Botan 3.0.0-alpha0
Crypto and TLS for C&
pk_ops.cpp
Go to the documentation of this file.
1/*
2* PK Operation Types
3* (C) 2010,2015 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/pk_ops_impl.h>
9#include <botan/internal/bit_ops.h>
10#include <botan/rng.h>
11
12namespace Botan {
13
15 m_eme(EME::create(eme))
16 {
17 }
18
20 {
21 return 8 * m_eme->maximum_input_size(max_raw_input_bits());
22 }
23
26 {
27 const size_t max_raw = max_raw_input_bits();
28 const std::vector<uint8_t> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng));
29 return raw_encrypt(encoded.data(), encoded.size(), rng);
30 }
31
33 m_eme(EME::create(eme))
34 {
35 }
36
39 const uint8_t ciphertext[],
40 size_t ciphertext_len)
41 {
42 const secure_vector<uint8_t> raw = raw_decrypt(ciphertext, ciphertext_len);
43 return m_eme->unpad(valid_mask, raw.data(), raw.size());
44 }
45
47 {
48 if(kdf != "Raw")
49 m_kdf = KDF::create_or_throw(kdf);
50 }
51
53 const uint8_t w[], size_t w_len,
54 const uint8_t salt[], size_t salt_len)
55 {
56 secure_vector<uint8_t> z = raw_agree(w, w_len);
57 if(m_kdf)
58 return m_kdf->derive_key(key_len, z, salt, salt_len);
59 return z;
60 }
61
62PK_Ops::Signature_with_EMSA::Signature_with_EMSA(const std::string& emsa, bool with_message_recovery) :
63 Signature(),
64 m_emsa(EMSA::create_or_throw(emsa)),
65 m_hash(hash_for_emsa(emsa)),
66 m_prefix_used(false)
67 {
68 if(!with_message_recovery && m_emsa->requires_message_recovery())
69 {
70 throw Invalid_Argument("Signature padding method " + emsa +
71 " requires message recovery, which is not supported by this scheme");
72 }
73 }
74
75void PK_Ops::Signature_with_EMSA::update(const uint8_t msg[], size_t msg_len)
76 {
77 if(has_prefix() && !m_prefix_used)
78 {
79 m_prefix_used = true;
80 secure_vector<uint8_t> prefix = message_prefix();
81 m_emsa->update(prefix.data(), prefix.size());
82 }
83 m_emsa->update(msg, msg_len);
84 }
85
87 {
88 m_prefix_used = false;
89 const secure_vector<uint8_t> msg = m_emsa->raw_data();
90 const auto padded = m_emsa->encoding_of(msg, this->max_input_bits(), rng);
91 return raw_sign(padded.data(), padded.size(), rng);
92 }
93
94PK_Ops::Verification_with_EMSA::Verification_with_EMSA(const std::string& emsa, bool with_message_recovery) :
96 m_emsa(EMSA::create_or_throw(emsa)),
97 m_hash(hash_for_emsa(emsa)),
98 m_prefix_used(false)
99 {
100 if(!with_message_recovery && m_emsa->requires_message_recovery())
101 {
102 throw Invalid_Argument("Signature padding method " + emsa +
103 " requires message recovery, which is not supported by this scheme");
104 }
105 }
106
107void PK_Ops::Verification_with_EMSA::update(const uint8_t msg[], size_t msg_len)
108 {
109 if(has_prefix() && !m_prefix_used)
110 {
111 m_prefix_used = true;
112 secure_vector<uint8_t> prefix = message_prefix();
113 m_emsa->update(prefix.data(), prefix.size());
114 }
115 m_emsa->update(msg, msg_len);
116 }
117
118bool PK_Ops::Verification_with_EMSA::is_valid_signature(const uint8_t sig[], size_t sig_len)
119 {
120 m_prefix_used = false;
121 const secure_vector<uint8_t> msg = m_emsa->raw_data();
122
123 if(with_recovery())
124 {
125 secure_vector<uint8_t> output_of_key = verify_mr(sig, sig_len);
126 return m_emsa->verify(output_of_key, msg, max_input_bits());
127 }
128 else
129 {
130 Null_RNG rng;
131 secure_vector<uint8_t> encoded = m_emsa->encoding_of(msg, max_input_bits(), rng);
132 return verify(encoded.data(), encoded.size(), sig, sig_len);
133 }
134 }
135
137 secure_vector<uint8_t>& out_shared_key,
138 size_t desired_shared_key_len,
140 const uint8_t salt[],
141 size_t salt_len)
142 {
143 secure_vector<uint8_t> raw_shared;
144 this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
145
146 out_shared_key = (m_kdf)
147 ? m_kdf->derive_key(desired_shared_key_len,
148 raw_shared.data(), raw_shared.size(),
149 salt, salt_len)
150 : raw_shared;
151 }
152
154 {
155 if(kdf != "Raw")
156 m_kdf = KDF::create_or_throw(kdf);
157 }
158
161 size_t len,
162 size_t desired_shared_key_len,
163 const uint8_t salt[],
164 size_t salt_len)
165 {
166 secure_vector<uint8_t> raw_shared = this->raw_kem_decrypt(encap_key, len);
167
168 if(m_kdf)
169 return m_kdf->derive_key(desired_shared_key_len,
170 raw_shared.data(), raw_shared.size(),
171 salt, salt_len);
172 return raw_shared;
173 }
174
176 {
177 if(kdf != "Raw")
178 m_kdf = KDF::create_or_throw(kdf);
179 }
180
181}
Definition: eme.h:22
static std::unique_ptr< KDF > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: kdf.cpp:212
secure_vector< uint8_t > decrypt(uint8_t &valid_mask, const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:38
Decryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:32
size_t max_input_bits() const override
Definition: pk_ops.cpp:19
secure_vector< uint8_t > encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:24
Encryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:14
KEM_Decryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:175
secure_vector< uint8_t > kem_decrypt(const uint8_t encap_key[], size_t len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:160
void kem_encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:136
KEM_Encryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:153
Key_Agreement_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:46
secure_vector< uint8_t > agree(size_t key_len, const uint8_t other_key[], size_t other_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:52
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:75
Signature_with_EMSA(const std::string &emsa, bool with_message_recovery=false)
Definition: pk_ops.cpp:62
secure_vector< uint8_t > sign(RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:86
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:107
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
Definition: pk_ops.cpp:118
Verification_with_EMSA(const std::string &emsa, bool has_message_recovery=false)
Definition: pk_ops.cpp:94
Definition: alg_id.cpp:13
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
std::string hash_for_emsa(const std::string &algo_spec)
Definition: emsa.cpp:197
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
size_t salt_len
Definition: x509_obj.cpp:25