Botan  2.6.0
Crypto and TLS for C++11
pubkey.cpp
Go to the documentation of this file.
1 /*
2 * (C) 1999-2010,2015 Jack Lloyd
3 *
4 * Botan is released under the Simplified BSD License (see license.txt)
5 */
6 
7 #include <botan/pubkey.h>
8 #include <botan/der_enc.h>
9 #include <botan/ber_dec.h>
10 #include <botan/bigint.h>
11 #include <botan/pk_ops.h>
12 #include <botan/internal/ct_utils.h>
13 #include <botan/rng.h>
14 
15 namespace Botan {
16 
17 secure_vector<uint8_t> PK_Decryptor::decrypt(const uint8_t in[], size_t length) const
18  {
19  uint8_t valid_mask = 0;
20 
21  secure_vector<uint8_t> decoded = do_decrypt(valid_mask, in, length);
22 
23  if(valid_mask == 0)
24  throw Decoding_Error("Invalid public key ciphertext, cannot decrypt");
25 
26  return decoded;
27  }
28 
29 secure_vector<uint8_t>
30 PK_Decryptor::decrypt_or_random(const uint8_t in[],
31  size_t length,
32  size_t expected_pt_len,
33  RandomNumberGenerator& rng,
34  const uint8_t required_content_bytes[],
35  const uint8_t required_content_offsets[],
36  size_t required_contents_length) const
37  {
38  const secure_vector<uint8_t> fake_pms = rng.random_vec(expected_pt_len);
39 
40  uint8_t valid_mask = 0;
41  secure_vector<uint8_t> decoded = do_decrypt(valid_mask, in, length);
42 
43  valid_mask &= CT::is_equal(decoded.size(), expected_pt_len);
44 
45  decoded.resize(expected_pt_len);
46 
47  for(size_t i = 0; i != required_contents_length; ++i)
48  {
49  /*
50  These values are chosen by the application and for TLS are constants,
51  so this early failure via assert is fine since we know 0,1 < 48
52 
53  If there is a protocol that has content checks on the key where
54  the expected offsets are controllable by the attacker this could
55  still leak.
56 
57  Alternately could always reduce the offset modulo the length?
58  */
59 
60  const uint8_t exp = required_content_bytes[i];
61  const uint8_t off = required_content_offsets[i];
62 
63  BOTAN_ASSERT(off < expected_pt_len, "Offset in range of plaintext");
64 
65  valid_mask &= CT::is_equal(decoded[off], exp);
66  }
67 
68  CT::conditional_copy_mem(valid_mask,
69  /*output*/decoded.data(),
70  /*from0*/decoded.data(),
71  /*from1*/fake_pms.data(),
72  expected_pt_len);
73 
74  return decoded;
75  }
76 
77 secure_vector<uint8_t>
78 PK_Decryptor::decrypt_or_random(const uint8_t in[],
79  size_t length,
80  size_t expected_pt_len,
81  RandomNumberGenerator& rng) const
82  {
83  return decrypt_or_random(in, length, expected_pt_len, rng,
84  nullptr, nullptr, 0);
85  }
86 
87 PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key,
88  RandomNumberGenerator& rng,
89  const std::string& padding,
90  const std::string& provider)
91  {
92  m_op = key.create_encryption_op(rng, padding, provider);
93  if(!m_op)
94  throw Invalid_Argument("Key type " + key.algo_name() + " does not support encryption");
95  }
96 
97 PK_Encryptor_EME::~PK_Encryptor_EME() { /* for unique_ptr */ }
98 
99 std::vector<uint8_t>
100 PK_Encryptor_EME::enc(const uint8_t in[], size_t length, RandomNumberGenerator& rng) const
101  {
102  return unlock(m_op->encrypt(in, length, rng));
103  }
104 
105 size_t PK_Encryptor_EME::maximum_input_size() const
106  {
107  return m_op->max_input_bits() / 8;
108  }
109 
110 PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key,
111  RandomNumberGenerator& rng,
112  const std::string& padding,
113  const std::string& provider)
114  {
115  m_op = key.create_decryption_op(rng, padding, provider);
116  if(!m_op)
117  throw Invalid_Argument("Key type " + key.algo_name() + " does not support decryption");
118  }
119 
120 PK_Decryptor_EME::~PK_Decryptor_EME() { /* for unique_ptr */ }
121 
122 secure_vector<uint8_t> PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask,
123  const uint8_t in[], size_t in_len) const
124  {
125  return m_op->decrypt(valid_mask, in, in_len);
126  }
127 
128 PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key,
129  RandomNumberGenerator& rng,
130  const std::string& param,
131  const std::string& provider)
132  {
133  m_op = key.create_kem_encryption_op(rng, param, provider);
134  if(!m_op)
135  throw Invalid_Argument("Key type " + key.algo_name() + " does not support KEM encryption");
136  }
137 
138 PK_KEM_Encryptor::~PK_KEM_Encryptor() { /* for unique_ptr */ }
139 
140 void PK_KEM_Encryptor::encrypt(secure_vector<uint8_t>& out_encapsulated_key,
141  secure_vector<uint8_t>& out_shared_key,
142  size_t desired_shared_key_len,
143  Botan::RandomNumberGenerator& rng,
144  const uint8_t salt[],
145  size_t salt_len)
146  {
147  m_op->kem_encrypt(out_encapsulated_key,
148  out_shared_key,
149  desired_shared_key_len,
150  rng,
151  salt,
152  salt_len);
153  }
154 
155 PK_KEM_Decryptor::PK_KEM_Decryptor(const Private_Key& key,
156  RandomNumberGenerator& rng,
157  const std::string& param,
158  const std::string& provider)
159  {
160  m_op = key.create_kem_decryption_op(rng, param, provider);
161  if(!m_op)
162  throw Invalid_Argument("Key type " + key.algo_name() + " does not support KEM decryption");
163  }
164 
165 PK_KEM_Decryptor::~PK_KEM_Decryptor() { /* for unique_ptr */ }
166 
167 secure_vector<uint8_t> PK_KEM_Decryptor::decrypt(const uint8_t encap_key[],
168  size_t encap_key_len,
169  size_t desired_shared_key_len,
170  const uint8_t salt[],
171  size_t salt_len)
172  {
173  return m_op->kem_decrypt(encap_key, encap_key_len,
174  desired_shared_key_len,
175  salt, salt_len);
176  }
177 
178 PK_Key_Agreement::PK_Key_Agreement(const Private_Key& key,
179  RandomNumberGenerator& rng,
180  const std::string& kdf,
181  const std::string& provider)
182  {
183  m_op = key.create_key_agreement_op(rng, kdf, provider);
184  if(!m_op)
185  throw Invalid_Argument("Key type " + key.algo_name() + " does not support key agreement");
186  }
187 
188 PK_Key_Agreement::~PK_Key_Agreement() { /* for unique_ptr */ }
189 
190 PK_Key_Agreement& PK_Key_Agreement::operator=(PK_Key_Agreement&& other)
191  {
192  if(this != &other)
193  {
194  m_op = std::move(other.m_op);
195  }
196  return (*this);
197  }
198 
199 PK_Key_Agreement::PK_Key_Agreement(PK_Key_Agreement&& other) :
200  m_op(std::move(other.m_op))
201  {}
202 
203 SymmetricKey PK_Key_Agreement::derive_key(size_t key_len,
204  const uint8_t in[], size_t in_len,
205  const uint8_t salt[],
206  size_t salt_len) const
207  {
208  return m_op->agree(key_len, in, in_len, salt, salt_len);
209  }
210 
211 PK_Signer::PK_Signer(const Private_Key& key,
212  RandomNumberGenerator& rng,
213  const std::string& emsa,
214  Signature_Format format,
215  const std::string& provider)
216  {
217  m_op = key.create_signature_op(rng, emsa, provider);
218  if(!m_op)
219  throw Invalid_Argument("Key type " + key.algo_name() + " does not support signature generation");
220  m_sig_format = format;
221  m_parts = key.message_parts();
222  m_part_size = key.message_part_size();
223  }
224 
225 PK_Signer::~PK_Signer() { /* for unique_ptr */ }
226 
227 void PK_Signer::update(const uint8_t in[], size_t length)
228  {
229  m_op->update(in, length);
230  }
231 
232 std::vector<uint8_t> PK_Signer::signature(RandomNumberGenerator& rng)
233  {
234  const std::vector<uint8_t> sig = unlock(m_op->sign(rng));
235 
236  if(m_sig_format == IEEE_1363)
237  {
238  return sig;
239  }
240  else if(m_sig_format == DER_SEQUENCE)
241  {
242  if(sig.size() % m_parts != 0 || sig.size() != m_parts * m_part_size)
243  throw Internal_Error("PK_Signer: DER signature sizes unexpected, cannot encode");
244 
245  std::vector<BigInt> sig_parts(m_parts);
246  for(size_t i = 0; i != sig_parts.size(); ++i)
247  sig_parts[i].binary_decode(&sig[m_part_size*i], m_part_size);
248 
249  return DER_Encoder()
250  .start_cons(SEQUENCE)
251  .encode_list(sig_parts)
252  .end_cons()
253  .get_contents_unlocked();
254  }
255  else
256  throw Internal_Error("PK_Signer: Invalid signature format enum");
257  }
258 
259 PK_Verifier::PK_Verifier(const Public_Key& key,
260  const std::string& emsa,
261  Signature_Format format,
262  const std::string& provider)
263  {
264  m_op = key.create_verification_op(emsa, provider);
265  if(!m_op)
266  throw Invalid_Argument("Key type " + key.algo_name() + " does not support signature verification");
267  m_sig_format = format;
268  m_parts = key.message_parts();
269  m_part_size = key.message_part_size();
270  }
271 
272 PK_Verifier::~PK_Verifier() { /* for unique_ptr */ }
273 
274 void PK_Verifier::set_input_format(Signature_Format format)
275  {
276  if(format != IEEE_1363 && m_parts == 1)
277  throw Invalid_Argument("PK_Verifier: This algorithm does not support DER encoding");
278  m_sig_format = format;
279  }
280 
281 bool PK_Verifier::verify_message(const uint8_t msg[], size_t msg_length,
282  const uint8_t sig[], size_t sig_length)
283  {
284  update(msg, msg_length);
285  return check_signature(sig, sig_length);
286  }
287 
288 void PK_Verifier::update(const uint8_t in[], size_t length)
289  {
290  m_op->update(in, length);
291  }
292 
293 bool PK_Verifier::check_signature(const uint8_t sig[], size_t length)
294  {
295  try {
296  if(m_sig_format == IEEE_1363)
297  {
298  return m_op->is_valid_signature(sig, length);
299  }
300  else if(m_sig_format == DER_SEQUENCE)
301  {
302  std::vector<uint8_t> real_sig;
303  BER_Decoder decoder(sig, length);
304  BER_Decoder ber_sig = decoder.start_cons(SEQUENCE);
305 
306  size_t count = 0;
307  while(ber_sig.more_items())
308  {
309  BigInt sig_part;
310  ber_sig.decode(sig_part);
311  real_sig += BigInt::encode_1363(sig_part, m_part_size);
312  ++count;
313  }
314 
315  if(count != m_parts)
316  throw Decoding_Error("PK_Verifier: signature size invalid");
317 
318  return m_op->is_valid_signature(real_sig.data(), real_sig.size());
319  }
320  else
321  throw Internal_Error("PK_Verifier: Invalid signature format enum");
322  }
323  catch(Invalid_Argument&) { return false; }
324  }
325 
326 }
Botan::PK_Signer::~PK_Signer
~PK_Signer()
Definition: pubkey.cpp:225
Botan::Invalid_Argument
Definition: exceptn.h:33
Botan::DER_Encoder::encode_list
DER_Encoder & encode_list(const std::vector< T > &values)
Definition: der_enc.h:96
Botan::PK_Signer::PK_Signer
PK_Signer(const Private_Key &key, RandomNumberGenerator &rng, const std::string &emsa, Signature_Format format=IEEE_1363, const std::string &provider="")
Definition: pubkey.cpp:211
Botan::RandomNumberGenerator::random_vec
secure_vector< uint8_t > random_vec(size_t bytes)
Definition: rng.h:132
Botan::CT::conditional_copy_mem
void conditional_copy_mem(T value, T *to, const T *from0, const T *from1, size_t elems)
Definition: ct_utils.h:142
Botan::DER_Encoder::get_contents_unlocked
std::vector< uint8_t > get_contents_unlocked()
Definition: der_enc.h:27
Botan::PK_Verifier::verify_message
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
Definition: pubkey.cpp:281
Botan::Private_Key
Definition: pk_keys.h:170
Botan::Private_Key::create_signature_op
virtual std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:131
Botan::PK_Verifier::~PK_Verifier
~PK_Verifier()
Definition: pubkey.cpp:272
Botan::PK_KEM_Encryptor::PK_KEM_Encryptor
PK_KEM_Encryptor(const Public_Key &key, RandomNumberGenerator &rng, const std::string &kem_param="", const std::string &provider="")
Definition: pubkey.cpp:128
Botan::PK_Decryptor::decrypt
secure_vector< uint8_t > decrypt(const uint8_t in[], size_t length) const
Definition: pubkey.cpp:17
Botan::PK_Key_Agreement::PK_Key_Agreement
PK_Key_Agreement(const Private_Key &key, RandomNumberGenerator &rng, const std::string &kdf, const std::string &provider="")
Definition: pubkey.cpp:178
Botan::Signature_Format
Signature_Format
Definition: pubkey.h:27
std
Definition: bigint.h:719
Botan::PK_KEM_Decryptor::~PK_KEM_Decryptor
~PK_KEM_Decryptor()
Definition: pubkey.cpp:165
Botan::PK_Signer::signature
std::vector< uint8_t > signature(RandomNumberGenerator &rng)
Definition: pubkey.cpp:232
Botan::Public_Key::algo_name
virtual std::string algo_name() const =0
Botan::Internal_Error
Definition: exceptn.h:87
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:338
Botan::Private_Key::create_kem_decryption_op
virtual std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:123
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition: der_enc.cpp:146
Botan::Public_Key::create_kem_encryption_op
virtual std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:100
Botan::CT::is_equal
T is_equal(T x, T y)
Definition: ct_utils.h:124
Botan::PK_KEM_Encryptor::~PK_KEM_Encryptor
~PK_KEM_Encryptor()
Definition: pubkey.cpp:138
Botan::PK_Verifier::update
void update(uint8_t in)
Definition: pubkey.h:335
Botan::Private_Key::create_decryption_op
virtual std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:115
Botan::PK_Decryptor_EME::PK_Decryptor_EME
PK_Decryptor_EME(const Private_Key &key, RandomNumberGenerator &rng, const std::string &eme, const std::string &provider="")
Definition: pubkey.cpp:110
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:30
Botan::Decoding_Error
Definition: exceptn.h:178
Botan::PK_Decryptor::decrypt_or_random
secure_vector< uint8_t > decrypt_or_random(const uint8_t in[], size_t length, size_t expected_pt_len, RandomNumberGenerator &rng) const
Definition: pubkey.cpp:78
Botan::DER_Encoder
Definition: der_enc.h:22
Botan::PK_KEM_Decryptor::decrypt
secure_vector< uint8_t > decrypt(const uint8_t encap_key[], size_t encap_key_len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len)
Definition: pubkey.cpp:167
Botan::Public_Key::message_part_size
virtual size_t message_part_size() const
Definition: pk_keys.h:118
Botan::PK_Encryptor_EME::maximum_input_size
size_t maximum_input_size() const override
Definition: pubkey.cpp:105
Botan::PK_Signer::update
void update(uint8_t in)
Definition: pubkey.h:238
Botan::PK_KEM_Decryptor::PK_KEM_Decryptor
PK_KEM_Decryptor(const Private_Key &key, RandomNumberGenerator &rng, const std::string &kem_param="", const std::string &provider="")
Definition: pubkey.cpp:155
salt_len
size_t salt_len
Definition: x509_obj.cpp:26
Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
Definition: pubkey.cpp:203
Botan::PK_Key_Agreement::operator=
PK_Key_Agreement & operator=(PK_Key_Agreement &&)
Definition: pubkey.cpp:190
Botan::BER_Decoder::start_cons
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:239
Botan
Definition: alg_id.cpp:13
Botan::PK_Verifier::set_input_format
void set_input_format(Signature_Format format)
Definition: pubkey.cpp:274
Botan::Public_Key
Definition: pk_keys.h:23
Botan::PK_Key_Agreement
Definition: pubkey.h:398
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
Botan::PK_Decryptor_EME::~PK_Decryptor_EME
~PK_Decryptor_EME()
Definition: pubkey.cpp:120
Botan::PK_Verifier::check_signature
bool check_signature(const uint8_t sig[], size_t length)
Definition: pubkey.cpp:293
Botan::PK_Encryptor_EME::PK_Encryptor_EME
PK_Encryptor_EME(const Public_Key &key, RandomNumberGenerator &rng, const std::string &padding, const std::string &provider="")
Definition: pubkey.cpp:87
Botan::PK_Verifier::PK_Verifier
PK_Verifier(const Public_Key &pub_key, const std::string &emsa, Signature_Format format=IEEE_1363, const std::string &provider="")
Definition: pubkey.cpp:259
Botan::PK_Encryptor_EME::~PK_Encryptor_EME
~PK_Encryptor_EME()
Definition: pubkey.cpp:97
Botan::DER_Encoder::start_cons
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:136
Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:82
Botan::PK_Key_Agreement::~PK_Key_Agreement
~PK_Key_Agreement()
Definition: pubkey.cpp:188
Botan::Public_Key::create_verification_op
virtual std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:108
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
Botan::Public_Key::create_encryption_op
virtual std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:92
Botan::BER_Decoder::more_items
bool more_items() const
Definition: ber_dec.cpp:153
Botan::BER_Decoder
Definition: ber_dec.h:19
Botan::Public_Key::message_parts
virtual size_t message_parts() const
Definition: pk_keys.h:107
Botan::Private_Key::create_key_agreement_op
virtual std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const
Definition: pk_keys.cpp:139
Botan::PK_KEM_Encryptor::encrypt
void encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len)
Definition: pubkey.cpp:140
Generated by   doxygen 1.8.14