aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-02 05:08:15 +0000
committerlloyd <[email protected]>2010-03-02 05:08:15 +0000
commit3c15bd259f0921f1fa08ec91ee3cf2621c64a02d (patch)
tree54351d5e865a872896c6a95175693cc0ffa9e246 /src
parent5fec937bd0c72858d6cf2f09b58b219294c7d5cc (diff)
parent54a3c5ae67f8b987d05ffd18e2d49a2da1d5988e (diff)
propagate from branch 'net.randombit.botan' (head fc86fc4842254088bf820ea6ebf05877aa63fb22)
to branch 'net.randombit.botan.c++0x' (head 77565ff7252df7f8faad86d65075498b0adb93d8)
Diffstat (limited to 'src')
-rw-r--r--src/cert/cvc/cvc_self.cpp8
-rw-r--r--src/constructs/passhash/passhash9.cpp18
-rw-r--r--src/engine/def_engine/def_pk_ops.cpp32
-rw-r--r--src/engine/def_engine/default_engine.h12
-rw-r--r--src/engine/engine.h24
-rw-r--r--src/libstate/pk_engine.cpp42
-rw-r--r--src/libstate/pk_engine.h22
-rw-r--r--src/libstate/policy.cpp296
-rw-r--r--src/math/numbertheory/curve_gfp.h5
-rw-r--r--src/math/numbertheory/point_gfp.cpp62
-rw-r--r--src/math/numbertheory/point_gfp.h57
-rw-r--r--src/pubkey/ec_dompar/ec_dompar.cpp644
-rw-r--r--src/pubkey/ec_dompar/ec_dompar.h115
-rw-r--r--src/pubkey/ec_dompar/info.txt5
-rw-r--r--src/pubkey/ecc_key/ecc_key.cpp155
-rw-r--r--src/pubkey/ecc_key/ecc_key.h71
-rw-r--r--src/pubkey/ecdh/ecdh.cpp51
-rw-r--r--src/pubkey/ecdh/ecdh.h102
-rw-r--r--src/pubkey/ecdh/info.txt (renamed from src/pubkey/eckaeg/info.txt)2
-rw-r--r--src/pubkey/ecdsa/ecdsa.cpp216
-rw-r--r--src/pubkey/ecdsa/ecdsa.h61
-rw-r--r--src/pubkey/ecdsa/ecdsa_core.cpp52
-rw-r--r--src/pubkey/ecdsa/ecdsa_core.h46
-rw-r--r--src/pubkey/ecdsa/ecdsa_op.cpp74
-rw-r--r--src/pubkey/ecdsa/ecdsa_op.h64
-rw-r--r--src/pubkey/ecdsa/info.txt2
-rw-r--r--src/pubkey/eckaeg/eckaeg.cpp151
-rw-r--r--src/pubkey/eckaeg/eckaeg.h138
-rw-r--r--src/pubkey/eckaeg/eckaeg_core.cpp59
-rw-r--r--src/pubkey/eckaeg/eckaeg_core.h44
-rw-r--r--src/pubkey/eckaeg/eckaeg_op.cpp39
-rw-r--r--src/pubkey/eckaeg/eckaeg_op.h49
-rw-r--r--src/pubkey/gost_3410/gost_3410.cpp207
-rw-r--r--src/pubkey/gost_3410/gost_3410.h54
34 files changed, 846 insertions, 2133 deletions
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index 5ec7d7d32..1d06acd66 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -221,7 +221,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
std::unique_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash));
std::unique_ptr<Public_Key> pk = signee.subject_public_key();
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
- subj_pk->set_parameter_encoding(ENC_EXPLICIT);
+ subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
#if 0 // FIXME
std::unique_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
@@ -265,9 +265,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
// for the case that the domain parameters are not set...
// (we use those from the signer because they must fit)
- subj_pk->set_domain_parameters(priv_key->domain_parameters());
+ //subj_pk->set_domain_parameters(priv_key->domain_parameters());
- subj_pk->set_parameter_encoding(ENC_IMPLICITCA);
+ subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
#if 0 // FIXME
std::unique_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder());
@@ -327,7 +327,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& prkey,
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
ECDSA_PrivateKey key(*priv_key);
- key.set_parameter_encoding(ENC_IMPLICITCA);
+ key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
return Botan::CVC_EAC::create_cvc_req(key, chr, hash_alg, rng);
}
diff --git a/src/constructs/passhash/passhash9.cpp b/src/constructs/passhash/passhash9.cpp
index 9e5ff3257..e244ad132 100644
--- a/src/constructs/passhash/passhash9.cpp
+++ b/src/constructs/passhash/passhash9.cpp
@@ -29,16 +29,26 @@ MessageAuthenticationCode* get_pbkdf_prf(byte alg_id)
{
Algorithm_Factory& af = global_state().algorithm_factory();
- if(alg_id == 0)
- return af.make_mac("HMAC(SHA-1)");
+ try
+ {
+ if(alg_id == 0)
+ return af.make_mac("HMAC(SHA-1)");
+ }
+ catch(Algorithm_Not_Found) {}
return 0;
}
std::pair<byte, MessageAuthenticationCode*> choose_pbkdf_prf()
{
- byte alg_id = 0;
- return std::make_pair(alg_id, get_pbkdf_prf(alg_id));
+ for(byte alg_id = 0; alg_id != 255; ++alg_id)
+ {
+ MessageAuthenticationCode* prf = get_pbkdf_prf(alg_id);
+ if(prf)
+ return std::make_pair(alg_id, prf);
+ }
+
+ throw Internal_Error("Passhash9: No PRF available");
}
}
diff --git a/src/engine/def_engine/def_pk_ops.cpp b/src/engine/def_engine/def_pk_ops.cpp
index 3ac608819..e1040142e 100644
--- a/src/engine/def_engine/def_pk_ops.cpp
+++ b/src/engine/def_engine/def_pk_ops.cpp
@@ -27,14 +27,6 @@
#include <botan/dh_op.h>
#endif
-#if defined(BOTAN_HAS_ECDSA)
- #include <botan/ecdsa_op.h>
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
- #include <botan/eckaeg_op.h>
-#endif
-
namespace Botan {
#if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY)
@@ -94,28 +86,4 @@ DH_Operation* Default_Engine::dh_op(const DL_Group& group,
}
#endif
-#if defined(BOTAN_HAS_ECDSA)
-/*
-* Acquire a ECDSA op
-*/
-ECDSA_Operation* Default_Engine::ecdsa_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key) const
- {
- return new Default_ECDSA_Op(dom_pars, priv_key, pub_key);
- }
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
-/*
-* Acquire a ECKAEG op
-*/
-ECKAEG_Operation* Default_Engine::eckaeg_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key) const
- {
- return new Default_ECKAEG_Op(dom_pars, priv_key, pub_key);
- }
-#endif
-
}
diff --git a/src/engine/def_engine/default_engine.h b/src/engine/def_engine/default_engine.h
index 6846d3497..aa753fadb 100644
--- a/src/engine/def_engine/default_engine.h
+++ b/src/engine/def_engine/default_engine.h
@@ -44,18 +44,6 @@ class Default_Engine : public Engine
DH_Operation* dh_op(const DL_Group&, const BigInt&) const;
#endif
-#if defined(BOTAN_HAS_ECDSA)
- virtual ECDSA_Operation* ecdsa_op(const EC_Domain_Params&,
- const BigInt&,
- const PointGFp&) const;
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
- virtual ECKAEG_Operation* eckaeg_op(const EC_Domain_Params&,
- const BigInt&,
- const PointGFp&) const;
-#endif
-
Modular_Exponentiator* mod_exp(const BigInt&,
Power_Mod::Usage_Hints) const;
diff --git a/src/engine/engine.h b/src/engine/engine.h
index 66a159e38..ba5f95c27 100644
--- a/src/engine/engine.h
+++ b/src/engine/engine.h
@@ -39,16 +39,6 @@
#include <botan/elg_op.h>
#endif
-#if defined(BOTAN_HAS_ECDSA)
- #include <botan/ecdsa_op.h>
- #include <botan/ec_dompar.h>
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
- #include <botan/eckaeg_op.h>
- #include <botan/ec_dompar.h>
-#endif
-
namespace Botan {
class Algorithm_Factory;
@@ -119,20 +109,6 @@ class BOTAN_DLL Engine
virtual DH_Operation* dh_op(const DL_Group&, const BigInt&) const
{ return 0; }
#endif
-
-#if defined(BOTAN_HAS_ECDSA)
- virtual ECDSA_Operation* ecdsa_op(const EC_Domain_Params&,
- const BigInt&,
- const PointGFp&) const
- { return 0; }
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
- virtual ECKAEG_Operation* eckaeg_op(const EC_Domain_Params&,
- const BigInt&,
- const PointGFp&) const
- { return 0; }
-#endif
};
}
diff --git a/src/libstate/pk_engine.cpp b/src/libstate/pk_engine.cpp
index d6f4f7015..ac2fa68b0 100644
--- a/src/libstate/pk_engine.cpp
+++ b/src/libstate/pk_engine.cpp
@@ -110,48 +110,6 @@ DH_Operation* dh_op(const DL_Group& group, const BigInt& x)
}
#endif
-#if defined(BOTAN_HAS_ECDSA)
-/*
-* Acquire an ECDSA op
-*/
-ECDSA_Operation* ecdsa_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key)
- {
- Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory());
-
- while(const Engine* engine = i.next())
- {
- ECDSA_Operation* op = engine->ecdsa_op(dom_pars, priv_key, pub_key);
- if(op)
- return op;
- }
-
- throw Lookup_Error("Engine_Core::ecdsa_op: Unable to find a working engine");
- }
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
-/*
-* Acquire a ECKAEG op
-*/
-ECKAEG_Operation* eckaeg_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key)
- {
- Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory());
-
- while(const Engine* engine = i.next())
- {
- ECKAEG_Operation* op = engine->eckaeg_op(dom_pars, priv_key, pub_key);
- if(op)
- return op;
- }
-
- throw Lookup_Error("Engine_Core::eckaeg_op: Unable to find a working engine");
- }
-#endif
-
/*
* Acquire a modular exponentiator
*/
diff --git a/src/libstate/pk_engine.h b/src/libstate/pk_engine.h
index 256a47c20..25f326ef0 100644
--- a/src/libstate/pk_engine.h
+++ b/src/libstate/pk_engine.h
@@ -31,16 +31,6 @@
#include <botan/elg_op.h>
#endif
-#if defined(BOTAN_HAS_ECDSA)
- #include <botan/ecdsa_op.h>
- #include <botan/ec_dompar.h>
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
- #include <botan/eckaeg_op.h>
- #include <botan/ec_dompar.h>
-#endif
-
namespace Botan {
class Algorithm_Factory;
@@ -76,18 +66,6 @@ ELG_Operation* elg_op(const DL_Group&, const BigInt&, const BigInt&);
DH_Operation* dh_op(const DL_Group&, const BigInt&);
#endif
-#if defined(BOTAN_HAS_ECDSA)
-ECDSA_Operation* ecdsa_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key);
-#endif
-
-#if defined(BOTAN_HAS_ECKAEG)
-ECKAEG_Operation* eckaeg_op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key);
-#endif
-
}
}
diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp
index 3e9c8e122..bb775b049 100644
--- a/src/libstate/policy.cpp
+++ b/src/libstate/policy.cpp
@@ -194,6 +194,41 @@ void set_default_oids(Library_State& config)
add_oid(config, "1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr");
+ /* ECC domain parameters */
+
+ add_oid(config, "1.3.132.0.6", "secp112r1");
+ add_oid(config, "1.3.132.0.7", "secp112r2");
+ add_oid(config, "1.3.132.0.8", "secp160r1");
+ add_oid(config, "1.3.132.0.9", "secp160k1");
+ add_oid(config, "1.3.132.0.10", "secp256k1");
+ add_oid(config, "1.3.132.0.28", "secp128r1");
+ add_oid(config, "1.3.132.0.29", "secp128r2");
+ add_oid(config, "1.3.132.0.30", "secp160r2");
+ add_oid(config, "1.3.132.0.31", "secp192k1");
+ add_oid(config, "1.3.132.0.32", "secp224k1");
+ add_oid(config, "1.3.132.0.33", "secp224r1");
+ add_oid(config, "1.3.132.0.34", "secp384r1");
+ add_oid(config, "1.3.132.0.35", "secp521r1");
+
+ add_oid(config, "1.2.840.10045.3.1.1", "secp192r1");
+ add_oid(config, "1.2.840.10045.3.1.2", "x962_p192v2");
+ add_oid(config, "1.2.840.10045.3.1.3", "x962_p192v3");
+ add_oid(config, "1.2.840.10045.3.1.4", "x962_p239v1");
+ add_oid(config, "1.2.840.10045.3.1.5", "x962_p239v2");
+ add_oid(config, "1.2.840.10045.3.1.6", "x962_p239v3");
+ add_oid(config, "1.2.840.10045.3.1.7", "secp256r1");
+
+ add_oid(config, "1.3.36.3.3.2.8.1.1.1", "brainpool160r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.3", "brainpool192r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.5", "brainpool224r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.7", "brainpool256r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.9", "brainpool320r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.11", "brainpool384r1");
+ add_oid(config, "1.3.36.3.3.2.8.1.1.13", "brainpool512r1");
+
+ add_oid(config, "1.2.643.2.2.35.1", "gost_256A");
+ add_oid(config, "1.2.643.2.2.36.0", "gost_256A");
+
/* CVC */
add_oid(config, "0.4.0.127.0.7.3.1.2.1",
"CertificateHolderAuthorizationTemplate");
@@ -506,6 +541,267 @@ void set_default_dl_groups(Library_State& config)
"dqoG9JKAoscsF8xC1bbnQMXEsas8UcLtCSviotiwU65Xc9FCXtKwjwbi3VBZLfGk"
"eMFVkc39EVZP+I/zi3IdQjkv2kcyEtz9jS2IqXagCv/m//tDCjWeZMorNRyiQSOU"
"-----END DSA PARAMETERS-----");
+
+ config.set("ec", "secp112r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MHQCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDtt8Kr9i415mgHa+"
+ "rSCIBA5lnvi6BDkW7t6JEXArIgQdBAlIcjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3"
+ "dQACDwDbfCq/YuNedijfrGVhxQIBAQ=="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp112r2",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZc"
+ "DvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826V"
+ "bpcCDjbfCq/YuNdZfKEFINBLAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp128r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGAAgEBMBwGByqGSM49AQECEQD////9////////////////MCQEEP////3/////"
+ "//////////wEEOh1ecEQefQ92CSZPCzuXtMEIQQWH/dSi4mbLQwoYHylLFuGz1rI"
+ "OVuv6xPALaKS3e16gwIRAP////4AAAAAdaMNG5A4oRUCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp128r2",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MH8CAQEwHAYHKoZIzj0BAQIRAP////3///////////////8wJAQQ1gMZmNGzu/6/"
+ "Wcybv/mu4QQQXu78o4DQKRncLGVYu22KXQQhBHtqpdheVymD5vsyp83rwUAntpFq"
+ "iU067nEG/oBfw0tEAhA/////f////74AJHIGE7WjAgEE"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp160k1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGYAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczAsBBQAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAQUAAAAAAAAAAAAAAAAAAAAAAAAAAcEKQQ7TDgs43qh"
+ "kqQBnnYwNvT13U1+u5OM+TUxj9zta8KChlMXM8PwPE/uAhUBAAAAAAAAAAAAAbj6"
+ "Ft+rmsoWtrMCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp160r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGYAgEBMCAGByqGSM49AQECFQD/////////////////////f////zAsBBT/////"
+ "////////////////f////AQUHJe+/FS9eotlrPifgdTUrcVl+kUEKQRKlrVojvVz"
+ "KEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAAAAAAAfTI"
+ "+Seu08p1IlcCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp160r2",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGYAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczAsBBT/////"
+ "///////////////+//+scAQUtOE00/tZ64urVydJBGZNWvUDiLoEKQRS3LA0KToR"
+ "fh9P8Rsw9xmdMUTObf6v/vLjMfKW4HH6DfmYLP6n1D8uAhUBAAAAAAAAAAAAADUe"
+ "54aoGPOhoWsCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp192k1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGwAgEBMCQGByqGSM49AQECGQD//////////////////////////v//7jcwNAQY"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAMEMQTbT/EOwFfpriawfQKAt/Q0HaXRsergbH2bLy9tnFYop4RBY9AVvoY0QIKq"
+ "iNleL50CGQD///////////////4m8vwXD2lGanTe/Y0CAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp192r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY"
+ "/////////////////////v/////////8BBhkIQUZ5ZyA5w+n6atyJDBJ/rje7MFG"
+ "ubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3"
+ "oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp224k1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHIAgEBMCgGByqGSM49AQECHQD///////////////////////////////7//+Vt"
+ "MDwEHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAUEOQShRVszTfCZ3zD8KKFppGfp5HB1qQ9+ZQ62t6Rcfgif"
+ "7X+6NEKCyvvW9+MZ98CwvVniykvbVW1hpQIdAQAAAAAAAAAAAAAAAAAB3OjS7GGE"
+ "yvCpcXafsfcCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp224r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHIAgEBMCgGByqGSM49AQECHQD/////////////////////AAAAAAAAAAAAAAAB"
+ "MDwEHP////////////////////7///////////////4EHLQFCoUMBLOr9UEyVlBE"
+ "sLfXv9i6Jws5QyNV/7QEOQS3Dgy9a7S/fzITkLlKA8HTVsIRIjQygNYRXB0hvTdj"
+ "iLX3I/tMIt/mzUN1oFoHR2RE1YGZhQB+NAIdAP//////////////////FqLguPA+"
+ "E90pRVxcKj0CAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp256k1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHgAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+"
+ "///8LzBEBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQgAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEQQR5vmZ++dy7rFWgYpXOhwsHApv8"
+ "2y3OKNlZ8oFbFvgXmEg62ncmo8RlXaT7/A4RCKj9F7RIpoVUGZxH0I/7ENS4AiEA"
+ "/////////////////////rqu3OavSKA7v9JejNA2QUECAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp256r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHgAgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP//////////"
+ "/////zBEBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6"
+ "k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsEQQRrF9Hy4SxCR/i85uVjpEDydwN9"
+ "gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA"
+ "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp384r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBQAIBATA8BgcqhkjOPQEBAjEA////////////////////////////////////"
+ "//////7/////AAAAAAAAAAD/////MGQEMP//////////////////////////////"
+ "///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+"
+ "gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvBGEEqofKIr6LBTeOscce8yCtdG4d"
+ "O2KLp5uYWfdB4IJUKjhVAvJdv1UpbDpUXjhydgq3NhfeSpYmLG9dnpi/kpLcKfj0"
+ "Hb0omhR86doxE7XwuMAKYLHOHX6BnXpDHXyQ6g5fAjEA////////////////////"
+ "////////////x2NNgfQ3Ld9YGg2ySLCneuzsGWrMxSlzAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "secp521r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBrAIBATBNBgcqhkjOPQEBAkIB////////////////////////////////////"
+ "//////////////////////////////////////////////////8wgYgEQgH/////"
+ "////////////////////////////////////////////////////////////////"
+ "/////////////////ARCAFGVPrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ"
+ "4VYZOVHsfpN7FlLAvTuxvwc1c9+IPSw08e9FH9RrUD8ABIGFBADGhY4GtwQE6c2e"
+ "PstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5"
+ "fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQm"
+ "QMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJCAf//////////////////////////"
+ "////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "1.3.6.1.4.1.8301.3.1.2.9.0.38",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBrAIBATBNBgcqhkjOPQEBAkIB////////////////////////////////////"
+ "//////////////////////////////////////////////////8wgYgEQgH/////"
+ "////////////////////////////////////////////////////////////////"
+ "/////////////////ARCAFGVPrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ"
+ "4VYZOVHsfpN7FlLAvTuxvwc1c9+IPSw08e9FH9RrUD8ABIGFBADGhY4GtwQE6c2e"
+ "PstmI5W0QpxkgTkFP7Uh+CivYGtNPbqhS1537+dZKP4dwSei/6jeM0izwYVqQpv5"
+ "fn4xwuW9ZgEYOSlqeJo7wARcil+0LH0b2Zj1RElXm0RoF6+9Fyc+ZiyX7nKZXvQm"
+ "QMVQuQE/rQdhNTxwhqJywkCIvpR2n9FmUAJCAf//////////////////////////"
+ "////////////////+lGGh4O/L5Zrf8wBSPcJpdA7tcm4iZxHrrtvtx6ROGQJAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool160r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGYAgEBMCAGByqGSM49AQECFQDpXkpfc3BZ3GDfx62Vs9gTlRViDzAsBBQ0Dnvi"
+ "ooDrdOK+YbradF2X6PfDAAQUHliahZVCNBITT6otveyVyNhnXlgEKQS+1a8W6j9q"
+ "T2KTjEYx61r3vbzbwxZny0d6Go7DOPlHQWacl2MW2mMhAhUA6V5KX3NwWdxg31mR"
+ "1FApQJ5g/AkCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool192r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGwAgEBMCQGByqGSM49AQECGQDDAvQdkyo2zaejRjCT0Y23j85HbeGoYpcwNAQY"
+ "apEXQHax4OGcOcAx/oaFwcrgQOXGmijvBBhGmijvfCjMo9xyHQRPRJa8yn70FG+/"
+ "JckEMQTAoGR+qrakh1OwM8VssPCQCi9cSFM3X9YUtpCGar1buItfSCjBSQAC5nc/"
+ "ovopm48CGQDDAvQdkyo2zaejRi+enpFrW+jxAprErMECAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool224r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHIAgEBMCgGByqGSM49AQECHQDXwTSqJkNmhioYMCV10deHsJ8HV5faifV+yMD/"
+ "MDwEHGil5iypzmwcKZgDpsFTC1FOGCrYsAQqWcrSn0MEHCWA9jzP5EE4hwcTsakj"
+ "aeM+ITXSZtuzcjhsQAsEOQQNkCmtLH5c9DQII7KofcaMnkzjF0webv3uEsB9WKpW"
+ "93LAcm8kxrieTs2sJDVLnpnKo/bTdhQCzQIdANfBNKomQ2aGKhgwJXXQ+5jRFrxL"
+ "bd68o6Wnk58CAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool256r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHgAgEBMCwGByqGSM49AQECIQCp+1fboe6pvD5mCpCdg41ybjv2I9UmICggE0gd"
+ "H25TdzBEBCB9Wgl1/CwwV+72dTBBev/n+4BVwSbcXGzpSktE8zC12QQgJtxcbOlK"
+ "S0TzMLXZu9d8v5WEFilc9+HOa8zcGP+MB7YEQQSL0q65y35XyyxLSC/8gbevud4n"
+ "4eO9I8I6RFO9ms4yYlR++DXD2sT9l/hGGhRhHcnCd0UTLe2OVFwdVMcvBGmXAiEA"
+ "qftX26Huqbw+ZgqQnYONcYw5eqO1Yab3kB4OgpdIVqcCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool320r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBEAIBATA0BgcqhkjOPQEBAikA015HIDa8T7fhPHhe0gHgZfmPz6b29A3vT5K5"
+ "7HiT7Cj81BKx8bMuJzBUBCg+4wtWj7qw+IPM69RtPzu4oqc1E/XredpmGQ6whf+p"
+ "9JLzdal9hg60BChSCIOUnf28QtOtGYZAaIpv4T9BNJVUtJrMMdzNiEU5gW9etKyP"
+ "sfGmBFEEQ71+mvtT2LhSibzEjuW/5vIBN9EKCH6254ceKhClmccQr40NOeIGERT9"
+ "0FVF7BzIq0CTJH93J14HQ//tEXGC6qnHeHeqrGrH01JF0WkujuECKQDTXkcgNrxP"
+ "t+E8eF7SAeBl+Y/PpbaPEqMtSC7H7oZY6YaRVVtExZMRAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool384r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBQAIBATA8BgcqhkjOPQEBAjEAjLkegqM4bSgPXW9+UOZB3xUvcQntVFa0ErHa"
+ "GX+3ESOs06cpkB0acYdHABMxB+xTMGQEMHvDgsY9jBUMPHIICs4Fr6DCvqKOT7In"
+ "hxORZe+6kfkPiqWBSlA61OsEqMfdIs4oJgQwBKjH3SLOKCaLObVUFvBEfC+3feEH"
+ "3NKmLogOpT7rYtV8tDkCldvJlDq3hpb6UEwRBGEEHRxk8GjPRf+ipjqBt8E/a4hH"
+ "o+d+8U/j23/K/gy9EOjoJuA0NtZGqu+HsuJH1K8eir4ddSD5wqRcseuOlc/VUmK3"
+ "Cyn+7Fhk4ZwFT/mRKSgORkYhd5GBEUKCA0EmPFMVAjEAjLkegqM4bSgPXW9+UOZB"
+ "3xUvcQntVFazHxZubKwEJafPOrava3/DEDuIMgLpBGVlAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "brainpool512r1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIIBogIBATBMBgcqhkjOPQEBAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOc"
+ "ynAzCHF9TZsAm8ZoQq7NoSrmo4DmKIH/Ly2CxoUoqmBWWDpI8zCBhARAeDCjMYtg"
+ "O4niMnFFrCNMxZTL3Y09+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvy"
+ "x7nnwaxNd/yUygRAPfkWEKg0QcrqmGO8Le1dWqglOqEKLvHJi5rItX8RF6cr8se5"
+ "58GsTXf8lMrcCD5nmEBQt1665d0oCb1jgBb3IwSBgQSBruS92C7ZZFohMi6cTGqT"
+ "he2fcLXZFsG0O2Lu9NAJjv87H3ji0NSNUNFoe5O5fV98bVBHQGpeaIs1Igm8ufgi"
+ "fd44XVZjMuzA6r+pz3gi/fIJ9wAkpXsaoADFW4gfgRGy3N5JSl9IXlvKS9iKJ2Ou"
+ "0corL6jwVAZ4zR4POtgIkgJBAKrdnbjb6cSLP9TmrjPJ/AfLMI2zs8nSDtZjnMpw"
+ "MwhwVT5cQUypJhlBhmEZf6wQRx2x04EIXdrdtYeWgpypAGkCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "x962_p192v2",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY"
+ "/////////////////////v/////////8BBjMItbfuVxrJeScDWNkpOWYDDk6ohZo"
+ "2VMEMQTuorrn4Ul4QvLed2nP6cmJwHKtaW9IA0pldNEdabbsemcruCoIPfLysIR9"
+ "6XCy3hUCGQD///////////////5fsack3IBBhkjY3TECAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "x962_p192v3",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIGwAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wNAQY"
+ "/////////////////////v/////////8BBgiEj3COVoFyqdCPa7MyUdgp9RiJWvV"
+ "aRYEMQR9KXeBAMZaHaF4NxZYjc4ri0rujiKPGJY4qQ8iY3M3M0tJ3LZqbcj5l4rK"
+ "dkipQ7ACGQD///////////////96YtAxyD9ClPZA7BMCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "x962_p239v1",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////"
+ "/zBABB5///////////////9///////+AAAAAAAB///////wEHmsBbDvc8YlB0NZU"
+ "khR1ynGp2y+yfR03eWGFwpQsCgQ9BA/6ljzcqIFszDO4ZCvt+QXD01hXPT8n+707"
+ "PLmqr33r6OTpCl2ubkBUylMLoEZUs2gYziJrOfzLewLxrgIef///////////////"
+ "f///nl6an12QcfvRUiaIkJ0LAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "x962_p239v2",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////"
+ "/zBABB5///////////////9///////+AAAAAAAB///////wEHmF/q2gyV2y7/tUN"
+ "mfAknD/uWLlLoAOMeuhMjIMvLAQ9BDivCdmHJ3BRIMkhu16eJilqPNzy81dXoOr9"
+ "h7gw51sBJeTb6g7HIG2g/AHZsIEyn7VV3m70YCN9/4vkugIef///////////////"
+ "gAAAz6foWUN31BTAOCG8WCBjAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "x962_p239v3",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHSAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH//////"
+ "/zBABB5///////////////9///////+AAAAAAAB///////wEHiVXBfoqMGZUsfTL"
+ "A9anUKMMJQEC1JiHF9m6FattPgQ9BGdoro4Yu5LPzwBclJqixtlIU9DmYLv4VLHJ"
+ "UF/pWhYH5omPOQwGvB1VK60ibztvz+SLboGEma8Y4+1s8wIef///////////////"
+ "f///l13rQbOmBXw8QyFGUmVRAgEB"
+ "-----END ECC DOMAIN PARAMETERS-----");
+
+ config.set("ec", "gost_256A",
+ "-----BEGIN ECC DOMAIN PARAMETERS-----"
+ "MIHgAgEBMCwGByqGSM49AQECIQD/////////////////////////////////////"
+ "///9lzBEBCD////////////////////////////////////////9lAQgAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKYEQQQAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAY2R5HHgmJzaJ99QWkU/K3Y1KU8t3yPjsSKsyZyenx4UAiEA"
+ "/////////////////////2xhEHCZWtEARYQbCbdhuJMCAQE="
+ "-----END ECC DOMAIN PARAMETERS-----");
}
}
diff --git a/src/math/numbertheory/curve_gfp.h b/src/math/numbertheory/curve_gfp.h
index 697065dfe..de6bed099 100644
--- a/src/math/numbertheory/curve_gfp.h
+++ b/src/math/numbertheory/curve_gfp.h
@@ -23,6 +23,11 @@ class BOTAN_DLL CurveGFp
public:
/**
+ * Create an uninitialized CurveGFp
+ */
+ CurveGFp() {}
+
+ /**
* Construct the elliptic curve E: y^2 = x^3 + ax + b over GF(p)
* @param p prime number of the field
* @param a first coefficient
diff --git a/src/math/numbertheory/point_gfp.cpp b/src/math/numbertheory/point_gfp.cpp
index 06c42d18c..bed08eb39 100644
--- a/src/math/numbertheory/point_gfp.cpp
+++ b/src/math/numbertheory/point_gfp.cpp
@@ -67,7 +67,7 @@ PointGFp& PointGFp::operator+=(const PointGFp& rhs)
{
if(r.is_zero())
{
- mult2_in_place();
+ mult2();
return *this;
}
@@ -119,7 +119,7 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar)
}
else if(value == 2)
{
- this->mult2_in_place();
+ this->mult2();
if(scalar.is_negative())
this->negate();
}
@@ -135,7 +135,7 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar)
for(int i = scalar.bits() - 1; i >= 0; --i)
{
- H.mult2_in_place();
+ H.mult2();
if(scalar.get_bit(i))
H += P;
}
@@ -164,16 +164,8 @@ PointGFp& PointGFp::operator*=(const BigInt& scalar)
return *this;
}
-PointGFp& PointGFp::negate()
- {
- if(!is_zero())
- coord_y = curve.get_p() - coord_y;
-
- return *this;
- }
-
// *this *= 2
-void PointGFp::mult2_in_place()
+void PointGFp::mult2()
{
if(is_zero())
return;
@@ -196,15 +188,11 @@ void PointGFp::mult2_in_place()
BigInt x = mod_p.reduce(mod_p.square(M) - mod_p.multiply(2, S));
- BigInt y = mod_p.square(y_2);
-
- BigInt z = mod_p.multiply(2, mod_p.reduce(y + y));
-
- BigInt U = mod_p.reduce(z + z);
+ BigInt U = mod_p.multiply(8, mod_p.square(y_2));
- y = mod_p.reduce(mod_p.multiply(M, S - x) - U);
+ BigInt y = mod_p.reduce(mod_p.multiply(M, S - x) - U);
- z = mod_p.multiply(2, mod_p.multiply(coord_y, coord_z));
+ BigInt z = mod_p.multiply(2, mod_p.multiply(coord_y, coord_z));
coord_x = x;
coord_y = y;
@@ -233,12 +221,6 @@ BigInt PointGFp::get_affine_y() const
return mod_p.multiply(coord_y, inverse_mod(z3, curve.get_p()));
}
-// Is this the point at infinity?
-bool PointGFp::is_zero() const
- {
- return(coord_x.is_zero() && coord_z.is_zero());
- }
-
void PointGFp::check_invariants() const
{
/*
@@ -292,36 +274,6 @@ bool PointGFp::operator==(const PointGFp& other) const
get_curve() == other.get_curve());
}
-// arithmetic operators
-PointGFp operator+(const PointGFp& lhs, PointGFp const& rhs)
- {
- PointGFp tmp(lhs);
- return tmp += rhs;
- }
-
-PointGFp operator-(const PointGFp& lhs, PointGFp const& rhs)
- {
- PointGFp tmp(lhs);
- return tmp -= rhs;
- }
-
-PointGFp operator-(const PointGFp& lhs)
- {
- return PointGFp(lhs).negate();
- }
-
-PointGFp operator*(const BigInt& scalar, const PointGFp& point)
- {
- PointGFp result(point);
- return result *= scalar;
- }
-
-PointGFp operator*(const PointGFp& point, const BigInt& scalar)
- {
- PointGFp result(point);
- return result *= scalar;
- }
-
// encoding and decoding
SecureVector<byte> EC2OSP(const PointGFp& point, byte format)
{
diff --git a/src/math/numbertheory/point_gfp.h b/src/math/numbertheory/point_gfp.h
index 0741b5e56..3bb763d44 100644
--- a/src/math/numbertheory/point_gfp.h
+++ b/src/math/numbertheory/point_gfp.h
@@ -41,6 +41,11 @@ class BOTAN_DLL PointGFp
};
/**
+ * Construct an uninitialized PointGFp
+ */
+ PointGFp() {}
+
+ /**
* Construct the point O
* @param curve The base curve
*/
@@ -98,7 +103,12 @@ class BOTAN_DLL PointGFp
* Negate this point
* @return *this
*/
- PointGFp& negate();
+ PointGFp& negate()
+ {
+ if(!is_zero())
+ coord_y = curve.get_p() - coord_y;
+ return *this;
+ }
/**
* Return base curve of this point
@@ -122,25 +132,26 @@ class BOTAN_DLL PointGFp
* get the jacobian projective x coordinate
* @result jacobian projective x coordinate
*/
- const BigInt& get_jac_proj_x() const { return coord_x; }
+ const BigInt& get_x() const { return coord_x; }
/**
* get the jacobian projective y coordinate
* @result jacobian projective y coordinate
*/
- const BigInt& get_jac_proj_y() const { return coord_y; }
+ const BigInt& get_y() const { return coord_y; }
/**
* get the jacobian projective z coordinate
* @result jacobian projective z coordinate
*/
- const BigInt& get_jac_proj_z() const { return coord_z; }
+ const BigInt& get_z() const { return coord_z; }
/**
* Is this the point at infinity?
* @result true, if this point is at infinity, false otherwise.
*/
- bool is_zero() const;
+ bool is_zero() const
+ { return (coord_x.is_zero() && coord_z.is_zero()); }
/**
* Checks whether the point is to be found on the underlying curve.
@@ -162,9 +173,9 @@ class BOTAN_DLL PointGFp
bool operator==(const PointGFp& other) const;
private:
/**
- * Multiply the point by two
+ * Point doubling
*/
- void mult2_in_place();
+ void mult2();
CurveGFp curve;
BigInt coord_x, coord_y, coord_z;
@@ -177,12 +188,34 @@ inline bool operator!=(const PointGFp& lhs, const PointGFp& rhs)
}
// arithmetic operators
-PointGFp BOTAN_DLL operator+(const PointGFp& lhs, const PointGFp& rhs);
-PointGFp BOTAN_DLL operator-(const PointGFp& lhs, const PointGFp& rhs);
-PointGFp BOTAN_DLL operator-(const PointGFp& lhs);
+inline PointGFp operator-(const PointGFp& lhs)
+ {
+ return PointGFp(lhs).negate();
+ }
+
+inline PointGFp operator+(const PointGFp& lhs, const PointGFp& rhs)
+ {
+ PointGFp tmp(lhs);
+ return tmp += rhs;
+ }
-PointGFp BOTAN_DLL operator*(const BigInt& scalar, const PointGFp& point);
-PointGFp BOTAN_DLL operator*(const PointGFp& point, const BigInt& scalar);
+inline PointGFp operator-(const PointGFp& lhs, const PointGFp& rhs)
+ {
+ PointGFp tmp(lhs);
+ return tmp -= rhs;
+ }
+
+inline PointGFp operator*(const BigInt& scalar, const PointGFp& point)
+ {
+ PointGFp result(point);
+ return result *= scalar;
+ }
+
+inline PointGFp operator*(const PointGFp& point, const BigInt& scalar)
+ {
+ PointGFp result(point);
+ return result *= scalar;
+ }
// encoding and decoding
SecureVector<byte> BOTAN_DLL EC2OSP(const PointGFp& point, byte format);
diff --git a/src/pubkey/ec_dompar/ec_dompar.cpp b/src/pubkey/ec_dompar/ec_dompar.cpp
index 30a121875..7910e898f 100644
--- a/src/pubkey/ec_dompar/ec_dompar.cpp
+++ b/src/pubkey/ec_dompar/ec_dompar.cpp
@@ -8,587 +8,135 @@
*/
#include <botan/ec_dompar.h>
-#include <botan/pubkey_enums.h>
-#include <botan/parsing.h>
-#include <botan/hex.h>
-#include <botan/pipe.h>
+#include <botan/ber_dec.h>
+#include <botan/der_enc.h>
+#include <botan/libstate.h>
+#include <botan/oids.h>
+#include <botan/pem.h>
namespace Botan {
-namespace {
-
-std::vector<std::string> get_standard_domain_parameter(const std::string& oid)
+EC_Domain_Params::EC_Domain_Params(const OID& domain_oid)
{
- // using a linear search here is pretty nasty... revisit
-
- /* SEC2 */
-
- if(oid == "1.3.132.0.6")
- {
- /* secp112r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xdb7c2abf62e35e668076bead208b"); //p
- dom_par.push_back("0xDB7C2ABF62E35E668076BEAD2088"); // a
- dom_par.push_back("0x659EF8BA043916EEDE8911702B22"); // b
- dom_par.push_back("0409487239995A5EE76B55F9C2F098A89CE5AF8724C0A23E0E0ff77500"); // G
- dom_par.push_back("0xDB7C2ABF62E35E7628DFAC6561C5"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.7")
- {
- /* secp112r2; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xdb7c2abf62e35e668076bead208b"); //p
- dom_par.push_back("0x6127C24C05F38A0AAAF65C0EF02C"); // a
- dom_par.push_back("0x51DEF1815DB5ED74FCC34C85D709"); // b
- dom_par.push_back("044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"); // G
- dom_par.push_back("0x36DF0AAFD8B8D7597CA10520D04B"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.28")
- {
- /* secp128r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffdffffffffffffffffffffffff"); //p
- dom_par.push_back("0xffffffFDffffffffffffffffffffffFC"); // a
- dom_par.push_back("0xE87579C11079F43DD824993C2CEE5ED3"); // b
- dom_par.push_back("04161ff7528B899B2D0C28607CA52C5B86CF5AC8395BAFEB13C02DA292DDED7A83"); // G
- dom_par.push_back("0xffffffFE0000000075A30D1B9038A115"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.29")
- {
- /* secp128r2; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffdffffffffffffffffffffffff"); //p
- dom_par.push_back("0xD6031998D1B3BBFEBF59CC9BBff9AEE1"); // a
- dom_par.push_back("0x5EEEFCA380D02919DC2C6558BB6D8A5D"); // b
- dom_par.push_back("047B6AA5D85E572983E6FB32A7CDEBC14027B6916A894D3AEE7106FE805FC34B44"); // G
- dom_par.push_back("0x3ffffffF7ffffffFBE0024720613B5A3"); // order
- dom_par.push_back("4"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.9")
- {
- /* secp160k1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffeffffac73"); //p
- dom_par.push_back("0x0000000000000000000000000000000000000000"); // a
- dom_par.push_back("0x0000000000000000000000000000000000000007"); // b
- dom_par.push_back("043B4C382CE37AA192A4019E763036F4F5DD4D7EBB938CF935318FDCED6BC28286531733C3F03C4FEE"); // G
- dom_par.push_back("0x0100000000000000000001B8FA16DFAB9ACA16B6B3"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.30")
- {
- /* secp160r2; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffeffffac73"); //p
- dom_par.push_back("0xffffffffffffffffffffffffffffffFEffffAC70"); // a
- dom_par.push_back("0xB4E134D3FB59EB8BAB57274904664D5AF50388BA"); // b
- dom_par.push_back("0452DCB034293A117E1F4ff11B30F7199D3144CE6DFEAffEF2E331F296E071FA0DF9982CFEA7D43F2E"); // G
- dom_par.push_back("0x0100000000000000000000351EE786A818F3A1A16B"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.31")
- {
- /* secp192k1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffffffffffeffffee37"); //p
- dom_par.push_back("0x000000000000000000000000000000000000000000000000"); // a
- dom_par.push_back("0x000000000000000000000000000000000000000000000003"); // b
- dom_par.push_back("04DB4ff10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"); // G
- dom_par.push_back("0xffffffffffffffffffffffFE26F2FC170F69466A74DEFD8D"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.32")
- {
- /* secp224k1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffffffffffffffffffeffffe56d"); //p
- dom_par.push_back("0x00000000000000000000000000000000000000000000000000000000"); // a
- dom_par.push_back("0x00000000000000000000000000000000000000000000000000000005"); // b
- dom_par.push_back("04A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5"); // G
- dom_par.push_back("0x010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.33")
- {
- /* secp224r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xffffffffffffffffffffffffffffffff000000000000000000000001"); //p
- dom_par.push_back("0xffffffffffffffffffffffffffffffFEffffffffffffffffffffffFE"); // a
- dom_par.push_back("0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355ffB4"); // b
- dom_par.push_back("04B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"); // G
- dom_par.push_back("0xffffffffffffffffffffffffffff16A2E0B8F03E13DD29455C5C2A3D"); // order
- dom_par.push_back("1"); // cofactor
+ std::string pem =
+ global_state().get("ec", OIDS::lookup(domain_oid));
- return dom_par;
- }
-
- if(oid == "1.3.132.0.10")
- {
- /* secp256k1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"); //p
- dom_par.push_back("0x0000000000000000000000000000000000000000000000000000000000000000"); // a
- dom_par.push_back("0x0000000000000000000000000000000000000000000000000000000000000007"); // b
- dom_par.push_back("0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"); // G
- dom_par.push_back("0xffffffffffffffffffffffffffffffFEBAAEDCE6AF48A03BBFD25E8CD0364141"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.34")
- {
- /* secp384r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"); //p
- dom_par.push_back("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFEffffffff0000000000000000ffffffFC"); // a
- dom_par.push_back("0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"); // b
- dom_par.push_back("04AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB73617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"); // G
- dom_par.push_back("0xffffffffffffffffffffffffffffffffffffffffffffffffC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.132.0.35")
- {
- /* secp521r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); //p
- dom_par.push_back("0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFC"); // a
- dom_par.push_back("0x0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"); // b
- dom_par.push_back("0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"); // G
- dom_par.push_back("0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- /* NIS */
-
- if(oid == "1.3.6.1.4.1.8301.3.1.2.9.0.38")
- {
- /* NIST curve P-521; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); //p
- dom_par.push_back("0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFC"); // a
- dom_par.push_back("0x051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"); // b
- dom_par.push_back("0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"); // G
- dom_par.push_back("0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- /* BrainPool */
-
- if(oid == "1.3.36.3.3.2.8.1.1.1")
- {
- /* brainpoolP160r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xE95E4A5F737059DC60DFC7AD95B3D8139515620F"); //p
- dom_par.push_back("0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300"); // a
- dom_par.push_back("0x1E589A8595423412134FAA2DBDEC95C8D8675E58"); // b
- dom_par.push_back("04BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC31667CB477A1A8EC338F94741669C976316DA6321"); // G
- dom_par.push_back("0xE95E4A5F737059DC60DF5991D45029409E60FC09"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.36.3.3.2.8.1.1.3")
- {
- /* brainpoolP192r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297"); //p
- dom_par.push_back("0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF"); // a
- dom_par.push_back("0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9"); // b
- dom_par.push_back("04C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD614B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F"); // G
- dom_par.push_back("0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.36.3.3.2.8.1.1.5")
- {
- /* brainpoolP224r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF"); //p
- dom_par.push_back("0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43"); // a
- dom_par.push_back("0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B"); // b
- dom_par.push_back("040D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD"); // G
- dom_par.push_back("0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.36.3.3.2.8.1.1.7")
- {
- /* brainpoolP256r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377"); //p
- dom_par.push_back("0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9"); // a
- dom_par.push_back("0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6"); // b
- dom_par.push_back("048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997"); // G
- dom_par.push_back("0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
+ if(pem == "")
+ throw Lookup_Error("No ECC domain data for " + domain_oid.as_string());
- if(oid == "1.3.36.3.3.2.8.1.1.9")
- {
- /* brainpoolP320r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27"); //p
- dom_par.push_back("0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4"); // a
- dom_par.push_back("0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6"); // b
- dom_par.push_back("0443BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E2061114FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1"); // G
- dom_par.push_back("0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
-
- if(oid == "1.3.36.3.3.2.8.1.1.11")
- {
- /* brainpoolP384r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53"); //p
- dom_par.push_back("0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826"); // a
- dom_par.push_back("0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11"); // b
- dom_par.push_back("041D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315"); // G
- dom_par.push_back("0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"); // order
- dom_par.push_back("1"); // cofactor
-
- return dom_par;
- }
+ *this = EC_Domain_Params(pem);
+ oid = domain_oid.as_string();
+ }
- if(oid == "1.3.36.3.3.2.8.1.1.13")
+EC_Domain_Params::EC_Domain_Params(const std::string& pem)
+ {
+ if(pem != "")
{
- /* brainpoolP512r1; source: Flexiprovider */
- std::vector<std::string> dom_par;
- dom_par.push_back("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3"); //p
- dom_par.push_back("0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA"); // a
- dom_par.push_back("0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723"); // b
- dom_par.push_back("0481AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892"); // G
- dom_par.push_back("0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"); // order
- dom_par.push_back("1"); // cofactor
+ DataSource_Memory input(pem);
- return dom_par;
- }
-
- if(oid == "1.3.132.0.8")
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0xffffffffffffffffffffffffffffffff7fffffff"); //p
- dom_par.push_back("0xffffffffffffffffffffffffffffffff7ffffffc"); // a
- dom_par.push_back("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); // b
- dom_par.push_back("024a96b5688ef573284664698968c38bb913cbfc82"); // G
- dom_par.push_back("0x0100000000000000000001f4c8f927aed3ca752257"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
+ *this = EC_Domain_Params(
+ PEM_Code::decode_check_label(input, "ECC DOMAIN PARAMETERS"));
}
+ }
- if(oid == "1.2.840.10045.3.1.1") // prime192v1 Flexiprovider
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); //p
- dom_par.push_back("0xfffffffffffffffffffffffffffffffefffffffffffffffc"); // a
- dom_par.push_back("0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1"); // b
- dom_par.push_back("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012"); // G
- dom_par.push_back("0xffffffffffffffffffffffff99def836146bc9b1b4d22831"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+EC_Domain_Params::EC_Domain_Params(const MemoryRegion<byte>& ber_data)
+ {
+ BER_Decoder ber(ber_data);
+ BER_Object obj = ber.get_next_object();
- /* prime192v2; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.2")
+ if(obj.type_tag == NULL_TAG)
+ throw Decoding_Error("Cannot handle ImplicitCA ECDSA parameters");
+ else if(obj.type_tag == OBJECT_ID)
{
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); //p
- dom_par.push_back("0xffffffffffffffffffffffffffffffFeffffffffffffffFC"); // a
- dom_par.push_back("0xcc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953"); // b
- dom_par.push_back("03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a"); // G
- dom_par.push_back("0xfffffffffffffffffffffffe5fb1a724dc80418648d8dd31"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
+ OID dom_par_oid;
+ BER_Decoder(ber_data).decode(dom_par_oid);
+ *this = EC_Domain_Params(dom_par_oid);
}
-
- /* prime192v3; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.3")
+ else if(obj.type_tag == SEQUENCE)
{
- std::vector<std::string> dom_par;
- dom_par.push_back("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); //p
- dom_par.push_back("0xfffffffffffffffffffffffffffffffefffffffffffffffc"); // a
- dom_par.push_back("0x22123dc2395a05caa7423daeccc94760a7d462256bd56916"); // b
- dom_par.push_back("027d29778100c65a1da1783716588dce2b8b4aee8e228f1896"); // G
- dom_par.push_back("0xffffffffffffffffffffffff7a62d031c83f4294f640ec13"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+ BigInt ecpVers1(1);
+ OID curve_type;
+ SecureVector<byte> sv_a;
+ SecureVector<byte> sv_b;
+ BigInt p;
+ SecureVector<byte> sv_base_point;
- /* prime239v1; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.4")
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0x7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff"); //p
- dom_par.push_back("0x7ffFffffffffffffffffffff7fffffffffff8000000000007ffffffffffc"); // a
- dom_par.push_back("0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A"); // b
- dom_par.push_back("020ffA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF"); // G
- dom_par.push_back("0x7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+ BER_Decoder(ber_data)
+ .start_cons(SEQUENCE)
+ .decode(ecpVers1)
+ .start_cons(SEQUENCE)
+ .decode(curve_type)
+ .decode(p)
+ .end_cons()
+ .start_cons(SEQUENCE)
+ .decode(sv_a, OCTET_STRING)
+ .decode(sv_b, OCTET_STRING)
+ .end_cons()
+ .decode(sv_base_point, OCTET_STRING)
+ .decode(order)
+ .decode(cofactor)
+ .end_cons()
+ .verify_end();
- /* prime239v2; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.5")
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0x7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff"); //p
- dom_par.push_back("0x7ffFffffffffffffffffffff7ffFffffffff8000000000007ffFffffffFC"); // a
- dom_par.push_back("0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C"); // b
- dom_par.push_back("0238AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7"); // G
- dom_par.push_back("0x7fffffffffffffffffffffff800000CFA7E8594377D414C03821BC582063"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+ if(ecpVers1 != 1)
+ throw Decoding_Error("EC_Domain_Params: Unknown version code");
- /* prime239v3; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.6")
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0x7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff"); //p
- dom_par.push_back("0x7ffFffffffffffffffffffff7ffFffffffff8000000000007ffFffffffFC"); // a
- dom_par.push_back("0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E"); // b
- dom_par.push_back("036768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A"); // G
- dom_par.push_back("0x7fffffffffffffffffffffff7fffff975DEB41B3A6057C3C432146526551"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+ // Only prime curves supported
+ if(curve_type.as_string() != "1.2.840.10045.1.1")
+ throw Decoding_Error("Unexpected curve type " + curve_type.as_string());
- /* prime256v1; source: Flexiprovider */
- if(oid == "1.2.840.10045.3.1.7")
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"); //p
- dom_par.push_back("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffFC"); // a
- dom_par.push_back("0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); // b
- dom_par.push_back("036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"); // G
- dom_par.push_back("0xffffffff00000000ffffffffffffffffBCE6FAADA7179E84F3B9CAC2FC632551"); // order
- dom_par.push_back("1"); // cofactor
- return dom_par;
- }
+ curve = CurveGFp(p,
+ BigInt::decode(sv_a, sv_a.size()),
+ BigInt::decode(sv_b, sv_b.size()));
- if(oid == "1.2.643.2.2.35.1" || oid == "1.2.643.2.2.36.0") // GostR3410-2001-CryptoPro-A-ParamSet
- {
- std::vector<std::string> dom_par;
- dom_par.push_back("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97");
- dom_par.push_back("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94");
- dom_par.push_back("166");
- dom_par.push_back("0400000000000000000000000000000000000000000000000000000000000000018D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14");
- dom_par.push_back("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893");
- dom_par.push_back("1");
- return dom_par;
+ base_point = OS2ECP(sv_base_point, curve);
+ base_point.check_invariants();
}
-
- throw Invalid_Argument("No such ECC curve " + oid);
- }
-
-EC_Domain_Params get_ec_dompar(const std::string& oid)
- {
- std::vector<std::string> dom_par = get_standard_domain_parameter(oid);
-
- BigInt p(dom_par[0]); // give as 0x...
- BigInt a(dom_par[1]);
- BigInt b(dom_par[2]);
- BigInt order(dom_par[4]);
- BigInt cofactor(dom_par[5]);
-
- Pipe pipe(new Hex_Decoder);
- pipe.process_msg(dom_par[3]);
- SecureVector<byte> sv_g = pipe.read_all();
-
- CurveGFp curve(p, a, b);
-
- PointGFp G = OS2ECP(sv_g, curve);
- G.check_invariants();
- EC_Domain_Params result(curve, G, order, cofactor);
- return result;
- }
-
-}
-
-EC_Domain_Params get_EC_Dom_Pars_by_oid(std::string oid)
- {
- EC_Domain_Params result = get_ec_dompar(oid);
- result.m_oid = oid;
- return result;
+ else
+ throw Decoding_Error("Unexpected tag while decoding ECC domain params");
}
-EC_Domain_Params::EC_Domain_Params(const CurveGFp& curve, const PointGFp& base_point,
- const BigInt& order, const BigInt& cofactor)
- : m_curve(curve),
- m_base_point(base_point),
- m_order(order),
- m_cofactor(cofactor),
- m_oid("")
- { }
-
-namespace {
-
-SecureVector<byte> encode_der_ec_dompar_explicit(const EC_Domain_Params& dom_pars)
+SecureVector<byte>
+EC_Domain_Params::DER_encode(EC_Domain_Params_Encoding form) const
{
- u32bit ecpVers1 = 1;
- OID curve_type_oid("1.2.840.10045.1.1");
+ if(form == EC_DOMPAR_ENC_EXPLICIT)
+ {
+ u32bit ecpVers1 = 1;
+ OID curve_type("1.2.840.10045.1.1");
- const u32bit p_bytes = dom_pars.get_curve().get_p().bytes();
+ const u32bit p_bytes = curve.get_p().bytes();
- return DER_Encoder()
- .start_cons(SEQUENCE)
- .encode(ecpVers1)
- .start_cons(SEQUENCE)
- .encode(curve_type_oid)
- .encode(dom_pars.get_curve().get_p())
- .end_cons()
+ return DER_Encoder()
.start_cons(SEQUENCE)
- .encode(BigInt::encode_1363(dom_pars.get_curve().get_a(), p_bytes), OCTET_STRING)
- .encode(BigInt::encode_1363(dom_pars.get_curve().get_b(), p_bytes), OCTET_STRING)
+ .encode(ecpVers1)
+ .start_cons(SEQUENCE)
+ .encode(curve_type)
+ .encode(curve.get_p())
+ .end_cons()
+ .start_cons(SEQUENCE)
+ .encode(BigInt::encode_1363(curve.get_a(), p_bytes),
+ OCTET_STRING)
+ .encode(BigInt::encode_1363(curve.get_b(), p_bytes),
+ OCTET_STRING)
+ .end_cons()
+ .encode(EC2OSP(base_point, PointGFp::UNCOMPRESSED), OCTET_STRING)
+ .encode(order)
+ .encode(cofactor)
.end_cons()
- .encode(EC2OSP ( dom_pars.get_base_point(), PointGFp::UNCOMPRESSED), OCTET_STRING)
- .encode(dom_pars.get_order())
- .encode(dom_pars.get_cofactor())
- .end_cons()
- .get_contents();
- }
-
-EC_Domain_Params decode_ber_ec_dompar_explicit(const SecureVector<byte>& encoded)
- {
- BigInt ecpVers1(1);
- OID curve_type_oid;
- SecureVector<byte> sv_a;
- SecureVector<byte> sv_b;
- BigInt p;
- SecureVector<byte> sv_base_point;
- BigInt order;
- BigInt cofactor;
-
- BER_Decoder(encoded)
- .start_cons(SEQUENCE)
- .decode(ecpVers1)
- .start_cons(SEQUENCE)
- .decode(curve_type_oid)
- .decode(p)
- .end_cons()
- .start_cons(SEQUENCE)
- .decode(sv_a, OCTET_STRING)
- .decode(sv_b, OCTET_STRING)
- .end_cons()
- .decode(sv_base_point, OCTET_STRING)
- .decode(order)
- .decode(cofactor)
- .end_cons()
- .verify_end();
-
- if(ecpVers1 != 1)
- throw Decoding_Error("wrong ecpVers");
-
- // Set the domain parameters
- if(curve_type_oid.as_string() != "1.2.840.10045.1.1") // NOTE: hardcoded: prime field type
- {
- throw Decoding_Error("wrong curve type oid where prime field was expected");
+ .get_contents();
}
+ else if(form == EC_DOMPAR_ENC_OID)
+ return DER_Encoder().encode(get_oid()).get_contents();
+ else if(form == EC_DOMPAR_ENC_IMPLICITCA)
+ return DER_Encoder().encode_null().get_contents();
- CurveGFp curve(p,
- BigInt::decode(sv_a, sv_a.size()),
- BigInt::decode(sv_b, sv_b.size()));
-
- PointGFp G = OS2ECP ( sv_base_point, curve );
- G.check_invariants();
- return EC_Domain_Params(curve, G, order, cofactor);
+ throw Internal_Error("EC_Domain_Params::encode_DER: Unknown encoding");
}
-} // end anonymous namespace
-
-SecureVector<byte> encode_der_ec_dompar(const EC_Domain_Params& dom_pars, EC_dompar_enc enc_type)
- {
- SecureVector<byte> result;
-
- if(enc_type == ENC_EXPLICIT)
- {
- result = encode_der_ec_dompar_explicit(dom_pars);
- }
- else if(enc_type == ENC_OID)
- {
- OID dom_par_oid(dom_pars.get_oid());
- result = DER_Encoder().encode(dom_par_oid).get_contents();
- }
- else if(enc_type == ENC_IMPLICITCA)
- {
- result = DER_Encoder().encode_null().get_contents();
- }
- else
- {
- throw Internal_Error("encountered illegal value for ec parameter encoding type");
- }
- return result;
- }
-
-EC_Domain_Params decode_ber_ec_dompar(const SecureVector<byte>& encoded)
+std::string EC_Domain_Params::PEM_encode() const
{
- BER_Decoder dec(encoded);
- BER_Object obj = dec.get_next_object();
-
- if(obj.type_tag == OBJECT_ID)
- {
- OID dom_par_oid;
- BER_Decoder(encoded).decode(dom_par_oid);
- return EC_Domain_Params(get_ec_dompar(dom_par_oid.as_string()));
- }
- else if(obj.type_tag == SEQUENCE)
- return EC_Domain_Params(decode_ber_ec_dompar_explicit(encoded));
- else if(obj.type_tag == NULL_TAG)
- throw Decoding_Error("cannot decode ECDSA parameters that are ImplicitCA");
-
- throw Decoding_Error("encountered unexpected when trying to decode domain parameters");
- }
-
-bool operator==(const EC_Domain_Params& lhs, const EC_Domain_Params& rhs)
- {
- return ((lhs.get_curve() == rhs.get_curve()) &&
- (lhs.get_base_point() == rhs.get_base_point()) &&
- (lhs.get_order() == rhs.get_order()) &&
- (lhs.get_cofactor() == rhs.get_cofactor()));
+ SecureVector<byte> der = DER_encode(EC_DOMPAR_ENC_EXPLICIT);
+ return PEM_Code::encode(der, "ECC DOMAIN PARAMETERS");
}
}
-
diff --git a/src/pubkey/ec_dompar/ec_dompar.h b/src/pubkey/ec_dompar/ec_dompar.h
index f5f573ba9..7da2120cc 100644
--- a/src/pubkey/ec_dompar/ec_dompar.h
+++ b/src/pubkey/ec_dompar/ec_dompar.h
@@ -2,7 +2,7 @@
* ECC Domain Parameters
*
* (C) 2007 Falko Strenzke, FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -12,16 +12,19 @@
#include <botan/point_gfp.h>
#include <botan/curve_gfp.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/alg_id.h>
-#include <botan/pubkey_enums.h>
+#include <botan/asn1_oid.h>
namespace Botan {
/**
* This class represents elliptic curce domain parameters
*/
+enum EC_Domain_Params_Encoding {
+ EC_DOMPAR_ENC_EXPLICIT = 0,
+ EC_DOMPAR_ENC_IMPLICITCA = 1,
+ EC_DOMPAR_ENC_OID = 2
+};
+
class BOTAN_DLL EC_Domain_Params
{
public:
@@ -36,88 +39,100 @@ class BOTAN_DLL EC_Domain_Params
EC_Domain_Params(const CurveGFp& curve,
const PointGFp& base_point,
const BigInt& order,
- const BigInt& cofactor);
+ const BigInt& cofactor) :
+ curve(curve),
+ base_point(base_point),
+ order(order),
+ cofactor(cofactor),
+ oid("")
+ {}
+
+ /**
+ * Decode a BER encoded ECC domain parameter set
+ * @param ber_encoding the bytes of the BER encoding
+ */
+ EC_Domain_Params(const MemoryRegion<byte>& ber_encoding);
+
+ /**
+ * Create an EC domain by OID (or throw if unknown)
+ * @param oid the OID of the EC domain to create
+ */
+ EC_Domain_Params(const OID& oid);
+
+ /**
+ * Create an EC domain from PEM encoding (as from PEM_encode)
+ * @param pem data
+ */
+ EC_Domain_Params(const std::string& pem = "");
+
+ /**
+ * Create the DER encoding of this domain
+ * @param form of encoding to use
+ * @returns bytes encododed as DER
+ */
+ SecureVector<byte> DER_encode(EC_Domain_Params_Encoding form) const;
+
+ /**
+ * Return the PEM encoding (always in explicit form)
+ * @return string containing PEM data
+ */
+ std::string PEM_encode() const;
/**
* Return domain parameter curve
* @result domain parameter curve
*/
- const CurveGFp& get_curve() const
- {
- return m_curve;
- }
+ const CurveGFp& get_curve() const { return curve; }
/**
* Return domain parameter curve
* @result domain parameter curve
*/
- const PointGFp& get_base_point() const
- {
- return m_base_point;
- }
+ const PointGFp& get_base_point() const { return base_point; }
/**
* Return the order of the base point
* @result order of the base point
*/
- const BigInt& get_order() const
- {
- return m_order;
- }
+ const BigInt& get_order() const { return order; }
/**
* Return the cofactor
* @result the cofactor
*/
- const BigInt& get_cofactor() const
- {
- return m_cofactor;
- }
+ const BigInt& get_cofactor() const { return cofactor; }
+
+ bool initialized() const { return !base_point.is_zero(); }
/**
* Return the OID of these domain parameters
* @result the OID
*/
- std::string get_oid() const { return m_oid; }
+ std::string get_oid() const { return oid; }
+
+ bool operator==(const EC_Domain_Params& other) const
+ {
+ return ((get_curve() == other.get_curve()) &&
+ (get_base_point() == other.get_base_point()) &&
+ (get_order() == other.get_order()) &&
+ (get_cofactor() == other.get_cofactor()));
+ }
private:
friend EC_Domain_Params get_EC_Dom_Pars_by_oid(std::string oid);
- CurveGFp m_curve;
- PointGFp m_base_point;
- BigInt m_order;
- BigInt m_cofactor;
- std::string m_oid;
+ CurveGFp curve;
+ PointGFp base_point;
+ BigInt order, cofactor;
+ std::string oid;
};
-bool BOTAN_DLL operator==(EC_Domain_Params const& lhs,
- EC_Domain_Params const& rhs);
-
inline bool operator!=(const EC_Domain_Params& lhs,
const EC_Domain_Params& rhs)
{
return !(lhs == rhs);
}
-enum EC_dompar_enc { ENC_EXPLICIT = 0, ENC_IMPLICITCA = 1, ENC_OID = 2 };
-
-SecureVector<byte>
-BOTAN_DLL encode_der_ec_dompar(EC_Domain_Params const& dom_pars,
- EC_dompar_enc enc_type);
-
-EC_Domain_Params
-BOTAN_DLL decode_ber_ec_dompar(SecureVector<byte> const& encoded);
-
-/**
-* Factory function, the only way to obtain EC domain parameters with
-* an OID. The demanded OID has to be registered in the InSiTo
-* configuration. Consult the file ec_dompar.cpp for the default
-* configuration.
-* @param oid the oid of the demanded EC domain parameters
-* @result the EC domain parameters associated with the OID
-*/
-EC_Domain_Params BOTAN_DLL get_EC_Dom_Pars_by_oid(std::string oid);
-
}
#endif
diff --git a/src/pubkey/ec_dompar/info.txt b/src/pubkey/ec_dompar/info.txt
index fd40b887d..ae6c328e2 100644
--- a/src/pubkey/ec_dompar/info.txt
+++ b/src/pubkey/ec_dompar/info.txt
@@ -2,7 +2,8 @@ define ECC_DOMAIN_PARAMATERS
<requires>
asn1
-filters
numbertheory
-hex
+pem
+libstate
+oid_lookup
</requires>
diff --git a/src/pubkey/ecc_key/ecc_key.cpp b/src/pubkey/ecc_key/ecc_key.cpp
index e6d4aeae6..10968fa7e 100644
--- a/src/pubkey/ecc_key/ecc_key.cpp
+++ b/src/pubkey/ecc_key/ecc_key.cpp
@@ -2,7 +2,7 @@
* ECC Key implemenation
* (C) 2007 Manuel Hartl, FlexSecure GmbH
* Falko Strenzke, FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -17,48 +17,33 @@
namespace Botan {
-/*
-* EC_PublicKey
-*/
-void EC_PublicKey::affirm_init() const // virtual
- {
- if((mp_dom_pars.get() == 0) || (mp_public_point.get() == 0))
- throw Invalid_State("cannot use uninitialized EC_Key");
- }
-
-const EC_Domain_Params& EC_PublicKey::domain_parameters() const
+EC_PublicKey::EC_PublicKey(const EC_Domain_Params& dom_par,
+ const PointGFp& pub_point) :
+ domain_params(dom_par), public_key(pub_point),
+ domain_encoding(EC_DOMPAR_ENC_EXPLICIT)
{
- if(!mp_dom_pars.get())
- throw Invalid_State("EC_PublicKey::domain_parameters(): "
- "ec domain parameters are not yet set");
-
- return *mp_dom_pars;
- }
-
-const PointGFp& EC_PublicKey::public_point() const
- {
- if(!mp_public_point.get())
- throw Invalid_State("EC_PublicKey::public_point(): public point not set");
-
- return *mp_public_point;
- }
+ if(domain().get_curve() != public_point().get_curve())
+ throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor");
-bool EC_PublicKey::domain_parameters_set()
- {
- return mp_dom_pars.get();
+ try
+ {
+ public_key.check_invariants();
+ }
+ catch(Illegal_Point)
+ {
+ throw Invalid_State("Public key failed invariant check");
+ }
}
void EC_PublicKey::X509_load_hook()
{
try
{
- // the base point is checked to be on curve already when decoding it
- affirm_init();
- mp_public_point->check_invariants();
+ public_point().check_invariants();
}
catch(Illegal_Point)
{
- throw Decoding_Error("decoded public point was found not to lie on curve");
+ throw Decoding_Error("Invalid public point; not on curve");
}
}
@@ -69,18 +54,13 @@ X509_Encoder* EC_PublicKey::x509_encoder() const
public:
AlgorithmIdentifier alg_id() const
{
- key->affirm_init();
-
- SecureVector<byte> params =
- encode_der_ec_dompar(key->domain_parameters(), key->m_param_enc);
-
- return AlgorithmIdentifier(key->get_oid(), params);
+ return AlgorithmIdentifier(key->get_oid(),
+ key->domain().DER_encode(key->domain_format()));
}
MemoryVector<byte> key_bits() const
{
- key->affirm_init();
- return EC2OSP(*(key->mp_public_point), PointGFp::COMPRESSED);
+ return EC2OSP(key->public_point(), PointGFp::COMPRESSED);
}
EC_Key_Encoder(const EC_PublicKey* k): key(k) {}
@@ -98,15 +78,13 @@ X509_Decoder* EC_PublicKey::x509_decoder()
public:
void alg_id(const AlgorithmIdentifier& alg_id)
{
- key->mp_dom_pars.reset(new EC_Domain_Params(decode_ber_ec_dompar(alg_id.parameters)));
+ key->domain_params = EC_Domain_Params(alg_id.parameters);
}
void key_bits(const MemoryRegion<byte>& bits)
{
- key->mp_public_point.reset(
- new PointGFp(
- OS2ECP(bits, key->domain_parameters().get_curve())
- ));
+ key->public_key = PointGFp(
+ OS2ECP(bits, key->domain().get_curve()));
key->X509_load_hook();
}
@@ -119,55 +97,58 @@ X509_Decoder* EC_PublicKey::x509_decoder()
return new EC_Key_Decoder(this);
}
-void EC_PublicKey::set_parameter_encoding(EC_dompar_enc type)
+void EC_PublicKey::set_parameter_encoding(EC_Domain_Params_Encoding form)
{
- if((type != ENC_EXPLICIT) && (type != ENC_IMPLICITCA) && (type != ENC_OID))
- throw Invalid_Argument("Invalid encoding type for EC-key object specified");
-
- affirm_init();
+ if(form != EC_DOMPAR_ENC_EXPLICIT &&
+ form != EC_DOMPAR_ENC_IMPLICITCA &&
+ form != EC_DOMPAR_ENC_OID)
+ throw Invalid_Argument("Invalid encoding form for EC-key object specified");
- if((type == ENC_OID) && (mp_dom_pars->get_oid() == ""))
- throw Invalid_Argument("Invalid encoding type ENC_OID specified for "
+ if((form == EC_DOMPAR_ENC_OID) && (domain_params.get_oid() == ""))
+ throw Invalid_Argument("Invalid encoding form OID specified for "
"EC-key object whose corresponding domain "
"parameters are without oid");
- m_param_enc = type;
+ domain_encoding = form;
}
-/*
-* EC_PrivateKey
-*/
-void EC_PrivateKey::affirm_init() const // virtual
+const BigInt& EC_PrivateKey::private_value() const
{
- if(m_private_value == 0)
- throw Invalid_State("cannot use EC_PrivateKey when private key is uninitialized");
+ if(private_key == 0)
+ throw Invalid_State("EC_PrivateKey::private_value - uninitialized");
- EC_PublicKey::affirm_init();
+ return private_key;
}
-const BigInt& EC_PrivateKey::private_value() const
+/**
+* EC_PrivateKey generator
+**/
+EC_PrivateKey::EC_PrivateKey(const EC_Domain_Params& dom_par,
+ const BigInt& priv_key) :
+ EC_PublicKey(dom_par, dom_par.get_base_point() * private_key),
+ private_key(priv_key)
{
- if(m_private_value == 0)
- throw Invalid_State("cannot use EC_PrivateKey when private key is uninitialized");
-
- return m_private_value;
}
/**
* EC_PrivateKey generator
**/
-void EC_PrivateKey::generate_private_key(RandomNumberGenerator& rng)
+EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,
+ const EC_Domain_Params& dom_par)
{
- if(mp_dom_pars.get() == 0)
- {
- throw Invalid_State("cannot generate private key when domain parameters are not set");
- }
+ domain_params = dom_par;
- m_private_value = BigInt::random_integer(rng, 1, mp_dom_pars->get_order());
+ private_key = BigInt::random_integer(rng, 1, domain().get_order());
+ public_key = domain().get_base_point() * private_key;
- mp_public_point = std::unique_ptr<PointGFp>( new PointGFp (mp_dom_pars->get_base_point()));
-
- *mp_public_point *= m_private_value;
+ try
+ {
+ public_key.check_invariants();
+ }
+ catch(Illegal_Point& e)
+ {
+ throw Internal_Error("ECC private key generation failed");
+ }
}
/**
@@ -180,24 +161,17 @@ PKCS8_Encoder* EC_PrivateKey::pkcs8_encoder() const
public:
AlgorithmIdentifier alg_id() const
{
- key->affirm_init();
-
- SecureVector<byte> params =
- encode_der_ec_dompar(key->domain_parameters(), ENC_EXPLICIT);
-
- return AlgorithmIdentifier(key->get_oid(), params);
+ return AlgorithmIdentifier(key->get_oid(),
+ key->domain().DER_encode(EC_DOMPAR_ENC_EXPLICIT));
}
MemoryVector<byte> key_bits() const
{
- key->affirm_init();
- SecureVector<byte> octstr_secret =
- BigInt::encode_1363(key->m_private_value, key->m_private_value.bytes());
-
return DER_Encoder()
.start_cons(SEQUENCE)
.encode(BigInt(1))
- .encode(octstr_secret, OCTET_STRING)
+ .encode(BigInt::encode_1363(key->private_key, key->private_key.bytes()),
+ OCTET_STRING)
.end_cons()
.get_contents();
}
@@ -220,7 +194,7 @@ PKCS8_Decoder* EC_PrivateKey::pkcs8_decoder(RandomNumberGenerator&)
public:
void alg_id(const AlgorithmIdentifier& alg_id)
{
- key->mp_dom_pars.reset(new EC_Domain_Params(decode_ber_ec_dompar(alg_id.parameters)));
+ key->domain_params = EC_Domain_Params(alg_id.parameters);
}
void key_bits(const MemoryRegion<byte>& bits)
@@ -235,7 +209,7 @@ PKCS8_Decoder* EC_PrivateKey::pkcs8_decoder(RandomNumberGenerator&)
.verify_end()
.end_cons();
- key->m_private_value = BigInt::decode(octstr_secret, octstr_secret.size());
+ key->private_key = BigInt::decode(octstr_secret, octstr_secret.size());
if(version != 1)
throw Decoding_Error("Wrong PKCS #1 key format version for EC key");
@@ -253,12 +227,7 @@ PKCS8_Decoder* EC_PrivateKey::pkcs8_decoder(RandomNumberGenerator&)
void EC_PrivateKey::PKCS8_load_hook(bool)
{
- // we cannot use affirm_init() here because mp_public_point might still be null
- if(mp_dom_pars.get() == 0)
- throw Invalid_State("attempt to set public point for an uninitialized key");
-
- mp_public_point.reset(new PointGFp(m_private_value * mp_dom_pars->get_base_point()));
- mp_public_point->check_invariants();
+ public_key = domain().get_base_point() * private_key;
}
}
diff --git a/src/pubkey/ecc_key/ecc_key.h b/src/pubkey/ecc_key/ecc_key.h
index f8a419ffe..653f97cab 100644
--- a/src/pubkey/ecc_key/ecc_key.h
+++ b/src/pubkey/ecc_key/ecc_key.h
@@ -2,7 +2,7 @@
* ECDSA
* (C) 2007 Falko Strenzke, FlexSecure GmbH
* Manuel Hartl, FlexSecure GmbH
-* (C) 2008 Jack Lloyd
+* (C) 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -33,18 +33,12 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key
public:
/**
- * Tells whether this key knows his own domain parameters.
- * @result true if the domain parameters are set, false otherwise
- */
- bool domain_parameters_set();
-
- /**
* Get the public point of this key.
* @throw Invalid_State is thrown if the
* domain parameters of this point are not set
* @result the public point of this key
*/
- const PointGFp& public_point() const;
+ const PointGFp& public_point() const { return public_key; }
/**
* Get the domain parameters of this key.
@@ -52,30 +46,20 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key
* domain parameters of this point are not set
* @result the domain parameters of this key
*/
- const EC_Domain_Params& domain_parameters() const;
+ const EC_Domain_Params& domain() const { return domain_params; }
/**
* Set the domain parameter encoding to be used when encoding this key.
* @param enc the encoding to use
*/
- void set_parameter_encoding(EC_dompar_enc enc);
+ void set_parameter_encoding(EC_Domain_Params_Encoding enc);
/**
* Get the domain parameter encoding to be used when encoding this key.
* @result the encoding to use
*/
- inline int get_parameter_encoding() const
- {
- return m_param_enc;
- }
-
- //ctors
- EC_PublicKey()
- : m_param_enc(ENC_EXPLICIT)
- {
- //assert(mp_dom_pars.get() == 0);
- //assert(mp_public_point.get() == 0);
- }
+ EC_Domain_Params_Encoding domain_format() const
+ { return domain_encoding; }
/**
* Get an x509_encoder that can be used to encode this key.
@@ -90,29 +74,36 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key
*/
X509_Decoder* x509_decoder();
- /**
- * Make sure that the public point and domain parameters of this key are set.
- * @throw Invalid_State if either of the two data members is not set
- */
- virtual void affirm_init() const;
+ EC_PublicKey() : domain_encoding(EC_DOMPAR_ENC_EXPLICIT) {}
+
+ EC_PublicKey(const EC_Domain_Params& dom_par,
+ const PointGFp& pub_point);
virtual ~EC_PublicKey() {}
protected:
virtual void X509_load_hook();
- SecureVector<byte> m_enc_public_point; // stores the public point
-
- std::unique_ptr<EC_Domain_Params> mp_dom_pars;
- std::unique_ptr<PointGFp> mp_public_point;
- EC_dompar_enc m_param_enc;
+ EC_Domain_Params domain_params;
+ PointGFp public_key;
+ EC_Domain_Params_Encoding domain_encoding;
};
/**
* This abstract class represents general EC Private Keys
*/
-class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, public virtual Private_Key
+class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey,
+ public virtual Private_Key
{
public:
+ EC_PrivateKey() {}
+
+ EC_PrivateKey(const EC_Domain_Params& domain,
+ const BigInt& private_key);
+
+ EC_PrivateKey(RandomNumberGenerator& rng,
+ const EC_Domain_Params& domain);
+
+ virtual ~EC_PrivateKey() {}
/**
* Get an PKCS#8 encoder that can be used to encoded this key.
@@ -132,20 +123,10 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, public virtual Priv
* @result the private key value of this key object
*/
const BigInt& private_value() const;
-
- /**
- * Make sure that the public key parts of this object are set
- * (calls EC_PublicKey::affirm_init()) as well as the private key
- * value.
- * @throw Invalid_State if the above conditions are not satisfied
- */
- virtual void affirm_init() const;
-
- virtual ~EC_PrivateKey() {}
protected:
virtual void PKCS8_load_hook(bool = false);
- void generate_private_key(RandomNumberGenerator&);
- BigInt m_private_value;
+
+ BigInt private_key;
};
}
diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp
new file mode 100644
index 000000000..7577a8569
--- /dev/null
+++ b/src/pubkey/ecdh/ecdh.cpp
@@ -0,0 +1,51 @@
+/*
+* ECDH implemenation
+* (C) 2007 Manuel Hartl, FlexSecure GmbH
+* 2007 Falko Strenzke, FlexSecure GmbH
+* 2008-2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/ecdh.h>
+
+namespace Botan {
+
+/**
+* Derive a key
+*/
+SecureVector<byte> ECDH_PrivateKey::derive_key(const byte key[],
+ u32bit key_len) const
+ {
+ MemoryVector<byte> key_x(key, key_len); // FIXME: nasty/slow
+ PointGFp point = OS2ECP(key_x, public_point().get_curve());
+
+ return derive_key(point);
+ }
+
+/**
+* Derive a key
+*/
+SecureVector<byte> ECDH_PrivateKey::derive_key(const ECDH_PublicKey& key) const
+ {
+ return derive_key(key.public_point());
+ }
+
+/**
+* Derive a key
+*/
+SecureVector<byte> ECDH_PrivateKey::derive_key(const PointGFp& point) const
+ {
+ const BigInt& cofactor = domain().get_cofactor();
+ const BigInt& n = domain().get_order();
+
+ BigInt l = inverse_mod(cofactor, n); // can precompute this
+
+ PointGFp S = (cofactor * point) * (private_value() * l);
+ S.check_invariants();
+
+ return BigInt::encode_1363(S.get_affine_x(),
+ point.get_curve().get_p().bytes());
+ }
+
+}
diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h
new file mode 100644
index 000000000..630237edf
--- /dev/null
+++ b/src/pubkey/ecdh/ecdh.h
@@ -0,0 +1,102 @@
+/*
+* ECDH
+* (C) 2007 Falko Strenzke, FlexSecure GmbH
+* Manuel Hartl, FlexSecure GmbH
+* (C) 2008-2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_ECDH_KEY_H__
+#define BOTAN_ECDH_KEY_H__
+
+#include <botan/ecc_key.h>
+
+namespace Botan {
+
+/**
+* This class represents ECDH Public Keys.
+*/
+class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey
+ {
+ public:
+
+ /**
+ * Default constructor. Use this one if you want to later fill
+ * this object with data from an encoded key.
+ */
+ ECDH_PublicKey() {}
+
+ /**
+ * Construct a public key from a given public point.
+ * @param dom_par the domain parameters associated with this key
+ * @param public_point the public point defining this key
+ */
+ ECDH_PublicKey(const EC_Domain_Params& dom_par,
+ const PointGFp& public_point) :
+ EC_PublicKey(dom_par, public_point) {}
+
+ /**
+ * Get this keys algorithm name.
+ * @result this keys algorithm name
+ */
+ std::string algo_name() const { return "ECDH"; }
+
+ /**
+ * Get the maximum number of bits allowed to be fed to this key.
+ * This is the bitlength of the order of the base point.
+
+ * @result the maximum number of input bits
+ */
+ u32bit max_input_bits() const { return domain().get_order().bits(); }
+ };
+
+/**
+* This class represents ECDH Private Keys.
+*/
+class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey,
+ public EC_PrivateKey,
+ public PK_Key_Agreement_Key
+ {
+ public:
+
+ /**
+ * Default constructor. Use this one if you want to later fill
+ * this object with data from an encoded key.
+ */
+ ECDH_PrivateKey() {}
+
+ /**
+ * Generate a new private key
+ * @param the domain parameters to used for this key
+ */
+ ECDH_PrivateKey(RandomNumberGenerator& rng,
+ const EC_Domain_Params& domain) :
+ EC_PrivateKey(rng, domain) {}
+
+ MemoryVector<byte> public_value() const
+ { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); }
+
+ /**
+ * Derive a shared key with the other parties public key.
+ * @param key the other partys public key
+ * @param key_len the other partys public key
+ */
+ SecureVector<byte> derive_key(const byte key[], u32bit key_len) const;
+
+ /**
+ * Derive a shared key with the other parties public key.
+ * @param other the other partys public key
+ */
+ SecureVector<byte> derive_key(const ECDH_PublicKey& other) const;
+
+ /**
+ * Derive a shared key with the other parties public key.
+ * @param point the public point of the other parties key
+ */
+ SecureVector<byte> derive_key(const PointGFp& point) const;
+ };
+
+}
+
+#endif
diff --git a/src/pubkey/eckaeg/info.txt b/src/pubkey/ecdh/info.txt
index cac352a2a..12826c81b 100644
--- a/src/pubkey/eckaeg/info.txt
+++ b/src/pubkey/ecdh/info.txt
@@ -1,4 +1,4 @@
-define ECKAEG
+define ECDH
<requires>
alloc
diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp
index 93c65c3a8..d245543f7 100644
--- a/src/pubkey/ecdsa/ecdsa.cpp
+++ b/src/pubkey/ecdsa/ecdsa.cpp
@@ -2,219 +2,73 @@
* ECDSA implemenation
* (C) 2007 Manuel Hartl, FlexSecure GmbH
* 2007 Falko Strenzke, FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#include <botan/ecdsa.h>
-#include <botan/numthry.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/secmem.h>
-#include <botan/point_gfp.h>
namespace Botan {
-ECDSA_PrivateKey::ECDSA_PrivateKey(RandomNumberGenerator& rng,
- const EC_Domain_Params& dom_pars)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_pars));
- generate_private_key(rng);
-
- try
- {
- mp_public_point->check_invariants();
- }
- catch(Illegal_Point& e)
- {
- throw Invalid_State("ECDSA key generation failed");
- }
-
- m_ecdsa_core = ECDSA_Core(*mp_dom_pars, m_private_value, *mp_public_point);
- }
-
-ECDSA_PrivateKey::ECDSA_PrivateKey(const EC_Domain_Params& domain,
- const BigInt& x)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(domain));
-
- m_private_value = x;
-
- mp_public_point = std::unique_ptr<PointGFp>(new PointGFp (mp_dom_pars->get_base_point()));
-
- *mp_public_point *= m_private_value;
-
- try
- {
- mp_public_point->check_invariants();
- }
- catch(Illegal_Point& e)
- {
- throw Invalid_State("ECDSA key generation failed");
- }
-
- m_ecdsa_core = ECDSA_Core(*mp_dom_pars, m_private_value, *mp_public_point);
- }
-
-/*
-* ECDSA_PublicKey
-*/
-void ECDSA_PublicKey::affirm_init() const // virtual
- {
- EC_PublicKey::affirm_init();
- }
-
-void ECDSA_PublicKey::set_domain_parameters(const EC_Domain_Params& dom_pars)
- {
- if(mp_dom_pars.get())
- {
- // they are already set, we must ensure that they are equal to the arg
- if(dom_pars != *mp_dom_pars.get())
- throw Invalid_Argument("EC_PublicKey::set_domain_parameters - cannot reset to a new value");
-
- return;
- }
-
- if(m_enc_public_point.size() == 0)
- throw Invalid_State("EC_PublicKey::set_domain_parameters(): encoded public point isn't set");
-
- // now try to decode the public key ...
- PointGFp tmp_pp(OS2ECP(m_enc_public_point, dom_pars.get_curve()));
- try
- {
- tmp_pp.check_invariants();
- }
- catch(Illegal_Point e)
- {
- throw Invalid_State("EC_PublicKey::set_domain_parameters(): point does not lie on provided curve");
- }
-
- mp_dom_pars.reset(new EC_Domain_Params(dom_pars));
- ECDSA_Core tmp_ecdsa_core(*mp_dom_pars, BigInt(0), tmp_pp);
- mp_public_point.reset(new PointGFp(tmp_pp));
- m_ecdsa_core = tmp_ecdsa_core;
- }
-
-void ECDSA_PublicKey::set_all_values(const ECDSA_PublicKey& other)
- {
- m_param_enc = other.m_param_enc;
- m_ecdsa_core = other.m_ecdsa_core;
- m_enc_public_point = other.m_enc_public_point;
- if(other.mp_dom_pars.get())
- mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters()));
-
- if(other.mp_public_point.get())
- mp_public_point.reset(new PointGFp(other.public_point()));
- }
-
-ECDSA_PublicKey::ECDSA_PublicKey(const ECDSA_PublicKey& other)
- : Public_Key(),
- EC_PublicKey(),
- PK_Verifying_wo_MR_Key()
- {
- set_all_values(other);
- }
-
-const ECDSA_PublicKey& ECDSA_PublicKey::operator=(const ECDSA_PublicKey& rhs)
- {
- set_all_values(rhs);
- return *this;
- }
-
bool ECDSA_PublicKey::verify(const byte msg[], u32bit msg_len,
const byte sig[], u32bit sig_len) const
{
- affirm_init();
+ const BigInt& n = domain().get_order();
- return m_ecdsa_core.verify(msg, msg_len, sig, sig_len);
- }
+ if(n == 0)
+ throw Invalid_State("ECDSA_PublicKey::verify: Not initialized");
-ECDSA_PublicKey::ECDSA_PublicKey(const EC_Domain_Params& dom_par,
- const PointGFp& public_point)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_par));
- mp_public_point = std::unique_ptr<PointGFp>(new PointGFp(public_point));
- m_param_enc = ENC_EXPLICIT;
- m_ecdsa_core = ECDSA_Core(*mp_dom_pars, BigInt(0), *mp_public_point);
- }
+ if(sig_len != n.bytes()*2)
+ return false;
-void ECDSA_PublicKey::X509_load_hook()
- {
- EC_PublicKey::X509_load_hook();
- EC_PublicKey::affirm_init();
- m_ecdsa_core = ECDSA_Core ( *mp_dom_pars, BigInt ( 0 ), *mp_public_point );
- }
+ BigInt e(msg, msg_len);
-u32bit ECDSA_PublicKey::max_input_bits() const
- {
- if(!mp_dom_pars.get())
- {
- throw Invalid_State("ECDSA_PublicKey::max_input_bits(): domain parameters not set");
- }
- return mp_dom_pars->get_order().bits();
- }
+ BigInt r(sig, sig_len / 2);
+ BigInt s(sig + sig_len / 2, sig_len / 2);
-/*
-* ECDSA_PrivateKey
-*/
-void ECDSA_PrivateKey::affirm_init() const // virtual
- {
- EC_PrivateKey::affirm_init();
- }
+ if(r < 0 || r >= n || s < 0 || s >= n)
+ return false;
-void ECDSA_PrivateKey::PKCS8_load_hook(bool generated)
- {
- EC_PrivateKey::PKCS8_load_hook(generated);
- EC_PrivateKey::affirm_init();
- m_ecdsa_core = ECDSA_Core(*mp_dom_pars, m_private_value, *mp_public_point);
- }
+ BigInt w = inverse_mod(s, n);
-void ECDSA_PrivateKey::set_all_values(const ECDSA_PrivateKey& other)
- {
- m_private_value = other.m_private_value;
- m_param_enc = other.m_param_enc;
- m_ecdsa_core = other.m_ecdsa_core;
- m_enc_public_point = other.m_enc_public_point;
-
- if(other.mp_dom_pars.get())
- mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters()));
+ PointGFp R = w * (e * domain().get_base_point() + r*public_point());
+ if(R.is_zero())
+ return false;
- if(other.mp_public_point.get())
- mp_public_point.reset(new PointGFp(other.public_point()));
- }
-
-ECDSA_PrivateKey::ECDSA_PrivateKey(ECDSA_PrivateKey const& other)
- : Public_Key(),
- EC_PublicKey(),
- Private_Key(),
- ECDSA_PublicKey(),
- EC_PrivateKey(),
- PK_Signing_Key()
- {
- set_all_values(other);
- }
-
-const ECDSA_PrivateKey& ECDSA_PrivateKey::operator=(const ECDSA_PrivateKey& rhs)
- {
- set_all_values(rhs);
- return *this;
+ return (R.get_affine_x() % n == r);
}
SecureVector<byte> ECDSA_PrivateKey::sign(const byte msg[],
u32bit msg_len,
RandomNumberGenerator& rng) const
{
- affirm_init();
+ const BigInt& n = domain().get_order();
- const BigInt& n = mp_dom_pars->get_order();
+ if(n == 0 || private_value() == 0)
+ throw Invalid_State("ECDSA_PrivateKey::sign: Not initialized");
BigInt k;
do
k.randomize(rng, n.bits()-1);
while(k >= n);
- return m_ecdsa_core.sign(msg, msg_len, k);
+ BigInt e(msg, msg_len);
+
+ PointGFp k_times_P = domain().get_base_point() * k;
+ BigInt r = k_times_P.get_affine_x() % n;
+
+ if(r == 0)
+ throw Internal_Error("Default_ECDSA_Op::sign: r was zero");
+
+ BigInt k_inv = inverse_mod(k, n);
+
+ BigInt s = (((r * private_value()) + e) * k_inv) % n;
+
+ SecureVector<byte> output(2*n.bytes());
+ r.binary_encode(output + (output.size() / 2 - r.bytes()));
+ s.binary_encode(output + (output.size() - s.bytes()));
+ return output;
}
}
diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h
index ce8c185a5..e7f29b600 100644
--- a/src/pubkey/ecdsa/ecdsa.h
+++ b/src/pubkey/ecdsa/ecdsa.h
@@ -2,7 +2,7 @@
* ECDSA
* (C) 2007 Falko Strenzke, FlexSecure GmbH
* Manuel Hartl, FlexSecure GmbH
-* (C) 2008 Jack Lloyd
+* (C) 2008-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -11,7 +11,6 @@
#define BOTAN_ECDSA_KEY_H__
#include <botan/ecc_key.h>
-#include <botan/ecdsa_core.h>
namespace Botan {
@@ -32,15 +31,14 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey,
/**
* Get the maximum number of bits allowed to be fed to this key.
* This is the bitlength of the order of the base point.
-
* @result the maximum number of input bits
*/
- u32bit max_input_bits() const;
+ u32bit max_input_bits() const { return domain().get_order().bits(); }
u32bit message_parts() const { return 2; }
u32bit message_part_size() const
- { return mp_dom_pars->get_order().bytes(); }
+ { return domain().get_order().bytes(); }
/**
* Verify a message with this key.
@@ -64,35 +62,9 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey,
* @param public_point the public point defining this key
*/
ECDSA_PublicKey(const EC_Domain_Params& dom_par,
- const PointGFp& public_point); // sets core
-
- ECDSA_PublicKey const& operator=(const ECDSA_PublicKey& rhs);
-
- ECDSA_PublicKey(const ECDSA_PublicKey& other);
-
- /**
- * Set the domain parameters of this key. This function has to be
- * used when a key encoded without domain parameters was decoded into
- * this key. Otherwise it will not be able to verify a signature.
- * @param dom_pars the domain_parameters associated with this key
- * @throw Invalid_Argument if the point was found not to be satisfying the
- * curve equation of the provided domain parameters
- * or if this key already has domain parameters set
- * and these are differing from those given as the parameter
- */
- void set_domain_parameters(const EC_Domain_Params& dom_pars);
-
- /**
- * Ensure that the public point and domain parameters of this key are set.
- * @throw Invalid_State if either of the two data members is not set
- */
- virtual void affirm_init() const;
-
- protected:
- void X509_load_hook();
- void set_all_values(const ECDSA_PublicKey& other);
+ const PointGFp& public_point) :
+ EC_PublicKey(dom_par, public_point) {}
- ECDSA_Core m_ecdsa_core;
};
/**
@@ -103,8 +75,6 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey,
public PK_Signing_Key
{
public:
- //ctors
-
/**
* Default constructor. Use this one if you want to later fill
* this object with data from an encoded key.
@@ -116,17 +86,16 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey,
* @param the domain parameters to used for this key
*/
ECDSA_PrivateKey(RandomNumberGenerator& rng,
- const EC_Domain_Params& domain);
+ const EC_Domain_Params& domain) :
+ EC_PrivateKey(rng, domain) {}
/**
* Load a private key
* @param domain parameters
* @param x the private key
*/
- ECDSA_PrivateKey(const EC_Domain_Params& domain, const BigInt& x);
-
- ECDSA_PrivateKey(const ECDSA_PrivateKey& other);
- ECDSA_PrivateKey const& operator=(const ECDSA_PrivateKey& rhs);
+ ECDSA_PrivateKey(const EC_Domain_Params& domain, const BigInt& x) :
+ EC_PrivateKey(domain, x) {}
/**
* Sign a message with this key.
@@ -137,18 +106,6 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey,
SecureVector<byte> sign(const byte message[], u32bit mess_len,
RandomNumberGenerator& rng) const;
-
- /**
- * Make sure that the public key parts of this object are set
- * (calls EC_PublicKey::affirm_init()) as well as the private key
- * value.
- * @throw Invalid_State if the above conditions are not satisfied
- */
- virtual void affirm_init() const;
-
- private:
- void set_all_values(const ECDSA_PrivateKey& other);
- void PKCS8_load_hook(bool = false);
};
}
diff --git a/src/pubkey/ecdsa/ecdsa_core.cpp b/src/pubkey/ecdsa/ecdsa_core.cpp
deleted file mode 100644
index 78b527786..000000000
--- a/src/pubkey/ecdsa/ecdsa_core.cpp
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-* ECDSA Core
-* (C) 1999-2007 Jack Lloyd
-* (C) 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/ecdsa_core.h>
-#include <botan/internal/pk_engine.h>
-
-namespace Botan {
-
-/*
-* ECDSA Operation
-*/
-bool ECDSA_Core::verify(const byte signature[], u32bit sig_len,
- const byte message[], u32bit mess_len) const
- {
- //assert(op.get());
- return op->verify(signature, sig_len, message, mess_len);
- }
-
-SecureVector<byte> ECDSA_Core::sign(const byte message[],
- u32bit mess_len,
- const BigInt& k) const
- {
- //assert(op.get());
- return op->sign(message, mess_len, k);
- }
-
-ECDSA_Core& ECDSA_Core::operator=(const ECDSA_Core& core)
- {
- delete op;
- if(core.op)
- op = core.op->clone();
- return (*this);
- }
-
-ECDSA_Core::ECDSA_Core(const ECDSA_Core& core)
- {
- op = 0;
- if(core.op)
- op = core.op->clone();
- }
-
-ECDSA_Core::ECDSA_Core(EC_Domain_Params const& dom_pars, const BigInt& priv_key, PointGFp const& pub_key)
- {
- op = Engine_Core::ecdsa_op(dom_pars, priv_key, pub_key);
- }
-
-}
diff --git a/src/pubkey/ecdsa/ecdsa_core.h b/src/pubkey/ecdsa/ecdsa_core.h
deleted file mode 100644
index c6583a86f..000000000
--- a/src/pubkey/ecdsa/ecdsa_core.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* ECDSA Core
-* (C) 1999-2007 Jack Lloyd
-* (C) 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_ECDSA_CORE_H__
-#define BOTAN_ECDSA_CORE_H__
-
-#include <botan/ecdsa_op.h>
-#include <botan/ec_dompar.h>
-
-namespace Botan {
-
-/*
-* ECDSA Core
-*/
-class BOTAN_DLL ECDSA_Core
- {
- public:
- bool verify(const byte signature[], u32bit sig_len,
- const byte message[], u32bit mess_len) const;
-
- SecureVector<byte> sign(const byte message[], u32bit mess_len,
- const BigInt& k) const;
-
- ECDSA_Core& operator=(const ECDSA_Core&);
-
- ECDSA_Core() { op = 0; }
-
- ECDSA_Core(const ECDSA_Core&);
-
- ECDSA_Core(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key);
-
- ~ECDSA_Core() { delete op; }
- private:
- ECDSA_Operation* op;
- };
-
-}
-
-#endif
diff --git a/src/pubkey/ecdsa/ecdsa_op.cpp b/src/pubkey/ecdsa/ecdsa_op.cpp
deleted file mode 100644
index dd92ac5c0..000000000
--- a/src/pubkey/ecdsa/ecdsa_op.cpp
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
-* ECDSA Operation
-* (C) 2007 FlexSecure GmbH
-* 2008-2010 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/ecdsa_op.h>
-#include <botan/numthry.h>
-
-namespace Botan {
-
-Default_ECDSA_Op::Default_ECDSA_Op(const EC_Domain_Params& domain,
- const BigInt& priv,
- const PointGFp& pub) :
- dom_pars(domain), mod_n(dom_pars.get_order()),
- pub_key(pub), priv_key(priv)
- {
- }
-
-bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const
- {
- const BigInt& n = dom_pars.get_order();
-
- if(sig_len != n.bytes()*2)
- return false;
-
- BigInt e(msg, msg_len);
-
- BigInt r(sig, sig_len / 2);
- BigInt s(sig + sig_len / 2, sig_len / 2);
-
- if(r < 0 || r >= n || s < 0 || s >= n)
- return false;
-
- BigInt w = inverse_mod(s, n);
-
- PointGFp R = w * (e * dom_pars.get_base_point() + r*pub_key);
- if(R.is_zero())
- return false;
-
- return (mod_n.reduce(R.get_affine_x()) == r);
- }
-
-SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len,
- const BigInt& k) const
- {
- if(priv_key == 0)
- throw Internal_Error("Default_ECDSA_Op::sign(): no private key");
-
- const BigInt& n = dom_pars.get_order();
-
- BigInt e(msg, msg_len);
-
- PointGFp k_times_P = dom_pars.get_base_point() * k;
- BigInt r = mod_n.reduce(k_times_P.get_affine_x());
-
- if(r == 0)
- throw Internal_Error("Default_ECDSA_Op::sign: r was zero");
-
- BigInt k_inv = inverse_mod(k, n);
-
- BigInt s = mod_n.reduce(mod_n.multiply(r, priv_key) + e);
- s = mod_n.multiply(s, k_inv);
-
- SecureVector<byte> output(2*n.bytes());
- r.binary_encode(output + (output.size() / 2 - r.bytes()));
- s.binary_encode(output + (output.size() - s.bytes()));
- return output;
- }
-
-}
diff --git a/src/pubkey/ecdsa/ecdsa_op.h b/src/pubkey/ecdsa/ecdsa_op.h
deleted file mode 100644
index 3a492ccf4..000000000
--- a/src/pubkey/ecdsa/ecdsa_op.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
-* ECDSA Operations
-* (C) 1999-2008 Jack Lloyd
-* (C) 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_ECDSA_OPERATIONS_H__
-#define BOTAN_ECDSA_OPERATIONS_H__
-
-#include <botan/ec_dompar.h>
-#include <botan/reducer.h>
-
-namespace Botan {
-
-/*
-* ECDSA Operation
-*/
-class BOTAN_DLL ECDSA_Operation
- {
- public:
- virtual bool verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const = 0;
-
- virtual SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- const BigInt& k) const = 0;
-
- virtual ECDSA_Operation* clone() const = 0;
-
- virtual ~ECDSA_Operation() {}
- };
-
-/*
-* Default ECDSA operation
-*/
-class BOTAN_DLL Default_ECDSA_Op : public ECDSA_Operation
- {
- public:
- bool verify(const byte sig[], u32bit sig_len,
- const byte msg[], u32bit msg_len) const;
-
- SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- const BigInt& k) const;
-
- ECDSA_Operation* clone() const
- {
- return new Default_ECDSA_Op(*this);
- }
-
- Default_ECDSA_Op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key);
- private:
- EC_Domain_Params dom_pars;
- Modular_Reducer mod_n;
-
- PointGFp pub_key;
- BigInt priv_key;
- };
-
-}
-
-#endif
diff --git a/src/pubkey/ecdsa/info.txt b/src/pubkey/ecdsa/info.txt
index 799fff32f..ca2694ad1 100644
--- a/src/pubkey/ecdsa/info.txt
+++ b/src/pubkey/ecdsa/info.txt
@@ -1,11 +1,9 @@
define ECDSA
<requires>
-alloc
asn1
ec_dompar
ecc_key
-libstate
numbertheory
rng
</requires>
diff --git a/src/pubkey/eckaeg/eckaeg.cpp b/src/pubkey/eckaeg/eckaeg.cpp
deleted file mode 100644
index 15c817fa7..000000000
--- a/src/pubkey/eckaeg/eckaeg.cpp
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
-* ECKAEG implemenation
-* (C) 2007 Manuel Hartl, FlexSecure GmbH
-* 2007 Falko Strenzke, FlexSecure GmbH
-* 2008 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/eckaeg.h>
-#include <botan/numthry.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/secmem.h>
-#include <botan/point_gfp.h>
-
-namespace Botan {
-
-/*
-* ECKAEG_PublicKey
-*/
-
-void ECKAEG_PublicKey::affirm_init() const // virtual
- {
- EC_PublicKey::affirm_init();
- }
-
-void ECKAEG_PublicKey::set_all_values(ECKAEG_PublicKey const& other)
- {
- m_param_enc = other.m_param_enc;
- m_eckaeg_core = other.m_eckaeg_core;
- m_enc_public_point = other.m_enc_public_point;
- if(other.mp_dom_pars.get())
- {
- mp_dom_pars.reset(new EC_Domain_Params(*(other.mp_dom_pars)));
- }
- if(other.mp_public_point.get())
- {
- mp_public_point.reset(new PointGFp(*(other.mp_public_point)));
- }
- }
-
-ECKAEG_PublicKey::ECKAEG_PublicKey(ECKAEG_PublicKey const& other)
- : Public_Key(),
- EC_PublicKey()
- {
- set_all_values(other);
- }
-
-ECKAEG_PublicKey const& ECKAEG_PublicKey::operator=(ECKAEG_PublicKey const& rhs)
- {
- set_all_values(rhs);
- return *this;
- }
-
-void ECKAEG_PublicKey::X509_load_hook()
- {
- EC_PublicKey::X509_load_hook();
- EC_PublicKey::affirm_init();
- m_eckaeg_core = ECKAEG_Core(*mp_dom_pars, BigInt(0), *mp_public_point);
- }
-
-ECKAEG_PublicKey::ECKAEG_PublicKey(EC_Domain_Params const& dom_par, PointGFp const& public_point)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_par));
- mp_public_point = std::unique_ptr<PointGFp>(new PointGFp(public_point));
- if(mp_public_point->get_curve() != mp_dom_pars->get_curve())
- {
- throw Invalid_Argument("ECKAEG_PublicKey(): curve of arg. point and curve of arg. domain parameters are different");
- }
- EC_PublicKey::affirm_init();
- m_eckaeg_core = ECKAEG_Core(*mp_dom_pars, BigInt(0), *mp_public_point);
- }
-
-/*
-* ECKAEG_PrivateKey
-*/
-void ECKAEG_PrivateKey::affirm_init() const // virtual
- {
- EC_PrivateKey::affirm_init();
- }
-
-void ECKAEG_PrivateKey::PKCS8_load_hook(bool generated)
- {
- EC_PrivateKey::PKCS8_load_hook(generated);
- EC_PrivateKey::affirm_init();
- m_eckaeg_core = ECKAEG_Core(*mp_dom_pars, m_private_value, *mp_public_point);
- }
-
-void ECKAEG_PrivateKey::set_all_values(ECKAEG_PrivateKey const& other)
- {
- m_private_value = other.m_private_value;
- m_param_enc = other.m_param_enc;
- m_eckaeg_core = other.m_eckaeg_core;
- m_enc_public_point = other.m_enc_public_point;
- if(other.mp_dom_pars.get())
- {
- mp_dom_pars.reset(new EC_Domain_Params(*(other.mp_dom_pars)));
- }
- if(other.mp_public_point.get())
- {
- mp_public_point.reset(new PointGFp(*(other.mp_public_point)));
- }
- }
-
-ECKAEG_PrivateKey::ECKAEG_PrivateKey(ECKAEG_PrivateKey const& other)
- : Public_Key(),
- EC_PublicKey(),
- Private_Key(),
- ECKAEG_PublicKey(),
- EC_PrivateKey(),
- PK_Key_Agreement_Key()
- {
- set_all_values(other);
- }
-
-ECKAEG_PrivateKey const& ECKAEG_PrivateKey::operator= (ECKAEG_PrivateKey const& rhs)
- {
- set_all_values(rhs);
- return *this;
- }
-
-MemoryVector<byte> ECKAEG_PrivateKey::public_value() const
- {
- return EC2OSP(public_point(), PointGFp::UNCOMPRESSED);
- }
-
-/**
-* Derive a key
-*/
-SecureVector<byte> ECKAEG_PrivateKey::derive_key(const byte key[],
- u32bit key_len) const
- {
- MemoryVector<byte> key_x(key, key_len); // FIXME: nasty/slow
- PointGFp point = OS2ECP(key_x, public_point().get_curve());
-
- return m_eckaeg_core.agree(point);
- }
-
-/**
-* Derive a key
-*/
-SecureVector<byte> ECKAEG_PrivateKey::derive_key(const ECKAEG_PublicKey& key) const
- {
- affirm_init();
- key.affirm_init();
-
- return m_eckaeg_core.agree(key.public_point());
- }
-
-}
diff --git a/src/pubkey/eckaeg/eckaeg.h b/src/pubkey/eckaeg/eckaeg.h
deleted file mode 100644
index b8c164967..000000000
--- a/src/pubkey/eckaeg/eckaeg.h
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
-* ECKAEG
-* (C) 2007 Falko Strenzke, FlexSecure GmbH
-* Manuel Hartl, FlexSecure GmbH
-* (C) 2008 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_ECKAEG_KEY_H__
-#define BOTAN_ECKAEG_KEY_H__
-
-#include <botan/ecc_key.h>
-#include <botan/eckaeg_core.h>
-
-namespace Botan {
-
-/**
-* This class represents ECKAEG Public Keys.
-*/
-class BOTAN_DLL ECKAEG_PublicKey : public virtual EC_PublicKey
- {
- public:
-
- /**
- * Default constructor. Use this one if you want to later fill
- * this object with data from an encoded key.
- */
- ECKAEG_PublicKey() {}
-
- /**
- * Construct a public key from a given public point.
- * @param dom_par the domain parameters associated with this key
- * @param public_point the public point defining this key
- */
- ECKAEG_PublicKey(const EC_Domain_Params& dom_par,
- const PointGFp& public_point);
-
- /**
- * Get this keys algorithm name.
- * @result this keys algorithm name
- */
- std::string algo_name() const { return "ECKAEG"; }
-
- /**
- * Get the maximum number of bits allowed to be fed to this key.
- * This is the bitlength of the order of the base point.
-
- * @result the maximum number of input bits
- */
- u32bit max_input_bits() const
- {
- if(!mp_dom_pars.get())
- throw Invalid_State("ECKAEG_PublicKey::max_input_bits(): domain parameters not set");
-
- return mp_dom_pars->get_order().bits();
- }
-
- ECKAEG_PublicKey(ECKAEG_PublicKey const& other);
- ECKAEG_PublicKey const& operator= (ECKAEG_PublicKey const& rhs);
-
- /**
- * Make sure that the public point and domain parameters of this
- * key are set.
- * @throw Invalid_State if either of the two data members is not set
- */
- virtual void affirm_init() const;
-
- protected:
- void X509_load_hook();
-
- ECKAEG_Core m_eckaeg_core;
- private:
- void set_all_values(const ECKAEG_PublicKey& other);
- };
-
-/**
-* This class represents ECKAEG Private Keys.
-*/
-class BOTAN_DLL ECKAEG_PrivateKey : public ECKAEG_PublicKey,
- public EC_PrivateKey,
- public PK_Key_Agreement_Key
- {
- public:
-
- /**
- * Generate a new private key
- * @param the domain parameters to used for this key
- */
- ECKAEG_PrivateKey(RandomNumberGenerator& rng,
- const EC_Domain_Params& dom_pars)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_pars));
- generate_private_key(rng);
- mp_public_point->check_invariants();
- m_eckaeg_core = ECKAEG_Core(*mp_dom_pars, m_private_value, *mp_public_point);
- }
-
- /**
- * Default constructor. Use this one if you want to later fill this object with data
- * from an encoded key.
- */
- ECKAEG_PrivateKey() {}
- ECKAEG_PrivateKey(ECKAEG_PrivateKey const& other);
- ECKAEG_PrivateKey const& operator=(ECKAEG_PrivateKey const& rhs);
-
- MemoryVector<byte> public_value() const;
-
- void PKCS8_load_hook(bool = false);
-
- /**
- * Derive a shared key with the other partys public key.
- * @param key the other partys public key
- * @param key_len the other partys public key
- */
- SecureVector<byte> derive_key(const byte key[], u32bit key_len) const;
-
- /**
- * Derive a shared key with the other partys public key.
- * @param other the other partys public key
- */
- SecureVector<byte> derive_key(const ECKAEG_PublicKey& other) const;
-
- /**
- * Make sure that the public key parts of this object are set
- * (calls EC_PublicKey::affirm_init()) as well as the private key
- * value.
- * @throw Invalid_State if the above conditions are not satisfied
- */
- virtual void affirm_init() const;
-
- private:
- void set_all_values(const ECKAEG_PrivateKey& other);
- };
-
-}
-
-#endif
diff --git a/src/pubkey/eckaeg/eckaeg_core.cpp b/src/pubkey/eckaeg/eckaeg_core.cpp
deleted file mode 100644
index eaf467933..000000000
--- a/src/pubkey/eckaeg/eckaeg_core.cpp
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-* ECKAEG Core
-* (C) 1999-2007 Jack Lloyd
-* (C) 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/eckaeg_core.h>
-#include <botan/numthry.h>
-#include <botan/internal/pk_engine.h>
-#include <botan/parsing.h>
-#include <algorithm>
-
-namespace Botan {
-
-/*
-* ECKAEG_Core Constructor
-*/
-ECKAEG_Core::ECKAEG_Core(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key)
- {
- op = Engine_Core::eckaeg_op(dom_pars, priv_key, pub_key);
- }
-
-/*
-* ECKAEG_Core Copy Constructor
-*/
-ECKAEG_Core::ECKAEG_Core(const ECKAEG_Core& core)
- {
- op = 0;
- if(core.op)
- op = core.op->clone();
- blinder = core.blinder;
- }
-
-/*
-* ECKAEG_Core Assignment Operator
-*/
-ECKAEG_Core& ECKAEG_Core::operator=(const ECKAEG_Core& core)
- {
- delete op;
- if(core.op)
- op = core.op->clone();
- blinder = core.blinder;
- return (*this);
- }
-
-/*
-* ECKAEG Operation
-*/
-SecureVector<byte> ECKAEG_Core::agree(const PointGFp& otherKey) const
- {
- //assert(op.get());
- return op->agree(otherKey);
- }
-
-}
diff --git a/src/pubkey/eckaeg/eckaeg_core.h b/src/pubkey/eckaeg/eckaeg_core.h
deleted file mode 100644
index d632c9451..000000000
--- a/src/pubkey/eckaeg/eckaeg_core.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
-* ECKAEG Core
-* (C) 1999-2007 Jack Lloyd
-* (C) 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_ECKAEG_CORE_H__
-#define BOTAN_ECKAEG_CORE_H__
-
-#include <botan/eckaeg_op.h>
-#include <botan/blinding.h>
-#include <botan/ec_dompar.h>
-
-namespace Botan {
-
-/*
-* ECKAEG Core
-*/
-class BOTAN_DLL ECKAEG_Core
- {
- public:
- SecureVector<byte> agree(const PointGFp&) const;
-
- ECKAEG_Core& operator=(const ECKAEG_Core&);
-
- ECKAEG_Core() { op = 0; }
-
- ECKAEG_Core(const ECKAEG_Core&);
-
- ECKAEG_Core(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- PointGFp const& pub_key);
-
- ~ECKAEG_Core() { delete op; }
- private:
- ECKAEG_Operation* op;
- Blinder blinder;
- };
-
-}
-
-#endif
diff --git a/src/pubkey/eckaeg/eckaeg_op.cpp b/src/pubkey/eckaeg/eckaeg_op.cpp
deleted file mode 100644
index 4fb0a23eb..000000000
--- a/src/pubkey/eckaeg/eckaeg_op.cpp
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
-* ECKAEG Operation
-* (C) 2007 FlexSecure GmbH
-* 2008-2010 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/eckaeg_op.h>
-#include <botan/numthry.h>
-
-namespace Botan {
-
-Default_ECKAEG_Op::Default_ECKAEG_Op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key)
- : m_dom_pars(dom_pars),
- m_pub_key(pub_key),
- m_priv_key(priv_key)
- {
- }
-
-SecureVector<byte> Default_ECKAEG_Op::agree(const PointGFp& i) const
- {
- BigInt cofactor = m_dom_pars.get_cofactor();
- BigInt n = m_dom_pars.get_order();
-
- BigInt l = inverse_mod(cofactor, n);
-
- PointGFp S = cofactor * i;
- S *= (m_priv_key * l) % n;
-
- S.check_invariants();
-
- return BigInt::encode_1363(S.get_affine_x(),
- S.get_curve().get_p().bytes());
- }
-
-}
diff --git a/src/pubkey/eckaeg/eckaeg_op.h b/src/pubkey/eckaeg/eckaeg_op.h
deleted file mode 100644
index 27cf4f367..000000000
--- a/src/pubkey/eckaeg/eckaeg_op.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
-* ECKAEG Operations
-* (C) 1999-2008 Jack Lloyd
-* 2007 FlexSecure GmbH
-*
-* Distributed under the terms of the Botan license
-*/
-
-#ifndef BOTAN_ECKAEG_OPERATIONS_H__
-#define BOTAN_ECKAEG_OPERATIONS_H__
-
-#include <botan/ec_dompar.h>
-
-namespace Botan {
-
-/*
-* ECKAEG Operation
-*/
-class BOTAN_DLL ECKAEG_Operation
- {
- public:
- virtual SecureVector<byte> agree(const PointGFp&) const = 0;
- virtual ECKAEG_Operation* clone() const = 0;
- virtual ~ECKAEG_Operation() {}
- };
-
-/*
-* Default ECKAEG operation
-*/
-class BOTAN_DLL Default_ECKAEG_Op : public ECKAEG_Operation
- {
- public:
- SecureVector<byte> agree(const PointGFp& i) const;
-
- ECKAEG_Operation* clone() const { return new Default_ECKAEG_Op(*this); }
-
- Default_ECKAEG_Op(const EC_Domain_Params& dom_pars,
- const BigInt& priv_key,
- const PointGFp& pub_key);
- private:
- EC_Domain_Params m_dom_pars;
- PointGFp m_pub_key;
- BigInt m_priv_key;
- };
-
-
-}
-
-#endif
diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp
index d3e98665d..8dd72dfc1 100644
--- a/src/pubkey/gost_3410/gost_3410.cpp
+++ b/src/pubkey/gost_3410/gost_3410.cpp
@@ -16,42 +16,6 @@
namespace Botan {
-GOST_3410_PrivateKey::GOST_3410_PrivateKey(RandomNumberGenerator& rng,
- const EC_Domain_Params& dom_pars)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_pars));
- generate_private_key(rng);
-
- try
- {
- mp_public_point->check_invariants();
- }
- catch(Illegal_Point& e)
- {
- throw Invalid_State("GOST_3410 key generation failed");
- }
- }
-
-GOST_3410_PrivateKey::GOST_3410_PrivateKey(const EC_Domain_Params& domain,
- const BigInt& x)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(domain));
-
- m_private_value = x;
- mp_public_point = std::unique_ptr<PointGFp>(new PointGFp (mp_dom_pars->get_base_point()));
-
- *mp_public_point *= m_private_value;
-
- try
- {
- mp_public_point->check_invariants();
- }
- catch(Illegal_Point)
- {
- throw Invalid_State("GOST_3410 key generation failed");
- }
- }
-
X509_Encoder* GOST_3410_PublicKey::x509_encoder() const
{
class GOST_3410_Key_Encoder : public X509_Encoder
@@ -59,21 +23,15 @@ X509_Encoder* GOST_3410_PublicKey::x509_encoder() const
public:
AlgorithmIdentifier alg_id() const
{
- key->affirm_init();
-
- SecureVector<byte> params =
- encode_der_ec_dompar(key->domain_parameters(), key->m_param_enc);
-
- return AlgorithmIdentifier(key->get_oid(), params);
+ return AlgorithmIdentifier(key->get_oid(),
+ key->domain().DER_encode(key->domain_format()));
}
MemoryVector<byte> key_bits() const
{
- key->affirm_init();
-
// Trust CryptoPro to come up with something obnoxious
- const BigInt x = key->mp_public_point->get_affine_x();
- const BigInt y = key->mp_public_point->get_affine_y();
+ const BigInt x = key->public_point().get_affine_x();
+ const BigInt y = key->public_point().get_affine_y();
SecureVector<byte> bits(2*std::max(x.bytes(), y.bytes()));
@@ -104,9 +62,7 @@ X509_Decoder* GOST_3410_PublicKey::x509_decoder()
BER_Decoder ber(alg_id.parameters);
ber.start_cons(SEQUENCE).decode(ecc_param_id);
- EC_Domain_Params ecc_params = get_EC_Dom_Pars_by_oid(ecc_param_id.as_string());
-
- key->mp_dom_pars.reset(new EC_Domain_Params(ecc_params));
+ key->domain_params = EC_Domain_Params(ecc_param_id);
}
void key_bits(const MemoryRegion<byte>& bits)
@@ -121,11 +77,9 @@ X509_Decoder* GOST_3410_PublicKey::x509_decoder()
BigInt y(key_bits, part_size);
BigInt x(key_bits + part_size, part_size);
- const BigInt p = key->domain_parameters().get_curve().get_p();
+ const BigInt p = key->domain().get_curve().get_p();
- key->mp_public_point.reset(
- new PointGFp(key->domain_parameters().get_curve(),
- x, y));
+ key->public_key = PointGFp(key->domain().get_curve(), x, y);
key->X509_load_hook();
}
@@ -138,80 +92,16 @@ X509_Decoder* GOST_3410_PublicKey::x509_decoder()
return new GOST_3410_Key_Decoder(this);
}
-/*
-* GOST_3410_PublicKey
-*/
-void GOST_3410_PublicKey::affirm_init() const // virtual
- {
- EC_PublicKey::affirm_init();
- }
-
-void GOST_3410_PublicKey::set_domain_parameters(const EC_Domain_Params& dom_pars)
- {
- if(mp_dom_pars.get())
- {
- // they are already set, we must ensure that they are equal to the arg
- if(dom_pars != *mp_dom_pars.get())
- throw Invalid_Argument("EC_PublicKey::set_domain_parameters - cannot reset to a new value");
-
- return;
- }
-
- if(m_enc_public_point.size() == 0)
- throw Invalid_State("EC_PublicKey::set_domain_parameters(): encoded public point isn't set");
-
- // now try to decode the public key ...
- PointGFp tmp_pp(OS2ECP(m_enc_public_point, dom_pars.get_curve()));
- try
- {
- tmp_pp.check_invariants();
- }
- catch(Illegal_Point e)
- {
- throw Invalid_State("EC_PublicKey::set_domain_parameters(): point does not lie on provided curve");
- }
-
- mp_public_point.reset(new PointGFp(tmp_pp));
- mp_dom_pars.reset(new EC_Domain_Params(dom_pars));
- }
-
-void GOST_3410_PublicKey::set_all_values(const GOST_3410_PublicKey& other)
- {
- m_param_enc = other.m_param_enc;
- m_enc_public_point = other.m_enc_public_point;
- if(other.mp_dom_pars.get())
- mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters()));
-
- if(other.mp_public_point.get())
- mp_public_point.reset(new PointGFp(other.public_point()));
- }
-
-GOST_3410_PublicKey::GOST_3410_PublicKey(const GOST_3410_PublicKey& other)
- : Public_Key(),
- EC_PublicKey(),
- PK_Verifying_wo_MR_Key()
- {
- set_all_values(other);
- }
-
-const GOST_3410_PublicKey& GOST_3410_PublicKey::operator=(const GOST_3410_PublicKey& rhs)
- {
- set_all_values(rhs);
- return *this;
- }
-
bool GOST_3410_PublicKey::verify(const byte msg[], u32bit msg_len,
const byte sig[], u32bit sig_len) const
{
- affirm_init();
-
- const BigInt& n = mp_dom_pars->get_order();
+ const BigInt& n = domain().get_order();
if(sig_len != n.bytes()*2)
return false;
// NOTE: it is not checked whether the public point is set
- if(mp_dom_pars->get_curve().get_p() == 0)
+ if(domain().get_curve().get_p() == 0)
throw Internal_Error("domain parameters not set");
BigInt e(msg, msg_len);
@@ -231,76 +121,17 @@ bool GOST_3410_PublicKey::verify(const byte msg[], u32bit msg_len,
BigInt z1 = (s*v) % n;
BigInt z2 = (-r*v) % n;
- PointGFp R = (z1 * mp_dom_pars->get_base_point() + z2 * *mp_public_point);
+ PointGFp R = (z1 * domain().get_base_point() + z2 * public_point());
return (R.get_affine_x() == r);
}
GOST_3410_PublicKey::GOST_3410_PublicKey(const EC_Domain_Params& dom_par,
- const PointGFp& public_point)
- {
- mp_dom_pars = std::unique_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_par));
- mp_public_point = std::unique_ptr<PointGFp>(new PointGFp(public_point));
- m_param_enc = ENC_EXPLICIT;
- }
-
-void GOST_3410_PublicKey::X509_load_hook()
- {
- EC_PublicKey::X509_load_hook();
- EC_PublicKey::affirm_init();
- }
-
-u32bit GOST_3410_PublicKey::max_input_bits() const
- {
- if(!mp_dom_pars.get())
- {
- throw Invalid_State("GOST_3410_PublicKey::max_input_bits(): domain parameters not set");
- }
- return mp_dom_pars->get_order().bits();
- }
-
-/*************************
-* GOST_3410_PrivateKey
-*************************/
-void GOST_3410_PrivateKey::affirm_init() const // virtual
- {
- EC_PrivateKey::affirm_init();
- }
-
-void GOST_3410_PrivateKey::PKCS8_load_hook(bool generated)
+ const PointGFp& pub_point)
{
- EC_PrivateKey::PKCS8_load_hook(generated);
- EC_PrivateKey::affirm_init();
- }
-
-void GOST_3410_PrivateKey::set_all_values(const GOST_3410_PrivateKey& other)
- {
- m_private_value = other.m_private_value;
- m_param_enc = other.m_param_enc;
- m_enc_public_point = other.m_enc_public_point;
-
- if(other.mp_dom_pars.get())
- mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters()));
-
- if(other.mp_public_point.get())
- mp_public_point.reset(new PointGFp(other.public_point()));
- }
-
-GOST_3410_PrivateKey::GOST_3410_PrivateKey(GOST_3410_PrivateKey const& other)
- : Public_Key(),
- EC_PublicKey(),
- Private_Key(),
- GOST_3410_PublicKey(),
- EC_PrivateKey(),
- PK_Signing_Key()
- {
- set_all_values(other);
- }
-
-const GOST_3410_PrivateKey& GOST_3410_PrivateKey::operator=(const GOST_3410_PrivateKey& rhs)
- {
- set_all_values(rhs);
- return *this;
+ domain_params = dom_par;
+ public_key = pub_point;
+ domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
}
SecureVector<byte>
@@ -308,16 +139,14 @@ GOST_3410_PrivateKey::sign(const byte msg[],
u32bit msg_len,
RandomNumberGenerator& rng) const
{
- affirm_init();
-
- const BigInt& n = mp_dom_pars->get_order();
+ const BigInt& n = domain().get_order();
BigInt k;
do
k.randomize(rng, n.bits()-1);
while(k >= n);
- if(m_private_value == 0)
+ if(private_value() == 0)
throw Internal_Error("GOST_3410::sign(): no private key");
if(n == 0)
@@ -329,7 +158,7 @@ GOST_3410_PrivateKey::sign(const byte msg[],
if(e == 0)
e = 1;
- PointGFp k_times_P = mp_dom_pars->get_base_point() * k;
+ PointGFp k_times_P = domain().get_base_point() * k;
k_times_P.check_invariants();
BigInt r = k_times_P.get_affine_x() % n;
@@ -337,7 +166,7 @@ GOST_3410_PrivateKey::sign(const byte msg[],
if(r == 0)
throw Internal_Error("GOST_3410::sign: r was zero");
- BigInt s = (r*m_private_value + k*e) % n;
+ BigInt s = (r*private_value() + k*e) % n;
SecureVector<byte> output(2*n.bytes());
r.binary_encode(output + (output.size() / 2 - r.bytes()));
diff --git a/src/pubkey/gost_3410/gost_3410.h b/src/pubkey/gost_3410/gost_3410.h
index 460aca9bf..8104cbb75 100644
--- a/src/pubkey/gost_3410/gost_3410.h
+++ b/src/pubkey/gost_3410/gost_3410.h
@@ -34,12 +34,12 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey,
* @result the maximum number of input bits
*/
- u32bit max_input_bits() const;
+ u32bit max_input_bits() const { return domain().get_order().bits(); }
u32bit message_parts() const { return 2; }
u32bit message_part_size() const
- { return mp_dom_pars->get_order().bytes(); }
+ { return domain().get_order().bytes(); }
/**
* Verify a message with this key.
@@ -63,29 +63,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey,
* @param public_point the public point defining this key
*/
GOST_3410_PublicKey(const EC_Domain_Params& dom_par,
- const PointGFp& public_point); // sets core
-
- GOST_3410_PublicKey const& operator=(const GOST_3410_PublicKey& rhs);
-
- GOST_3410_PublicKey(const GOST_3410_PublicKey& other);
-
- /**
- * Set the domain parameters of this key. This function has to be
- * used when a key encoded without domain parameters was decoded into
- * this key. Otherwise it will not be able to verify a signature.
- * @param dom_pars the domain_parameters associated with this key
- * @throw Invalid_Argument if the point was found not to be satisfying the
- * curve equation of the provided domain parameters
- * or if this key already has domain parameters set
- * and these are differing from those given as the parameter
- */
- void set_domain_parameters(const EC_Domain_Params& dom_pars);
-
- /**
- * Ensure that the public point and domain parameters of this key are set.
- * @throw Invalid_State if either of the two data members is not set
- */
- virtual void affirm_init() const;
+ const PointGFp& public_point);
/**
* Get an x509_encoder that can be used to encode this key.
@@ -99,10 +77,6 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey,
* @result an x509_decoder for this key
*/
X509_Decoder* x509_decoder();
-
- protected:
- void X509_load_hook();
- void set_all_values(const GOST_3410_PublicKey& other);
};
/**
@@ -124,17 +98,16 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey,
* @param the domain parameters to used for this key
*/
GOST_3410_PrivateKey(RandomNumberGenerator& rng,
- const EC_Domain_Params& domain);
+ const EC_Domain_Params& domain) :
+ EC_PrivateKey(rng, domain) {}
/**
* Load a private key
* @param domain parameters
* @param x the private key
*/
- GOST_3410_PrivateKey(const EC_Domain_Params& domain, const BigInt& x);
-
- GOST_3410_PrivateKey(const GOST_3410_PrivateKey& other);
- GOST_3410_PrivateKey const& operator=(const GOST_3410_PrivateKey& rhs);
+ GOST_3410_PrivateKey(const EC_Domain_Params& domain, const BigInt& x) :
+ EC_PrivateKey(domain, x) {}
/**
* Sign a message with this key.
@@ -142,21 +115,8 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey,
* @param mess_len the length of the message byte array
* @result the signature
*/
-
SecureVector<byte> sign(const byte message[], u32bit mess_len,
RandomNumberGenerator& rng) const;
-
- /**
- * Make sure that the public key parts of this object are set
- * (calls EC_PublicKey::affirm_init()) as well as the private key
- * value.
- * @throw Invalid_State if the above conditions are not satisfied
- */
- virtual void affirm_init() const;
-
- private:
- void set_all_values(const GOST_3410_PrivateKey& other);
- void PKCS8_load_hook(bool = false);
};
}