Botan 3.1.1
Crypto and TLS for C&
curve25519.cpp
Go to the documentation of this file.
1/*
2* Curve25519
3* (C) 2014 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/curve25519.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/rng.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/pk_ops_impl.h>
15
16namespace Botan {
17
18void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) {
19 const uint8_t basepoint[32] = {9};
20 curve25519_donna(mypublic, secret, basepoint);
21}
22
23namespace {
24
25void size_check(size_t size, const char* thing) {
26 if(size != 32) {
27 throw Decoding_Error(fmt("Invalid size {} for Curve2551 {}", size, thing));
28 }
29}
30
31secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret, const uint8_t pubval[32]) {
32 secure_vector<uint8_t> out(32);
33 curve25519_donna(out.data(), secret.data(), pubval);
34 return out;
35}
36
37} // namespace
38
41}
42
43bool Curve25519_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
44 return true; // no tests possible?
45}
46
47Curve25519_PublicKey::Curve25519_PublicKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) {
48 m_public.assign(key_bits.begin(), key_bits.end());
49
50 size_check(m_public.size(), "public key");
51}
52
53std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const {
54 return m_public;
55}
56
58 if(secret_key.size() != 32) {
59 throw Decoding_Error("Invalid size for Curve25519 private key");
60 }
61
62 m_public.resize(32);
63 m_private = secret_key;
64 curve25519_basepoint(m_public.data(), m_private.data());
65}
66
68 m_private = rng.random_vec(32);
69 m_public.resize(32);
70 curve25519_basepoint(m_public.data(), m_private.data());
71}
72
73Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) {
75
76 size_check(m_private.size(), "private key");
77 m_public.resize(32);
78 curve25519_basepoint(m_public.data(), m_private.data());
79}
80
81std::unique_ptr<Public_Key> Curve25519_PrivateKey::public_key() const {
82 return std::make_unique<Curve25519_PublicKey>(public_value());
83}
84
87}
88
89bool Curve25519_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
90 std::vector<uint8_t> public_point(32);
91 curve25519_basepoint(public_point.data(), m_private.data());
92 return public_point == m_public;
93}
94
95secure_vector<uint8_t> Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const {
96 size_check(w_len, "public value");
97 return curve25519(m_private, w);
98}
99
100namespace {
101
102/**
103* Curve25519 operation
104*/
105class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF {
106 public:
107 Curve25519_KA_Operation(const Curve25519_PrivateKey& key, std::string_view kdf) :
108 PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {}
109
110 size_t agreed_value_size() const override { return 32; }
111
112 secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override { return m_key.agree(w, w_len); }
113
114 private:
115 const Curve25519_PrivateKey& m_key;
116};
117
118} // namespace
119
120std::unique_ptr<PK_Ops::Key_Agreement> Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
121 std::string_view params,
122 std::string_view provider) const {
123 if(provider == "base" || provider.empty()) {
124 return std::make_unique<Curve25519_KA_Operation>(*this, params);
125 }
126 throw Provider_Not_Found(algo_name(), provider);
127}
128
129} // namespace Botan
virtual OID object_identifier() const
Definition: pk_keys.cpp:22
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:173
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:222
std::unique_ptr< Public_Key > public_key() const override
Definition: curve25519.cpp:81
std::vector< uint8_t > public_value() const override
Definition: curve25519.h:83
secure_vector< uint8_t > private_key_bits() const override
Definition: curve25519.cpp:85
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
Definition: curve25519.cpp:95
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition: curve25519.cpp:120
Curve25519_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition: curve25519.cpp:73
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:89
std::vector< uint8_t > public_key_bits() const override
Definition: curve25519.cpp:53
std::vector< uint8_t > m_public
Definition: curve25519.h:54
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:43
AlgorithmIdentifier algorithm_identifier() const override
Definition: curve25519.cpp:39
std::string algo_name() const override
Definition: curve25519.h:17
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:132
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:250
void random_vec(std::span< uint8_t > v)
Definition: rng.h:180
int(* final)(unsigned char *, CTX *)
Definition: alg_id.cpp:13
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:53
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
Definition: donna.cpp:452
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:18
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:61