Botan 3.0.0
Crypto and TLS for C&
pubkey.h
Go to the documentation of this file.
1/*
2* Public Key Interface
3* (C) 1999-2010 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_PUBKEY_H_
9#define BOTAN_PUBKEY_H_
10
11#include <botan/pk_keys.h>
12#include <botan/pk_ops_fwd.h>
13#include <botan/symkey.h>
14#include <botan/asn1_obj.h>
15#include <string>
16#include <string_view>
17#include <span>
18
19namespace Botan {
20
21class RandomNumberGenerator;
22
23/**
24* Public Key Encryptor
25* This is the primary interface for public key encryption
26*/
28 {
29 public:
30
31 /**
32 * Encrypt a message.
33 * @param in the message as a byte array
34 * @param length the length of the above byte array
35 * @param rng the random number source to use
36 * @return encrypted message
37 */
38 std::vector<uint8_t> encrypt(const uint8_t in[], size_t length,
39 RandomNumberGenerator& rng) const
40 {
41 return enc(in, length, rng);
42 }
43
44 /**
45 * Encrypt a message.
46 * @param in the message
47 * @param rng the random number source to use
48 * @return encrypted message
49 */
50 std::vector<uint8_t> encrypt(std::span<const uint8_t> in,
51 RandomNumberGenerator& rng) const
52 {
53 return enc(in.data(), in.size(), rng);
54 }
55
56 /**
57 * Return the maximum allowed message size in bytes.
58 * @return maximum message size in bytes
59 */
60 virtual size_t maximum_input_size() const = 0;
61
62 /**
63 * Return an upper bound on the ciphertext length
64 */
65 virtual size_t ciphertext_length(size_t ctext_len) const = 0;
66
67 PK_Encryptor() = default;
68 virtual ~PK_Encryptor() = default;
69
70 PK_Encryptor(const PK_Encryptor&) = delete;
71 PK_Encryptor(PK_Encryptor&&) noexcept = delete;
72 PK_Encryptor& operator=(const PK_Encryptor&) = delete;
73 PK_Encryptor& operator=(PK_Encryptor&&) noexcept = delete;
74
75 private:
76 virtual std::vector<uint8_t> enc(const uint8_t[], size_t,
77 RandomNumberGenerator&) const = 0;
78 };
79
80/**
81* Public Key Decryptor
82*/
84 {
85 public:
86 /**
87 * Decrypt a ciphertext, throwing an exception if the input
88 * seems to be invalid (eg due to an accidental or malicious
89 * error in the ciphertext).
90 *
91 * @param in the ciphertext as a byte array
92 * @param length the length of the above byte array
93 * @return decrypted message
94 */
95 secure_vector<uint8_t> decrypt(const uint8_t in[], size_t length) const;
96
97 /**
98 * Same as above, but taking a vector
99 * @param in the ciphertext
100 * @return decrypted message
101 */
102 secure_vector<uint8_t> decrypt(std::span<const uint8_t> in) const
103 {
104 return decrypt(in.data(), in.size());
105 }
106
107 /**
108 * Decrypt a ciphertext. If the ciphertext is invalid (eg due to
109 * invalid padding) or is not the expected length, instead
110 * returns a random string of the expected length. Use to avoid
111 * oracle attacks, especially against PKCS #1 v1.5 decryption.
112 */
114 decrypt_or_random(const uint8_t in[],
115 size_t length,
116 size_t expected_pt_len,
117 RandomNumberGenerator& rng) const;
118
119 /**
120 * Decrypt a ciphertext. If the ciphertext is invalid (eg due to
121 * invalid padding) or is not the expected length, instead
122 * returns a random string of the expected length. Use to avoid
123 * oracle attacks, especially against PKCS #1 v1.5 decryption.
124 *
125 * Additionally checks (also in const time) that:
126 * contents[required_content_offsets[i]] == required_content_bytes[i]
127 * for 0 <= i < required_contents
128 *
129 * Used for example in TLS, which encodes the client version in
130 * the content bytes: if there is any timing variation the version
131 * check can be used as an oracle to recover the key.
132 */
134 decrypt_or_random(const uint8_t in[],
135 size_t length,
136 size_t expected_pt_len,
138 const uint8_t required_content_bytes[],
139 const uint8_t required_content_offsets[],
140 size_t required_contents) const;
141
142 /**
143 * Return an upper bound on the plaintext length for a particular
144 * ciphertext input length
145 */
146 virtual size_t plaintext_length(size_t ctext_len) const = 0;
147
148 PK_Decryptor() = default;
149 virtual ~PK_Decryptor() = default;
150
151 PK_Decryptor(const PK_Decryptor&) = delete;
152 PK_Decryptor(PK_Decryptor&&) noexcept = delete;
153 PK_Decryptor& operator=(const PK_Decryptor&) = delete;
154 PK_Decryptor& operator=(PK_Decryptor&&) noexcept = delete;
155
156 private:
157 virtual secure_vector<uint8_t> do_decrypt(uint8_t& valid_mask,
158 const uint8_t in[], size_t in_len) const = 0;
159 };
160
161/**
162* Public Key Signer. Use the sign_message() functions for small
163* messages. Use multiple calls update() to process large messages and
164* generate the signature by finally calling signature().
165*/
167 {
168 public:
169
170 /**
171 * Construct a PK Signer.
172 * @param key the key to use inside this signer
173 * @param rng the random generator to use
174 * @param padding the padding/hash to use, eg "EMSA_PKCS1(SHA-256)"
175 * @param format the signature format to use
176 * @param provider the provider to use
177 */
178 PK_Signer(const Private_Key& key,
180 std::string_view padding,
181 Signature_Format format = Signature_Format::Standard,
182 std::string_view provider = "");
183
185
186 PK_Signer(const PK_Signer&) = delete;
187 PK_Signer(PK_Signer&&) noexcept = delete;
188 PK_Signer& operator=(const PK_Signer&) = delete;
189 PK_Signer& operator=(PK_Signer&&) noexcept = delete;
190
191 /**
192 * Sign a message all in one go
193 * @param in the message to sign as a byte array
194 * @param length the length of the above byte array
195 * @param rng the rng to use
196 * @return signature
197 */
198 std::vector<uint8_t> sign_message(const uint8_t in[], size_t length,
200 {
201 this->update(in, length);
202 return this->signature(rng);
203 }
204
205 /**
206 * Sign a message.
207 * @param in the message to sign
208 * @param rng the rng to use
209 * @return signature
210 */
211 std::vector<uint8_t> sign_message(std::span<const uint8_t> in,
213 {
214 return sign_message(in.data(), in.size(), rng);
215 }
216
217 /**
218 * Add a message part (single byte).
219 * @param in the byte to add
220 */
221 void update(uint8_t in) { update(&in, 1); }
222
223 /**
224 * Add a message part.
225 * @param in the message part to add as a byte array
226 * @param length the length of the above byte array
227 */
228 void update(const uint8_t in[], size_t length);
229
230 /**
231 * Add a message part.
232 * @param in the message part to add
233 */
234 void update(std::span<const uint8_t> in)
235 {
236 update(in.data(), in.size());
237 }
238
239 /**
240 * Add a message part.
241 * @param in the message part to add
242 */
243 void update(std::string_view in)
244 {
245 update(cast_char_ptr_to_uint8(in.data()), in.size());
246 }
247
248 /**
249 * Get the signature of the so far processed message (provided by the
250 * calls to update()).
251 * @param rng the rng to use
252 * @return signature of the total message
253 */
254 std::vector<uint8_t> signature(RandomNumberGenerator& rng);
255
256
257 /**
258 * Set the output format of the signature.
259 * @param format the signature format to use
260 */
261 void set_output_format(Signature_Format format) { m_sig_format = format; }
262
263 /**
264 * Return an upper bound on the length of the signatures this
265 * PK_Signer will produce
266 */
267 size_t signature_length() const;
268
269 /**
270 * Return an AlgorithmIdentifier appropriate for identifying the signature
271 * method being generated by this PK_Signer. Throws an exception if this
272 * is not available for the current signature scheme.
273 */
274 AlgorithmIdentifier algorithm_identifier() const;
275
276 /**
277 * Return the hash function which is being used to create signatures.
278 * This should never return an empty string however it may return a string
279 * which does not map directly to a hash function, in particular if "Raw"
280 * (unhashed) encoding is being used.
281 */
282 std::string hash_function() const;
283
284 private:
285 std::unique_ptr<PK_Ops::Signature> m_op;
286 Signature_Format m_sig_format;
287 size_t m_parts, m_part_size;
288 };
289
290/**
291* Public Key Verifier. Use the verify_message() functions for small
292* messages. Use multiple calls update() to process large messages and
293* verify the signature by finally calling check_signature().
294*/
296 {
297 public:
298 /**
299 * Construct a PK Verifier.
300 * @param pub_key the public key to verify against
301 * @param padding the padding/hash to use (eg "EMSA_PKCS1(SHA-256)")
302 * @param format the signature format to use
303 * @param provider the provider to use
304 */
305 PK_Verifier(const Public_Key& pub_key,
306 std::string_view padding,
307 Signature_Format format = Signature_Format::Standard,
308 std::string_view provider = "");
309
310 /**
311 * Construct a PK Verifier (X.509 specific)
312 *
313 * This constructor will attempt to decode signature_format relative
314 * to the public key provided. If they seem to be inconsistent or
315 * otherwise unsupported, a Decoding_Error is thrown.
316 *
317 * @param pub_key the public key to verify against
318 * @param signature_algorithm the supposed signature algorithm
319 * @param provider the provider to use
320 */
321 PK_Verifier(const Public_Key& pub_key,
322 const AlgorithmIdentifier& signature_algorithm,
323 std::string_view provider = "");
324
326
327 PK_Verifier(const PK_Verifier&) = delete;
328 PK_Verifier(PK_Verifier&&) noexcept = delete;
329 PK_Verifier& operator=(const PK_Verifier&) = delete;
330 PK_Verifier& operator=(PK_Verifier&&) noexcept = delete;
331
332 /**
333 * Verify a signature.
334 * @param msg the message that the signature belongs to, as a byte array
335 * @param msg_length the length of the above byte array msg
336 * @param sig the signature as a byte array
337 * @param sig_length the length of the above byte array sig
338 * @return true if the signature is valid
339 */
340 bool verify_message(const uint8_t msg[], size_t msg_length,
341 const uint8_t sig[], size_t sig_length);
342 /**
343 * Verify a signature.
344 * @param msg the message that the signature belongs to
345 * @param sig the signature
346 * @return true if the signature is valid
347 */
348 bool verify_message(std::span<const uint8_t> msg,
349 std::span<const uint8_t> sig)
350 {
351 return verify_message(msg.data(), msg.size(),
352 sig.data(), sig.size());
353 }
354
355 /**
356 * Add a message part (single byte) of the message corresponding to the
357 * signature to be verified.
358 * @param in the byte to add
359 */
360 void update(uint8_t in) { update(&in, 1); }
361
362 /**
363 * Add a message part of the message corresponding to the
364 * signature to be verified.
365 * @param msg_part the new message part as a byte array
366 * @param length the length of the above byte array
367 */
368 void update(const uint8_t msg_part[], size_t length);
369
370 /**
371 * Add a message part of the message corresponding to the
372 * signature to be verified.
373 * @param in the new message part
374 */
375 void update(std::span<const uint8_t> in)
376 {
377 update(in.data(), in.size());
378 }
379
380 /**
381 * Add a message part of the message corresponding to the
382 * signature to be verified.
383 */
384 void update(std::string_view in)
385 {
386 update(cast_char_ptr_to_uint8(in.data()), in.size());
387 }
388
389 /**
390 * Check the signature of the buffered message, i.e. the one build
391 * by successive calls to update.
392 * @param sig the signature to be verified as a byte array
393 * @param length the length of the above byte array
394 * @return true if the signature is valid, false otherwise
395 */
396 bool check_signature(const uint8_t sig[], size_t length);
397
398 /**
399 * Check the signature of the buffered message, i.e. the one build
400 * by successive calls to update.
401 * @param sig the signature to be verified
402 * @return true if the signature is valid, false otherwise
403 */
404 bool check_signature(std::span<const uint8_t> sig)
405 {
406 return check_signature(sig.data(), sig.size());
407 }
408
409 /**
410 * Set the format of the signatures fed to this verifier.
411 * @param format the signature format to use
412 */
413 void set_input_format(Signature_Format format);
414
415 /**
416 * Return the hash function which is being used to verify signatures.
417 * This should never return an empty string however it may return a string
418 * which does not map directly to a hash function, in particular if "Raw"
419 * (unhashed) encoding is being used.
420 */
421 std::string hash_function() const;
422
423 private:
424 std::unique_ptr<PK_Ops::Verification> m_op;
425 Signature_Format m_sig_format;
426 size_t m_parts, m_part_size;
427 };
428
429/**
430* Object used for key agreement
431*/
433 {
434 public:
435
436 /**
437 * Construct a PK Key Agreement.
438 * @param key the key to use
439 * @param rng the random generator to use
440 * @param kdf name of the KDF to use (or 'Raw' for no KDF)
441 * @param provider the algo provider to use (or empty for default)
442 */
443 PK_Key_Agreement(const Private_Key& key,
445 std::string_view kdf,
446 std::string_view provider = "");
447
449
453
454 // For ECIES
456
457 /**
458 * Perform Key Agreement Operation
459 * @param key_len the desired key output size (ignored if "Raw" KDF is used)
460 * @param in the other parties key
461 * @param in_len the length of in in bytes
462 * @param params extra derivation params
463 * @param params_len the length of params in bytes
464 */
465 SymmetricKey derive_key(size_t key_len,
466 const uint8_t in[],
467 size_t in_len,
468 const uint8_t params[],
469 size_t params_len) const;
470
471 /**
472 * Perform Key Agreement Operation
473 * @param key_len the desired key output size (ignored if "Raw" KDF is used)
474 * @param in the other parties key
475 * @param params extra derivation params
476 * @param params_len the length of params in bytes
477 */
478 SymmetricKey derive_key(size_t key_len,
479 std::span<const uint8_t> in,
480 const uint8_t params[], size_t params_len) const
481 {
482 return derive_key(key_len, in.data(), in.size(),
483 params, params_len);
484 }
485
486 /**
487 * Perform Key Agreement Operation
488 * @param key_len the desired key output size (ignored if "Raw" KDF is used)
489 * @param in the other parties key
490 * @param in_len the length of in in bytes
491 * @param params extra derivation params
492 */
493 SymmetricKey derive_key(size_t key_len,
494 const uint8_t in[], size_t in_len,
495 std::string_view params = "") const
496 {
497 return derive_key(key_len, in, in_len,
498 cast_char_ptr_to_uint8(params.data()),
499 params.length());
500 }
501
502 /**
503 * Perform Key Agreement Operation
504 * @param key_len the desired key output size (ignored if "Raw" KDF is used)
505 * @param in the other parties key
506 * @param params extra derivation params
507 */
508 SymmetricKey derive_key(size_t key_len,
509 const std::span<const uint8_t> in,
510 std::string_view params = "") const
511 {
512 return derive_key(key_len, in.data(), in.size(),
513 cast_char_ptr_to_uint8(params.data()),
514 params.length());
515 }
516
517 /**
518 * Return the underlying size of the value that is agreed.
519 * If derive_key is called with a length of 0 with a "Raw"
520 * KDF, it will return a value of this size.
521 */
522 size_t agreed_value_size() const;
523
524 private:
525 std::unique_ptr<PK_Ops::Key_Agreement> m_op;
526 };
527
528/**
529* Encryption using a standard message recovery algorithm like RSA or
530* ElGamal, paired with an encoding scheme like OAEP.
531*/
533 {
534 public:
535 size_t maximum_input_size() const override;
536
537 /**
538 * Construct an instance.
539 * @param key the key to use inside the encryptor
540 * @param rng the RNG to use
541 * @param padding the message encoding scheme to use (eg "OAEP(SHA-256)")
542 * @param provider the provider to use
543 */
544 PK_Encryptor_EME(const Public_Key& key,
546 std::string_view padding,
547 std::string_view provider = "");
548
550
555
556 /**
557 * Return an upper bound on the ciphertext length for a particular
558 * plaintext input length
559 */
560 size_t ciphertext_length(size_t ptext_len) const override;
561 private:
562 std::vector<uint8_t> enc(const uint8_t[], size_t,
563 RandomNumberGenerator& rng) const override;
564
565 std::unique_ptr<PK_Ops::Encryption> m_op;
566 };
567
568/**
569* Decryption with an MR algorithm and an EME.
570*/
572 {
573 public:
574 /**
575 * Construct an instance.
576 * @param key the key to use inside the decryptor
577 * @param rng the random generator to use
578 * @param eme the EME to use
579 * @param provider the provider to use
580 */
581 PK_Decryptor_EME(const Private_Key& key,
583 std::string_view eme,
584 std::string_view provider = "");
585
586 size_t plaintext_length(size_t ptext_len) const override;
587
593 private:
594 secure_vector<uint8_t> do_decrypt(uint8_t& valid_mask,
595 const uint8_t in[],
596 size_t in_len) const override;
597
598 std::unique_ptr<PK_Ops::Decryption> m_op;
599 };
600
601/**
602* Public Key Key Encapsulation Mechanism Encryption.
603*/
605 {
606 public:
607 /**
608 * Construct an instance.
609 * @param key the key to encrypt to
610 * @param kem_param additional KEM parameters
611 * @param provider the provider to use
612 */
613 PK_KEM_Encryptor(const Public_Key& key,
614 std::string_view kem_param = "",
615 std::string_view provider = "");
616
617 /**
618 * Construct an instance.
619 * @param key the key to encrypt to
620 * @param rng the RNG to use
621 * @param kem_param additional KEM parameters
622 * @param provider the provider to use
623 */
624 BOTAN_DEPRECATED("Use constructor that does not take RNG")
627 std::string_view kem_param = "",
628 std::string_view provider = "") :
629 PK_KEM_Encryptor(key, kem_param, provider)
630 {
631 BOTAN_UNUSED(rng);
632 }
633
635
640
641 /**
642 * Return the length of the shared key returned by this KEM
643 *
644 * If this KEM was used with a KDF, then it will always return
645 * exactly the desired key length, because the output of the KEM
646 * will be hashed by the KDF.
647 *
648 * However if the KEM was used with "Raw" kdf, to request the
649 * algorithmic output of the KEM directly, then the desired key
650 * length will be ignored and a bytestring that depends on the
651 * algorithm is returned
652 *
653 * @param desired_shared_key_len is the requested length
654 */
655 size_t shared_key_length(size_t desired_shared_key_len) const;
656
657 /**
658 * Return the length in bytes of encapsulated keys returned by this KEM
659 */
660 size_t encapsulated_key_length() const;
661
662 /**
663 * Generate a shared key for data encryption.
664 * @param out_encapsulated_key the generated encapsulated key
665 * @param out_shared_key the generated shared key
666 * @param desired_shared_key_len desired size of the shared key in bytes
667 * @param rng the RNG to use
668 * @param salt a salt value used in the KDF
669 * @param salt_len size of the salt value in bytes
670 */
671 void encrypt(secure_vector<uint8_t>& out_encapsulated_key,
672 secure_vector<uint8_t>& out_shared_key,
673 size_t desired_shared_key_len,
675 const uint8_t salt[],
676 size_t salt_len);
677
678 /**
679 * Generate a shared key for data encryption.
680 * @param out_encapsulated_key the generated encapsulated key
681 * @param out_shared_key the generated shared key
682 * @param desired_shared_key_len desired size of the shared key in bytes
683 * @param rng the RNG to use
684 * @param salt a salt value used in the KDF
685 */
686 void encrypt(secure_vector<uint8_t>& out_encapsulated_key,
687 secure_vector<uint8_t>& out_shared_key,
688 size_t desired_shared_key_len,
690 std::span<const uint8_t> salt)
691 {
692 this->encrypt(out_encapsulated_key,
693 out_shared_key,
694 desired_shared_key_len,
695 rng,
696 salt.data(), salt.size());
697 }
698
699
700 /**
701 * Generate a shared key for data encryption.
702 * @param out_encapsulated_key the generated encapsulated key
703 * @param out_shared_key the generated shared key
704 * @param desired_shared_key_len desired size of the shared key in bytes
705 * @param rng the RNG to use
706 */
707 void encrypt(secure_vector<uint8_t>& out_encapsulated_key,
708 secure_vector<uint8_t>& out_shared_key,
709 size_t desired_shared_key_len,
711 {
712 this->encrypt(out_encapsulated_key,
713 out_shared_key,
714 desired_shared_key_len,
715 rng,
716 nullptr,
717 0);
718 }
719
720 private:
721 std::unique_ptr<PK_Ops::KEM_Encryption> m_op;
722 };
723
724/**
725* Public Key Key Encapsulation Mechanism Decryption.
726*/
728 {
729 public:
730 /**
731 * Construct an instance.
732 * @param key the key to use inside the decryptor
733 * @param rng the RNG to use
734 * @param kem_param additional KEM parameters
735 * @param provider the provider to use
736 */
737 PK_KEM_Decryptor(const Private_Key& key,
739 std::string_view kem_param = "",
740 std::string_view provider = "");
741
747
748 /**
749 * Return the length of the shared key returned by this KEM
750 *
751 * If this KEM was used with a KDF, then it will always return
752 * exactly the desired key length, because the output of the KEM
753 * will be hashed by the KDF.
754 *
755 * However if the KEM was used with "Raw" kdf, to request the
756 * algorithmic output of the KEM directly, then the desired key
757 * length will be ignored and a bytestring that depends on the
758 * algorithm is returned
759 *
760 * @param desired_shared_key_len is the requested length.
761 */
762 size_t shared_key_length(size_t desired_shared_key_len) const;
763
764 /**
765 * Decrypts the shared key for data encryption.
766 * @param encap_key the encapsulated key
767 * @param encap_key_len size of the encapsulated key in bytes
768 * @param desired_shared_key_len desired size of the shared key in bytes
769 * @param salt a salt value used in the KDF
770 * @param salt_len size of the salt value in bytes
771 * @return the shared data encryption key
772 */
773 secure_vector<uint8_t> decrypt(const uint8_t encap_key[],
774 size_t encap_key_len,
775 size_t desired_shared_key_len,
776 const uint8_t salt[],
777 size_t salt_len);
778
779 /**
780 * Decrypts the shared key for data encryption.
781 * @param encap_key the encapsulated key
782 * @param encap_key_len size of the encapsulated key in bytes
783 * @param desired_shared_key_len desired size of the shared key in bytes
784 * @return the shared data encryption key
785 */
786 secure_vector<uint8_t> decrypt(const uint8_t encap_key[],
787 size_t encap_key_len,
788 size_t desired_shared_key_len)
789 {
790 return this->decrypt(encap_key, encap_key_len,
791 desired_shared_key_len,
792 nullptr, 0);
793 }
794
795 /**
796 * Decrypts the shared key for data encryption.
797 * @param encap_key the encapsulated key
798 * @param desired_shared_key_len desired size of the shared key in bytes
799 * @param salt a salt value used in the KDF
800 * @return the shared data encryption key
801 */
802 secure_vector<uint8_t> decrypt(std::span<const uint8_t> encap_key,
803 size_t desired_shared_key_len,
804 std::span<const uint8_t> salt)
805 {
806 return this->decrypt(encap_key.data(), encap_key.size(),
807 desired_shared_key_len,
808 salt.data(), salt.size());
809 }
810
811 private:
812 std::unique_ptr<PK_Ops::KEM_Decryption> m_op;
813 };
814
815}
816
817#endif
#define BOTAN_UNUSED(...)
Definition: assert.h:141
PK_Decryptor_EME(PK_Decryptor_EME &&)=delete
PK_Decryptor_EME(const PK_Decryptor_EME &)=delete
PK_Decryptor_EME & operator=(PK_Decryptor_EME &&)=delete
PK_Decryptor_EME & operator=(const PK_Decryptor_EME &)=delete
virtual ~PK_Decryptor()=default
virtual size_t plaintext_length(size_t ctext_len) const =0
secure_vector< uint8_t > decrypt(std::span< const uint8_t > in) const
Definition: pubkey.h:102
PK_Decryptor()=default
PK_Decryptor(const PK_Decryptor &)=delete
PK_Decryptor(PK_Decryptor &&) noexcept=delete
PK_Encryptor_EME & operator=(PK_Encryptor_EME &&)=delete
PK_Encryptor_EME(PK_Encryptor_EME &&)=delete
PK_Encryptor_EME & operator=(const PK_Encryptor_EME &)=delete
PK_Encryptor_EME(const PK_Encryptor_EME &)=delete
PK_Encryptor(PK_Encryptor &&) noexcept=delete
virtual size_t maximum_input_size() const =0
virtual size_t ciphertext_length(size_t ctext_len) const =0
std::vector< uint8_t > encrypt(std::span< const uint8_t > in, RandomNumberGenerator &rng) const
Definition: pubkey.h:50
virtual ~PK_Encryptor()=default
std::vector< uint8_t > encrypt(const uint8_t in[], size_t length, RandomNumberGenerator &rng) const
Definition: pubkey.h:38
PK_Encryptor(const PK_Encryptor &)=delete
PK_Encryptor()=default
PK_KEM_Decryptor(PK_KEM_Decryptor &&)=delete
PK_KEM_Decryptor & operator=(const PK_KEM_Decryptor &)=delete
secure_vector< uint8_t > decrypt(std::span< const uint8_t > encap_key, size_t desired_shared_key_len, std::span< const uint8_t > salt)
Definition: pubkey.h:802
PK_KEM_Decryptor(const PK_KEM_Decryptor &)=delete
secure_vector< uint8_t > decrypt(const uint8_t encap_key[], size_t encap_key_len, size_t desired_shared_key_len)
Definition: pubkey.h:786
PK_KEM_Decryptor & operator=(PK_KEM_Decryptor &&)=delete
void encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, RandomNumberGenerator &rng, std::span< const uint8_t > salt)
Definition: pubkey.h:686
void encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, RandomNumberGenerator &rng)
Definition: pubkey.h:707
PK_KEM_Encryptor(PK_KEM_Encryptor &&)=delete
PK_KEM_Encryptor & operator=(PK_KEM_Encryptor &&)=delete
PK_KEM_Encryptor(const PK_KEM_Encryptor &)=delete
PK_KEM_Encryptor & operator=(const PK_KEM_Encryptor &)=delete
SymmetricKey derive_key(size_t key_len, const std::span< const uint8_t > in, std::string_view params="") const
Definition: pubkey.h:508
PK_Key_Agreement & operator=(const PK_Key_Agreement &)=delete
PK_Key_Agreement & operator=(PK_Key_Agreement &&)=delete
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, std::string_view params="") const
Definition: pubkey.h:493
PK_Key_Agreement(const PK_Key_Agreement &)=delete
PK_Key_Agreement(PK_Key_Agreement &&) noexcept
void update(uint8_t in)
Definition: pubkey.h:221
std::vector< uint8_t > sign_message(std::span< const uint8_t > in, RandomNumberGenerator &rng)
Definition: pubkey.h:211
void update(std::string_view in)
Definition: pubkey.h:243
void update(std::span< const uint8_t > in)
Definition: pubkey.h:234
void set_output_format(Signature_Format format)
Definition: pubkey.h:261
PK_Signer(const PK_Signer &)=delete
PK_Signer(PK_Signer &&) noexcept=delete
void update(uint8_t in)
Definition: pubkey.h:360
void update(std::span< const uint8_t > in)
Definition: pubkey.h:375
PK_Verifier(const PK_Verifier &)=delete
void update(std::string_view in)
Definition: pubkey.h:384
bool check_signature(std::span< const uint8_t > sig)
Definition: pubkey.h:404
PK_Verifier(PK_Verifier &&) noexcept=delete
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:12
Signature_Format
Definition: pk_keys.h:29
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183
Definition: bigint.h:1092