11#include <botan/ed25519.h>
12#include <botan/internal/pk_ops_impl.h>
13#include <botan/hash.h>
14#include <botan/ber_dec.h>
15#include <botan/der_enc.h>
35 m_public.assign(pub_key, pub_key + pub_len);
39 const std::vector<uint8_t>& key_bits)
54 if(secret_key.size() == 64)
56 m_private = secret_key;
57 m_public.assign(m_private.begin() + 32, m_private.end());
59 else if(secret_key.size() == 32)
113 void update(
const uint8_t msg[],
size_t msg_len)
override
115 m_msg.insert(m_msg.end(), msg, msg + msg_len);
118 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override
123 const std::vector<uint8_t>& pub_key = m_key.get_public_key();
125 const bool ok =
ed25519_verify(m_msg.data(), m_msg.size(), sig, pub_key.data(),
nullptr, 0);
131 std::vector<uint8_t> m_msg;
132 const Ed25519_PublicKey& m_key;
138class Ed25519_Hashed_Verify_Operation
final :
public PK_Ops::Verification
141 Ed25519_Hashed_Verify_Operation(
const Ed25519_PublicKey& key,
const std::string&
hash,
bool rfc8032) :
149 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x6E, 0x6F, 0x20, 0x45, 0x64,
150 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6F, 0x6C, 0x6C, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x73,
155 void update(
const uint8_t msg[],
size_t msg_len)
override
157 m_hash->update(msg, msg_len);
160 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override
164 std::vector<uint8_t> msg_hash(m_hash->output_length());
165 m_hash->final(msg_hash.data());
167 const std::vector<uint8_t>& pub_key = m_key.get_public_key();
169 return ed25519_verify(msg_hash.data(), msg_hash.size(), sig, pub_key.data(), m_domain_sep.data(), m_domain_sep.size());
173 std::unique_ptr<HashFunction> m_hash;
174 const Ed25519_PublicKey& m_key;
175 std::vector<uint8_t> m_domain_sep;
181class Ed25519_Pure_Sign_Operation
final :
public PK_Ops::Signature
184 Ed25519_Pure_Sign_Operation(
const Ed25519_PrivateKey& key) : m_key(key)
188 void update(
const uint8_t msg[],
size_t msg_len)
override
190 m_msg.insert(m_msg.end(), msg, msg + msg_len);
193 secure_vector<uint8_t> sign(RandomNumberGenerator&)
override
195 secure_vector<uint8_t> sig(64);
196 ed25519_sign(sig.data(), m_msg.data(), m_msg.size(), m_key.get_private_key().data(),
nullptr, 0);
201 size_t signature_length()
const override {
return 64; }
204 std::vector<uint8_t> m_msg;
205 const Ed25519_PrivateKey& m_key;
211class Ed25519_Hashed_Sign_Operation
final :
public PK_Ops::Signature
214 Ed25519_Hashed_Sign_Operation(
const Ed25519_PrivateKey& key,
const std::string&
hash,
bool rfc8032) :
221 m_domain_sep = std::vector<uint8_t>{
222 0x53, 0x69, 0x67, 0x45, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x6E, 0x6F, 0x20, 0x45, 0x64,
223 0x32, 0x35, 0x35, 0x31, 0x39, 0x20, 0x63, 0x6F, 0x6C, 0x6C, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x73,
228 size_t signature_length()
const override {
return 64; }
230 void update(
const uint8_t msg[],
size_t msg_len)
override
232 m_hash->update(msg, msg_len);
235 secure_vector<uint8_t> sign(RandomNumberGenerator&)
override
237 secure_vector<uint8_t> sig(64);
238 std::vector<uint8_t> msg_hash(m_hash->output_length());
239 m_hash->final(msg_hash.data());
241 msg_hash.data(), msg_hash.size(),
242 m_key.get_private_key().data(),
243 m_domain_sep.data(), m_domain_sep.size());
248 std::unique_ptr<HashFunction> m_hash;
249 const Ed25519_PrivateKey& m_key;
250 std::vector<uint8_t> m_domain_sep;
255std::unique_ptr<PK_Ops::Verification>
257 const std::string& provider)
const
259 if(provider ==
"base" || provider.empty())
261 if(params ==
"" || params ==
"Identity" || params ==
"Pure")
262 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Pure_Verify_Operation(*
this));
263 else if(params ==
"Ed25519ph")
264 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Hashed_Verify_Operation(*
this,
"SHA-512",
true));
266 return std::unique_ptr<PK_Ops::Verification>(
new Ed25519_Hashed_Verify_Operation(*
this, params,
false));
271std::unique_ptr<PK_Ops::Signature>
273 const std::string& params,
274 const std::string& provider)
const
276 if(provider ==
"base" || provider.empty())
278 if(params ==
"" || params ==
"Identity" || params ==
"Pure")
279 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Pure_Sign_Operation(*
this));
280 else if(params ==
"Ed25519ph")
281 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Hashed_Sign_Operation(*
this,
"SHA-512",
true));
283 return std::unique_ptr<PK_Ops::Signature>(
new Ed25519_Hashed_Sign_Operation(*
this, params,
false));
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
BER_Decoder & decode(bool &out)
BER_Decoder & discard_remaining()
secure_vector< uint8_t > get_contents()
DER_Encoder & encode(bool b)
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
Ed25519_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
bool check_key(RandomNumberGenerator &rng, bool strong) const override
secure_vector< uint8_t > private_key_bits() const override
std::vector< uint8_t > m_public
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::string algo_name() const override
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
Ed25519_PublicKey()=default
std::vector< uint8_t > public_key_bits() const override
AlgorithmIdentifier algorithm_identifier() const override
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
virtual OID get_oid() const
secure_vector< uint8_t > random_vec(size_t bytes)
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
void ed25519_sign(uint8_t sig[64], const uint8_t m[], size_t mlen, const uint8_t sk[64], const uint8_t domain_sep[], size_t domain_sep_len)
void ed25519_gen_keypair(uint8_t *pk, uint8_t *sk, const uint8_t seed[32])
bool ed25519_verify(const uint8_t *m, size_t mlen, const uint8_t sig[64], const uint8_t *pk, const uint8_t domain_sep[], size_t domain_sep_len)
std::vector< T, secure_allocator< T > > secure_vector