mirror of
git://git.gnupg.org/gnupg.git
synced 2025-05-24 16:43:28 +02:00
agent: Finish ECC KEM, adding support for NIST curves.
* agent/command.c (cmd_pkdecrypt): ECC KEM PGP doesn't use OPTION. * agent/pkdecrypt.c (ecc_table): Add NIST curves. (ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX): Fix for NIST curves. (composite_pgp_kem_decrypt): Take care of error by gcry_cipher_setkey. (ecc_kem_decrypt): Fix un-wrapping the session key. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
57a3d23925
commit
b956f47e2a
@ -1096,7 +1096,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
|
||||
if (!rc)
|
||||
rc = assuan_inquire (ctx, "CIPHERTEXT",
|
||||
&value, &valuelen, MAXLEN_CIPHERTEXT);
|
||||
if (!rc && kemid > KEM_PQC_PGP)
|
||||
if (!rc && kemid > KEM_PGP)
|
||||
rc = assuan_inquire (ctx, "OPTION",
|
||||
&option, &optionlen, MAXLEN_CIPHERTEXT);
|
||||
if (rc)
|
||||
|
@ -43,7 +43,6 @@ struct ecc_params
|
||||
int scalar_reverse;
|
||||
};
|
||||
|
||||
/* FIXME: Add NIST curves for traditional ECC */
|
||||
static const struct ecc_params ecc_table[] =
|
||||
{
|
||||
{
|
||||
@ -58,6 +57,24 @@ static const struct ecc_params ecc_table[] =
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_X448,
|
||||
0
|
||||
},
|
||||
{
|
||||
"NIST P-256",
|
||||
65, 32, 65,
|
||||
GCRY_MD_SHA3_256, GCRY_KEM_RAW_P256R1,
|
||||
0
|
||||
},
|
||||
{
|
||||
"NIST P-384",
|
||||
97, 48, 97,
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_P384R1,
|
||||
0
|
||||
},
|
||||
{
|
||||
"NIST P-521",
|
||||
133, 66, 133,
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_P521R1,
|
||||
0
|
||||
},
|
||||
{
|
||||
"brainpoolP256r1",
|
||||
65, 32, 65,
|
||||
@ -82,8 +99,8 @@ static const struct ecc_params ecc_table[] =
|
||||
|
||||
/* Maximum buffer sizes required for ECC KEM. Keep this aligned to
|
||||
* the ecc_table above. */
|
||||
#define ECC_SCALAR_LEN_MAX 64
|
||||
#define ECC_POINT_LEN_MAX (1+2*64)
|
||||
#define ECC_SCALAR_LEN_MAX 66
|
||||
#define ECC_POINT_LEN_MAX (1+2*ECC_SCALAR_LEN_MAX)
|
||||
#define ECC_HASH_LEN_MAX 64
|
||||
|
||||
|
||||
@ -729,10 +746,10 @@ composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
}
|
||||
|
||||
err = gcry_cipher_setkey (hd, kek, kek_len);
|
||||
|
||||
sessionkey_len = encrypted_sessionkey_len - 8;
|
||||
err = gcry_cipher_decrypt (hd, sessionkey, sessionkey_len,
|
||||
encrypted_sessionkey, encrypted_sessionkey_len);
|
||||
if (!err)
|
||||
err = gcry_cipher_decrypt (hd, sessionkey, sessionkey_len,
|
||||
encrypted_sessionkey, encrypted_sessionkey_len);
|
||||
gcry_cipher_close (hd);
|
||||
|
||||
mpi_release (encrypted_sessionkey_mpi);
|
||||
@ -770,7 +787,7 @@ composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
/* For ECC PGP KEM, decrypt CIPHERTEXT using KEM API. CIPHERTEXT
|
||||
should follow the format of:
|
||||
|
||||
(enc-val(ecdh(c%d)(h%d)(e%m)(s%m)(fixed-info&)))
|
||||
(enc-val(ecc(c%d)(h%d)(e%m)(s%m)(kdf-params&)))
|
||||
c: cipher identifier (of wrapping key)
|
||||
h: hash identifier
|
||||
e: ECDH ciphertext
|
||||
@ -808,7 +825,7 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
gcry_cipher_hd_t hd;
|
||||
unsigned char sessionkey[256];
|
||||
size_t sessionkey_len;
|
||||
gcry_buffer_t fixed_info = { 0, 0, 0, NULL };
|
||||
gcry_buffer_t kdf_params = { 0, 0, 0, NULL };
|
||||
|
||||
err = agent_key_from_file (ctrl, NULL, desc_text,
|
||||
NULL, &shadow_info,
|
||||
@ -819,9 +836,9 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
err = gcry_sexp_extract_param (s_cipher, NULL, "%dc%dh/es&'fixed-info'",
|
||||
err = gcry_sexp_extract_param (s_cipher, NULL, "%dc%dh/es&'kdf-params'",
|
||||
&algo, &hashalgo, &ecc_ct_mpi,
|
||||
&encrypted_sessionkey_mpi, &fixed_info, NULL);
|
||||
&encrypted_sessionkey_mpi, &kdf_params, NULL);
|
||||
if (err)
|
||||
{
|
||||
if (opt.verbose)
|
||||
@ -829,7 +846,7 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (!fixed_info.data)
|
||||
if (!kdf_params.data)
|
||||
{
|
||||
if (opt.verbose)
|
||||
log_info ("%s: the KDF parameters is required\n", __func__);
|
||||
@ -869,7 +886,7 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
x-component from the point. */
|
||||
ecc_ecdh + 1 : ecc_ecdh,
|
||||
ecc->scalar_len, ecc_ct, ecc_point_len,
|
||||
ecc_pk, ecc_point_len, &fixed_info);
|
||||
ecc_pk, ecc_point_len, &kdf_params);
|
||||
if (err)
|
||||
{
|
||||
if (opt.verbose)
|
||||
@ -891,10 +908,18 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (encrypted_sessionkey[0] != encrypted_sessionkey_len - 1)
|
||||
{
|
||||
err = gpg_error (GPG_ERR_INV_DATA);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
err = gcry_cipher_setkey (hd, kek, kek_len);
|
||||
sessionkey_len = encrypted_sessionkey_len - 8;
|
||||
err = gcry_cipher_decrypt (hd, sessionkey, sessionkey_len,
|
||||
encrypted_sessionkey, encrypted_sessionkey_len);
|
||||
sessionkey_len = encrypted_sessionkey_len - 8 - 1;
|
||||
if (!err)
|
||||
err = gcry_cipher_decrypt (hd, sessionkey, sessionkey_len,
|
||||
encrypted_sessionkey + 1,
|
||||
encrypted_sessionkey_len - 1);
|
||||
gcry_cipher_close (hd);
|
||||
|
||||
if (err)
|
||||
@ -914,7 +939,7 @@ ecc_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
xfree (kek);
|
||||
mpi_release (ecc_ct_mpi);
|
||||
mpi_release (encrypted_sessionkey_mpi);
|
||||
gcry_free (fixed_info.data);
|
||||
gcry_free (kdf_params.data);
|
||||
gcry_sexp_release (s_skey);
|
||||
xfree (shadow_info);
|
||||
return err;
|
||||
|
Loading…
x
Reference in New Issue
Block a user