diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/engine/def_engine/def_pk_ops.cpp | 33 | ||||
| -rw-r--r-- | src/engine/def_engine/default_engine.h | 6 | ||||
| -rw-r--r-- | src/engine/engine.h | 17 | ||||
| -rw-r--r-- | src/engine/info.txt | 1 | ||||
| -rw-r--r-- | src/libstate/pk_engine.cpp | 19 | ||||
| -rw-r--r-- | src/libstate/pk_engine.h | 8 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.cpp | 40 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.h | 33 | ||||
| -rw-r--r-- | src/pubkey/dh/dh_core.cpp | 65 | ||||
| -rw-r--r-- | src/pubkey/dh/dh_core.h | 38 | ||||
| -rw-r--r-- | src/pubkey/dh/dh_op.h | 45 | ||||
| -rw-r--r-- | src/pubkey/dh/info.txt | 3 | ||||
| -rw-r--r-- | src/pubkey/dlies/dlies.cpp | 45 | ||||
| -rw-r--r-- | src/pubkey/dlies/dlies.h | 7 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.cpp | 21 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.h | 17 | ||||
| -rw-r--r-- | src/pubkey/info.txt | 1 | ||||
| -rw-r--r-- | src/pubkey/pk_keys.h | 2 | ||||
| -rw-r--r-- | src/pubkey/pk_ops.h | 38 | ||||
| -rw-r--r-- | src/pubkey/pubkey.cpp | 25 | ||||
| -rw-r--r-- | src/pubkey/pubkey.h | 39 |
21 files changed, 221 insertions, 282 deletions
diff --git a/src/engine/def_engine/def_pk_ops.cpp b/src/engine/def_engine/def_pk_ops.cpp index e1040142e..b2f53376d 100644 --- a/src/engine/def_engine/def_pk_ops.cpp +++ b/src/engine/def_engine/def_pk_ops.cpp @@ -24,11 +24,31 @@ #endif #if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include <botan/dh_op.h> + #include <botan/dh.h> +#endif + +#if defined(BOTAN_HAS_ECDH) + #include <botan/ecdh.h> #endif namespace Botan { +PK_Ops::KA_Operation* +Default_Engine::get_key_agreement_op(const Private_Key& key) const + { +#if defined(BOTAN_HAS_DIFFIE_HELLMAN) + if(const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key)) + return new DH_KA_Operation(*dh); +#endif + +#if defined(BOTAN_HAS_ECDH) + if(const ECDH_PrivateKey* ecdh = dynamic_cast<const ECDH_PrivateKey*>(&key)) + return new ECDH_KA_Operation(*ecdh); +#endif + + return 0; + } + #if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY) /* * Acquire an IF op @@ -75,15 +95,4 @@ ELG_Operation* Default_Engine::elg_op(const DL_Group& group, const BigInt& y, } #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -/* -* Acquire a DH op -*/ -DH_Operation* Default_Engine::dh_op(const DL_Group& group, - const BigInt& x) const - { - return new Default_DH_Op(group, x); - } -#endif - } diff --git a/src/engine/def_engine/default_engine.h b/src/engine/def_engine/default_engine.h index aa753fadb..918a42114 100644 --- a/src/engine/def_engine/default_engine.h +++ b/src/engine/def_engine/default_engine.h @@ -20,6 +20,8 @@ class Default_Engine : public Engine public: std::string provider_name() const { return "core"; } + PK_Ops::KA_Operation* get_key_agreement_op(const Private_Key&) const; + #if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY) IF_Operation* if_op(const BigInt&, const BigInt&, const BigInt&, const BigInt&, const BigInt&, const BigInt&, @@ -40,10 +42,6 @@ class Default_Engine : public Engine const BigInt&) const; #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - DH_Operation* dh_op(const DL_Group&, const BigInt&) const; -#endif - Modular_Exponentiator* mod_exp(const BigInt&, Power_Mod::Usage_Hints) const; diff --git a/src/engine/engine.h b/src/engine/engine.h index ba5f95c27..ea9c05997 100644 --- a/src/engine/engine.h +++ b/src/engine/engine.h @@ -15,6 +15,8 @@ #include <botan/hash.h> #include <botan/mac.h> #include <botan/pow_mod.h> +#include <botan/pk_keys.h> +#include <botan/pk_ops.h> #include <utility> #include <map> @@ -27,10 +29,6 @@ #include <botan/dsa_op.h> #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include <botan/dh_op.h> -#endif - #if defined(BOTAN_HAS_NYBERG_RUEPPEL) #include <botan/nr_op.h> #endif @@ -80,6 +78,12 @@ class BOTAN_DLL Engine Algorithm_Factory&) { return 0; } + virtual PK_Ops::KA_Operation* + get_key_agreement_op(const Private_Key&) const + { + return 0; + } + #if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY) virtual IF_Operation* if_op(const BigInt&, const BigInt&, const BigInt&, const BigInt&, const BigInt&, const BigInt&, @@ -104,11 +108,6 @@ class BOTAN_DLL Engine const BigInt&) const { return 0; } #endif - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - virtual DH_Operation* dh_op(const DL_Group&, const BigInt&) const - { return 0; } -#endif }; } diff --git a/src/engine/info.txt b/src/engine/info.txt index b270edaa5..32fcf21c2 100644 --- a/src/engine/info.txt +++ b/src/engine/info.txt @@ -10,5 +10,6 @@ hash libstate mac numbertheory +pubkey stream </requires> diff --git a/src/libstate/pk_engine.cpp b/src/libstate/pk_engine.cpp index ac2fa68b0..51aaa073e 100644 --- a/src/libstate/pk_engine.cpp +++ b/src/libstate/pk_engine.cpp @@ -91,25 +91,6 @@ ELG_Operation* elg_op(const DL_Group& group, const BigInt& y, const BigInt& x) } #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -/* -* Acquire a DH op -*/ -DH_Operation* dh_op(const DL_Group& group, const BigInt& x) - { - Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory()); - - while(const Engine* engine = i.next()) - { - DH_Operation* op = engine->dh_op(group, x); - if(op) - return op; - } - - throw Lookup_Error("Engine_Core::dh_op: Unable to find a working engine"); - } -#endif - /* * Acquire a modular exponentiator */ diff --git a/src/libstate/pk_engine.h b/src/libstate/pk_engine.h index 25f326ef0..e6399058e 100644 --- a/src/libstate/pk_engine.h +++ b/src/libstate/pk_engine.h @@ -19,10 +19,6 @@ #include <botan/dsa_op.h> #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include <botan/dh_op.h> -#endif - #if defined(BOTAN_HAS_NYBERG_RUEPPEL) #include <botan/nr_op.h> #endif @@ -62,10 +58,6 @@ NR_Operation* nr_op(const DL_Group&, const BigInt&, const BigInt&); ELG_Operation* elg_op(const DL_Group&, const BigInt&, const BigInt&); #endif -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -DH_Operation* dh_op(const DL_Group&, const BigInt&); -#endif - } } diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index 4ebe1fa1c..70791fee4 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -21,14 +21,6 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) } /* -* Return the maximum input size in bits -*/ -u32bit DH_PublicKey::max_input_bits() const - { - return group_p().bits(); - } - -/* * Return the public value for key agreement */ MemoryVector<byte> DH_PublicKey::public_value() const @@ -55,8 +47,6 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, if(y == 0) y = power_mod(group_g(), x, group_p()); - core = DH_Core(rng, group, x); - if(x == 0) gen_check(rng); else @@ -74,8 +64,6 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, if(y == 0) y = power_mod(group_g(), x, group_p()); - core = DH_Core(rng, group, x); - load_check(rng); } @@ -87,32 +75,4 @@ MemoryVector<byte> DH_PrivateKey::public_value() const return DH_PublicKey::public_value(); } -/* -* Derive a key -*/ -SecureVector<byte> DH_PrivateKey::derive_key(const byte w[], - u32bit w_len) const - { - return derive_key(BigInt::decode(w, w_len)); - } - -/* -* Derive a key -*/ -SecureVector<byte> DH_PrivateKey::derive_key(const DH_PublicKey& key) const - { - return derive_key(key.get_y()); - } - -/* -* Derive a key -*/ -SecureVector<byte> DH_PrivateKey::derive_key(const BigInt& w) const - { - const BigInt& p = group_p(); - if(w <= 1 || w >= p-1) - throw Invalid_Argument(algo_name() + "::derive_key: Invalid key input"); - return BigInt::encode_1363(core.agree(w), p.bytes()); - } - } diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 14bc916a7..318a6215c 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -9,7 +9,8 @@ #define BOTAN_DIFFIE_HELLMAN_H__ #include <botan/dl_algo.h> -#include <botan/dh_core.h> +#include <botan/pow_mod.h> +#include <botan/pk_ops.h> namespace Botan { @@ -22,7 +23,7 @@ class BOTAN_DLL DH_PublicKey : public virtual DL_Scheme_PublicKey std::string algo_name() const { return "DH"; } MemoryVector<byte> public_value() const; - u32bit max_input_bits() const; + u32bit max_input_bits() const { return group_p().bits(); } DL_Group::Format group_format() const { return DL_Group::ANSI_X9_42; } @@ -48,10 +49,6 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, public virtual DL_Scheme_PrivateKey { public: - SecureVector<byte> derive_key(const byte other[], u32bit length) const; - SecureVector<byte> derive_key(const DH_PublicKey& other) const; - SecureVector<byte> derive_key(const BigInt& other) const; - MemoryVector<byte> public_value() const; /** @@ -72,8 +69,30 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, */ DH_PrivateKey(RandomNumberGenerator& rng, const DL_Group& grp, const BigInt& x = 0); + }; + +/** +* DH operation +*/ +class BOTAN_DLL DH_KA_Operation : public PK_Ops::KA_Operation + { + public: + + DH_KA_Operation(const DH_PrivateKey& key) : + powermod_x_p(key.get_x(), key.get_domain().get_p()), + p_bytes(key.get_domain().get_p().bytes()) + {} + + SecureVector<byte> agree(const byte w[], u32bit w_len) const + { + return BigInt::encode_1363( + powermod_x_p(BigInt::decode(w, w_len)), + p_bytes); + } + private: - DH_Core core; + Fixed_Exponent_Power_Mod powermod_x_p; + u32bit p_bytes; }; } diff --git a/src/pubkey/dh/dh_core.cpp b/src/pubkey/dh/dh_core.cpp deleted file mode 100644 index cbe2dc9f1..000000000 --- a/src/pubkey/dh/dh_core.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* -* PK Algorithm Core -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/dh_core.h> -#include <botan/numthry.h> -#include <botan/internal/pk_engine.h> -#include <botan/parsing.h> -#include <algorithm> - -namespace Botan { - -/* -* DH_Core Constructor -*/ -DH_Core::DH_Core(RandomNumberGenerator& rng, - const DL_Group& group, const BigInt& x) - { - const u32bit BLINDING_BITS = BOTAN_PRIVATE_KEY_OP_BLINDING_BITS; - - op = Engine_Core::dh_op(group, x); - - const BigInt& p = group.get_p(); - - BigInt k(rng, std::min(p.bits()-1, BLINDING_BITS)); - - if(k != 0) - blinder = Blinder(k, power_mod(inverse_mod(k, p), x, p), p); - } - -/* -* DH_Core Copy Constructor -*/ -DH_Core::DH_Core(const DH_Core& core) - { - op = 0; - if(core.op) - op = core.op->clone(); - blinder = core.blinder; - } - -/* -* DH_Core Assignment Operator -*/ -DH_Core& DH_Core::operator=(const DH_Core& core) - { - delete op; - if(core.op) - op = core.op->clone(); - blinder = core.blinder; - return (*this); - } - -/* -* DH Operation -*/ -BigInt DH_Core::agree(const BigInt& i) const - { - return blinder.unblind(op->agree(blinder.blind(i))); - } - -} diff --git a/src/pubkey/dh/dh_core.h b/src/pubkey/dh/dh_core.h deleted file mode 100644 index 91b50a27a..000000000 --- a/src/pubkey/dh/dh_core.h +++ /dev/null @@ -1,38 +0,0 @@ -/* -* DH Core -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_DH_CORE_H__ -#define BOTAN_DH_CORE_H__ - -#include <botan/dh_op.h> -#include <botan/blinding.h> - -namespace Botan { - -/* -* DH Core -*/ -class BOTAN_DLL DH_Core - { - public: - BigInt agree(const BigInt&) const; - - DH_Core& operator=(const DH_Core&); - - DH_Core() { op = 0; } - DH_Core(const DH_Core&); - DH_Core(RandomNumberGenerator& rng, - const DL_Group&, const BigInt&); - ~DH_Core() { delete op; } - private: - DH_Operation* op; - Blinder blinder; - }; - -} - -#endif diff --git a/src/pubkey/dh/dh_op.h b/src/pubkey/dh/dh_op.h deleted file mode 100644 index 50f3d7825..000000000 --- a/src/pubkey/dh/dh_op.h +++ /dev/null @@ -1,45 +0,0 @@ -/* -* DH Operations -* (C) 1999-2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_DH_OPS_H__ -#define BOTAN_DH_OPS_H__ - -#include <botan/dl_group.h> -#include <botan/reducer.h> -#include <botan/pow_mod.h> - -namespace Botan { - -/* -* DH Operation Interface -*/ -class BOTAN_DLL DH_Operation - { - public: - virtual BigInt agree(const BigInt&) const = 0; - virtual DH_Operation* clone() const = 0; - virtual ~DH_Operation() {} - }; - -/* -* Botan's Default DH Operation -*/ -class BOTAN_DLL Default_DH_Op : public DH_Operation - { - public: - BigInt agree(const BigInt& i) const { return powermod_x_p(i); } - DH_Operation* clone() const { return new Default_DH_Op(*this); } - - Default_DH_Op(const DL_Group& group, const BigInt& x) : - powermod_x_p(x, group.get_p()) {} - private: - Fixed_Exponent_Power_Mod powermod_x_p; - }; - -} - -#endif diff --git a/src/pubkey/dh/info.txt b/src/pubkey/dh/info.txt index ca8f74fa1..e1e460cd0 100644 --- a/src/pubkey/dh/info.txt +++ b/src/pubkey/dh/info.txt @@ -1,14 +1,11 @@ define DIFFIE_HELLMAN <header:public> -dh_core.h -dh_op.h dh.h </header:public> <source> dh.cpp -dh_core.cpp </source> <requires> diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 6ef3292e1..2253f84d5 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -14,16 +14,21 @@ namespace Botan { /* * DLIES_Encryptor Constructor */ -DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& k, +DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - key(k), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) + ka(get_pk_kas(key, "Raw")), + kdf(kdf_obj), + mac(mac_obj), + mac_keylen(mac_kl) { + my_key = key.public_value(); } DLIES_Encryptor::~DLIES_Encryptor() { + delete ka; delete kdf; delete mac; } @@ -39,19 +44,18 @@ SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length, if(other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - MemoryVector<byte> v = key.public_value(); + SecureVector<byte> out(my_key.size() + length + mac->OUTPUT_LENGTH); + out.copy(my_key, my_key.size()); + out.copy(my_key.size(), in, length); - SecureVector<byte> out(v.size() + length + mac->OUTPUT_LENGTH); - out.copy(v, v.size()); - out.copy(v.size(), in, length); - - SecureVector<byte> vz(v, key.derive_key(other_key, other_key.size())); + SecureVector<byte> vz(my_key, ka->derive_key(0, other_key).bits_of()); const u32bit K_LENGTH = length + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); + if(K.length() != K_LENGTH) throw Encoding_Error("DLIES: KDF did not provide sufficient output"); - byte* C = out + v.size(); + byte* C = out + my_key.size(); xor_buf(C, K.begin() + mac_keylen, length); mac->set_key(K.begin(), mac_keylen); @@ -84,16 +88,21 @@ u32bit DLIES_Encryptor::maximum_input_size() const /* * DLIES_Decryptor Constructor */ -DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& k, +DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& key, KDF* kdf_obj, MessageAuthenticationCode* mac_obj, u32bit mac_kl) : - key(k), kdf(kdf_obj), mac(mac_obj), mac_keylen(mac_kl) + ka(get_pk_kas(key, "Raw")), + kdf(kdf_obj), + mac(mac_obj), + mac_keylen(mac_kl) { + my_key = key.public_value(); } DLIES_Decryptor::~DLIES_Decryptor() { + delete ka; delete kdf; delete mac; } @@ -103,18 +112,16 @@ DLIES_Decryptor::~DLIES_Decryptor() */ SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const { - const u32bit public_len = key.public_value().size(); - - if(length < public_len + mac->OUTPUT_LENGTH) + if(length < my_key.size() + mac->OUTPUT_LENGTH) throw Decoding_Error("DLIES decryption: ciphertext is too short"); - const u32bit CIPHER_LEN = length - public_len - mac->OUTPUT_LENGTH; + const u32bit CIPHER_LEN = length - my_key.size() - mac->OUTPUT_LENGTH; - SecureVector<byte> v(msg, public_len); - SecureVector<byte> C(msg + public_len, CIPHER_LEN); - SecureVector<byte> T(msg + public_len + CIPHER_LEN, mac->OUTPUT_LENGTH); + SecureVector<byte> v(msg, my_key.size()); + SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN); + SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->OUTPUT_LENGTH); - SecureVector<byte> vz(v, key.derive_key(v, v.size())); + SecureVector<byte> vz(v, ka->derive_key(0, v).bits_of()); const u32bit K_LENGTH = C.size() + mac_keylen; OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index 88a22b9de..e8b87a091 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -33,9 +33,9 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor RandomNumberGenerator&) const; u32bit maximum_input_size() const; - const PK_Key_Agreement_Key& key; - SecureVector<byte> other_key; + SecureVector<byte> other_key, my_key; + PK_Key_Agreement* ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; @@ -57,8 +57,9 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor private: SecureVector<byte> dec(const byte[], u32bit) const; - const PK_Key_Agreement_Key& key; + SecureVector<byte> my_key; + PK_Key_Agreement* ka; KDF* kdf; MessageAuthenticationCode* mac; u32bit mac_keylen; diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index 7ecc40ae4..37dc7c392 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -11,6 +11,27 @@ namespace Botan { +ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) + { + cofactor = key.domain().get_cofactor(); + + curve = key.domain().get_curve(); + + l_times_priv = inverse_mod(cofactor, key.domain().get_order()) * + key.private_value(); + } + +SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const + { + PointGFp point = OS2ECP(w, w_len, curve); + + PointGFp S = (cofactor * point) * l_times_priv; + S.check_invariants(); + + return BigInt::encode_1363(S.get_affine_x(), + curve.get_p().bytes()); + } + /** * Derive a key */ diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index 8185e25f2..ad7efdc13 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -11,6 +11,7 @@ #define BOTAN_ECDH_KEY_H__ #include <botan/ecc_key.h> +#include <botan/pk_ops.h> namespace Botan { @@ -75,7 +76,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, MemoryVector<byte> public_value() const { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } - + private: /** * Derive a shared key with the other parties public key. * @param key the other partys public key @@ -96,6 +97,20 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, SecureVector<byte> derive_key(const PointGFp& point) const; }; +/** +* ECDH operation +*/ +class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::KA_Operation + { + public: + ECDH_KA_Operation(const ECDH_PrivateKey& key); + + SecureVector<byte> agree(const byte w[], u32bit w_len) const; + private: + CurveGFp curve; + BigInt l_times_priv, cofactor; + }; + } #endif diff --git a/src/pubkey/info.txt b/src/pubkey/info.txt index 4d7105e9d..01378b856 100644 --- a/src/pubkey/info.txt +++ b/src/pubkey/info.txt @@ -12,6 +12,7 @@ x509_key.cpp <header:public> pk_keys.h +pk_ops.h pkcs8.h pubkey.h pubkey_enums.h diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h index 8015c1076..c37ce46a5 100644 --- a/src/pubkey/pk_keys.h +++ b/src/pubkey/pk_keys.h @@ -158,8 +158,8 @@ class BOTAN_DLL PK_Verifying_wo_MR_Key : public virtual Public_Key class BOTAN_DLL PK_Key_Agreement_Key : public virtual Private_Key { public: - virtual SecureVector<byte> derive_key(const byte[], u32bit) const = 0; virtual MemoryVector<byte> public_value() const = 0; + virtual ~PK_Key_Agreement_Key() {} }; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h new file mode 100644 index 000000000..2b9ac4366 --- /dev/null +++ b/src/pubkey/pk_ops.h @@ -0,0 +1,38 @@ +/* +* PK Operation Types +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PK_OPERATIONS_H__ +#define BOTAN_PK_OPERATIONS_H__ + +#include <botan/secmem.h> + +namespace Botan { + +namespace PK_Ops { + +/* +* A generic Key Agreement Operation (eg DH or ECDH) +*/ +class BOTAN_DLL KA_Operation + { + public: + /* + * Perform a key agreement operation + * @param w the other key value + * @param w_len the length of w in bytes + * @returns the agreed key + */ + virtual SecureVector<byte> agree(const byte w[], u32bit w_len) const = 0; + + virtual ~KA_Operation() {} + }; + +} + +} + +#endif diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index feb33a361..6932caa34 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -1,6 +1,6 @@ /* * Public Key Base -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -10,6 +10,8 @@ #include <botan/ber_dec.h> #include <botan/bigint.h> #include <botan/parsing.h> +#include <botan/libstate.h> +#include <botan/engine.h> #include <botan/internal/bit_ops.h> #include <memory> @@ -356,21 +358,34 @@ bool PK_Verifier_wo_MR::validate_signature(const MemoryRegion<byte>& msg, /* * PK_Key_Agreement Constructor */ -PK_Key_Agreement::PK_Key_Agreement(const PK_Key_Agreement_Key& k, +PK_Key_Agreement::PK_Key_Agreement(const PK_Key_Agreement_Key& key, KDF* kdf_obj) : - key(k), kdf(kdf_obj) + kdf(kdf_obj) { + Algorithm_Factory::Engine_Iterator i(global_state().algorithm_factory()); + + while(const Engine* engine = i.next()) + { + op = engine->get_key_agreement_op(key); + if(op) + break; + } + + if(op == 0) + throw Lookup_Error("PK_Key_Agreement: No working engine for " + + key.algo_name()); } SymmetricKey PK_Key_Agreement::derive_key(u32bit key_len, const byte in[], u32bit in_len, const byte params[], u32bit params_len) const { - OctetString z = key.derive_key(in, in_len); + SecureVector<byte> z = op->agree(in, in_len); + if(!kdf) return z; - return kdf->derive_key(key_len, z.bits_of(), params, params_len); + return kdf->derive_key(key_len, z, params, params_len); } } diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index 6d48faa4f..4d6490919 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -1,6 +1,6 @@ /* * Public Key Interface -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -9,6 +9,7 @@ #define BOTAN_PUBKEY_H__ #include <botan/pk_keys.h> +#include <botan/pk_ops.h> #include <botan/symkey.h> #include <botan/rng.h> #include <botan/eme.h> @@ -284,6 +285,23 @@ class BOTAN_DLL PK_Key_Agreement * @param in the other parties key * @param in_len the length of in in bytes * @param params extra derivation params + * @param params_len the length of params in bytes + */ + SymmetricKey derive_key(u32bit key_len, + const MemoryRegion<byte>& in, + const byte params[], + u32bit params_len) const + { + return derive_key(key_len, &in[0], in.size(), + params, params_len); + } + + /* + * Perform Key Agreement Operation + * @param key_len the desired key output size + * @param in the other parties key + * @param in_len the length of in in bytes + * @param params extra derivation params */ SymmetricKey derive_key(u32bit key_len, const byte in[], u32bit in_len, @@ -294,6 +312,21 @@ class BOTAN_DLL PK_Key_Agreement params.length()); } + /* + * Perform Key Agreement Operation + * @param key_len the desired key output size + * @param in the other parties key + * @param params extra derivation params + */ + SymmetricKey derive_key(u32bit key_len, + const MemoryRegion<byte>& in, + const std::string& params = "") const + { + return derive_key(key_len, &in[0], in.size(), + reinterpret_cast<const byte*>(params.data()), + params.length()); + } + /** * Construct a PK Key Agreement. * @param key the key to use @@ -301,12 +334,12 @@ class BOTAN_DLL PK_Key_Agreement */ PK_Key_Agreement(const PK_Key_Agreement_Key& key, KDF* kdf = 0); - ~PK_Key_Agreement() { delete kdf; } + ~PK_Key_Agreement() { delete op; delete kdf; } private: PK_Key_Agreement(const PK_Key_Agreement_Key&); PK_Key_Agreement& operator=(const PK_Key_Agreement&); - const PK_Key_Agreement_Key& key; + PK_Ops::KA_Operation* op; KDF* kdf; }; |