/* * PK Key Types * (C) 1999-2007 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #ifndef BOTAN_PK_KEYS_H_ #define BOTAN_PK_KEYS_H_ #include #include #include #include namespace Botan { class RandomNumberGenerator; /** * The two types of signature format supported by Botan. */ enum Signature_Format { IEEE_1363, DER_SEQUENCE }; /** * Public Key Base Class. */ class BOTAN_PUBLIC_API(2,0) Public_Key { public: Public_Key() =default; Public_Key(const Public_Key& other) = default; Public_Key& operator=(const Public_Key& other) = default; virtual ~Public_Key() = default; /** * Get the name of the underlying public key scheme. * @return name of the public key scheme */ virtual std::string algo_name() const = 0; /** * Return the estimated strength of the underlying key against * the best currently known attack. Note that this ignores anything * but pure attacks against the key itself and do not take into * account padding schemes, usage mistakes, etc which might reduce * the strength. However it does suffice to provide an upper bound. * * @return estimated strength in bits */ virtual size_t estimated_strength() const = 0; /** * Return an integer value best approximating the length of the * primary security parameter. For example for RSA this will be * the size of the modulus, for ECDSA the size of the ECC group, * and for McEliece the size of the code will be returned. */ virtual size_t key_length() const = 0; /** * Get the OID of the underlying public key scheme. * @return OID of the public key scheme */ virtual OID get_oid() const; /** * Test the key values for consistency. * @param rng rng to use * @param strong whether to perform strong and lengthy version * of the test * @return true if the test is passed */ virtual bool check_key(RandomNumberGenerator& rng, bool strong) const = 0; /** * @return X.509 AlgorithmIdentifier for this key */ virtual AlgorithmIdentifier algorithm_identifier() const = 0; /** * @return BER encoded public key bits */ virtual std::vector public_key_bits() const = 0; /** * @return X.509 subject key encoding for this key object */ std::vector subject_public_key() const; /** * @return Hash of the subject public key */ std::string fingerprint_public(const std::string& alg = "SHA-256") const; // Internal or non-public declarations follow /** * Returns more than 1 if the output of this algorithm * (ciphertext, signature) should be treated as more than one * value. This is used for algorithms like DSA and ECDSA, where * the (r,s) output pair can be encoded as either a plain binary * list or a TLV tagged DER encoding depending on the protocol. * * This function is public but applications should have few * reasons to ever call this. * * @return number of message parts */ virtual size_t message_parts() const { return 1; } /** * Returns how large each of the message parts refered to * by message_parts() is * * This function is public but applications should have few * reasons to ever call this. * * @return size of the message parts in bits */ virtual size_t message_part_size() const { return 0; } virtual Signature_Format default_x509_signature_format() const { return (this->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; } /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return an encryption operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_encryption_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return a KEM encryption operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_kem_encryption_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return a verification operation for this key/params or throw * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_verification_op(const std::string& params, const std::string& provider) const; }; /** * Private Key Base Class */ class BOTAN_PUBLIC_API(2,0) Private_Key : public virtual Public_Key { public: Private_Key() = default; Private_Key(const Private_Key& other) = default; Private_Key& operator=(const Private_Key& other) = default; virtual ~Private_Key() = default; virtual bool stateful_operation() const { return false; } /** * @return BER encoded private key bits */ virtual secure_vector private_key_bits() const = 0; /** * @return PKCS #8 private key encoding for this key object */ secure_vector private_key_info() const; /** * @return PKCS #8 AlgorithmIdentifier for this key * Might be different from the X.509 identifier, but normally is not */ virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const { return algorithm_identifier(); } // Internal or non-public declarations follow /** * @return Hash of the PKCS #8 encoding for this key object */ std::string fingerprint_private(const std::string& alg) const; BOTAN_DEPRECATED("Use fingerprint_private or fingerprint_public") inline std::string fingerprint(const std::string& alg) const { return fingerprint_private(alg); // match behavior in previous versions } /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return an decryption operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use * */ virtual std::unique_ptr create_decryption_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return a KEM decryption operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_kem_decryption_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return a signature operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; /** * This is an internal library function exposed on key types. * In almost all cases applications should use wrappers in pubkey.h * * Return a key agreement operation for this key/params or throw * * @param rng a random number generator. The PK_Op may maintain a * reference to the RNG and use it many times. The rng must outlive * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr create_key_agreement_op(RandomNumberGenerator& rng, const std::string& params, const std::string& provider) const; }; /** * PK Secret Value Derivation Key */ class BOTAN_PUBLIC_API(2,0) PK_Key_Agreement_Key : public virtual Private_Key { public: /* * @return public component of this key */ virtual std::vector public_value() const = 0; PK_Key_Agreement_Key() = default; PK_Key_Agreement_Key(const PK_Key_Agreement_Key&) = default; PK_Key_Agreement_Key& operator=(const PK_Key_Agreement_Key&) = default; virtual ~PK_Key_Agreement_Key() = default; }; /* * Old compat typedefs * TODO: remove these? */ typedef PK_Key_Agreement_Key PK_KA_Key; typedef Public_Key X509_PublicKey; typedef Private_Key PKCS8_PrivateKey; std::string BOTAN_PUBLIC_API(2,4) create_hex_fingerprint(const uint8_t bits[], size_t len, const std::string& hash_name); template std::string create_hex_fingerprint(const std::vector& vec, const std::string& hash_name) { return create_hex_fingerprint(vec.data(), vec.size(), hash_name); } } #endif