Botan 2.19.2
Crypto and TLS for C&
curve25519.cpp
Go to the documentation of this file.
1/*
2* Curve25519
3* (C) 2014 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/curve25519.h>
9#include <botan/internal/pk_ops_impl.h>
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/rng.h>
13
14namespace Botan {
15
16void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
17 {
18 const uint8_t basepoint[32] = { 9 };
19 curve25519_donna(mypublic, secret, basepoint);
20 }
21
22namespace {
23
24void size_check(size_t size, const char* thing)
25 {
26 if(size != 32)
27 throw Decoding_Error("Invalid size " + std::to_string(size) + " for Curve25519 " + thing);
28 }
29
30secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret,
31 const uint8_t pubval[32])
32 {
33 secure_vector<uint8_t> out(32);
34 curve25519_donna(out.data(), secret.data(), pubval);
35 return out;
36 }
37
38}
39
41 {
43 }
44
46 {
47 return true; // no tests possible?
48 }
49
51 const std::vector<uint8_t>& key_bits)
52 {
53 m_public = key_bits;
54
55 size_check(m_public.size(), "public key");
56 }
57
58std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const
59 {
60 return m_public;
61 }
62
64 {
65 if(secret_key.size() != 32)
66 throw Decoding_Error("Invalid size for Curve25519 private key");
67
68 m_public.resize(32);
69 m_private = secret_key;
70 curve25519_basepoint(m_public.data(), m_private.data());
71 }
72
74 {
75 m_private = rng.random_vec(32);
76 m_public.resize(32);
77 curve25519_basepoint(m_public.data(), m_private.data());
78 }
79
81 const secure_vector<uint8_t>& key_bits)
82 {
83 BER_Decoder(key_bits).decode(m_private, OCTET_STRING).discard_remaining();
84
85 size_check(m_private.size(), "private key");
86 m_public.resize(32);
87 curve25519_basepoint(m_public.data(), m_private.data());
88 }
89
91 {
92 return DER_Encoder().encode(m_private, OCTET_STRING).get_contents();
93 }
94
96 {
97 std::vector<uint8_t> public_point(32);
98 curve25519_basepoint(public_point.data(), m_private.data());
99 return public_point == m_public;
100 }
101
102secure_vector<uint8_t> Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const
103 {
104 size_check(w_len, "public value");
105 return curve25519(m_private, w);
106 }
107
108namespace {
109
110/**
111* Curve25519 operation
112*/
113class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
114 {
115 public:
116
117 Curve25519_KA_Operation(const Curve25519_PrivateKey& key, const std::string& kdf) :
118 PK_Ops::Key_Agreement_with_KDF(kdf),
119 m_key(key) {}
120
121 size_t agreed_value_size() const override { return 32; }
122
123 secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
124 {
125 return m_key.agree(w, w_len);
126 }
127 private:
128 const Curve25519_PrivateKey& m_key;
129 };
130
131}
132
133std::unique_ptr<PK_Ops::Key_Agreement>
135 const std::string& params,
136 const std::string& provider) const
137 {
138 if(provider == "base" || provider.empty())
139 return std::unique_ptr<PK_Ops::Key_Agreement>(new Curve25519_KA_Operation(*this, params));
140 throw Provider_Not_Found(algo_name(), provider);
141 }
142
143}
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:170
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:226
secure_vector< uint8_t > private_key_bits() const override
Definition: curve25519.cpp:90
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
Definition: curve25519.cpp:102
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: curve25519.cpp:134
Curve25519_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: curve25519.cpp:80
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:95
std::vector< uint8_t > public_key_bits() const override
Definition: curve25519.cpp:58
std::vector< uint8_t > m_public
Definition: curve25519.h:55
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: curve25519.cpp:45
AlgorithmIdentifier algorithm_identifier() const override
Definition: curve25519.cpp:40
std::string algo_name() const override
Definition: curve25519.h:18
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:152
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
virtual OID get_oid() const
Definition: pk_keys.cpp:53
secure_vector< uint8_t > random_vec(size_t bytes)
Definition: rng.h:143
int(* final)(unsigned char *, CTX *)
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
Definition: alg_id.cpp:13
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
Definition: donna.cpp:440
@ OCTET_STRING
Definition: asn1_obj.h:38
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition: curve25519.cpp:16
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65