Botan  2.1.0
Crypto and TLS for C++11
ecc_key.cpp
Go to the documentation of this file.
1 /*
2 * ECC Key implemenation
3 * (C) 2007 Manuel Hartl, FlexSecure GmbH
4 * Falko Strenzke, FlexSecure GmbH
5 * 2008-2010 Jack Lloyd
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/ecc_key.h>
11 #include <botan/x509_key.h>
12 #include <botan/numthry.h>
13 #include <botan/der_enc.h>
14 #include <botan/ber_dec.h>
15 #include <botan/secmem.h>
16 #include <botan/point_gfp.h>
17 #include <botan/workfactor.h>
18 
19 namespace Botan {
20 
22  {
23  return domain().get_curve().get_p().bits();
24  }
25 
27  {
28  return ecp_work_factor(key_length());
29  }
30 
32  const PointGFp& pub_point) :
33  m_domain_params(dom_par), m_public_key(pub_point),
34  m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT)
35  {
36  if(domain().get_curve() != public_point().get_curve())
37  throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor");
38  }
39 
41  const std::vector<uint8_t>& key_bits) :
42  m_domain_params{EC_Group(alg_id.parameters)},
43  m_public_key{OS2ECP(key_bits, domain().get_curve())},
44  m_domain_encoding{EC_DOMPAR_ENC_EXPLICIT}
45  {}
46 
48  bool) const
49  {
50  //verify domain parameters
52  {
53  return false;
54  }
55  //check that public point is not at infinity
56  if(public_point().is_zero())
57  {
58  return false;
59  }
60  //check that public point is on the curve
61  if(!public_point().on_the_curve())
62  {
63  return false;
64  }
66  {
68  {
69  return false;
70  }
71  //check that public point has order q
73  {
74  return false;
75  }
76  }
77  return true;
78  }
79 
80 
82  {
84  }
85 
86 std::vector<uint8_t> EC_PublicKey::public_key_bits() const
87  {
89  }
90 
92  {
93  if(form != EC_DOMPAR_ENC_EXPLICIT &&
94  form != EC_DOMPAR_ENC_IMPLICITCA &&
95  form != EC_DOMPAR_ENC_OID)
96  throw Invalid_Argument("Invalid encoding form for EC-key object specified");
97 
98  if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_oid() == ""))
99  throw Invalid_Argument("Invalid encoding form OID specified for "
100  "EC-key object whose corresponding domain "
101  "parameters are without oid");
102 
103  m_domain_encoding = form;
104  }
105 
107  {
108  if(m_private_key == 0)
109  throw Invalid_State("EC_PrivateKey::private_value - uninitialized");
110 
111  return m_private_key;
112  }
113 
114 /**
115 * EC_PrivateKey constructor
116 */
118  const EC_Group& ec_group,
119  const BigInt& x,
120  bool with_modular_inverse)
121  {
122  m_domain_params = ec_group;
124 
125  if(x == 0)
126  {
127  m_private_key = BigInt::random_integer(rng, 1, domain().get_order());
128  }
129  else
130  {
131  m_private_key = x;
132  }
133 
135  ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key);
136 
138  "Generated public key point was on the curve");
139  }
140 
142  {
143  return DER_Encoder()
145  .encode(static_cast<size_t>(1))
147  OCTET_STRING)
148  .end_cons()
149  .get_contents();
150  }
151 
153  const secure_vector<uint8_t>& key_bits,
154  bool with_modular_inverse)
155  {
158 
159  OID key_parameters;
161 
162  BER_Decoder(key_bits)
164  .decode_and_check<size_t>(1, "Unknown version code for ECC key")
165  .decode_octet_string_bigint(m_private_key)
166  .decode_optional(key_parameters, ASN1_Tag(0), PRIVATE)
167  .decode_optional_string(public_key_bits, BIT_STRING, 1, PRIVATE)
168  .end_cons();
169 
170  if(!key_parameters.empty() && key_parameters != alg_id.oid)
171  throw Decoding_Error("EC_PrivateKey - inner and outer OIDs did not match");
172 
173  if(public_key_bits.empty())
174  {
176  ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key);
177 
179  "Public point derived from loaded key was on the curve");
180  }
181  else
182  {
183  m_public_key = OS2ECP(public_key_bits, domain().get_curve());
184  // OS2ECP verifies that the point is on the curve
185  }
186  }
187 
188 }
BigInt m_private_key
Definition: ecc_key.h:154
std::string get_oid() const
Definition: ec_group.h:115
const EC_Group & domain() const
Definition: ecc_key.h:73
secure_vector< uint8_t > EC2OSP(const PointGFp &point, uint8_t format)
Definition: point_gfp.cpp:470
std::vector< uint8_t > parameters
Definition: alg_id.h:39
BER_Decoder & decode_optional_string(std::vector< uint8_t, Alloc > &out, ASN1_Tag real_type, uint16_t type_no, ASN1_Tag class_tag=CONTEXT_SPECIFIC)
Definition: ber_dec.h:162
void set_parameter_encoding(EC_Group_Encoding enc)
Definition: ecc_key.cpp:91
BER_Decoder & decode_and_check(const T &expected, const std::string &error_msg)
Definition: ber_dec.h:146
const PointGFp & get_base_point() const
Definition: ec_group.h:95
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:124
PointGFp m_public_key
Definition: ecc_key.h:103
size_t ecp_work_factor(size_t bits)
Definition: workfactor.cpp:14
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:45
DER_Encoder & end_cons()
Definition: der_enc.cpp:147
virtual OID get_oid() const
Definition: pk_keys.cpp:30
const PointGFp & public_point() const
Definition: ecc_key.h:58
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
const BigInt & private_value() const
Definition: ecc_key.cpp:106
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:216
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition: ber_dec.h:213
size_t bits() const
Definition: bigint.cpp:184
const CurveGFp & get_curve() const
Definition: ec_group.h:89
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
BER_Decoder & end_cons()
Definition: ber_dec.cpp:272
std::vector< uint8_t > DER_domain() const
Definition: ecc_key.h:85
ASN1_Tag
Definition: asn1_obj.h:22
PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: point_gfp.cpp:544
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:258
const BigInt & get_order() const
Definition: ec_group.h:101
bool check_key(RandomNumberGenerator &rng, bool strong) const override
Definition: ecc_key.cpp:47
Definition: alg_id.cpp:13
bool empty() const
Definition: asn1_oid.h:30
T is_zero(T x)
Definition: ct_utils.h:110
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:125
EC_Group_Encoding
Definition: ec_group.h:22
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:276
const BigInt & get_p() const
Definition: curve_gfp.h:91
std::vector< uint8_t > public_key_bits() const override
Definition: ecc_key.cpp:86
secure_vector< uint8_t > private_key_bits() const override
Definition: ecc_key.cpp:141
AlgorithmIdentifier algorithm_identifier() const override
Definition: ecc_key.cpp:81
size_t key_length() const override
Definition: ecc_key.cpp:21
bool on_the_curve() const
Definition: point_gfp.cpp:414
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: der_enc.cpp:137
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:82
bool is_zero() const
Definition: point_gfp.h:177
bool verify_group(RandomNumberGenerator &rng, bool strong=false) const
Definition: ec_group.cpp:134
size_t estimated_strength() const override
Definition: ecc_key.cpp:26
EC_Group m_domain_params
Definition: ecc_key.h:102
EC_Group_Encoding m_domain_encoding
Definition: ecc_key.h:104
const BigInt & get_cofactor() const
Definition: ec_group.h:107
size_t bytes() const
Definition: bigint.cpp:176