diff --git a/doc/api_ref/ecc.rst b/doc/api_ref/ecc.rst index 2af2ef2cdf7..441cf6ba0dc 100644 --- a/doc/api_ref/ecc.rst +++ b/doc/api_ref/ecc.rst @@ -39,6 +39,16 @@ during common operations. Initialize an elliptic curve group from the relevant parameters. This is used for example to create custom (application-specific) curves. + .. warning:: + + Currently a cofactor > 1 is accepted. In the future only prime order + subgroups will be allowed. + + .. warning:: + + Currently primes of any size may be provided. In the + future the prime will be allowed to be at most 521 bits. + .. cpp:function:: EC_Group(const std::vector& ber_encoding) Initialize an ``EC_Group`` by decoding a DER encoded parameter block. @@ -52,14 +62,6 @@ during common operations. Return the PEM encoding of this group (base64 of DER encoding plus header/trailer). - .. cpp:function:: bool a_is_minus_3() const - - Return true if the ``a`` parameter is congruent to -3 mod p. - - .. cpp:function:: bool a_is_zero() const - - Return true if the ``a`` parameter is congruent to 0 mod p. - .. cpp:function:: size_t get_p_bits() const Return size of the prime in bits. @@ -108,6 +110,11 @@ during common operations. Return the cofactor of the curve. In most cases this will be 1. + .. warning:: + + In a future release all support for elliptic curves group with + a cofactor > 1 will be removed. + .. cpp:function:: BigInt mod_order(const BigInt& x) const Reduce argument ``x`` modulo the curve order. @@ -246,39 +253,3 @@ during common operations. .. cpp:function:: bool operator==(const EC_Point& other) const Point equality. This compares the affine representations. - - .. cpp:function:: void add(const EC_Point& other, std::vector& workspace) - - Point addition, taking a workspace. - - .. cpp:function:: void add_affine(const EC_Point& other, std::vector& workspace) - - Mixed (Jacobian+affine) addition, taking a workspace. - - .. warning:: - - This function assumes that ``other`` is affine, if this is - not correct the result will be invalid. - - .. cpp:function:: void mult2(std::vector& workspace) - - Point doubling. - - .. cpp:function:: void mult2i(size_t i, std::vector& workspace) - - Repeated point doubling. - - .. cpp:function:: EC_Point plus(const EC_Point& other, std::vector& workspace) const - - Point addition, returning the result. - - .. cpp:function:: EC_Point double_of(std::vector& workspace) const - - Point doubling, returning the result. - - .. cpp:function:: EC_Point zero() const - - Return the point at infinity - - - diff --git a/doc/deprecated.rst b/doc/deprecated.rst index 353d5bed8b2..45b91e2395b 100644 --- a/doc/deprecated.rst +++ b/doc/deprecated.rst @@ -81,6 +81,15 @@ elliptic curve points. "brainpool192r1", "brainpool224r1", "brainpool320r1", "x962_p192v2", "x962_p192v3", "x962_p239v1", "x962_p239v2", "x962_p239v3" +- Currently `EC_Point` offers a wide variety of functionality almost + all of which was intended only for internal implementation. In a + future release, the only operations available for EC_Points will be + to extract the byte encoding of their affine x and y coordinates. + +- Currently it is possible to create an EC_Group with cofactor > 1. + None of the builtin groups have composite order, and in the future + it will be impossible to create composite order EC_Groups. + Deprecated Modules ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 122c51a0443..a088753006a 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -362,7 +362,7 @@ class EC_Group_Info final : public Command { } void go() override { - Botan::EC_Group ec_group(get_arg("name")); + const auto ec_group = Botan::EC_Group::from_name(get_arg("name")); if(flag_set("pem")) { output() << ec_group.PEM_encode(); diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 8e4dac4a3f1..4d5fe411dc8 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -712,8 +712,6 @@ class Speed final : public Command { #if defined(BOTAN_HAS_ECC_GROUP) else if(algo == "ecc_mult") { bench_ecc_mult(ecc_groups, msec); - } else if(algo == "ecc_ops") { - bench_ecc_ops(ecc_groups, msec); } else if(algo == "ecc_init") { bench_ecc_init(ecc_groups, msec); } else if(algo == "os2ecp") { @@ -1074,42 +1072,13 @@ class Speed final : public Command { } #if defined(BOTAN_HAS_ECC_GROUP) - void bench_ecc_ops(const std::vector& groups, const std::chrono::milliseconds runtime) { - for(const std::string& group_name : groups) { - const Botan::EC_Group ec_group(group_name); - - auto add_timer = make_timer(group_name + " add"); - auto addf_timer = make_timer(group_name + " addf"); - auto dbl_timer = make_timer(group_name + " dbl"); - - const Botan::EC_Point& base_point = ec_group.get_base_point(); - - // create a non-affine point - const auto random_k = Botan::BigInt::from_u64(0x4E6F537465707E); - Botan::EC_Point non_affine_pt = ec_group.get_base_point() * random_k; - Botan::EC_Point pt = ec_group.get_base_point(); - - std::vector ws(Botan::EC_Point::WORKSPACE_SIZE); - - while(add_timer->under(runtime) && addf_timer->under(runtime) && dbl_timer->under(runtime)) { - dbl_timer->run([&]() { pt.mult2(ws); }); - add_timer->run([&]() { pt.add(non_affine_pt, ws); }); - addf_timer->run([&]() { pt.add_affine(base_point, ws); }); - } - - record_result(dbl_timer); - record_result(add_timer); - record_result(addf_timer); - } - } - void bench_ecc_init(const std::vector& groups, const std::chrono::milliseconds runtime) { for(std::string group_name : groups) { auto timer = make_timer(group_name + " initialization"); while(timer->under(runtime)) { Botan::EC_Group::clear_registered_curve_data(); - timer->run([&]() { Botan::EC_Group group(group_name); }); + timer->run([&]() { Botan::EC_Group::from_name(group_name); }); } record_result(timer); @@ -1118,7 +1087,7 @@ class Speed final : public Command { void bench_ecc_mult(const std::vector& groups, const std::chrono::milliseconds runtime) { for(const std::string& group_name : groups) { - const Botan::EC_Group ec_group(group_name); + const auto ec_group = Botan::EC_Group::from_name(group_name); auto mult_timer = make_timer(group_name + " Montgomery ladder"); auto blinded_mult_timer = make_timer(group_name + " blinded comb"); @@ -1155,7 +1124,7 @@ class Speed final : public Command { auto uncmp_timer = make_timer("OS2ECP uncompressed " + group_name); auto cmp_timer = make_timer("OS2ECP compressed " + group_name); - const Botan::EC_Group ec_group(group_name); + const auto ec_group = Botan::EC_Group::from_name(group_name); while(uncmp_timer->under(runtime) && cmp_timer->under(runtime)) { const Botan::BigInt k(rng(), 256); @@ -1180,7 +1149,7 @@ class Speed final : public Command { auto h2c_ro_timer = make_timer(group_name + "-RO", "", "hash to curve"); auto h2c_nu_timer = make_timer(group_name + "-NU", "", "hash to curve"); - const Botan::EC_Group group(group_name); + const auto group = Botan::EC_Group::from_name(group_name); while(h2c_ro_timer->under(runtime)) { std::vector input(32); @@ -1793,7 +1762,7 @@ class Speed final : public Command { const std::string& /*unused*/, std::chrono::milliseconds msec) { for(const std::string& group_name : groups) { - Botan::EC_Group group(group_name); + const auto group = Botan::EC_Group::from_name(group_name); auto recovery_timer = make_timer("ECDSA recovery " + group_name); while(recovery_timer->under(msec)) { diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index b1b5f60796f..849ee424533 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -260,7 +260,9 @@ class ECDSA_Timing_Test final : public Timing_Test { }; ECDSA_Timing_Test::ECDSA_Timing_Test(const std::string& ecgroup) : - m_group(ecgroup), m_privkey(timing_test_rng(), m_group), m_x(m_privkey.private_value()) { + m_group(Botan::EC_Group::from_name(ecgroup)), + m_privkey(timing_test_rng(), m_group), + m_x(m_privkey.private_value()) { m_b = m_group.random_scalar(timing_test_rng()); m_b_inv = m_group.inverse_mod_order(m_b); } @@ -296,7 +298,7 @@ ticks ECDSA_Timing_Test::measure_critical_function(const std::vector& i class ECC_Mul_Timing_Test final : public Timing_Test { public: - explicit ECC_Mul_Timing_Test(const std::string& ecgroup) : m_group(ecgroup) {} + explicit ECC_Mul_Timing_Test(const std::string& ecgroup) : m_group(Botan::EC_Group::from_name(ecgroup)) {} ticks measure_critical_function(const std::vector& input) override; diff --git a/src/examples/ecdh.cpp b/src/examples/ecdh.cpp index 93f5af86c6f..67e87251e82 100644 --- a/src/examples/ecdh.cpp +++ b/src/examples/ecdh.cpp @@ -10,7 +10,7 @@ int main() { Botan::AutoSeeded_RNG rng; // ec domain and KDF - Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); const std::string kdf = "KDF2(SHA-256)"; // the two parties generate ECDH keys diff --git a/src/examples/ecdsa.cpp b/src/examples/ecdsa.cpp index 536c53756f5..2dbdd3584a6 100644 --- a/src/examples/ecdsa.cpp +++ b/src/examples/ecdsa.cpp @@ -9,7 +9,8 @@ int main() { Botan::AutoSeeded_RNG rng; // Generate ECDSA keypair - Botan::ECDSA_PrivateKey key(rng, Botan::EC_Group("secp521r1")); + const auto group = Botan::EC_Group::from_name("secp521r1"); + Botan::ECDSA_PrivateKey key(rng, group); const std::string message("This is a tasty burger!"); diff --git a/src/examples/pkcs11_ecdh.cpp b/src/examples/pkcs11_ecdh.cpp index 0b856357a65..737082f34c4 100644 --- a/src/examples/pkcs11_ecdh.cpp +++ b/src/examples/pkcs11_ecdh.cpp @@ -28,7 +28,7 @@ int main() { Botan::AutoSeeded_RNG rng; // create private key in software - Botan::ECDH_PrivateKey priv_key_sw(rng, Botan::EC_Group("secp256r1")); + Botan::ECDH_PrivateKey priv_key_sw(rng, Botan::EC_Group::from_name("secp256r1")); priv_key_sw.set_parameter_encoding(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID); // set import properties @@ -81,13 +81,13 @@ int main() { Botan::PKCS11::PKCS11_ECDH_PrivateKey priv_key2( session, - Botan::EC_Group("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID), + Botan::EC_Group::from_name("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID), priv_generate_props); /************ generate ECDH key pair *************/ Botan::PKCS11::EC_PublicKeyGenerationProperties pub_generate_props( - Botan::EC_Group("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID)); + Botan::EC_Group::from_name("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID)); pub_generate_props.set_label(label + "_PUB_KEY"); pub_generate_props.set_token(true); diff --git a/src/examples/pkcs11_ecdsa.cpp b/src/examples/pkcs11_ecdsa.cpp index 0c0a1cfd851..6779b692380 100644 --- a/src/examples/pkcs11_ecdsa.cpp +++ b/src/examples/pkcs11_ecdsa.cpp @@ -27,7 +27,7 @@ int main() { // create private key in software Botan::AutoSeeded_RNG rng; - Botan::ECDSA_PrivateKey priv_key_sw(rng, Botan::EC_Group("secp256r1")); + Botan::ECDSA_PrivateKey priv_key_sw(rng, Botan::EC_Group::from_name("secp256r1")); priv_key_sw.set_parameter_encoding(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID); // set the private key import properties @@ -78,13 +78,13 @@ int main() { Botan::PKCS11::PKCS11_ECDSA_PrivateKey pk( session, - Botan::EC_Group("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID), + Botan::EC_Group::from_name("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID), priv_generate_props); /************ generate PKCS#11 ECDSA key pair *************/ Botan::PKCS11::EC_PublicKeyGenerationProperties pub_generate_props( - Botan::EC_Group("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID)); + Botan::EC_Group::from_name("secp256r1").DER_encode(Botan::EC_Group_Encoding::EC_DOMPAR_ENC_OID)); pub_generate_props.set_label("BOTAN_TEST_ECDSA_PUB_KEY"); pub_generate_props.set_token(true); diff --git a/src/examples/tls_custom_curves_client.cpp b/src/examples/tls_custom_curves_client.cpp index e3d10db1ef7..52d70f03e1c 100644 --- a/src/examples/tls_custom_curves_client.cpp +++ b/src/examples/tls_custom_curves_client.cpp @@ -1,3 +1,5 @@ +#define BOTAN_NO_DEPRECATED_WARNINGS + #include #include #include @@ -34,7 +36,7 @@ class Callbacks : public Botan::TLS::Callbacks { if(std::holds_alternative(group) && std::get(group) == Botan::TLS::Group_Params(0xFE00)) { // generate a private key of my custom curve - const Botan::EC_Group ec_group("numsp256d1"); + const auto ec_group = Botan::EC_Group::from_name("numsp256d1"); return std::make_unique(rng, ec_group); } else { // no custom curve used: up-call the default implementation @@ -51,7 +53,7 @@ class Callbacks : public Botan::TLS::Callbacks { if(std::holds_alternative(group) && std::get(group) == Botan::TLS::Group_Params(0xFE00)) { // perform a key agreement on my custom curve - const Botan::EC_Group ec_group("numsp256d1"); + const auto ec_group = Botan::EC_Group::from_name("numsp256d1"); Botan::ECDH_PublicKey peer_key(ec_group, ec_group.OS2ECP(public_value)); Botan::PK_Key_Agreement ka(private_key, rng, "Raw"); return ka.derive_key(0, peer_key.public_value()).bits_of(); diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index f285c98aad0..a9c35d28c7f 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -88,7 +88,7 @@ int privkey_load_ec(std::unique_ptr& key, const Botan::BigInt& s } Botan::Null_RNG null_rng; - Botan::EC_Group grp(curve_name); + const auto grp = Botan::EC_Group::from_name(curve_name); key.reset(new ECPrivateKey_t(null_rng, grp, scalar)); return BOTAN_FFI_SUCCESS; } @@ -102,7 +102,7 @@ int pubkey_load_ec(std::unique_ptr& key, return BOTAN_FFI_ERROR_NULL_POINTER; } - Botan::EC_Group grp(curve_name); + const auto grp = Botan::EC_Group::from_name(curve_name); Botan::EC_Point uncompressed_point = grp.point(public_x, public_y); key.reset(new ECPublicKey_t(grp, uncompressed_point)); return BOTAN_FFI_SUCCESS; diff --git a/src/lib/prov/pkcs11/p11_ecc_key.cpp b/src/lib/prov/pkcs11/p11_ecc_key.cpp index d4749e672a6..66264f980f0 100644 --- a/src/lib/prov/pkcs11/p11_ecc_key.cpp +++ b/src/lib/prov/pkcs11/p11_ecc_key.cpp @@ -102,7 +102,7 @@ PKCS11_EC_PrivateKey::PKCS11_EC_PrivateKey(Session& session, } size_t PKCS11_EC_PrivateKey::key_length() const { - return m_domain_params.get_order().bits(); + return m_domain_params.get_order_bits(); } std::vector PKCS11_EC_PrivateKey::public_key_bits() const { diff --git a/src/lib/prov/pkcs11/p11_ecdsa.cpp b/src/lib/prov/pkcs11/p11_ecdsa.cpp index e374463b644..f261be1b0ec 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.cpp +++ b/src/lib/prov/pkcs11/p11_ecdsa.cpp @@ -56,7 +56,7 @@ class PKCS11_ECDSA_Signature_Operation final : public PK_Ops::Signature { PKCS11_ECDSA_Signature_Operation(const PKCS11_ECDSA_PrivateKey& key, std::string_view hash) : PK_Ops::Signature(), m_key(key), - m_order(key.domain().get_order()), + m_order_bytes(key.domain().get_order_bytes()), m_mechanism(MechanismWrapper::create_ecdsa_mechanism(hash)), m_hash(hash) {} @@ -92,7 +92,7 @@ class PKCS11_ECDSA_Signature_Operation final : public PK_Ops::Signature { return signature; } - size_t signature_length() const override { return 2 * m_order.bytes(); } + size_t signature_length() const override { return 2 * m_order_bytes; } AlgorithmIdentifier algorithm_identifier() const override; @@ -100,7 +100,7 @@ class PKCS11_ECDSA_Signature_Operation final : public PK_Ops::Signature { private: const PKCS11_ECDSA_PrivateKey m_key; - const BigInt m_order; + const size_t m_order_bytes; MechanismWrapper m_mechanism; const std::string m_hash; secure_vector m_first_message; @@ -118,7 +118,6 @@ class PKCS11_ECDSA_Verification_Operation final : public PK_Ops::Verification { PKCS11_ECDSA_Verification_Operation(const PKCS11_ECDSA_PublicKey& key, std::string_view hash) : PK_Ops::Verification(), m_key(key), - m_order(key.domain().get_order()), m_mechanism(MechanismWrapper::create_ecdsa_mechanism(hash)), m_hash(hash) {} @@ -166,7 +165,6 @@ class PKCS11_ECDSA_Verification_Operation final : public PK_Ops::Verification { private: const PKCS11_ECDSA_PublicKey m_key; - const BigInt m_order; MechanismWrapper m_mechanism; const std::string m_hash; secure_vector m_first_message; diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h index e9e5a27011e..3fdfac91206 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.h +++ b/src/lib/prov/pkcs11/p11_ecdsa.h @@ -107,7 +107,7 @@ class BOTAN_PUBLIC_API(2, 0) PKCS11_ECDSA_PrivateKey final : public PKCS11_EC_Pr size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } /// @return the exported ECDSA private key ECDSA_PrivateKey export_key() const; diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index c6acb78cf20..fbb4f53f13c 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -21,7 +21,12 @@ namespace { class CurveGFp_Montgomery final : public CurveGFp_Repr { public: CurveGFp_Montgomery(const BigInt& p, const BigInt& a, const BigInt& b) : - m_p(p), m_a(a), m_b(b), m_p_words(m_p.sig_words()), m_p_dash(monty_inverse(m_p.word_at(0))) { + m_p(p), + m_a(a), + m_b(b), + m_p_bits(m_p.bits()), + m_p_words(m_p.sig_words()), + m_p_dash(monty_inverse(m_p.word_at(0))) { Modular_Reducer mod_p(m_p); m_r.set_bit(m_p_words * BOTAN_MP_WORD_BITS); @@ -54,7 +59,7 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr { bool is_one(const BigInt& x) const override { return x == m_r; } - size_t get_p_words() const override { return m_p_words; } + size_t get_p_bits() const override { return m_p_bits; } size_t get_ws_size() const override { return 2 * m_p_words; } @@ -73,6 +78,7 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr { BigInt m_p; BigInt m_a, m_b; BigInt m_a_r, m_b_r; + size_t m_p_bits; // cache of m_p.bits() size_t m_p_words; // cache of m_p.sig_words() // Montgomery parameters @@ -154,7 +160,11 @@ void CurveGFp_Montgomery::curve_sqr_words(BigInt& z, const word x[], size_t x_si class CurveGFp_NIST : public CurveGFp_Repr { public: CurveGFp_NIST(size_t p_bits, const BigInt& a, const BigInt& b) : - m_1(1), m_a(a), m_b(b), m_p_words((p_bits + BOTAN_MP_WORD_BITS - 1) / BOTAN_MP_WORD_BITS) { + m_1(1), + m_a(a), + m_b(b), + m_p_bits(p_bits), + m_p_words((p_bits + BOTAN_MP_WORD_BITS - 1) / BOTAN_MP_WORD_BITS) { // All Solinas prime curves are assumed a == -3 } @@ -168,7 +178,7 @@ class CurveGFp_NIST : public CurveGFp_Repr { const BigInt& get_1_rep() const override { return m_1; } - size_t get_p_words() const override { return m_p_words; } + size_t get_p_bits() const override { return m_p_bits; } size_t get_ws_size() const override { return 2 * m_p_words; } @@ -205,6 +215,7 @@ class CurveGFp_NIST : public CurveGFp_Repr { // Curve parameters BigInt m_1; BigInt m_a, m_b; + size_t m_p_bits; // cache of m_p.bits() size_t m_p_words; // cache of m_p.sig_words() }; @@ -562,19 +573,19 @@ BigInt CurveGFp_P521::invert_element(const BigInt& x, secure_vector& ws) c } // namespace std::shared_ptr CurveGFp::choose_repr(const BigInt& p, const BigInt& a, const BigInt& b) { - if(p == prime_p192()) { + if(p == prime_p192() && p == a + 3) { return std::make_shared(a, b); } - if(p == prime_p224()) { + if(p == prime_p224() && p == a + 3) { return std::make_shared(a, b); } - if(p == prime_p256()) { + if(p == prime_p256() && p == a + 3) { return std::make_shared(a, b); } - if(p == prime_p384()) { + if(p == prime_p384() && p == a + 3) { return std::make_shared(a, b); } - if(p == prime_p521()) { + if(p == prime_p521() && p == a + 3) { return std::make_shared(a, b); } diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index cf8f79c6aa1..0ff532590cd 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -22,11 +22,19 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr { public: virtual ~CurveGFp_Repr() = default; + friend class CurveGFp; + + protected: virtual const BigInt& get_p() const = 0; virtual const BigInt& get_a() const = 0; virtual const BigInt& get_b() const = 0; - virtual size_t get_p_words() const = 0; + size_t get_p_words() const { + const size_t W_bits = sizeof(word) * 8; + return (get_p_bits() + W_bits - 1) / W_bits; + } + + virtual size_t get_p_bits() const = 0; virtual size_t get_ws_size() const = 0; @@ -84,6 +92,29 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr { */ class BOTAN_UNSTABLE_API CurveGFp final { public: + /** + * @return curve coefficient a + */ + const BigInt& get_a() const { return m_repr->get_a(); } + + /** + * @return curve coefficient b + */ + const BigInt& get_b() const { return m_repr->get_b(); } + + /** + * Get prime modulus of the field of the curve + * @return prime modulus of the field of the curve + */ + const BigInt& get_p() const { return m_repr->get_p(); } + + private: + friend class EC_Point; + friend class EC_Group; + friend class EC_Group_Data; + friend class EC_Point_Base_Point_Precompute; + friend class EC_Point_Var_Point_Precompute; + /** * Create an uninitialized CurveGFp */ @@ -101,23 +132,11 @@ class BOTAN_UNSTABLE_API CurveGFp final { CurveGFp& operator=(const CurveGFp&) = default; - /** - * @return curve coefficient a - */ - const BigInt& get_a() const { return m_repr->get_a(); } - - /** - * @return curve coefficient b - */ - const BigInt& get_b() const { return m_repr->get_b(); } + size_t get_p_words() const { return m_repr->get_p_words(); } - /** - * Get prime modulus of the field of the curve - * @return prime modulus of the field of the curve - */ - const BigInt& get_p() const { return m_repr->get_p(); } + size_t get_p_bits() const { return m_repr->get_p_bits(); } - size_t get_p_words() const { return m_repr->get_p_words(); } + size_t get_p_bytes() const { return (get_p_bits() + 7) / 8; } size_t get_ws_size() const { return m_repr->get_ws_size(); } @@ -194,16 +213,14 @@ class BOTAN_UNSTABLE_API CurveGFp final { return (get_p() == other.get_p()) && (get_a() == other.get_a()) && (get_b() == other.get_b()); } + inline bool operator!=(const CurveGFp& other) const { return !((*this) == other); } + private: static std::shared_ptr choose_repr(const BigInt& p, const BigInt& a, const BigInt& b); std::shared_ptr m_repr; }; -inline bool operator!=(const CurveGFp& lhs, const CurveGFp& rhs) { - return !(lhs == rhs); -} - } // namespace Botan #endif diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index d8db6bae79c..cc8f1a7c98d 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -403,11 +403,33 @@ EC_Group::EC_Group(const EC_Group&) = default; EC_Group& EC_Group::operator=(const EC_Group&) = default; -EC_Group::EC_Group(const OID& domain_oid) { - this->m_data = ec_group_data().lookup(domain_oid); - if(!this->m_data) { - throw Invalid_Argument("Unknown EC_Group " + domain_oid.to_string()); +// Internal constructor +EC_Group::EC_Group(std::shared_ptr&& data) : m_data(std::move(data)) {} + +//static +EC_Group EC_Group::from_OID(const OID& oid) { + auto data = ec_group_data().lookup(oid); + + if(!data) { + throw Invalid_Argument(fmt("No EC_Group associated with OID '{}'", oid.to_string())); + } + + return EC_Group(std::move(data)); +} + +//static +EC_Group EC_Group::from_name(std::string_view name) { + std::shared_ptr data; + + if(auto oid = OID::from_name(name)) { + data = ec_group_data().lookup(oid.value()); + } + + if(!data) { + throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name)); } + + return EC_Group(std::move(data)); } EC_Group::EC_Group(std::string_view str) { @@ -439,7 +461,7 @@ EC_Group::EC_Group(std::string_view str) { } //static -EC_Group EC_Group::EC_Group_from_PEM(std::string_view pem) { +EC_Group EC_Group::from_PEM(std::string_view pem) { const auto ber = PEM_Code::decode_check_label(pem, "EC PARAMETERS"); return EC_Group(ber.data(), ber.size()); } @@ -533,6 +555,10 @@ BigInt EC_Group::square_mod_order(const BigInt& x) const { return data().square_mod_order(x); } +BigInt EC_Group::cube_mod_order(const BigInt& x) const { + return multiply_mod_order(x, square_mod_order(x)); +} + BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const { return data().multiply_mod_order(x, y); } diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index 472690536ff..1dec0cc7b8c 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -57,7 +57,16 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { * @param order the order of the base point * @param cofactor the cofactor * @param oid an optional OID used to identify this curve + * + * Warning: support for cofactors > 1 is deprecated and will be removed + * + * Warning: support for prime fields > 521 bits is deprecated and + * will be removed. + * + * Warning: Support for explicitly encoded curve parameters is deprecated. + * An OID must be assigned. */ + BOTAN_DEPRECATED("Explicit curves are deprecated. See Doxygen comment for related info") EC_Group(const BigInt& p, const BigInt& a, const BigInt& b, @@ -81,19 +90,36 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { * Create an EC domain by OID (or throw if unknown) * @param oid the OID of the EC domain to create */ - explicit EC_Group(const OID& oid); + BOTAN_DEPRECATED("Use EC_Group::from_OID") explicit EC_Group(const OID& oid) { *this = EC_Group::from_OID(oid); } /** * Create an EC domain from PEM encoding (as from PEM_encode), or * from an OID name (eg "secp256r1", or "1.2.840.10045.3.1.7") * @param pem_or_oid PEM-encoded data, or an OID - + * * @warning Support for PEM in this function is deprecated. Use - * EC_Group_from_PEM + * EC_Group::from_PEM or EC_Group::from_OID or EC_Group::from_name + */ + BOTAN_DEPRECATED("Use EC_Group::from_{name,OID,PEM}") explicit EC_Group(std::string_view pem_or_oid); + + /** + * Initialize an EC group from the PEM/ASN.1 encoding */ - explicit EC_Group(std::string_view pem_or_oid); + static EC_Group from_PEM(std::string_view pem); - static EC_Group EC_Group_from_PEM(std::string_view pem); + /** + * Initialize an EC group from a group named by an object identifier + */ + static EC_Group from_OID(const OID& oid); + + /** + * Initialize an EC group from a group common name (eg "secp256r1") + */ + static EC_Group from_name(std::string_view name); + + BOTAN_DEPRECATED("Use EC_Group::from_PEM") static EC_Group EC_Group_from_PEM(std::string_view pem) { + return EC_Group::from_PEM(pem); + } /** * Create an uninitialized EC_Group @@ -121,16 +147,6 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { */ std::string PEM_encode() const; - /** - * Return if a == -3 mod p - */ - bool a_is_minus_3() const; - - /** - * Return if a == 0 mod p - */ - bool a_is_zero() const; - /** * Return the size of p in bits (same as get_p().bits()) */ @@ -147,10 +163,24 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { size_t get_order_bits() const; /** - * Return the size of p in bytes (same as get_order().bytes()) + * Return the size of the group order in bytes (same as get_order().bytes()) */ size_t get_order_bytes() const; + /** + * Check if y is a plausible point on the curve + * + * In particular, checks that it is a point on the curve, not infinity, + * and that it has order matching the group. + */ + bool verify_public_element(const EC_Point& y) const; + + /** + * Return the OID of these domain parameters + * @result the OID + */ + const OID& get_curve_oid() const; + /** * Return the prime modulus of the field */ @@ -194,55 +224,6 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { */ const BigInt& get_cofactor() const; - /* - * Reduce x modulo the order - */ - BigInt mod_order(const BigInt& x) const; - - /* - * Return inverse of x modulo the order - */ - BigInt inverse_mod_order(const BigInt& x) const; - - /* - * Reduce (x*x) modulo the order - */ - BigInt square_mod_order(const BigInt& x) const; - - /* - * Reduce (x*y) modulo the order - */ - BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const; - - /* - * Reduce (x*y*z) modulo the order - */ - BigInt multiply_mod_order(const BigInt& x, const BigInt& y, const BigInt& z) const; - - /* - * Return x^3 modulo the order - */ - inline BigInt cube_mod_order(const BigInt& x) const { return multiply_mod_order(x, square_mod_order(x)); } - - /** - * Check if y is a plausible point on the curve - * - * In particular, checks that it is a point on the curve, not infinity, - * and that it has order matching the group. - */ - bool verify_public_element(const EC_Point& y) const; - - /** - * Return the OID of these domain parameters - * @result the OID - */ - const OID& get_curve_oid() const; - - /** - * Return a point on this curve with the affine values x, y - */ - EC_Point point(const BigInt& x, const BigInt& y) const; - /** * Multi exponentiate. Not constant time. * @return base_point*x + pt*y @@ -326,12 +307,10 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { bool random_oracle = true) const; /** - * Return the zero (or infinite) point on this curve + * OS2ECP (Octet String To Elliptic Curve Point) + * + * Deserialize a encoded point. Verifies that the point is on the curve. */ - EC_Point zero_point() const; - - size_t point_size(EC_Point_Format format) const; - EC_Point OS2ECP(const uint8_t bits[], size_t len) const; EC_Point OS2ECP(std::span encoded_point) const { @@ -363,6 +342,61 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { */ static const std::set& known_named_groups(); + // Everything below here will be removed in a future release: + + /** + * Return if a == -3 mod p + */ + BOTAN_DEPRECATED("Deprecated no replacement") bool a_is_minus_3() const; + + /** + * Return if a == 0 mod p + */ + BOTAN_DEPRECATED("Deprecated no replacement") bool a_is_zero() const; + + /* + * Reduce x modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") BigInt mod_order(const BigInt& x) const; + + /* + * Return inverse of x modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") BigInt inverse_mod_order(const BigInt& x) const; + + /* + * Reduce (x*x) modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") BigInt square_mod_order(const BigInt& x) const; + + /* + * Reduce (x*y) modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") BigInt multiply_mod_order(const BigInt& x, const BigInt& y) const; + + /* + * Reduce (x*y*z) modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") + BigInt multiply_mod_order(const BigInt& x, const BigInt& y, const BigInt& z) const; + + /* + * Return x^3 modulo the order + */ + BOTAN_DEPRECATED("Deprecated no replacement") BigInt cube_mod_order(const BigInt& x) const; + + /** + * Return a point on this curve with the affine values x, y + */ + BOTAN_DEPRECATED("Deprecated - use OS2ECP") EC_Point point(const BigInt& x, const BigInt& y) const; + + /** + * Return the zero (or infinite) point on this curve + */ + BOTAN_DEPRECATED("Deprecated no replacement") EC_Point zero_point() const; + + BOTAN_DEPRECATED("Just serialize the point and check") size_t point_size(EC_Point_Format format) const; + /* * For internal use only */ @@ -381,6 +415,8 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { private: static EC_Group_Data_Map& ec_group_data(); + EC_Group(std::shared_ptr&& data); + static std::pair, bool> BER_decode_EC_group(const uint8_t bits[], size_t len, EC_Group_Source source); diff --git a/src/lib/pubkey/ec_group/ec_point.cpp b/src/lib/pubkey/ec_group/ec_point.cpp index f57cd6f8718..09ac5684dd7 100644 --- a/src/lib/pubkey/ec_group/ec_point.cpp +++ b/src/lib/pubkey/ec_group/ec_point.cpp @@ -360,14 +360,12 @@ EC_Point& EC_Point::operator*=(const BigInt& scalar) { return *this; } -EC_Point operator*(const BigInt& scalar, const EC_Point& point) { - BOTAN_DEBUG_ASSERT(point.on_the_curve()); - +EC_Point EC_Point::mul(const BigInt& scalar) const { const size_t scalar_bits = scalar.bits(); std::vector ws(EC_Point::WORKSPACE_SIZE); - EC_Point R[2] = {point.zero(), point}; + EC_Point R[2] = {this->zero(), *this}; for(size_t i = scalar_bits; i > 0; i--) { const size_t b = scalar.get_bit(i - 1); @@ -466,6 +464,28 @@ bool EC_Point::is_affine() const { return m_curve.is_one(m_coord_z); } +secure_vector EC_Point::x_bytes() const { + const size_t p_bytes = m_curve.get_p_bytes(); + secure_vector b(p_bytes); + BigInt::encode_1363(b.data(), b.size(), this->get_affine_x()); + return b; +} + +secure_vector EC_Point::y_bytes() const { + const size_t p_bytes = m_curve.get_p_bytes(); + secure_vector b(p_bytes); + BigInt::encode_1363(b.data(), b.size(), this->get_affine_y()); + return b; +} + +secure_vector EC_Point::xy_bytes() const { + const size_t p_bytes = m_curve.get_p_bytes(); + secure_vector b(2 * p_bytes); + BigInt::encode_1363(&b[0], p_bytes, this->get_affine_x()); + BigInt::encode_1363(&b[p_bytes], p_bytes, this->get_affine_y()); + return b; +} + BigInt EC_Point::get_affine_x() const { if(is_zero()) { throw Invalid_State("Cannot convert zero point to affine"); @@ -682,4 +702,8 @@ std::pair OS2ECP( return std::make_pair(x, y); } +EC_Point OS2ECP(std::span data, const CurveGFp& curve) { + return OS2ECP(data.data(), data.size(), curve); +} + } // namespace Botan diff --git a/src/lib/pubkey/ec_group/ec_point.h b/src/lib/pubkey/ec_group/ec_point.h index 5bd2926dfcd..a6f3df2b336 100644 --- a/src/lib/pubkey/ec_group/ec_point.h +++ b/src/lib/pubkey/ec_group/ec_point.h @@ -32,6 +32,10 @@ enum class EC_Point_Format { */ class BOTAN_PUBLIC_API(2, 0) EC_Point final { public: + friend class EC_Point_Var_Point_Precompute; + friend class EC_Point_Multi_Point_Precompute; + friend class EC_Point_Base_Point_Precompute; + typedef EC_Point_Format Compression_Type; using enum EC_Point_Format; @@ -73,6 +77,19 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { return (*this); } + /** + * Point multiplication operator + * + * Simple unblinded Montgomery ladder + * + * Warning: prefer the functions on EC_Group such as + * blinded_var_point_multiply + * + * @param scalar the scalar value + * @return *this multiplied by the scalar value + */ + EC_Point mul(const BigInt& scalar) const; + /** * Construct a point from its affine coordinates * Prefer EC_Group::point(x,y) for this operation. @@ -121,68 +138,74 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { } /** - * get affine x coordinate - * @result affine x coordinate + * Force this point to affine coordinates */ - BigInt get_affine_x() const; + void force_affine(); /** - * get affine y coordinate - * @result affine y coordinate + * Force all points on the list to affine coordinates */ - BigInt get_affine_y() const; + static void force_all_affine(std::vector& points, secure_vector& ws); + + bool is_affine() const; /** - * Return the internal x coordinate - * - * Note this may be in Montgomery form + * Is this the point at infinity? + * @result true, if this point is at infinity, false otherwise. */ - const BigInt& get_x() const { return m_coord_x; } + bool is_zero() const { return m_coord_z.is_zero(); } /** - * Return the internal y coordinate - * - * Note this may be in Montgomery form + * Checks whether the point is to be found on the underlying + * curve; used to prevent fault attacks. + * @return if the point is on the curve */ - const BigInt& get_y() const { return m_coord_y; } + bool on_the_curve() const; /** - * Return the internal z coordinate - * - * Note this may be in Montgomery form + * Return the fixed length big endian encoding of x coordinate */ - const BigInt& get_z() const { return m_coord_z; } + secure_vector x_bytes() const; - void swap_coords(BigInt& new_x, BigInt& new_y, BigInt& new_z) { - m_coord_x.swap(new_x); - m_coord_y.swap(new_y); - m_coord_z.swap(new_z); - } + /** + * Return the fixed length big endian encoding of y coordinate + */ + secure_vector y_bytes() const; /** - * Force this point to affine coordinates + * Return the fixed length concatenation of the x and y coordinates */ - void force_affine(); + secure_vector xy_bytes() const; /** - * Force all points on the list to affine coordinates + * get affine x coordinate + * @result affine x coordinate */ - static void force_all_affine(std::vector& points, secure_vector& ws); + BigInt get_affine_x() const; - bool is_affine() const; + /** + * get affine y coordinate + * @result affine y coordinate + */ + BigInt get_affine_y() const; /** - * Is this the point at infinity? - * @result true, if this point is at infinity, false otherwise. + * Return the zero (aka infinite) point associated with this curve */ - bool is_zero() const { return m_coord_z.is_zero(); } + EC_Point zero() const { return EC_Point(m_curve); } /** - * Checks whether the point is to be found on the underlying - * curve; used to prevent fault attacks. - * @return if the point is on the curve + * Randomize the point representation + * The actual value (get_affine_x, get_affine_y) does not change */ - bool on_the_curve() const; + void randomize_repr(RandomNumberGenerator& rng); + + /** + * Equality operator + */ + bool operator==(const EC_Point& other) const; + + bool operator!=(const EC_Point& other) const { return !(*this == other); } /** * swaps the states of *this and other, does not throw! @@ -190,24 +213,56 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { */ void swap(EC_Point& other); - friend void swap(EC_Point& x, EC_Point& y) { x.swap(y); } +#if defined(BOTAN_DISABLE_DEPRECATED_FEATURES) + + private: +#endif /** - * Randomize the point representation - * The actual value (get_affine_x, get_affine_y) does not change + * Return the internal x coordinate + * + * Note this may be in Montgomery form */ - void randomize_repr(RandomNumberGenerator& rng); + BOTAN_DEPRECATED("Use affine coordinates only") + const BigInt& get_x() const { + return m_coord_x; + } /** - * Randomize the point representation - * The actual value (get_affine_x, get_affine_y) does not change + * Return the internal y coordinate + * + * Note this may be in Montgomery form */ - void randomize_repr(RandomNumberGenerator& rng, secure_vector& ws); + BOTAN_DEPRECATED("Use affine coordinates only") + const BigInt& get_y() const { + return m_coord_y; + } /** - * Equality operator + * Return the internal z coordinate + * + * Note this may be in Montgomery form */ - bool operator==(const EC_Point& other) const; + BOTAN_DEPRECATED("Use affine coordinates only") + const BigInt& get_z() const { + return m_coord_z; + } + + BOTAN_DEPRECATED("Deprecated no replacement") + + void swap_coords(BigInt& new_x, BigInt& new_y, BigInt& new_z) { + m_coord_x.swap(new_x); + m_coord_y.swap(new_y); + m_coord_z.swap(new_z); + } + + friend void swap(EC_Point& x, EC_Point& y) { x.swap(y); } + + /** + * Randomize the point representation + * The actual value (get_affine_x, get_affine_y) does not change + */ + void randomize_repr(RandomNumberGenerator& rng, secure_vector& ws); /** * Point addition @@ -312,11 +367,6 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { return x; } - /** - * Return the zero (aka infinite) point associated with this curve - */ - EC_Point zero() const { return EC_Point(m_curve); } - /** * Return base curve of this point * @result the curve over GF(p) of this point @@ -330,14 +380,6 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final { BigInt m_coord_x, m_coord_y, m_coord_z; }; -/** -* Point multiplication operator -* @param scalar the scalar value -* @param point the point value -* @return scalar*point on the curve -*/ -BOTAN_PUBLIC_API(2, 0) EC_Point operator*(const BigInt& scalar, const EC_Point& point); - /** * ECC point multiexponentiation - not constant time! * @param p1 a point @@ -349,11 +391,6 @@ BOTAN_PUBLIC_API(2, 0) EC_Point operator*(const BigInt& scalar, const EC_Point& BOTAN_PUBLIC_API(2, 0) EC_Point multi_exponentiate(const EC_Point& p1, const BigInt& z1, const EC_Point& p2, const BigInt& z2); -// relational operators -inline bool operator!=(const EC_Point& lhs, const EC_Point& rhs) { - return !(rhs == lhs); -} - // arithmetic operators inline EC_Point operator-(const EC_Point& lhs) { return EC_Point(lhs).negate(); @@ -370,13 +407,18 @@ inline EC_Point operator-(const EC_Point& lhs, const EC_Point& rhs) { } inline EC_Point operator*(const EC_Point& point, const BigInt& scalar) { - return scalar * point; + return point.mul(scalar); +} + +inline EC_Point operator*(const BigInt& scalar, const EC_Point& point) { + return point.mul(scalar); } /** * Perform point decoding * Use EC_Group::OS2ECP instead */ +BOTAN_DEPRECATED("Use EC_Group::OS2ECP") EC_Point BOTAN_PUBLIC_API(2, 0) OS2ECP(const uint8_t data[], size_t data_len, const CurveGFp& curve); /** @@ -389,14 +431,12 @@ EC_Point BOTAN_PUBLIC_API(2, 0) OS2ECP(const uint8_t data[], size_t data_len, co * @param curve_a the curve equation a parameter * @param curve_b the curve equation b parameter */ +BOTAN_DEPRECATED("Use EC_Group::OS2ECP") std::pair BOTAN_UNSTABLE_API -OS2ECP(const uint8_t data[], size_t data_len, const BigInt& curve_p, const BigInt& curve_a, const BigInt& curve_b); - -inline EC_Point OS2ECP(std::span data, const CurveGFp& curve) { - return OS2ECP(data.data(), data.size(), curve); -} + OS2ECP(const uint8_t data[], size_t data_len, const BigInt& curve_p, const BigInt& curve_a, const BigInt& curve_b); -class EC_Point_Var_Point_Precompute; +BOTAN_DEPRECATED("Use EC_Group::OS2ECP") +EC_Point BOTAN_UNSTABLE_API OS2ECP(std::span data, const CurveGFp& curve); // The name used for this type in older versions typedef EC_Point PointGFp; diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index e306e833ad5..6e996a3396d 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -27,17 +27,12 @@ EC_Point multi_exponentiate(const EC_Point& x, const BigInt& z1, const EC_Point& } EC_Point_Base_Point_Precompute::EC_Point_Base_Point_Precompute(const EC_Point& base, const Modular_Reducer& mod_order) : - m_base_point(base), m_mod_order(mod_order), m_p_words(base.get_curve().get_p().sig_words()) { + m_base_point(base), m_mod_order(mod_order), m_p_words(base.get_curve().get_p_words()) { std::vector ws(EC_Point::WORKSPACE_SIZE); - const size_t p_bits = base.get_curve().get_p().bits(); + const size_t order_bits = mod_order.get_modulus().bits(); - /* - * Some of the curves (eg secp160k1) have an order slightly larger than - * the size of the prime modulus. In all cases they are at most 1 bit - * longer. The +1 compensates for this. - */ - const size_t T_bits = round_up(p_bits + blinding_size(mod_order.get_modulus()) + 1, WINDOW_BITS) / WINDOW_BITS; + const size_t T_bits = round_up(order_bits + blinding_size(mod_order.get_modulus()), WINDOW_BITS) / WINDOW_BITS; std::vector T(WINDOW_SIZE * T_bits); @@ -166,7 +161,7 @@ EC_Point EC_Point_Base_Point_Precompute::mul(const BigInt& k, EC_Point_Var_Point_Precompute::EC_Point_Var_Point_Precompute(const EC_Point& point, RandomNumberGenerator& rng, std::vector& ws) : - m_curve(point.get_curve()), m_p_words(m_curve.get_p().sig_words()), m_window_bits(4) { + m_curve(point.get_curve()), m_p_words(m_curve.get_p_words()), m_window_bits(4) { if(ws.size() < EC_Point::WORKSPACE_SIZE) { ws.resize(EC_Point::WORKSPACE_SIZE); } @@ -182,32 +177,9 @@ EC_Point_Var_Point_Precompute::EC_Point_Var_Point_Precompute(const EC_Point& poi // Hack to handle Blinded_Point_Multiply if(rng.is_seeded()) { - BigInt& mask = ws[0]; - BigInt& mask2 = ws[1]; - BigInt& mask3 = ws[2]; - BigInt& new_x = ws[3]; - BigInt& new_y = ws[4]; - BigInt& new_z = ws[5]; - secure_vector& tmp = ws[6].get_word_vector(); - - const CurveGFp& curve = U[0].get_curve(); - - const size_t p_bits = curve.get_p().bits(); - // Skipping zero point since it can't be randomized for(size_t i = 1; i != U.size(); ++i) { - mask.randomize(rng, p_bits - 1, false); - // Easy way of ensuring mask != 0 - mask.set_bit(0); - - curve.sqr(mask2, mask, tmp); - curve.mul(mask3, mask, mask2, tmp); - - curve.mul(new_x, U[i].get_x(), mask2, tmp); - curve.mul(new_y, U[i].get_y(), mask3, tmp); - curve.mul(new_z, U[i].get_z(), mask, tmp); - - U[i].swap_coords(new_x, new_y, new_z); + U[i].randomize_repr(rng); } } diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 243243962ba..651b4650104 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -172,13 +172,7 @@ bool EC_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const { } const BigInt& EC_PublicKey::get_int_field(std::string_view field) const { - if(field == "public_x") { - BOTAN_ASSERT_NOMSG(this->public_point().is_affine()); - return this->public_point().get_x(); - } else if(field == "public_y") { - BOTAN_ASSERT_NOMSG(this->public_point().is_affine()); - return this->public_point().get_y(); - } else if(field == "base_x") { + if(field == "base_x") { return this->domain().get_g_x(); } else if(field == "base_y") { return this->domain().get_g_y(); diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 8c99c02e20d..d059aa56aaf 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -41,7 +41,7 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { if(S.on_the_curve() == false) { throw Internal_Error("ECDH agreed value was not on the curve"); } - return BigInt::encode_1363(S.get_affine_x(), m_group.get_p_bytes()); + return S.x_bytes(); } private: diff --git a/src/lib/pubkey/ecdsa/ecdsa.h b/src/lib/pubkey/ecdsa/ecdsa.h index 34282d8e268..9376938a9d9 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.h +++ b/src/lib/pubkey/ecdsa/ecdsa.h @@ -54,7 +54,7 @@ class BOTAN_PUBLIC_API(2, 0) ECDSA_PublicKey : public virtual EC_PublicKey { size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } bool supports_operation(PublicKeyOperation op) const override { return (op == PublicKeyOperation::Signature); } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.h b/src/lib/pubkey/ecgdsa/ecgdsa.h index 8225fd5e519..7b176c6c173 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.h +++ b/src/lib/pubkey/ecgdsa/ecgdsa.h @@ -40,7 +40,7 @@ class BOTAN_PUBLIC_API(2, 0) ECGDSA_PublicKey : public virtual EC_PublicKey { size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } std::unique_ptr generate_another(RandomNumberGenerator& rng) const final; diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index db29df22b75..ef8fee90dd0 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -75,7 +75,7 @@ class ECIES_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { if(S.on_the_curve() == false) { throw Internal_Error("ECDH agreed value was not on the curve"); } - return BigInt::encode_1363(S.get_affine_x(), group.get_p_bytes()); + return S.x_bytes(); } private: @@ -159,7 +159,7 @@ SymmetricKey ECIES_KA_Operation::derive_secret(const std::vector& eph_p // Note: the argument `m_params.secret_length()` passed for `key_len` will only be used by providers because // "Raw" is passed to the `PK_Key_Agreement` if the implementation of botan is used. const SymmetricKey peh = - m_ka.derive_key(m_params.domain().get_order().bytes(), other_public_key_bin.data(), other_public_key_bin.size()); + m_ka.derive_key(m_params.domain().get_order_bytes(), other_public_key_bin.data(), other_public_key_bin.size()); derivation_input.insert(derivation_input.end(), peh.begin(), peh.end()); // ISO 18033: encryption step g / decryption step i diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index 5c307621421..d7f0f235437 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -72,13 +72,13 @@ std::unique_ptr eckcdsa_signature_hash(const AlgorithmIdentifier& return HashFunction::create_or_throw(oid_info[1]); } -std::vector eckcdsa_prefix(const PointGFp& point, size_t order_bytes, size_t hash_block_size) { - const BigInt public_x = point.get_affine_x(); - const BigInt public_y = point.get_affine_y(); +std::vector eckcdsa_prefix(const EC_Point& point, size_t hash_block_size) { + const auto public_x = point.x_bytes(); + const auto public_y = point.y_bytes(); - std::vector prefix(2 * order_bytes); - BigInt::encode_1363(&prefix[0], order_bytes, public_x); - BigInt::encode_1363(&prefix[order_bytes], order_bytes, public_y); + std::vector prefix(public_x.size() + public_y.size()); + copy_mem(&prefix[0], public_x.data(), public_x.size()); + copy_mem(&prefix[public_x.size()], public_y.data(), public_y.size()); // Either truncate or zero-extend to match the hash block size prefix.resize(hash_block_size); @@ -126,7 +126,7 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature { m_x(eckcdsa.private_value()), m_hash(eckcdsa_signature_hash(padding)), m_prefix_used(false) { - m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_group.get_order_bytes(), m_hash->hash_block_size()); + m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_hash->hash_block_size()); } void update(const uint8_t msg[], size_t msg_len) override { @@ -173,15 +173,12 @@ secure_vector ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[] const BigInt k = m_group.random_scalar(rng); const BigInt k_times_P_x = m_group.blinded_base_point_multiply_x(k, rng, m_ws); - secure_vector to_be_hashed(k_times_P_x.bytes()); - k_times_P_x.binary_encode(to_be_hashed.data()); - auto hash = m_hash->new_object(); - hash->update(to_be_hashed); + hash->update(BigInt::encode_1363(k_times_P_x, m_group.get_order_bytes())); secure_vector c = hash->final(); truncate_hash_if_needed(c, m_group.get_order_bytes()); - const BigInt r(c.data(), c.size()); + const auto r = c; BOTAN_ASSERT_NOMSG(msg_len == c.size()); xor_buf(c, msg, c.size()); @@ -193,7 +190,7 @@ secure_vector ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[] throw Internal_Error("During ECKCDSA signature generation created zero s"); } - secure_vector output = BigInt::encode_1363(r, c.size()); + secure_vector output = r; output += BigInt::encode_1363(s, m_group.get_order_bytes()); return output; } @@ -208,7 +205,7 @@ class ECKCDSA_Verification_Operation final : public PK_Ops::Verification { m_gy_mul(m_group.get_base_point(), eckcdsa.public_point()), m_hash(eckcdsa_signature_hash(padding)), m_prefix_used(false) { - m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_group.get_order_bytes(), m_hash->hash_block_size()); + m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_hash->hash_block_size()); } ECKCDSA_Verification_Operation(const ECKCDSA_PublicKey& eckcdsa, const AlgorithmIdentifier& alg_id) : @@ -216,7 +213,7 @@ class ECKCDSA_Verification_Operation final : public PK_Ops::Verification { m_gy_mul(m_group.get_base_point(), eckcdsa.public_point()), m_hash(eckcdsa_signature_hash(alg_id)), m_prefix_used(false) { - m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_group.get_order_bytes(), m_hash->hash_block_size()); + m_prefix = eckcdsa_prefix(eckcdsa.public_point(), m_hash->hash_block_size()); } void update(const uint8_t msg[], size_t msg_len) override; @@ -279,9 +276,7 @@ bool ECKCDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len, return false; } - const BigInt q_x = q.get_affine_x(); - secure_vector c(q_x.bytes()); - q_x.binary_encode(c.data()); + const auto c = q.x_bytes(); auto c_hash = m_hash->new_object(); c_hash->update(c.data(), c.size()); secure_vector v = c_hash->final(); diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.h b/src/lib/pubkey/eckcdsa/eckcdsa.h index 5a9d2950e3e..365481539df 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.h +++ b/src/lib/pubkey/eckcdsa/eckcdsa.h @@ -39,7 +39,7 @@ class BOTAN_PUBLIC_API(2, 0) ECKCDSA_PublicKey : public virtual EC_PublicKey { size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } std::unique_ptr generate_another(RandomNumberGenerator& rng) const final; diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 958a87071b7..99439fd89d4 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -19,17 +19,11 @@ namespace Botan { std::vector GOST_3410_PublicKey::public_key_bits() const { - const BigInt x = public_point().get_affine_x(); - const BigInt y = public_point().get_affine_y(); + auto bits = public_point().xy_bytes(); - const size_t part_size = domain().get_p_bytes(); - - std::vector bits(2 * part_size); - - x.binary_encode(&bits[part_size - x.bytes()]); - y.binary_encode(&bits[2 * part_size - y.bytes()]); + const size_t part_size = bits.size() / 2; - // Keys are stored in little endian format (WTF) + // GOST keys are stored in little endian format (WTF) for(size_t i = 0; i != part_size / 2; ++i) { std::swap(bits[i], bits[part_size - 1 - i]); std::swap(bits[part_size + i], bits[2 * part_size - 1 - i]); @@ -67,7 +61,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, std: // The parameters also includes hash and cipher OIDs BER_Decoder(alg_id.parameters()).start_sequence().decode(ecc_param_id); - m_domain_params = EC_Group(ecc_param_id); + m_domain_params = EC_Group::from_OID(ecc_param_id); const size_t p_bits = m_domain_params.get_p_bits(); if(p_bits != 256 && p_bits != 512) { diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h index fa2c362c8cb..74283ff83fb 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.h +++ b/src/lib/pubkey/gost_3410/gost_3410.h @@ -46,7 +46,7 @@ class BOTAN_PUBLIC_API(2, 0) GOST_3410_PublicKey : public virtual EC_PublicKey { size_t message_parts() const override { return 2; } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } Signature_Format default_x509_signature_format() const override { return Signature_Format::Standard; } diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index de9be217168..6de19923d28 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -543,7 +543,7 @@ std::unique_ptr create_private_key(std::string_view alg_name, return "secp256r1"; }(); - const EC_Group ec_group(group_id); + auto ec_group = EC_Group::from_name(group_id); return create_ec_private_key(alg_name, ec_group, rng); } #endif diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 246c044e795..e5fe9f8847f 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -75,8 +75,7 @@ std::vector sm2_compute_za(HashFunction& hash, hash.update(BigInt::encode_1363(domain.get_b(), p_bytes)); hash.update(BigInt::encode_1363(domain.get_g_x(), p_bytes)); hash.update(BigInt::encode_1363(domain.get_g_y(), p_bytes)); - hash.update(BigInt::encode_1363(pubkey.get_affine_x(), p_bytes)); - hash.update(BigInt::encode_1363(pubkey.get_affine_y(), p_bytes)); + hash.update(pubkey.xy_bytes()); std::vector za(hash.output_length()); hash.final(za.data()); @@ -144,7 +143,7 @@ secure_vector SM2_Signature_Operation::sign(RandomNumberGenerator& rng) const BigInt r = m_group.mod_order(m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e); const BigInt s = m_group.multiply_mod_order(m_da_inv, m_group.mod_order(k - r * m_x)); - return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order().bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order_bytes()); } /** @@ -195,7 +194,7 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t m_digest.clear(); } - if(sig_len != m_group.get_order().bytes() * 2) { + if(sig_len != m_group.get_order_bytes() * 2) { return false; } diff --git a/src/lib/pubkey/sm2/sm2.h b/src/lib/pubkey/sm2/sm2.h index 92d82d096bb..ef9d3061aef 100644 --- a/src/lib/pubkey/sm2/sm2.h +++ b/src/lib/pubkey/sm2/sm2.h @@ -46,7 +46,7 @@ class BOTAN_PUBLIC_API(2, 2) SM2_PublicKey : public virtual EC_PublicKey { return (op == PublicKeyOperation::Signature || op == PublicKeyOperation::Encryption); } - size_t message_part_size() const override { return domain().get_order().bytes(); } + size_t message_part_size() const override { return domain().get_order_bytes(); } std::unique_ptr create_verification_op(std::string_view params, std::string_view provider) const override; diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index cb852e0d65d..7e9642c733b 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -45,26 +45,16 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { } secure_vector encrypt(const uint8_t msg[], size_t msg_len, RandomNumberGenerator& rng) override { - const size_t p_bytes = m_group.get_p_bytes(); - const BigInt k = m_group.random_scalar(rng); const EC_Point C1 = m_group.blinded_base_point_multiply(k, rng, m_ws); const BigInt x1 = C1.get_affine_x(); const BigInt y1 = C1.get_affine_y(); - std::vector x1_bytes(p_bytes); - std::vector y1_bytes(p_bytes); - BigInt::encode_1363(x1_bytes.data(), x1_bytes.size(), x1); - BigInt::encode_1363(y1_bytes.data(), y1_bytes.size(), y1); const EC_Point kPB = m_mul_public_point.mul(k, rng, m_group.get_order(), m_ws); - const BigInt x2 = kPB.get_affine_x(); - const BigInt y2 = kPB.get_affine_y(); - std::vector x2_bytes(p_bytes); - std::vector y2_bytes(p_bytes); - BigInt::encode_1363(x2_bytes.data(), x2_bytes.size(), x2); - BigInt::encode_1363(y2_bytes.data(), y2_bytes.size(), y2); + const auto x2_bytes = kPB.x_bytes(); + const auto y2_bytes = kPB.y_bytes(); secure_vector kdf_input; kdf_input += x2_bytes; @@ -72,7 +62,7 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { const secure_vector kdf_output = m_kdf->derive_key(msg_len, kdf_input.data(), kdf_input.size()); - secure_vector masked_msg(msg_len); + std::vector masked_msg(msg_len); xor_buf(masked_msg.data(), msg, kdf_output.data(), msg_len); m_hash->update(x2_bytes); @@ -180,13 +170,8 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption { const EC_Point dbC1 = group.blinded_var_point_multiply(C1, m_key.private_value(), m_rng, m_ws); - const BigInt x2 = dbC1.get_affine_x(); - const BigInt y2 = dbC1.get_affine_y(); - - secure_vector x2_bytes(p_bytes); - secure_vector y2_bytes(p_bytes); - BigInt::encode_1363(x2_bytes.data(), x2_bytes.size(), x2); - BigInt::encode_1363(y2_bytes.data(), y2_bytes.size(), y2); + const auto x2_bytes = dbC1.x_bytes(); + const auto y2_bytes = dbC1.y_bytes(); secure_vector kdf_input; kdf_input += x2_bytes; diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index ad10d97372b..db23dfa1313 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -268,7 +268,7 @@ std::unique_ptr TLS::Callbacks::tls_generate_ephemeral_key const auto group_params = std::get(group); if(group_params.is_ecdh_named_curve()) { - const EC_Group ec_group(group_params.to_string().value()); + const auto ec_group = EC_Group::from_name(group_params.to_string().value()); return std::make_unique(rng, ec_group); } @@ -329,7 +329,7 @@ secure_vector TLS::Callbacks::tls_ephemeral_key_agreement( const auto group_params = std::get(group); if(group_params.is_ecdh_named_curve()) { - const EC_Group ec_group(group_params.to_string().value()); + const auto ec_group = EC_Group::from_name(group_params.to_string().value()); ECDH_PublicKey peer_key(ec_group, ec_group.OS2ECP(public_value)); policy.check_peer_key_acceptable(peer_key); diff --git a/src/lib/tls/tls_signature_scheme.cpp b/src/lib/tls/tls_signature_scheme.cpp index dde09492ca7..f13512a257b 100644 --- a/src/lib/tls/tls_signature_scheme.cpp +++ b/src/lib/tls/tls_signature_scheme.cpp @@ -198,11 +198,11 @@ AlgorithmIdentifier Signature_Scheme::key_algorithm_identifier() const noexcept switch(m_code) { // case ECDSA_SHA1: not defined case ECDSA_SHA256: - return {"ECDSA", EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)}; + return {"ECDSA", EC_Group::from_name("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)}; case ECDSA_SHA384: - return {"ECDSA", EC_Group("secp384r1").DER_encode(EC_Group_Encoding::NamedCurve)}; + return {"ECDSA", EC_Group::from_name("secp384r1").DER_encode(EC_Group_Encoding::NamedCurve)}; case ECDSA_SHA512: - return {"ECDSA", EC_Group("secp521r1").DER_encode(EC_Group_Encoding::NamedCurve)}; + return {"ECDSA", EC_Group::from_name("secp521r1").DER_encode(EC_Group_Encoding::NamedCurve)}; case EDDSA_25519: return {"Ed25519", AlgorithmIdentifier::USE_EMPTY_PARAM}; diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index fe9ec7cea36..1c224227f80 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -1596,7 +1596,7 @@ def cli_speed_math_tests(_tmp_dir): # these all have a common output format math_ops = ['mp_mul', 'mp_div', 'mp_div10', 'modexp', 'random_prime', 'inverse_mod', 'rfc3394', 'fpe_fe1', 'ecdsa_recovery', 'ecc_init', 'poly_dbl', - 'bn_redc', 'nistp_redc', 'ecc_mult', 'ecc_ops', 'os2ecp', 'primality_test'] + 'bn_redc', 'nistp_redc', 'ecc_mult', 'os2ecp', 'primality_test'] format_re = re.compile(r'^.* [0-9]+ /sec; [0-9]+\.[0-9]+ ms/op .*\([0-9]+ (op|ops) in [0-9]+(\.[0-9]+)? ms\)') for op in math_ops: diff --git a/src/tests/test_ec_group.cpp b/src/tests/test_ec_group.cpp index 2ddae62b5e1..cdd0993f71e 100644 --- a/src/tests/test_ec_group.cpp +++ b/src/tests/test_ec_group.cpp @@ -101,7 +101,7 @@ std::vector ECC_Randomized_Tests::run() { result.start_timer(); - Botan::EC_Group group(group_name); + auto group = Botan::EC_Group::from_name(group_name); const Botan::EC_Point pt = create_random_point(this->rng(), group); const Botan::BigInt& group_order = group.get_order(); @@ -241,9 +241,7 @@ class EC_Group_Tests : public Test { for(const std::string& group_name : Botan::EC_Group::known_named_groups()) { Test::Result result("EC_Group " + group_name); - const Botan::OID oid = Botan::OID::from_string(group_name); - - const Botan::EC_Group group(oid); + const auto group = Botan::EC_Group::from_name(group_name); result.confirm("EC_Group is known", !group.get_curve_oid().empty()); result.confirm("EC_Group is considered valid", group.verify_group(this->rng(), true)); @@ -253,9 +251,11 @@ class EC_Group_Tests : public Test { result.test_eq("EC_Group has byte size", group.get_p().bytes(), group.get_p_bytes()); const Botan::OID from_order = Botan::EC_Group::EC_group_identity_from_order(group.get_order()); - result.test_eq("EC_group_identity_from_order works", from_order.to_string(), oid.to_string()); - result.confirm("Same group is same", group == Botan::EC_Group(group_name)); + result.test_eq( + "EC_group_identity_from_order works", from_order.to_string(), group.get_curve_oid().to_string()); + + result.confirm("Same group is same", group == Botan::EC_Group::from_name(group_name)); const Botan::EC_Group copy(group.get_p(), group.get_a(), @@ -410,11 +410,11 @@ BOTAN_REGISTER_TEST("pubkey", "ec_group", EC_Group_Tests); Test::Result test_decoding_with_seed() { Test::Result result("ECC Unit"); - Botan::EC_Group secp384r1_with_seed(Test::read_data_file("x509/ecc/secp384r1_seed.pem")); + const auto secp384r1_with_seed = Botan::EC_Group::from_PEM(Test::read_data_file("x509/ecc/secp384r1_seed.pem")); result.confirm("decoding worked", secp384r1_with_seed.initialized()); - Botan::EC_Group secp384r1("secp384r1"); + const auto secp384r1 = Botan::EC_Group::from_name("secp384r1"); result.test_eq("P-384 prime", secp384r1_with_seed.get_p(), secp384r1.get_p()); @@ -428,7 +428,7 @@ Test::Result test_coordinates() { const Botan::BigInt exp_affine_y("1373093393927139016463695321221277758035357890939"); // precalculation - const Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const Botan::EC_Point& p_G = secp160r1.get_base_point(); const Botan::EC_Point point_exp = secp160r1.point(exp_affine_x, exp_affine_y); @@ -454,7 +454,7 @@ Section 2.1.2 Test::Result test_point_mult() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const Botan::EC_Point& p_G = secp160r1.get_base_point(); Botan::BigInt d_U("0xaa374ffc3ce144e6b073307972cb6d57b2a4e982"); @@ -468,7 +468,7 @@ Test::Result test_point_mult() { Test::Result test_point_negative() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const Botan::EC_Point& p_G = secp160r1.get_base_point(); const Botan::EC_Point p1 = p_G * 2; @@ -486,7 +486,7 @@ Test::Result test_point_negative() { Test::Result test_mult_point() { Test::Result result("ECC Unit"); - Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const Botan::EC_Point& p_G = secp160r1.get_base_point(); const Botan::EC_Point& p0 = p_G; @@ -505,8 +505,8 @@ Test::Result test_mult_point() { Test::Result test_mixed_points() { Test::Result result("ECC Unit"); - Botan::EC_Group secp256r1("secp256r1"); - Botan::EC_Group secp384r1("secp384r1"); + const auto secp256r1 = Botan::EC_Group::from_name("secp256r1"); + const auto secp384r1 = Botan::EC_Group::from_name("secp384r1"); const Botan::EC_Point& G256 = secp256r1.get_base_point(); const Botan::EC_Point& G384 = secp384r1.get_base_point(); @@ -519,7 +519,7 @@ Test::Result test_basic_operations() { Test::Result result("ECC Unit"); // precalculation - Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const Botan::EC_Point& p_G = secp160r1.get_base_point(); const Botan::EC_Point& p0 = p_G; @@ -554,7 +554,7 @@ Test::Result test_enc_dec_compressed_160() { Test::Result result("ECC Unit"); // Test for compressed conversion (02/03) 160bit - Botan::EC_Group secp160r1("secp160r1"); + const auto secp160r1 = Botan::EC_Group::from_name("secp160r1"); const std::vector G_comp = Botan::hex_decode("024A96B5688EF573284664698968C38BB913CBFC82"); const Botan::EC_Point p = secp160r1.OS2ECP(G_comp); const std::vector sv_result = p.encode(Botan::EC_Point_Format::Compressed); @@ -566,7 +566,7 @@ Test::Result test_enc_dec_compressed_160() { Test::Result test_enc_dec_compressed_256() { Test::Result result("ECC Unit"); - Botan::EC_Group group("secp256r1"); + const auto group = Botan::EC_Group::from_name("secp256r1"); const std::string G_secp_comp = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; const std::vector sv_G_secp_comp = Botan::hex_decode(G_secp_comp); @@ -617,7 +617,7 @@ Test::Result test_enc_dec_uncompressed_521() { const std::vector sv_G_secp_uncomp = Botan::hex_decode(G_secp_uncomp); - Botan::EC_Group group("secp521r1"); + const auto group = Botan::EC_Group::from_name("secp521r1"); Botan::EC_Point p_G = group.OS2ECP(sv_G_secp_uncomp); @@ -644,7 +644,7 @@ Test::Result test_ecc_registration() { // Creating this object implicitly registers the curve for future use ... Botan::EC_Group reg_group(p, a, b, g_x, g_y, order, 1, oid); - Botan::EC_Group group(oid); + auto group = Botan::EC_Group::from_OID(oid); result.test_eq("Group registration worked", group.get_p(), p); @@ -720,12 +720,12 @@ Test::Result test_ec_group_duplicate_orders() { result.confirm("Group has correct OID", reg_group.get_curve_oid() == oid); // We can now get it by OID: - Botan::EC_Group hc_group(oid); + const auto hc_group = Botan::EC_Group::from_OID(oid); result.confirm("Group has correct OID", hc_group.get_curve_oid() == oid); // Existing secp160r1 unmodified: const Botan::OID secp160r1("1.3.132.0.8"); - Botan::EC_Group other_group(secp160r1); + const auto other_group = Botan::EC_Group::from_OID(secp160r1); result.confirm("Group has correct OID", other_group.get_curve_oid() == secp160r1); return result; diff --git a/src/tests/test_ecc_h2c.cpp b/src/tests/test_ecc_h2c.cpp index f9b208112ba..107b344bf94 100644 --- a/src/tests/test_ecc_h2c.cpp +++ b/src/tests/test_ecc_h2c.cpp @@ -59,7 +59,7 @@ class ECC_H2C_Tests final : public Text_Based_Test { const BigInt exp_point_y = vars.get_req_bn("PointY"); const bool random_oracle = method.find("-RO") != std::string::npos; - Botan::EC_Group group(group_id); + const auto group = Botan::EC_Group::from_name(group_id); const auto point = group.hash_to_curve(hash, input.data(), input.size(), domain, random_oracle); diff --git a/src/tests/test_ecc_pointmul.cpp b/src/tests/test_ecc_pointmul.cpp index 522b14fca83..92367dfdea3 100644 --- a/src/tests/test_ecc_pointmul.cpp +++ b/src/tests/test_ecc_pointmul.cpp @@ -30,7 +30,7 @@ class ECC_Basepoint_Mul_Tests final : public Text_Based_Test { const auto k_bytes = vars.get_req_bin("k"); const auto P_bytes = vars.get_req_bin("P"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::BigInt k(k_bytes); const auto pt = group.OS2ECP(P_bytes); @@ -66,7 +66,7 @@ class ECC_Varpoint_Mul_Tests final : public Text_Based_Test { const Botan::BigInt kX = vars.get_req_bn("kX"); const Botan::BigInt kY = vars.get_req_bn("kY"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::EC_Point pt = group.point(X, Y); diff --git a/src/tests/test_ecdh.cpp b/src/tests/test_ecdh.cpp index e85a96f9b55..9f7192a15f4 100644 --- a/src/tests/test_ecdh.cpp +++ b/src/tests/test_ecdh.cpp @@ -24,7 +24,7 @@ class ECDH_KAT_Tests final : public PK_Key_Agreement_Test { std::string default_kdf(const VarMap& /*unused*/) const override { return "Raw"; } std::unique_ptr load_our_key(const std::string& group_id, const VarMap& vars) override { - Botan::EC_Group group(group_id); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::BigInt secret = vars.get_req_bn("Secret"); return std::make_unique(this->rng(), group, secret); } diff --git a/src/tests/test_ecdsa.cpp b/src/tests/test_ecdsa.cpp index 0cd7f0026cd..ff781114e8d 100644 --- a/src/tests/test_ecdsa.cpp +++ b/src/tests/test_ecdsa.cpp @@ -32,7 +32,7 @@ class ECDSA_Verification_Tests final : public PK_Signature_Verification_Test { const std::string group_id = vars.get_req_str("Group"); const BigInt px = vars.get_req_bn("Px"); const BigInt py = vars.get_req_bn("Py"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::EC_Point public_point = group.point(px, py); @@ -58,7 +58,7 @@ class ECDSA_Wycheproof_Verification_Tests final : public PK_Signature_Verificati const std::string group_id = vars.get_req_str("Group"); const BigInt px = vars.get_req_bn("Px"); const BigInt py = vars.get_req_bn("Py"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::EC_Point public_point = group.point(px, py); @@ -87,7 +87,7 @@ class ECDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { std::unique_ptr load_private_key(const VarMap& vars) override { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); return std::make_unique(this->rng(), group, x); } @@ -122,7 +122,7 @@ class ECDSA_KAT_Verification_Tests final : public PK_Signature_Verification_Test std::unique_ptr load_public_key(const VarMap& vars) override { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); Botan::ECDSA_PrivateKey priv_key(this->rng(), group, x); @@ -166,7 +166,7 @@ class ECDSA_Key_Recovery_Tests final : public Text_Based_Test { Test::Result result("ECDSA key recovery"); const std::string group_id = vars.get_req_str("Group"); - Botan::EC_Group group(group_id); + const auto group = Botan::EC_Group::from_name(group_id); const BigInt R = vars.get_req_bn("R"); const BigInt S = vars.get_req_bn("S"); @@ -210,7 +210,7 @@ class ECDSA_Invalid_Key_Tests final : public Text_Based_Test { Test::Result result("ECDSA invalid keys"); const std::string group_id = vars.get_req_str("Group"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); const Botan::BigInt x = vars.get_req_bn("InvalidKeyX"); const Botan::BigInt y = vars.get_req_bn("InvalidKeyY"); diff --git a/src/tests/test_ecgdsa.cpp b/src/tests/test_ecgdsa.cpp index cc2d943fca7..adca8e23d27 100644 --- a/src/tests/test_ecgdsa.cpp +++ b/src/tests/test_ecgdsa.cpp @@ -29,7 +29,7 @@ class ECGDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { std::unique_ptr load_private_key(const VarMap& vars) override { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); return std::make_unique(this->rng(), group, x); } diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 7a4040553d7..66e0b8e186b 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -220,6 +220,8 @@ class ECIES_Tests final : public Text_Based_Test { const std::vector ciphertext = vars.get_req_bin("Ciphertext"); const Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode); + + // This test uses a mix of named curves plus PEM, so we use the deprecated constructor atm const Botan::EC_Group domain(curve); const Botan::ECDH_PrivateKey private_key(this->rng(), domain, private_key_value); const Botan::ECDH_PrivateKey other_private_key(this->rng(), domain, other_private_key_value); @@ -243,7 +245,8 @@ Test::Result test_other_key_not_set() { auto rng = Test::new_rng("ecies_other_key_not_set"); const Flags flags = ecies_flags(false, false, false, true); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); + const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" @@ -273,7 +276,8 @@ Test::Result test_kdf_not_found() { auto rng = Test::new_rng("ecies_kdf_not_found"); const Flags flags = ecies_flags(false, false, false, true); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); + const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" @@ -303,7 +307,8 @@ Test::Result test_mac_not_found() { auto rng = Test::new_rng("ecies_mac_not_found"); const Flags flags = ecies_flags(false, false, false, true); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); + const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" @@ -333,7 +338,8 @@ Test::Result test_cipher_not_found() { auto rng = Test::new_rng("ecies_cipher_not_found"); const Flags flags = ecies_flags(false, false, false, true); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); + const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" @@ -362,7 +368,7 @@ Test::Result test_system_params_short_ctor() { auto rng = Test::new_rng("ecies_params_short_ctor"); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" @@ -403,7 +409,7 @@ Test::Result test_system_params_short_ctor() { Test::Result test_ciphertext_too_short() { Test::Result result("ECIES ciphertext too short"); - const Botan::EC_Group domain("secp521r1"); + const auto domain = Botan::EC_Group::from_name("secp521r1"); const Botan::BigInt private_key_value( "405029866705438137604064977397053031159826489755682166267763407" "5002761777100287880684822948852132235484464537021197213998300006" diff --git a/src/tests/test_eckcdsa.cpp b/src/tests/test_eckcdsa.cpp index e33b86594ee..74e239afc3e 100644 --- a/src/tests/test_eckcdsa.cpp +++ b/src/tests/test_eckcdsa.cpp @@ -27,7 +27,7 @@ class ECKCDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { std::unique_ptr load_private_key(const VarMap& vars) override { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OID::from_string(group_id)); + const auto group = Botan::EC_Group::from_name(group_id); return std::make_unique(this->rng(), group, x); } diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index d70fddf1180..a9fa57c269e 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -895,7 +895,7 @@ Test::Result test_ecdsa_privkey_import() { auto rng = Test::new_rng(__func__); // create ecdsa private key - ECDSA_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDSA_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); result.confirm("Key self test OK", priv_key.check_key(*rng, true)); // import to card @@ -925,7 +925,7 @@ Test::Result test_ecdsa_privkey_export() { auto rng = Test::new_rng(__func__); // create private key - ECDSA_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDSA_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); result.confirm("Check ECDSA key", priv_key.check_key(*rng, true)); // import to card @@ -960,7 +960,7 @@ Test::Result test_ecdsa_pubkey_import() { auto rng = Test::new_rng(__func__); // create ecdsa private key - ECDSA_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDSA_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -989,7 +989,7 @@ Test::Result test_ecdsa_pubkey_export() { auto rng = Test::new_rng(__func__); // create public key from private key - ECDSA_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDSA_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1023,7 +1023,7 @@ Test::Result test_ecdsa_generate_private_key() { props.set_sign(true); PKCS11_ECDSA_PrivateKey pk( - test_session.session(), EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); + test_session.session(), EC_Group::from_name("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); result.test_success("ECDSA private key generation was successful"); pk.destroy(); @@ -1034,7 +1034,7 @@ Test::Result test_ecdsa_generate_private_key() { PKCS11_ECDSA_KeyPair generate_ecdsa_keypair(const TestSession& test_session, const std::string& curve, EC_Group_Encoding ec_dompar_enc) { - EC_PublicKeyGenerationProperties pub_props(EC_Group(curve).DER_encode(ec_dompar_enc)); + EC_PublicKeyGenerationProperties pub_props(EC_Group::from_name(curve).DER_encode(ec_dompar_enc)); pub_props.set_label("BOTAN_TEST_ECDSA_PUB_KEY"); pub_props.set_token(true); pub_props.set_verify(true); @@ -1172,7 +1172,7 @@ Test::Result test_ecdh_privkey_import() { auto rng = Test::new_rng(__func__); // create ecdh private key - ECDH_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDH_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); // import to card EC_PrivateKeyImportProperties props(priv_key.DER_domain(), priv_key.private_value()); @@ -1199,7 +1199,7 @@ Test::Result test_ecdh_privkey_export() { auto rng = Test::new_rng(__func__); // create private key - ECDH_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDH_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); // import to card EC_PrivateKeyImportProperties props(priv_key.DER_domain(), priv_key.private_value()); @@ -1229,7 +1229,7 @@ Test::Result test_ecdh_pubkey_import() { auto rng = Test::new_rng(__func__); // create ECDH private key - ECDH_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDH_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1258,7 +1258,7 @@ Test::Result test_ecdh_pubkey_export() { auto rng = Test::new_rng(__func__); // create public key from private key - ECDH_PrivateKey priv_key(*rng, EC_Group("secp256r1")); + ECDH_PrivateKey priv_key(*rng, EC_Group::from_name("secp256r1")); const auto enc_point = encode_ec_point_in_octet_str(priv_key.public_point()); @@ -1292,7 +1292,7 @@ Test::Result test_ecdh_generate_private_key() { props.set_derive(true); PKCS11_ECDH_PrivateKey pk( - test_session.session(), EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); + test_session.session(), EC_Group::from_name("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve), props); result.test_success("ECDH private key generation was successful"); pk.destroy(); @@ -1301,7 +1301,8 @@ Test::Result test_ecdh_generate_private_key() { } PKCS11_ECDH_KeyPair generate_ecdh_keypair(const TestSession& test_session, const std::string& label) { - EC_PublicKeyGenerationProperties pub_props(EC_Group("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)); + EC_PublicKeyGenerationProperties pub_props( + EC_Group::from_name("secp256r1").DER_encode(EC_Group_Encoding::NamedCurve)); pub_props.set_label(label + "_PUB_KEY"); pub_props.set_token(true); pub_props.set_derive(true); diff --git a/src/tests/unit_ecdh.cpp b/src/tests/unit_ecdh.cpp index 2c773fb56af..692c967fe72 100644 --- a/src/tests/unit_ecdh.cpp +++ b/src/tests/unit_ecdh.cpp @@ -33,11 +33,11 @@ class ECDH_Unit_Tests final : public Test { static Test::Result test_ecdh_normal_derivation(Botan::RandomNumberGenerator& rng) { Test::Result result("ECDH key exchange"); - std::vector params = {"secp256r1", "secp384r1", "secp521r1", "brainpool256r1"}; + const auto params = {"secp256r1", "secp384r1", "secp521r1", "brainpool256r1"}; for(const auto& param : params) { try { - Botan::EC_Group dom_pars(param); + const auto dom_pars = Botan::EC_Group::from_name(param); Botan::ECDH_PrivateKey private_a(rng, dom_pars); Botan::ECDH_PrivateKey private_b(rng, dom_pars); diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 7b66afafa43..520d948724f 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -40,7 +40,7 @@ namespace { Test::Result test_hash_larger_than_n() { Test::Result result("ECDSA Unit"); - Botan::EC_Group dom_pars("secp160r1"); + const auto dom_pars = Botan::EC_Group::from_name("secp160r1"); // n = 0x0100000000000000000001f4c8f927aed3ca752257 (21 bytes) @@ -128,7 +128,7 @@ Test::Result test_sign_then_ver() { auto rng = Test::new_rng("ecdsa_sign_then_verify"); - Botan::EC_Group dom_pars("secp160r1"); + const auto dom_pars = Botan::EC_Group::from_name("secp160r1"); Botan::ECDSA_PrivateKey ecdsa(*rng, dom_pars); Botan::PK_Signer signer(ecdsa, *rng, "SHA-256"); @@ -152,7 +152,7 @@ Test::Result test_ec_sign() { auto rng = Test::new_rng("ecdsa_sign"); try { - Botan::EC_Group dom_pars("secp160r1"); + const auto dom_pars = Botan::EC_Group::from_name("secp160r1"); Botan::ECDSA_PrivateKey priv_key(*rng, dom_pars); Botan::PK_Signer signer(priv_key, *rng, "SHA-224"); Botan::PK_Verifier verifier(priv_key, "SHA-224"); @@ -201,7 +201,7 @@ Test::Result test_ecdsa_create_save_load() { auto rng = Test::new_rng("ecdsa_save_and_load"); try { - Botan::EC_Group dom_pars("secp160r1"); + const auto dom_pars = Botan::EC_Group::from_name("secp160r1"); Botan::ECDSA_PrivateKey key(*rng, dom_pars); Botan::PK_Signer signer(key, *rng, "SHA-256"); @@ -271,7 +271,7 @@ Test::Result test_encoding_options() { auto rng = Test::new_rng("ecdsa_encoding_options"); - Botan::EC_Group group("secp256r1"); + const auto group = Botan::EC_Group::from_name("secp256r1"); Botan::ECDSA_PrivateKey key(*rng, group); result.confirm("Default encoding is uncompressed", key.point_encoding() == Botan::EC_Point_Format::Uncompressed); @@ -393,7 +393,7 @@ Test::Result test_curve_registry() { for(const std::string& group_name : Botan::EC_Group::known_named_groups()) { try { - Botan::EC_Group group(group_name); + const auto group = Botan::EC_Group::from_name(group_name); Botan::ECDSA_PrivateKey ecdsa(*rng, group); Botan::PK_Signer signer(ecdsa, *rng, "SHA-256"); diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 838e7e47e43..653fb562f99 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -183,7 +183,7 @@ class Credentials_Manager_Test final : public Botan::Credentials_Manager { std::shared_ptr create_creds(Botan::RandomNumberGenerator& rng, bool with_client_certs = false) { // rsa and ecdsa are required for the tls module - const Botan::EC_Group ecdsa_params("secp256r1"); + const auto ecdsa_params = Botan::EC_Group::from_name("secp256r1"); const size_t rsa_params = 1024; auto rsa_ca_key = std::make_unique(rng, rsa_params); @@ -431,7 +431,7 @@ class TLS_Handshake_Test final { Botan::RandomNumberGenerator& rng) override { if(std::holds_alternative(group) && std::get(group).wire_code() == 0xFEE1) { - const Botan::EC_Group ec_group("secp112r1"); + const auto ec_group = Botan::EC_Group::from_name("secp112r1"); return std::make_unique(rng, ec_group); } @@ -446,7 +446,7 @@ class TLS_Handshake_Test final { const Botan::TLS::Policy& policy) override { if(std::holds_alternative(group) && std::get(group).wire_code() == 0xFEE1) { - const Botan::EC_Group ec_group("secp112r1"); + const auto ec_group = Botan::EC_Group::from_name("secp112r1"); Botan::ECDH_PublicKey peer_key(ec_group, ec_group.OS2ECP(public_value)); Botan::PK_Key_Agreement ka(private_key, rng, "Raw"); return ka.derive_key(0, peer_key.public_value()).bits_of(); diff --git a/src/tests/unit_tls_policy.cpp b/src/tests/unit_tls_policy.cpp index efd33da84d7..2262ebcdffa 100644 --- a/src/tests/unit_tls_policy.cpp +++ b/src/tests/unit_tls_policy.cpp @@ -73,7 +73,7 @@ class TLS_Policy_Unit_Tests final : public Test { static Test::Result test_peer_key_acceptable_ecdh(Botan::RandomNumberGenerator& rng) { Test::Result result("TLS Policy ECDH key verification"); #if defined(BOTAN_HAS_ECDH) - Botan::EC_Group group_192("secp192r1"); + const auto group_192 = Botan::EC_Group::from_name("secp192r1"); auto ecdh_192 = std::make_unique(rng, group_192); Botan::TLS::Policy policy; @@ -84,7 +84,7 @@ class TLS_Policy_Unit_Tests final : public Test { result.test_success("Correctly rejecting 192 bit EC keys"); } - Botan::EC_Group group_256("secp256r1"); + const auto group_256 = Botan::EC_Group::from_name("secp256r1"); auto ecdh_256 = std::make_unique(rng, group_256); policy.check_peer_key_acceptable(*ecdh_256); result.test_success("Correctly accepting 256 bit EC keys"); @@ -95,7 +95,7 @@ class TLS_Policy_Unit_Tests final : public Test { static Test::Result test_peer_key_acceptable_ecdsa(Botan::RandomNumberGenerator& rng) { Test::Result result("TLS Policy ECDSA key verification"); #if defined(BOTAN_HAS_ECDSA) - Botan::EC_Group group_192("secp192r1"); + const auto group_192 = Botan::EC_Group::from_name("secp192r1"); auto ecdsa_192 = std::make_unique(rng, group_192); Botan::TLS::Policy policy; @@ -106,7 +106,7 @@ class TLS_Policy_Unit_Tests final : public Test { result.test_success("Correctly rejecting 192 bit EC keys"); } - Botan::EC_Group group_256("secp256r1"); + const auto group_256 = Botan::EC_Group::from_name("secp256r1"); auto ecdsa_256 = std::make_unique(rng, group_256); policy.check_peer_key_acceptable(*ecdsa_256); result.test_success("Correctly accepting 256 bit EC keys");