1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
/*
* (C) 2015 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_PK_OPERATION_IMPL_H_
#define BOTAN_PK_OPERATION_IMPL_H_
#include <botan/pk_ops.h>
#include <botan/eme.h>
#include <botan/kdf.h>
#include <botan/emsa.h>
namespace Botan {
namespace PK_Ops {
class Encryption_with_EME : public Encryption
{
public:
size_t max_input_bits() const override;
secure_vector<uint8_t> encrypt(const uint8_t msg[], size_t msg_len,
RandomNumberGenerator& rng) override;
~Encryption_with_EME() = default;
protected:
explicit Encryption_with_EME(const std::string& eme);
private:
virtual size_t max_raw_input_bits() const = 0;
virtual secure_vector<uint8_t> raw_encrypt(const uint8_t msg[], size_t len,
RandomNumberGenerator& rng) = 0;
std::unique_ptr<EME> m_eme;
};
class Decryption_with_EME : public Decryption
{
public:
secure_vector<uint8_t> decrypt(uint8_t& valid_mask,
const uint8_t msg[], size_t msg_len) override;
~Decryption_with_EME() = default;
protected:
explicit Decryption_with_EME(const std::string& eme);
private:
virtual size_t max_raw_input_bits() const = 0;
virtual secure_vector<uint8_t> raw_decrypt(const uint8_t msg[], size_t len) = 0;
std::unique_ptr<EME> m_eme;
};
class Verification_with_EMSA : public Verification
{
public:
~Verification_with_EMSA() = default;
void update(const uint8_t msg[], size_t msg_len) override;
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override;
bool do_check(const secure_vector<uint8_t>& msg,
const uint8_t sig[], size_t sig_len);
std::string hash_for_signature() { return m_hash; }
protected:
explicit Verification_with_EMSA(const std::string& emsa);
/**
* Get the maximum message size in bits supported by this public key.
* @return maximum message in bits
*/
virtual size_t max_input_bits() const = 0;
/**
* @return boolean specifying if this signature scheme uses
* a message prefix returned by message_prefix()
*/
virtual bool has_prefix() { return false; }
/**
* @return the message prefix if this signature scheme uses
* a message prefix, signaled via has_prefix()
*/
virtual secure_vector<uint8_t> message_prefix() const { throw Exception( "No prefix" ); }
/**
* @return boolean specifying if this key type supports message
* recovery and thus if you need to call verify() or verify_mr()
*/
virtual bool with_recovery() const = 0;
/*
* Perform a signature check operation
* @param msg the message
* @param msg_len the length of msg in bytes
* @param sig the signature
* @param sig_len the length of sig in bytes
* @returns if signature is a valid one for message
*/
virtual bool verify(const uint8_t[], size_t,
const uint8_t[], size_t)
{
throw Invalid_State("Message recovery required");
}
/*
* Perform a signature operation (with message recovery)
* Only call this if with_recovery() returns true
* @param msg the message
* @param msg_len the length of msg in bytes
* @returns recovered message
*/
virtual secure_vector<uint8_t> verify_mr(const uint8_t[], size_t)
{
throw Invalid_State("Message recovery not supported");
}
std::unique_ptr<EMSA> clone_emsa() const { return std::unique_ptr<EMSA>(m_emsa->clone()); }
private:
std::unique_ptr<EMSA> m_emsa;
const std::string m_hash;
bool m_prefix_used;
};
class Signature_with_EMSA : public Signature
{
public:
void update(const uint8_t msg[], size_t msg_len) override;
secure_vector<uint8_t> sign(RandomNumberGenerator& rng) override;
protected:
explicit Signature_with_EMSA(const std::string& emsa);
~Signature_with_EMSA() = default;
std::string hash_for_signature() { return m_hash; }
/**
* @return boolean specifying if this signature scheme uses
* a message prefix returned by message_prefix()
*/
virtual bool has_prefix() { return false; }
/**
* @return the message prefix if this signature scheme uses
* a message prefix, signaled via has_prefix()
*/
virtual secure_vector<uint8_t> message_prefix() const { throw Exception( "No prefix" ); }
std::unique_ptr<EMSA> clone_emsa() const { return std::unique_ptr<EMSA>(m_emsa->clone()); }
private:
/**
* Get the maximum message size in bits supported by this public key.
* @return maximum message in bits
*/
virtual size_t max_input_bits() const = 0;
bool self_test_signature(const std::vector<uint8_t>& msg,
const std::vector<uint8_t>& sig) const;
virtual secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
RandomNumberGenerator& rng) = 0;
std::unique_ptr<EMSA> m_emsa;
const std::string m_hash;
bool m_prefix_used;
};
class Key_Agreement_with_KDF : public Key_Agreement
{
public:
secure_vector<uint8_t> agree(size_t key_len,
const uint8_t other_key[], size_t other_key_len,
const uint8_t salt[], size_t salt_len) override;
protected:
explicit Key_Agreement_with_KDF(const std::string& kdf);
~Key_Agreement_with_KDF() = default;
private:
virtual secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) = 0;
std::unique_ptr<KDF> m_kdf;
};
class KEM_Encryption_with_KDF : public KEM_Encryption
{
public:
void kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
secure_vector<uint8_t>& out_shared_key,
size_t desired_shared_key_len,
Botan::RandomNumberGenerator& rng,
const uint8_t salt[],
size_t salt_len) override;
protected:
virtual void raw_kem_encrypt(secure_vector<uint8_t>& out_encapsulated_key,
secure_vector<uint8_t>& raw_shared_key,
Botan::RandomNumberGenerator& rng) = 0;
explicit KEM_Encryption_with_KDF(const std::string& kdf);
~KEM_Encryption_with_KDF() = default;
private:
std::unique_ptr<KDF> m_kdf;
};
class KEM_Decryption_with_KDF : public KEM_Decryption
{
public:
secure_vector<uint8_t> kem_decrypt(const uint8_t encap_key[],
size_t len,
size_t desired_shared_key_len,
const uint8_t salt[],
size_t salt_len) override;
protected:
virtual secure_vector<uint8_t>
raw_kem_decrypt(const uint8_t encap_key[], size_t len) = 0;
explicit KEM_Decryption_with_KDF(const std::string& kdf);
~KEM_Decryption_with_KDF() = default;
private:
std::unique_ptr<KDF> m_kdf;
};
}
}
#endif
|