Botan  2.4.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::ECIES_KA_Operation Class Reference

#include <ecies.h>

Public Member Functions

SymmetricKey derive_secret (const std::vector< uint8_t > &eph_public_key_bin, const PointGFp &other_public_key_point) const
 ECIES_KA_Operation (const PK_Key_Agreement_Key &private_key, const ECIES_KA_Params &ecies_params, bool for_encryption, RandomNumberGenerator &rng)

Detailed Description

ECIES secret derivation according to ISO 18033-2

Definition at line 185 of file ecies.h.

Constructor & Destructor Documentation

◆ ECIES_KA_Operation()

Botan::ECIES_KA_Operation::ECIES_KA_Operation ( const PK_Key_Agreement_Key private_key,
const ECIES_KA_Params ecies_params,
bool  for_encryption,
RandomNumberGenerator rng 
private_keythe (ephemeral) private key which is used to derive the secret
ecies_paramssettings for ecies
for_encryptiondisable cofactor mode if the secret will be used for encryption (according to ISO 18033 cofactor mode is only used during decryption)
rngthe RNG to use

Definition at line 126 of file ecies.cpp.

129  :
130  m_ka(create_key_agreement(private_key, ecies_params, for_encryption, rng)),
131  m_params(ecies_params)
132  {
133  }

Member Function Documentation

◆ derive_secret()

SymmetricKey Botan::ECIES_KA_Operation::derive_secret ( const std::vector< uint8_t > &  eph_public_key_bin,
const PointGFp other_public_key_point 
) const

Performs a key agreement with the provided keys and derives the secret from the result

eph_public_key_binthe encoded (ephemeral) public key which belongs to the used (ephemeral) private key
other_public_key_pointpublic key point of the other party

ECIES secret derivation according to ISO 18033-2

Definition at line 138 of file ecies.cpp.

References Botan::OctetString::begin(), Botan::BigInt::bytes(), Botan::ECIES_KA_Params::compression_type(), Botan::KDF::create_or_throw(), Botan::PK_Key_Agreement::derive_key(), Botan::ECIES_KA_Params::domain(), Botan::EC2OSP(), Botan::OctetString::end(), Botan::EC_Group::get_cofactor(), Botan::EC_Group::get_order(), Botan::PointGFp::is_zero(), Botan::ECIES_KA_Params::kdf_spec(), Botan::ECIES_KA_Params::old_cofactor_mode(), Botan::ECIES_KA_Params::secret_length(), and Botan::ECIES_KA_Params::single_hash_mode().

Referenced by Botan::ECIES_Decryptor::ECIES_Decryptor(), and Botan::ECIES_Encryptor::ECIES_Encryptor().

140  {
141  if(other_public_key_point.is_zero())
142  {
143  throw Invalid_Argument("ECIES: other public key point is zero");
144  }
146  std::unique_ptr<KDF> kdf = Botan::KDF::create_or_throw(m_params.kdf_spec());
148  PointGFp other_point = other_public_key_point;
150  // ISO 18033: step b
151  if(m_params.old_cofactor_mode())
152  {
153  other_point *= m_params.domain().get_cofactor();
154  }
156  secure_vector<uint8_t> derivation_input;
158  // ISO 18033: encryption step e / decryption step g
159  if(!m_params.single_hash_mode())
160  {
161  derivation_input += eph_public_key_bin;
162  }
164  // ISO 18033: encryption step f / decryption step h
165  secure_vector<uint8_t> other_public_key_bin = EC2OSP(other_point, static_cast<uint8_t>(m_params.compression_type()));
166  // Note: the argument `m_params.secret_length()` passed for `key_len` will only be used by providers because
167  // "Raw" is passed to the `PK_Key_Agreement` if the implementation of botan is used.
168  const SymmetricKey peh = m_ka.derive_key(m_params.domain().get_order().bytes(),, other_public_key_bin.size());
169  derivation_input.insert(derivation_input.end(), peh.begin(), peh.end());
171  // ISO 18033: encryption step g / decryption step i
172  return kdf->derive_key(m_params.secret_length(), derivation_input);
173  }
const BigInt & get_cofactor() const
Definition: ec_group.h:108
PointGFp::Compression_Type compression_type() const
Definition: ecies.h:105
const std::string & kdf_spec() const
Definition: ecies.h:110
bool single_hash_mode() const
Definition: ecies.h:85
secure_vector< uint8_t > EC2OSP(const PointGFp &point, uint8_t format)
Definition: point_gfp.cpp:469
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
Definition: pubkey.cpp:203
OctetString SymmetricKey
Definition: symkey.h:136
size_t bytes() const
Definition: bigint.cpp:175
const BigInt & get_order() const
Definition: ec_group.h:102
bool old_cofactor_mode() const
Definition: ecies.h:95
const EC_Group & domain() const
Definition: ecies.h:75
size_t secret_length() const
Definition: ecies.h:80
static std::unique_ptr< KDF > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: kdf.cpp:221

The documentation for this class was generated from the following files: