Botan 3.5.0
Crypto and TLS for C&
x448.cpp
Go to the documentation of this file.
1/*
2* X448
3* (C) 2024 Jack Lloyd
4* 2024 Fabian Albert - Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/x448.h>
10
11#include <botan/ber_dec.h>
12#include <botan/der_enc.h>
13#include <botan/rng.h>
14#include <botan/internal/ct_utils.h>
15#include <botan/internal/pk_ops_impl.h>
16#include <botan/internal/x448_internal.h>
17
18namespace Botan {
19
20namespace {
21void x448_basepoint_from_data(std::span<uint8_t, X448_LEN> mypublic, std::span<const uint8_t, X448_LEN> secret) {
22 auto bp = x448_basepoint(decode_scalar(secret));
23 auto bp_bytes = encode_point(bp);
24 copy_mem(mypublic, bp_bytes);
25}
26
27secure_vector<uint8_t> ber_decode_sk(std::span<const uint8_t> key_bits) {
28 secure_vector<uint8_t> decoded_bits;
29 BER_Decoder(key_bits).decode(decoded_bits, ASN1_Type::OctetString).verify_end();
30 BOTAN_ASSERT_NOMSG(decoded_bits.size() == X448_LEN);
31 return decoded_bits;
32}
33
34} // namespace
35
39
40bool X448_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
41 return true; // no tests possible?
42}
43
44std::vector<uint8_t> X448_PublicKey::raw_public_key_bits() const {
45 return public_value();
46}
47
48std::vector<uint8_t> X448_PublicKey::public_key_bits() const {
49 return public_value();
50}
51
52std::unique_ptr<Private_Key> X448_PublicKey::generate_another(RandomNumberGenerator& rng) const {
53 return std::make_unique<X448_PrivateKey>(rng);
54}
55
56X448_PublicKey::X448_PublicKey(const AlgorithmIdentifier& /*alg_id*/, std::span<const uint8_t> key_bits) :
57 X448_PublicKey(key_bits) {}
58
59X448_PublicKey::X448_PublicKey(std::span<const uint8_t> pub) {
60 BOTAN_ARG_CHECK(pub.size() == X448_LEN, "Invalid size for X448 public key");
61 copy_mem(m_public, pub);
62}
63
64X448_PrivateKey::X448_PrivateKey(const AlgorithmIdentifier& /*alg_id*/, std::span<const uint8_t> key_bits) :
65 X448_PrivateKey(ber_decode_sk(key_bits)) {}
66
67X448_PrivateKey::X448_PrivateKey(std::span<const uint8_t> secret_key) {
68 BOTAN_ARG_CHECK(secret_key.size() == X448_LEN, "Invalid size for X448 private key");
69 m_private = {secret_key.begin(), secret_key.end()};
70 x448_basepoint_from_data(m_public, std::span(m_private).first<X448_LEN>());
71}
72
74 m_private.resize(X448_LEN);
75 rng.randomize(m_private);
76 x448_basepoint_from_data(m_public, std::span(m_private).first<X448_LEN>());
77}
78
79std::unique_ptr<Public_Key> X448_PrivateKey::public_key() const {
80 return std::make_unique<X448_PublicKey>(public_value());
81}
82
86
87bool X448_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const {
88 std::array<uint8_t, X448_LEN> public_point;
89 BOTAN_ASSERT_NOMSG(m_private.size() == X448_LEN);
90 x448_basepoint_from_data(public_point, std::span(m_private).first<X448_LEN>());
91 return CT::is_equal(public_point.data(), m_public.data(), m_public.size()).as_bool();
92}
93
94namespace {
95
96/**
97* X448 operation
98*/
99class X448_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF {
100 public:
101 X448_KA_Operation(std::span<const uint8_t> sk, std::string_view kdf) :
102 PK_Ops::Key_Agreement_with_KDF(kdf), m_sk(sk.begin(), sk.end()) {
103 BOTAN_ARG_CHECK(sk.size() == X448_LEN, "Invalid size for X448 private key");
104 }
105
106 size_t agreed_value_size() const override { return X448_LEN; }
107
108 secure_vector<uint8_t> raw_agree(const uint8_t w_data[], size_t w_len) override {
109 std::span<const uint8_t> w(w_data, w_len);
110 BOTAN_ARG_CHECK(w.size() == X448_LEN, "Invalid size for X448 private key");
111 BOTAN_ASSERT_NOMSG(m_sk.size() == X448_LEN);
112 const auto k = decode_scalar(m_sk);
113 const auto u = decode_point(w);
114
115 return encode_point(x448(k, u));
116 }
117
118 private:
120};
121
122} // namespace
123
124std::unique_ptr<PK_Ops::Key_Agreement> X448_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
125 std::string_view params,
126 std::string_view provider) const {
127 if(provider == "base" || provider.empty()) {
128 return std::make_unique<X448_KA_Operation>(m_private, params);
129 }
130 throw Provider_Not_Found(algo_name(), provider);
131}
132
133} // namespace Botan
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
virtual OID object_identifier() const
Definition pk_keys.cpp:22
secure_vector< uint8_t > get_contents()
Definition der_enc.cpp:132
DER_Encoder & encode(bool b)
Definition der_enc.cpp:250
void randomize(std::span< uint8_t > output)
Definition rng.h:52
A private key for the X448 key agreement scheme according to RFC 7748.
Definition x448.h:67
std::unique_ptr< Public_Key > public_key() const override
Definition x448.cpp:79
secure_vector< uint8_t > private_key_bits() const override
Definition x448.cpp:83
X448_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition x448.cpp:64
std::vector< uint8_t > public_value() const override
Definition x448.h:88
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
Definition x448.cpp:124
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition x448.cpp:87
A public key for the X448 key agreement scheme according to RFC 7748.
Definition x448.h:19
AlgorithmIdentifier algorithm_identifier() const override
Definition x448.cpp:36
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
Definition x448.cpp:52
std::vector< uint8_t > raw_public_key_bits() const override
Definition x448.cpp:44
std::vector< uint8_t > public_value() const
Definition x448.h:44
std::array< uint8_t, 56 > m_public
Definition x448.h:56
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition x448.cpp:40
std::vector< uint8_t > public_key_bits() const override
Definition x448.cpp:48
std::string algo_name() const override
Definition x448.h:34
int(* final)(unsigned char *, CTX *)
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:486
secure_vector< uint8_t > encode_point(const Point448 &p)
Encode a point to a 56 byte vector. RFC 7748 Section 5 (encodeUCoordinate)
Point448 x448_basepoint(const ScalarX448 &k)
Multiply a scalar with the base group element (5)
constexpr size_t X448_LEN
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Point448 x448(const ScalarX448 &k, const Point448 &u)
Multiply a scalar k with a point u.
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146
Point448 decode_point(std::span< const uint8_t > p_bytes)
Decode a point from a byte array. RFC 7748 Section 5 (decodeUCoordinate)
ScalarX448 decode_scalar(std::span< const uint8_t > scalar_bytes)
Decode a scalar from a byte array. RFC 7748 Section 5 (decodeScalar448)