Botan 2.19.2
Crypto and TLS for C&
pk_ops.cpp
Go to the documentation of this file.
1/*
2* PK Operation Types
3* (C) 2010,2015 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/pk_ops_impl.h>
9#include <botan/internal/bit_ops.h>
10#include <botan/rng.h>
11
12namespace Botan {
13
15 {
16 m_eme.reset(get_eme(eme));
17 if(!m_eme.get())
18 throw Algorithm_Not_Found(eme);
19 }
20
22 {
23 return 8 * m_eme->maximum_input_size(max_raw_input_bits());
24 }
25
28 {
29 const size_t max_raw = max_raw_input_bits();
30 const std::vector<uint8_t> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng));
31 return raw_encrypt(encoded.data(), encoded.size(), rng);
32 }
33
35 {
36 m_eme.reset(get_eme(eme));
37 if(!m_eme.get())
38 throw Algorithm_Not_Found(eme);
39 }
40
43 const uint8_t ciphertext[],
44 size_t ciphertext_len)
45 {
46 const secure_vector<uint8_t> raw = raw_decrypt(ciphertext, ciphertext_len);
47 return m_eme->unpad(valid_mask, raw.data(), raw.size());
48 }
49
51 {
52 if(kdf != "Raw")
53 m_kdf.reset(get_kdf(kdf));
54 }
55
57 const uint8_t w[], size_t w_len,
58 const uint8_t salt[], size_t salt_len)
59 {
60 secure_vector<uint8_t> z = raw_agree(w, w_len);
61 if(m_kdf)
62 return m_kdf->derive_key(key_len, z, salt, salt_len);
63 return z;
64 }
65
67 Signature(),
68 m_emsa(get_emsa(emsa)),
69 m_hash(hash_for_emsa(emsa)),
70 m_prefix_used(false)
71 {
72 if(!m_emsa)
73 throw Algorithm_Not_Found(emsa);
74 }
75
76void PK_Ops::Signature_with_EMSA::update(const uint8_t msg[], size_t msg_len)
77 {
78 if(has_prefix() && !m_prefix_used)
79 {
80 m_prefix_used = true;
81 secure_vector<uint8_t> prefix = message_prefix();
82 m_emsa->update(prefix.data(), prefix.size());
83 }
84 m_emsa->update(msg, msg_len);
85 }
86
88 {
89 m_prefix_used = false;
90 const secure_vector<uint8_t> msg = m_emsa->raw_data();
91 const auto padded = m_emsa->encoding_of(msg, this->max_input_bits(), rng);
92 return raw_sign(padded.data(), padded.size(), rng);
93 }
94
97 m_emsa(get_emsa(emsa)),
98 m_hash(hash_for_emsa(emsa)),
99 m_prefix_used(false)
100 {
101 if(!m_emsa)
102 throw Algorithm_Not_Found(emsa);
103 }
104
105void PK_Ops::Verification_with_EMSA::update(const uint8_t msg[], size_t msg_len)
106 {
107 if(has_prefix() && !m_prefix_used)
108 {
109 m_prefix_used = true;
110 secure_vector<uint8_t> prefix = message_prefix();
111 m_emsa->update(prefix.data(), prefix.size());
112 }
113 m_emsa->update(msg, msg_len);
114 }
115
116bool PK_Ops::Verification_with_EMSA::is_valid_signature(const uint8_t sig[], size_t sig_len)
117 {
118 m_prefix_used = false;
119 const secure_vector<uint8_t> msg = m_emsa->raw_data();
120
121 if(with_recovery())
122 {
123 secure_vector<uint8_t> output_of_key = verify_mr(sig, sig_len);
124 return m_emsa->verify(output_of_key, msg, max_input_bits());
125 }
126 else
127 {
128 Null_RNG rng;
129 secure_vector<uint8_t> encoded = m_emsa->encoding_of(msg, max_input_bits(), rng);
130 return verify(encoded.data(), encoded.size(), sig, sig_len);
131 }
132 }
133
135 secure_vector<uint8_t>& out_shared_key,
136 size_t desired_shared_key_len,
138 const uint8_t salt[],
139 size_t salt_len)
140 {
141 secure_vector<uint8_t> raw_shared;
142 this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
143
144 out_shared_key = m_kdf->derive_key(desired_shared_key_len,
145 raw_shared.data(), raw_shared.size(),
146 salt, salt_len);
147 }
148
150 {
151 m_kdf.reset(get_kdf(kdf));
152 }
153
156 size_t len,
157 size_t desired_shared_key_len,
158 const uint8_t salt[],
159 size_t salt_len)
160 {
161 secure_vector<uint8_t> raw_shared = this->raw_kem_decrypt(encap_key, len);
162
163 return m_kdf->derive_key(desired_shared_key_len,
164 raw_shared.data(), raw_shared.size(),
165 salt, salt_len);
166 }
167
169 {
170 m_kdf.reset(get_kdf(kdf));
171 }
172
173}
secure_vector< uint8_t > decrypt(uint8_t &valid_mask, const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:42
Decryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:34
size_t max_input_bits() const override
Definition: pk_ops.cpp:21
secure_vector< uint8_t > encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:26
Encryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:14
KEM_Decryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:168
secure_vector< uint8_t > kem_decrypt(const uint8_t encap_key[], size_t len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:155
void kem_encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:134
KEM_Encryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:149
Key_Agreement_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:50
secure_vector< uint8_t > agree(size_t key_len, const uint8_t other_key[], size_t other_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:56
Signature_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:66
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:76
secure_vector< uint8_t > sign(RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:87
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:105
Verification_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:95
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
Definition: pk_ops.cpp:116
Definition: alg_id.cpp:13
KDF * get_kdf(const std::string &algo_spec)
Definition: kdf.cpp:241
std::string hash_for_emsa(const std::string &algo_spec)
Definition: emsa.cpp:189
EME * get_eme(const std::string &algo_spec)
Definition: eme.cpp:27
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
EMSA * get_emsa(const std::string &algo_spec)
Definition: emsa.cpp:44
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
size_t salt_len
Definition: x509_obj.cpp:25