Botan  2.9.0
Crypto and TLS for C++11
ecc_key.cpp
Go to the documentation of this file.
1 /*
2 * ECC Key implemenation
3 * (C) 2007 Manuel Hartl, FlexSecure GmbH
4 * Falko Strenzke, FlexSecure GmbH
5 * 2008-2010 Jack Lloyd
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/ecc_key.h>
11 #include <botan/numthry.h>
12 #include <botan/der_enc.h>
13 #include <botan/ber_dec.h>
14 #include <botan/secmem.h>
15 #include <botan/point_gfp.h>
16 #include <botan/workfactor.h>
17 
18 namespace Botan {
19 
20 size_t EC_PublicKey::key_length() const
21  {
22  return domain().get_p_bits();
23  }
24 
25 size_t EC_PublicKey::estimated_strength() const
26  {
27  return ecp_work_factor(key_length());
28  }
29 
30 EC_PublicKey::EC_PublicKey(const EC_Group& dom_par,
31  const PointGFp& pub_point) :
32  m_domain_params(dom_par), m_public_key(pub_point)
33  {
34  if (!dom_par.get_curve_oid().empty())
35  m_domain_encoding = EC_DOMPAR_ENC_OID;
36  else
37  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
38 
39 #if 0
40  if(domain().get_curve() != public_point().get_curve())
41  throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor");
42 #endif
43  }
44 
45 EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id,
46  const std::vector<uint8_t>& key_bits) :
47  m_domain_params{EC_Group(alg_id.get_parameters())},
48  m_public_key{domain().OS2ECP(key_bits)}
49  {
50  if (!domain().get_curve_oid().empty())
51  m_domain_encoding = EC_DOMPAR_ENC_OID;
52  else
53  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
54  }
55 
56 bool EC_PublicKey::check_key(RandomNumberGenerator& rng,
57  bool) const
58  {
59  return m_domain_params.verify_group(rng) &&
60  m_domain_params.verify_public_element(public_point());
61  }
62 
63 
64 AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const
65  {
66  return AlgorithmIdentifier(get_oid(), DER_domain());
67  }
68 
69 std::vector<uint8_t> EC_PublicKey::public_key_bits() const
70  {
71  return public_point().encode(point_encoding());
72  }
73 
74 void EC_PublicKey::set_point_encoding(PointGFp::Compression_Type enc)
75  {
76  if(enc != PointGFp::COMPRESSED &&
77  enc != PointGFp::UNCOMPRESSED &&
78  enc != PointGFp::HYBRID)
79  throw Invalid_Argument("Invalid point encoding for EC_PublicKey");
80 
81  m_point_encoding = enc;
82  }
83 
84 void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form)
85  {
86  if(form != EC_DOMPAR_ENC_EXPLICIT &&
87  form != EC_DOMPAR_ENC_IMPLICITCA &&
88  form != EC_DOMPAR_ENC_OID)
89  throw Invalid_Argument("Invalid encoding form for EC-key object specified");
90 
91  if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_curve_oid().empty()))
92  throw Invalid_Argument("Invalid encoding form OID specified for "
93  "EC-key object whose corresponding domain "
94  "parameters are without oid");
95 
96  m_domain_encoding = form;
97  }
98 
99 const BigInt& EC_PrivateKey::private_value() const
100  {
101  if(m_private_key == 0)
102  throw Invalid_State("EC_PrivateKey::private_value - uninitialized");
103 
104  return m_private_key;
105  }
106 
107 /**
108 * EC_PrivateKey constructor
109 */
110 EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,
111  const EC_Group& ec_group,
112  const BigInt& x,
113  bool with_modular_inverse)
114  {
115  m_domain_params = ec_group;
116  if (!ec_group.get_curve_oid().empty())
117  m_domain_encoding = EC_DOMPAR_ENC_OID;
118  else
119  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
120 
121  if(x == 0)
122  {
123  m_private_key = ec_group.random_scalar(rng);
124  }
125  else
126  {
127  m_private_key = x;
128  }
129 
130  std::vector<BigInt> ws;
131 
132  if(with_modular_inverse)
133  {
134  // ECKCDSA
135  m_public_key = domain().blinded_base_point_multiply(
136  m_domain_params.inverse_mod_order(m_private_key), rng, ws);
137  }
138  else
139  {
140  m_public_key = domain().blinded_base_point_multiply(m_private_key, rng, ws);
141  }
142 
143  BOTAN_ASSERT(m_public_key.on_the_curve(),
144  "Generated public key point was on the curve");
145  }
146 
147 secure_vector<uint8_t> EC_PrivateKey::private_key_bits() const
148  {
149  return DER_Encoder()
150  .start_cons(SEQUENCE)
151  .encode(static_cast<size_t>(1))
152  .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), OCTET_STRING)
153  .start_cons(ASN1_Tag(1), PRIVATE)
154  .encode(m_public_key.encode(PointGFp::Compression_Type::UNCOMPRESSED), BIT_STRING)
155  .end_cons()
156  .end_cons()
157  .get_contents();
158  }
159 
160 EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,
161  const secure_vector<uint8_t>& key_bits,
162  bool with_modular_inverse)
163  {
164  m_domain_params = EC_Group(alg_id.get_parameters());
165  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
166 
167  if (!domain().get_curve_oid().empty())
168  m_domain_encoding = EC_DOMPAR_ENC_OID;
169  else
170  m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
171 
172  OID key_parameters;
173  secure_vector<uint8_t> public_key_bits;
174 
175  BER_Decoder(key_bits)
176  .start_cons(SEQUENCE)
177  .decode_and_check<size_t>(1, "Unknown version code for ECC key")
178  .decode_octet_string_bigint(m_private_key)
179  .decode_optional(key_parameters, ASN1_Tag(0), PRIVATE)
180  .decode_optional_string(public_key_bits, BIT_STRING, 1, PRIVATE)
181  .end_cons();
182 
183  if(public_key_bits.empty())
184  {
185  if(with_modular_inverse)
186  {
187  // ECKCDSA
188  m_public_key = domain().get_base_point() * m_domain_params.inverse_mod_order(m_private_key);
189  }
190  else
191  {
192  m_public_key = domain().get_base_point() * m_private_key;
193  }
194 
195  BOTAN_ASSERT(m_public_key.on_the_curve(),
196  "Public point derived from loaded key was on the curve");
197  }
198  else
199  {
200  m_public_key = domain().OS2ECP(public_key_bits);
201  // OS2ECP verifies that the point is on the curve
202  }
203  }
204 
205 }
Botan::Invalid_Argument
Definition: exceptn.h:117
Botan::EC_PrivateKey::m_private_key
BigInt m_private_key
Definition: ecc_key.h:167
Botan::EC_Group::get_curve_oid
const OID & get_curve_oid() const
Definition: ec_group.cpp:524
Botan::EC_PrivateKey::private_value
const BigInt & private_value() const
Definition: ecc_key.cpp:99
Botan::EC_Group::get_p_bits
size_t get_p_bits() const
Definition: ec_group.cpp:439
Botan::EC_PrivateKey::EC_PrivateKey
EC_PrivateKey()=default
Botan::PointGFp::encode
std::vector< uint8_t > encode(PointGFp::Compression_Type format) const
Definition: point_gfp.cpp:595
Botan::BER_Decoder::decode_optional_string
BER_Decoder & decode_optional_string(std::vector< uint8_t, Alloc > &out, ASN1_Tag real_type, uint16_t type_no, ASN1_Tag class_tag=CONTEXT_SPECIFIC)
Definition: ber_dec.h:293
Botan::EC_PublicKey::set_parameter_encoding
void set_parameter_encoding(EC_Group_Encoding enc)
Definition: ecc_key.cpp:84
Botan::EC_PublicKey::public_point
const PointGFp & public_point() const
Definition: ecc_key.h:57
Botan::BER_Decoder::decode_and_check
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition: ber_dec.h:277
Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:152
Botan::ecp_work_factor
size_t ecp_work_factor(size_t bits)
Definition: workfactor.cpp:14
Botan::EC_PublicKey::m_public_key
PointGFp m_public_key
Definition: ecc_key.h:115
Botan::ASN1_Tag
ASN1_Tag
Definition: asn1_obj.h:22
Botan::EC_Group::get_curve
const CurveGFp & get_curve() const
Definition: ec_group.cpp:424
Botan::EC_PublicKey::point_encoding
PointGFp::Compression_Type point_encoding() const
Definition: ecc_key.h:104
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition: der_enc.cpp:191
Botan::EC_PublicKey::m_point_encoding
PointGFp::Compression_Type m_point_encoding
Definition: ecc_key.h:117
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:285
Botan::BER_Decoder::decode_optional
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition: ber_dec.h:337
Botan::DER_Encoder
Definition: der_enc.h:23
Botan::EC_Group::verify_public_element
bool verify_public_element(const PointGFp &y) const
Definition: ec_group.cpp:666
Botan::Public_Key::get_oid
virtual OID get_oid() const
Definition: pk_keys.cpp:53
Botan::EC_Group::random_scalar
BigInt random_scalar(RandomNumberGenerator &rng) const
Definition: ec_group.cpp:573
Botan::EC_Group::get_base_point
const PointGFp & get_base_point() const
Definition: ec_group.cpp:474
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition: ber_dec.cpp:300
Botan::EC_PublicKey::domain
const EC_Group & domain() const
Definition: ecc_key.h:72
Botan::OID::empty
bool empty() const
Definition: asn1_oid.h:30
Botan::EC_Group::OS2ECP
PointGFp OS2ECP(const uint8_t bits[], size_t len) const
Definition: ec_group.cpp:538
Botan::BER_Decoder::start_cons
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:290
Botan::EC_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: ecc_key.cpp:56
Botan
Definition: alg_id.cpp:13
Botan::BigInt::bytes
size_t bytes() const
Definition: bigint.cpp:266
Botan::EC_Group
Definition: ec_group.h:40
Botan::EC_PublicKey::DER_domain
std::vector< uint8_t > DER_domain() const
Definition: ecc_key.h:90
Botan::AlgorithmIdentifier::get_parameters
const std::vector< uint8_t > & get_parameters() const
Definition: alg_id.h:38
Botan::PointGFp::on_the_curve
bool on_the_curve() const
Definition: point_gfp.cpp:538
Botan::EC_PublicKey::EC_PublicKey
EC_PublicKey()
Definition: ecc_key.h:111
Botan::EC_Group_Encoding
EC_Group_Encoding
Definition: ec_group.h:23
Botan::Invalid_State
Definition: exceptn.h:196
Botan::EC_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition: ecc_key.cpp:69
Botan::EC_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override
Definition: ecc_key.cpp:147
Botan::EC_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition: ecc_key.cpp:64
Botan::EC_PublicKey::key_length
size_t key_length() const override
Definition: ecc_key.cpp:20
Botan::DER_Encoder::start_cons
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:181
Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:123
Botan::EC_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition: ecc_key.cpp:25
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
Botan::PointGFp::get_curve
const CurveGFp & get_curve() const
Definition: point_gfp.h:326
Botan::BER_Decoder
Definition: ber_dec.h:21
Botan::EC_PublicKey::set_point_encoding
void set_point_encoding(PointGFp::Compression_Type enc)
Definition: ecc_key.cpp:74
Botan::EC_PublicKey::m_domain_params
EC_Group m_domain_params
Definition: ecc_key.h:114
Botan::EC_Group::verify_group
bool verify_group(RandomNumberGenerator &rng, bool strong=false) const
Definition: ec_group.cpp:689
Botan::EC_Group::blinded_base_point_multiply
PointGFp blinded_base_point_multiply(const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
Definition: ec_group.cpp:555
Botan::EC_PublicKey::m_domain_encoding
EC_Group_Encoding m_domain_encoding
Definition: ecc_key.h:116
Botan::EC_Group::inverse_mod_order
BigInt inverse_mod_order(const BigInt &x) const
Definition: ec_group.cpp:519
Generated by   doxygen 1.8.14