Botan 3.7.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::ECIES_KA_Operation Class Reference

#include <ecies.h>

Public Member Functions

SymmetricKey derive_secret (std::span< const uint8_t > eph_public_key_bin, const EC_AffinePoint &other_public_key_point) const
 
 ECIES_KA_Operation (const PK_Key_Agreement_Key &private_key, const ECIES_KA_Params &ecies_params, bool for_encryption, RandomNumberGenerator &rng)
 

Detailed Description

ECIES secret derivation according to ISO 18033-2

TODO(Botan4) hide this

Definition at line 174 of file ecies.h.

Constructor & Destructor Documentation

◆ ECIES_KA_Operation()

Botan::ECIES_KA_Operation::ECIES_KA_Operation ( const PK_Key_Agreement_Key & private_key,
const ECIES_KA_Params & ecies_params,
bool for_encryption,
RandomNumberGenerator & rng )
Parameters
private_keythe (ephemeral) private key which is used to derive the secret
ecies_paramssettings for ecies
for_encryptiondisable cofactor mode if the secret will be used for encryption (according to ISO 18033 cofactor mode is only used during decryption)
rngthe RNG to use

Definition at line 125 of file ecies.cpp.

128 :
129 m_ka(create_key_agreement(private_key, ecies_params, for_encryption, rng)), m_params(ecies_params) {}

Member Function Documentation

◆ derive_secret()

SymmetricKey Botan::ECIES_KA_Operation::derive_secret ( std::span< const uint8_t > eph_public_key_bin,
const EC_AffinePoint & other_public_key_point ) const

Performs a key agreement with the provided keys and derives the secret from the result

Parameters
eph_public_key_binthe encoded (ephemeral) public key which belongs to the used (ephemeral) private key
other_public_key_pointpublic key point of the other party

ECIES secret derivation according to ISO 18033-2

Definition at line 173 of file ecies.cpp.

174 {
175 BOTAN_ARG_CHECK(!other_public_key_point.is_identity(), "ECIES: peer public key point is the identity element");
176
177 auto kdf = KDF::create_or_throw(m_params.kdf_spec());
178
179 auto other_point = other_public_key_point;
180
181 // ISO 18033: step b
182 if(m_params.old_cofactor_mode() && m_params.domain().has_cofactor()) {
183 std::vector<BigInt> ws;
184 Null_RNG null_rng;
185 auto cofactor = EC_Scalar::from_bigint(m_params.domain(), m_params.domain().get_cofactor());
186 other_point = other_point.mul(cofactor, null_rng, ws);
187 }
188
189 secure_vector<uint8_t> derivation_input;
190
191 // ISO 18033: encryption step e / decryption step g
192 if(!m_params.single_hash_mode()) {
193 derivation_input.assign(eph_public_key_bin.begin(), eph_public_key_bin.end());
194 }
195
196 // ISO 18033: encryption step f / decryption step h
197 std::vector<uint8_t> other_public_key_bin = other_point.serialize(m_params.compression_type());
198 // Note: the argument `m_params.secret_length()` passed for `key_len` will only be used by providers because
199 // "Raw" is passed to the `PK_Key_Agreement` if the implementation of botan is used.
200 const SymmetricKey peh =
201 m_ka.derive_key(m_params.domain().get_order_bytes(), other_public_key_bin.data(), other_public_key_bin.size());
202 derivation_input.insert(derivation_input.end(), peh.begin(), peh.end());
203
204 // ISO 18033: encryption step g / decryption step i
205 return SymmetricKey(kdf->derive_key(m_params.secret_length(), derivation_input));
206}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
Botan::ECIES_KA_Params::secret_length
size_t secret_length() const
Definition ecies.h:84
Botan::ECIES_KA_Params::old_cofactor_mode
bool old_cofactor_mode() const
Definition ecies.h:92
Botan::ECIES_KA_Params::compression_type
EC_Point_Format compression_type() const
Definition ecies.h:98
Botan::ECIES_KA_Params::single_hash_mode
bool single_hash_mode() const
Definition ecies.h:86
Botan::ECIES_KA_Params::kdf_spec
const std::string & kdf_spec() const
Definition ecies.h:100
Botan::ECIES_KA_Params::domain
const EC_Group & domain() const
Definition ecies.h:82
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:574
Botan::EC_Group::has_cofactor
bool has_cofactor() const
Definition ec_group.cpp:578
Botan::EC_Group::get_order_bytes
size_t get_order_bytes() const
Definition ec_group.cpp:510
Botan::EC_Scalar::from_bigint
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:65
Botan::KDF::create_or_throw
static std::unique_ptr< KDF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition kdf.cpp:202
Botan::PK_Key_Agreement::derive_key
SymmetricKey derive_key(size_t key_len, const uint8_t peer_key[], size_t peer_key_len, const uint8_t salt[], size_t salt_len) const
Definition pubkey.cpp:248
Botan::SymmetricKey
OctetString SymmetricKey
Definition symkey.h:140
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

References Botan::OctetString::begin(), BOTAN_ARG_CHECK, Botan::ECIES_KA_Params::compression_type(), Botan::KDF::create_or_throw(), Botan::PK_Key_Agreement::derive_key(), Botan::ECIES_KA_Params::domain(), Botan::OctetString::end(), Botan::EC_Scalar::from_bigint(), Botan::EC_Group::get_cofactor(), Botan::EC_Group::get_order_bytes(), Botan::EC_Group::has_cofactor(), Botan::EC_AffinePoint::is_identity(), Botan::ECIES_KA_Params::kdf_spec(), Botan::ECIES_KA_Params::old_cofactor_mode(), Botan::ECIES_KA_Params::secret_length(), Botan::EC_AffinePoint::serialize(), and Botan::ECIES_KA_Params::single_hash_mode().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0