11 #include <botan/ed25519.h>
12 #include <botan/internal/pk_ops_impl.h>
13 #include <botan/hash.h>
14 #include <botan/ber_dec.h>
15 #include <botan/der_enc.h>
16 #include <botan/rng.h>
35 m_public.assign(pub_key, pub_key + pub_len);
39 const std::vector<uint8_t>& key_bits)
54 if(secret_key.size() == 64)
56 m_private = secret_key;
57 m_public.assign(m_private.begin() + 32, m_private.end());
59 else if(secret_key.size() == 32)
113 void update(
const uint8_t msg[],
size_t msg_len)
override
115 m_msg.insert(
m_msg.end(), msg, msg + msg_len);
118 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override
123 const std::vector<uint8_t>& pub_key =
m_key.get_public_key();
138 class Ed25519_Hashed_Verify_Operation
final :
public PK_Ops::Verification
141 Ed25519_Hashed_Verify_Operation(
const Ed25519_PublicKey& key,
const std::string&
hash,
bool rfc8032) :
149 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x6E, 0x6F, 0x20, 0x45, 0x64,
150 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6F, 0x6C, 0x6C, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x73,
155 void update(
const uint8_t msg[],
size_t msg_len)
override
157 m_hash->update(msg, msg_len);
160 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override
164 std::vector<uint8_t> msg_hash(
m_hash->output_length());
165 m_hash->final(msg_hash.data());
167 const std::vector<uint8_t>& pub_key =
m_key.get_public_key();
174 const Ed25519_PublicKey&
m_key;
181 class Ed25519_Pure_Sign_Operation
final :
public PK_Ops::Signature
184 Ed25519_Pure_Sign_Operation(
const Ed25519_PrivateKey& key) :
m_key(key)
188 void update(
const uint8_t msg[],
size_t msg_len)
override
190 m_msg.insert(
m_msg.end(), msg, msg + msg_len);
193 secure_vector<uint8_t> sign(RandomNumberGenerator&)
override
195 secure_vector<uint8_t> sig(64);
201 size_t signature_length()
const override {
return 64; }
204 std::vector<uint8_t>
m_msg;
205 const Ed25519_PrivateKey&
m_key;
211 class Ed25519_Hashed_Sign_Operation
final :
public PK_Ops::Signature
214 Ed25519_Hashed_Sign_Operation(
const Ed25519_PrivateKey& key,
const std::string& hash,
bool rfc8032) :
222 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x6E, 0x6F, 0x20, 0x45, 0x64,
223 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6F, 0x6C, 0x6C, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x73,
228 size_t signature_length()
const override {
return 64; }
230 void update(
const uint8_t msg[],
size_t msg_len)
override
232 m_hash->update(msg, msg_len);
235 secure_vector<uint8_t> sign(RandomNumberGenerator&)
override
237 secure_vector<uint8_t> sig(64);
238 std::vector<uint8_t> msg_hash(
m_hash->output_length());
239 m_hash->final(msg_hash.data());
241 msg_hash.data(), msg_hash.size(),
242 m_key.get_private_key().data(),
248 std::unique_ptr<HashFunction>
m_hash;
249 const Ed25519_PrivateKey&
m_key;
255 std::unique_ptr<PK_Ops::Verification>
257 const std::string& provider)
const
259 if(provider ==
"base" || provider.empty())
261 if(params ==
"" || params ==
"Identity" || params ==
"Pure")
262 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Pure_Verify_Operation(*
this));
263 else if(params ==
"Ed25519ph")
264 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Hashed_Verify_Operation(*
this,
"SHA-512",
true));
266 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Hashed_Verify_Operation(*
this, params,
false));
271 std::unique_ptr<PK_Ops::Signature>
273 const std::string& params,
274 const std::string& provider)
const
276 if(provider ==
"base" || provider.empty())
278 if(params ==
"" || params ==
"Identity" || params ==
"Pure")
279 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Pure_Sign_Operation(*
this));
280 else if(params ==
"Ed25519ph")
281 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Hashed_Sign_Operation(*
this,
"SHA-512",
true));
283 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Hashed_Sign_Operation(*
this, params,
false));
void ed25519_gen_keypair(uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
std::vector< uint8_t > m_public
Ed25519_PublicKey()=default
std::string algo_name() const override
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
std::unique_ptr< HashFunction > m_hash
secure_vector< uint8_t > random_vec(size_t bytes)
bool check_key(RandomNumberGenerator &rng, bool strong) const override
int(* final)(unsigned char *, CTX *)
secure_vector< uint8_t > get_contents()
std::vector< uint8_t > m_msg
BER_Decoder & decode(bool &out)
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
secure_vector< uint8_t > private_key_bits() const override
virtual OID get_oid() const
std::vector< uint8_t > m_domain_sep
DER_Encoder & encode(bool b)
std::vector< T, secure_allocator< T >> secure_vector
bool check_key(RandomNumberGenerator &rng, bool strong) const override
const Ed25519_PublicKey & m_key
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
std::vector< uint8_t > public_key_bits() const override
Ed25519_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
BER_Decoder & discard_remaining()
int(* update)(CTX *, const void *, CC_LONG len)
bool ed25519_verify(const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk, const uint8_t domain_sep[], size_t domain_sep_len)
AlgorithmIdentifier algorithm_identifier() const override
void ed25519_sign(uint8_t sig[64], const uint8_t m[], size_t mlen, const uint8_t sk[64], const uint8_t domain_sep[], size_t domain_sep_len)