mirror of
git://git.gnupg.org/gnupg.git
synced 2025-05-24 16:43:28 +02:00
agent: Refactor ECC KEM decap operation.
* agent/pkdecrypt.c (ecc_table): Don't include shared_len. (ecc_pgp_kem_decap): Rename from ecc_pgp_kem_decrypt and only do ECC KEM decap operation. (composite_pgp_kem_decrypt): Move ECC KDF call here. -- GnuPG-bug-id: 7649 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
d1c3bfda2a
commit
eb9c39ac5b
@ -38,7 +38,6 @@ struct ecc_params
|
||||
size_t pubkey_len; /* Pubkey in the SEXP representation. */
|
||||
size_t scalar_len;
|
||||
size_t point_len;
|
||||
size_t shared_len;
|
||||
int hash_algo;
|
||||
int kem_algo;
|
||||
int scalar_reverse;
|
||||
@ -48,35 +47,35 @@ static const struct ecc_params ecc_table[] =
|
||||
{
|
||||
{
|
||||
"Curve25519",
|
||||
33, 32, 32, 32,
|
||||
33, 32, 32,
|
||||
GCRY_MD_SHA3_256, GCRY_KEM_RAW_X25519,
|
||||
1
|
||||
},
|
||||
{
|
||||
"X448",
|
||||
56, 56, 56, 64,
|
||||
56, 56, 56,
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_X448,
|
||||
0
|
||||
},
|
||||
{
|
||||
"brainpoolP256r1",
|
||||
65, 32, 65, 32,
|
||||
65, 32, 65,
|
||||
GCRY_MD_SHA3_256, GCRY_KEM_RAW_BP256,
|
||||
0
|
||||
},
|
||||
{
|
||||
"brainpoolP384r1",
|
||||
97, 48, 97, 64,
|
||||
97, 48, 97,
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP384,
|
||||
0
|
||||
},
|
||||
{
|
||||
"brainpoolP512r1",
|
||||
129, 64, 129, 64,
|
||||
129, 64, 129,
|
||||
GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP512,
|
||||
0
|
||||
},
|
||||
{ NULL, 0, 0, 0, 0, 0, 0, 0 }
|
||||
{ NULL, 0, 0, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
|
||||
@ -424,19 +423,22 @@ ecc_get_curve (ctrl_t ctrl, gcry_sexp_t s_skey, const char **r_curve)
|
||||
}
|
||||
|
||||
/* Given a private key in SEXP by S_SKEY0 and a cipher text by ECC_CT
|
||||
* with length ECC_POINT_LEN, do ECC-KEM operation. Result is
|
||||
* returned in the memory referred by ECC_SS. Shared secret length is
|
||||
* returned in the memory referred by R_SHARED_LEN. CTRL is used to
|
||||
* access smartcard, internally. */
|
||||
* with length ECC_POINT_LEN, do ECC KEM decap (== raw ECDH)
|
||||
* operation. Result is returned in the memory referred by ECC_ECDH.
|
||||
* Public key is extracted and put into ECC_PK. The hash algorithm
|
||||
* which is used for following KDF operation is stored into
|
||||
* R_HASH_ALGO. SHADOW_INFO0 is used to determine if the private key
|
||||
* is actually on smartcard. CTRL is used to access smartcard,
|
||||
* internally. */
|
||||
static gpg_error_t
|
||||
ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
unsigned char *shadow_info0,
|
||||
const unsigned char *ecc_ct, size_t ecc_point_len,
|
||||
unsigned char *ecc_ss, size_t *r_shared_len)
|
||||
ecc_pgp_kem_decap (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
const unsigned char *shadow_info0,
|
||||
const unsigned char *ecc_ct, size_t ecc_point_len,
|
||||
unsigned char ecc_ecdh[ECC_POINT_LEN_MAX],
|
||||
unsigned char ecc_pk[ECC_POINT_LEN_MAX],
|
||||
int *r_hash_algo)
|
||||
{
|
||||
gpg_error_t err;
|
||||
unsigned char ecc_ecdh[ECC_POINT_LEN_MAX];
|
||||
unsigned char ecc_pk[ECC_POINT_LEN_MAX];
|
||||
const char *curve;
|
||||
const struct ecc_params *ecc = NULL;
|
||||
|
||||
@ -453,6 +455,9 @@ ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
return err;
|
||||
}
|
||||
|
||||
if (DBG_CRYPTO)
|
||||
log_debug ("ECC curve: %s\n", curve);
|
||||
|
||||
ecc = get_ecc_params (curve);
|
||||
if (!ecc)
|
||||
{
|
||||
@ -461,10 +466,7 @@ ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
return gpg_error (GPG_ERR_BAD_SECKEY);
|
||||
}
|
||||
|
||||
*r_shared_len = ecc->shared_len;
|
||||
|
||||
if (DBG_CRYPTO)
|
||||
log_debug ("ECC curve: %s\n", curve);
|
||||
*r_hash_algo = ecc->hash_algo;
|
||||
|
||||
if (ecc->point_len != ecc_point_len)
|
||||
{
|
||||
@ -508,22 +510,6 @@ ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
|
||||
if (DBG_CRYPTO)
|
||||
log_printhex (ecc_ecdh, ecc_point_len, "ECC ecdh:");
|
||||
|
||||
err = gnupg_ecc_kem_kdf (ecc_ss, ecc->shared_len, ecc->hash_algo,
|
||||
ecc_ecdh, ecc->point_len, ecc_ct, ecc->point_len,
|
||||
ecc_pk, ecc->point_len);
|
||||
|
||||
wipememory (ecc_ecdh, sizeof ecc_ecdh);
|
||||
|
||||
if (err)
|
||||
{
|
||||
if (opt.verbose)
|
||||
log_info ("%s: kdf for ECC failed\n", __func__);
|
||||
return err;
|
||||
}
|
||||
|
||||
if (DBG_CRYPTO)
|
||||
log_printhex (ecc_ss, ecc->shared_len, "ECC shared:");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -561,7 +547,10 @@ composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
gcry_mpi_t ecc_ct_mpi = NULL;
|
||||
const unsigned char *ecc_ct;
|
||||
size_t ecc_ct_len;
|
||||
unsigned char ecc_ecdh[ECC_POINT_LEN_MAX];
|
||||
unsigned char ecc_pk[ECC_POINT_LEN_MAX];
|
||||
unsigned char ecc_ss[ECC_HASH_LEN_MAX];
|
||||
int ecc_hashalgo;
|
||||
size_t ecc_shared_len, ecc_point_len;
|
||||
|
||||
enum gcry_kem_algos mlkem_kem_algo;
|
||||
@ -629,10 +618,23 @@ composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,
|
||||
|
||||
/* Firstly, ECC part. */
|
||||
ecc_point_len = ecc_ct_len;
|
||||
err = ecc_pgp_kem_decrypt (ctrl, s_skey0, shadow_info0, ecc_ct, ecc_point_len,
|
||||
ecc_ss, &ecc_shared_len);
|
||||
err = ecc_pgp_kem_decap (ctrl, s_skey0, shadow_info0, ecc_ct, ecc_point_len,
|
||||
ecc_ecdh, ecc_pk, &ecc_hashalgo);
|
||||
if (err)
|
||||
goto leave;
|
||||
ecc_shared_len = gcry_md_get_algo_dlen (ecc_hashalgo);
|
||||
err = gnupg_ecc_kem_kdf (ecc_ss, ecc_shared_len, ecc_hashalgo,
|
||||
ecc_ecdh, ecc_point_len, ecc_ct, ecc_point_len,
|
||||
ecc_pk, ecc_point_len);
|
||||
if (err)
|
||||
{
|
||||
if (opt.verbose)
|
||||
log_info ("%s: kdf for ECC failed\n", __func__);
|
||||
return err;
|
||||
}
|
||||
wipememory (ecc_ecdh, sizeof ecc_ecdh);
|
||||
if (DBG_CRYPTO)
|
||||
log_printhex (ecc_ss, ecc_shared_len, "ECC shared:");
|
||||
|
||||
/* Secondly, PQC part. For now, we assume ML-KEM. */
|
||||
err = gcry_sexp_extract_param (s_skey1, NULL, "/s", &mlkem_sk_mpi, NULL);
|
||||
|
Loading…
x
Reference in New Issue
Block a user