Botan 3.0.0
Crypto and TLS for C&
ecc_key.cpp
Go to the documentation of this file.
1/*
2* ECC Key implemenation
3* (C) 2007 Manuel Hartl, FlexSecure GmbH
4* Falko Strenzke, FlexSecure GmbH
5* 2008-2010 Jack Lloyd
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/ecc_key.h>
11#include <botan/numthry.h>
12#include <botan/der_enc.h>
13#include <botan/ber_dec.h>
14#include <botan/secmem.h>
15#include <botan/ec_point.h>
16#include <botan/internal/workfactor.h>
17
18namespace Botan {
19
20size_t EC_PublicKey::key_length() const
21 {
22 return domain().get_p_bits();
23 }
24
25size_t EC_PublicKey::estimated_strength() const
26 {
27 return ecp_work_factor(key_length());
28 }
29
30namespace {
31
32EC_Group_Encoding default_encoding_for(EC_Group& group)
33 {
34 if(group.get_curve_oid().empty())
35 return EC_Group_Encoding::Explicit;
36 else
37 return EC_Group_Encoding::NamedCurve;
38 }
39
40}
41
42EC_PublicKey::EC_PublicKey(const EC_Group& dom_par,
43 const EC_Point& pub_point) :
44 m_domain_params(dom_par),
45 m_public_key(pub_point),
46 m_domain_encoding(default_encoding_for(m_domain_params))
47 {
48 }
49
50EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id,
51 std::span<const uint8_t> key_bits) :
52 m_domain_params{EC_Group(alg_id.parameters())},
53 m_public_key{domain().OS2ECP(key_bits)},
54 m_domain_encoding(default_encoding_for(m_domain_params))
55 {
56 }
57
58bool EC_PublicKey::check_key(RandomNumberGenerator& rng,
59 bool /*strong*/) const
60 {
61 return m_domain_params.verify_group(rng) &&
62 m_domain_params.verify_public_element(public_point());
63 }
64
65
66AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const
67 {
68 return AlgorithmIdentifier(object_identifier(), DER_domain());
69 }
70
71std::vector<uint8_t> EC_PublicKey::public_key_bits() const
72 {
73 return public_point().encode(point_encoding());
74 }
75
76void EC_PublicKey::set_point_encoding(EC_Point_Format enc)
77 {
78 if(enc != EC_Point_Format::Compressed &&
79 enc != EC_Point_Format::Uncompressed &&
80 enc != EC_Point_Format::Hybrid)
81 throw Invalid_Argument("Invalid point encoding for EC_PublicKey");
82
83 m_point_encoding = enc;
84 }
85
86void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form)
87 {
88 if(form == EC_Group_Encoding::NamedCurve && m_domain_params.get_curve_oid().empty())
89 throw Invalid_Argument("Cannot used NamedCurve encoding for a curve without an OID");
90
91 m_domain_encoding = form;
92 }
93
94const BigInt& EC_PrivateKey::private_value() const
95 {
96 if(m_private_key == 0)
97 throw Invalid_State("EC_PrivateKey::private_value - uninitialized");
98
99 return m_private_key;
100 }
101
102/**
103* EC_PrivateKey constructor
104*/
105EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,
106 const EC_Group& ec_group,
107 const BigInt& x,
108 bool with_modular_inverse)
109 {
110 m_domain_params = ec_group;
111 m_domain_encoding = default_encoding_for(m_domain_params);
112
113 if(x == 0)
114 {
115 m_private_key = ec_group.random_scalar(rng);
116 }
117 else
118 {
119 m_private_key = x;
120 }
121
122 std::vector<BigInt> ws;
123
124 if(with_modular_inverse)
125 {
126 // ECKCDSA
127 m_public_key = domain().blinded_base_point_multiply(
128 m_domain_params.inverse_mod_order(m_private_key), rng, ws);
129 }
130 else
131 {
132 m_public_key = domain().blinded_base_point_multiply(m_private_key, rng, ws);
133 }
134
135 BOTAN_ASSERT(m_public_key.on_the_curve(),
136 "Generated public key point was on the curve");
137 }
138
139secure_vector<uint8_t> EC_PrivateKey::raw_private_key_bits() const
140 {
141 return BigInt::encode_locked(m_private_key);
142 }
143
144secure_vector<uint8_t> EC_PrivateKey::private_key_bits() const
145 {
146 return DER_Encoder()
147 .start_sequence()
148 .encode(static_cast<size_t>(1))
149 .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), ASN1_Type::OctetString)
150 .start_explicit_context_specific(1)
151 .encode(m_public_key.encode(EC_Point_Format::Uncompressed), ASN1_Type::BitString)
152 .end_cons()
153 .end_cons()
154 .get_contents();
155 }
156
157EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,
158 std::span<const uint8_t> key_bits,
159 bool with_modular_inverse)
160 {
161 m_domain_params = EC_Group(alg_id.parameters());
162 m_domain_encoding = default_encoding_for(m_domain_params);
163
164 OID key_parameters;
165 secure_vector<uint8_t> public_key_bits;
166
167 BER_Decoder(key_bits)
168 .start_sequence()
169 .decode_and_check<size_t>(1, "Unknown version code for ECC key")
170 .decode_octet_string_bigint(m_private_key)
171 .decode_optional(key_parameters, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific)
172 .decode_optional_string(public_key_bits, ASN1_Type::BitString, 1, ASN1_Class::ExplicitContextSpecific)
173 .end_cons();
174
175 if(public_key_bits.empty())
176 {
177 if(with_modular_inverse)
178 {
179 // ECKCDSA
180 m_public_key = domain().get_base_point() * m_domain_params.inverse_mod_order(m_private_key);
181 }
182 else
183 {
184 m_public_key = domain().get_base_point() * m_private_key;
185 }
186
187 BOTAN_ASSERT(m_public_key.on_the_curve(),
188 "Public point derived from loaded key was on the curve");
189 }
190 else
191 {
192 m_public_key = domain().OS2ECP(public_key_bits);
193 // OS2ECP verifies that the point is on the curve
194 }
195 }
196
197const BigInt& EC_PublicKey::get_int_field(std::string_view field) const
198 {
199 if(field == "public_x")
200 {
201 BOTAN_ASSERT_NOMSG(this->public_point().is_affine());
202 return this->public_point().get_x();
203 }
204 else if(field == "public_y")
205 {
206 BOTAN_ASSERT_NOMSG(this->public_point().is_affine());
207 return this->public_point().get_y();
208 }
209 else if(field == "base_x")
210 return this->domain().get_g_x();
211 else if(field == "base_y")
212 return this->domain().get_g_y();
213 else if(field == "p")
214 return this->domain().get_p();
215 else if(field == "a")
216 return this->domain().get_a();
217 else if(field == "b")
218 return this->domain().get_b();
219 else if(field == "cofactor")
220 return this->domain().get_cofactor();
221 else if(field == "order")
222 return this->domain().get_order();
223 else
224 return Public_Key::get_int_field(field);
225 }
226
227const BigInt& EC_PrivateKey::get_int_field(std::string_view field) const
228 {
229 if(field == "x")
230 return this->private_value();
231 else
232 return EC_PublicKey::get_int_field(field);
233 }
234
235}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54
Botan::AlgorithmIdentifier::parameters
const std::vector< uint8_t > & parameters() const
Definition: asn1_obj.h:478
Botan::Asymmetric_Key::get_int_field
virtual const BigInt & get_int_field(std::string_view field) const
Definition: pk_keys.cpp:17
Botan::Asymmetric_Key::object_identifier
virtual OID object_identifier() const
Definition: pk_keys.cpp:22
Botan::BER_Decoder
Definition: ber_dec.h:22
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition: ber_dec.cpp:304
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition: ber_dec.h:117
Botan::BER_Decoder::decode_optional
BER_Decoder & decode_optional(T &out, ASN1_Type type_tag, ASN1_Class class_tag, const T &default_value=T())
Definition: ber_dec.h:371
Botan::BER_Decoder::decode_and_check
BER_Decoder & decode_and_check(const T &expected, std::string_view error_msg)
Definition: ber_dec.h:300
Botan::BigInt::encode_locked
static secure_vector< uint8_t > encode_locked(const BigInt &n)
Definition: bigint.h:792
Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:107
Botan::BigInt::bytes
size_t bytes() const
Definition: bigint.cpp:297
Botan::DER_Encoder
Definition: der_enc.h:23
Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:157
Botan::DER_Encoder::start_explicit_context_specific
DER_Encoder & start_explicit_context_specific(uint32_t tag)
Definition: der_enc.h:81
Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition: der_enc.h:66
Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition: der_enc.cpp:196
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:290
Botan::EC_Group
Definition: ec_group.h:49
Botan::EC_Group::get_b
const BigInt & get_b() const
Definition: ec_group.cpp:535
Botan::EC_Group::get_a
const BigInt & get_a() const
Definition: ec_group.cpp:530
Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition: ec_group.cpp:555
Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition: ec_group.cpp:560
Botan::EC_Group::verify_public_element
bool verify_public_element(const EC_Point &y) const
Definition: ec_group.cpp:775
Botan::EC_Group::get_p
const BigInt & get_p() const
Definition: ec_group.cpp:525
Botan::EC_Group::verify_group
bool verify_group(RandomNumberGenerator &rng, bool strong=false) const
Definition: ec_group.cpp:798
Botan::EC_Group::get_order
const BigInt & get_order() const
Definition: ec_group.cpp:545
Botan::EC_Group::get_p_bits
size_t get_p_bits() const
Definition: ec_group.cpp:505
Botan::EC_Group::get_base_point
const EC_Point & get_base_point() const
Definition: ec_group.cpp:540
Botan::EC_Group::blinded_base_point_multiply
EC_Point blinded_base_point_multiply(const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
Definition: ec_group.cpp:626
Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition: ec_group.cpp:550
Botan::EC_Group::get_curve_oid
const OID & get_curve_oid() const
Definition: ec_group.cpp:590
Botan::EC_Group::inverse_mod_order
BigInt inverse_mod_order(const BigInt &x) const
Definition: ec_group.cpp:585
Botan::EC_Group::OS2ECP
EC_Point OS2ECP(const uint8_t bits[], size_t len) const
Definition: ec_group.cpp:609
Botan::EC_Group::random_scalar
BigInt random_scalar(RandomNumberGenerator &rng) const
Definition: ec_group.cpp:644
Botan::EC_Point
Definition: ec_point.h:33
Botan::EC_Point::get_y
const BigInt & get_y() const
Definition: ec_point.h:150
Botan::EC_Point::on_the_curve
bool on_the_curve() const
Definition: ec_point.cpp:543
Botan::EC_Point::get_x
const BigInt & get_x() const
Definition: ec_point.h:143
Botan::EC_Point::encode
std::vector< uint8_t > encode(EC_Point_Format format) const
Definition: ec_point.cpp:600
Botan::EC_PrivateKey::raw_private_key_bits
secure_vector< uint8_t > raw_private_key_bits() const override final
Definition: ecc_key.cpp:139
Botan::EC_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override final
Definition: ecc_key.cpp:144
Botan::EC_PrivateKey::get_int_field
const BigInt & get_int_field(std::string_view field) const override final
Definition: ecc_key.cpp:227
Botan::EC_PrivateKey::private_value
const BigInt & private_value() const
Definition: ecc_key.cpp:94
Botan::EC_PrivateKey::m_private_key
BigInt m_private_key
Definition: ecc_key.h:178
Botan::EC_PrivateKey::EC_PrivateKey
EC_PrivateKey()=default
Botan::EC_PublicKey::domain
const EC_Group & domain() const
Definition: ecc_key.h:56
Botan::EC_PublicKey::DER_domain
std::vector< uint8_t > DER_domain() const
Definition: ecc_key.h:74
Botan::EC_PublicKey::set_parameter_encoding
void set_parameter_encoding(EC_Group_Encoding enc)
Definition: ecc_key.cpp:86
Botan::EC_PublicKey::m_point_encoding
EC_Point_Format m_point_encoding
Definition: ecc_key.h:119
Botan::EC_PublicKey::m_domain_encoding
EC_Group_Encoding m_domain_encoding
Definition: ecc_key.h:118
Botan::EC_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition: ecc_key.cpp:25
Botan::EC_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition: ecc_key.cpp:66
Botan::EC_PublicKey::key_length
size_t key_length() const override
Definition: ecc_key.cpp:20
Botan::EC_PublicKey::m_domain_params
EC_Group m_domain_params
Definition: ecc_key.h:116
Botan::EC_PublicKey::set_point_encoding
void set_point_encoding(EC_Point_Format enc)
Definition: ecc_key.cpp:76
Botan::EC_PublicKey::get_int_field
const BigInt & get_int_field(std::string_view field) const override
Definition: ecc_key.cpp:197
Botan::EC_PublicKey::point_encoding
EC_Point_Format point_encoding() const
Definition: ecc_key.h:88
Botan::EC_PublicKey::m_public_key
EC_Point m_public_key
Definition: ecc_key.h:117
Botan::EC_PublicKey::EC_PublicKey
EC_PublicKey()
Definition: ecc_key.h:113
Botan::EC_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: ecc_key.cpp:58
Botan::EC_PublicKey::public_point
const EC_Point & public_point() const
Definition: ecc_key.h:41
Botan::EC_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition: ecc_key.cpp:71
Botan::Invalid_Argument
Definition: exceptn.h:133
Botan::Invalid_State
Definition: exceptn.h:213
Botan::OID::empty
bool empty() const
Definition: asn1_obj.h:280
Botan
Definition: alg_id.cpp:12
Botan::ecp_work_factor
size_t ecp_work_factor(size_t bits)
Definition: workfactor.cpp:14
Botan::ASN1_Type
ASN1_Type
Definition: asn1_obj.h:43
Botan::EC_Point_Format
EC_Point_Format
Definition: ec_point.h:19
Botan::OS2ECP
EC_Point OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: ec_point.cpp:666
Botan::EC_Group_Encoding
EC_Group_Encoding
Definition: ec_group.h:24
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
Generated by doxygen 1.9.6