Botan 3.4.0
Crypto and TLS for C&
dh.cpp
Go to the documentation of this file.
1/*
2* Diffie-Hellman
3* (C) 1999-2007,2016,2019,2023 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/dh.h>
9
10#include <botan/internal/blinding.h>
11#include <botan/internal/dl_scheme.h>
12#include <botan/internal/pk_ops_impl.h>
13
14namespace Botan {
15
16DH_PublicKey::DH_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) {
17 m_public_key = std::make_shared<DL_PublicKey>(alg_id, key_bits, DL_Group_Format::ANSI_X9_42);
18}
19
20DH_PublicKey::DH_PublicKey(const DL_Group& group, const BigInt& y) {
21 m_public_key = std::make_shared<DL_PublicKey>(group, y);
22}
23
24std::vector<uint8_t> DH_PublicKey::public_value() const {
25 return m_public_key->public_key_as_bytes();
26}
27
28size_t DH_PublicKey::estimated_strength() const {
29 return m_public_key->estimated_strength();
30}
31
32size_t DH_PublicKey::key_length() const {
33 return m_public_key->p_bits();
34}
35
36const BigInt& DH_PublicKey::get_int_field(std::string_view field) const {
37 return m_public_key->get_int_field(algo_name(), field);
38}
39
40const DL_Group& DH_PublicKey::group() const {
41 return m_public_key->group();
42}
43
47
48std::vector<uint8_t> DH_PublicKey::public_key_bits() const {
49 return m_public_key->DER_encode();
50}
51
52bool DH_PublicKey::check_key(RandomNumberGenerator& rng, bool strong) const {
53 return m_public_key->check_key(rng, strong);
54}
55
56std::unique_ptr<Private_Key> DH_PublicKey::generate_another(RandomNumberGenerator& rng) const {
57 return std::make_unique<DH_PrivateKey>(rng, group());
58}
59
60DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, const DL_Group& group) {
61 m_private_key = std::make_shared<DL_PrivateKey>(group, rng);
62 m_public_key = m_private_key->public_key();
63}
64
65DH_PrivateKey::DH_PrivateKey(const DL_Group& group, const BigInt& x) {
66 m_private_key = std::make_shared<DL_PrivateKey>(group, x);
67 m_public_key = m_private_key->public_key();
68}
69
70DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) {
71 m_private_key = std::make_shared<DL_PrivateKey>(alg_id, key_bits, DL_Group_Format::ANSI_X9_42);
72 m_public_key = m_private_key->public_key();
73}
74
75std::unique_ptr<Public_Key> DH_PrivateKey::public_key() const {
76 return std::unique_ptr<DH_PublicKey>(new DH_PublicKey(m_public_key));
77}
78
79std::vector<uint8_t> DH_PrivateKey::public_value() const {
80 return DH_PublicKey::public_value();
81}
82
83secure_vector<uint8_t> DH_PrivateKey::private_key_bits() const {
84 return m_private_key->DER_encode();
85}
86
87secure_vector<uint8_t> DH_PrivateKey::raw_private_key_bits() const {
88 return m_private_key->raw_private_key_bits();
89}
90
91const BigInt& DH_PrivateKey::get_int_field(std::string_view field) const {
92 return m_private_key->get_int_field(algo_name(), field);
93}
94
95namespace {
96
97/**
98* DH operation
99*/
100class DH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF {
101 public:
102 DH_KA_Operation(const std::shared_ptr<const DL_PrivateKey>& key,
103 std::string_view kdf,
104 RandomNumberGenerator& rng) :
105 PK_Ops::Key_Agreement_with_KDF(kdf),
106 m_key(key),
107 m_key_bits(m_key->private_key().bits()),
108 m_blinder(
109 m_key->group().get_p(),
110 rng,
111 [](const BigInt& k) { return k; },
112 [this](const BigInt& k) {
113 const BigInt inv_k = inverse_mod(k, group().get_p());
114 return powermod_x_p(inv_k);
115 }) {}
116
117 size_t agreed_value_size() const override { return group().p_bytes(); }
118
119 secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override;
120
121 private:
122 const DL_Group& group() const { return m_key->group(); }
123
124 BigInt powermod_x_p(const BigInt& v) const { return group().power_b_p(v, m_key->private_key(), m_key_bits); }
125
126 std::shared_ptr<const DL_PrivateKey> m_key;
127 std::shared_ptr<const Montgomery_Params> m_monty_p;
128 const size_t m_key_bits;
129 Blinder m_blinder;
130};
131
132secure_vector<uint8_t> DH_KA_Operation::raw_agree(const uint8_t w[], size_t w_len) {
133 BigInt v = BigInt::decode(w, w_len);
134
135 if(v <= 1 || v >= group().get_p()) {
136 throw Invalid_Argument("DH agreement - invalid key provided");
137 }
138
139 v = m_blinder.blind(v);
140 v = powermod_x_p(v);
141 v = m_blinder.unblind(v);
142
143 return BigInt::encode_1363(v, group().p_bytes());
144}
145
146} // namespace
147
148std::unique_ptr<PK_Ops::Key_Agreement> DH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng,
149 std::string_view params,
150 std::string_view provider) const {
151 if(provider == "base" || provider.empty()) {
152 return std::make_unique<DH_KA_Operation>(this->m_private_key, params, rng);
153 }
154 throw Provider_Not_Found(algo_name(), provider);
155}
156
157} // namespace Botan
Botan::Asymmetric_Key::object_identifier
virtual OID object_identifier() const
Definition pk_keys.cpp:22
Botan::Blinder::blind
BigInt blind(const BigInt &x) const
Definition blinding.cpp:33
Botan::Blinder::unblind
BigInt unblind(const BigInt &x) const
Definition blinding.cpp:53
Botan::DH_PrivateKey::public_value
std::vector< uint8_t > public_value() const override
Definition dh.cpp:79
Botan::DH_PrivateKey::raw_private_key_bits
secure_vector< uint8_t > raw_private_key_bits() const override
Definition dh.cpp:87
Botan::DH_PrivateKey::get_int_field
const BigInt & get_int_field(std::string_view field) const override
Definition dh.cpp:91
Botan::DH_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override
Definition dh.cpp:83
Botan::DH_PrivateKey::public_key
std::unique_ptr< Public_Key > public_key() const override
Definition dh.cpp:75
Botan::DH_PrivateKey::create_key_agreement_op
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition dh.cpp:148
Botan::DH_PublicKey
Definition dh.h:24
Botan::DH_PublicKey::key_length
size_t key_length() const override
Definition dh.cpp:32
Botan::DH_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition dh.cpp:52
Botan::DH_PublicKey::generate_another
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
Definition dh.cpp:56
Botan::DH_PublicKey::public_value
std::vector< uint8_t > public_value() const
Definition dh.cpp:24
Botan::DH_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition dh.cpp:48
Botan::DH_PublicKey::DH_PrivateKey
friend class DH_PrivateKey
Definition dh.h:61
Botan::DH_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition dh.cpp:44
Botan::DH_PublicKey::get_int_field
const BigInt & get_int_field(std::string_view field) const override
Definition dh.cpp:36
Botan::DH_PublicKey::algo_name
std::string algo_name() const override
Definition dh.h:50
Botan::DH_PublicKey::group
const DL_Group & group() const
Definition dh.cpp:40
Botan::DH_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition dh.cpp:28
Botan::DL_Group
Definition dl_group.h:44
Botan::PK_Ops::Key_Agreement_with_KDF
Definition pk_ops_impl.h:103
Botan::Provider_Not_Found
Definition exceptn.h:262
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::inverse_mod
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition mod_inv.cpp:178
Generated by doxygen 1.10.0