doxygen/ecc__key_8cpp_source.html

/*

* ECC Key implemenation

* (C) 2007 Manuel Hartl, FlexSecure GmbH

*          Falko Strenzke, FlexSecure GmbH

*     2008-2010 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/ecc_key.h>


#include <botan/ber_dec.h>

#include <botan/der_enc.h>

#include <botan/ec_point.h>

#include <botan/numthry.h>

#include <botan/secmem.h>

#include <botan/internal/workfactor.h>


namespace Botan {


size_t EC_PublicKey::key_length() const {

   return domain().get_p_bits();

}


size_t EC_PublicKey::estimated_strength() const {

   return ecp_work_factor(key_length());

}


namespace {


EC_Group_Encoding default_encoding_for(EC_Group& group) {

   if(group.get_curve_oid().empty()) {

      return EC_Group_Encoding::Explicit;

   } else {

      return EC_Group_Encoding::NamedCurve;

   }

}


}  // namespace


EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, const EC_Point& pub_point) :

      m_domain_params(dom_par), m_public_key(pub_point), m_domain_encoding(default_encoding_for(m_domain_params)) {}


EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits) :

      m_domain_params{EC_Group(alg_id.parameters())},

      m_public_key{domain().OS2ECP(key_bits)},

      m_domain_encoding(default_encoding_for(m_domain_params)) {}


bool EC_PublicKey::check_key(RandomNumberGenerator& rng, bool /*strong*/) const {

   return m_domain_params.verify_group(rng) && m_domain_params.verify_public_element(public_point());

}


AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const {

   return AlgorithmIdentifier(object_identifier(), DER_domain());

}


std::vector<uint8_t> EC_PublicKey::public_key_bits() const {

   return public_point().encode(point_encoding());

}


void EC_PublicKey::set_point_encoding(EC_Point_Format enc) {

   if(enc != EC_Point_Format::Compressed && enc != EC_Point_Format::Uncompressed && enc != EC_Point_Format::Hybrid) {

      throw Invalid_Argument("Invalid point encoding for EC_PublicKey");

   }


   m_point_encoding = enc;

}


void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) {

   if(form == EC_Group_Encoding::NamedCurve && m_domain_params.get_curve_oid().empty()) {

      throw Invalid_Argument("Cannot used NamedCurve encoding for a curve without an OID");

   }


   m_domain_encoding = form;

}


const BigInt& EC_PrivateKey::private_value() const {

   if(m_private_key == 0) {

      throw Invalid_State("EC_PrivateKey::private_value - uninitialized");

   }


   return m_private_key;

}


/**

* EC_PrivateKey constructor

*/


EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,

                             const EC_Group& ec_group,

                             const BigInt& x,

                             bool with_modular_inverse) {

   m_domain_params = ec_group;

   m_domain_encoding = default_encoding_for(m_domain_params);


   if(x == 0) {

      m_private_key = ec_group.random_scalar(rng);

   } else {

      m_private_key = x;

   }


   std::vector<BigInt> ws;


   if(with_modular_inverse) {

      // ECKCDSA

      m_public_key = domain().blinded_base_point_multiply(m_domain_params.inverse_mod_order(m_private_key), rng, ws);

   } else {

      m_public_key = domain().blinded_base_point_multiply(m_private_key, rng, ws);

   }


   BOTAN_ASSERT(m_public_key.on_the_curve(), "Generated public key point was on the curve");

}


secure_vector<uint8_t> EC_PrivateKey::raw_private_key_bits() const {

   return BigInt::encode_locked(m_private_key);

}


secure_vector<uint8_t> EC_PrivateKey::private_key_bits() const {

   return DER_Encoder()

      .start_sequence()

      .encode(static_cast<size_t>(1))

      .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), ASN1_Type::OctetString)

      .start_explicit_context_specific(1)

      .encode(m_public_key.encode(EC_Point_Format::Uncompressed), ASN1_Type::BitString)

      .end_cons()

      .end_cons()

      .get_contents();

}


EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,

                             std::span<const uint8_t> key_bits,

                             bool with_modular_inverse) {

   m_domain_params = EC_Group(alg_id.parameters());

   m_domain_encoding = default_encoding_for(m_domain_params);


   OID key_parameters;

   secure_vector<uint8_t> public_key_bits;


   BER_Decoder(key_bits)

      .start_sequence()

      .decode_and_check<size_t>(1, "Unknown version code for ECC key")

      .decode_octet_string_bigint(m_private_key)

      .decode_optional(key_parameters, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific)

      .decode_optional_string(public_key_bits, ASN1_Type::BitString, 1, ASN1_Class::ExplicitContextSpecific)

      .end_cons();


   if(public_key_bits.empty()) {

      if(with_modular_inverse) {

         // ECKCDSA

         m_public_key = domain().get_base_point() * m_domain_params.inverse_mod_order(m_private_key);

      } else {

         m_public_key = domain().get_base_point() * m_private_key;

      }


      BOTAN_ASSERT(m_public_key.on_the_curve(), "Public point derived from loaded key was on the curve");

   } else {

      m_public_key = domain().OS2ECP(public_key_bits);

      // OS2ECP verifies that the point is on the curve

   }

}


bool EC_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const {

   if(m_private_key < 1 || m_private_key >= m_domain_params.get_order()) {

      return false;

   }


   return EC_PublicKey::check_key(rng, strong);

}


const BigInt& EC_PublicKey::get_int_field(std::string_view field) const {

   if(field == "public_x") {

      BOTAN_ASSERT_NOMSG(this->public_point().is_affine());

      return this->public_point().get_x();

   } else if(field == "public_y") {

      BOTAN_ASSERT_NOMSG(this->public_point().is_affine());

      return this->public_point().get_y();

   } else if(field == "base_x") {

      return this->domain().get_g_x();

   } else if(field == "base_y") {

      return this->domain().get_g_y();

   } else if(field == "p") {

      return this->domain().get_p();

   } else if(field == "a") {

      return this->domain().get_a();

   } else if(field == "b") {

      return this->domain().get_b();

   } else if(field == "cofactor") {

      return this->domain().get_cofactor();

   } else if(field == "order") {

      return this->domain().get_order();

   } else {

      return Public_Key::get_int_field(field);

   }

}


const BigInt& EC_PrivateKey::get_int_field(std::string_view field) const {

   if(field == "x") {

      return this->private_value();

   } else {

      return EC_PublicKey::get_int_field(field);

   }

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50

Botan::AlgorithmIdentifier
Definition asn1_obj.h:440

Botan::AlgorithmIdentifier::parameters
const std::vector< uint8_t > & parameters() const
Definition asn1_obj.h:457

Botan::Asymmetric_Key::get_int_field
virtual const BigInt & get_int_field(std::string_view field) const
Definition pk_keys.cpp:18

Botan::Asymmetric_Key::object_identifier
virtual OID object_identifier() const
Definition pk_keys.cpp:22

Botan::BER_Decoder
Definition ber_dec.h:22

Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition ber_dec.cpp:295

Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:113

Botan::BER_Decoder::decode_optional
BER_Decoder & decode_optional(T &out, ASN1_Type type_tag, ASN1_Class class_tag, const T &default_value=T())
Definition ber_dec.h:317

Botan::BER_Decoder::decode_and_check
BER_Decoder & decode_and_check(const T &expected, std::string_view error_msg)
Definition ber_dec.h:257

Botan::BigInt
Definition bigint.h:26

Botan::BigInt::encode_locked
static secure_vector< uint8_t > encode_locked(const BigInt &n)
Definition bigint.h:761

Botan::BigInt::encode_1363
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition big_code.cpp:105

Botan::BigInt::bytes
size_t bytes() const
Definition bigint.cpp:277

Botan::DER_Encoder
Definition der_enc.h:22

Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132

Botan::DER_Encoder::start_explicit_context_specific
DER_Encoder & start_explicit_context_specific(uint32_t tag)
Definition der_enc.h:73

Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition der_enc.h:65

Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition der_enc.cpp:171

Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250

Botan::EC_Group
Definition ec_group.h:48

Botan::EC_Group::get_b
const BigInt & get_b() const
Definition ec_group.cpp:500

Botan::EC_Group::get_a
const BigInt & get_a() const
Definition ec_group.cpp:496

Botan::EC_Group::get_g_y
const BigInt & get_g_y() const
Definition ec_group.cpp:516

Botan::EC_Group::get_cofactor
const BigInt & get_cofactor() const
Definition ec_group.cpp:520

Botan::EC_Group::verify_public_element
bool verify_public_element(const EC_Point &y) const
Definition ec_group.cpp:697

Botan::EC_Group::get_p
const BigInt & get_p() const
Definition ec_group.cpp:492

Botan::EC_Group::verify_group
bool verify_group(RandomNumberGenerator &rng, bool strong=false) const
Definition ec_group.cpp:722

Botan::EC_Group::get_order
const BigInt & get_order() const
Definition ec_group.cpp:508

Botan::EC_Group::get_p_bits
size_t get_p_bits() const
Definition ec_group.cpp:476

Botan::EC_Group::get_base_point
const EC_Point & get_base_point() const
Definition ec_group.cpp:504

Botan::EC_Group::blinded_base_point_multiply
EC_Point blinded_base_point_multiply(const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
Definition ec_group.cpp:575

Botan::EC_Group::get_g_x
const BigInt & get_g_x() const
Definition ec_group.cpp:512

Botan::EC_Group::get_curve_oid
const OID & get_curve_oid() const
Definition ec_group.cpp:544

Botan::EC_Group::inverse_mod_order
BigInt inverse_mod_order(const BigInt &x) const
Definition ec_group.cpp:540

Botan::EC_Group::OS2ECP
EC_Point OS2ECP(const uint8_t bits[], size_t len) const
Definition ec_group.cpp:561

Botan::EC_Group::random_scalar
BigInt random_scalar(RandomNumberGenerator &rng) const
Definition ec_group.cpp:592

Botan::EC_Point
Definition ec_point.h:33

Botan::EC_Point::get_y
const BigInt & get_y() const
Definition ec_point.h:147

Botan::EC_Point::on_the_curve
bool on_the_curve() const
Definition ec_point.cpp:510

Botan::EC_Point::get_x
const BigInt & get_x() const
Definition ec_point.h:140

Botan::EC_Point::encode
std::vector< uint8_t > encode(EC_Point_Format format) const
Definition ec_point.cpp:568

Botan::EC_PrivateKey::private_value
const BigInt & private_value() const
Definition ecc_key.cpp:77

Botan::EC_PrivateKey::raw_private_key_bits
secure_vector< uint8_t > raw_private_key_bits() const final
Definition ecc_key.cpp:113

Botan::EC_PrivateKey::m_private_key
BigInt m_private_key
Definition ecc_key.h:171

Botan::EC_PrivateKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition ecc_key.cpp:161

Botan::EC_PrivateKey::EC_PrivateKey
EC_PrivateKey()=default

Botan::EC_PrivateKey::get_int_field
const BigInt & get_int_field(std::string_view field) const final
Definition ecc_key.cpp:195

Botan::EC_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const final
Definition ecc_key.cpp:117

Botan::EC_PublicKey::domain
const EC_Group & domain() const
Definition ecc_key.h:54

Botan::EC_PublicKey::DER_domain
std::vector< uint8_t > DER_domain() const
Definition ecc_key.h:72

Botan::EC_PublicKey::set_parameter_encoding
void set_parameter_encoding(EC_Group_Encoding enc)
Definition ecc_key.cpp:69

Botan::EC_PublicKey::m_point_encoding
EC_Point_Format m_point_encoding
Definition ecc_key.h:111

Botan::EC_PublicKey::m_domain_encoding
EC_Group_Encoding m_domain_encoding
Definition ecc_key.h:110

Botan::EC_PublicKey::estimated_strength
size_t estimated_strength() const override
Definition ecc_key.cpp:25

Botan::EC_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition ecc_key.cpp:53

Botan::EC_PublicKey::key_length
size_t key_length() const override
Definition ecc_key.cpp:21

Botan::EC_PublicKey::m_domain_params
EC_Group m_domain_params
Definition ecc_key.h:108

Botan::EC_PublicKey::set_point_encoding
void set_point_encoding(EC_Point_Format enc)
Definition ecc_key.cpp:61

Botan::EC_PublicKey::get_int_field
const BigInt & get_int_field(std::string_view field) const override
Definition ecc_key.cpp:169

Botan::EC_PublicKey::point_encoding
EC_Point_Format point_encoding() const
Definition ecc_key.h:84

Botan::EC_PublicKey::m_public_key
EC_Point m_public_key
Definition ecc_key.h:109

Botan::EC_PublicKey::EC_PublicKey
EC_PublicKey()
Definition ecc_key.h:106

Botan::EC_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition ecc_key.cpp:49

Botan::EC_PublicKey::public_point
const EC_Point & public_point() const
Definition ecc_key.h:40

Botan::EC_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition ecc_key.cpp:57

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::Invalid_State
Definition exceptn.h:206

Botan::OID
Definition asn1_obj.h:213

Botan::OID::empty
bool empty() const
Definition asn1_obj.h:265

Botan::RandomNumberGenerator
Definition rng.h:30

Botan
Definition alg_id.cpp:13

Botan::ecp_work_factor
size_t ecp_work_factor(size_t bits)
Definition workfactor.cpp:14

Botan::ASN1_Class::ExplicitContextSpecific
@ ExplicitContextSpecific

Botan::ASN1_Type
ASN1_Type
Definition asn1_obj.h:43

Botan::ASN1_Type::BitString
@ BitString

Botan::ASN1_Type::OctetString
@ OctetString

Botan::EC_Point_Format
EC_Point_Format
Definition ec_point.h:19

Botan::EC_Point_Format::Compressed
@ Compressed

Botan::EC_Point_Format::Uncompressed
@ Uncompressed

Botan::EC_Point_Format::Hybrid
@ Hybrid

Botan::OS2ECP
EC_Point OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition ec_point.cpp:627

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

Botan::EC_Group_Encoding
EC_Group_Encoding
Definition ec_group.h:24

Botan::EC_Group_Encoding::NamedCurve
@ NamedCurve

Botan::EC_Group_Encoding::Explicit
@ Explicit