diff options
| author | Jack Lloyd <[email protected]> | 2016-11-16 12:05:34 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-11-17 13:56:25 -0500 |
| commit | 74cf1686b727d9b41781df66f3f74d63b9c5cfe2 (patch) | |
| tree | c5127473f7676763202cf79837bd4328c903a21d /src/lib/pubkey/curve25519 | |
| parent | 97df0c27b878d77799353ccc9eda9705b1ec1fa4 (diff) | |
Add CECPQ1 TLS ciphersuites
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
Diffstat (limited to 'src/lib/pubkey/curve25519')
| -rw-r--r-- | src/lib/pubkey/curve25519/curve25519.cpp | 25 | ||||
| -rw-r--r-- | src/lib/pubkey/curve25519/curve25519.h | 14 | ||||
| -rw-r--r-- | src/lib/pubkey/curve25519/donna.cpp | 3 |
3 files changed, 24 insertions, 18 deletions
diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp index 216d02600..dd97e1f1d 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/curve25519/curve25519.cpp @@ -12,6 +12,12 @@ namespace Botan { +void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) + { + const byte basepoint[32] = { 9 }; + curve25519_donna(mypublic, secret, basepoint); + } + namespace { void size_check(size_t size, const char* thing) @@ -24,17 +30,7 @@ secure_vector<byte> curve25519(const secure_vector<byte>& secret, const byte pubval[32]) { secure_vector<byte> out(32); - const int rc = curve25519_donna(out.data(), secret.data(), pubval); - BOTAN_ASSERT_EQUAL(rc, 0, "Return value of curve25519_donna is ok"); - return out; - } - -std::vector<byte> curve25519_basepoint(const secure_vector<byte>& secret) - { - const byte basepoint[32] = { 9 }; - std::vector<byte> out(32); - const int rc = curve25519_donna(out.data(), secret.data(), basepoint); - BOTAN_ASSERT_EQUAL(rc, 0, "Return value of curve25519_donna is ok"); + curve25519_donna(out.data(), secret.data(), pubval); return out; } @@ -74,7 +70,8 @@ std::vector<byte> Curve25519_PublicKey::x509_subject_public_key() const Curve25519_PrivateKey::Curve25519_PrivateKey(RandomNumberGenerator& rng) { m_private = rng.random_vec(32); - m_public = curve25519_basepoint(m_private); + m_public.resize(32); + curve25519_basepoint(m_public.data(), m_private.data()); } Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier&, @@ -103,7 +100,9 @@ secure_vector<byte> Curve25519_PrivateKey::pkcs8_private_key() const bool Curve25519_PrivateKey::check_key(RandomNumberGenerator&, bool) const { - return curve25519_basepoint(m_private) == m_public; + std::vector<uint8_t> public_point(32); + curve25519_basepoint(public_point.data(), m_private.data()); + return public_point == m_public; } secure_vector<byte> Curve25519_PrivateKey::agree(const byte w[], size_t w_len) const diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h index 938bc42d4..40d9d81da 100644 --- a/src/lib/pubkey/curve25519/curve25519.h +++ b/src/lib/pubkey/curve25519/curve25519.h @@ -103,9 +103,17 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey, * The types above are just wrappers for curve25519_donna, plus defining * encodings for public and private keys. */ -int BOTAN_DLL curve25519_donna(uint8_t mypublic[32], - const uint8_t secret[32], - const uint8_t basepoint[32]); +void BOTAN_DLL curve25519_donna(uint8_t mypublic[32], + const uint8_t secret[32], + const uint8_t basepoint[32]); + +/** +* Exponentiate by the x25519 base point +* @param mypublic output value +* @param secret random scalar +*/ +void BOTAN_DLL curve25519_basepoint(uint8_t mypublic[32], + const uint8_t secret[32]); } diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/curve25519/donna.cpp index 86b92b0bf..22400015f 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/curve25519/donna.cpp @@ -433,7 +433,7 @@ crecip(felem out, const felem z) { /* 2^255 - 21 */ fmul(out, t0, a); } -int +void curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { CT::poison(secret, 32); @@ -457,7 +457,6 @@ curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { CT::unpoison(secret, 32); CT::unpoison(basepoint, 32); CT::unpoison(mypublic, 32); - return 0; } } |