Botan  2.8.0
Crypto and TLS for C++11
curve25519.cpp
Go to the documentation of this file.
1 /*
2 * Curve25519
3 * (C) 2014 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/curve25519.h>
9 #include <botan/internal/pk_ops_impl.h>
10 #include <botan/ber_dec.h>
11 #include <botan/der_enc.h>
12 #include <botan/rng.h>
13 
14 namespace Botan {
15 
16 void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
17  {
18  const uint8_t basepoint[32] = { 9 };
19  curve25519_donna(mypublic, secret, basepoint);
20  }
21 
22 namespace {
23 
24 void size_check(size_t size, const char* thing)
25  {
26  if(size != 32)
27  throw Decoding_Error("Invalid size " + std::to_string(size) + " for Curve25519 " + thing);
28  }
29 
30 secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret,
31  const uint8_t pubval[32])
32  {
33  secure_vector<uint8_t> out(32);
34  curve25519_donna(out.data(), secret.data(), pubval);
35  return out;
36  }
37 
38 }
39 
41  {
43  }
44 
46  {
47  return true; // no tests possible?
48  }
49 
51  const std::vector<uint8_t>& key_bits)
52  {
53  m_public = key_bits;
54 
55  size_check(m_public.size(), "public key");
56  }
57 
58 std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const
59  {
60  return m_public;
61  }
62 
64  {
65  if(secret_key.size() != 32)
66  throw Decoding_Error("Invalid size for Curve25519 private key");
67 
68  m_public.resize(32);
69  m_private = secret_key;
70  curve25519_basepoint(m_public.data(), m_private.data());
71  }
72 
74  {
75  m_private = rng.random_vec(32);
76  m_public.resize(32);
77  curve25519_basepoint(m_public.data(), m_private.data());
78  }
79 
81  const secure_vector<uint8_t>& key_bits)
82  {
83  BER_Decoder(key_bits).decode(m_private, OCTET_STRING).discard_remaining();
84 
85  size_check(m_private.size(), "private key");
86  m_public.resize(32);
87  curve25519_basepoint(m_public.data(), m_private.data());
88  }
89 
91  {
92  return DER_Encoder().encode(m_private, OCTET_STRING).get_contents();
93  }
94 
96  {
97  std::vector<uint8_t> public_point(32);
98  curve25519_basepoint(public_point.data(), m_private.data());
99  return public_point == m_public;
100  }
101 
102 secure_vector<uint8_t> Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const
103  {
104  size_check(w_len, "public value");
105  return curve25519(m_private, w);
106  }
107 
108 namespace {
109 
110 /**
111 * Curve25519 operation
112 */
113 class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
114  {
115  public:
116 
117  Curve25519_KA_Operation(const Curve25519_PrivateKey& key, const std::string& kdf) :
118  PK_Ops::Key_Agreement_with_KDF(kdf),
119  m_key(key) {}
120 
121  size_t agreed_value_size() const override { return 32; }
122 
123  secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
124  {
125  return m_key.agree(w, w_len);
126  }
127  private:
128  const Curve25519_PrivateKey& m_key;
129  };
130 
131 }
132 
133 std::unique_ptr<PK_Ops::Key_Agreement>
135  const std::string& params,
136  const std::string& provider) const
137  {
138  if(provider == "base" || provider.empty())
139  return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params));
140  throw Provider_Not_Found(algo_name(), provider);
141  }
142 
143 }
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:95
secure_vector< uint8_t > random_vec(size_t bytes)
Definition: rng.h:141
std::string algo_name() const override
Definition: curve25519.h:18
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:16
int(* final)(unsigned char *, CTX *)
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:152
AlgorithmIdentifier algorithm_identifier() const override
Definition: curve25519.cpp:40
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:170
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:45
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
std::vector< uint8_t > public_key_bits() const override
Definition: curve25519.cpp:58
virtual OID get_oid() const
Definition: pk_keys.cpp:53
secure_vector< uint8_t > private_key_bits() const override
Definition: curve25519.cpp:90
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: curve25519.cpp:134
Curve25519_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: curve25519.cpp:80
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:226
Definition: alg_id.cpp:13
std::vector< uint8_t > m_public
Definition: curve25519.h:55
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
Definition: curve25519.cpp:102
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
const RSA_PrivateKey & m_key
Definition: rsa.cpp:277