/src/botan/build/include/public/botan/pk_keys.h
Line | Count | Source |
1 | | /* |
2 | | * PK Key Types |
3 | | * (C) 1999-2007,2018 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_PK_KEYS_H_ |
9 | | #define BOTAN_PK_KEYS_H_ |
10 | | |
11 | | #include <botan/asn1_obj.h> |
12 | | #include <botan/pk_ops_fwd.h> |
13 | | #include <botan/secmem.h> |
14 | | |
15 | | #include <memory> |
16 | | #include <optional> |
17 | | #include <span> |
18 | | #include <string> |
19 | | #include <string_view> |
20 | | |
21 | | namespace Botan { |
22 | | |
23 | | class BigInt; |
24 | | class RandomNumberGenerator; |
25 | | |
26 | | /** |
27 | | * Enumeration specifying the signature format. |
28 | | * |
29 | | * This is mostly used for requesting DER encoding of ECDSA signatures; |
30 | | * most other algorithms only support "standard". |
31 | | */ |
32 | | enum class Signature_Format : uint8_t { |
33 | | Standard = 0, |
34 | | DerSequence = 1, |
35 | | |
36 | | IEEE_1363 BOTAN_DEPRECATED("Use Standard") = Standard, |
37 | | DER_SEQUENCE BOTAN_DEPRECATED("Use DerSequence") = DerSequence, |
38 | | }; |
39 | | |
40 | | /** |
41 | | * Enumeration of possible operations a public key could be used for. |
42 | | * |
43 | | * It is possible to query if a key supports a particular operation |
44 | | * type using Asymmetric_Key::supports_operation() |
45 | | */ |
46 | | enum class PublicKeyOperation : uint8_t { |
47 | | Encryption, |
48 | | Signature, |
49 | | KeyEncapsulation, |
50 | | KeyAgreement, |
51 | | }; |
52 | | |
53 | | class Private_Key; |
54 | | |
55 | | /** |
56 | | * An interface for objects that are keys in public key algorithms |
57 | | * |
58 | | * This is derived for both public and private keys |
59 | | */ |
60 | | class BOTAN_PUBLIC_API(3, 0) Asymmetric_Key /* NOLINT(*special-member-functions) */ { |
61 | | public: |
62 | 53.3k | virtual ~Asymmetric_Key() = default; |
63 | | |
64 | | /** |
65 | | * Get the name of the underlying public key scheme. |
66 | | * @return name of the public key scheme |
67 | | */ |
68 | | virtual std::string algo_name() const = 0; |
69 | | |
70 | | /** |
71 | | * Return the estimated strength of the underlying key against |
72 | | * the best currently known attack. Note that this ignores anything |
73 | | * but pure attacks against the key itself and do not take into |
74 | | * account padding schemes, usage mistakes, etc which might reduce |
75 | | * the strength. However it does suffice to provide an upper bound. |
76 | | * |
77 | | * @return estimated strength in bits |
78 | | */ |
79 | | virtual size_t estimated_strength() const = 0; |
80 | | |
81 | | /** |
82 | | * Get the OID of the underlying public key scheme. |
83 | | * @return OID of the public key scheme |
84 | | */ |
85 | | virtual OID object_identifier() const; |
86 | | |
87 | | /** |
88 | | * Access an algorithm specific field |
89 | | * |
90 | | * If the field is not known for this algorithm, an Invalid_Argument is |
91 | | * thrown. The interpretation of the result requires knowledge of which |
92 | | * algorithm is involved. For instance for RSA "p" represents one of the |
93 | | * secret primes, while for DSA "p" is the public prime. |
94 | | * |
95 | | * Some algorithms may not implement this method at all. |
96 | | * |
97 | | * This is primarily used to implement the FFI botan_pubkey_get_field |
98 | | * and botan_privkey_get_field functions. |
99 | | * |
100 | | * TODO(Botan4) Change this to return by value |
101 | | */ |
102 | | virtual const BigInt& get_int_field(std::string_view field) const; |
103 | | |
104 | | /** |
105 | | * Return true if this key could be used for the specified type |
106 | | * of operation. |
107 | | */ |
108 | | virtual bool supports_operation(PublicKeyOperation op) const = 0; |
109 | | |
110 | | /** |
111 | | * Generate another (cryptographically independent) key pair using the |
112 | | * same algorithm parameters as this key. This is most useful for algorithms |
113 | | * that support PublicKeyOperation::KeyAgreement to generate a fitting ephemeral |
114 | | * key pair. For other key types it might throw Not_Implemented. |
115 | | */ |
116 | | virtual std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& rng) const = 0; |
117 | | |
118 | | /* |
119 | | * Test the key values for consistency. |
120 | | * @param rng rng to use |
121 | | * @param strong whether to perform strong and lengthy version of the test |
122 | | * @return true if the test is passed |
123 | | */ |
124 | | virtual bool check_key(RandomNumberGenerator& rng, bool strong) const = 0; |
125 | | |
126 | | // Declarations for internal library functions not covered by SemVer follow |
127 | | |
128 | | /** |
129 | | * Certain signatures schemes such as ECDSA have more than |
130 | | * one element, and certain unfortunate protocols decided the |
131 | | * thing to do was not concatenate them as normally done, but |
132 | | * instead DER encode each of the elements as independent values. |
133 | | * |
134 | | * If this returns a value x then the signature is checked to |
135 | | * be exactly 2*x bytes and split in half for DER encoding. |
136 | | */ |
137 | 6.90k | virtual std::optional<size_t> _signature_element_size_for_DER_encoding() const { return {}; } |
138 | | |
139 | | /* |
140 | | * Return the format normally used by this algorithm for X.509 signatures |
141 | | */ |
142 | | virtual Signature_Format _default_x509_signature_format() const; |
143 | | }; |
144 | | |
145 | | /* |
146 | | * Public Key Base Class. |
147 | | */ |
148 | | class BOTAN_PUBLIC_API(2, 0) Public_Key : public virtual Asymmetric_Key { |
149 | | public: |
150 | | /** |
151 | | * Return an integer value best approximating the length of the |
152 | | * primary security parameter. For example for RSA this will be |
153 | | * the size of the modulus, for ECDSA the size of the ECC group, |
154 | | * and for McEliece the size of the code will be returned. |
155 | | */ |
156 | | virtual size_t key_length() const = 0; |
157 | | |
158 | | /** |
159 | | * Deprecated version of object_identifier |
160 | | */ |
161 | 0 | BOTAN_DEPRECATED("Use object_identifier") OID get_oid() const { return this->object_identifier(); } |
162 | | |
163 | | /** |
164 | | * @return X.509 AlgorithmIdentifier for this key |
165 | | */ |
166 | | virtual AlgorithmIdentifier algorithm_identifier() const = 0; |
167 | | |
168 | | /** |
169 | | * @return binary public key bits, with no additional encoding |
170 | | * |
171 | | * For key agreements this is an alias for PK_Key_Agreement_Key::public_value. |
172 | | * |
173 | | * Note: some algorithms (for example RSA) do not have an obvious encoding |
174 | | * for this value due to having many different values, and thus throw |
175 | | * Not_Implemented when invoking this method. |
176 | | */ |
177 | | virtual std::vector<uint8_t> raw_public_key_bits() const = 0; |
178 | | |
179 | | /** |
180 | | * @return BER encoded public key bits |
181 | | */ |
182 | | virtual std::vector<uint8_t> public_key_bits() const = 0; |
183 | | |
184 | | /** |
185 | | * @return X.509 subject key encoding for this key object |
186 | | */ |
187 | | std::vector<uint8_t> subject_public_key() const; |
188 | | |
189 | | /** |
190 | | * @return Hash of the subject public key |
191 | | */ |
192 | | std::string fingerprint_public(std::string_view alg = "SHA-256") const; |
193 | | |
194 | | // Declarations for internal library functions not covered by SemVer follow |
195 | | |
196 | | /** |
197 | | * Returns more than 1 if the output of this algorithm |
198 | | * (ciphertext, signature) should be treated as more than one |
199 | | * value. This is used for algorithms like DSA and ECDSA, where |
200 | | * the (r,s) output pair can be encoded as either a plain binary |
201 | | * list or a TLV tagged DER encoding depending on the protocol. |
202 | | * |
203 | | * This function is public but applications should have few |
204 | | * reasons to ever call this. |
205 | | * |
206 | | * @return number of message parts |
207 | | */ |
208 | 0 | BOTAN_DEPRECATED("Deprecated no replacement") size_t message_parts() const { |
209 | 0 | return _signature_element_size_for_DER_encoding() ? 2 : 1; |
210 | 0 | } |
211 | | |
212 | | /** |
213 | | * Returns how large each of the message parts referred to |
214 | | * by message_parts() is |
215 | | * |
216 | | * This function is public but applications should have few |
217 | | * reasons to ever call this. |
218 | | * |
219 | | * @return size of the message parts in bits |
220 | | */ |
221 | 0 | BOTAN_DEPRECATED("Deprecated no replacement") size_t message_part_size() const { |
222 | 0 | return _signature_element_size_for_DER_encoding().value_or(0); |
223 | 0 | } |
224 | | |
225 | | // NOLINTBEGIN(bugprone-virtual-near-miss) |
226 | | |
227 | | /* |
228 | | * Return the format normally used by this algorithm for X.509 signatures |
229 | | */ |
230 | 0 | BOTAN_DEPRECATED("Deprecated no replacement") Signature_Format default_x509_signature_format() const { |
231 | 0 | return _default_x509_signature_format(); |
232 | 0 | } |
233 | | |
234 | | // NOLINTEND(bugprone-virtual-near-miss) |
235 | | |
236 | | /** |
237 | | * This is an internal library function exposed on key types. |
238 | | * In almost all cases applications should use wrappers in pubkey.h |
239 | | * |
240 | | * Return an encryption operation for this key/params or throw |
241 | | * |
242 | | * @param rng a random number generator. The PK_Op may maintain a |
243 | | * reference to the RNG and use it many times. The rng must outlive |
244 | | * any operations which reference it. |
245 | | * @param params additional parameters |
246 | | * @param provider the provider to use |
247 | | */ |
248 | | virtual std::unique_ptr<PK_Ops::Encryption> create_encryption_op(RandomNumberGenerator& rng, |
249 | | std::string_view params, |
250 | | std::string_view provider) const; |
251 | | |
252 | | /** |
253 | | * This is an internal library function exposed on key types. |
254 | | * In almost all cases applications should use wrappers in pubkey.h |
255 | | * |
256 | | * Return a KEM encryption operation for this key/params or throw |
257 | | * |
258 | | * @param params additional parameters |
259 | | * @param provider the provider to use |
260 | | */ |
261 | | virtual std::unique_ptr<PK_Ops::KEM_Encryption> create_kem_encryption_op(std::string_view params, |
262 | | std::string_view provider) const; |
263 | | |
264 | | /** |
265 | | * This is an internal library function exposed on key types. |
266 | | * In all cases applications should use wrappers in pubkey.h |
267 | | * |
268 | | * Return a verification operation for this key/params or throw |
269 | | * @param params additional parameters |
270 | | * @param provider the provider to use |
271 | | */ |
272 | | virtual std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params, |
273 | | std::string_view provider) const; |
274 | | |
275 | | /** |
276 | | * This is an internal library function exposed on key types. |
277 | | * In all cases applications should use wrappers in pubkey.h |
278 | | * |
279 | | * Return a verification operation for this combination of key and |
280 | | * signature algorithm or throw. |
281 | | * |
282 | | * @param signature_algorithm is the X.509 algorithm identifier encoding the padding |
283 | | * scheme and hash hash function used in the signature if applicable. |
284 | | * |
285 | | * @param provider the provider to use |
286 | | */ |
287 | | virtual std::unique_ptr<PK_Ops::Verification> create_x509_verification_op( |
288 | | const AlgorithmIdentifier& signature_algorithm, std::string_view provider) const; |
289 | | }; |
290 | | |
291 | | /** |
292 | | * Private Key Base Class |
293 | | */ |
294 | | class BOTAN_PUBLIC_API(2, 0) Private_Key : public virtual Public_Key { |
295 | | public: |
296 | | /** |
297 | | * @return BER encoded private key bits |
298 | | */ |
299 | | virtual secure_vector<uint8_t> private_key_bits() const = 0; |
300 | | |
301 | | /** |
302 | | * @return binary private key bits, with no additional encoding |
303 | | * |
304 | | * Note: some algorithms (for example RSA) do not have an obvious encoding |
305 | | * for this value due to having many different values, and thus not implement |
306 | | * this function. The default implementation throws Not_Implemented |
307 | | */ |
308 | | virtual secure_vector<uint8_t> raw_private_key_bits() const; |
309 | | |
310 | | /** |
311 | | * Allocate a new object for the public key associated with this |
312 | | * private key. |
313 | | * |
314 | | * @return public key |
315 | | */ |
316 | | virtual std::unique_ptr<Public_Key> public_key() const = 0; |
317 | | |
318 | | /** |
319 | | * @return PKCS #8 private key encoding for this key object |
320 | | */ |
321 | | secure_vector<uint8_t> private_key_info() const; |
322 | | |
323 | | /** |
324 | | * @return PKCS #8 AlgorithmIdentifier for this key |
325 | | * Might be different from the X.509 identifier, but normally is not |
326 | | */ |
327 | 0 | virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const { return algorithm_identifier(); } |
328 | | |
329 | | /** |
330 | | * Indicates if this key is stateful, ie that performing a private |
331 | | * key operation requires updating the key storage. |
332 | | */ |
333 | 0 | virtual bool stateful_operation() const { return false; } |
334 | | |
335 | | /** |
336 | | * @brief Retrieves the number of remaining operations if this is a stateful private key. |
337 | | * |
338 | | * @returns the number of remaining operations or std::nullopt if not applicable. |
339 | | */ |
340 | 0 | virtual std::optional<uint64_t> remaining_operations() const { return std::nullopt; } |
341 | | |
342 | | // Declarations for internal library functions not covered by SemVer follow |
343 | | |
344 | | /** |
345 | | * @return Hash of the PKCS #8 encoding for this key object |
346 | | */ |
347 | | std::string fingerprint_private(std::string_view alg) const; |
348 | | |
349 | | /** |
350 | | * This is an internal library function exposed on key types. |
351 | | * In all cases applications should use wrappers in pubkey.h |
352 | | * |
353 | | * Return an decryption operation for this key/params or throw |
354 | | * |
355 | | * @param rng a random number generator. The PK_Op may maintain a |
356 | | * reference to the RNG and use it many times. The rng must outlive |
357 | | * any operations which reference it. |
358 | | * @param params additional parameters |
359 | | * @param provider the provider to use |
360 | | * |
361 | | */ |
362 | | virtual std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng, |
363 | | std::string_view params, |
364 | | std::string_view provider) const; |
365 | | |
366 | | /** |
367 | | * This is an internal library function exposed on key types. |
368 | | * In all cases applications should use wrappers in pubkey.h |
369 | | * |
370 | | * Return a KEM decryption operation for this key/params or throw |
371 | | * |
372 | | * @param rng a random number generator. The PK_Op may maintain a |
373 | | * reference to the RNG and use it many times. The rng must outlive |
374 | | * any operations which reference it. |
375 | | * @param params additional parameters |
376 | | * @param provider the provider to use |
377 | | */ |
378 | | virtual std::unique_ptr<PK_Ops::KEM_Decryption> create_kem_decryption_op(RandomNumberGenerator& rng, |
379 | | std::string_view params, |
380 | | std::string_view provider) const; |
381 | | |
382 | | /** |
383 | | * This is an internal library function exposed on key types. |
384 | | * In all cases applications should use wrappers in pubkey.h |
385 | | * |
386 | | * Return a signature operation for this key/params or throw |
387 | | * |
388 | | * @param rng a random number generator. The PK_Op may maintain a |
389 | | * reference to the RNG and use it many times. The rng must outlive |
390 | | * any operations which reference it. |
391 | | * @param params additional parameters |
392 | | * @param provider the provider to use |
393 | | */ |
394 | | virtual std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng, |
395 | | std::string_view params, |
396 | | std::string_view provider) const; |
397 | | |
398 | | /** |
399 | | * This is an internal library function exposed on key types. |
400 | | * In all cases applications should use wrappers in pubkey.h |
401 | | * |
402 | | * Return a key agreement operation for this key/params or throw |
403 | | * |
404 | | * @param rng a random number generator. The PK_Op may maintain a |
405 | | * reference to the RNG and use it many times. The rng must outlive |
406 | | * any operations which reference it. |
407 | | * @param params additional parameters |
408 | | * @param provider the provider to use |
409 | | */ |
410 | | virtual std::unique_ptr<PK_Ops::Key_Agreement> create_key_agreement_op(RandomNumberGenerator& rng, |
411 | | std::string_view params, |
412 | | std::string_view provider) const; |
413 | | }; |
414 | | |
415 | | /** |
416 | | * PK Secret Value Derivation Key |
417 | | */ |
418 | | class BOTAN_PUBLIC_API(2, 0) PK_Key_Agreement_Key : public virtual Private_Key { |
419 | | public: |
420 | | /* |
421 | | * @return public component of this key |
422 | | */ |
423 | | virtual std::vector<uint8_t> public_value() const = 0; |
424 | | }; |
425 | | |
426 | | std::string BOTAN_PUBLIC_API(2, 4) create_hex_fingerprint(const uint8_t bits[], size_t len, std::string_view hash_name); |
427 | | |
428 | 63.5k | inline std::string create_hex_fingerprint(std::span<const uint8_t> vec, std::string_view hash_name) { |
429 | 63.5k | return create_hex_fingerprint(vec.data(), vec.size(), hash_name); |
430 | 63.5k | } |
431 | | |
432 | | } // namespace Botan |
433 | | |
434 | | #endif |