diff options
| -rw-r--r-- | doc/migration_guide.rst | 3 | ||||
| -rw-r--r-- | src/lib/prov/openssl/openssl_ec.cpp | 2 | ||||
| -rw-r--r-- | src/lib/prov/pkcs11/p11_ecc_key.cpp | 6 | ||||
| -rw-r--r-- | src/lib/pubkey/ec_group/ec_group.cpp | 8 | ||||
| -rw-r--r-- | src/lib/pubkey/ec_group/ec_group.h | 12 | ||||
| -rw-r--r-- | src/lib/pubkey/ecc_key/ecc_key.cpp | 51 | ||||
| -rw-r--r-- | src/lib/pubkey/ecc_key/ecc_key.h | 2 | ||||
| -rw-r--r-- | src/tests/test_pkcs11_high_level.cpp | 26 |
8 files changed, 49 insertions, 61 deletions
diff --git a/doc/migration_guide.rst b/doc/migration_guide.rst index e5feba39f..d11f5115b 100644 --- a/doc/migration_guide.rst +++ b/doc/migration_guide.rst @@ -59,4 +59,5 @@ Use of ``enum class`` -------------------------------- Several enumerations where modified to become ``enum class``, including -``DL_Group::Format``, ``CRL_Code``, +``DL_Group::Format``, ``CRL_Code``, ``EC_Group_Encoding``, + diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 1bbd613a0..bd64aef34 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -52,7 +52,7 @@ secure_vector<uint8_t> PKCS8_for_openssl(const EC_PrivateKey& ec) .encode(static_cast<size_t>(1)) .encode(BigInt::encode_1363(priv_key, priv_key.bytes()), OCTET_STRING) .start_cons(ASN1_Tag(0), PRIVATE) - .raw_bytes(ec.domain().DER_encode(EC_DOMPAR_ENC_OID)) + .raw_bytes(ec.domain().DER_encode(EC_Group_Encoding::NamedCurve)) .end_cons() .start_cons(ASN1_Tag(1), PRIVATE) .encode(pub_key.encode(PointGFp::UNCOMPRESSED), BIT_STRING) diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index c14c96322..4a2736fc6 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -46,7 +46,7 @@ PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, ObjectHandle handle) secure_vector<uint8_t> ec_parameters = get_attribute_value(AttributeType::EcParams); m_domain_params = EC_Group(unlock(ec_parameters)); m_public_key = decode_public_point(get_attribute_value(AttributeType::EcPoint), m_domain_params); - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_encoding = EC_Group_Encoding::Explicit; } PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImportProperties& props) @@ -57,7 +57,7 @@ PKCS11_EC_PublicKey::PKCS11_EC_PublicKey(Session& session, const EC_PublicKeyImp secure_vector<uint8_t> ec_point; BER_Decoder(props.ec_point()).decode(ec_point, OCTET_STRING); m_public_key = m_domain_params.OS2ECP(ec_point); - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_encoding = EC_Group_Encoding::Explicit; } EC_PrivateKeyImportProperties::EC_PrivateKeyImportProperties(const std::vector<uint8_t>& ec_params, const BigInt& value) @@ -127,7 +127,7 @@ bool PKCS11_EC_PrivateKey::check_key(RandomNumberGenerator&, bool) const AlgorithmIdentifier PKCS11_EC_PrivateKey::algorithm_identifier() const { - return AlgorithmIdentifier(get_oid(), domain().DER_encode(EC_DOMPAR_ENC_EXPLICIT)); + return AlgorithmIdentifier(get_oid(), domain().DER_encode(EC_Group_Encoding::Explicit)); } } diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index ab4a059fc..2e6739729 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -612,7 +612,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const DER_Encoder der(output); - if(form == EC_DOMPAR_ENC_EXPLICIT) + if(form == EC_Group_Encoding::Explicit) { const size_t ecpVers1 = 1; const OID curve_type("1.2.840.10045.1.1"); // prime field @@ -636,7 +636,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const .encode(get_cofactor()) .end_cons(); } - else if(form == EC_DOMPAR_ENC_OID) + else if(form == EC_Group_Encoding::NamedCurve) { const OID oid = get_curve_oid(); if(oid.empty()) @@ -645,7 +645,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const } der.encode(oid); } - else if(form == EC_DOMPAR_ENC_IMPLICITCA) + else if(form == EC_Group_Encoding::ImplicitCA) { der.encode_null(); } @@ -659,7 +659,7 @@ EC_Group::DER_encode(EC_Group_Encoding form) const std::string EC_Group::PEM_encode() const { - const std::vector<uint8_t> der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); + const std::vector<uint8_t> der = DER_encode(EC_Group_Encoding::Explicit); return PEM_Code::encode(der, "EC PARAMETERS"); } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 2a7876610..5f50edc9b 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -20,10 +20,14 @@ namespace Botan { /** * This class represents elliptic curce domain parameters */ -enum EC_Group_Encoding { - EC_DOMPAR_ENC_EXPLICIT = 0, - EC_DOMPAR_ENC_IMPLICITCA = 1, - EC_DOMPAR_ENC_OID = 2 +enum class EC_Group_Encoding { + Explicit, + ImplicitCA, + NamedCurve, + + EC_DOMPAR_ENC_EXPLICIT = Explicit, + EC_DOMPAR_ENC_IMPLICITCA = ImplicitCA, + EC_DOMPAR_ENC_OID = NamedCurve }; enum class EC_Group_Source { diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 09748b847..90ffb260b 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -27,15 +27,24 @@ size_t EC_PublicKey::estimated_strength() const return ecp_work_factor(key_length()); } -EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, - const PointGFp& pub_point) : - m_domain_params(dom_par), m_public_key(pub_point) +namespace { + +EC_Group_Encoding default_encoding_for(EC_Group& group) { - if (!dom_par.get_curve_oid().empty()) - m_domain_encoding = EC_DOMPAR_ENC_OID; + if(group.get_curve_oid().empty()) + return EC_Group_Encoding::Explicit; else - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + return EC_Group_Encoding::NamedCurve; + } +} + +EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, + const PointGFp& pub_point) : + m_domain_params(dom_par), + m_public_key(pub_point), + m_domain_encoding(default_encoding_for(m_domain_params)) + { #if 0 if(domain().get_curve() != public_point().get_curve()) throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor"); @@ -45,12 +54,9 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, const std::vector<uint8_t>& key_bits) : m_domain_params{EC_Group(alg_id.get_parameters())}, - m_public_key{domain().OS2ECP(key_bits)} + m_public_key{domain().OS2ECP(key_bits)}, + m_domain_encoding(default_encoding_for(m_domain_params)) { - if (!domain().get_curve_oid().empty()) - m_domain_encoding = EC_DOMPAR_ENC_OID; - else - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; } bool EC_PublicKey::check_key(RandomNumberGenerator& rng, @@ -83,15 +89,8 @@ void EC_PublicKey::set_point_encoding(PointGFp::Compression_Type enc) void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) { - if(form != EC_DOMPAR_ENC_EXPLICIT && - form != EC_DOMPAR_ENC_IMPLICITCA && - form != EC_DOMPAR_ENC_OID) - throw Invalid_Argument("Invalid encoding form for EC-key object specified"); - - if((form == EC_DOMPAR_ENC_OID) && (m_domain_params.get_curve_oid().empty())) - throw Invalid_Argument("Invalid encoding form OID specified for " - "EC-key object whose corresponding domain " - "parameters are without oid"); + if(form == EC_Group_Encoding::NamedCurve && m_domain_params.get_curve_oid().empty()) + throw Invalid_Argument("Cannot used NamedCurve encoding for a curve without an OID"); m_domain_encoding = form; } @@ -113,10 +112,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, bool with_modular_inverse) { m_domain_params = ec_group; - if (!ec_group.get_curve_oid().empty()) - m_domain_encoding = EC_DOMPAR_ENC_OID; - else - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_encoding = default_encoding_for(m_domain_params); if(x == 0) { @@ -162,12 +158,7 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, bool with_modular_inverse) { m_domain_params = EC_Group(alg_id.get_parameters()); - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; - - if (!domain().get_curve_oid().empty()) - m_domain_encoding = EC_DOMPAR_ENC_OID; - else - m_domain_encoding = EC_DOMPAR_ENC_EXPLICIT; + m_domain_encoding = default_encoding_for(m_domain_params); OID key_parameters; secure_vector<uint8_t> public_key_bits; diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index ec2b5f9be..5e268da14 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -108,7 +108,7 @@ class BOTAN_PUBLIC_API(2,0) EC_PublicKey : public virtual Public_Key size_t estimated_strength() const override; protected: - EC_PublicKey() : m_domain_params{}, m_public_key{}, m_domain_encoding(EC_DOMPAR_ENC_EXPLICIT) + EC_PublicKey() : m_domain_params{}, m_public_key{}, m_domain_encoding(EC_Group_Encoding::Explicit) {} EC_Group m_domain_params; diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 84c2c62c3..ce2d43639 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -930,7 +930,6 @@ Test::Result test_ecdsa_privkey_import() // create ecdsa private key ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); result.confirm("Key self test OK", priv_key.check_key(Test::rng(), true)); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); // import to card EC_PrivateKeyImportProperties props(priv_key.DER_domain(), priv_key.private_value()); @@ -959,7 +958,6 @@ Test::Result test_ecdsa_privkey_export() // create private key ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); result.confirm("Check ECDSA key", priv_key.check_key(Test::rng(), true)); // import to card @@ -994,7 +992,6 @@ Test::Result test_ecdsa_pubkey_import() // create ecdsa private key ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1023,7 +1020,6 @@ Test::Result test_ecdsa_pubkey_export() // create public key from private key ECDSA_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1058,7 +1054,7 @@ Test::Result test_ecdsa_generate_private_key() props.set_sign(true); PKCS11_ECDSA_PrivateKey pk(test_session.session(), - EC_Group("secp256r1").DER_encode(EC_Group_Encoding::EC_DOMPAR_ENC_OID), props); + EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); result.test_success("ECDSA private key generation was successful"); pk.destroy(); @@ -1098,7 +1094,7 @@ Test::Result test_ecdsa_generate_keypair() for(auto &curve : curves) { - PKCS11_ECDSA_KeyPair keypair = generate_ecdsa_keypair(test_session, curve, EC_DOMPAR_ENC_OID); + PKCS11_ECDSA_KeyPair keypair = generate_ecdsa_keypair(test_session, curve, EC_Group_Encoding::NamedCurve); keypair.first.destroy(); keypair.second.destroy(); @@ -1171,14 +1167,14 @@ Test::Result test_ecdsa_sign_verify_core(EC_Group_Encoding ec_dompar_enc, std::s Test::Result test_ecdsa_sign_verify() { - // pass the curve OID to the PKCS#11 library - return test_ecdsa_sign_verify_core(EC_DOMPAR_ENC_OID, "PKCS11 ECDSA sign and verify"); + // pass the curve OID to the PKCS#11 library + return test_ecdsa_sign_verify_core(EC_Group_Encoding::NamedCurve, "PKCS11 ECDSA sign and verify"); } Test::Result test_ecdsa_curve_import() { - // pass the curve parameters to the PKCS#11 library and perform sign/verify to test them - return test_ecdsa_sign_verify_core(EC_DOMPAR_ENC_EXPLICIT, "PKCS11 ECDSA sign and verify with imported curve"); + // pass the curve parameters to the PKCS#11 library and perform sign/verify to test them + return test_ecdsa_sign_verify_core(EC_Group_Encoding::Explicit, "PKCS11 ECDSA sign and verify with imported curve"); } class PKCS11_ECDSA_Tests final : public Test @@ -1217,7 +1213,6 @@ Test::Result test_ecdh_privkey_import() // create ecdh private key ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); // import to card EC_PrivateKeyImportProperties props(priv_key.DER_domain(), priv_key.private_value()); @@ -1244,7 +1239,6 @@ Test::Result test_ecdh_privkey_export() // create private key ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); // import to card EC_PrivateKeyImportProperties props(priv_key.DER_domain(), priv_key.private_value()); @@ -1274,7 +1268,6 @@ Test::Result test_ecdh_pubkey_import() // create ECDH private key ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1303,7 +1296,6 @@ Test::Result test_ecdh_pubkey_export() // create public key from private key ECDH_PrivateKey priv_key(Test::rng(), EC_Group("secp256r1")); - priv_key.set_parameter_encoding(EC_Group_Encoding::EC_DOMPAR_ENC_OID); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1338,7 +1330,7 @@ Test::Result test_ecdh_generate_private_key() props.set_derive(true); PKCS11_ECDH_PrivateKey pk(test_session.session(), - EC_Group("secp256r1").DER_encode(EC_Group_Encoding::EC_DOMPAR_ENC_OID), props); + EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); result.test_success("ECDH private key generation was successful"); pk.destroy(); @@ -1348,8 +1340,8 @@ Test::Result test_ecdh_generate_private_key() PKCS11_ECDH_KeyPair generate_ecdh_keypair(const TestSession& test_session, const std::string& label) { - EC_PublicKeyGenerationProperties pub_props(EC_Group("secp256r1").DER_encode( - EC_Group_Encoding::EC_DOMPAR_ENC_OID)); + EC_PublicKeyGenerationProperties pub_props( + EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)); pub_props.set_label(label + "_PUB_KEY"); pub_props.set_token(true); pub_props.set_derive(true); |