Botan 3.3.0
Crypto and TLS for C&
curve25519.cpp
Go to the documentation of this file.
1/*
2* Curve25519
3* (C) 2014 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/curve25519.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/rng.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/pk_ops_impl.h>
15
16namespace Botan {
17
18void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) {
19 const uint8_t basepoint[32] = {9};
20 curve25519_donna(mypublic, secret, basepoint);
21}
22
23namespace {
24
25void size_check(size_t size, const char* thing) {
26 if(size != 32) {
27 throw Decoding_Error(fmt("Invalid size {} for Curve2551 {}", size, thing));
28 }
29}
30
31secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret, const uint8_t pubval[32]) {
32 secure_vector<uint8_t> out(32);
33 curve25519_donna(out.data(), secret.data(), pubval);
34 return out;
35}
36
37} // namespace
38
42
43bool Curve25519_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
44 return true; // no tests possible?
45}
46
47Curve25519_PublicKey::Curve25519_PublicKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) {
48 m_public.assign(key_bits.begin(), key_bits.end());
49
50 size_check(m_public.size(), "public key");
51}
52
53std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const {
54 return m_public;
55}
56
57std::unique_ptr<Private_Key> Curve25519_PublicKey::generate_another(RandomNumberGenerator& rng) const {
58 return std::make_unique<Curve25519_PrivateKey>(rng);
59};
60
62 if(secret_key.size() != 32) {
63 throw Decoding_Error("Invalid size for Curve25519 private key");
64 }
65
66 m_public.resize(32);
67 m_private = secret_key;
68 curve25519_basepoint(m_public.data(), m_private.data());
69}
70
72 m_private = rng.random_vec(32);
73 m_public.resize(32);
74 curve25519_basepoint(m_public.data(), m_private.data());
75}
76
77Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) {
79
80 size_check(m_private.size(), "private key");
81 m_public.resize(32);
82 curve25519_basepoint(m_public.data(), m_private.data());
83}
84
85std::unique_ptr<Public_Key> Curve25519_PrivateKey::public_key() const {
86 return std::make_unique<Curve25519_PublicKey>(public_value());
87}
88
92
93bool Curve25519_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
94 std::vector<uint8_t> public_point(32);
95 curve25519_basepoint(public_point.data(), m_private.data());
96 return public_point == m_public;
97}
98
99secure_vector<uint8_t> Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const {
100 size_check(w_len, "public value");
101 return curve25519(m_private, w);
102}
103
104namespace {
105
106/**
107* Curve25519 operation
108*/
109class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF {
110 public:
111 Curve25519_KA_Operation(const Curve25519_PrivateKey& key, std::string_view kdf) :
112 PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {}
113
114 size_t agreed_value_size() const override { return 32; }
115
116 secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override { return m_key.agree(w, w_len); }
117
118 private:
119 const Curve25519_PrivateKey& m_key;
120};
121
122} // namespace
123
124std::unique_ptr<PK_Ops::Key_Agreement> Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
125 std::string_view params,
126 std::string_view provider) const {
127 if(provider == "base" || provider.empty()) {
128 return std::make_unique<Curve25519_KA_Operation>(*this, params);
129 }
130 throw Provider_Not_Found(algo_name(), provider);
131}
132
133} // namespace Botan
virtual OID object_identifier() const
Definition pk_keys.cpp:22
BER_Decoder & decode(bool &out)
Definition ber_dec.h:176
BER_Decoder & discard_remaining()
Definition ber_dec.cpp:222
std::unique_ptr< Public_Key > public_key() const override
std::vector< uint8_t > public_value() const override
Definition curve25519.h:85
secure_vector< uint8_t > private_key_bits() const override
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Curve25519_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > public_key_bits() const override
std::vector< uint8_t > m_public
Definition curve25519.h:56
bool check_key(RandomNumberGenerator &rng, bool strong) const override
AlgorithmIdentifier algorithm_identifier() const override
std::string algo_name() const override
Definition curve25519.h:17
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
void random_vec(std::span< uint8_t > v)
Definition rng.h:179
int(* final)(unsigned char *, CTX *)
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
Definition donna.cpp:452
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])