Botan  2.4.0
Crypto and TLS for C++11
curve25519.cpp
Go to the documentation of this file.
1 /*
2 * Curve25519
3 * (C) 2014 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/curve25519.h>
9 #include <botan/internal/pk_ops_impl.h>
10 #include <botan/ber_dec.h>
11 #include <botan/der_enc.h>
12 #include <botan/rng.h>
13 
14 namespace Botan {
15 
16 void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
17  {
18  const uint8_t basepoint[32] = { 9 };
19  curve25519_donna(mypublic, secret, basepoint);
20  }
21 
22 namespace {
23 
24 void size_check(size_t size, const char* thing)
25  {
26  if(size != 32)
27  throw Decoding_Error("Invalid size " + std::to_string(size) + " for Curve25519 " + thing);
28  }
29 
30 secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret,
31  const uint8_t pubval[32])
32  {
33  secure_vector<uint8_t> out(32);
34  curve25519_donna(out.data(), secret.data(), pubval);
35  return out;
36  }
37 
38 }
39 
41  {
42  // AlgorithmIdentifier::USE_NULL_PARAM puts 0x05 0x00 in parameters
43  // We want nothing
44  std::vector<uint8_t> empty;
45  return AlgorithmIdentifier(get_oid(), empty);
46  }
47 
49  {
50  return true; // no tests possible?
51  }
52 
54  const std::vector<uint8_t>& key_bits)
55  {
56  m_public = key_bits;
57 
58  size_check(m_public.size(), "public key");
59  }
60 
61 std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const
62  {
63  return m_public;
64  }
65 
67  {
68  if(secret_key.size() != 32)
69  throw Decoding_Error("Invalid size for Curve25519 private key");
70 
71  m_public.resize(32);
72  m_private = secret_key;
73  curve25519_basepoint(m_public.data(), m_private.data());
74  }
75 
77  {
78  m_private = rng.random_vec(32);
79  m_public.resize(32);
80  curve25519_basepoint(m_public.data(), m_private.data());
81  }
82 
84  const secure_vector<uint8_t>& key_bits)
85  {
86  BER_Decoder(key_bits).decode(m_private, OCTET_STRING).discard_remaining();
87 
88  size_check(m_private.size(), "private key");
89  m_public.resize(32);
90  curve25519_basepoint(m_public.data(), m_private.data());
91  }
92 
94  {
95  return DER_Encoder().encode(m_private, OCTET_STRING).get_contents();
96  }
97 
99  {
100  std::vector<uint8_t> public_point(32);
101  curve25519_basepoint(public_point.data(), m_private.data());
102  return public_point == m_public;
103  }
104 
105 secure_vector<uint8_t> Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const
106  {
107  size_check(w_len, "public value");
108  return curve25519(m_private, w);
109  }
110 
111 namespace {
112 
113 /**
114 * Curve25519 operation
115 */
116 class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
117  {
118  public:
119 
120  Curve25519_KA_Operation(const Curve25519_PrivateKey& key, const std::string& kdf) :
122  m_key(key) {}
123 
124  secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
125  {
126  return m_key.agree(w, w_len);
127  }
128  private:
129  const Curve25519_PrivateKey& m_key;
130  };
131 
132 }
133 
134 std::unique_ptr<PK_Ops::Key_Agreement>
136  const std::string& params,
137  const std::string& provider) const
138  {
139  if(provider == "base" || provider.empty())
140  return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params));
141  throw Provider_Not_Found(algo_name(), provider);
142  }
143 
144 }
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:98
secure_vector< uint8_t > random_vec(size_t bytes)
Definition: rng.h:132
std::string algo_name() const override
Definition: curve25519.h:18
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:16
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:123
AlgorithmIdentifier algorithm_identifier() const override
Definition: curve25519.cpp:40
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:355
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:108
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:48
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:202
std::vector< uint8_t > public_key_bits() const override
Definition: curve25519.cpp:61
virtual OID get_oid() const
Definition: pk_keys.cpp:51
secure_vector< uint8_t > private_key_bits() const override
Definition: curve25519.cpp:93
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: curve25519.cpp:135
Curve25519_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: curve25519.cpp:83
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:186
Definition: alg_id.cpp:13
std::vector< uint8_t > m_public
Definition: curve25519.h:55
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
Definition: curve25519.cpp:105
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88