m_hash->final_stdvec(); }
116 explicit Prehashed_Ed448_Message(std::string_view hash) : m_hash(HashFunction::create_or_throw(hash)) {}
119 std::unique_ptr<HashFunction> m_hash;
122class Pure_Ed448_Message final :
public Ed448_Message {
124 void update(std::span<const uint8_t> msg)
override { m_msg.insert(m_msg.end(), msg.begin(), msg.end()); }
126 std::vector<uint8_t> get_and_clear()
override {
return std::exchange(m_msg, {}); }
129 std::vector<uint8_t> m_msg;
137 explicit Ed448_Verify_Operation(
const Ed448_PublicKey& key,
138 std::optional<std::string> prehash_function = std::nullopt) :
139 m_pk(key.raw_public_key_bits()), m_prehash_function(std::move(prehash_function)) {
140 if(m_prehash_function) {
141 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
143 m_message = std::make_unique<Pure_Ed448_Message>();
147 void update(std::span<const uint8_t> input)
override { m_message->update(input); }
149 bool is_valid_signature(std::span<const uint8_t> sig)
override {
150 const auto msg = m_message->get_and_clear();
152 return verify_signature(std::span(m_pk).first<ED448_LEN>(), m_prehash_function.has_value(), {}, sig, msg);
153 }
catch(Decoding_Error&) {
158 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
161 std::vector<uint8_t> m_pk;
162 std::unique_ptr<Ed448_Message> m_message;
163 std::optional<std::string> m_prehash_function;
171 explicit Ed448_Sign_Operation(
const Ed448_PrivateKey& key,
172 std::optional<std::string> prehash_function = std::nullopt) :
173 m_pk(key.raw_public_key_bits()),
174 m_sk(key.raw_private_key_bits()),
175 m_prehash_function(std::move(prehash_function)) {
176 if(m_prehash_function) {
177 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
179 m_message = std::make_unique<Pure_Ed448_Message>();
183 void update(std::span<const uint8_t> input)
override { m_message->update(input); }
185 std::vector<uint8_t> sign(RandomNumberGenerator& )
override {
188 const auto sig =
sign_message(std::span(m_sk).first<ED448_LEN>(),
189 std::span(m_pk).first<ED448_LEN>(),
190 m_prehash_function.has_value(),
192 m_message->get_and_clear());
194 return {sig.begin(), sig.end()};
197 size_t signature_length()
const override {
return 2 *
ED448_LEN; }
199 AlgorithmIdentifier algorithm_identifier()
const override;
201 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
204 std::vector<uint8_t> m_pk;
206 std::unique_ptr<Ed448_Message> m_message;
207 std::optional<std::string> m_prehash_function;
211 return AlgorithmIdentifier(OID::from_string(
"Ed448"), AlgorithmIdentifier::USE_EMPTY_PARAM);
217 std::string_view provider)
const {
218 if(provider ==
"base" || provider.empty()) {
219 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
220 return std::make_unique<Ed448_Verify_Operation>(*
this);
221 }
else if(params ==
"Ed448ph") {
222 return std::make_unique<Ed448_Verify_Operation>(*
this,
"SHAKE-256(512)");
224 return std::make_unique<Ed448_Verify_Operation>(*
this, std::string(params));
231 std::string_view provider)
const {
232 if(provider ==
"base" || provider.empty()) {
234 throw Decoding_Error(
"Unexpected AlgorithmIdentifier for Ed448 X509 signature");
237 return std::make_unique<Ed448_Verify_Operation>(*
this);
243 std::string_view params,
244 std::string_view provider)
const {
245 if(provider ==
"base" || provider.empty()) {
246 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
247 return std::make_unique<Ed448_Sign_Operation>(*
this);
248 }
else if(params ==
"Ed448ph") {
249 return std::make_unique<Ed448_Sign_Operation>(*
this,
"SHAKE-256(512)");
251 return std::make_unique<Ed448_Sign_Operation>(*
this, std::string(params));
#define BOTAN_ASSERT_NOMSG(expr)
virtual OID object_identifier() const
BER_Decoder & decode(bool &out)
BER_Decoder & verify_end()
secure_vector< uint8_t > get_contents()
DER_Encoder & encode(bool b)
static Ed448Point decode(std::span< const uint8_t, ED448_LEN > enc)
Decode a point from its 57-byte encoding (RFC 8032 5.2.3)
Ed448_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
secure_vector< uint8_t > private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
std::array< uint8_t, 57 > m_public
AlgorithmIdentifier algorithm_identifier() const override
std::string algo_name() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
std::vector< uint8_t > public_key_bits() const override
Ed448_PublicKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Ed448_PublicKey()=default
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > raw_public_key_bits() const override
constexpr auto scoped_poison(const Ts &... xs)
constexpr void unpoison(const T *p, size_t n)
constexpr void copy_mem(T *out, const T *in, size_t n)
std::array< uint8_t, ED448_LEN > create_pk_from_sk(std::span< const uint8_t, ED448_LEN > sk)
Create a public key point from a secret key (RFC 8032 5.2.5)
constexpr size_t ED448_LEN
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
std::vector< T, secure_allocator< T > > secure_vector
std::array< uint8_t, 2 *ED448_LEN > sign_message(std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool pgflag, std::span< const uint8_t > context, std::span< const uint8_t > msg)
Sign a message using a keypair (RFC 8032 5.2.6)