Skip to content

Comments

Refactor: Generalize the SEC.1 decoder#5356

Open
reneme wants to merge 3 commits intorandombit:masterfrom
Rohde-Schwarz:refactor/sec1_decoder
Open

Refactor: Generalize the SEC.1 decoder#5356
reneme wants to merge 3 commits intorandombit:masterfrom
Rohde-Schwarz:refactor/sec1_decoder

Conversation

@reneme
Copy link
Collaborator

@reneme reneme commented Feb 18, 2026

As promised a few weeks ago. This decomposes SEC1-parsing from the context-specific interpretation of the values (point decompression, point-on-curve check, ...).

There's now an individually testable sec1_decode() function that passes an instance of SEC1_Identity, SEC1_Compressed, or SEC1_Full to a user-provided handler function. Call sites can conveniently use the Botan::overloaded{} helper to implement this handler.

This also centralizes the handling of the deprecated "hybrid" format. Before this was supported in some places but not everywhere. I would argue that keeping support for it might now not even be a real maintenance burden anymore.

@reneme reneme requested a review from randombit February 18, 2026 10:16
@reneme reneme self-assigned this Feb 18, 2026
Copilot AI review requested due to automatic review settings February 18, 2026 10:16
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors SEC1-encoded point parsing by extracting the decoding logic into a dedicated, testable sec1_decode() function. The new implementation separates format parsing from context-specific operations like point decompression and curve validation, making the code more maintainable and reusable.

Changes:

  • Introduced sec1_decode() function and associated SEC1 data structures (SEC1_Identity, SEC1_Compressed, SEC1_Full)
  • Added comprehensive test coverage for SEC1 point parsing with valid and invalid test cases
  • Unified hybrid format handling across all call sites

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/lib/pubkey/ec_group/ec_sec1.h New header defining SEC1 decoding function and data structures
src/tests/test_ec_group.cpp Added test class for SEC1 parsing validation
src/tests/data/pubkey/ecc_point_parsing.vec Test vectors covering various SEC1 encoding scenarios
src/lib/pubkey/ec_group/legacy_ec_point/ec_point.cpp Refactored OS2ECP functions to use sec1_decode
src/lib/pubkey/ec_group/ec_inner_data.cpp Updated params_match to use sec1_decode
src/lib/pubkey/ec_group/ec_group.cpp Refactored base point decoding in BER_decode_EC_group
src/lib/math/pcurves/pcurves_impl/pcurves_wrap.h Updated point deserialization to use sec1_decode
src/lib/math/pcurves/pcurves_generic/pcurves_generic.cpp Refactored GenericAffinePoint deserialization
src/bogo_shim/bogo_shim.cpp Removed obsolete error mapping for deprecated format error
src/lib/pubkey/ec_group/info.txt Added ec_sec1.h to internal headers

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@reneme reneme force-pushed the refactor/sec1_decoder branch 2 times, most recently from 0c555d9 to 3e205df Compare February 20, 2026 10:08
@reneme reneme force-pushed the refactor/sec1_decoder branch from 3e205df to fc5a2e1 Compare February 20, 2026 10:10
@coveralls
Copy link

Coverage Status

coverage: 90.331% (+0.001%) from 90.33%
when pulling fc5a2e1 on Rohde-Schwarz:refactor/sec1_decoder
into 2cf293e on randombit:master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants