From d7d3fcb2f8c3a9f880ecf436a49fcb60eed4633d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 12 Apr 2024 17:58:36 -0400 Subject: [PATCH] Rename Curve25519 to X25519 This better matches modern usage. The old name is still accepted as an input (OID::from_name, create_private_key, etc) --- src/build-data/oids.txt | 2 + src/build-data/policy/bsi.txt | 2 +- src/build-data/policy/modern.txt | 2 +- src/build-data/policy/nist.txt | 2 +- src/cli/speed.cpp | 14 ++--- src/examples/hybrid_key_encapsulation.cpp | 2 +- src/lib/asn1/oid_maps.cpp | 7 ++- src/lib/compat/sodium/info.txt | 2 +- src/lib/compat/sodium/sodium_25519.cpp | 2 +- src/lib/ffi/ffi_pkey_algs.cpp | 8 +-- src/lib/pubkey/curve448/x448/x448.h | 2 +- src/lib/pubkey/pk_algs.cpp | 22 +++---- src/lib/pubkey/x25519/curve25519.h | 22 +++++++ .../pubkey/{curve25519 => x25519}/donna.cpp | 4 +- .../pubkey/{curve25519 => x25519}/info.txt | 5 +- .../curve25519.cpp => x25519/x25519.cpp} | 58 +++++++++---------- .../curve25519.h => x25519/x25519.h} | 45 +++++++------- src/lib/tls/tls12/msg_server_kex.cpp | 4 +- .../tls/tls13/tls_extensions_key_share.cpp | 4 +- src/lib/tls/tls13_pqc/hybrid_public_key.cpp | 8 +-- src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp | 12 ++-- src/lib/tls/tls_callbacks.cpp | 10 ++-- src/lib/tls/tls_policy.cpp | 4 +- src/lib/tls/tls_text_policy.cpp | 2 +- src/python/botan3.py | 4 +- src/scripts/test_cli.py | 2 +- src/scripts/test_python.py | 2 +- src/tests/test_pubkey.cpp | 17 ++++++ src/tests/test_tls_messages.cpp | 2 +- src/tests/test_tls_rfc8448.cpp | 6 +- .../{test_c25519.cpp => test_x25519.cpp} | 45 +++++++------- src/tests/unit_tls.cpp | 2 +- 32 files changed, 183 insertions(+), 142 deletions(-) create mode 100644 src/lib/pubkey/x25519/curve25519.h rename src/lib/pubkey/{curve25519 => x25519}/donna.cpp (99%) rename src/lib/pubkey/{curve25519 => x25519}/info.txt (73%) rename src/lib/pubkey/{curve25519/curve25519.cpp => x25519/x25519.cpp} (53%) rename src/lib/pubkey/{curve25519/curve25519.h => x25519/x25519.h} (65%) rename src/tests/{test_c25519.cpp => test_x25519.cpp} (72%) diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt index 071c520ae3e..366fcd4e2f5 100644 --- a/src/build-data/oids.txt +++ b/src/build-data/oids.txt @@ -10,7 +10,9 @@ 1.2.840.10046.2.1 = DH 1.3.6.1.4.1.3029.1.2.1 = ElGamal 1.3.6.1.4.1.25258.1.3 = McEliece +# Deprecated alias for X25519 1.3.101.110 = Curve25519 +1.3.101.110 = X25519 1.3.101.111 = X448 1.3.101.112 = Ed25519 1.3.101.113 = Ed448 diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt index 9ba2c7f99b0..0853d16dbe9 100644 --- a/src/build-data/policy/bsi.txt +++ b/src/build-data/policy/bsi.txt @@ -146,7 +146,7 @@ prf_x942 sp800_56a # pubkey -curve25519 +x25519 x448 ec_h2c ed25519 diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt index f03dee0adcd..9a8e1bcbaca 100644 --- a/src/build-data/policy/modern.txt +++ b/src/build-data/policy/modern.txt @@ -30,7 +30,7 @@ pbes2 ed25519 ed448 -curve25519 +x25519 x448 ecdh ecdsa diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt index c5a784aed58..83286f6f1b7 100644 --- a/src/build-data/policy/nist.txt +++ b/src/build-data/policy/nist.txt @@ -127,7 +127,7 @@ kdf2 prf_x942 # pubkey -curve25519 +x25519 x448 ed25519 ed448 diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 1f3fd8823fa..8e4dac4a3f1 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -406,7 +406,7 @@ class Speed final : public Command { "ECDSA", "Ed25519", "Ed448", - "Curve25519", + "X25519", "X448", "McEliece", "Kyber", @@ -596,9 +596,9 @@ class Speed final : public Command { bench_ecdh(ecc_groups, provider, msec); } #endif -#if defined(BOTAN_HAS_CURVE_25519) - else if(algo == "Curve25519") { - bench_curve25519(provider, msec); +#if defined(BOTAN_HAS_X25519) + else if(algo == "X25519") { + bench_x25519(provider, msec); } #endif #if defined(BOTAN_HAS_X448) @@ -1925,9 +1925,9 @@ class Speed final : public Command { } #endif -#if defined(BOTAN_HAS_CURVE_25519) - void bench_curve25519(const std::string& provider, std::chrono::milliseconds msec) { - bench_pk_ka("Curve25519", "Curve25519", "", provider, msec); +#if defined(BOTAN_HAS_X25519) + void bench_x25519(const std::string& provider, std::chrono::milliseconds msec) { + bench_pk_ka("X25519", "X25519", "", provider, msec); } #endif diff --git a/src/examples/hybrid_key_encapsulation.cpp b/src/examples/hybrid_key_encapsulation.cpp index 09fecae5ac5..e189ca8071a 100644 --- a/src/examples/hybrid_key_encapsulation.cpp +++ b/src/examples/hybrid_key_encapsulation.cpp @@ -351,7 +351,7 @@ int main() { // She then combines them into a custom "hybrid" key pair that acts // like a key encapsulation mechanism (KEM). const auto private_key_of_alice = std::make_unique( - Botan::create_private_key("Curve25519", rng), Botan::create_private_key("Kyber", rng, "Kyber-768-r3")); + Botan::create_private_key("X25519", rng), Botan::create_private_key("Kyber", rng, "Kyber-768-r3")); const auto public_key_of_alice = private_key_of_alice->public_key(); // Bob uses Alice's public key to encapsulate a shared secret, and diff --git a/src/lib/asn1/oid_maps.cpp b/src/lib/asn1/oid_maps.cpp index 972299f0455..cae0c936de7 100644 --- a/src/lib/asn1/oid_maps.cpp +++ b/src/lib/asn1/oid_maps.cpp @@ -1,7 +1,7 @@ /* * OID maps * -* This file was automatically generated by ./src/scripts/dev_tools/gen_oids.py on 2024-02-29 +* This file was automatically generated by ./src/scripts/dev_tools/gen_oids.py on 2024-04-12 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -106,7 +106,7 @@ std::unordered_map OID_Map::load_oid2str_map() { {"1.2.840.113549.2.8", "HMAC(SHA-224)"}, {"1.2.840.113549.2.9", "HMAC(SHA-256)"}, {"1.2.840.113549.3.7", "TripleDES/CBC"}, - {"1.3.101.110", "Curve25519"}, + {"1.3.101.110", "X25519"}, {"1.3.101.111", "X448"}, {"1.3.101.112", "Ed25519"}, {"1.3.101.113", "Ed448"}, @@ -339,7 +339,6 @@ std::unordered_map OID_Map::load_str2oid_map() { {"ChaCha20Poly1305", OID({1, 2, 840, 113549, 1, 9, 16, 3, 18})}, {"Compression.Zlib", OID({1, 2, 840, 113549, 1, 9, 16, 3, 8})}, {"Curve25519", OID({1, 3, 101, 110})}, - {"X448", OID({1, 3, 101, 111})}, {"DES/CBC", OID({1, 3, 14, 3, 2, 7})}, {"DH", OID({1, 2, 840, 10046, 2, 1})}, {"DSA", OID({1, 2, 840, 10040, 4, 1})}, @@ -519,6 +518,8 @@ std::unordered_map OID_Map::load_str2oid_map() { {"Twofish/GCM", OID({1, 3, 6, 1, 4, 1, 25258, 3, 102})}, {"Twofish/OCB", OID({1, 3, 6, 1, 4, 1, 25258, 3, 2, 5})}, {"Twofish/SIV", OID({1, 3, 6, 1, 4, 1, 25258, 3, 4, 5})}, + {"X25519", OID({1, 3, 101, 110})}, + {"X448", OID({1, 3, 101, 111})}, {"X509v3.AnyPolicy", OID({2, 5, 29, 32, 0})}, {"X509v3.AuthorityKeyIdentifier", OID({2, 5, 29, 35})}, {"X509v3.BasicConstraints", OID({2, 5, 29, 19})}, diff --git a/src/lib/compat/sodium/info.txt b/src/lib/compat/sodium/info.txt index 23059293d06..a462e469b2f 100644 --- a/src/lib/compat/sodium/info.txt +++ b/src/lib/compat/sodium/info.txt @@ -12,13 +12,13 @@ chacha salsa20 poly1305 chacha20poly1305 -curve25519 ed25519 sha2_32 sha2_64 hmac siphash system_rng +x25519 diff --git a/src/lib/compat/sodium/sodium_25519.cpp b/src/lib/compat/sodium/sodium_25519.cpp index 9f8d0860c48..02a75914f24 100644 --- a/src/lib/compat/sodium/sodium_25519.cpp +++ b/src/lib/compat/sodium/sodium_25519.cpp @@ -6,8 +6,8 @@ #include -#include #include +#include namespace Botan { diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index 4c2effb239f..f285c98aad0 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -47,8 +47,8 @@ #include #endif -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) @@ -521,8 +521,8 @@ int botan_privkey_create_ecdh(botan_privkey_t* key_obj, botan_rng_t rng_obj, con const std::string params(param_str); - if(params == "curve25519") { - return botan_privkey_create(key_obj, "Curve25519", "", rng_obj); + if(params == "x25519" || params == "curve25519") { + return botan_privkey_create(key_obj, "X25519", "", rng_obj); } if(params == "x448") { diff --git a/src/lib/pubkey/curve448/x448/x448.h b/src/lib/pubkey/curve448/x448/x448.h index 6422f282e93..5f4c2fe35c0 100644 --- a/src/lib/pubkey/curve448/x448/x448.h +++ b/src/lib/pubkey/curve448/x448/x448.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_PUBLIC_API(3, 4) X448_PublicKey : public virtual Public_Key { public: /** - * Create a Curve25519 Public Key. + * Create a X448 Public Key. * @param alg_id the X.509 algorithm identifier * @param key_bits DER encoded public key bits */ diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 87bc94aceb8..de9be217168 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -62,8 +62,8 @@ #include #endif -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) @@ -112,9 +112,9 @@ std::unique_ptr load_public_key(const AlgorithmIdentifier& alg_id, } #endif -#if defined(BOTAN_HAS_CURVE_25519) - if(alg_name == "Curve25519") { - return std::make_unique(alg_id, key_bits); +#if defined(BOTAN_HAS_X25519) + if(alg_name == "X25519" || alg_name == "Curve25519") { + return std::make_unique(alg_id, key_bits); } #endif @@ -241,9 +241,9 @@ std::unique_ptr load_private_key(const AlgorithmIdentifier& alg_id, } #endif -#if defined(BOTAN_HAS_CURVE_25519) - if(alg_name == "Curve25519") { - return std::make_unique(alg_id, key_bits); +#if defined(BOTAN_HAS_X25519) + if(alg_name == "X25519" || alg_name == "Curve25519") { + return std::make_unique(alg_id, key_bits); } #endif @@ -411,9 +411,9 @@ std::unique_ptr create_private_key(std::string_view alg_name, * Default paramaters are chosen for work factor > 2**128 where possible */ -#if defined(BOTAN_HAS_CURVE_25519) - if(alg_name == "Curve25519") { - return std::make_unique(rng); +#if defined(BOTAN_HAS_X25519) + if(alg_name == "X25519" || alg_name == "Curve25519") { + return std::make_unique(rng); } #endif diff --git a/src/lib/pubkey/x25519/curve25519.h b/src/lib/pubkey/x25519/curve25519.h new file mode 100644 index 00000000000..c2b90ede8a7 --- /dev/null +++ b/src/lib/pubkey/x25519/curve25519.h @@ -0,0 +1,22 @@ +/* +* Curve25519 +* (C) 2014 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_CURVE_25519_H_ +#define BOTAN_CURVE_25519_H_ + +#include + +BOTAN_DEPRECATED_HEADER("curve25519.h") + +namespace Botan { + +BOTAN_DEPRECATED("Use X25519_PublicKey") typedef X25519_PublicKey Curve25519_PublicKey; +BOTAN_DEPRECATED("Use X25519_PrivateKey") typedef X25519_PrivateKey Curve25519_PrivateKey; + +} // namespace Botan + +#endif diff --git a/src/lib/pubkey/curve25519/donna.cpp b/src/lib/pubkey/x25519/donna.cpp similarity index 99% rename from src/lib/pubkey/curve25519/donna.cpp rename to src/lib/pubkey/x25519/donna.cpp index 8400f0edacc..dacf5244dc8 100644 --- a/src/lib/pubkey/curve25519/donna.cpp +++ b/src/lib/pubkey/x25519/donna.cpp @@ -1,5 +1,5 @@ /* -* Based on curve25519-donna-c64.c from github.com/agl/curve25519-donna +* Based on curve25519-donna-c64.c from https://github.com/agl/curve25519-donna * revision 80ad9b9930c9baef5829dd2a235b6b7646d32a8e * * Further changes @@ -32,7 +32,7 @@ * from the sample implementation. */ -#include +#include #include #include diff --git a/src/lib/pubkey/curve25519/info.txt b/src/lib/pubkey/x25519/info.txt similarity index 73% rename from src/lib/pubkey/curve25519/info.txt rename to src/lib/pubkey/x25519/info.txt index 585df87bdf3..0f0010e699b 100644 --- a/src/lib/pubkey/curve25519/info.txt +++ b/src/lib/pubkey/x25519/info.txt @@ -1,12 +1,13 @@ CURVE_25519 -> 20170621 -X25519 -> 20180910 +X25519 -> 20240412 -name -> "Curve25519" +name -> "X25519" +x25519.h curve25519.h diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/x25519/x25519.cpp similarity index 53% rename from src/lib/pubkey/curve25519/curve25519.cpp rename to src/lib/pubkey/x25519/x25519.cpp index dd70c3561cd..9103edac95c 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/x25519/x25519.cpp @@ -1,11 +1,11 @@ /* -* Curve25519 -* (C) 2014 Jack Lloyd +* X25519 +* (C) 2014,2024 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include #include @@ -24,7 +24,7 @@ namespace { void size_check(size_t size, const char* thing) { if(size != 32) { - throw Decoding_Error(fmt("Invalid size {} for Curve25519 {}", size, thing)); + throw Decoding_Error(fmt("Invalid size {} for X25519 {}", size, thing)); } } @@ -36,34 +36,34 @@ secure_vector curve25519(const secure_vector& secret, const ui } // namespace -AlgorithmIdentifier Curve25519_PublicKey::algorithm_identifier() const { +AlgorithmIdentifier X25519_PublicKey::algorithm_identifier() const { return AlgorithmIdentifier(object_identifier(), AlgorithmIdentifier::USE_EMPTY_PARAM); } -bool Curve25519_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const { +bool X25519_PublicKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const { return true; // no tests possible? } -Curve25519_PublicKey::Curve25519_PublicKey(const AlgorithmIdentifier& /*unused*/, std::span key_bits) : - Curve25519_PublicKey(key_bits) {} +X25519_PublicKey::X25519_PublicKey(const AlgorithmIdentifier& /*unused*/, std::span key_bits) : + X25519_PublicKey(key_bits) {} -Curve25519_PublicKey::Curve25519_PublicKey(std::span pub) { +X25519_PublicKey::X25519_PublicKey(std::span pub) { m_public.assign(pub.begin(), pub.end()); size_check(m_public.size(), "public key"); } -std::vector Curve25519_PublicKey::public_key_bits() const { +std::vector X25519_PublicKey::public_key_bits() const { return m_public; } -std::unique_ptr Curve25519_PublicKey::generate_another(RandomNumberGenerator& rng) const { - return std::make_unique(rng); +std::unique_ptr X25519_PublicKey::generate_another(RandomNumberGenerator& rng) const { + return std::make_unique(rng); }; -Curve25519_PrivateKey::Curve25519_PrivateKey(const secure_vector& secret_key) { +X25519_PrivateKey::X25519_PrivateKey(const secure_vector& secret_key) { if(secret_key.size() != 32) { - throw Decoding_Error("Invalid size for Curve25519 private key"); + throw Decoding_Error("Invalid size for X25519 private key"); } m_public.resize(32); @@ -71,13 +71,13 @@ Curve25519_PrivateKey::Curve25519_PrivateKey(const secure_vector& secre curve25519_basepoint(m_public.data(), m_private.data()); } -Curve25519_PrivateKey::Curve25519_PrivateKey(RandomNumberGenerator& rng) { +X25519_PrivateKey::X25519_PrivateKey(RandomNumberGenerator& rng) { m_private = rng.random_vec(32); m_public.resize(32); curve25519_basepoint(m_public.data(), m_private.data()); } -Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier& /*unused*/, std::span key_bits) { +X25519_PrivateKey::X25519_PrivateKey(const AlgorithmIdentifier& /*unused*/, std::span key_bits) { BER_Decoder(key_bits).decode(m_private, ASN1_Type::OctetString).discard_remaining(); size_check(m_private.size(), "private key"); @@ -85,21 +85,21 @@ Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier& /*unused curve25519_basepoint(m_public.data(), m_private.data()); } -std::unique_ptr Curve25519_PrivateKey::public_key() const { - return std::make_unique(public_value()); +std::unique_ptr X25519_PrivateKey::public_key() const { + return std::make_unique(public_value()); } -secure_vector Curve25519_PrivateKey::private_key_bits() const { +secure_vector X25519_PrivateKey::private_key_bits() const { return DER_Encoder().encode(m_private, ASN1_Type::OctetString).get_contents(); } -bool Curve25519_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const { +bool X25519_PrivateKey::check_key(RandomNumberGenerator& /*rng*/, bool /*strong*/) const { std::vector public_point(32); curve25519_basepoint(public_point.data(), m_private.data()); return public_point == m_public; } -secure_vector Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const { +secure_vector X25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const { size_check(w_len, "public value"); return curve25519(m_private, w); } @@ -107,11 +107,11 @@ secure_vector Curve25519_PrivateKey::agree(const uint8_t w[], size_t w_ namespace { /** -* Curve25519 operation +* X25519 operation */ -class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { +class X25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { public: - Curve25519_KA_Operation(const Curve25519_PrivateKey& key, std::string_view kdf) : + X25519_KA_Operation(const X25519_PrivateKey& key, std::string_view kdf) : PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {} size_t agreed_value_size() const override { return 32; } @@ -119,16 +119,16 @@ class Curve25519_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { secure_vector raw_agree(const uint8_t w[], size_t w_len) override { return m_key.agree(w, w_len); } private: - const Curve25519_PrivateKey& m_key; + const X25519_PrivateKey& m_key; }; } // namespace -std::unique_ptr Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, - std::string_view params, - std::string_view provider) const { +std::unique_ptr X25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, + std::string_view params, + std::string_view provider) const { if(provider == "base" || provider.empty()) { - return std::make_unique(*this, params); + return std::make_unique(*this, params); } throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/x25519/x25519.h similarity index 65% rename from src/lib/pubkey/curve25519/curve25519.h rename to src/lib/pubkey/x25519/x25519.h index d992e5c3a91..0f11dc0b2de 100644 --- a/src/lib/pubkey/curve25519/curve25519.h +++ b/src/lib/pubkey/x25519/x25519.h @@ -1,20 +1,19 @@ /* -* Curve25519 -* (C) 2014 Jack Lloyd +* (C) 2014,2024 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_CURVE_25519_H_ -#define BOTAN_CURVE_25519_H_ +#ifndef BOTAN_X25519_H_ +#define BOTAN_X25519_H_ #include namespace Botan { -class BOTAN_PUBLIC_API(2, 0) Curve25519_PublicKey : public virtual Public_Key { +class BOTAN_PUBLIC_API(2, 0) X25519_PublicKey : public virtual Public_Key { public: - std::string algo_name() const override { return "Curve25519"; } + std::string algo_name() const override { return "X25519"; } size_t estimated_strength() const override { return 128; } @@ -33,50 +32,50 @@ class BOTAN_PUBLIC_API(2, 0) Curve25519_PublicKey : public virtual Public_Key { std::unique_ptr generate_another(RandomNumberGenerator& rng) const final; /** - * Create a Curve25519 Public Key. + * Create a X25519 Public Key. * @param alg_id the X.509 algorithm identifier * @param key_bits DER encoded public key bits */ - Curve25519_PublicKey(const AlgorithmIdentifier& alg_id, std::span key_bits); + X25519_PublicKey(const AlgorithmIdentifier& alg_id, std::span key_bits); /** - * Create a Curve25519 Public Key. + * Create a X25519 Public Key. * @param pub 32-byte raw public key */ - explicit Curve25519_PublicKey(std::span pub); + explicit X25519_PublicKey(std::span pub); protected: - Curve25519_PublicKey() = default; + X25519_PublicKey() = default; std::vector m_public; }; BOTAN_DIAGNOSTIC_PUSH BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE -class BOTAN_PUBLIC_API(2, 0) Curve25519_PrivateKey final : public Curve25519_PublicKey, - public virtual Private_Key, - public virtual PK_Key_Agreement_Key { +class BOTAN_PUBLIC_API(2, 0) X25519_PrivateKey final : public X25519_PublicKey, + public virtual Private_Key, + public virtual PK_Key_Agreement_Key { public: /** * Construct a private key from the specified parameters. * @param alg_id the X.509 algorithm identifier * @param key_bits PKCS #8 structure */ - Curve25519_PrivateKey(const AlgorithmIdentifier& alg_id, std::span key_bits); + X25519_PrivateKey(const AlgorithmIdentifier& alg_id, std::span key_bits); /** * Generate a private key. * @param rng the RNG to use */ - explicit Curve25519_PrivateKey(RandomNumberGenerator& rng); + explicit X25519_PrivateKey(RandomNumberGenerator& rng); /** * Construct a private key from the specified parameters. * @param secret_key the private key */ - explicit Curve25519_PrivateKey(const secure_vector& secret_key); + explicit X25519_PrivateKey(const secure_vector& secret_key); - std::vector public_value() const override { return Curve25519_PublicKey::public_value(); } + std::vector public_value() const override { return X25519_PublicKey::public_value(); } secure_vector agree(const uint8_t w[], size_t w_len) const; @@ -102,22 +101,20 @@ class BOTAN_PUBLIC_API(2, 0) Curve25519_PrivateKey final : public Curve25519_Pub BOTAN_DIAGNOSTIC_POP -typedef Curve25519_PublicKey X25519_PublicKey; -typedef Curve25519_PrivateKey X25519_PrivateKey; - /* * The types above are just wrappers for curve25519_donna, plus defining * encodings for public and private keys. */ -void BOTAN_PUBLIC_API(2, 0) - curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32]); +BOTAN_DEPRECATED_API("Use X25519_PrivateKey or Sodium::crypto_scalarmult_curve25519") +void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32]); /** * Exponentiate by the x25519 base point * @param mypublic output value * @param secret random scalar */ -void BOTAN_PUBLIC_API(2, 0) curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]); +BOTAN_DEPRECATED_API("Use X25519_PrivateKey or Sodium::crypto_scalarmult_curve25519_base") +void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]); } // namespace Botan diff --git a/src/lib/tls/tls12/msg_server_kex.cpp b/src/lib/tls/tls12/msg_server_kex.cpp index 9479bce969a..7c2f6bc9691 100644 --- a/src/lib/tls/tls12/msg_server_kex.cpp +++ b/src/lib/tls/tls12/msg_server_kex.cpp @@ -20,8 +20,8 @@ #include #include -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) #include diff --git a/src/lib/tls/tls13/tls_extensions_key_share.cpp b/src/lib/tls/tls13/tls_extensions_key_share.cpp index ab5857630f1..95598fba87c 100644 --- a/src/lib/tls/tls13/tls_extensions_key_share.cpp +++ b/src/lib/tls/tls13/tls_extensions_key_share.cpp @@ -22,8 +22,8 @@ #include #include -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) diff --git a/src/lib/tls/tls13_pqc/hybrid_public_key.cpp b/src/lib/tls/tls13_pqc/hybrid_public_key.cpp index 75a95d77cf5..ec534b3a1e8 100644 --- a/src/lib/tls/tls13_pqc/hybrid_public_key.cpp +++ b/src/lib/tls/tls13_pqc/hybrid_public_key.cpp @@ -27,15 +27,15 @@ std::vector> algorithm_specs_for_group(Group switch(group.code()) { case Group_Params::HYBRID_X25519_KYBER_512_R3_OQS: case Group_Params::HYBRID_X25519_KYBER_512_R3_CLOUDFLARE: - return {{"Curve25519", "Curve25519"}, {"Kyber", "Kyber-512-r3"}}; + return {{"X25519", "X25519"}, {"Kyber", "Kyber-512-r3"}}; case Group_Params::HYBRID_X25519_KYBER_768_R3_OQS: - return {{"Curve25519", "Curve25519"}, {"Kyber", "Kyber-768-r3"}}; + return {{"X25519", "X25519"}, {"Kyber", "Kyber-768-r3"}}; case Group_Params::HYBRID_X448_KYBER_768_R3_OQS: return {{"X448", "X448"}, {"Kyber", "Kyber-768-r3"}}; case Group_Params::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS: - return {{"Curve25519", "Curve25519"}, {"FrodoKEM", "eFrodoKEM-640-SHAKE"}}; + return {{"X25519", "X25519"}, {"FrodoKEM", "eFrodoKEM-640-SHAKE"}}; case Group_Params::HYBRID_X25519_eFRODOKEM_640_AES_OQS: - return {{"Curve25519", "Curve25519"}, {"FrodoKEM", "eFrodoKEM-640-AES"}}; + return {{"X25519", "X25519"}, {"FrodoKEM", "eFrodoKEM-640-AES"}}; case Group_Params::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS: return {{"X448", "X448"}, {"FrodoKEM", "eFrodoKEM-976-SHAKE"}}; case Group_Params::HYBRID_X448_eFRODOKEM_976_AES_OQS: diff --git a/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp b/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp index b544663de94..d2a5e9b5aba 100644 --- a/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp +++ b/src/lib/tls/tls13_pqc/kex_to_kem_adapter.cpp @@ -23,8 +23,8 @@ #include #endif -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) @@ -58,8 +58,8 @@ std::vector kex_public_value(const Public_Key& kex_public_key) { } #endif -#if defined(BOTAN_HAS_CURVE_25519) - if(const auto* curve = dynamic_cast(&kex_public_key)) { +#if defined(BOTAN_HAS_X25519) + if(const auto* curve = dynamic_cast(&kex_public_key)) { return curve->public_value(); } #endif @@ -100,8 +100,8 @@ size_t kex_shared_key_length(const Public_Key& kex_public_key) { } #endif -#if defined(BOTAN_HAS_CURVE_25519) - if(const auto* curve = dynamic_cast(&kex_public_key)) { +#if defined(BOTAN_HAS_X25519) + if(const auto* curve = dynamic_cast(&kex_public_key)) { BOTAN_UNUSED(curve); return 32; /* TODO: magic number */ } diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 57a81c71d9b..ad10d97372b 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -22,8 +22,8 @@ #include #include -#if defined(BOTAN_HAS_CURVE_25519) - #include +#if defined(BOTAN_HAS_X25519) + #include #endif #if defined(BOTAN_HAS_X448) @@ -272,7 +272,7 @@ std::unique_ptr TLS::Callbacks::tls_generate_ephemeral_key return std::make_unique(rng, ec_group); } -#if defined(BOTAN_HAS_CURVE_25519) +#if defined(BOTAN_HAS_X25519) if(group_params.is_x25519()) { return std::make_unique(rng); } @@ -336,13 +336,13 @@ secure_vector TLS::Callbacks::tls_ephemeral_key_agreement( return agree(private_key, peer_key); } -#if defined(BOTAN_HAS_CURVE_25519) +#if defined(BOTAN_HAS_X25519) if(group_params.is_x25519()) { if(public_value.size() != 32) { throw TLS_Exception(Alert::HandshakeFailure, "Invalid X25519 key size"); } - Curve25519_PublicKey peer_key(public_value); + X25519_PublicKey peer_key(public_value); policy.check_peer_key_acceptable(peer_key); return agree(private_key, peer_key); diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index dc09ee47635..172964b340c 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -158,7 +158,7 @@ Group_Params Policy::default_dh_group() const { std::vector Policy::key_exchange_groups() const { // Default list is ordered by performance return { -#if defined(BOTAN_HAS_CURVE_25519) +#if defined(BOTAN_HAS_X25519) Group_Params::X25519, #endif #if defined(BOTAN_HAS_X448) @@ -226,7 +226,7 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const { expected_keylength = minimum_rsa_bits(); } else if(algo_name == "DH") { expected_keylength = minimum_dh_group_size(); - } else if(algo_name == "ECDH" || algo_name == "Curve25519" || algo_name == "X448") { + } else if(algo_name == "ECDH" || algo_name == "X25519" || algo_name == "X448") { expected_keylength = minimum_ecdh_group_size(); } else if(algo_name == "ECDSA") { expected_keylength = minimum_ecdsa_group_size(); diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 7ec142a5e8d..d363648857e 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -229,7 +229,7 @@ std::vector Text_Policy::read_group_list(std::string_view group_st for(const auto& group_name : split_on(group_str, ' ')) { Group_Params group_id = Group_Params::from_string(group_name).value_or(Group_Params::NONE); -#if !defined(BOTAN_HAS_CURVE_25519) +#if !defined(BOTAN_HAS_X25519) if(group_id == Group_Params::X25519) continue; #endif diff --git a/src/python/botan3.py b/src/python/botan3.py index 95c392de5f6..84f1e16a19a 100755 --- a/src/python/botan3.py +++ b/src/python/botan3.py @@ -1190,8 +1190,8 @@ def create(cls, algo, params, rng_obj): elif algo == 'ecdsa': algo = 'ECDSA' elif algo in ['ecdh', 'ECDH']: - if params == 'curve25519': - algo = 'Curve25519' + if params == 'x25519' || params == 'curve25519': + algo = 'X25519' params = '' elif params == 'x448': algo = 'X448' diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index 1b168cedf4e..fe9ec7cea36 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -1512,7 +1512,7 @@ def cli_speed_pk_tests(_tmp_dir): msec = 1 pk_algos = ["ECDSA", "ECDH", "SM2", "ECKCDSA", "ECGDSA", "GOST-34.10", - "DH", "DSA", "ElGamal", "Ed25519", "Ed448", "Curve25519", "X448", "McEliece", + "DH", "DSA", "ElGamal", "Ed25519", "Ed448", "X25519", "X448", "McEliece", "RSA", "RSA_keygen", "XMSS", "ec_h2c", "Kyber", "Dilithium", "SPHINCS+"] diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py index a11a71bf626..263a2cf95f1 100644 --- a/src/scripts/test_python.py +++ b/src/scripts/test_python.py @@ -546,7 +546,7 @@ def test_ecdh(self): def test_rfc7748_kex(self): rng = botan.RandomNumberGenerator() - for alg in ['Curve25519', 'X448']: + for alg in ['X25519', 'X448']: a_priv = botan.PrivateKey.create(alg, '', rng) b_priv = botan.PrivateKey.create(alg, '', rng) diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index 0974a8eff45..bad7c388bed 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -600,6 +600,23 @@ std::vector PK_Key_Generation_Test::run() { result.confirm("Key passes self tests", key.check_key(this->rng(), true)); } catch(Botan::Lookup_Error&) {} + const std::string name = key.algo_name(); + result.confirm("Key has a non-empty name", !name.empty()); + + if(auto oid = Botan::OID::from_name(name)) { + result.test_success("Keys name maps to an OID"); + + result.test_eq("Keys name OID is the same as the object oid", + oid.value().to_string(), + key.object_identifier().to_string()); + } else { + const bool exception = name == "Kyber" || name == "FrodoKEM" || name == "SPHINCS+"; + + if(!exception) { + result.test_failure("Keys name " + name + " does not map to an OID"); + } + } + result.test_gte("Key has reasonable estimated strength (lower)", key.estimated_strength(), 64); result.test_lt("Key has reasonable estimated strength (upper)", key.estimated_strength(), 512); diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp index 716b4d0f3ac..97e8bb8bebc 100644 --- a/src/tests/test_tls_messages.cpp +++ b/src/tests/test_tls_messages.cpp @@ -206,7 +206,7 @@ class TLS_Message_Parsing_Test final : public Text_Based_Test { BOTAN_REGISTER_TEST("tls", "tls_messages", TLS_Message_Parsing_Test); #if defined(BOTAN_HAS_TLS_13) - #if defined(BOTAN_HAS_CURVE_25519) + #if defined(BOTAN_HAS_X25519) class TLS_Key_Share_CH_Generation_Test final : public Text_Based_Test { public: TLS_Key_Share_CH_Generation_Test() : diff --git a/src/tests/test_tls_rfc8448.cpp b/src/tests/test_tls_rfc8448.cpp index 3200f3e9154..cb2bb93dab8 100644 --- a/src/tests/test_tls_rfc8448.cpp +++ b/src/tests/test_tls_rfc8448.cpp @@ -13,9 +13,9 @@ // Since RFC 8448 uses a specific set of cipher suites we can only run this // test if all of them are enabled. -#if defined(BOTAN_HAS_TLS_13) && defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) && defined(BOTAN_HAS_AEAD_GCM) && \ - defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_CURVE_25519) && defined(BOTAN_HAS_SHA2_32) && \ - defined(BOTAN_HAS_SHA2_64) && defined(BOTAN_HAS_ECDSA) +#if defined(BOTAN_HAS_TLS_13) && defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) && defined(BOTAN_HAS_AEAD_GCM) && \ + defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_X25519) && defined(BOTAN_HAS_SHA2_32) && defined(BOTAN_HAS_SHA2_64) && \ + defined(BOTAN_HAS_ECDSA) #define BOTAN_CAN_RUN_TEST_TLS_RFC8448 #endif diff --git a/src/tests/test_c25519.cpp b/src/tests/test_x25519.cpp similarity index 72% rename from src/tests/test_c25519.cpp rename to src/tests/test_x25519.cpp index 555b01a6360..ce3faa90261 100644 --- a/src/tests/test_c25519.cpp +++ b/src/tests/test_x25519.cpp @@ -6,23 +6,25 @@ #include "tests.h" -#if defined(BOTAN_HAS_CURVE_25519) +#if defined(BOTAN_HAS_X25519) #include "test_pubkey.h" - #include #include #include + #include #include #endif namespace Botan_Tests { -#if defined(BOTAN_HAS_CURVE_25519) +#if defined(BOTAN_HAS_X25519) -class Curve25519_Sclarmult_Tests final : public Text_Based_Test { +class X25519_Sclarmult_Tests final : public Text_Based_Test { public: - Curve25519_Sclarmult_Tests() : Text_Based_Test("pubkey/c25519_scalar.vec", "Secret,Basepoint,Out") {} + X25519_Sclarmult_Tests() : Text_Based_Test("pubkey/c25519_scalar.vec", "Secret,Basepoint,Out") {} Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override { + Test::Result result("X25519 scalarmult"); + const std::vector secret = vars.get_req_bin("Secret"); const std::vector basepoint = vars.get_req_bin("Basepoint"); const std::vector expected = vars.get_req_bin("Out"); @@ -30,24 +32,23 @@ class Curve25519_Sclarmult_Tests final : public Text_Based_Test { std::vector got(32); Botan::curve25519_donna(got.data(), secret.data(), basepoint.data()); - Test::Result result("Curve25519 scalarmult"); result.test_eq("basemult", got, expected); return result; } }; -BOTAN_REGISTER_TEST("pubkey", "curve25519_scalar", Curve25519_Sclarmult_Tests); +BOTAN_REGISTER_TEST("pubkey", "x25519_scalar", X25519_Sclarmult_Tests); -class Curve25519_Agreement_Tests final : public PK_Key_Agreement_Test { +class X25519_Agreement_Tests final : public PK_Key_Agreement_Test { public: - Curve25519_Agreement_Tests() : PK_Key_Agreement_Test("X25519", "pubkey/x25519.vec", "Secret,CounterKey,K") {} + X25519_Agreement_Tests() : PK_Key_Agreement_Test("X25519", "pubkey/x25519.vec", "Secret,CounterKey,K") {} std::string default_kdf(const VarMap& /*unused*/) const override { return "Raw"; } std::unique_ptr load_our_key(const std::string& /*header*/, const VarMap& vars) override { const std::vector secret_vec = vars.get_req_bin("Secret"); Botan::secure_vector secret(secret_vec.begin(), secret_vec.end()); - return std::make_unique(secret); + return std::make_unique(secret); } std::vector load_their_key(const std::string& /*header*/, const VarMap& vars) override { @@ -55,18 +56,18 @@ class Curve25519_Agreement_Tests final : public PK_Key_Agreement_Test { } }; -BOTAN_REGISTER_TEST("pubkey", "curve25519_agreement", Curve25519_Agreement_Tests); +BOTAN_REGISTER_TEST("pubkey", "x25519_agreement", X25519_Agreement_Tests); -class Curve25519_Roundtrip_Test final : public Test { +class X25519_Roundtrip_Test final : public Test { public: std::vector run() override { std::vector results; for(size_t i = 0; i < 10; ++i) { - Test::Result result("Curve25519 roundtrip"); + Test::Result result("X25519 roundtrip"); - Botan::Curve25519_PrivateKey a_priv_gen(this->rng()); - Botan::Curve25519_PrivateKey b_priv_gen(this->rng()); + Botan::X25519_PrivateKey a_priv_gen(this->rng()); + Botan::X25519_PrivateKey b_priv_gen(this->rng()); #if defined(BOTAN_HAS_PKCS5_PBES2) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_GCM) && \ defined(BOTAN_HAS_SHA2_32) @@ -106,8 +107,8 @@ class Curve25519_Roundtrip_Test final : public Test { auto a_pub = Botan::X509::load_key(a_pub_ds); auto b_pub = Botan::X509::load_key(b_pub_ds); - Botan::Curve25519_PublicKey* a_pub_key = dynamic_cast(a_pub.get()); - Botan::Curve25519_PublicKey* b_pub_key = dynamic_cast(b_pub.get()); + Botan::X25519_PublicKey* a_pub_key = dynamic_cast(a_pub.get()); + Botan::X25519_PublicKey* b_pub_key = dynamic_cast(b_pub.get()); if(a_pub_key && b_pub_key) { Botan::PK_Key_Agreement a_ka(*a_priv, this->rng(), "Raw"); @@ -121,7 +122,7 @@ class Curve25519_Roundtrip_Test final : public Test { result.test_note(b_priv_pem); } } else { - result.test_failure("Cast back to Curve25519 failed"); + result.test_failure("Cast back to X25519 failed"); } results.push_back(result); @@ -131,16 +132,16 @@ class Curve25519_Roundtrip_Test final : public Test { } }; -BOTAN_REGISTER_TEST("pubkey", "curve25519_rt", Curve25519_Roundtrip_Test); +BOTAN_REGISTER_TEST("pubkey", "x25519_rt", X25519_Roundtrip_Test); -class Curve25519_Keygen_Tests final : public PK_Key_Generation_Test { +class X25519_Keygen_Tests final : public PK_Key_Generation_Test { public: std::vector keygen_params() const override { return {""}; } - std::string algo_name() const override { return "Curve25519"; } + std::string algo_name() const override { return "X25519"; } }; -BOTAN_REGISTER_TEST("pubkey", "curve25519_keygen", Curve25519_Keygen_Tests); +BOTAN_REGISTER_TEST("pubkey", "x25519_keygen", X25519_Keygen_Tests); #endif diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index be0b602506f..838e7e47e43 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1013,7 +1013,7 @@ class TLS_Unit_Tests final : public Test { "AEAD", {{"groups", "brainpool256r1"}}); - #if defined(BOTAN_HAS_CURVE_25519) + #if defined(BOTAN_HAS_X25519) test_modern_versions( "AES-128/GCM x25519", results, client_ses, server_ses, creds, rng, "ECDH", "AES-128/GCM", "AEAD", {{ "groups",