9#include <botan/ed448.h>
11#include <botan/ber_dec.h>
12#include <botan/der_enc.h>
13#include <botan/hash.h>
15#include <botan/internal/ed448_internal.h>
16#include <botan/internal/pk_ops_impl.h>
54 return std::make_unique<Ed448_PrivateKey>(rng);
64 m_private = std::move(bits);
78 m_private = {key_bits.begin(), key_bits.end()};
83 return std::make_unique<Ed448_PublicKey>(
m_public);
100 virtual void update(std::span<const uint8_t> msg) = 0;
101 virtual std::vector<uint8_t> get_and_clear() = 0;
103 Ed448_Message() =
default;
104 virtual ~Ed448_Message() =
default;
105 Ed448_Message(
const Ed448_Message&) =
delete;
106 Ed448_Message& operator=(
const Ed448_Message&) =
delete;
107 Ed448_Message(Ed448_Message&&) =
delete;
108 Ed448_Message& operator=(Ed448_Message&&) =
delete;
111class Prehashed_Ed448_Message
final :
public Ed448_Message {
113 void update(std::span<const uint8_t> msg)
override { m_hash->update(msg); }
115 std::vector<uint8_t> get_and_clear()
override {
return m_hash->final_stdvec(); }
117 Prehashed_Ed448_Message(std::string_view hash) : m_hash(HashFunction::create_or_throw(hash)) {}
120 std::unique_ptr<HashFunction> m_hash;
123class Pure_Ed448_Message
final :
public Ed448_Message {
125 void update(std::span<const uint8_t> msg)
override { m_msg.insert(m_msg.end(), msg.begin(), msg.end()); }
127 std::vector<uint8_t> get_and_clear()
override {
return std::exchange(m_msg, {}); }
130 std::vector<uint8_t> m_msg;
136class Ed448_Verify_Operation
final :
public PK_Ops::Verification {
138 explicit Ed448_Verify_Operation(
const Ed448_PublicKey& key,
139 std::optional<std::string> prehash_function = std::nullopt) :
140 m_prehash_function(std::move(prehash_function)) {
141 const auto pk_bits = key.public_key_bits();
142 copy_mem(m_pk, std::span(pk_bits).first<ED448_LEN>());
143 if(m_prehash_function) {
144 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
146 m_message = std::make_unique<Pure_Ed448_Message>();
150 void update(
const uint8_t msg[],
size_t msg_len)
override { m_message->update({msg, msg_len}); }
152 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override {
153 const auto msg = m_message->get_and_clear();
155 return verify_signature(m_pk, m_prehash_function.has_value(), {}, {sig, sig_len}, msg);
156 }
catch(Decoding_Error&) {
161 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
164 std::array<uint8_t, ED448_LEN> m_pk;
165 std::unique_ptr<Ed448_Message> m_message;
166 std::optional<std::string> m_prehash_function;
172class Ed448_Sign_Operation
final :
public PK_Ops::Signature {
174 explicit Ed448_Sign_Operation(
const Ed448_PrivateKey& key,
175 std::optional<std::string> prehash_function = std::nullopt) :
176 m_prehash_function(std::move(prehash_function)) {
177 const auto pk_bits = key.public_key_bits();
178 copy_mem(m_pk, std::span(pk_bits).first<ED448_LEN>());
179 const auto sk_bits = key.raw_private_key_bits();
181 m_sk = {sk_bits.begin(), sk_bits.end()};
182 if(m_prehash_function) {
183 m_message = std::make_unique<Prehashed_Ed448_Message>(*m_prehash_function);
185 m_message = std::make_unique<Pure_Ed448_Message>();
189 void update(
const uint8_t msg[],
size_t msg_len)
override { m_message->update({msg, msg_len}); }
194 std::span(m_sk).first<ED448_LEN>(), m_pk, m_prehash_function.has_value(), {}, m_message->get_and_clear());
195 return {sig.begin(), sig.end()};
198 size_t signature_length()
const override {
return 2 *
ED448_LEN; }
200 AlgorithmIdentifier algorithm_identifier()
const override;
202 std::string hash_function()
const override {
return m_prehash_function.value_or(
"SHAKE-256(912)"); }
205 std::array<uint8_t, ED448_LEN> m_pk;
207 std::unique_ptr<Ed448_Message> m_message;
208 std::optional<std::string> m_prehash_function;
211AlgorithmIdentifier Ed448_Sign_Operation::algorithm_identifier()
const {
212 return AlgorithmIdentifier(OID::from_string(
"Ed448"), AlgorithmIdentifier::USE_EMPTY_PARAM);
218 std::string_view provider)
const {
219 if(provider ==
"base" || provider.empty()) {
220 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
221 return std::make_unique<Ed448_Verify_Operation>(*
this);
222 }
else if(params ==
"Ed448ph") {
223 return std::make_unique<Ed448_Verify_Operation>(*
this,
"SHAKE-256(512)");
225 return std::make_unique<Ed448_Verify_Operation>(*
this, std::string(params));
232 std::string_view provider)
const {
233 if(provider ==
"base" || provider.empty()) {
234 if(alg_id != this->algorithm_identifier()) {
235 throw Decoding_Error(
"Unexpected AlgorithmIdentifier for Ed448 X509 signature");
238 return std::make_unique<Ed448_Verify_Operation>(*
this);
244 std::string_view params,
245 std::string_view provider)
const {
246 if(provider ==
"base" || provider.empty()) {
247 if(params.empty() || params ==
"Identity" || params ==
"Pure" || params ==
"Ed448") {
248 return std::make_unique<Ed448_Sign_Operation>(*
this);
249 }
else if(params ==
"Ed448ph") {
250 return std::make_unique<Ed448_Sign_Operation>(*
this,
"SHAKE-256(512)");
252 return std::make_unique<Ed448_Sign_Operation>(*
this, std::string(params));
#define BOTAN_ASSERT_NOMSG(expr)
virtual OID object_identifier() const
BER_Decoder & decode(bool &out)
BER_Decoder & verify_end()
secure_vector< uint8_t > get_contents()
DER_Encoder & encode(bool b)
static Ed448Point decode(std::span< const uint8_t, ED448_LEN > enc)
Decode a point from its 57-byte encoding (RFC 8032 5.2.3)
Ed448_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
secure_vector< uint8_t > private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
A public key for Ed448/Ed448ph according to RFC 8032.
std::array< uint8_t, 57 > m_public
AlgorithmIdentifier algorithm_identifier() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
std::vector< uint8_t > public_key_bits() const override
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
Ed448_PublicKey()=default
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > raw_public_key_bits() const override
void randomize(std::span< uint8_t > output)
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
std::array< uint8_t, ED448_LEN > create_pk_from_sk(std::span< const uint8_t, ED448_LEN > sk)
Create a public key point from a secret key (RFC 8032 5.2.5)
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
constexpr size_t ED448_LEN
std::vector< T, secure_allocator< T > > secure_vector
std::array< uint8_t, 2 *ED448_LEN > sign_message(std::span< const uint8_t, ED448_LEN > sk, std::span< const uint8_t, ED448_LEN > pk, bool pgflag, std::span< const uint8_t > context, std::span< const uint8_t > msg)
Sign a message using a keypair (RFC 8032 5.2.6)
constexpr void copy_mem(T *out, const T *in, size_t n)