Botan  2.8.0
Crypto and TLS for C++11
dh.cpp
Go to the documentation of this file.
1 /*
2 * Diffie-Hellman
3 * (C) 1999-2007,2016 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/dh.h>
9 #include <botan/internal/pk_ops_impl.h>
10 #include <botan/pow_mod.h>
11 #include <botan/blinding.h>
12 
13 namespace Botan {
14 
15 /*
16 * DH_PublicKey Constructor
17 */
19  {
20  m_group = grp;
21  m_y = y1;
22  }
23 
24 /*
25 * Return the public value for key agreement
26 */
27 std::vector<uint8_t> DH_PublicKey::public_value() const
28  {
29  return unlock(BigInt::encode_1363(m_y, group_p().bytes()));
30  }
31 
32 /*
33 * Create a DH private key
34 */
36  const DL_Group& grp,
37  const BigInt& x_arg)
38  {
39  m_group = grp;
40 
41  if(x_arg == 0)
42  {
43  const size_t exp_bits = grp.exponent_bits();
44  m_x.randomize(rng, exp_bits);
45  m_y = m_group.power_g_p(m_x, exp_bits);
46  }
47  else
48  {
49  m_x = x_arg;
50 
51  if(m_y == 0)
52  m_y = m_group.power_g_p(m_x, grp.p_bits());
53  }
54  }
55 
56 /*
57 * Load a DH private key
58 */
60  const secure_vector<uint8_t>& key_bits) :
61  DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42)
62  {
63  if(m_y.is_zero())
64  {
66  }
67  }
68 
69 /*
70 * Return the public value for key agreement
71 */
72 std::vector<uint8_t> DH_PrivateKey::public_value() const
73  {
75  }
76 
77 namespace {
78 
79 /**
80 * DH operation
81 */
82 class DH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
83  {
84  public:
85 
86  DH_KA_Operation(const DH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) :
87  PK_Ops::Key_Agreement_with_KDF(kdf),
88  m_p(key.group_p()),
89  m_powermod_x_p(key.get_x(), m_p),
90  m_blinder(m_p,
91  rng,
92  [](const BigInt& k) { return k; },
93  [this](const BigInt& k) { return m_powermod_x_p(inverse_mod(k, m_p)); })
94  {}
95 
96  size_t agreed_value_size() const override { return m_p.bytes(); }
97 
98  secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override;
99  private:
100  const BigInt& m_p;
101 
102  Fixed_Exponent_Power_Mod m_powermod_x_p;
103  Blinder m_blinder;
104  };
105 
106 secure_vector<uint8_t> DH_KA_Operation::raw_agree(const uint8_t w[], size_t w_len)
107  {
108  BigInt v = BigInt::decode(w, w_len);
109 
110  if(v <= 1 || v >= m_p - 1)
111  throw Invalid_Argument("DH agreement - invalid key provided");
112 
113  v = m_blinder.blind(v);
114  v = m_powermod_x_p(v);
115  v = m_blinder.unblind(v);
116 
117  return BigInt::encode_1363(v, m_p.bytes());
118  }
119 
120 }
121 
122 std::unique_ptr<PK_Ops::Key_Agreement>
124  const std::string& params,
125  const std::string& provider) const
126  {
127  if(provider == "base" || provider.empty())
128  return std::unique_ptr<PK_Ops::Key_Agreement>(new DH_KA_Operation(*this, params, rng));
129  throw Provider_Not_Found(algo_name(), provider);
130  }
131 
132 }
std::vector< uint8_t > public_value() const
Definition: dh.cpp:27
void randomize(RandomNumberGenerator &rng, size_t bitsize, bool set_high_bit=true)
Definition: big_rand.cpp:17
BigInt power_g_p(const BigInt &x) const
Definition: dl_group.cpp:520
int(* final)(unsigned char *, CTX *)
bool is_zero() const
Definition: bigint.h:362
DH_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
Definition: dh.cpp:59
BigInt unblind(const BigInt &x) const
Definition: blinding.cpp:58
DH_PublicKey()=default
size_t exponent_bits() const
Definition: dl_group.cpp:463
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:289
Definition: alg_id.cpp:13
size_t bytes() const
Definition: bigint.cpp:221
size_t p_bits() const
Definition: dl_group.cpp:436
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
BigInt blind(const BigInt &x) const
Definition: blinding.cpp:35
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: dh.cpp:123
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:713
const BigInt & group_p() const
Definition: dl_algo.h:49
Blinder m_blinder
Definition: rsa.cpp:286
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:124
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
std::vector< uint8_t > public_value() const override
Definition: dh.cpp:72
std::string algo_name() const override
Definition: dh.h:21