7#include <botan/pubkey.h>
9#include <botan/ber_dec.h>
10#include <botan/bigint.h>
11#include <botan/der_enc.h>
13#include <botan/internal/ct_utils.h>
14#include <botan/internal/fmt.h>
15#include <botan/internal/parsing.h>
16#include <botan/internal/pk_ops.h>
17#include <botan/internal/pss_params.h>
22 uint8_t valid_mask = 0;
27 throw Decoding_Error(
"Invalid public key ciphertext, cannot decrypt");
35 size_t expected_pt_len,
37 const uint8_t required_content_bytes[],
38 const uint8_t required_content_offsets[],
39 size_t required_contents_length)
const {
42 uint8_t decrypt_valid = 0;
48 decoded.resize(expected_pt_len);
50 for(
size_t i = 0; i != required_contents_length; ++i) {
62 const uint8_t exp = required_content_bytes[i];
63 const uint8_t off = required_content_offsets[i];
65 BOTAN_ASSERT(off < expected_pt_len,
"Offset in range of plaintext");
73 valid_mask.select_n(decoded.data(), decoded.data(), fake_pms.data(), expected_pt_len);
80 size_t expected_pt_len,
87 std::string_view padding,
88 std::string_view provider) {
98 return m_op->ciphertext_length(ptext_len);
101std::vector<uint8_t> PK_Encryptor_EME::enc(
const uint8_t in[],
size_t length,
RandomNumberGenerator& rng)
const {
102 return unlock(m_op->encrypt(in, length, rng));
106 return m_op->max_input_bits() / 8;
111 std::string_view padding,
112 std::string_view provider) {
122 return m_op->plaintext_length(ctext_len);
125secure_vector<uint8_t> PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask,
const uint8_t in[],
size_t in_len)
const {
126 return m_op->decrypt(valid_mask, in, in_len);
139 return m_op->shared_key_length(desired_shared_key_len);
143 return m_op->encapsulated_key_length();
148 size_t desired_shared_key_len,
150 const uint8_t salt[],
152 m_op->kem_encrypt(out_encapsulated_key, out_shared_key, desired_shared_key_len, rng, salt, salt_len);
156 return m_op->shared_key_length(desired_shared_key_len);
161 std::string_view param,
162 std::string_view provider) {
172 size_t encap_key_len,
173 size_t desired_shared_key_len,
174 const uint8_t salt[],
176 return m_op->kem_decrypt(encap_key, encap_key_len, desired_shared_key_len, salt, salt_len);
183 std::string_view kdf,
184 std::string_view provider) {
185 m_op = key.create_key_agreement_op(rng, kdf, provider);
187 throw Invalid_Argument(
fmt(
"Key type {} does not support key agreement", key.algo_name()));
194 return m_op->agreed_value_size();
198 size_t key_len,
const uint8_t in[],
size_t in_len,
const uint8_t salt[],
size_t salt_len)
const {
199 return SymmetricKey(m_op->agree(key_len, in, in_len, salt, salt_len));
202static void check_der_format_supported(
Signature_Format format,
size_t parts) {
210 std::string_view emsa,
212 std::string_view provider) {
217 m_sig_format = format;
220 check_der_format_supported(format, m_parts);
224 return m_op->algorithm_identifier();
228 return m_op->hash_function();
234 m_op->update(in, length);
239std::vector<uint8_t> der_encode_signature(
const std::vector<uint8_t>& sig,
size_t parts,
size_t part_size) {
240 if(sig.size() % parts != 0 || sig.size() != parts * part_size) {
244 std::vector<BigInt> sig_parts(parts);
245 for(
size_t i = 0; i != sig_parts.size(); ++i) {
246 sig_parts[i].binary_decode(&sig[part_size * i], part_size);
249 std::vector<uint8_t> output;
250 DER_Encoder(output).start_sequence().encode_list(sig_parts).end_cons();
258 return m_op->signature_length();
262 return m_op->signature_length() + (8 + 4 * m_parts);
269 std::vector<uint8_t> sig =
unlock(m_op->sign(rng));
274 return der_encode_signature(sig, m_parts, m_part_size);
281 std::string_view emsa,
283 std::string_view provider) {
288 m_sig_format = format;
291 check_der_format_supported(format, m_parts);
296 std::string_view provider) {
306 check_der_format_supported(m_sig_format, m_parts);
312 return m_op->hash_function();
316 check_der_format_supported(format, m_parts);
317 m_sig_format = format;
326 m_op->update(in, length);
331std::vector<uint8_t> decode_der_signature(
const uint8_t sig[],
size_t length,
size_t sig_parts,
size_t sig_part_size) {
332 std::vector<uint8_t> real_sig;
347 if(count != sig_parts) {
348 throw Decoding_Error(
"PK_Verifier: signature size invalid");
351 const std::vector<uint8_t> reencoded = der_encode_signature(real_sig, sig_parts, sig_part_size);
353 if(reencoded.size() != length ||
same_mem(reencoded.data(), sig, reencoded.size()) ==
false) {
354 throw Decoding_Error(
"PK_Verifier: signature is not the canonical DER encoding");
364 return m_op->is_valid_signature(sig, length);
366 bool decoding_success =
false;
367 std::vector<uint8_t> real_sig;
370 real_sig = decode_der_signature(sig, length, m_parts, m_part_size);
371 decoding_success =
true;
374 bool accept = m_op->is_valid_signature(real_sig.data(), real_sig.size());
376 return accept && decoding_success;
378 throw Internal_Error(
"PK_Verifier: Invalid signature format enum");
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ASSERT(expr, assertion_made)
virtual std::string algo_name() const =0
BER_Decoder & decode(bool &out)
BER_Decoder start_sequence()
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
static Mask< T > is_equal(T x, T y)
PK_Decryptor_EME(const Private_Key &key, RandomNumberGenerator &rng, std::string_view eme, std::string_view provider="")
size_t plaintext_length(size_t ptext_len) const override
secure_vector< uint8_t > decrypt_or_random(const uint8_t in[], size_t length, size_t expected_pt_len, RandomNumberGenerator &rng) const
secure_vector< uint8_t > decrypt(const uint8_t in[], size_t length) const
PK_Encryptor_EME(const Public_Key &key, RandomNumberGenerator &rng, std::string_view padding, std::string_view provider="")
size_t maximum_input_size() const override
size_t ciphertext_length(size_t ptext_len) const override
PK_KEM_Decryptor(const Private_Key &key, RandomNumberGenerator &rng, std::string_view kem_param="", std::string_view provider="")
size_t shared_key_length(size_t desired_shared_key_len) const
secure_vector< uint8_t > decrypt(const uint8_t encap_key[], size_t encap_key_len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len)
void encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len)
PK_KEM_Encryptor(const Public_Key &key, std::string_view kem_param="", std::string_view provider="")
size_t shared_key_length(size_t desired_shared_key_len) const
size_t encapsulated_key_length() const
size_t agreed_value_size() const
PK_Key_Agreement(const Private_Key &key, RandomNumberGenerator &rng, std::string_view kdf, std::string_view provider="")
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
PK_Signer(const Private_Key &key, RandomNumberGenerator &rng, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
size_t signature_length() const
std::vector< uint8_t > signature(RandomNumberGenerator &rng)
std::string hash_function() const
AlgorithmIdentifier algorithm_identifier() const
void set_input_format(Signature_Format format)
bool verify_message(const uint8_t msg[], size_t msg_length, const uint8_t sig[], size_t sig_length)
std::string hash_function() const
PK_Verifier(const Public_Key &pub_key, std::string_view padding, Signature_Format format=Signature_Format::Standard, std::string_view provider="")
bool check_signature(const uint8_t sig[], size_t length)
virtual std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Decryption > create_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::KEM_Decryption > create_kem_decryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual Signature_Format default_x509_signature_format() const
virtual std::unique_ptr< PK_Ops::Encryption > create_encryption_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const
virtual std::unique_ptr< PK_Ops::KEM_Encryption > create_kem_encryption_op(std::string_view params, std::string_view provider) const
virtual size_t message_part_size() const
virtual size_t message_parts() const
void random_vec(std::span< uint8_t > v)
int(* update)(CTX *, const void *, CC_LONG len)
std::string fmt(std::string_view format, const T &... args)
std::vector< T > unlock(const secure_vector< T > &in)
bool same_mem(const T *p1, const T *p2, size_t n)
std::vector< T, secure_allocator< T > > secure_vector