/src/botan/build/include/botan/pk_keys.h

Source (jump to first uncovered line)
/*
* PK Key Types
* (C) 1999-2007,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_PK_KEYS_H_
#define BOTAN_PK_KEYS_H_

#include <botan/asn1_obj.h>
#include <botan/pk_ops_fwd.h>
#include <botan/secmem.h>
#include <span>
#include <string>
#include <string_view>

namespace Botan {

class BigInt;
class RandomNumberGenerator;

/**
* Enumeration specifying the signature format.
*
* This is mostly used for requesting DER encoding of ECDSA signatures;
* most other algorithms only support "standard".
*/
enum class Signature_Format {
   Standard,
   DerSequence,

   IEEE_1363 BOTAN_DEPRECATED("Use Standard") = Standard,
   DER_SEQUENCE BOTAN_DEPRECATED("Use DerSequence") = DerSequence,
};

/**
* Enumeration of possible operations a public key could be used for.
*
* It is possible to query if a key supports a particular operation
* type using Asymmetric_Key::supports_operation()
*/
enum class PublicKeyOperation {
   Encryption,
   Signature,
   KeyEncapsulation,
   KeyAgreement,
};

/**
* An interface for objects that are keys in public key algorithms
*
* This is derived for both public and private keys
*/
class BOTAN_PUBLIC_API(3, 0) Asymmetric_Key {
   public:
      virtual ~Asymmetric_Key() = default;

      /**
      * Get the name of the underlying public key scheme.
      * @return name of the public key scheme
      */
      virtual std::string algo_name() const = 0;

      /**
      * Return the estimated strength of the underlying key against
      * the best currently known attack. Note that this ignores anything
      * but pure attacks against the key itself and do not take into
      * account padding schemes, usage mistakes, etc which might reduce
      * the strength. However it does suffice to provide an upper bound.
      *
      * @return estimated strength in bits
      */
      virtual size_t estimated_strength() const = 0;

      /**
      * Get the OID of the underlying public key scheme.
      * @return OID of the public key scheme
      */
      virtual OID object_identifier() const;

      /**
      * Access an algorithm specific field
      *
      * If the field is not known for this algorithm, an Invalid_Argument is
      * thrown. The interpretation of the result requires knowledge of which
      * algorithm is involved. For instance for RSA "p" represents one of the
      * secret primes, while for DSA "p" is the public prime.
      *
      * Some algorithms may not implement this method at all.
      *
      * This is primarily used to implement the FFI botan_pubkey_get_field
      * and botan_privkey_get_field functions.
      */
      virtual const BigInt& get_int_field(std::string_view field) const;

      /**
      * Return true if this key could be used for the specified type
      * of operation.
      */
      virtual bool supports_operation(PublicKeyOperation op) const = 0;
};

/*
* Public Key Base Class.
*/
class BOTAN_PUBLIC_API(2, 0) Public_Key : public virtual Asymmetric_Key {
   public:
      /**
      * Return an integer value best approximating the length of the
      * primary security parameter. For example for RSA this will be
      * the size of the modulus, for ECDSA the size of the ECC group,
      * and for McEliece the size of the code will be returned.
      */
      virtual size_t key_length() const = 0;

      /**
      * Deprecated version of object_identifier
      */
      BOTAN_DEPRECATED("Use object_identifier") OID get_oid() const { return this->object_identifier(); }

      /*
      * Test the key values for consistency.
      * @param rng rng to use
      * @param strong whether to perform strong and lengthy version
      * of the test
      * @return true if the test is passed
      */
      virtual bool check_key(RandomNumberGenerator& rng, bool strong) const = 0;

      /**
      * @return X.509 AlgorithmIdentifier for this key
      */
      virtual AlgorithmIdentifier algorithm_identifier() const = 0;

      /**
      * @return BER encoded public key bits
      */
      virtual std::vector<uint8_t> public_key_bits() const = 0;

      /**
      * @return X.509 subject key encoding for this key object
      */
      std::vector<uint8_t> subject_public_key() const;

      /**
       * @return Hash of the subject public key
       */
      std::string fingerprint_public(std::string_view alg = "SHA-256") const;

      // Internal or non-public declarations follow

      /**
      * Returns more than 1 if the output of this algorithm
      * (ciphertext, signature) should be treated as more than one
      * value. This is used for algorithms like DSA and ECDSA, where
      * the (r,s) output pair can be encoded as either a plain binary
      * list or a TLV tagged DER encoding depending on the protocol.
      *
      * This function is public but applications should have few
      * reasons to ever call this.
      *
      * @return number of message parts
      */
      virtual size_t message_parts() const { return 1; }

      /**
      * Returns how large each of the message parts refered to
      * by message_parts() is
      *
      * This function is public but applications should have few
      * reasons to ever call this.
      *
      * @return size of the message parts in bits
      */
      virtual size_t message_part_size() const { return 0; }

      virtual Signature_Format default_x509_signature_format() const {
         return (this->message_parts() >= 2) ? Signature_Format::DerSequence : Signature_Format::Standard;
      }

      /**
      * This is an internal library function exposed on key types.
      * In almost all cases applications should use wrappers in pubkey.h
      *
      * Return an encryption operation for this key/params or throw
      *
      * @param rng a random number generator. The PK_Op may maintain a
      * reference to the RNG and use it many times. The rng must outlive
      * any operations which reference it.
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::Encryption> create_encryption_op(RandomNumberGenerator& rng,
                                                                       std::string_view params,
                                                                       std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In almost all cases applications should use wrappers in pubkey.h
      *
      * Return a KEM encryption operation for this key/params or throw
      *
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::KEM_Encryption> create_kem_encryption_op(std::string_view params,
                                                                               std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return a verification operation for this key/params or throw
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
                                                                           std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return a verification operation for this combination of key and
      * signature algorithm or throw.
      *
      * @param signature_algorithm is the X.509 algorithm identifier encoding the padding
      * scheme and hash hash function used in the signature if applicable.
      *
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::Verification> create_x509_verification_op(
         const AlgorithmIdentifier& signature_algorithm, std::string_view provider) const;
};

/**
* Private Key Base Class
*/
class BOTAN_PUBLIC_API(2, 0) Private_Key : public virtual Public_Key {
   public:
      /**
      * @return BER encoded private key bits
      */
      virtual secure_vector<uint8_t> private_key_bits() const = 0;

      /**
      * @return binary private key bits, with no additional encoding
      *
      * Note: some algorithms (for example RSA) do not have an obvious encoding
      * for this value due to having many different values, and thus not implement
      * this function. The default implementation throws Not_Implemented
      */
      virtual secure_vector<uint8_t> raw_private_key_bits() const;

      /**
      * Allocate a new object for the public key associated with this
      * private key.
      *
      * @return public key
      */
      virtual std::unique_ptr<Public_Key> public_key() const = 0;

      /**
      * @return PKCS #8 private key encoding for this key object
      */
      secure_vector<uint8_t> private_key_info() const;

      /**
      * @return PKCS #8 AlgorithmIdentifier for this key
      * Might be different from the X.509 identifier, but normally is not
      */
      virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const { return algorithm_identifier(); }

      /**
      * Indicates if this key is stateful, ie that performing a private
      * key operation requires updating the key storage.
      */
      virtual bool stateful_operation() const { return false; }

      // Internal or non-public declarations follow

      /**
       * @return Hash of the PKCS #8 encoding for this key object
       */
      std::string fingerprint_private(std::string_view alg) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return an decryption operation for this key/params or throw
      *
      * @param rng a random number generator. The PK_Op may maintain a
      * reference to the RNG and use it many times. The rng must outlive
      * any operations which reference it.
      * @param params additional parameters
      * @param provider the provider to use
      *
      */
      virtual std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng,
                                                                       std::string_view params,
                                                                       std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return a KEM decryption operation for this key/params or throw
      *
      * @param rng a random number generator. The PK_Op may maintain a
      * reference to the RNG and use it many times. The rng must outlive
      * any operations which reference it.
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::KEM_Decryption> create_kem_decryption_op(RandomNumberGenerator& rng,
                                                                               std::string_view params,
                                                                               std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return a signature operation for this key/params or throw
      *
      * @param rng a random number generator. The PK_Op may maintain a
      * reference to the RNG and use it many times. The rng must outlive
      * any operations which reference it.
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
                                                                     std::string_view params,
                                                                     std::string_view provider) const;

      /**
      * This is an internal library function exposed on key types.
      * In all cases applications should use wrappers in pubkey.h
      *
      * Return a key agreement operation for this key/params or throw
      *
      * @param rng a random number generator. The PK_Op may maintain a
      * reference to the RNG and use it many times. The rng must outlive
      * any operations which reference it.
      * @param params additional parameters
      * @param provider the provider to use
      */
      virtual std::unique_ptr<PK_Ops::Key_Agreement> create_key_agreement_op(RandomNumberGenerator& rng,
                                                                             std::string_view params,
                                                                             std::string_view provider) const;
};

/**
* PK Secret Value Derivation Key
*/
class BOTAN_PUBLIC_API(2, 0) PK_Key_Agreement_Key : public virtual Private_Key {
   public:
      /*
      * @return public component of this key
      */
      virtual std::vector<uint8_t> public_value() const = 0;
};

std::string BOTAN_PUBLIC_API(2, 4) create_hex_fingerprint(const uint8_t bits[], size_t len, std::string_view hash_name);

inline std::string create_hex_fingerprint(std::span<const uint8_t> vec, std::string_view hash_name) {
   return create_hex_fingerprint(vec.data(), vec.size(), hash_name);
}

}  // namespace Botan

#endif

Coverage Report

Created: 2023-09-25 06:33

Line	Count	Source (jump to first uncovered line)
1		/*
2		* PK Key Types
3		* (C) 1999-2007,2018 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#ifndef BOTAN_PK_KEYS_H_
9		#define BOTAN_PK_KEYS_H_
10
11		#include <botan/asn1_obj.h>
12		#include <botan/pk_ops_fwd.h>
13		#include <botan/secmem.h>
14		#include <span>
15		#include <string>
16		#include <string_view>
17
18		namespace Botan {
19
20		class BigInt;
21		class RandomNumberGenerator;
22
23		/**
24		* Enumeration specifying the signature format.
25		*
26		* This is mostly used for requesting DER encoding of ECDSA signatures;
27		* most other algorithms only support "standard".
28		*/
29		enum class Signature_Format {
30		Standard,
31		DerSequence,
32
33		IEEE_1363 BOTAN_DEPRECATED("Use Standard") = Standard,
34		DER_SEQUENCE BOTAN_DEPRECATED("Use DerSequence") = DerSequence,
35		};
36
37		/**
38		* Enumeration of possible operations a public key could be used for.
39		*
40		* It is possible to query if a key supports a particular operation
41		* type using Asymmetric_Key::supports_operation()
42		*/
43		enum class PublicKeyOperation {
44		Encryption,
45		Signature,
46		KeyEncapsulation,
47		KeyAgreement,
48		};
49
50		/**
51		* An interface for objects that are keys in public key algorithms
52		*
53		* This is derived for both public and private keys
54		*/
55		class BOTAN_PUBLIC_API(3, 0) Asymmetric_Key {
56		public:
57	1.18k	virtual ~Asymmetric_Key() = default;
58
59		/**
60		* Get the name of the underlying public key scheme.
61		* @return name of the public key scheme
62		*/
63		virtual std::string algo_name() const = 0;
64
65		/**
66		* Return the estimated strength of the underlying key against
67		* the best currently known attack. Note that this ignores anything
68		* but pure attacks against the key itself and do not take into
69		* account padding schemes, usage mistakes, etc which might reduce
70		* the strength. However it does suffice to provide an upper bound.
71		*
72		* @return estimated strength in bits
73		*/
74		virtual size_t estimated_strength() const = 0;
75
76		/**
77		* Get the OID of the underlying public key scheme.
78		* @return OID of the public key scheme
79		*/
80		virtual OID object_identifier() const;
81
82		/**
83		* Access an algorithm specific field
84		*
85		* If the field is not known for this algorithm, an Invalid_Argument is
86		* thrown. The interpretation of the result requires knowledge of which
87		* algorithm is involved. For instance for RSA "p" represents one of the
88		* secret primes, while for DSA "p" is the public prime.
89		*
90		* Some algorithms may not implement this method at all.
91		*
92		* This is primarily used to implement the FFI botan_pubkey_get_field
93		* and botan_privkey_get_field functions.
94		*/
95		virtual const BigInt& get_int_field(std::string_view field) const;
96
97		/**
98		* Return true if this key could be used for the specified type
99		* of operation.
100		*/
101		virtual bool supports_operation(PublicKeyOperation op) const = 0;
102		};
103
104		/*
105		* Public Key Base Class.
106		*/
107		class BOTAN_PUBLIC_API(2, 0) Public_Key : public virtual Asymmetric_Key {
108		public:
109		/**
110		* Return an integer value best approximating the length of the
111		* primary security parameter. For example for RSA this will be
112		* the size of the modulus, for ECDSA the size of the ECC group,
113		* and for McEliece the size of the code will be returned.
114		*/
115		virtual size_t key_length() const = 0;
116
117		/**
118		* Deprecated version of object_identifier
119		*/
120	0	BOTAN_DEPRECATED("Use object_identifier") OID get_oid() const { return this->object_identifier(); }
121
122		/*
123		* Test the key values for consistency.
124		* @param rng rng to use
125		* @param strong whether to perform strong and lengthy version
126		* of the test
127		* @return true if the test is passed
128		*/
129		virtual bool check_key(RandomNumberGenerator& rng, bool strong) const = 0;
130
131		/**
132		* @return X.509 AlgorithmIdentifier for this key
133		*/
134		virtual AlgorithmIdentifier algorithm_identifier() const = 0;
135
136		/**
137		* @return BER encoded public key bits
138		*/
139		virtual std::vector<uint8_t> public_key_bits() const = 0;
140
141		/**
142		* @return X.509 subject key encoding for this key object
143		*/
144		std::vector<uint8_t> subject_public_key() const;
145
146		/**
147		* @return Hash of the subject public key
148		*/
149		std::string fingerprint_public(std::string_view alg = "SHA-256") const;
150
151		// Internal or non-public declarations follow
152
153		/**
154		* Returns more than 1 if the output of this algorithm
155		* (ciphertext, signature) should be treated as more than one
156		* value. This is used for algorithms like DSA and ECDSA, where
157		* the (r,s) output pair can be encoded as either a plain binary
158		* list or a TLV tagged DER encoding depending on the protocol.
159		*
160		* This function is public but applications should have few
161		* reasons to ever call this.
162		*
163		* @return number of message parts
164		*/
165	158	virtual size_t message_parts() const { return 1; }
166
167		/**
168		* Returns how large each of the message parts refered to
169		* by message_parts() is
170		*
171		* This function is public but applications should have few
172		* reasons to ever call this.
173		*
174		* @return size of the message parts in bits
175		*/
176	158	virtual size_t message_part_size() const { return 0; }
177
178	0	virtual Signature_Format default_x509_signature_format() const {
179	0	return (this->message_parts() >= 2) ? Signature_Format::DerSequence : Signature_Format::Standard;
180	0	}
181
182		/**
183		* This is an internal library function exposed on key types.
184		* In almost all cases applications should use wrappers in pubkey.h
185		*
186		* Return an encryption operation for this key/params or throw
187		*
188		* @param rng a random number generator. The PK_Op may maintain a
189		* reference to the RNG and use it many times. The rng must outlive
190		* any operations which reference it.
191		* @param params additional parameters
192		* @param provider the provider to use
193		*/
194		virtual std::unique_ptr<PK_Ops::Encryption> create_encryption_op(RandomNumberGenerator& rng,
195		std::string_view params,
196		std::string_view provider) const;
197
198		/**
199		* This is an internal library function exposed on key types.
200		* In almost all cases applications should use wrappers in pubkey.h
201		*
202		* Return a KEM encryption operation for this key/params or throw
203		*
204		* @param params additional parameters
205		* @param provider the provider to use
206		*/
207		virtual std::unique_ptr<PK_Ops::KEM_Encryption> create_kem_encryption_op(std::string_view params,
208		std::string_view provider) const;
209
210		/**
211		* This is an internal library function exposed on key types.
212		* In all cases applications should use wrappers in pubkey.h
213		*
214		* Return a verification operation for this key/params or throw
215		* @param params additional parameters
216		* @param provider the provider to use
217		*/
218		virtual std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
219		std::string_view provider) const;
220
221		/**
222		* This is an internal library function exposed on key types.
223		* In all cases applications should use wrappers in pubkey.h
224		*
225		* Return a verification operation for this combination of key and
226		* signature algorithm or throw.
227		*
228		* @param signature_algorithm is the X.509 algorithm identifier encoding the padding
229		* scheme and hash hash function used in the signature if applicable.
230		*
231		* @param provider the provider to use
232		*/
233		virtual std::unique_ptr<PK_Ops::Verification> create_x509_verification_op(
234		const AlgorithmIdentifier& signature_algorithm, std::string_view provider) const;
235		};
236
237		/**
238		* Private Key Base Class
239		*/
240		class BOTAN_PUBLIC_API(2, 0) Private_Key : public virtual Public_Key {
241		public:
242		/**
243		* @return BER encoded private key bits
244		*/
245		virtual secure_vector<uint8_t> private_key_bits() const = 0;
246
247		/**
248		* @return binary private key bits, with no additional encoding
249		*
250		* Note: some algorithms (for example RSA) do not have an obvious encoding
251		* for this value due to having many different values, and thus not implement
252		* this function. The default implementation throws Not_Implemented
253		*/
254		virtual secure_vector<uint8_t> raw_private_key_bits() const;
255
256		/**
257		* Allocate a new object for the public key associated with this
258		* private key.
259		*
260		* @return public key
261		*/
262		virtual std::unique_ptr<Public_Key> public_key() const = 0;
263
264		/**
265		* @return PKCS #8 private key encoding for this key object
266		*/
267		secure_vector<uint8_t> private_key_info() const;
268
269		/**
270		* @return PKCS #8 AlgorithmIdentifier for this key
271		* Might be different from the X.509 identifier, but normally is not
272		*/
273	0	virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const { return algorithm_identifier(); }
274
275		/**
276		* Indicates if this key is stateful, ie that performing a private
277		* key operation requires updating the key storage.
278		*/
279	0	virtual bool stateful_operation() const { return false; }
280
281		// Internal or non-public declarations follow
282
283		/**
284		* @return Hash of the PKCS #8 encoding for this key object
285		*/
286		std::string fingerprint_private(std::string_view alg) const;
287
288		/**
289		* This is an internal library function exposed on key types.
290		* In all cases applications should use wrappers in pubkey.h
291		*
292		* Return an decryption operation for this key/params or throw
293		*
294		* @param rng a random number generator. The PK_Op may maintain a
295		* reference to the RNG and use it many times. The rng must outlive
296		* any operations which reference it.
297		* @param params additional parameters
298		* @param provider the provider to use
299		*
300		*/
301		virtual std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng,
302		std::string_view params,
303		std::string_view provider) const;
304
305		/**
306		* This is an internal library function exposed on key types.
307		* In all cases applications should use wrappers in pubkey.h
308		*
309		* Return a KEM decryption operation for this key/params or throw
310		*
311		* @param rng a random number generator. The PK_Op may maintain a
312		* reference to the RNG and use it many times. The rng must outlive
313		* any operations which reference it.
314		* @param params additional parameters
315		* @param provider the provider to use
316		*/
317		virtual std::unique_ptr<PK_Ops::KEM_Decryption> create_kem_decryption_op(RandomNumberGenerator& rng,
318		std::string_view params,
319		std::string_view provider) const;
320
321		/**
322		* This is an internal library function exposed on key types.
323		* In all cases applications should use wrappers in pubkey.h
324		*
325		* Return a signature operation for this key/params or throw
326		*
327		* @param rng a random number generator. The PK_Op may maintain a
328		* reference to the RNG and use it many times. The rng must outlive
329		* any operations which reference it.
330		* @param params additional parameters
331		* @param provider the provider to use
332		*/
333		virtual std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
334		std::string_view params,
335		std::string_view provider) const;
336
337		/**
338		* This is an internal library function exposed on key types.
339		* In all cases applications should use wrappers in pubkey.h
340		*
341		* Return a key agreement operation for this key/params or throw
342		*
343		* @param rng a random number generator. The PK_Op may maintain a
344		* reference to the RNG and use it many times. The rng must outlive
345		* any operations which reference it.
346		* @param params additional parameters
347		* @param provider the provider to use
348		*/
349		virtual std::unique_ptr<PK_Ops::Key_Agreement> create_key_agreement_op(RandomNumberGenerator& rng,
350		std::string_view params,
351		std::string_view provider) const;
352		};
353
354		/**
355		* PK Secret Value Derivation Key
356		*/
357		class BOTAN_PUBLIC_API(2, 0) PK_Key_Agreement_Key : public virtual Private_Key {
358		public:
359		/*
360		* @return public component of this key
361		*/
362		virtual std::vector<uint8_t> public_value() const = 0;
363		};
364
365		std::string BOTAN_PUBLIC_API(2, 4) create_hex_fingerprint(const uint8_t bits[], size_t len, std::string_view hash_name);
366
367	0	inline std::string create_hex_fingerprint(std::span<const uint8_t> vec, std::string_view hash_name) {
368	0	return create_hex_fingerprint(vec.data(), vec.size(), hash_name);
369	0	}
370
371		} // namespace Botan
372
373		#endif