Add functions to EC_Group for getting base point coordinates

7 files changed, 77 insertions, 26 deletions

diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp
index a2aded02b..3c84829d8 100644
--- a/src/cli/pubkey.cpp
+++ b/src/cli/pubkey.cpp
@@ -344,8 +344,7 @@ class EC_Group_Info final : public Command
             output() << "P = " << std::hex << group.get_p() << "\n"
                      << "A = " << std::hex << group.get_a() << "\n"
                      << "B = " << std::hex << group.get_b() << "\n"
-                     << "G = " << group.get_base_point().get_affine_x() << ","
-                     << group.get_base_point().get_affine_y() << "\n";
+                     << "G = " << group.get_g_x() << "," << group.get_g_y() << "\n";
             }
 
          }
diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp
index 7091708a8..7fa06b71b 100644
--- a/src/lib/ffi/ffi_pkey_algs.cpp
+++ b/src/lib/ffi/ffi_pkey_algs.cpp
@@ -145,9 +145,9 @@ Botan::BigInt pubkey_get_field(const Botan::Public_Key& key,
       else if(field == "public_y")
          return ecc->public_point().get_affine_y();
       else if(field == "base_x")
-         return ecc->domain().get_base_point().get_affine_x();
+         return ecc->domain().get_g_x();
       else if(field == "base_y")
-         return ecc->domain().get_base_point().get_affine_y();
+         return ecc->domain().get_g_y();
       else if(field == "p")
          return ecc->domain().get_p();
       else if(field == "a")
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index a8d5136c8..942e7401a 100644
--- a/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -37,6 +37,8 @@ class EC_Group_Data final
                     const OID& oid) :
          m_curve(p, a, b),
          m_base_point(m_curve, g_x, g_y),
+         m_g_x(g_x),
+         m_g_y(g_y),
          m_order(order),
          m_cofactor(cofactor),
          m_mod_order(order),
@@ -70,8 +72,8 @@ class EC_Group_Data final
       const BigInt& b() const { return m_curve.get_b(); }
       const BigInt& order() const { return m_order; }
       const BigInt& cofactor() const { return m_cofactor; }
-      BigInt g_x() const { return m_base_point.get_affine_x(); }
-      BigInt g_y() const { return m_base_point.get_affine_y(); }
+      const BigInt& g_x() const { return m_g_x; }
+      const BigInt& g_y() const { return m_g_y; }
 
       size_t p_bits() const { return m_p_bits; }
       size_t p_bytes() const { return (m_p_bits + 7) / 8; }
@@ -101,6 +103,9 @@ class EC_Group_Data final
    private:
       CurveGFp m_curve;
       PointGFp m_base_point;
+
+      BigInt m_g_x;
+      BigInt m_g_y;
       BigInt m_order;
       BigInt m_cofactor;
       Modular_Reducer m_mod_order;
@@ -423,6 +428,16 @@ const BigInt& EC_Group::get_order() const
    return data().order();
    }
 
+const BigInt& EC_Group::get_g_x() const
+   {
+   return data().g_x();
+   }
+
+const BigInt& EC_Group::get_g_y() const
+   {
+   return data().g_y();
+   }
+
 const BigInt& EC_Group::get_cofactor() const
    {
    return data().cofactor();
@@ -477,7 +492,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const
    if(form == EC_DOMPAR_ENC_EXPLICIT)
       {
       const size_t ecpVers1 = 1;
-      OID curve_type("1.2.840.10045.1.1"); // prime field
+      const OID curve_type("1.2.840.10045.1.1"); // prime field
 
       const size_t p_bytes = get_p_bytes();
 
@@ -533,7 +548,8 @@ bool EC_Group::operator==(const EC_Group& other) const
    return (get_p() == other.get_p() &&
            get_a() == other.get_a() &&
            get_b() == other.get_b() &&
-           get_base_point() == other.get_base_point());
+           get_g_x() == other.get_g_x() &&
+           get_g_y() == other.get_g_y());
    }
 
 bool EC_Group::verify_public_element(const PointGFp& point) const
@@ -577,22 +593,28 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng,
       {
       return false;
       }
+
+   const PointGFp base_point = get_base_point();
+
    //check if the base point is on the curve
-   if(!get_base_point().on_the_curve())
+   if(!base_point.on_the_curve())
       {
       return false;
       }
-   if((get_base_point() * get_cofactor()).is_zero())
+   if((base_point * get_cofactor()).is_zero())
       {
       return false;
       }
+
+   const BigInt& order = get_order();
+
    //check if order is prime
-   if(!is_prime(get_order(), rng, 128))
+   if(!is_prime(order, rng, 128))
       {
       return false;
       }
    //check if order of the base point is correct
-   if(!(get_base_point() * get_order()).is_zero())
+   if(!(base_point * order).is_zero())
       {
       return false;
       }
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
index 5b2a25756..938059fc4 100644
--- a/src/lib/pubkey/ec_group/ec_group.h
+++ b/src/lib/pubkey/ec_group/ec_group.h
@@ -173,6 +173,16 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
       const PointGFp& get_base_point() const;
 
       /**
+      * Return the x coordinate of the base point
+      */
+      const BigInt& get_g_x() const;
+
+      /**
+      * Return the y coordinate of the base point
+      */
+      const BigInt& get_g_y() const;
+
+      /**
       * Return the order of the base point
       * @result order of the base point
       */
@@ -232,7 +242,9 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
       * @param ws a temp workspace
       * @return base_point*k
       */
-      PointGFp blinded_base_point_multiply(const BigInt& k, RandomNumberGenerator& rng, std::vector<BigInt>& ws) const;
+      PointGFp blinded_base_point_multiply(const BigInt& k,
+                                           RandomNumberGenerator& rng,
+                                           std::vector<BigInt>& ws) const;
 
       /**
       * Return the zero (or infinite) point on this curve
diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp
index baf99fb78..4b591ff56 100644
--- a/src/lib/pubkey/ecc_key/ecc_key.cpp
+++ b/src/lib/pubkey/ecc_key/ecc_key.cpp
@@ -108,17 +108,27 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,
    else
       m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
 
+   const BigInt& order = m_domain_params.get_order();
+
    if(x == 0)
       {
-      m_private_key = BigInt::random_integer(rng, 1, domain().get_order());
+      m_private_key = BigInt::random_integer(rng, 1, order);
       }
    else
       {
       m_private_key = x;
       }
 
-   m_public_key = domain().get_base_point() *
-                  ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key);
+   // Can't use rng here because ffi load functions use Null_RNG
+   if(with_modular_inverse)
+      {
+      // ECKCDSA
+      m_public_key = domain().get_base_point() * inverse_mod(m_private_key, order);
+      }
+   else
+      {
+      m_public_key = domain().get_base_point() * m_private_key;
+      }
 
    BOTAN_ASSERT(m_public_key.on_the_curve(),
                 "Generated public key point was on the curve");
@@ -160,8 +170,16 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,
 
    if(public_key_bits.empty())
       {
-      m_public_key = domain().get_base_point() *
-                     ((with_modular_inverse) ? inverse_mod(m_private_key, m_domain_params.get_order()) : m_private_key);
+      if(with_modular_inverse)
+         {
+         // ECKCDSA
+         const BigInt& order = m_domain_params.get_order();
+         m_public_key = domain().get_base_point() * inverse_mod(m_private_key, order);
+         }
+      else
+         {
+         m_public_key = domain().get_base_point() * m_private_key;
+         }
 
       BOTAN_ASSERT(m_public_key.on_the_curve(),
                    "Public point derived from loaded key was on the curve");
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index 9ef30d9bf..a23708944 100644
--- a/src/lib/pubkey/sm2/sm2.cpp
+++ b/src/lib/pubkey/sm2/sm2.cpp
@@ -59,8 +59,8 @@ std::vector<uint8_t> sm2_compute_za(HashFunction& hash,
 
    hash.update(BigInt::encode_1363(domain.get_a(), p_bytes));
    hash.update(BigInt::encode_1363(domain.get_b(), p_bytes));
-   hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_x(), p_bytes));
-   hash.update(BigInt::encode_1363(domain.get_base_point().get_affine_y(), p_bytes));
+   hash.update(BigInt::encode_1363(domain.get_g_x(), p_bytes));
+   hash.update(BigInt::encode_1363(domain.get_g_y(), p_bytes));
    hash.update(BigInt::encode_1363(pubkey.get_affine_x(), p_bytes));
    hash.update(BigInt::encode_1363(pubkey.get_affine_y(), p_bytes));
 
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp
index 47de5e7fb..1eb796923 100644
--- a/src/tests/test_ffi.cpp
+++ b/src/tests/test_ffi.cpp
@@ -1425,7 +1425,7 @@ class FFI_Unit_Tests final : public Test
 
             botan_pk_op_verify_t verifier;
 
-            if(TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-256)", 0)))
+            if(signature.size() > 0 && TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-256)", 0)))
                {
                TEST_FFI_OK(botan_pk_op_verify_update, (verifier, message.data(), message.size()));
                TEST_FFI_OK(botan_pk_op_verify_finish, (verifier, signature.data(), signature.size()));
@@ -1524,7 +1524,7 @@ class FFI_Unit_Tests final : public Test
 
          botan_pk_op_verify_t verifier;
 
-         if(TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-384)", 0)))
+         if(signature.size() > 0 && TEST_FFI_OK(botan_pk_op_verify_create, (&verifier, pub, "EMSA1(SHA-384)", 0)))
             {
             TEST_FFI_OK(botan_pk_op_verify_update, (verifier, message.data(), message.size()));
             TEST_FFI_OK(botan_pk_op_verify_finish, (verifier, signature.data(), signature.size()));
@@ -1587,8 +1587,8 @@ class FFI_Unit_Tests final : public Test
          TEST_FFI_OK(botan_privkey_get_field, (private_scalar, priv, "x"));
          TEST_FFI_OK(botan_pubkey_get_field, (public_x, pub, "public_x"));
          TEST_FFI_OK(botan_pubkey_get_field, (public_y, pub, "public_y"));
-         TEST_FFI_OK(botan_privkey_load_sm2, (&loaded_privkey, private_scalar, kCurve));
-         TEST_FFI_OK(botan_pubkey_load_sm2, (&loaded_pubkey, public_x, public_y, kCurve));
+         REQUIRE_FFI_OK(botan_privkey_load_sm2, (&loaded_privkey, private_scalar, kCurve));
+         REQUIRE_FFI_OK(botan_pubkey_load_sm2, (&loaded_pubkey, public_x, public_y, kCurve));
          TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0));
          TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0));
 
@@ -1678,8 +1678,8 @@ class FFI_Unit_Tests final : public Test
          TEST_FFI_OK(botan_privkey_get_field, (private_scalar, priv, "x"));
          TEST_FFI_OK(botan_pubkey_get_field, (public_x, pub, "public_x"));
          TEST_FFI_OK(botan_pubkey_get_field, (public_y, pub, "public_y"));
-         TEST_FFI_OK(botan_privkey_load_sm2_enc, (&loaded_privkey, private_scalar, kCurve));
-         TEST_FFI_OK(botan_pubkey_load_sm2_enc, (&loaded_pubkey, public_x, public_y, kCurve));
+         REQUIRE_FFI_OK(botan_privkey_load_sm2_enc, (&loaded_privkey, private_scalar, kCurve));
+         REQUIRE_FFI_OK(botan_pubkey_load_sm2_enc, (&loaded_pubkey, public_x, public_y, kCurve));
          TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0));
          TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0));