summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cipher/ecc-ecdh.c29
-rw-r--r--cipher/ecc.c195
2 files changed, 25 insertions, 199 deletions
diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
index b81a4487..26c7a029 100644
--- a/cipher/ecc-ecdh.c
+++ b/cipher/ecc-ecdh.c
@@ -34,18 +34,12 @@
#define ECC_CURVE25519_BITS 256
#define ECC_CURVE448_BITS 448
-static mpi_ec_t
-prepare_ec (const char *curve_name, elliptic_curve_t *E)
+static gpg_err_code_t
+prepare_ec (mpi_ec_t *r_ec, const char *name)
{
- mpi_ec_t ec;
-
- memset (E, 0, sizeof *E);
- if (_gcry_ecc_fill_in_curve (0, curve_name, E, NULL))
- return NULL;
+ int flags = PUBKEY_FLAG_DJB_TWEAK;
- ec = _gcry_mpi_ec_p_internal_new (E->model, E->dialect,
- PUBKEY_FLAG_DJB_TWEAK, E->p, E->a, E->b);
- return ec;
+ return _gcry_mpi_ec_internal_new (r_ec, &flags, "ecc_mul_point", NULL, name);
}
unsigned int
@@ -69,11 +63,9 @@ _gcry_ecc_mul_point (int algo, unsigned char *result,
unsigned int nbytes;
const char *curve;
gpg_err_code_t err;
- elliptic_curve_t E;
unsigned char buffer[ECC_CURVE448_BITS/8];
gcry_mpi_t mpi_k;
mpi_ec_t ec;
- gcry_mpi_t mpi_u;
mpi_point_t Q;
gcry_mpi_t x;
unsigned int len;
@@ -96,9 +88,11 @@ _gcry_ecc_mul_point (int algo, unsigned char *result,
nbytes = nbits / 8;
+ err = prepare_ec (&ec, curve);
+ if (err)
+ return err;
+
mpi_k = mpi_new (nbits);
- ec = prepare_ec (curve, &E);
- mpi_u = mpi_new (nbits);
Q = mpi_point_new (nbits);
x = mpi_new (nbits);
@@ -106,13 +100,14 @@ _gcry_ecc_mul_point (int algo, unsigned char *result,
reverse_buffer (buffer, nbytes);
_gcry_mpi_set_buffer (mpi_k, buffer, nbytes, 0);
- for (i = 0; (E.h & (1 << i)) == 0; i++)
+ for (i = 0; (ec->h & (1 << i)) == 0; i++)
mpi_clear_bit (mpi_k, i);
- mpi_set_highbit (mpi_k, mpi_get_nbits (E.p) - 1);
+ mpi_set_highbit (mpi_k, mpi_get_nbits (ec->p) - 1);
if (point)
{
mpi_point_t P = mpi_point_new (nbits);
+ gcry_mpi_t mpi_u = mpi_new (nbits);
_gcry_mpi_set_buffer (mpi_u, point, nbytes, 0);
@@ -124,7 +119,7 @@ _gcry_ecc_mul_point (int algo, unsigned char *result,
_gcry_mpi_point_release (P);
}
else
- _gcry_mpi_ec_mul_point (Q, mpi_k, &E.G, ec);
+ _gcry_mpi_ec_mul_point (Q, mpi_k, ec->G, ec);
_gcry_mpi_ec_get_affine (x, NULL, Q, ec);
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 05473b52..e762b951 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1245,34 +1245,15 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
unsigned int nbits;
gcry_err_code_t rc;
struct pk_encoding_ctx ctx;
- gcry_sexp_t l1 = NULL;
- char *curvename = NULL;
- gcry_mpi_t mpi_g = NULL;
- gcry_mpi_t mpi_h = NULL;
- gcry_mpi_t mpi_q = NULL;
gcry_mpi_t mpi_s = NULL;
gcry_mpi_t mpi_e = NULL;
gcry_mpi_t data = NULL;
- elliptic_curve_t E;
- mpi_point_struct Q;
mpi_ec_t ec = NULL;
int flags = 0;
- memset (&E, 0, sizeof E);
_gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT,
(nbits = ecc_get_nbits (keyparms)));
- /* Look for flags. */
- l1 = sexp_find_token (keyparms, "flags", 0);
- if (l1)
- {
- rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL);
- if (rc)
- goto leave;
- }
- sexp_release (l1);
- l1 = NULL;
-
/*
* Extract the data.
*/
@@ -1288,39 +1269,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
/*
* Extract the key.
*/
- rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?h?/q",
- &E.p, &E.a, &E.b, &mpi_g, &E.n, &mpi_h,
- &mpi_q, NULL);
- if (rc)
- goto leave;
- if (mpi_g)
- {
- point_init (&E.G);
- rc = _gcry_ecc_os2ec (&E.G, mpi_g);
- if (rc)
- goto leave;
- }
- if (mpi_h)
- mpi_get_ui (&E.h, mpi_h);
- /* Add missing parameters using the optional curve parameter. */
- l1 = sexp_find_token (keyparms, "curve", 5);
- if (l1)
- {
- curvename = sexp_nth_string (l1, 1);
- if (curvename)
- {
- rc = _gcry_ecc_fill_in_curve (0, curvename, &E, NULL);
- if (rc)
- goto leave;
- }
- }
- /* Guess required fields if a curve parameter has not been given. */
- if (!curvename)
- {
- E.model = MPI_EC_WEIERSTRASS;
- E.dialect = ECC_DIALECT_STANDARD;
- E.h = 1;
- }
+ rc = _gcry_mpi_ec_internal_new (&ec, &flags, "ecc_encrypt", keyparms, NULL);
/*
* Tweak the scalar bits by cofactor and number of bits of the field.
@@ -1330,50 +1279,19 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
{
int i;
- for (i = 0; (E.h & (1 << i)) == 0; i++)
+ for (i = 0; (ec->h & (1 << i)) == 0; i++)
mpi_clear_bit (data, i);
- mpi_set_highbit (data, mpi_get_nbits (E.p) - 1);
+ mpi_set_highbit (data, mpi_get_nbits (ec->p) - 1);
}
if (DBG_CIPHER)
log_mpidump ("ecc_encrypt data", data);
- if (DBG_CIPHER)
- {
- log_debug ("ecc_encrypt info: %s/%s\n",
- _gcry_ecc_model2str (E.model),
- _gcry_ecc_dialect2str (E.dialect));
- if (E.name)
- log_debug ("ecc_encrypt name: %s\n", E.name);
- log_printmpi ("ecc_encrypt p", E.p);
- log_printmpi ("ecc_encrypt a", E.a);
- log_printmpi ("ecc_encrypt b", E.b);
- log_printpnt ("ecc_encrypt g", &E.G, NULL);
- log_printmpi ("ecc_encrypt n", E.n);
- log_printf ("ecc_encrypt h %02x\n", E.h);
- log_printmpi ("ecc_encrypt q", mpi_q);
- }
- if (!E.p || !E.a || !E.b || !E.G.x || !E.n || !mpi_q)
+ if (!ec->p || !ec->a || !ec->b || !ec->G || !ec->n || !ec->Q)
{
rc = GPG_ERR_NO_OBJ;
goto leave;
}
- /* Compute the encrypted value. */
- ec = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, flags,
- E.p, E.a, E.b);
-
- /* Convert the public key. */
- if (mpi_q)
- {
- point_init (&Q);
- if (ec->model == MPI_EC_MONTGOMERY)
- rc = _gcry_ecc_mont_decodepoint (mpi_q, ec, &Q);
- else
- rc = _gcry_ecc_os2ec (&Q, mpi_q);
- if (rc)
- goto leave;
- }
-
/* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so */
{
mpi_point_struct R; /* Result that we return. */
@@ -1391,7 +1309,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
point_init (&R);
/* R = kQ <=> R = kdG */
- _gcry_mpi_ec_mul_point (&R, data, &Q, ec);
+ _gcry_mpi_ec_mul_point (&R, data, ec->Q, ec);
if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
{
@@ -1412,7 +1330,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
}
if (y)
- mpi_s = _gcry_ecc_ec2os (x, y, E.p);
+ mpi_s = _gcry_ecc_ec2os (x, y, ec->p);
else
{
rc = _gcry_ecc_mont_encodepoint (x, nbits, 1, &rawmpi, &rawmpilen);
@@ -1423,7 +1341,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
/* R = kG */
- _gcry_mpi_ec_mul_point (&R, data, &E.G, ec);
+ _gcry_mpi_ec_mul_point (&R, data, ec->G, ec);
if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
{
@@ -1431,7 +1349,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
goto leave_main;
}
if (y)
- mpi_e = _gcry_ecc_ec2os (x, y, E.p);
+ mpi_e = _gcry_ecc_ec2os (x, y, ec->p);
else
{
rc = _gcry_ecc_mont_encodepoint (x, nbits, 1, &rawmpi, &rawmpilen);
@@ -1454,20 +1372,9 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
rc = sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", mpi_s, mpi_e);
leave:
- _gcry_mpi_release (E.p);
- _gcry_mpi_release (E.a);
- _gcry_mpi_release (E.b);
- _gcry_mpi_release (mpi_g);
- _gcry_mpi_release (mpi_h);
- point_free (&E.G);
- _gcry_mpi_release (E.n);
- _gcry_mpi_release (mpi_q);
- point_free (&Q);
_gcry_mpi_release (data);
_gcry_mpi_release (mpi_s);
_gcry_mpi_release (mpi_e);
- xfree (curvename);
- sexp_release (l1);
_gcry_mpi_ec_free (ec);
_gcry_pk_util_free_encoding_ctx (&ctx);
if (DBG_CIPHER)
@@ -1491,35 +1398,18 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
struct pk_encoding_ctx ctx;
gcry_sexp_t l1 = NULL;
gcry_mpi_t data_e = NULL;
- elliptic_curve_t E;
- gcry_mpi_t d;
- gcry_mpi_t mpi_g = NULL;
- gcry_mpi_t mpi_h = NULL;
- char *curvename = NULL;
mpi_ec_t ec = NULL;
mpi_point_struct kG;
mpi_point_struct R;
gcry_mpi_t r = NULL;
int flags = 0;
- memset (&E, 0, sizeof E);
point_init (&kG);
point_init (&R);
_gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT,
(nbits = ecc_get_nbits (keyparms)));
- /* Look for flags. */
- l1 = sexp_find_token (keyparms, "flags", 0);
- if (l1)
- {
- rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL);
- if (rc)
- goto leave;
- }
- sexp_release (l1);
- l1 = NULL;
-
/*
* Extract the data.
*/
@@ -1535,66 +1425,16 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
/*
* Extract the key.
*/
- rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?h?+d",
- &E.p, &E.a, &E.b, &mpi_g, &E.n,
- &mpi_h, &d, NULL);
+ rc = _gcry_mpi_ec_internal_new (&ec, &flags, "ecc_decrypt", keyparms, NULL);
if (rc)
goto leave;
- if (mpi_g)
- {
- point_init (&E.G);
- rc = _gcry_ecc_os2ec (&E.G, mpi_g);
- if (rc)
- goto leave;
- }
- if (mpi_h)
- mpi_get_ui (&E.h, mpi_h);
- /* Add missing parameters using the optional curve parameter. */
- sexp_release (l1);
- l1 = sexp_find_token (keyparms, "curve", 5);
- if (l1)
- {
- curvename = sexp_nth_string (l1, 1);
- if (curvename)
- {
- rc = _gcry_ecc_fill_in_curve (0, curvename, &E, NULL);
- if (rc)
- goto leave;
- }
- }
- /* Guess required fields if a curve parameter has not been given. */
- if (!curvename)
- {
- E.model = MPI_EC_WEIERSTRASS;
- E.dialect = ECC_DIALECT_STANDARD;
- E.h = 1;
- }
- if (DBG_CIPHER)
- {
- log_debug ("ecc_decrypt info: %s/%s\n",
- _gcry_ecc_model2str (E.model),
- _gcry_ecc_dialect2str (E.dialect));
- if (E.name)
- log_debug ("ecc_decrypt name: %s\n", E.name);
- log_printmpi ("ecc_decrypt p", E.p);
- log_printmpi ("ecc_decrypt a", E.a);
- log_printmpi ("ecc_decrypt b", E.b);
- log_printpnt ("ecc_decrypt g", &E.G, NULL);
- log_printmpi ("ecc_decrypt n", E.n);
- log_printf ("ecc_decrypt h %02x\n", E.h);
- if (!fips_mode ())
- log_printmpi ("ecc_decrypt d", d);
- }
- if (!E.p || !E.a || !E.b || !E.G.x || !E.n || !d)
+
+ if (!ec->p || !ec->a || !ec->b || !ec->G || !ec->n || !ec->d)
{
rc = GPG_ERR_NO_OBJ;
goto leave;
}
-
- ec = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, flags,
- E.p, E.a, E.b);
-
/*
* Compute the plaintext.
*/
@@ -1630,7 +1470,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
/* R = dkG */
- _gcry_mpi_ec_mul_point (&R, d, &kG, ec);
+ _gcry_mpi_ec_mul_point (&R, ec->d, &kG, ec);
/* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so: */
{
@@ -1670,7 +1510,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
if (y)
- r = _gcry_ecc_ec2os (x, y, E.p);
+ r = _gcry_ecc_ec2os (x, y, ec->p);
else
{
@@ -1701,16 +1541,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
point_free (&R);
point_free (&kG);
_gcry_mpi_release (r);
- _gcry_mpi_release (E.p);
- _gcry_mpi_release (E.a);
- _gcry_mpi_release (E.b);
- _gcry_mpi_release (mpi_g);
- _gcry_mpi_release (mpi_h);
- point_free (&E.G);
- _gcry_mpi_release (E.n);
- _gcry_mpi_release (d);
_gcry_mpi_release (data_e);
- xfree (curvename);
sexp_release (l1);
_gcry_mpi_ec_free (ec);
_gcry_pk_util_free_encoding_ctx (&ctx);
View Lorry Controller Status