Botan 3.5.0
Crypto and TLS for C&
x25519.cpp
Go to the documentation of this file.
1/*
2* X25519
3* (C) 2014,2024 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/x25519.h>
9
10#include <botan/ber_dec.h>
11#include <botan/der_enc.h>
12#include <botan/rng.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/pk_ops_impl.h>
15
16namespace Botan {
17
18void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) {
19 const uint8_t basepoint[32] = {9};
20 curve25519_donna(mypublic, secret, basepoint);
21}
22
23namespace {
24
25void size_check(size_t size, const char* thing) {
26 if(size != 32) {
27 throw Decoding_Error(fmt("Invalid size {} for X25519 {}", size, thing));
28 }
29}
30
31secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret, const uint8_t pubval[32]) {
32 secure_vector<uint8_t> out(32);
33 curve25519_donna(out.data(), secret.data(), pubval);
34 return out;
35}
36
37} // namespace
38
42
43bool X25519_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
44 return true; // no tests possible?
45}
46
47X25519_PublicKey::X25519_PublicKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) :
48 X25519_PublicKey(key_bits) {}
49
50X25519_PublicKey::X25519_PublicKey(std::span<const uint8_t> pub) {
51 m_public.assign(pub.begin(), pub.end());
52
53 size_check(m_public.size(), "public key");
54}
55
56std::vector<uint8_t> X25519_PublicKey::raw_public_key_bits() const {
57 return m_public;
58}
59
60std::vector<uint8_t> X25519_PublicKey::public_key_bits() const {
61 return raw_public_key_bits();
62}
63
64std::unique_ptr<Private_Key> X25519_PublicKey::generate_another(RandomNumberGenerator& rng) const {
65 return std::make_unique<X25519_PrivateKey>(rng);
66}
67
68X25519_PrivateKey::X25519_PrivateKey(const secure_vector<uint8_t>& secret_key) {
69 if(secret_key.size() != 32) {
70 throw Decoding_Error("Invalid size for X25519 private key");
71 }
72
73 m_public.resize(32);
74 m_private = secret_key;
75 curve25519_basepoint(m_public.data(), m_private.data());
76}
77
78X25519_PrivateKey::X25519_PrivateKey(RandomNumberGenerator& rng) {
79 m_private = rng.random_vec(32);
80 m_public.resize(32);
81 curve25519_basepoint(m_public.data(), m_private.data());
82}
83
84X25519_PrivateKey::X25519_PrivateKey(const AlgorithmIdentifier& /*unused*/, std::span<const uint8_t> key_bits) {
85 BER_Decoder(key_bits).decode(m_private, ASN1_Type::OctetString).discard_remaining();
86
87 size_check(m_private.size(), "private key");
88 m_public.resize(32);
89 curve25519_basepoint(m_public.data(), m_private.data());
90}
91
92std::unique_ptr<Public_Key> X25519_PrivateKey::public_key() const {
93 return std::make_unique<X25519_PublicKey>(public_value());
94}
95
99
100bool X25519_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
101 std::vector<uint8_t> public_point(32);
102 curve25519_basepoint(public_point.data(), m_private.data());
103 return public_point == m_public;
104}
105
106secure_vector<uint8_t> X25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const {
107 size_check(w_len, "public value");
108 return curve25519(m_private, w);
109}
110
111namespace {
112
113/**
114* X25519 operation
115*/
116class X25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF {
117 public:
118 X25519_KA_Operation(const X25519_PrivateKey& key, std::string_view kdf) :
119 PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {}
120
121 size_t agreed_value_size() const override { return 32; }
122
123 secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override { return m_key.agree(w, w_len); }
124
125 private:
126 const X25519_PrivateKey& m_key;
127};
128
129} // namespace
130
131std::unique_ptr<PK_Ops::Key_Agreement> X25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
132 std::string_view params,
133 std::string_view provider) const {
134 if(provider == "base" || provider.empty()) {
135 return std::make_unique<X25519_KA_Operation>(*this, params);
136 }
137 throw Provider_Not_Found(algo_name(), provider);
138}
139
140} // namespace Botan
Botan::Asymmetric_Key::object_identifier
virtual OID object_identifier() const
Definition pk_keys.cpp:22
Botan::BER_Decoder
Definition ber_dec.h:22
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:186
Botan::BER_Decoder::discard_remaining
BER_Decoder & discard_remaining()
Definition ber_dec.cpp:228
Botan::DER_Encoder
Definition der_enc.h:22
Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132
Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
Botan::Decoding_Error
Definition exceptn.h:191
Botan::PK_Ops::Key_Agreement_with_KDF
Definition pk_ops_impl.h:103
Botan::Provider_Not_Found
Definition exceptn.h:262
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition rng.h:179
Botan::X25519_PrivateKey
Definition x25519.h:59
Botan::X25519_PrivateKey::private_key_bits
secure_vector< uint8_t > private_key_bits() const override
Definition x25519.cpp:96
Botan::X25519_PrivateKey::agree
secure_vector< uint8_t > agree(const uint8_t w[], size_t w_len) const
Definition x25519.cpp:106
Botan::X25519_PrivateKey::public_key
std::unique_ptr< Public_Key > public_key() const override
Definition x25519.cpp:92
Botan::X25519_PrivateKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition x25519.cpp:100
Botan::X25519_PrivateKey::public_value
std::vector< uint8_t > public_value() const override
Definition x25519.h:80
Botan::X25519_PrivateKey::create_key_agreement_op
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition x25519.cpp:131
Botan::X25519_PrivateKey::X25519_PrivateKey
X25519_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition x25519.cpp:84
Botan::X25519_PublicKey
Definition x25519.h:14
Botan::X25519_PublicKey::check_key
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition x25519.cpp:43
Botan::X25519_PublicKey::algo_name
std::string algo_name() const override
Definition x25519.h:16
Botan::X25519_PublicKey::raw_public_key_bits
std::vector< uint8_t > raw_public_key_bits() const override
Definition x25519.cpp:56
Botan::X25519_PublicKey::algorithm_identifier
AlgorithmIdentifier algorithm_identifier() const override
Definition x25519.cpp:39
Botan::X25519_PublicKey::m_public
std::vector< uint8_t > m_public
Definition x25519.h:51
Botan::X25519_PublicKey::X25519_PublicKey
X25519_PublicKey()=default
Botan::X25519_PublicKey::public_key_bits
std::vector< uint8_t > public_key_bits() const override
Definition x25519.cpp:60
Botan::X25519_PublicKey::generate_another
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
Definition x25519.cpp:64
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::curve25519_donna
void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32])
Definition donna.cpp:454
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Botan::curve25519_basepoint
void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32])
Definition x25519.cpp:18
Generated by doxygen 1.11.0