11#include <botan/internal/kex_to_kem_adapter.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/pk_ops_impl.h>
15#include <botan/internal/stl_util.h>
17#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
19 #include <botan/dl_group.h>
22#if defined(BOTAN_HAS_ECDH)
23 #include <botan/ecdh.h>
26#if defined(BOTAN_HAS_CURVE_25519)
27 #include <botan/curve25519.h>
30#if defined(BOTAN_HAS_X448)
31 #include <botan/x448.h>
46std::vector<uint8_t> kex_public_value(
const Public_Key& kex_public_key) {
49#if defined(BOTAN_HAS_ECDH)
50 if(
const auto* ecdh =
dynamic_cast<const ECDH_PublicKey*
>(&kex_public_key)) {
51 return ecdh->public_value();
55#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
56 if(
const auto* dh =
dynamic_cast<const DH_PublicKey*
>(&kex_public_key)) {
57 return dh->public_value();
61#if defined(BOTAN_HAS_CURVE_25519)
62 if(
const auto* curve =
dynamic_cast<const Curve25519_PublicKey*
>(&kex_public_key)) {
63 return curve->public_value();
67#if defined(BOTAN_HAS_X448)
68 if(
const auto* curve =
dynamic_cast<const X448_PublicKey*
>(&kex_public_key)) {
69 return curve->public_value();
73 throw Not_Implemented(
74 fmt(
"Cannot get public value from unknown key agreement public key of type '{}' in the hybrid KEM key",
75 kex_public_key.algo_name()));
88size_t kex_shared_key_length(
const Public_Key& kex_public_key) {
91#if defined(BOTAN_HAS_ECDH)
92 if(
const auto* ecdh =
dynamic_cast<const ECDH_PublicKey*
>(&kex_public_key)) {
93 return ecdh->domain().get_p_bytes();
97#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
98 if(
const auto* dh =
dynamic_cast<const DH_PublicKey*
>(&kex_public_key)) {
99 return dh->group().p_bytes();
103#if defined(BOTAN_HAS_CURVE_25519)
104 if(
const auto* curve =
dynamic_cast<const Curve25519_PublicKey*
>(&kex_public_key)) {
110#if defined(BOTAN_HAS_X448)
111 if(
const auto* curve =
dynamic_cast<const X448_PublicKey*
>(&kex_public_key)) {
117 throw Not_Implemented(
118 fmt(
"Cannot get shared kex key length from unknown key agreement public key of type '{}' in the hybrid KEM key",
119 kex_public_key.algo_name()));
126std::unique_ptr<PK_Key_Agreement_Key> generate_key_agreement_private_key(
const Public_Key& kex_public_key,
127 RandomNumberGenerator& rng) {
130 auto new_kex_key = [&] {
131 auto new_private_key = kex_public_key.generate_another(rng);
132 const auto kex_key =
dynamic_cast<PK_Key_Agreement_Key*
>(new_private_key.get());
133 if(kex_key) [[likely]] {
134 (void)new_private_key.release();
136 return std::unique_ptr<PK_Key_Agreement_Key>(kex_key);
139 BOTAN_ASSERT(new_kex_key,
"Keys wrapped in this adapter are always key-agreement keys");
143std::unique_ptr<Public_Key> maybe_get_public_key(
const std::unique_ptr<PK_Key_Agreement_Key>& private_key) {
145 return private_key->public_key();
148class KEX_to_KEM_Adapter_Encryption_Operation
final :
public PK_Ops::KEM_Encryption_with_KDF {
150 KEX_to_KEM_Adapter_Encryption_Operation(
const Public_Key& key, std::string_view kdf, std::string_view provider) :
151 PK_Ops::KEM_Encryption_with_KDF(kdf), m_provider(provider), m_public_key(key) {}
153 size_t raw_kem_shared_key_length()
const override {
return kex_shared_key_length(m_public_key); }
155 size_t encapsulated_key_length()
const override {
return kex_public_value(m_public_key).size(); }
157 void raw_kem_encrypt(std::span<uint8_t> out_encapsulated_key,
158 std::span<uint8_t> raw_shared_key,
160 const auto sk = generate_key_agreement_private_key(m_public_key, rng);
161 const auto shared_key = PK_Key_Agreement(*sk, rng,
"Raw", m_provider)
162 .derive_key(0 , kex_public_value(m_public_key))
165 const auto public_value = sk->public_value();
171 out_encapsulated_key.size(),
172 "KEX-to-KEM Adapter: encapsulated key out-param has correct length");
174 shared_key.size(), raw_shared_key.size(),
"KEX-to-KEM Adapter: shared key out-param has correct length");
175 std::copy(public_value.begin(), public_value.end(), out_encapsulated_key.begin());
176 std::copy(shared_key.begin(), shared_key.end(), raw_shared_key.begin());
180 std::string m_provider;
181 const Public_Key& m_public_key;
184class KEX_to_KEM_Decryption_Operation
final :
public PK_Ops::KEM_Decryption_with_KDF {
186 KEX_to_KEM_Decryption_Operation(
const PK_Key_Agreement_Key& key,
187 RandomNumberGenerator& rng,
188 const std::string_view kdf,
189 const std::string_view provider) :
190 PK_Ops::KEM_Decryption_with_KDF(kdf),
191 m_operation(key, rng,
"Raw", provider),
192 m_encapsulated_key_length(key.public_value().size()) {}
194 void raw_kem_decrypt(std::span<uint8_t> out_shared_key, std::span<const uint8_t> encap_key)
override {
195 secure_vector<uint8_t> shared_secret = m_operation.derive_key(0 , encap_key).bits_of();
197 shared_secret.size(), out_shared_key.size(),
"KEX-to-KEM Adapter: shared key out-param has correct length");
198 std::copy(shared_secret.begin(), shared_secret.end(), out_shared_key.begin());
201 size_t encapsulated_key_length()
const override {
return m_encapsulated_key_length; }
203 size_t raw_kem_shared_key_length()
const override {
return m_operation.agreed_value_size(); }
206 PK_Key_Agreement m_operation;
207 size_t m_encapsulated_key_length;
213 m_public_key(std::move(public_key)) {
219 return fmt(
"KEX-to-KEM({})", m_public_key->algo_name());
223 return m_public_key->estimated_strength();
227 return m_public_key->key_length();
231 return m_public_key->check_key(rng, strong);
235 return m_public_key->algorithm_identifier();
246 return kex_public_value(*m_public_key);
250 return std::make_unique<KEX_to_KEM_Adapter_PrivateKey>(generate_key_agreement_private_key(*m_public_key, rng));
263 return m_private_key->private_key_bits();
267 return std::make_unique<KEX_to_KEM_Adapter_PublicKey>(m_private_key->public_key());
271 return m_private_key->check_key(rng, strong);
275 std::string_view kdf, std::string_view provider)
const {
276 return std::make_unique<KEX_to_KEM_Adapter_Encryption_Operation>(*m_public_key, kdf, provider);
281 return std::make_unique<KEX_to_KEM_Decryption_Operation>(*m_private_key, rng, kdf, provider);
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
#define BOTAN_ARG_CHECK(expr, msg)
#define BOTAN_ASSERT(expr, assertion_made)
KEX_to_KEM_Adapter_PrivateKey(std::unique_ptr< PK_Key_Agreement_Key > private_key)
std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, std::string_view kdf, std::string_view provider="base") const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
secure_vector< uint8_t > private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
bool supports_operation(PublicKeyOperation op) const override
size_t estimated_strength() const override
std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(std::string_view kdf, std::string_view provider="base") const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > public_key_bits() const override
AlgorithmIdentifier algorithm_identifier() const override
size_t key_length() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
KEX_to_KEM_Adapter_PublicKey(std::unique_ptr< Public_Key > public_key)
std::string algo_name() const override
int(* final)(unsigned char *, CTX *)
std::string fmt(std::string_view format, const T &... args)
std::vector< T, secure_allocator< T > > secure_vector