Merge GH #1076 Change x25519 and Ed25519 key formats to match IETF standard

author: Jack Lloyd <[email protected]> 2017-06-21 15:03:52 -0400
committer: Jack Lloyd <[email protected]> 2017-06-21 15:03:52 -0400
commit: cae9a8d0cdaa77df29fac54e71b4b265e9a13b3b (patch)
tree: 6626786083fdbc7534cce38c6c8af1892c235227 /src
parent: 1c1ae4d2146743d93e79eb2128aa8105e6bae3de (diff)
parent: f8a40dbc46411ed8a144c6e51b071225a5d40456 (diff)
7 files changed, 46 insertions, 53 deletions
diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt
index 57df53462..41e599e29 100644
--- a/src/build-data/oids.txt
+++ b/src/build-data/oids.txt
@@ -8,9 +8,9 @@
 1.2.840.10046.2.1 = DH
 1.3.6.1.4.1.3029.1.2.1 = ElGamal
 1.3.6.1.4.1.25258.1.3 = McEliece
-1.3.6.1.4.1.25258.1.4 = Curve25519
+1.3.101.110 = Curve25519
 1.3.6.1.4.1.25258.1.5 = XMSS
-1.3.6.1.4.1.25258.1.6 = Ed25519
+1.3.101.112 = Ed25519
 
 # X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5)
 1.2.840.10045.2.1 = ECDSA
diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp
index 26e98ed6f..794f0f6f0 100644
--- a/src/lib/asn1/oids.cpp
+++ b/src/lib/asn1/oids.cpp
@@ -1,7 +1,7 @@
 /*
 * OID maps
 *
-* This file was automatically generated by ./src/scripts/oids.py on 2017-06-07
+* This file was automatically generated by ./src/scripts/oids.py on 2017-06-12
 *
 * All manual edits to this file will be lost. Edit the script
 * then regenerate this source file.
@@ -73,6 +73,8 @@ std::string lookup(const OID& oid)
    if(oid_str == "1.2.840.113549.2.9") return "HMAC(SHA-256)";
    if(oid_str == "1.2.840.113549.3.2") return "RC2/CBC";
    if(oid_str == "1.2.840.113549.3.7") return "TripleDES/CBC";
+   if(oid_str == "1.3.101.110") return "Curve25519";
+   if(oid_str == "1.3.101.112") return "Ed25519";
    if(oid_str == "1.3.132.0.10") return "secp256k1";
    if(oid_str == "1.3.132.0.30") return "secp160r2";
    if(oid_str == "1.3.132.0.31") return "secp192k1";
@@ -102,9 +104,7 @@ std::string lookup(const OID& oid)
    if(oid_str == "1.3.36.3.3.2.8.1.1.9") return "brainpool320r1";
    if(oid_str == "1.3.6.1.4.1.11591.12.2") return "Tiger(24,3)";
    if(oid_str == "1.3.6.1.4.1.25258.1.3") return "McEliece";
-   if(oid_str == "1.3.6.1.4.1.25258.1.4") return "Curve25519";
    if(oid_str == "1.3.6.1.4.1.25258.1.5") return "XMSS";
-   if(oid_str == "1.3.6.1.4.1.25258.1.6") return "Ed25519";
    if(oid_str == "1.3.6.1.4.1.25258.1.6.1") return "GOST-34.10/EMSA1(SHA-256)";
    if(oid_str == "1.3.6.1.4.1.25258.3.1") return "Serpent/CBC";
    if(oid_str == "1.3.6.1.4.1.25258.3.101") return "Serpent/GCM";
@@ -226,7 +226,7 @@ OID lookup(const std::string& name)
    if(name == "AES-256/OCB") return OID("1.3.6.1.4.1.25258.3.2.3");
    if(name == "CAST-128/CBC") return OID("1.2.840.113533.7.66.10");
    if(name == "Compression.Zlib") return OID("1.2.840.113549.1.9.16.3.8");
-   if(name == "Curve25519") return OID("1.3.6.1.4.1.25258.1.4");
+   if(name == "Curve25519") return OID("1.3.101.110");
    if(name == "DES/CBC") return OID("1.3.14.3.2.7");
    if(name == "DH") return OID("1.2.840.10046.2.1");
    if(name == "DSA") return OID("1.2.840.10040.4.1");
@@ -261,7 +261,7 @@ OID lookup(const std::string& name)
    if(name == "ECKCDSA/EMSA1(SHA-1)") return OID("1.2.410.200004.1.100.4.3");
    if(name == "ECKCDSA/EMSA1(SHA-224)") return OID("1.2.410.200004.1.100.4.4");
    if(name == "ECKCDSA/EMSA1(SHA-256)") return OID("1.2.410.200004.1.100.4.5");
-   if(name == "Ed25519") return OID("1.3.6.1.4.1.25258.1.6");
+   if(name == "Ed25519") return OID("1.3.101.112");
    if(name == "ElGamal") return OID("1.3.6.1.4.1.3029.1.2.1");
    if(name == "GOST-34.10") return OID("1.2.643.2.2.19");
    if(name == "GOST-34.10/EMSA1(GOST-R-34.11-94)") return OID("1.2.643.2.2.3");
diff --git a/src/lib/filters/cipher_filter.cpp b/src/lib/filters/cipher_filter.cpp
index 03727f239..a3e7bd1c3 100644
--- a/src/lib/filters/cipher_filter.cpp
+++ b/src/lib/filters/cipher_filter.cpp
@@ -28,7 +28,7 @@ Cipher_Mode_Filter::Cipher_Mode_Filter(Cipher_Mode* mode) :
    Buffered_Filter(choose_update_size(mode->update_granularity()),
                    mode->minimum_final_size()),
    m_mode(mode),
-   m_nonce(mode->default_nonce_length() == 0),
+   m_nonce(mode->default_nonce_length()),
    m_buffer(m_mode->update_granularity())
    {
    }
diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp
index 070b8e841..6cd5b0cb8 100644
--- a/src/lib/pubkey/curve25519/curve25519.cpp
+++ b/src/lib/pubkey/curve25519/curve25519.cpp
@@ -38,7 +38,10 @@ secure_vector<uint8_t> curve25519(const secure_vector<uint8_t>& secret,
 
 AlgorithmIdentifier Curve25519_PublicKey::algorithm_identifier() const
    {
-   return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_NULL_PARAM);
+   // AlgorithmIdentifier::USE_NULL_PARAM puts 0x05 0x00 in parameters
+   // We want nothing
+   std::vector<uint8_t> empty;
+   return AlgorithmIdentifier(get_oid(), empty);
    }
 
 bool Curve25519_PublicKey::check_key(RandomNumberGenerator&, bool) const
@@ -49,23 +52,28 @@ bool Curve25519_PublicKey::check_key(RandomNumberGenerator&, bool) const
 Curve25519_PublicKey::Curve25519_PublicKey(const AlgorithmIdentifier&,
                                            const std::vector<uint8_t>& key_bits)
    {
-   BER_Decoder(key_bits)
-      .start_cons(SEQUENCE)
-      .decode(m_public, OCTET_STRING)
-   .end_cons();
+   m_public = key_bits;
 
    size_check(m_public.size(), "public key");
    }
 
 std::vector<uint8_t> Curve25519_PublicKey::public_key_bits() const
    {
-   return DER_Encoder()
-      .start_cons(SEQUENCE)
-        .encode(m_public, OCTET_STRING)
-      .end_cons()
-      .get_contents_unlocked();
+   return m_public;
    }
 
+Curve25519_PrivateKey::Curve25519_PrivateKey(const secure_vector<uint8_t>& secret_key)
+   {
+   if(secret_key.size() == 32)
+      {
+      m_public.resize(32);
+      m_private = secret_key;
+      curve25519_basepoint(m_public.data(), m_private.data());
+      }
+   else
+     throw Decoding_Error("Invalid size for Curve25519 private key");
+   }
+      
 Curve25519_PrivateKey::Curve25519_PrivateKey(RandomNumberGenerator& rng)
    {
    m_private = rng.random_vec(32);
@@ -76,24 +84,16 @@ Curve25519_PrivateKey::Curve25519_PrivateKey(RandomNumberGenerator& rng)
 Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier&,
                                              const secure_vector<uint8_t>& key_bits)
    {
-   BER_Decoder(key_bits)
-      .start_cons(SEQUENCE)
-      .decode(m_public, OCTET_STRING)
-      .decode(m_private, OCTET_STRING)
-   .end_cons();
+   BER_Decoder(key_bits).decode(m_private, OCTET_STRING).discard_remaining();
 
-   size_check(m_public.size(), "public key");
    size_check(m_private.size(), "private key");
+   m_public.resize(32);
+   curve25519_basepoint(m_public.data(), m_private.data());
    }
 
 secure_vector<uint8_t> Curve25519_PrivateKey::private_key_bits() const
    {
-   return DER_Encoder()
-      .start_cons(SEQUENCE)
-        .encode(m_public, OCTET_STRING)
-        .encode(m_private, OCTET_STRING)
-      .end_cons()
-      .get_contents();
+   return DER_Encoder().encode(m_private, OCTET_STRING).get_contents();
    }
 
 bool Curve25519_PrivateKey::check_key(RandomNumberGenerator&, bool) const
diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h
index 567bb7008..da64113d5 100644
--- a/src/lib/pubkey/curve25519/curve25519.h
+++ b/src/lib/pubkey/curve25519/curve25519.h
@@ -76,7 +76,7 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey,
 
       /**
       * Construct a private key from the specified parameters.
-      * @param secret_key DER encoded private key bits
+      * @param secret_key the private key
       */
       explicit Curve25519_PrivateKey(const secure_vector<uint8_t>& secret_key);
 
diff --git a/src/lib/pubkey/ed25519/ed25519.h b/src/lib/pubkey/ed25519/ed25519.h
index f098517a0..360d92c16 100644
--- a/src/lib/pubkey/ed25519/ed25519.h
+++ b/src/lib/pubkey/ed25519/ed25519.h
@@ -82,7 +82,7 @@ class BOTAN_DLL Ed25519_PrivateKey : public Ed25519_PublicKey,
 
       /**
       * Construct a private key from the specified parameters.
-      * @param secret_key DER encoded private key bits
+      * @param secret_key the private key
       */
       explicit Ed25519_PrivateKey(const secure_vector<uint8_t>& secret_key);
 
diff --git a/src/lib/pubkey/ed25519/ed25519_key.cpp b/src/lib/pubkey/ed25519/ed25519_key.cpp
index beea8d9a2..6089cfedf 100644
--- a/src/lib/pubkey/ed25519/ed25519_key.cpp
+++ b/src/lib/pubkey/ed25519/ed25519_key.cpp
@@ -18,7 +18,10 @@ namespace Botan {
 
 AlgorithmIdentifier Ed25519_PublicKey::algorithm_identifier() const
    {
-   return AlgorithmIdentifier(get_oid(), AlgorithmIdentifier::USE_NULL_PARAM);
+   // AlgorithmIdentifier::USE_NULL_PARAM puts 0x05 0x00 in parameters
+   // We want nothing
+   std::vector<uint8_t> empty;
+   return AlgorithmIdentifier(get_oid(), empty);
    }
 
 bool Ed25519_PublicKey::check_key(RandomNumberGenerator&, bool) const
@@ -30,10 +33,7 @@ bool Ed25519_PublicKey::check_key(RandomNumberGenerator&, bool) const
 Ed25519_PublicKey::Ed25519_PublicKey(const AlgorithmIdentifier&,
                                            const std::vector<uint8_t>& key_bits)
    {
-   BER_Decoder(key_bits)
-      .start_cons(SEQUENCE)
-      .decode(m_public, OCTET_STRING)
-   .end_cons();
+   m_public = key_bits;
 
    if(m_public.size() != 32)
       throw Decoding_Error("Invalid size for Ed25519 public key");
@@ -41,11 +41,7 @@ Ed25519_PublicKey::Ed25519_PublicKey(const AlgorithmIdentifier&,
 
 std::vector<uint8_t> Ed25519_PublicKey::public_key_bits() const
    {
-   return DER_Encoder()
-      .start_cons(SEQUENCE)
-        .encode(m_public, OCTET_STRING)
-      .end_cons()
-      .get_contents_unlocked();
+   return m_public;
    }
 
 Ed25519_PrivateKey::Ed25519_PrivateKey(const secure_vector<uint8_t>& secret_key)
@@ -76,23 +72,20 @@ Ed25519_PrivateKey::Ed25519_PrivateKey(RandomNumberGenerator& rng)
 Ed25519_PrivateKey::Ed25519_PrivateKey(const AlgorithmIdentifier&,
                                        const secure_vector<uint8_t>& key_bits)
    {
-   BER_Decoder(key_bits)
-      .start_cons(SEQUENCE)
-      .decode(m_private, OCTET_STRING)
-   .end_cons();
+   secure_vector<uint8_t> bits;
+   BER_Decoder(key_bits).decode(bits, OCTET_STRING).discard_remaining();
 
-   if(m_private.size() != 64)
+   if(bits.size() != 32)
       throw Decoding_Error("Invalid size for Ed25519 private key");
-   m_public.assign(&m_private[32], &m_private[64]);
+   m_public.resize(32);
+   m_private.resize(64);
+   ed25519_gen_keypair(m_public.data(), m_private.data(), bits.data());
    }
 
 secure_vector<uint8_t> Ed25519_PrivateKey::private_key_bits() const
    {
-   return DER_Encoder()
-      .start_cons(SEQUENCE)
-        .encode(m_private, OCTET_STRING)
-      .end_cons()
-      .get_contents();
+   secure_vector<uint8_t> bits(&m_private[0], &m_private[32]);
+   return DER_Encoder().encode(bits, OCTET_STRING).get_contents();
    }
 
 bool Ed25519_PrivateKey::check_key(RandomNumberGenerator&, bool) const
author	Jack Lloyd <[email protected]>	2017-06-21 15:03:52 -0400
committer	Jack Lloyd <[email protected]>	2017-06-21 15:03:52 -0400
commit	cae9a8d0cdaa77df29fac54e71b4b265e9a13b3b (patch)
tree	6626786083fdbc7534cce38c6c8af1892c235227 /src
parent	1c1ae4d2146743d93e79eb2128aa8105e6bae3de (diff)
parent	f8a40dbc46411ed8a144c6e51b071225a5d40456 (diff)