Botan 3.9.0
Crypto and TLS for C&
Botan::ECIES_KA_Operation Class Reference

#include <ecies.h>

Public Member Functions

SymmetricKey derive_secret (std::span< const uint8_t > eph_public_key_bin, const EC_AffinePoint &other_public_key_point) const
 ECIES_KA_Operation (const PK_Key_Agreement_Key &private_key, const ECIES_KA_Params &ecies_params, bool for_encryption, RandomNumberGenerator &rng)

Detailed Description

ECIES secret derivation according to ISO 18033-2

Definition at line 228 of file ecies.h.

Constructor & Destructor Documentation

◆ ECIES_KA_Operation()

Botan::ECIES_KA_Operation::ECIES_KA_Operation ( const PK_Key_Agreement_Key & private_key,
const ECIES_KA_Params & ecies_params,
bool for_encryption,
RandomNumberGenerator & rng )
Parameters
private_keythe (ephemeral) private key which is used to derive the secret
ecies_paramssettings for ecies
for_encryptiondisable cofactor mode if the secret will be used for encryption (according to ISO 18033 cofactor mode is only used during decryption)
rngthe RNG to use

Definition at line 129 of file ecies.cpp.

132 :
133 m_ka(create_key_agreement(private_key, ecies_params, for_encryption, rng)), m_params(ecies_params) {}

Member Function Documentation

◆ derive_secret()

SymmetricKey Botan::ECIES_KA_Operation::derive_secret ( std::span< const uint8_t > eph_public_key_bin,
const EC_AffinePoint & other_public_key_point ) const

Performs a key agreement with the provided keys and derives the secret from the result

Parameters
eph_public_key_binthe encoded (ephemeral) public key which belongs to the used (ephemeral) private key
other_public_key_pointpublic key point of the other party

ECIES secret derivation according to ISO 18033-2

Definition at line 178 of file ecies.cpp.

179 {
180 BOTAN_ARG_CHECK(!other_public_key_point.is_identity(), "ECIES: peer public key point is the identity element");
181
182 auto kdf = KDF::create_or_throw(m_params.kdf());
183
184 auto other_point = other_public_key_point;
185
186 const auto& group = m_params.group();
187
188 // ISO 18033: step b
189 // TODO(Botan4) remove when cofactor support is removed
190 if(m_params.old_cofactor_mode() && group.has_cofactor()) {
191 Null_RNG null_rng;
192 auto cofactor = EC_Scalar::from_bigint(group, group.get_cofactor());
193 other_point = other_point.mul(cofactor, null_rng);
194 }
195
196 secure_vector<uint8_t> derivation_input;
197
198 // ISO 18033: encryption step e / decryption step g
199 if(!m_params.single_hash_mode()) {
200 derivation_input.assign(eph_public_key_bin.begin(), eph_public_key_bin.end());
201 }
202
203 // ISO 18033: encryption step f / decryption step h
204 std::vector<uint8_t> other_public_key_bin = other_point.serialize(m_params.point_format());
205 // Note: the argument `m_params.secret_length()` passed for `key_len` will only be used by providers because
206 // "Raw" is passed to the `PK_Key_Agreement` if the implementation of botan is used.
207 const SymmetricKey peh =
208 m_ka.derive_key(m_params.group().get_order_bytes(), other_public_key_bin.data(), other_public_key_bin.size());
209 derivation_input.insert(derivation_input.end(), peh.begin(), peh.end());
210
211 // ISO 18033: encryption step g / decryption step i
212 return SymmetricKey(kdf->derive_key(m_params.secret_length(), derivation_input));
213}
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
static EC_Scalar from_bigint(const EC_Group &group, const BigInt &bn)
Definition ec_scalar.cpp:69
static std::unique_ptr< KDF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition kdf.cpp:204
OctetString SymmetricKey
Definition symkey.h:140
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References Botan::OctetString::begin(), BOTAN_ARG_CHECK, Botan::KDF::create_or_throw(), Botan::OctetString::end(), Botan::EC_Scalar::from_bigint(), and Botan::EC_AffinePoint::is_identity().


The documentation for this class was generated from the following files: