diff options
-rw-r--r-- | cipher/ecc-ecdh.c | 29 | ||||
-rw-r--r-- | cipher/ecc.c | 195 |
2 files changed, 25 insertions, 199 deletions
diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c index b81a4487..26c7a029 100644 --- a/cipher/ecc-ecdh.c +++ b/cipher/ecc-ecdh.c @@ -34,18 +34,12 @@ #define ECC_CURVE25519_BITS 256 #define ECC_CURVE448_BITS 448 -static mpi_ec_t -prepare_ec (const char *curve_name, elliptic_curve_t *E) +static gpg_err_code_t +prepare_ec (mpi_ec_t *r_ec, const char *name) { - mpi_ec_t ec; - - memset (E, 0, sizeof *E); - if (_gcry_ecc_fill_in_curve (0, curve_name, E, NULL)) - return NULL; + int flags = PUBKEY_FLAG_DJB_TWEAK; - ec = _gcry_mpi_ec_p_internal_new (E->model, E->dialect, - PUBKEY_FLAG_DJB_TWEAK, E->p, E->a, E->b); - return ec; + return _gcry_mpi_ec_internal_new (r_ec, &flags, "ecc_mul_point", NULL, name); } unsigned int @@ -69,11 +63,9 @@ _gcry_ecc_mul_point (int algo, unsigned char *result, unsigned int nbytes; const char *curve; gpg_err_code_t err; - elliptic_curve_t E; unsigned char buffer[ECC_CURVE448_BITS/8]; gcry_mpi_t mpi_k; mpi_ec_t ec; - gcry_mpi_t mpi_u; mpi_point_t Q; gcry_mpi_t x; unsigned int len; @@ -96,9 +88,11 @@ _gcry_ecc_mul_point (int algo, unsigned char *result, nbytes = nbits / 8; + err = prepare_ec (&ec, curve); + if (err) + return err; + mpi_k = mpi_new (nbits); - ec = prepare_ec (curve, &E); - mpi_u = mpi_new (nbits); Q = mpi_point_new (nbits); x = mpi_new (nbits); @@ -106,13 +100,14 @@ _gcry_ecc_mul_point (int algo, unsigned char *result, reverse_buffer (buffer, nbytes); _gcry_mpi_set_buffer (mpi_k, buffer, nbytes, 0); - for (i = 0; (E.h & (1 << i)) == 0; i++) + for (i = 0; (ec->h & (1 << i)) == 0; i++) mpi_clear_bit (mpi_k, i); - mpi_set_highbit (mpi_k, mpi_get_nbits (E.p) - 1); + mpi_set_highbit (mpi_k, mpi_get_nbits (ec->p) - 1); if (point) { mpi_point_t P = mpi_point_new (nbits); + gcry_mpi_t mpi_u = mpi_new (nbits); _gcry_mpi_set_buffer (mpi_u, point, nbytes, 0); @@ -124,7 +119,7 @@ _gcry_ecc_mul_point (int algo, unsigned char *result, _gcry_mpi_point_release (P); } else - _gcry_mpi_ec_mul_point (Q, mpi_k, &E.G, ec); + _gcry_mpi_ec_mul_point (Q, mpi_k, ec->G, ec); _gcry_mpi_ec_get_affine (x, NULL, Q, ec); diff --git a/cipher/ecc.c b/cipher/ecc.c index 05473b52..e762b951 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1245,34 +1245,15 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) unsigned int nbits; gcry_err_code_t rc; struct pk_encoding_ctx ctx; - gcry_sexp_t l1 = NULL; - char *curvename = NULL; - gcry_mpi_t mpi_g = NULL; - gcry_mpi_t mpi_h = NULL; - gcry_mpi_t mpi_q = NULL; gcry_mpi_t mpi_s = NULL; gcry_mpi_t mpi_e = NULL; gcry_mpi_t data = NULL; - elliptic_curve_t E; - mpi_point_struct Q; mpi_ec_t ec = NULL; int flags = 0; - memset (&E, 0, sizeof E); _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, (nbits = ecc_get_nbits (keyparms))); - /* Look for flags. */ - l1 = sexp_find_token (keyparms, "flags", 0); - if (l1) - { - rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - if (rc) - goto leave; - } - sexp_release (l1); - l1 = NULL; - /* * Extract the data. */ @@ -1288,39 +1269,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* * Extract the key. */ - rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?h?/q", - &E.p, &E.a, &E.b, &mpi_g, &E.n, &mpi_h, - &mpi_q, NULL); - if (rc) - goto leave; - if (mpi_g) - { - point_init (&E.G); - rc = _gcry_ecc_os2ec (&E.G, mpi_g); - if (rc) - goto leave; - } - if (mpi_h) - mpi_get_ui (&E.h, mpi_h); - /* Add missing parameters using the optional curve parameter. */ - l1 = sexp_find_token (keyparms, "curve", 5); - if (l1) - { - curvename = sexp_nth_string (l1, 1); - if (curvename) - { - rc = _gcry_ecc_fill_in_curve (0, curvename, &E, NULL); - if (rc) - goto leave; - } - } - /* Guess required fields if a curve parameter has not been given. */ - if (!curvename) - { - E.model = MPI_EC_WEIERSTRASS; - E.dialect = ECC_DIALECT_STANDARD; - E.h = 1; - } + rc = _gcry_mpi_ec_internal_new (&ec, &flags, "ecc_encrypt", keyparms, NULL); /* * Tweak the scalar bits by cofactor and number of bits of the field. @@ -1330,50 +1279,19 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) { int i; - for (i = 0; (E.h & (1 << i)) == 0; i++) + for (i = 0; (ec->h & (1 << i)) == 0; i++) mpi_clear_bit (data, i); - mpi_set_highbit (data, mpi_get_nbits (E.p) - 1); + mpi_set_highbit (data, mpi_get_nbits (ec->p) - 1); } if (DBG_CIPHER) log_mpidump ("ecc_encrypt data", data); - if (DBG_CIPHER) - { - log_debug ("ecc_encrypt info: %s/%s\n", - _gcry_ecc_model2str (E.model), - _gcry_ecc_dialect2str (E.dialect)); - if (E.name) - log_debug ("ecc_encrypt name: %s\n", E.name); - log_printmpi ("ecc_encrypt p", E.p); - log_printmpi ("ecc_encrypt a", E.a); - log_printmpi ("ecc_encrypt b", E.b); - log_printpnt ("ecc_encrypt g", &E.G, NULL); - log_printmpi ("ecc_encrypt n", E.n); - log_printf ("ecc_encrypt h %02x\n", E.h); - log_printmpi ("ecc_encrypt q", mpi_q); - } - if (!E.p || !E.a || !E.b || !E.G.x || !E.n || !mpi_q) + if (!ec->p || !ec->a || !ec->b || !ec->G || !ec->n || !ec->Q) { rc = GPG_ERR_NO_OBJ; goto leave; } - /* Compute the encrypted value. */ - ec = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, flags, - E.p, E.a, E.b); - - /* Convert the public key. */ - if (mpi_q) - { - point_init (&Q); - if (ec->model == MPI_EC_MONTGOMERY) - rc = _gcry_ecc_mont_decodepoint (mpi_q, ec, &Q); - else - rc = _gcry_ecc_os2ec (&Q, mpi_q); - if (rc) - goto leave; - } - /* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so */ { mpi_point_struct R; /* Result that we return. */ @@ -1391,7 +1309,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) point_init (&R); /* R = kQ <=> R = kdG */ - _gcry_mpi_ec_mul_point (&R, data, &Q, ec); + _gcry_mpi_ec_mul_point (&R, data, ec->Q, ec); if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) { @@ -1412,7 +1330,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } } if (y) - mpi_s = _gcry_ecc_ec2os (x, y, E.p); + mpi_s = _gcry_ecc_ec2os (x, y, ec->p); else { rc = _gcry_ecc_mont_encodepoint (x, nbits, 1, &rawmpi, &rawmpilen); @@ -1423,7 +1341,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* R = kG */ - _gcry_mpi_ec_mul_point (&R, data, &E.G, ec); + _gcry_mpi_ec_mul_point (&R, data, ec->G, ec); if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) { @@ -1431,7 +1349,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave_main; } if (y) - mpi_e = _gcry_ecc_ec2os (x, y, E.p); + mpi_e = _gcry_ecc_ec2os (x, y, ec->p); else { rc = _gcry_ecc_mont_encodepoint (x, nbits, 1, &rawmpi, &rawmpilen); @@ -1454,20 +1372,9 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", mpi_s, mpi_e); leave: - _gcry_mpi_release (E.p); - _gcry_mpi_release (E.a); - _gcry_mpi_release (E.b); - _gcry_mpi_release (mpi_g); - _gcry_mpi_release (mpi_h); - point_free (&E.G); - _gcry_mpi_release (E.n); - _gcry_mpi_release (mpi_q); - point_free (&Q); _gcry_mpi_release (data); _gcry_mpi_release (mpi_s); _gcry_mpi_release (mpi_e); - xfree (curvename); - sexp_release (l1); _gcry_mpi_ec_free (ec); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1491,35 +1398,18 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) struct pk_encoding_ctx ctx; gcry_sexp_t l1 = NULL; gcry_mpi_t data_e = NULL; - elliptic_curve_t E; - gcry_mpi_t d; - gcry_mpi_t mpi_g = NULL; - gcry_mpi_t mpi_h = NULL; - char *curvename = NULL; mpi_ec_t ec = NULL; mpi_point_struct kG; mpi_point_struct R; gcry_mpi_t r = NULL; int flags = 0; - memset (&E, 0, sizeof E); point_init (&kG); point_init (&R); _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, (nbits = ecc_get_nbits (keyparms))); - /* Look for flags. */ - l1 = sexp_find_token (keyparms, "flags", 0); - if (l1) - { - rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); - if (rc) - goto leave; - } - sexp_release (l1); - l1 = NULL; - /* * Extract the data. */ @@ -1535,66 +1425,16 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* * Extract the key. */ - rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?h?+d", - &E.p, &E.a, &E.b, &mpi_g, &E.n, - &mpi_h, &d, NULL); + rc = _gcry_mpi_ec_internal_new (&ec, &flags, "ecc_decrypt", keyparms, NULL); if (rc) goto leave; - if (mpi_g) - { - point_init (&E.G); - rc = _gcry_ecc_os2ec (&E.G, mpi_g); - if (rc) - goto leave; - } - if (mpi_h) - mpi_get_ui (&E.h, mpi_h); - /* Add missing parameters using the optional curve parameter. */ - sexp_release (l1); - l1 = sexp_find_token (keyparms, "curve", 5); - if (l1) - { - curvename = sexp_nth_string (l1, 1); - if (curvename) - { - rc = _gcry_ecc_fill_in_curve (0, curvename, &E, NULL); - if (rc) - goto leave; - } - } - /* Guess required fields if a curve parameter has not been given. */ - if (!curvename) - { - E.model = MPI_EC_WEIERSTRASS; - E.dialect = ECC_DIALECT_STANDARD; - E.h = 1; - } - if (DBG_CIPHER) - { - log_debug ("ecc_decrypt info: %s/%s\n", - _gcry_ecc_model2str (E.model), - _gcry_ecc_dialect2str (E.dialect)); - if (E.name) - log_debug ("ecc_decrypt name: %s\n", E.name); - log_printmpi ("ecc_decrypt p", E.p); - log_printmpi ("ecc_decrypt a", E.a); - log_printmpi ("ecc_decrypt b", E.b); - log_printpnt ("ecc_decrypt g", &E.G, NULL); - log_printmpi ("ecc_decrypt n", E.n); - log_printf ("ecc_decrypt h %02x\n", E.h); - if (!fips_mode ()) - log_printmpi ("ecc_decrypt d", d); - } - if (!E.p || !E.a || !E.b || !E.G.x || !E.n || !d) + + if (!ec->p || !ec->a || !ec->b || !ec->G || !ec->n || !ec->d) { rc = GPG_ERR_NO_OBJ; goto leave; } - - ec = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, flags, - E.p, E.a, E.b); - /* * Compute the plaintext. */ @@ -1630,7 +1470,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } /* R = dkG */ - _gcry_mpi_ec_mul_point (&R, d, &kG, ec); + _gcry_mpi_ec_mul_point (&R, ec->d, &kG, ec); /* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so: */ { @@ -1670,7 +1510,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } if (y) - r = _gcry_ecc_ec2os (x, y, E.p); + r = _gcry_ecc_ec2os (x, y, ec->p); else { @@ -1701,16 +1541,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) point_free (&R); point_free (&kG); _gcry_mpi_release (r); - _gcry_mpi_release (E.p); - _gcry_mpi_release (E.a); - _gcry_mpi_release (E.b); - _gcry_mpi_release (mpi_g); - _gcry_mpi_release (mpi_h); - point_free (&E.G); - _gcry_mpi_release (E.n); - _gcry_mpi_release (d); _gcry_mpi_release (data_e); - xfree (curvename); sexp_release (l1); _gcry_mpi_ec_free (ec); _gcry_pk_util_free_encoding_ctx (&ctx); |