gpg: Use bytes for ECDH.

* g10/ecdh.c (extract_secret_x): Use byte * instead of MPI. (prepare_ecdh_with_shared_point): Use char * instead of MPI. (pk_ecdh_encrypt_with_shared_point): Likewise. (pk_ecdh_decrypt): Likewise. * g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt): Change declaration. * g10/pkglue.c (get_data_from_sexp): New. (pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp. Follow the change of pk_ecdh_encrypt_with_shared_point. * g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 15:45:51 +09:00 · 2020-06-09 15:45:51 +09:00 · da5e0bc31b
parent e9760eb9e7
commit da5e0bc31b
4 changed files with 64 additions and 60 deletions
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@ -82,15 +82,15 @@ pk_ecdh_default_params (unsigned int qbits)
 }
-/* Extract xcomponent from the point SHARED_MPI.  POINT_NBYTES is the
+/* Extract xcomponent from the point SHARED.  POINT_NBYTES is the
   size to represent an EC point which is determined by the public
   key.  SECRET_X_SIZE is the size of x component to represent an
   integer which is determined by the curve. */
 static gpg_error_t
-extract_secret_x (byte **r_secret_x, gcry_mpi_t shared_mpi,
+extract_secret_x (byte **r_secret_x,
                  const char *shared, size_t nshared,
                  size_t point_nbytes, size_t secret_x_size)
 {
  gpg_error_t err;
  byte *secret_x;
  *r_secret_x = NULL;
@ -111,15 +111,7 @@ extract_secret_x (byte **r_secret_x, gcry_mpi_t shared_mpi,
  if (!secret_x)
    return gpg_error_from_syserror ();
-  err = gcry_mpi_print (GCRYMPI_FMT_USG, secret_x, point_nbytes,
+  memcpy (secret_x, shared, nshared);
                        &point_nbytes, shared_mpi);
  if (err)
    {
      xfree (secret_x);
      log_error ("ECDH ephemeral export of shared point failed: %s\n",
                 gpg_strerror (err));
      return err;
    }
  /* Remove the prefix.  */
  if ((point_nbytes & 1))
@ -133,7 +125,7 @@ extract_secret_x (byte **r_secret_x, gcry_mpi_t shared_mpi,
    log_printhex (secret_x, secret_x_size, "ECDH shared secret X is:");
  *r_secret_x = secret_x;
-  return err;
+  return 0;
 }
@ -209,11 +201,11 @@ derive_kek (size_t kek_size,
 }
-/* Prepare ECDH using SHARED_MPI, PK_FP fingerprint, and PKEY array.
+/* Prepare ECDH using SHARED, PK_FP fingerprint, and PKEY array.
   Returns the cipher handle in R_HD, which needs to be closed by
   the caller.  */
 static gpg_error_t
-prepare_ecdh_with_shared_point (gcry_mpi_t shared_mpi,
+prepare_ecdh_with_shared_point (const char *shared, size_t nshared,
                                const byte pk_fp[MAX_FINGERPRINT_LEN],
                                gcry_mpi_t *pkey, gcry_cipher_hd_t *r_hd)
 {
@ -280,7 +272,7 @@ prepare_ecdh_with_shared_point (gcry_mpi_t shared_mpi,
  if (kek_size > secret_x_size)
    return gpg_error (GPG_ERR_BAD_PUBKEY);
-  err = extract_secret_x (&secret_x, shared_mpi,
+  err = extract_secret_x (&secret_x, shared, nshared,
                          /* pkey[1] is the public point */
                          (mpi_get_nbits (pkey[1])+7)/8,
                          secret_x_size);
@ -330,21 +322,20 @@ prepare_ecdh_with_shared_point (gcry_mpi_t shared_mpi,
  return err;
 }
-/* Encrypts DATA using a key derived from the ECC shared point
+/* Encrypts DATA using a key derived from the ECC shared point SHARED
-   SHARED_MPI using the FIPS SP 800-56A compliant method
+   using the FIPS SP 800-56A compliant method
   key_derivation+key_wrapping.  PKEY is the public key and PK_FP the
   fingerprint of this public key.  On success the result is stored at
   R_RESULT; on failure NULL is stored at R_RESULT and an error code
   returned.  */
 gpg_error_t
-pk_ecdh_encrypt_with_shared_point (gcry_mpi_t shared_mpi,
+pk_ecdh_encrypt_with_shared_point (const char *shared, size_t nshared,
                                   const byte pk_fp[MAX_FINGERPRINT_LEN],
-                                   gcry_mpi_t data, gcry_mpi_t *pkey,
+                                   const byte *data, size_t ndata,
-                                   gcry_mpi_t *r_result)
+                                   gcry_mpi_t *pkey, gcry_mpi_t *r_result)
 {
  gpg_error_t err;
  gcry_cipher_hd_t hd;
  size_t nbytes;
  byte *data_buf;
  int data_buf_size;
  gcry_mpi_t result;
@ -352,11 +343,11 @@ pk_ecdh_encrypt_with_shared_point (gcry_mpi_t shared_mpi,
  *r_result = NULL;
-  err = prepare_ecdh_with_shared_point (shared_mpi, pk_fp, pkey, &hd);
+  err = prepare_ecdh_with_shared_point (shared, nshared, pk_fp, pkey, &hd);
  if (err)
    return err;
-  data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
+  data_buf_size = ndata;
  if ((data_buf_size & 7) != 0)
    {
      log_error ("can't use a shared secret of %d bytes for ecdh\n",
@ -377,15 +368,7 @@ pk_ecdh_encrypt_with_shared_point (gcry_mpi_t shared_mpi,
  /* Write data MPI into the end of data_buf. data_buf is size
     aeswrap data.  */
-  err = gcry_mpi_print (GCRYMPI_FMT_USG, in,
+  memcpy (in, data, ndata);
                        data_buf_size, &nbytes, data/*in*/);
  if (err)
    {
      log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (err));
      gcry_cipher_close (hd);
      xfree (data_buf);
      return err;
    }
  if (DBG_CRYPTO)
    log_printhex (in, data_buf_size, "ecdh encrypting  :");
@ -497,7 +480,8 @@ pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k)
 /* Perform ECDH decryption.   */
 int
 pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
-                 gcry_mpi_t data, gcry_mpi_t shared_mpi, gcry_mpi_t * skey)
+                 gcry_mpi_t data,
                 const byte *shared, size_t nshared, gcry_mpi_t * skey)
 {
  gpg_error_t err;
  gcry_cipher_hd_t hd;
@ -508,16 +492,16 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
  const void *p;
  unsigned int nbits;
  if (!data)
    return gpg_error (GPG_ERR_BAD_MPI);
  *r_result = NULL;
-  err = prepare_ecdh_with_shared_point (shared_mpi, sk_fp, skey, &hd);
+  err = prepare_ecdh_with_shared_point (shared, nshared, sk_fp, skey, &hd);
  if (err)
    return err;
-  data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
+  p = gcry_mpi_get_opaque (data, &nbits);
  nbytes = (nbits+7)/8;
  data_buf_size = nbytes;
  if ((data_buf_size & 7) != 1)
    {
      log_error ("can't use a shared secret of %d bytes for ecdh\n",
@ -534,9 +518,7 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
      return err;
    }
-  p = gcry_mpi_get_opaque (data, &nbits);
+  if (!p)
  nbytes = (nbits+7)/8;
  if (!p || nbytes > data_buf_size || !nbytes)
    {
      xfree (data_buf);
      gcry_cipher_close (hd);
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@ -98,6 +98,28 @@ sexp_extract_param_sos (gcry_sexp_t sexp, const char *param, gcry_mpi_t *r_sos)
 }
 static byte *
 get_data_from_sexp (gcry_sexp_t sexp, const char *item, size_t *r_size)
 {
  gcry_sexp_t list;
  size_t valuelen;
  const char *value;
  byte *v;
  log_printsexp ("get_data_from_sexp:", sexp);
  list = gcry_sexp_find_token (sexp, item, 0);
  log_assert (list);
  value = gcry_sexp_nth_data (list, 1, &valuelen);
  log_assert (value);
  v = xtrymalloc (valuelen);
  memcpy (v, value, valuelen);
  gcry_sexp_release (list);
  *r_size = valuelen;
  return v;
 }
 /****************
 * Emulate our old PK interface here - sometime in the future we might
 * change the internal design to directly fit to libgcrypt.
@ -382,12 +404,14 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
    ;
  else if (algo == PUBKEY_ALGO_ECDH)
    {
-      gcry_mpi_t shared, public, result;
+      gcry_mpi_t public, result;
      byte fp[MAX_FINGERPRINT_LEN];
      size_t fpn;
      byte *shared;
      size_t nshared;
      /* Get the shared point and the ephemeral public key.  */
-      shared = get_mpi_from_sexp (s_ciph, "s", GCRYMPI_FMT_USG);
+      shared = get_data_from_sexp (s_ciph, "s", &nshared);
      rc = sexp_extract_param_sos (s_ciph, "e", &public);
      gcry_sexp_release (s_ciph);
      s_ciph = NULL;
@ -404,9 +428,13 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
        rc = gpg_error (GPG_ERR_INV_LENGTH);
      if (!rc)
-        rc = pk_ecdh_encrypt_with_shared_point (shared,
+        {
-                                                fp, data, pkey, &result);
+          unsigned int nbits;
-      gcry_mpi_release (shared);
+          byte *p = gcry_mpi_get_opaque (data, &nbits);
          rc = pk_ecdh_encrypt_with_shared_point (shared, nshared, fp, p,
                                                  (nbits+7)/8, pkey, &result);
        }
      xfree (shared);
      if (!rc)
        {
          resarr[0] = public;
--- a/g10/pkglue.h
+++ b/g10/pkglue.h
@ -38,15 +38,18 @@ int pk_check_secret_key (pubkey_algo_t algo, gcry_mpi_t *skey);
 gcry_mpi_t  pk_ecdh_default_params (unsigned int qbits);
 gpg_error_t pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k);
 gpg_error_t pk_ecdh_encrypt_with_shared_point
-/*         */  (gcry_mpi_t shared_mpi,
+/*         */  (const char *shared, size_t nshared,
                const byte pk_fp[MAX_FINGERPRINT_LEN],
-                gcry_mpi_t data, gcry_mpi_t *pkey,
+                const byte *data, size_t ndata,
                gcry_mpi_t *pkey,
                gcry_mpi_t *out);
 int pk_ecdh_encrypt (gcry_mpi_t *resarr, const byte pk_fp[MAX_FINGERPRINT_LEN],
                     gcry_mpi_t data, gcry_mpi_t * pkey);
 int pk_ecdh_decrypt (gcry_mpi_t *result, const byte sk_fp[MAX_FINGERPRINT_LEN],
-                     gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey);
+                     gcry_mpi_t data,
                     const byte *frame, size_t nframe,
                     gcry_mpi_t * skey);
 #endif /*GNUPG_G10_PKGLUE_H*/
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -278,20 +278,11 @@ get_it (ctrl_t ctrl,
  if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
    {
      gcry_mpi_t shared_mpi;
      gcry_mpi_t decoded;
      /* At the beginning the frame are the bytes of shared point MPI.  */
      err = gcry_mpi_scan (&shared_mpi, GCRYMPI_FMT_USG, frame, nframe, NULL);
      if (err)
        {
          err = gpg_error (GPG_ERR_WRONG_SECKEY);
          goto leave;
        }
      err = pk_ecdh_decrypt (&decoded, fp, enc->data[1]/*encr data as an MPI*/,
-                             shared_mpi, sk->pkey);
+                             frame, nframe, sk->pkey);
      mpi_release (shared_mpi);
      if(err)
        goto leave;