aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/ecdh/ecdh.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pubkey/ecdh/ecdh.cpp')
-rw-r--r--src/lib/pubkey/ecdh/ecdh.cpp20
1 files changed, 13 insertions, 7 deletions
diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index 1bdf2c209..ed2f404dc 100644
--- a/src/lib/pubkey/ecdh/ecdh.cpp
+++ b/src/lib/pubkey/ecdh/ecdh.cpp
@@ -27,32 +27,38 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF
{
public:
- ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf) :
+ ECDH_KA_Operation(const ECDH_PrivateKey& key, const std::string& kdf, RandomNumberGenerator& rng) :
PK_Ops::Key_Agreement_with_KDF(kdf),
m_curve(key.domain().get_curve()),
- m_cofactor(key.domain().get_cofactor())
+ m_cofactor(key.domain().get_cofactor()),
+ m_order(key.domain().get_order()),
+ m_rng(rng)
{
- m_l_times_priv = inverse_mod(m_cofactor, key.domain().get_order()) * key.private_value();
+ m_l_times_priv = inverse_mod(m_cofactor, m_order) * key.private_value();
}
secure_vector<byte> raw_agree(const byte w[], size_t w_len) override
{
PointGFp point = OS2ECP(w, w_len, m_curve);
- // TODO: add blinding
- PointGFp S = (m_cofactor * point) * m_l_times_priv;
+ PointGFp S = m_cofactor * point;
+ Blinded_Point_Multiply blinder(S, m_order);
+ S = blinder.blinded_multiply(m_l_times_priv, m_rng);
BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve");
return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes());
}
private:
const CurveGFp& m_curve;
const BigInt& m_cofactor;
+ const BigInt& m_order;
BigInt m_l_times_priv;
+ RandomNumberGenerator& m_rng;
+
};
}
std::unique_ptr<PK_Ops::Key_Agreement>
-ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
+ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng,
const std::string& params,
const std::string& provider) const
{
@@ -72,7 +78,7 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/,
#endif
if(provider == "base" || provider.empty())
- return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params));
+ return std::unique_ptr<PK_Ops::Key_Agreement>(new ECDH_KA_Operation(*this, params, rng));
throw Provider_Not_Found(algo_name(), provider);
}