Coverage Report

Created: 2023-02-13 06:21

/src/botan/src/lib/pubkey/ecc_key/ecc_key.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* ECC Key implemenation
3
* (C) 2007 Manuel Hartl, FlexSecure GmbH
4
*          Falko Strenzke, FlexSecure GmbH
5
*     2008-2010 Jack Lloyd
6
*
7
* Botan is released under the Simplified BSD License (see license.txt)
8
*/
9
10
#include <botan/ecc_key.h>
11
#include <botan/numthry.h>
12
#include <botan/der_enc.h>
13
#include <botan/ber_dec.h>
14
#include <botan/secmem.h>
15
#include <botan/ec_point.h>
16
#include <botan/internal/workfactor.h>
17
18
namespace Botan {
19
20
size_t EC_PublicKey::key_length() const
21
0
   {
22
0
   return domain().get_p_bits();
23
0
   }
24
25
size_t EC_PublicKey::estimated_strength() const
26
0
   {
27
0
   return ecp_work_factor(key_length());
28
0
   }
29
30
namespace {
31
32
EC_Group_Encoding default_encoding_for(EC_Group& group)
33
21.1k
   {
34
21.1k
   if(group.get_curve_oid().empty())
35
393
      return EC_Group_Encoding::Explicit;
36
20.7k
   else
37
20.7k
      return EC_Group_Encoding::NamedCurve;
38
21.1k
   }
39
40
}
41
42
EC_PublicKey::EC_PublicKey(const EC_Group& dom_par,
43
                           const EC_Point& pub_point) :
44
   m_domain_params(dom_par),
45
   m_public_key(pub_point),
46
   m_domain_encoding(default_encoding_for(m_domain_params))
47
0
   {
48
#if 0
49
   if(domain().get_curve() != public_point().get_curve())
50
      throw Invalid_Argument("EC_PublicKey: curve mismatch in constructor");
51
#endif
52
0
   }
53
54
EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id,
55
                           const std::vector<uint8_t>& key_bits) :
56
   m_domain_params{EC_Group(alg_id.parameters())},
57
   m_public_key{domain().OS2ECP(key_bits)},
58
   m_domain_encoding(default_encoding_for(m_domain_params))
59
2.23k
   {
60
2.23k
   }
61
62
bool EC_PublicKey::check_key(RandomNumberGenerator& rng,
63
                             bool /*strong*/) const
64
0
   {
65
0
   return m_domain_params.verify_group(rng) &&
66
0
          m_domain_params.verify_public_element(public_point());
67
0
   }
68
69
70
AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const
71
0
   {
72
0
   return AlgorithmIdentifier(object_identifier(), DER_domain());
73
0
   }
74
75
std::vector<uint8_t> EC_PublicKey::public_key_bits() const
76
0
   {
77
0
   return public_point().encode(point_encoding());
78
0
   }
79
80
void EC_PublicKey::set_point_encoding(EC_Point::Compression_Type enc)
81
0
   {
82
0
   if(enc != EC_Point::COMPRESSED &&
83
0
      enc != EC_Point::UNCOMPRESSED &&
84
0
      enc != EC_Point::HYBRID)
85
0
      throw Invalid_Argument("Invalid point encoding for EC_PublicKey");
86
87
0
   m_point_encoding = enc;
88
0
   }
89
90
void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form)
91
0
   {
92
0
   if(form == EC_Group_Encoding::NamedCurve && m_domain_params.get_curve_oid().empty())
93
0
      throw Invalid_Argument("Cannot used NamedCurve encoding for a curve without an OID");
94
95
0
   m_domain_encoding = form;
96
0
   }
97
98
const BigInt& EC_PrivateKey::private_value() const
99
13.7k
   {
100
13.7k
   if(m_private_key == 0)
101
0
      throw Invalid_State("EC_PrivateKey::private_value - uninitialized");
102
103
13.7k
   return m_private_key;
104
13.7k
   }
105
106
/**
107
* EC_PrivateKey constructor
108
*/
109
EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng,
110
                             const EC_Group& ec_group,
111
                             const BigInt& x,
112
                             bool with_modular_inverse)
113
17.9k
   {
114
17.9k
   m_domain_params = ec_group;
115
17.9k
   m_domain_encoding = default_encoding_for(m_domain_params);
116
117
17.9k
   if(x == 0)
118
17.9k
      {
119
17.9k
      m_private_key = ec_group.random_scalar(rng);
120
17.9k
      }
121
0
   else
122
0
      {
123
0
      m_private_key = x;
124
0
      }
125
126
17.9k
   std::vector<BigInt> ws;
127
128
17.9k
   if(with_modular_inverse)
129
0
      {
130
      // ECKCDSA
131
0
      m_public_key = domain().blinded_base_point_multiply(
132
0
         m_domain_params.inverse_mod_order(m_private_key), rng, ws);
133
0
      }
134
17.9k
   else
135
17.9k
      {
136
17.9k
      m_public_key = domain().blinded_base_point_multiply(m_private_key, rng, ws);
137
17.9k
      }
138
139
17.9k
   BOTAN_ASSERT(m_public_key.on_the_curve(),
140
17.9k
                "Generated public key point was on the curve");
141
17.9k
   }
142
143
secure_vector<uint8_t> EC_PrivateKey::private_key_bits() const
144
0
   {
145
0
   return DER_Encoder()
146
0
      .start_sequence()
147
0
         .encode(static_cast<size_t>(1))
148
0
         .encode(BigInt::encode_1363(m_private_key, m_private_key.bytes()), ASN1_Type::OctetString)
149
0
         .start_explicit_context_specific(1)
150
0
            .encode(m_public_key.encode(EC_Point::Compression_Type::UNCOMPRESSED), ASN1_Type::BitString)
151
0
         .end_cons()
152
0
      .end_cons()
153
0
      .get_contents();
154
0
   }
155
156
EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,
157
                             const secure_vector<uint8_t>& key_bits,
158
                             bool with_modular_inverse)
159
2.80k
   {
160
2.80k
   m_domain_params = EC_Group(alg_id.parameters());
161
2.80k
   m_domain_encoding = default_encoding_for(m_domain_params);
162
163
2.80k
   OID key_parameters;
164
2.80k
   secure_vector<uint8_t> public_key_bits;
165
166
2.80k
   BER_Decoder(key_bits)
167
2.80k
      .start_sequence()
168
2.80k
         .decode_and_check<size_t>(1, "Unknown version code for ECC key")
169
2.80k
         .decode_octet_string_bigint(m_private_key)
170
2.80k
         .decode_optional(key_parameters, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific)
171
2.80k
         .decode_optional_string(public_key_bits, ASN1_Type::BitString, 1, ASN1_Class::ExplicitContextSpecific)
172
2.80k
      .end_cons();
173
174
2.80k
   if(public_key_bits.empty())
175
558
      {
176
558
      if(with_modular_inverse)
177
0
         {
178
         // ECKCDSA
179
0
         m_public_key = domain().get_base_point() * m_domain_params.inverse_mod_order(m_private_key);
180
0
         }
181
558
      else
182
558
         {
183
558
         m_public_key = domain().get_base_point() * m_private_key;
184
558
         }
185
186
558
      BOTAN_ASSERT(m_public_key.on_the_curve(),
187
558
                   "Public point derived from loaded key was on the curve");
188
558
      }
189
2.24k
   else
190
2.24k
      {
191
2.24k
      m_public_key = domain().OS2ECP(public_key_bits);
192
      // OS2ECP verifies that the point is on the curve
193
2.24k
      }
194
2.80k
   }
195
196
const BigInt& EC_PublicKey::get_int_field(const std::string& field) const
197
0
   {
198
0
   if(field == "public_x")
199
0
      {
200
0
      BOTAN_ASSERT_NOMSG(this->public_point().is_affine());
201
0
      return this->public_point().get_x();
202
0
      }
203
0
   else if(field == "public_y")
204
0
      {
205
0
      BOTAN_ASSERT_NOMSG(this->public_point().is_affine());
206
0
      return this->public_point().get_y();
207
0
      }
208
0
   else if(field == "base_x")
209
0
      return this->domain().get_g_x();
210
0
   else if(field == "base_y")
211
0
      return this->domain().get_g_y();
212
0
   else if(field == "p")
213
0
      return this->domain().get_p();
214
0
   else if(field == "a")
215
0
      return this->domain().get_a();
216
0
   else if(field == "b")
217
0
      return this->domain().get_b();
218
0
   else if(field == "cofactor")
219
0
      return this->domain().get_cofactor();
220
0
   else if(field == "order")
221
0
      return this->domain().get_order();
222
0
   else
223
0
      return Public_Key::get_int_field(field);
224
0
   }
225
226
const BigInt& EC_PrivateKey::get_int_field(const std::string& field) const
227
0
   {
228
0
   if(field == "x")
229
0
      return this->private_value();
230
0
   else
231
0
      return EC_PublicKey::get_int_field(field);
232
0
   }
233
234
}