summaryrefslogtreecommitdiffstats
path: root/g10/ecdh.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2011-01-21 12:00:57 +0100
committerWerner Koch <wk@gnupg.org>2011-01-21 12:00:57 +0100
commit90b0ff23b7e51332592668e4034967c1aac1c593 (patch)
treea3ef4cbd4c679a954a2cceba218b54cc2e2e9be5 /g10/ecdh.c
parentAdd ignore file (diff)
downloadgnupg2-90b0ff23b7e51332592668e4034967c1aac1c593.tar.xz
gnupg2-90b0ff23b7e51332592668e4034967c1aac1c593.zip
Editorial changes and allow building with old libgcrypts.
Changed order of some conditional to make to put the special case into the true branch. Indentation changes. Minor other changes to make the ECC code more similar to the rest of our code. It builds but many sefltests still fail. Need to fix that before using it with an ECDH enabled libgcrypt. [/] 2011-01-21 Werner Koch <wk@g10code.com> * configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP. (HAVE_GCRY_PK_ECDH): Add new test. [agent/] 2011-01-21 Werner Koch <wk@g10code.com> * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. [include/] 2011-01-21 Werner Koch <wk@g10code.com> * cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros because we now require libgcrypt 1.4.6. (GCRY_PK_ECDH): Add replacement.
Diffstat (limited to 'g10/ecdh.c')
-rw-r--r--g10/ecdh.c451
1 files changed, 261 insertions, 190 deletions
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 091a28cde..cb251fef2 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -1,5 +1,5 @@
/* ecdh.c - ECDH public key operations used in public key glue code
- * Copyright (C) 2000, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -31,10 +31,12 @@
#include "options.h"
gcry_mpi_t
-pk_ecdh_default_params_to_mpi( int qbits ) {
+pk_ecdh_default_params_to_mpi (int qbits)
+{
gpg_error_t err;
gcry_mpi_t result;
- /* Defaults are the strongest possible choices. Performance is not an issue here, only interoperability. */
+ /* Defaults are the strongest possible choices. Performance is not
+ an issue here, only interoperability. */
byte kek_params[4] = {
3 /*size of following field*/,
1 /*fixed version for KDF+AESWRAP*/,
@@ -50,41 +52,49 @@ pk_ecdh_default_params_to_mpi( int qbits ) {
} kek_params_table[] = {
{ 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES },
{ 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
- { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } // 528 is 521 rounded to the 8 bit boundary
+
+ /* Note: 528 is 521 rounded to the 8 bit boundary */
+ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }
};
- for( i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++ ) {
- if( kek_params_table[i].qbits >= qbits ) {
- kek_params[2] = kek_params_table[i].openpgp_hash_id;
- kek_params[3] = kek_params_table[i].openpgp_cipher_id;
- break;
+ for (i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++)
+ {
+ if (kek_params_table[i].qbits >= qbits)
+ {
+ kek_params[2] = kek_params_table[i].openpgp_hash_id;
+ kek_params[3] = kek_params_table[i].openpgp_cipher_id;
+ break;
+ }
}
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
- err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, kek_params, sizeof(kek_params), NULL);
+ err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG,
+ kek_params, sizeof(kek_params), NULL);
if (err)
log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
return result;
}
-/* returns allocated (binary) KEK parameters; the size is returned in sizeout.
- * The caller must free returned value with xfree.
- * Returns NULL on error
+
+/* Returns allocated (binary) KEK parameters; the size is returned in
+ * sizeout. The caller must free the returned value with xfree.
+ * Returns NULL on error.
*/
byte *
-pk_ecdh_default_params( int qbits, size_t *sizeout ) {
- /* Defaults are the strongest possible choices. Performance is not an issue here, only interoperability. */
+pk_ecdh_default_params (int qbits, size_t *sizeout)
+{
+ /* Defaults are the strongest possible choices. Performance is not
+ an issue here, only interoperability. */
byte kek_params[4] = {
3 /*size of following field*/,
1 /*fixed version for KDF+AESWRAP*/,
DIGEST_ALGO_SHA512 /* KEK MD */,
- CIPHER_ALGO_AES256 /*KEK AESWRAP alg*/
+ CIPHER_ALGO_AES256 /* KEK AESWRAP alg */
};
int i;
-
+
static const struct {
int qbits;
int openpgp_hash_id;
@@ -92,39 +102,48 @@ pk_ecdh_default_params( int qbits, size_t *sizeout ) {
} kek_params_table[] = {
{ 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES },
{ 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
- { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } // 528 is 521 rounded to the 8 bit boundary
+ /* Note: 528 is 521 rounded to the 8 bit boundary */
+ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }
};
byte *p;
*sizeout = 0;
-
- for( i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++ ) {
- if( kek_params_table[i].qbits >= qbits ) {
- kek_params[2] = kek_params_table[i].openpgp_hash_id;
- kek_params[3] = kek_params_table[i].openpgp_cipher_id;
- break;
+
+ for (i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++)
+ {
+ if (kek_params_table[i].qbits >= qbits)
+ {
+ kek_params[2] = kek_params_table[i].openpgp_hash_id;
+ kek_params[3] = kek_params_table[i].openpgp_cipher_id;
+ break;
+ }
}
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
+ if (DBG_CIPHER )
+ log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params));
- p = xtrymalloc( sizeof(kek_params) );
- if( p == NULL )
+ p = xtrymalloc (sizeof(kek_params));
+ if (!p)
return NULL;
- memcpy( p, kek_params, sizeof(kek_params) );
+ memcpy (p, kek_params, sizeof(kek_params));
*sizeout = sizeof(kek_params);
return p;
}
-/* Encrypts/decrypts 'data' with a key derived from shared_mpi ECC point using FIPS SP 800-56A compliant method, which is
- * key derivation + key wrapping. The direction is determined by the first parameter (is_encrypt=1 --> this is encryption).
- * The result is returned in out as a size+value MPI.
+
+/* Encrypts/decrypts 'data' with a key derived from shared_mpi ECC
+ * point using FIPS SP 800-56A compliant method, which is key
+ * derivation + key wrapping. The direction is determined by the first
+ * parameter (is_encrypt=1 --> this is encryption). The result is
+ * returned in out as a size+value MPI.
+ *
* TODO: memory leaks (x_secret).
*/
static int
-pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
- const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey, gcry_mpi_t *out)
+pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
+ const byte pk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t *pkey,
+ gcry_mpi_t *out)
{
byte *secret_x;
int secret_x_size;
@@ -141,55 +160,70 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
{
size_t nbytes;
- /* extract x component of the shared point: this is the actual shared secret */
+ /* Extract x component of the shared point: this is the actual
+ shared secret */
nbytes = (mpi_get_nbits (pkey[1] /* public point */)+7)/8;
secret_x = xmalloc_secure( nbytes );
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, secret_x, nbytes, &nbytes, shared_mpi);
- if( rc ) {
- xfree( secret_x );
- log_error ("ec ephemeral export of shared point failed: %s\n", gpg_strerror (rc) );
- return rc;
- }
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, secret_x, nbytes,
+ &nbytes, shared_mpi);
+ if (rc)
+ {
+ xfree (secret_x);
+ log_error ("ec ephemeral export of shared point failed: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
secret_x_size = (nbits+7)/8;
- assert( nbytes > secret_x_size );
- memmove( secret_x, secret_x+1, secret_x_size );
- memset( secret_x+secret_x_size, 0, nbytes-secret_x_size );
+ assert (nbytes > secret_x_size);
+ memmove (secret_x, secret_x+1, secret_x_size);
+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
- if( DBG_CIPHER )
- log_printhex ("ecdh shared secret X is:", secret_x, secret_x_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh shared secret X is:", secret_x, secret_x_size );
}
- /*** We have now the shared secret bytes in secret_x ***/
+ /*** We have now the shared secret bytes in secret_x. ***/
- /* At this point we are done with PK encryption and the rest of the function uses symmetric
- * key encryption techniques to protect the input 'data'. The following two sections will
- * simply replace current secret_x with a value derived from it. This will become a KEK.
+ /* At this point we are done with PK encryption and the rest of the
+ * function uses symmetric key encryption techniques to protect the
+ * input 'data'. The following two sections will simply replace
+ * current secret_x with a value derived from it. This will become
+ * a KEK.
*/
{
IOBUF obuf = iobuf_temp();
rc = iobuf_write_size_body_mpi ( obuf, pkey[2] ); /* KEK params */
+
+ kdf_params_size = iobuf_temp_to_buffer (obuf,
+ kdf_params, sizeof(kdf_params));
- kdf_params_size = iobuf_temp_to_buffer( obuf, kdf_params, sizeof(kdf_params) );
-
- if( DBG_CIPHER )
- log_printhex ("ecdh KDF public key params are:", kdf_params, kdf_params_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh KDF public key params are:",
+ kdf_params, kdf_params_size );
- if( kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1 ) /* expect 4 bytes 03 01 hash_alg symm_alg */
+ /* Expect 4 bytes 03 01 hash_alg symm_alg. */
+ if (kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1)
return GPG_ERR_BAD_PUBKEY;
kdf_hash_algo = kdf_params[2];
kdf_encr_algo = kdf_params[3];
- if( DBG_CIPHER )
- log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n", gcry_md_algo_name (kdf_hash_algo), openpgp_cipher_algo_name (kdf_encr_algo) );
+ if (DBG_CIPHER)
+ log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n",
+ gcry_md_algo_name (kdf_hash_algo),
+ openpgp_cipher_algo_name (kdf_encr_algo));
- if( kdf_hash_algo != GCRY_MD_SHA256 && kdf_hash_algo != GCRY_MD_SHA384 && kdf_hash_algo != GCRY_MD_SHA512 )
+ if (kdf_hash_algo != GCRY_MD_SHA256
+ && kdf_hash_algo != GCRY_MD_SHA384
+ && kdf_hash_algo != GCRY_MD_SHA512)
return GPG_ERR_BAD_PUBKEY;
- if( kdf_encr_algo != GCRY_CIPHER_AES128 && kdf_encr_algo != GCRY_CIPHER_AES192 && kdf_encr_algo != GCRY_CIPHER_AES256 )
+ if (kdf_encr_algo != GCRY_CIPHER_AES128
+ && kdf_encr_algo != GCRY_CIPHER_AES192
+ && kdf_encr_algo != GCRY_CIPHER_AES256)
return GPG_ERR_BAD_PUBKEY;
}
- /* build kdf_params */
+ /* Build kdf_params. */
{
IOBUF obuf;
@@ -205,13 +239,15 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
/* fixed-length field 5, recipient fp */
iobuf_write (obuf, pk_fp, 20);
- kdf_params_size = iobuf_temp_to_buffer( obuf, kdf_params, sizeof(kdf_params) );
- iobuf_close( obuf );
- if( rc ) {
+ kdf_params_size = iobuf_temp_to_buffer (obuf,
+ kdf_params, sizeof(kdf_params));
+ iobuf_close (obuf);
+ if (rc)
return rc;
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh KDF message params are:", kdf_params, kdf_params_size );
+
+ if(DBG_CIPHER)
+ log_printhex ("ecdh KDF message params are:",
+ kdf_params, kdf_params_size );
}
/* Derive a KEK (key wrapping key) using kdf_params and secret_x. */
@@ -231,7 +267,8 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
- memcpy (secret_x, gcry_md_read (h, kdf_hash_algo), gcry_md_get_algo_dlen (kdf_hash_algo));
+ memcpy (secret_x, gcry_md_read (h, kdf_hash_algo),
+ gcry_md_get_algo_dlen (kdf_hash_algo));
gcry_md_close (h);
old_size = secret_x_size;
@@ -239,12 +276,13 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
secret_x_size = gcry_cipher_get_algo_keylen( kdf_encr_algo );
assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
- memset( secret_x+secret_x_size, old_size-secret_x_size, 0 ); /* we could have allocated more, so clean the tail before returning */
- if( DBG_CIPHER )
+ /* We could have allocated more, so clean the tail before returning. */
+ memset( secret_x+secret_x_size, old_size-secret_x_size, 0 );
+ if (DBG_CIPHER)
log_printhex ("ecdh KEK is:", secret_x, secret_x_size );
- }
-
- /* And, finally, aeswrap with key secret_x */
+ }
+
+ /* And, finally, aeswrap with key secret_x. */
{
gcry_cipher_hd_t hd;
size_t nbytes;
@@ -256,115 +294,134 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
rc = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
if (rc)
- {
- log_error( "ecdh failed to initialize AESWRAP: %s\n", gpg_strerror (rc));
- return rc;
- }
+ {
+ log_error ("ecdh failed to initialize AESWRAP: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
rc = gcry_cipher_setkey (hd, secret_x, secret_x_size);
xfree( secret_x );
if (rc)
- {
- gcry_cipher_close (hd);
- log_error("ecdh failed in gcry_cipher_setkey: %s\n", gpg_strerror (rc));
- return rc;
- }
-
- data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
- assert( (data_buf_size & 7) == (is_encrypt ? 0 : 1) );
-
- data_buf = xmalloc_secure( 1 + 2*data_buf_size + 8 );
- if( !data_buf ) {
- gcry_cipher_close (hd);
- return GPG_ERR_ENOMEM;
- }
-
- if( is_encrypt ) {
- byte *in = data_buf+1+data_buf_size+8;
-
- /* write data MPI into the end of data_buf. data_buf is size aeswrap data */
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, in, data_buf_size, &nbytes, data/*in*/);
- if( rc ) {
- log_error("ecdh failed to export DEK: %s\n", gpg_strerror (rc));
+ {
gcry_cipher_close (hd);
- xfree( data_buf );
+ log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
+ gpg_strerror (rc));
return rc;
}
- if( DBG_CIPHER )
- log_printhex ("ecdh encrypting :", in, data_buf_size );
+ data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
+ assert ((data_buf_size & 7) == (is_encrypt ? 0 : 1));
- rc = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8, in, data_buf_size);
- memset( in, 0, data_buf_size);
- gcry_cipher_close (hd);
- if(rc)
+ data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
+ if (!data_buf)
{
- log_error("ecdh failed in gcry_cipher_encrypt: %s\n", gpg_strerror (rc));
- xfree( data_buf );
- return rc;
+ gcry_cipher_close (hd);
+ return GPG_ERR_ENOMEM;
}
- data_buf[0] = data_buf_size+8;
-
- if( DBG_CIPHER )
- log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] );
- rc = gcry_mpi_scan ( &result, GCRYMPI_FMT_USG, data_buf, 1+data_buf[0], NULL); /* (byte)size + aeswrap of DEK */
- xfree( data_buf );
- if(rc)
+ if (is_encrypt)
{
- log_error("ecdh failed to create an MPI: %s\n", gpg_strerror (rc));
- return rc;
- }
-
- *out = result;
- }
- else {
- byte *in;
+ byte *in = data_buf+1+data_buf_size+8;
+
+ /* Write data MPI into the end of data_buf. data_buf is size
+ aeswrap data. */
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, in,
+ data_buf_size, &nbytes, data/*in*/);
+ if (rc)
+ {
+ log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (rc));
+ gcry_cipher_close (hd);
+ xfree (data_buf);
+ return rc;
+ }
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh encrypting :", in, data_buf_size );
+
+ rc = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8,
+ in, data_buf_size);
+ memset (in, 0, data_buf_size);
+ gcry_cipher_close (hd);
+ if (rc)
+ {
+ log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
+ gpg_strerror (rc));
+ xfree (data_buf);
+ return rc;
+ }
+ data_buf[0] = data_buf_size+8;
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] );
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, data_buf, data_buf_size, &nbytes, data/*in*/);
- if( nbytes != data_buf_size || data_buf[0] != data_buf_size-1 ) {
- log_error("ecdh inconsistent size\n");
+ rc = gcry_mpi_scan (&result, GCRYMPI_FMT_USG,
+ data_buf, 1+data_buf[0], NULL);
+ /* (byte)size + aeswrap of DEK */
xfree( data_buf );
- return GPG_ERR_BAD_MPI;
+ if (rc)
+ {
+ log_error ("ecdh failed to create an MPI: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ *out = result;
}
+ else
+ {
+ byte *in;
+
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, data_buf, data_buf_size,
+ &nbytes, data/*in*/);
+ if (nbytes != data_buf_size || data_buf[0] != data_buf_size-1)
+ {
+ log_error ("ecdh inconsistent size\n");
+ xfree (data_buf);
+ return GPG_ERR_BAD_MPI;
+ }
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
-
- if( DBG_CIPHER )
- log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size );
- rc = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, data_buf_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size);
+
+ rc = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
+ data_buf_size);
gcry_cipher_close (hd);
- if(rc)
- {
- log_error("ecdh failed in gcry_cipher_decrypt: %s\n", gpg_strerror (rc));
- xfree( data_buf );
- return rc;
- }
-
- data_buf_size-=8;
-
- if( DBG_CIPHER )
- log_printhex ("ecdh decrypted to :", in, data_buf_size );
-
- /* padding is removed later */
- //if( in[data_buf_size-1] > 8 ) {
- // log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", in[data_buf_size-1] );
- // return GPG_ERR_BAD_KEY;
- //}
+ if (rc)
+ {
+ log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
+ gpg_strerror (rc));
+ xfree (data_buf);
+ return rc;
+ }
+
+ data_buf_size -= 8;
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh decrypted to :", in, data_buf_size);
+
+ /* Padding is removed later. */
+ /* if (in[data_buf_size-1] > 8 ) */
+ /* { */
+ /* log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", */
+ /* in[data_buf_size-1] ); */
+ /* return GPG_ERR_BAD_KEY; */
+ /* } */
rc = gcry_mpi_scan ( &result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
- xfree( data_buf );
- if(rc)
- {
- log_error("ecdh failed to create a plain text MPI: %s\n", gpg_strerror (rc));
- return rc;
- }
-
+ xfree (data_buf);
+ if (rc)
+ {
+ log_error ("ecdh failed to create a plain text MPI: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
+
*out = result;
- }
+ }
}
-
+
return rc;
}
@@ -380,21 +437,22 @@ gen_k (unsigned nbits)
gcry_mpi_randomize (k, nbits-1, GCRY_STRONG_RANDOM);
- if( DBG_CIPHER ) {
- unsigned char *buffer;
- if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k))
- BUG ();
- log_debug("ephemeral scalar MPI #0: %s\n", buffer);
- gcry_free( buffer );
- }
+ if (DBG_CIPHER)
+ {
+ unsigned char *buffer;
+ if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k))
+ BUG ();
+ log_debug("ephemeral scalar MPI #0: %s\n", buffer);
+ gcry_free( buffer );
+ }
return k;
}
-/* Perform ECDH encryption, which involves ECDH key generation.
- */
+/* Perform ECDH encryption, which involves ECDH key generation. */
int
-pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey)
+pk_ecdh_encrypt (gcry_mpi_t *resarr, const byte pk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t * pkey)
{
gcry_sexp_t s_ciph, s_data, s_pkey;
@@ -402,9 +460,9 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
int rc;
gcry_mpi_t k;
- nbits = pubkey_nbits( PUBKEY_ALGO_ECDH, pkey );
+ nbits = pubkey_nbits (PUBKEY_ALGO_ECDH, pkey);
- /*** Generate an ephemeral key, actually, a scalar ***/
+ /*** Generate an ephemeral key, actually, a scalar. ***/
k = gen_k (nbits);
if( k == NULL )
@@ -414,50 +472,63 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
* Now use ephemeral secret to get the shared secret. ***/
rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecdh(c%m)(q%m)(p%m)))", pkey[0], pkey[1], pkey[2]);
+ "(public-key(ecdh(c%m)(q%m)(p%m)))",
+ pkey[0], pkey[1], pkey[2]);
if (rc)
BUG ();
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "%m", k)) /* ephemeral scalar goes as data */
+ /* Put the data into a simple list. */
+ /* Ephemeral scalar goes as data. */
+ if (gcry_sexp_build (&s_data, NULL, "%m", k))
BUG ();
- /* pass it to libgcrypt */
+ /* Pass it to libgcrypt. */
rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
gcry_sexp_release (s_data);
gcry_sexp_release (s_pkey);
if (rc)
return rc;
- /* finally, perform encryption */
+ /* Finally, perform encryption. */
{
- gcry_mpi_t shared = mpi_from_sexp (s_ciph, "a"); /* ... and get the shared point */
+ /* ... and get the shared point/ */
+ gcry_mpi_t shared;
+
+ shared = mpi_from_sexp (s_ciph, "a");
gcry_sexp_release (s_ciph);
- resarr[0] = mpi_from_sexp (s_ciph, "b"); /* ephemeral public key */
+ /* Ephemeral public key. */
+ resarr[0] = mpi_from_sexp (s_ciph, "b");
- if( DBG_CIPHER ) {
+ if (DBG_CIPHER)
+ {
unsigned char *buffer;
+
if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, resarr[0]))
BUG ();
log_debug("ephemeral key MPI: %s\n", buffer);
gcry_free( buffer );
- }
-
- rc = pk_ecdh_encrypt_with_shared_point ( 1 /*=encrypton*/, shared, pk_fp, data, pkey, resarr+1 );
- mpi_release( shared );
+ }
+
+ rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
+ pk_fp, data, pkey, resarr+1);
+ mpi_release (shared);
}
-
+
return rc;
}
-/* Perform ECDH decryption.
- */
+
+/* Perform ECDH decryption. */
int
-pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey) {
+pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey)
+{
if (!data)
return gpg_error (GPG_ERR_BAD_MPI);
- return pk_ecdh_encrypt_with_shared_point ( 0 /*=decryption*/, shared, sk_fp, data/*encr data as an MPI*/, skey, result );
+ return pk_ecdh_encrypt_with_shared_point (0 /*=decryption*/, shared,
+ sk_fp, data/*encr data as an MPI*/,
+ skey, result);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 05:17:20 +0100