Create ECDH_PrivateKey from raw bits

[ClausDampsoft]

Hello,
I'm new to Botan, having some difficulties.

For test purposes I need to create an ECDH_PrivateKey on P-256 (secp256r1) from raw bits (32 bytes in std::vector<uin8_t>). I tried the ECDH_PrivateKey-Konstruktor with the AlgorithmIdentifier but I always get some exceptions.

Nearly the same question is for an ECDH_PublicKey with given x and y as raw bits.

Thanks for any hints
Claus

[reneme]

Hi! Typically, Botan does not expect the private key as a raw 256bit vector but wrapped as a PEM container. But there's a hack that might get you there:

#include <botan/bigint.h>
#include <botan/ecdh.h>
#include <botan/hex.h>
#include <botan/rng.h>

int main() {
   const auto private_key_bytes = Botan::hex_decode("D2AC61C35CAEE918E47B0BD5E61DA9B3A5C2964AB317647DEF6DFC042A06C829");

   Botan::Null_RNG null_rng;
   const auto private_key = 
      Botan::ECDH_PrivateKey(null_rng,
                             Botan::EC_Group::from_name("secp256r1"),
                             Botan::BigInt(private_key_bytes));
}

[randombit]

^ Not really a hack, that's how it's supposed to work!

For public key from (x,y) similarly construct an EC_Point

[reneme]

Here's some snippet for the public key:

#include <botan/bigint.h>
#include <botan/ecdh.h>
#include <botan/hex.h>
#include <botan/rng.h>

#include <vector>

int main() {
   const auto pk_x = Botan::hex_decode("278309D4A88ADF89CA0E5328D3B655CF8949F2D9F9B2308AA22FE28202A315EC");
   const auto pk_y = Botan::hex_decode("AC457F18D1F3675D46E98ED2E509EE47AC2CB9A012F73263B30CD7248AEA6020");

   std::vector<uint8_t> public_key_bytes;
   public_key_bytes.reserve(pk_x.size() + pk_y.size() + 1);
   public_key_bytes.push_back(0x04);  // means: uncompressed point encoding
   public_key_bytes.insert(public_key_bytes.end(), pk_x.begin(), pk_x.end());
   public_key_bytes.insert(public_key_bytes.end(), pk_y.begin(), pk_y.end());

   const auto domain = Botan::EC_Group::from_name("secp256r1");
   const auto public_key = Botan::ECDH_PublicKey(domain, domain.OS2ECP(public_key_bytes));
}

@randombit domain.point(BigInt(x), BigInt(y)) would have been nice, but that's deprecated. I didn't see another way than to restore the 65-byte encoding above and then call domain.OS2ECP(). Did I miss something?

[ClausDampsoft]

Thanks to you!
Private key seems to work. Happy, happy no exception!
I detected myself this thing with the 0x04 for the public key. But it looks wrong (= bad style) to me.

Claus

[randombit]

This is an area in need of some cleanup. Right now we've deprecated the stuff we want to remove, but without necessarily introducing (much less documenting...) full replacements. After #4203 lands I'll work on updating the various constructors, etc