security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-28 21:50:02 +02:00
Code Activity

gpg: Clean up ECDH code path (4).

Browse Source 
* g10/ecdh.c (prepare_ecdh_with_shared_point): New.
(pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
the cipher handle, use prepare_ecdh_with_shared_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2020-05-22 11:44:36 +09:00
parent 80c02d13d9
commit 64d93271bf
1 changed files with 165 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

311
g10/ecdh.c
View File

@ -209,19 +209,13 @@ derive_kek (size_t kek_size,
} }
/* Prepare ECDH using SHARED_MPI, PK_FP fingerprint, and PKEY array.
/* Encrypts/decrypts DATA using a key derived from the ECC shared Returns the cipher handle in R_HD, which needs to be closed by
point SHARED_MPI using the FIPS SP 800-56A compliant method the caller. */
key_derivation+key_wrapping. If IS_ENCRYPT is true the function static gpg_error_t
encrypts; if false, it decrypts. PKEY is the public key and PK_FP prepare_ecdh_with_shared_point (gcry_mpi_t shared_mpi,
the fingerprint of this public key. On success the result is const byte pk_fp[MAX_FINGERPRINT_LEN],
stored at R_RESULT; on failure NULL is stored at R_RESULT and an gcry_mpi_t *pkey, gcry_cipher_hd_t *r_hd)
error code returned. */
gpg_error_t
pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
const byte pk_fp[MAX_FINGERPRINT_LEN],
gcry_mpi_t data, gcry_mpi_t *pkey,
gcry_mpi_t *r_result)
{ {
gpg_error_t err; gpg_error_t err;
byte *secret_x; byte *secret_x;
@ -234,8 +228,9 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
unsigned char kdf_params[256]; unsigned char kdf_params[256];
size_t kdf_params_size; size_t kdf_params_size;
size_t kek_size; size_t kek_size;
gcry_cipher_hd_t hd;
*r_result = NULL; *r_hd = NULL;
if (!gcry_mpi_get_flag (pkey[2], GCRYMPI_FLAG_OPAQUE)) if (!gcry_mpi_get_flag (pkey[2], GCRYMPI_FLAG_OPAQUE))
return gpg_error (GPG_ERR_BUG); return gpg_error (GPG_ERR_BUG);
@ -311,159 +306,183 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
} }
/* And, finally, aeswrap with key secret_x. */ /* And, finally, aeswrap with key secret_x. */
{ err = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
gcry_cipher_hd_t hd; if (err)
size_t nbytes; {
log_error ("ecdh failed to initialize AESWRAP: %s\n",
gpg_strerror (err));
xfree (secret_x);
return err;
}
byte *data_buf; err = gcry_cipher_setkey (hd, secret_x, kek_size);
int data_buf_size; xfree (secret_x);
secret_x = NULL;
if (err)
{
gcry_cipher_close (hd);
log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
gpg_strerror (err));
}
else
*r_hd = hd;
gcry_mpi_t result; return err;
}
err = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0); /* Encrypts/decrypts DATA using a key derived from the ECC shared
if (err) point SHARED_MPI using the FIPS SP 800-56A compliant method
{ key_derivation+key_wrapping. If IS_ENCRYPT is true the function
log_error ("ecdh failed to initialize AESWRAP: %s\n", encrypts; if false, it decrypts. PKEY is the public key and PK_FP
gpg_strerror (err)); the fingerprint of this public key. On success the result is
xfree (secret_x); stored at R_RESULT; on failure NULL is stored at R_RESULT and an
return err; error code returned. */
} gpg_error_t
pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
const byte pk_fp[MAX_FINGERPRINT_LEN],
gcry_mpi_t data, gcry_mpi_t *pkey,
gcry_mpi_t *r_result)
{
gpg_error_t err;
gcry_cipher_hd_t hd;
size_t nbytes;
byte *data_buf;
int data_buf_size;
gcry_mpi_t result;
err = gcry_cipher_setkey (hd, secret_x, kek_size); *r_result = NULL;
xfree (secret_x);
secret_x = NULL;
if (err)
{
gcry_cipher_close (hd);
log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
gpg_strerror (err));
return err;
}
data_buf_size = (gcry_mpi_get_nbits(data)+7)/8; err = prepare_ecdh_with_shared_point (shared_mpi, pk_fp, pkey, &hd);
if ((data_buf_size & 7) != (is_encrypt ? 0 : 1)) if (err)
{ return err;
log_error ("can't use a shared secret of %d bytes for ecdh\n",
data_buf_size);
return gpg_error (GPG_ERR_BAD_DATA);
}
data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8); data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
if (!data_buf) if ((data_buf_size & 7) != (is_encrypt ? 0 : 1))
{ {
err = gpg_error_from_syserror (); log_error ("can't use a shared secret of %d bytes for ecdh\n",
gcry_cipher_close (hd); data_buf_size);
return err; gcry_cipher_close (hd);
} return gpg_error (GPG_ERR_BAD_DATA);
}
if (is_encrypt) data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
{ if (!data_buf)
byte *in = data_buf+1+data_buf_size+8; {
err = gpg_error_from_syserror ();
gcry_cipher_close (hd);
return err;
}
/* Write data MPI into the end of data_buf. data_buf is size if (is_encrypt)
aeswrap data. */ {
err = gcry_mpi_print (GCRYMPI_FMT_USG, in, byte *in = data_buf+1+data_buf_size+8;
data_buf_size, &nbytes, data/*in*/);
if (err)
{
log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (err));
gcry_cipher_close (hd);
xfree (data_buf);
return err;
}
if (DBG_CRYPTO) /* Write data MPI into the end of data_buf. data_buf is size
log_printhex (in, data_buf_size, "ecdh encrypting :"); aeswrap data. */
err = gcry_mpi_print (GCRYMPI_FMT_USG, in,
data_buf_size, &nbytes, data/*in*/);
if (err)
{
log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (err));
gcry_cipher_close (hd);
xfree (data_buf);
return err;
}
err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8, if (DBG_CRYPTO)
in, data_buf_size); log_printhex (in, data_buf_size, "ecdh encrypting :");
memset (in, 0, data_buf_size);
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
data_buf[0] = data_buf_size+8;
if (DBG_CRYPTO) err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8,
log_printhex (data_buf+1, data_buf[0], "ecdh encrypted to:"); in, data_buf_size);
memset (in, 0, data_buf_size);
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
data_buf[0] = data_buf_size+8;
result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0])); if (DBG_CRYPTO)
if (!result) log_printhex (data_buf+1, data_buf[0], "ecdh encrypted to:");
{
err = gpg_error_from_syserror ();
xfree (data_buf);
log_error ("ecdh failed to create an MPI: %s\n",
gpg_strerror (err));
return err;
}
*r_result = result; result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0]));
} if (!result)
else {
{ err = gpg_error_from_syserror ();
byte *in; xfree (data_buf);
const void *p; log_error ("ecdh failed to create an MPI: %s\n",
gpg_strerror (err));
return err;
}
p = gcry_mpi_get_opaque (data, &nbits); *r_result = result;
nbytes = (nbits+7)/8; }
if (!p || nbytes > data_buf_size || !nbytes) else
{ {
xfree (data_buf); byte *in;
return gpg_error (GPG_ERR_BAD_MPI); const void *p;
} unsigned int nbits;
memcpy (data_buf, p, nbytes);
if (data_buf[0] != nbytes-1)
{
log_error ("ecdh inconsistent size\n");
xfree (data_buf);
return gpg_error (GPG_ERR_BAD_MPI);
}
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
if (DBG_CRYPTO) p = gcry_mpi_get_opaque (data, &nbits);
log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :"); nbytes = (nbits+7)/8;
if (!p || nbytes > data_buf_size || !nbytes)
{
xfree (data_buf);
gcry_cipher_close (hd);
return gpg_error (GPG_ERR_BAD_MPI);
}
memcpy (data_buf, p, nbytes);
if (data_buf[0] != nbytes-1)
{
log_error ("ecdh inconsistent size\n");
xfree (data_buf);
gcry_cipher_close (hd);
return gpg_error (GPG_ERR_BAD_MPI);
}
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, if (DBG_CRYPTO)
data_buf_size); log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :");
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
data_buf_size -= 8; err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
data_buf_size);
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
if (DBG_CRYPTO) data_buf_size -= 8;
log_printhex (in, data_buf_size, "ecdh decrypted to :");
/* Padding is removed later. */ if (DBG_CRYPTO)
/* if (in[data_buf_size-1] > 8 ) */ log_printhex (in, data_buf_size, "ecdh decrypted to :");
/* { */
/* log_error ("ecdh failed at decryption: invalid padding." */
/* " 0x%02x > 8\n", in[data_buf_size-1] ); */
/* return gpg_error (GPG_ERR_BAD_KEY); */
/* } */
err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, in, data_buf_size, NULL); /* Padding is removed later. */
xfree (data_buf); /* if (in[data_buf_size-1] > 8 ) */
if (err) /* { */
{ /* log_error ("ecdh failed at decryption: invalid padding." */
log_error ("ecdh failed to create a plain text MPI: %s\n", /* " 0x%02x > 8\n", in[data_buf_size-1] ); */
gpg_strerror (err)); /* return gpg_error (GPG_ERR_BAD_KEY); */
return err; /* } */
}
*r_result = result; err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
} xfree (data_buf);
} if (err)
{
log_error ("ecdh failed to create a plain text MPI: %s\n",
gpg_strerror (err));
return err;
}
*r_result = result;
}
return err; return err;
} }