Botan  2.1.0
Crypto and TLS for C++11
ecdh.cpp
Go to the documentation of this file.
1 /*
2 * ECDH implemenation
3 * (C) 2007 Manuel Hartl, FlexSecure GmbH
4 * 2007 Falko Strenzke, FlexSecure GmbH
5 * 2008-2010 Jack Lloyd
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9 
10 #include <botan/ecdh.h>
11 #include <botan/internal/pk_ops_impl.h>
12 
13 #if defined(BOTAN_HAS_OPENSSL)
14  #include <botan/internal/openssl.h>
15 #endif
16 
17 namespace Botan {
18 
19 namespace {
20 
21 /**
22 * ECDH operation
23 */
24 class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF
25  {
26  public:
27 
28  ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) :
29  PK_Ops::Key_Agreement_with_KDF(kdf),
30  m_curve(key.domain().get_curve()),
31  m_cofactor(key.domain().get_cofactor()),
32  m_order(key.domain().get_order()),
33  m_rng(rng)
34  {
35  m_l_times_priv = inverse_mod(m_cofactor, m_order) * key.private_value();
36  }
37 
38  secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
39  {
40  PointGFp point = OS2ECP(w, w_len, m_curve);
41  PointGFp S = m_cofactor * point;
42  Blinded_Point_Multiply blinder(S, m_order);
43  S = blinder.blinded_multiply(m_l_times_priv, m_rng);
44  BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve");
45  return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes());
46  }
47  private:
48  const CurveGFp& m_curve;
49  const BigInt& m_cofactor;
50  const BigInt& m_order;
52  RandomNumberGenerator& m_rng;
53 
54  };
55 
56 }
57 
58 std::unique_ptr<PK_Ops::Key_Agreement>
60  const std::string& params,
61  const std::string& provider) const
62  {
63 #if defined(BOTAN_HAS_OPENSSL)
64  if(provider == "openssl" || provider.empty())
65  {
66  try
67  {
68  return make_openssl_ecdh_ka_op(*this, params);
69  }
70  catch(Lookup_Error&)
71  {
72  if(provider == "openssl")
73  throw;
74  }
75  }
76 #endif
77 
78  if(provider == "base" || provider.empty())
79  return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params, rng));
80 
81  throw Provider_Not_Found(algo_name(), provider);
82  }
83 
84 
85 }
const BigInt & m_cofactor
Definition: ecdh.cpp:49
const CurveGFp & m_curve
Definition: ecdh.cpp:48
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
std::unique_ptr< PK_Ops::Key_Agreement > create_key_agreement_op(RandomNumberGenerator &rng, const std::string &params, const std::string &provider) const override
Definition: ecdh.cpp:59
PointGFp OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp &curve)
Definition: point_gfp.cpp:544
Definition: alg_id.cpp:13
const BigInt & m_order
Definition: ecdh.cpp:50
std::string algo_name() const override
Definition: ecdh.h:45
RandomNumberGenerator & m_rng
Definition: ecdh.cpp:52
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:276
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:82
BigInt m_l_times_priv
Definition: ecdh.cpp:51