Botan  2.6.0
Crypto and TLS for C++11
pk_ops.cpp
Go to the documentation of this file.
1 /*
2 * PK Operation Types
3 * (C) 2010,2015 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/internal/pk_ops_impl.h>
9 #include <botan/internal/bit_ops.h>
10 #include <botan/rng.h>
11 
12 namespace Botan {
13 
15  {
16  m_eme.reset(get_eme(eme));
17  if(!m_eme.get())
18  throw Algorithm_Not_Found(eme);
19  }
20 
22  {
23  return 8 * m_eme->maximum_input_size(max_raw_input_bits());
24  }
25 
28  {
29  const size_t max_raw = max_raw_input_bits();
30  const std::vector<uint8_t> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng));
31  return raw_encrypt(encoded.data(), encoded.size(), rng);
32  }
33 
35  {
36  m_eme.reset(get_eme(eme));
37  if(!m_eme.get())
38  throw Algorithm_Not_Found(eme);
39  }
40 
43  const uint8_t ciphertext[],
44  size_t ciphertext_len)
45  {
46  const secure_vector<uint8_t> raw = raw_decrypt(ciphertext, ciphertext_len);
47  return m_eme->unpad(valid_mask, raw.data(), raw.size());
48  }
49 
51  {
52  if(kdf != "Raw")
53  m_kdf.reset(get_kdf(kdf));
54  }
55 
57  const uint8_t w[], size_t w_len,
58  const uint8_t salt[], size_t salt_len)
59  {
60  secure_vector<uint8_t> z = raw_agree(w, w_len);
61  if(m_kdf)
62  return m_kdf->derive_key(key_len, z, salt, salt_len);
63  return z;
64  }
65 
67  Signature(),
68  m_emsa(get_emsa(emsa)),
69  m_hash(hash_for_emsa(emsa)),
70  m_prefix_used(false)
71  {
72  if(!m_emsa)
73  throw Algorithm_Not_Found(emsa);
74  }
75 
76 void PK_Ops::Signature_with_EMSA::update(const uint8_t msg[], size_t msg_len)
77  {
78  if(has_prefix() && !m_prefix_used)
79  {
80  m_prefix_used = true;
81  secure_vector<uint8_t> prefix = message_prefix();
82  m_emsa->update(prefix.data(), prefix.size());
83  }
84  m_emsa->update(msg, msg_len);
85  }
86 
88  {
89  m_prefix_used = false;
90  const secure_vector<uint8_t> msg = m_emsa->raw_data();
91  const auto padded = m_emsa->encoding_of(msg, this->max_input_bits(), rng);
92  return raw_sign(padded.data(), padded.size(), rng);
93  }
94 
96  Verification(),
97  m_emsa(get_emsa(emsa)),
98  m_hash(hash_for_emsa(emsa)),
99  m_prefix_used(false)
100  {
101  if(!m_emsa)
102  throw Algorithm_Not_Found(emsa);
103  }
104 
105 void PK_Ops::Verification_with_EMSA::update(const uint8_t msg[], size_t msg_len)
106  {
107  if(has_prefix() && !m_prefix_used)
108  {
109  m_prefix_used = true;
110  secure_vector<uint8_t> prefix = message_prefix();
111  m_emsa->update(prefix.data(), prefix.size());
112  }
113  m_emsa->update(msg, msg_len);
114  }
115 
116 bool PK_Ops::Verification_with_EMSA::is_valid_signature(const uint8_t sig[], size_t sig_len)
117  {
118  m_prefix_used = false;
119  const secure_vector<uint8_t> msg = m_emsa->raw_data();
120 
121  if(with_recovery())
122  {
123  secure_vector<uint8_t> output_of_key = verify_mr(sig, sig_len);
124  return m_emsa->verify(output_of_key, msg, max_input_bits());
125  }
126  else
127  {
128  Null_RNG rng;
129  secure_vector<uint8_t> encoded = m_emsa->encoding_of(msg, max_input_bits(), rng);
130  return verify(encoded.data(), encoded.size(), sig, sig_len);
131  }
132  }
133 
135  secure_vector<uint8_t>& out_shared_key,
136  size_t desired_shared_key_len,
138  const uint8_t salt[],
139  size_t salt_len)
140  {
141  secure_vector<uint8_t> raw_shared;
142  this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
143 
144  out_shared_key = m_kdf->derive_key(desired_shared_key_len,
145  raw_shared.data(), raw_shared.size(),
146  salt, salt_len);
147  }
148 
150  {
151  m_kdf.reset(get_kdf(kdf));
152  }
153 
156  size_t len,
157  size_t desired_shared_key_len,
158  const uint8_t salt[],
159  size_t salt_len)
160  {
161  secure_vector<uint8_t> raw_shared = this->raw_kem_decrypt(encap_key, len);
162 
163  return m_kdf->derive_key(desired_shared_key_len,
164  raw_shared.data(), raw_shared.size(),
165  salt, salt_len);
166  }
167 
169  {
170  m_kdf.reset(get_kdf(kdf));
171  }
172 
173 }
EME * get_eme(const std::string &algo_spec)
Definition: eme.cpp:27
secure_vector< uint8_t > encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:26
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:105
secure_vector< uint8_t > kem_decrypt(const uint8_t encap_key[], size_t len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:155
Key_Agreement_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:50
Encryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:14
KEM_Decryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:168
Decryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:34
Signature_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:66
KEM_Encryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:149
void kem_encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:134
secure_vector< uint8_t > sign(RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:87
std::string hash_for_emsa(const std::string &algo_spec)
Definition: emsa.cpp:168
KDF * get_kdf(const std::string &algo_spec)
Definition: kdf.cpp:237
size_t max_input_bits() const override
Definition: pk_ops.cpp:21
Verification_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:95
size_t salt_len
Definition: x509_obj.cpp:26
Definition: alg_id.cpp:13
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:76
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
Definition: pk_ops.cpp:116
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
EMSA * get_emsa(const std::string &algo_spec)
Definition: emsa.cpp:44
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
secure_vector< uint8_t > decrypt(uint8_t &valid_mask, const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:42
secure_vector< uint8_t > agree(size_t key_len, const uint8_t other_key[], size_t other_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:56