Botan  2.1.0
Crypto and TLS for C++11
pk_ops.cpp
Go to the documentation of this file.
1 /*
2 * PK Operation Types
3 * (C) 2010,2015 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/internal/pk_ops_impl.h>
9 #include <botan/internal/bit_ops.h>
10 
11 namespace Botan {
12 
14  {
15  m_eme.reset(get_eme(eme));
16  if(!m_eme.get())
17  throw Algorithm_Not_Found(eme);
18  }
19 
21  {
22  return m_eme->maximum_input_size(max_raw_input_bits());
23  }
24 
27  {
28  const size_t max_raw = max_raw_input_bits();
29  const std::vector<uint8_t> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng));
30  return raw_encrypt(encoded.data(), encoded.size(), rng);
31  }
32 
34  {
35  m_eme.reset(get_eme(eme));
36  if(!m_eme.get())
37  throw Algorithm_Not_Found(eme);
38  }
39 
42  const uint8_t ciphertext[],
43  size_t ciphertext_len)
44  {
45  const secure_vector<uint8_t> raw = raw_decrypt(ciphertext, ciphertext_len);
46  return m_eme->unpad(valid_mask, raw.data(), raw.size());
47  }
48 
50  {
51  if(kdf != "Raw")
52  m_kdf.reset(get_kdf(kdf));
53  }
54 
56  const uint8_t w[], size_t w_len,
57  const uint8_t salt[], size_t salt_len)
58  {
59  secure_vector<uint8_t> z = raw_agree(w, w_len);
60  if(m_kdf)
61  return m_kdf->derive_key(key_len, z, salt, salt_len);
62  return z;
63  }
64 
66  Signature(),
67  m_emsa(get_emsa(emsa)),
68  m_hash(hash_for_emsa(emsa)),
69  m_prefix_used(false)
70  {
71  if(!m_emsa)
72  throw Algorithm_Not_Found(emsa);
73  }
74 
75 void PK_Ops::Signature_with_EMSA::update(const uint8_t msg[], size_t msg_len)
76  {
77  if(has_prefix() && !m_prefix_used)
78  {
79  m_prefix_used = true;
80  secure_vector<uint8_t> prefix = message_prefix();
81  m_emsa->update(prefix.data(), prefix.size());
82  }
83  m_emsa->update(msg, msg_len);
84  }
85 
87  {
88  m_prefix_used = false;
89  const secure_vector<uint8_t> msg = m_emsa->raw_data();
90  const auto padded = m_emsa->encoding_of(msg, this->max_input_bits(), rng);
91  return raw_sign(padded.data(), padded.size(), rng);
92  }
93 
95  Verification(),
96  m_emsa(get_emsa(emsa)),
97  m_hash(hash_for_emsa(emsa)),
98  m_prefix_used(false)
99  {
100  if(!m_emsa)
101  throw Algorithm_Not_Found(emsa);
102  }
103 
104 void PK_Ops::Verification_with_EMSA::update(const uint8_t msg[], size_t msg_len)
105  {
106  if(has_prefix() && !m_prefix_used)
107  {
108  m_prefix_used = true;
109  secure_vector<uint8_t> prefix = message_prefix();
110  m_emsa->update(prefix.data(), prefix.size());
111  }
112  m_emsa->update(msg, msg_len);
113  }
114 
115 bool PK_Ops::Verification_with_EMSA::is_valid_signature(const uint8_t sig[], size_t sig_len)
116  {
117  m_prefix_used = false;
118  const secure_vector<uint8_t> msg = m_emsa->raw_data();
119 
120  if(with_recovery())
121  {
122  secure_vector<uint8_t> output_of_key = verify_mr(sig, sig_len);
123  return m_emsa->verify(output_of_key, msg, max_input_bits());
124  }
125  else
126  {
127  Null_RNG rng;
128  secure_vector<uint8_t> encoded = m_emsa->encoding_of(msg, max_input_bits(), rng);
129  return verify(encoded.data(), encoded.size(), sig, sig_len);
130  }
131  }
132 
134  secure_vector<uint8_t>& out_shared_key,
135  size_t desired_shared_key_len,
137  const uint8_t salt[],
138  size_t salt_len)
139  {
140  secure_vector<uint8_t> raw_shared;
141  this->raw_kem_encrypt(out_encapsulated_key, raw_shared, rng);
142 
143  out_shared_key = m_kdf->derive_key(desired_shared_key_len,
144  raw_shared.data(), raw_shared.size(),
145  salt, salt_len);
146  }
147 
149  {
150  m_kdf.reset(get_kdf(kdf));
151  }
152 
155  size_t len,
156  size_t desired_shared_key_len,
157  const uint8_t salt[],
158  size_t salt_len)
159  {
160  secure_vector<uint8_t> raw_shared = this->raw_kem_decrypt(encap_key, len);
161 
162  return m_kdf->derive_key(desired_shared_key_len,
163  raw_shared.data(), raw_shared.size(),
164  salt, salt_len);
165  }
166 
168  {
169  m_kdf.reset(get_kdf(kdf));
170  }
171 
172 }
secure_vector< uint8_t > encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:25
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:104
std::string hash_for_emsa(const std::string &algo_spec)
Definition: emsa.cpp:142
EMSA * get_emsa(const std::string &algo_spec)
Definition: emsa.cpp:36
secure_vector< uint8_t > kem_decrypt(const uint8_t encap_key[], size_t len, size_t desired_shared_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:154
Key_Agreement_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:49
Encryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:13
KEM_Decryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:167
Decryption_with_EME(const std::string &eme)
Definition: pk_ops.cpp:33
Signature_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:65
KEM_Encryption_with_KDF(const std::string &kdf)
Definition: pk_ops.cpp:148
std::unique_ptr< EMSA > m_emsa
Definition: pk_ops_impl.h:120
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
void kem_encrypt(secure_vector< uint8_t > &out_encapsulated_key, secure_vector< uint8_t > &out_shared_key, size_t desired_shared_key_len, Botan::RandomNumberGenerator &rng, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:133
std::string m_emsa
Definition: dsa.cpp:100
secure_vector< uint8_t > sign(RandomNumberGenerator &rng) override
Definition: pk_ops.cpp:86
size_t max_input_bits() const override
Definition: pk_ops.cpp:20
Verification_with_EMSA(const std::string &emsa)
Definition: pk_ops.cpp:94
Definition: alg_id.cpp:13
EME * get_eme(const std::string &algo_spec)
Definition: eme.cpp:25
void update(const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:75
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override
Definition: pk_ops.cpp:115
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:125
std::unique_ptr< EMSA > m_emsa
Definition: pk_ops_impl.h:151
KDF * get_kdf(const std::string &algo_spec)
Definition: kdf.cpp:226
std::unique_ptr< HashFunction > m_hash
Definition: tpm.cpp:439
secure_vector< uint8_t > decrypt(uint8_t &valid_mask, const uint8_t msg[], size_t msg_len) override
Definition: pk_ops.cpp:41
secure_vector< uint8_t > agree(size_t key_len, const uint8_t other_key[], size_t other_key_len, const uint8_t salt[], size_t salt_len) override
Definition: pk_ops.cpp:55