/*
* Choose a signing format for the key
*/
PK_Signer* choose_sig_format(const Private_Key& key,
const std::string& hash_fn,
AlgorithmIdentifier& sig_algo)
{
const std::string algo_name = key.algo_name();
std::unique_ptr<HashFunction> hash(HashFunction::create(hash_fn));
if(!hash)
throw Algorithm_Not_Found(hash_fn);
if(key.max_input_bits() < hash->output_length() * 8)
throw Invalid_Argument("Key is too small for chosen hash function");
std::string padding;
if(algo_name == "RSA")
padding = "EMSA3";
else if(algo_name == "DSA")
padding = "EMSA1";
else if(algo_name == "ECDSA")
padding = "EMSA1_BSI";
else
throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
padding = padding + "(" + hash->name() + ")";
sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
sig_algo.parameters = key.algorithm_identifier().parameters;
return new PK_Signer(key, padding, format);
}
Hash_Filter::Hash_Filter(const std::string& hash_name, size_t len) :
m_hash(HashFunction::create(hash_name)),
m_out_len(len)
{
if(!m_hash)
throw Algorithm_Not_Found(hash_name);
}
EME* get_eme(const std::string& algo_spec)
{
#if defined(BOTAN_HAS_EME_RAW)
if(algo_spec == "Raw")
return new EME_Raw;
#endif
#if defined(BOTAN_HAS_EME_PKCS1v15)
if(algo_spec == "PKCS1v15" || algo_spec == "EME-PKCS1-v1_5")
return new EME_PKCS1v15;
#endif
#if defined(BOTAN_HAS_EME_OAEP)
SCAN_Name req(algo_spec);
if(req.algo_name() == "OAEP" ||
req.algo_name() == "EME-OAEP" ||
req.algo_name() == "EME1")
{
if(req.arg_count() == 1 ||
(req.arg_count() == 2 && req.arg(1) == "MGF1"))
{
if(auto hash = HashFunction::create(req.arg(0)))
return new OAEP(hash.release());
}
}
#endif
throw Algorithm_Not_Found(algo_spec);
}
/*
* Get an EME by name
*/
EME* get_eme(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
Algorithm_Factory& af = global_state().algorithm_factory();
if(request.algo_name() == "Raw")
return 0; // No padding
#if defined(BOTAN_HAS_EME_PKCS1v15)
if(request.algo_name() == "PKCS1v15" && request.arg_count() == 0)
return new EME_PKCS1v15;
#endif
#if defined(BOTAN_HAS_EME1)
if(request.algo_name() == "EME1" && request.arg_count_between(1, 2))
{
if(request.arg_count() == 1 ||
(request.arg_count() == 2 && request.arg(1) == "MGF1"))
{
return new EME1(af.make_hash_function(request.arg(0)));
}
}
#endif
throw Algorithm_Not_Found(algo_spec);
}
StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name) :
m_buffer(DEFAULT_BUFFERSIZE),
m_cipher(StreamCipher::create(sc_name))
{
if(!m_cipher)
throw Algorithm_Not_Found(sc_name);
}
StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name, const SymmetricKey& key) :
m_buffer(DEFAULT_BUFFERSIZE),
m_cipher(StreamCipher::create(sc_name))
{
if(!m_cipher)
throw Algorithm_Not_Found(sc_name);
m_cipher->set_key(key);
}
KDF* get_kdf(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
if(request.algo_name() == "Raw")
return nullptr; // No KDF
if(KDF* kdf = make_a<KDF>(algo_spec))
return kdf;
throw Algorithm_Not_Found(algo_spec);
}
EME* get_eme(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
if(EME* eme = make_a<EME>(Botan::EME::Spec(algo_spec)))
return eme;
if(request.algo_name() == "Raw")
return nullptr; // No padding
throw Algorithm_Not_Found(algo_spec);
}
KDF* get_kdf(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
if(request.algo_name() == "Raw")
return nullptr; // No KDF
auto kdf = KDF::create(algo_spec);
if(!kdf)
throw Algorithm_Not_Found(algo_spec);
return kdf.release();
}
/*
* Get an EMSA by name
*/
EMSA* get_emsa(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
Algorithm_Factory& af = global_state().algorithm_factory();
#if defined(BOTAN_HAS_EMSA_RAW)
if(request.algo_name() == "Raw" && request.arg_count() == 0)
return new EMSA_Raw;
#endif
#if defined(BOTAN_HAS_EMSA1)
if(request.algo_name() == "EMSA1" && request.arg_count() == 1)
return new EMSA1(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_EMSA1_BSI)
if(request.algo_name() == "EMSA1_BSI" && request.arg_count() == 1)
return new EMSA1_BSI(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_EMSA2)
if(request.algo_name() == "EMSA2" && request.arg_count() == 1)
return new EMSA2(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_EMSA3)
if(request.algo_name() == "EMSA3" && request.arg_count() == 1)
{
if(request.arg(0) == "Raw")
return new EMSA3_Raw;
return new EMSA3(af.make_hash_function(request.arg(0)));
}
#endif
#if defined(BOTAN_HAS_EMSA4)
if(request.algo_name() == "EMSA4" && request.arg_count_between(1, 3))
{
// 3 args: Hash, MGF, salt size (MGF is hardcoded MGF1 in Botan)
if(request.arg_count() == 1)
return new EMSA4(af.make_hash_function(request.arg(0)));
if(request.arg_count() == 2 && request.arg(1) != "MGF1")
return new EMSA4(af.make_hash_function(request.arg(0)));
if(request.arg_count() == 3)
return new EMSA4(af.make_hash_function(request.arg(0)),
request.arg_as_u32bit(2, 0));
}
#endif
throw Algorithm_Not_Found(algo_spec);
}
/*
* Get a S2K algorithm by name
*/
S2K* get_s2k(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
Algorithm_Factory& af = global_state().algorithm_factory();
#if defined(BOTAN_HAS_PBKDF1)
if(request.algo_name() == "PBKDF1" && request.arg_count() == 1)
return new PKCS5_PBKDF1(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_PBKDF2)
if(request.algo_name() == "PBKDF2" && request.arg_count() == 1)
return new PKCS5_PBKDF2(new HMAC(af.make_hash_function(request.arg(0))));
#endif
#if defined(BOTAN_HAS_PGPS2K)
if(request.algo_name() == "OpenPGP-S2K" && request.arg_count() == 1)
return new OpenPGP_S2K(af.make_hash_function(request.arg(0)));
#endif
throw Algorithm_Not_Found(algo_spec);
}
/*
* Get an KDF by name
*/
KDF* get_kdf(const std::string& algo_spec)
{
SCAN_Name request(algo_spec);
Algorithm_Factory& af = global_state().algorithm_factory();
if(request.algo_name() == "Raw")
return 0; // No KDF
#if defined(BOTAN_HAS_KDF1)
if(request.algo_name() == "KDF1" && request.arg_count() == 1)
return new KDF1(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_KDF2)
if(request.algo_name() == "KDF2" && request.arg_count() == 1)
return new KDF2(af.make_hash_function(request.arg(0)));
#endif
#if defined(BOTAN_HAS_X942_PRF)
if(request.algo_name() == "X9.42-PRF" && request.arg_count() == 1)
return new X942_PRF(request.arg(0)); // OID
#endif
#if defined(BOTAN_HAS_TLS_V10_PRF)
if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0)
return new TLS_PRF;
#endif
#if defined(BOTAN_HAS_SSL_V3_PRF)
if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0)
return new SSL3_PRF;
#endif
throw Algorithm_Not_Found(algo_spec);
}
EMSA* get_emsa(const std::string& algo_spec)
{
SCAN_Name req(algo_spec);
#if defined(BOTAN_HAS_EMSA1)
if(req.algo_name() == "EMSA1" && req.arg_count() == 1)
{
if(auto hash = HashFunction::create(req.arg(0)))
return new EMSA1(hash.release());
}
#endif
#if defined(BOTAN_HAS_EMSA_PKCS1)
if(req.algo_name() == "EMSA_PKCS1" ||
req.algo_name() == "EMSA-PKCS1-v1_5" ||
req.algo_name() == "EMSA3")
{
if(req.arg_count() == 2 && req.arg(0) == "Raw")
{
return new EMSA_PKCS1v15_Raw(req.arg(1));
}
else if(req.arg_count() == 1)
{
if(req.arg(0) == "Raw")
{
return new EMSA_PKCS1v15_Raw;
}
else
{
if(auto hash = HashFunction::create(req.arg(0)))
{
return new EMSA_PKCS1v15(hash.release());
}
}
}
}
#endif
#if defined(BOTAN_HAS_EMSA_PSSR)
if(req.algo_name() == "PSSR" ||
req.algo_name() == "EMSA-PSS" ||
req.algo_name() == "PSS-MGF1" ||
req.algo_name() == "EMSA4")
{
if(req.arg_count_between(1, 3))
{
if(req.arg(1, "MGF1") != "MGF1")
return nullptr; // not supported
if(auto h = HashFunction::create(req.arg(0)))
{
const size_t salt_size = req.arg_as_integer(2, h->output_length());
return new PSSR(h.release(), salt_size);
}
}
}
#endif
#if defined(BOTAN_HAS_ISO_9796)
if(req.algo_name() == "ISO_9796_DS2")
{
if(req.arg_count_between(1, 3))
{
if(auto h = HashFunction::create(req.arg(0)))
{
const size_t salt_size = req.arg_as_integer(2, h->output_length());
const bool implicit = req.arg(1, "exp") == "imp";
return new ISO_9796_DS2(h.release(), implicit, salt_size);
}
}
}
//ISO-9796-2 DS 3 is deterministic and DS2 without a salt
if(req.algo_name() == "ISO_9796_DS3")
{
if(req.arg_count_between(1, 2))
{
if(auto h = HashFunction::create(req.arg(0)))
{
const bool implicit = req.arg(1, "exp") == "imp";
return new ISO_9796_DS3(h.release(), implicit);
}
}
}
#endif
#if defined(BOTAN_HAS_EMSA_X931)
if(req.algo_name() == "EMSA_X931" ||
req.algo_name() == "EMSA2" ||
req.algo_name() == "X9.31")
{
if(req.arg_count() == 1)
{
if(auto hash = HashFunction::create(req.arg(0)))
{
return new EMSA_X931(hash.release());
}
}
}
#endif
#if defined(BOTAN_HAS_EMSA_RAW)
if(req.algo_name() == "Raw")
{
if(req.arg_count() == 0)
{
return new EMSA_Raw;
}
else
{
auto hash = HashFunction::create(req.arg(0));
if(hash)
return new EMSA_Raw(hash->output_length());
}
}
#endif
throw Algorithm_Not_Found(algo_spec);
}
PK_Ops::Signature_with_EMSA::Signature_with_EMSA(const std::string& emsa)
{
m_emsa.reset(get_emsa(emsa));
if(!m_emsa)
throw Algorithm_Not_Found(emsa);
}
PK_Ops::Decryption_with_EME::Decryption_with_EME(const std::string& eme)
{
m_eme.reset(get_eme(eme));
if(!m_eme.get())
throw Algorithm_Not_Found(eme);
}
PK_Ops::Verification_with_EMSA::Verification_with_EMSA(const std::string& emsa)
{
m_emsa.reset(get_emsa(emsa));
if(!m_emsa)
throw Algorithm_Not_Found(emsa);
}
