1 files changed, 117 insertions, 0 deletions
diff --git a/src/lib/crypto/ecdh.h b/src/lib/crypto/ecdh.h
new file mode 100644
index 0000000..017e1e6
--- /dev/null
+++ b/src/lib/crypto/ecdh.h
@@ -0,0 +1,117 @@
+/*-
+ * Copyright (c) 2017 Ribose Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ECDH_H_
+#define ECDH_H_
+
+#include "crypto/ec.h"
+
+/* Max size of wrapped and obfuscated key size
+ *
+ * RNP pads a key with PKCS-5 always to 8 byte granularity,
+ * then 8 bytes is added by AES-wrap (RFC3394).
+ */
+#define ECDH_WRAPPED_KEY_SIZE 48
+
+/* Forward declarations */
+typedef struct pgp_fingerprint_t pgp_fingerprint_t;
+
+typedef struct pgp_ecdh_encrypted_t {
+    pgp_mpi_t p;
+    uint8_t   m[ECDH_WRAPPED_KEY_SIZE];
+    size_t    mlen;
+} pgp_ecdh_encrypted_t;
+
+rnp_result_t ecdh_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret);
+
+/*
+ * @brief   Sets hash algorithm and key wrapping algo
+ *          based on curve_id
+ *
+ * @param   key   ec key to set parameters for
+ * @param   curve       underlying ECC curve ID
+ *
+ * @returns false if curve is not supported, otherwise true
+ */
+bool ecdh_set_params(pgp_ec_key_t *key, pgp_curve_t curve_id);
+
+/*
+ * Encrypts session key with a KEK agreed during ECDH as specified in
+ * RFC 4880 bis 01, 13.5
+ *
+ * @param rng initialized rnp::RNG object
+ * @param session_key key to be encrypted
+ * @param session_key_len length of the key buffer
+ * @param wrapped_key [out] resulting key wrapped in by some AES
+ *        as specified in RFC 3394
+ * @param wrapped_key_len [out] length of the `wrapped_key' buffer
+ *        Current implementation always produces 48 bytes as key
+ *        is padded with PKCS-5/7
+ * @param ephemeral_key [out] public ephemeral ECDH key used for key
+ *        agreement (private part). Must be initialized
+ * @param pubkey public key to be used for encryption
+ * @param fingerprint fingerprint of the pubkey
+ *
+ * @return RNP_SUCCESS on success and output parameters are populated
+ * @return RNP_ERROR_NOT_SUPPORTED unknown curve
+ * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided
+ * @return RNP_ERROR_SHORT_BUFFER `wrapped_key_len' to small to store result
+ * @return RNP_ERROR_GENERIC implementation error
+ */
+rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG *               rng,
+                                pgp_ecdh_encrypted_t *   out,
+                                const uint8_t *const     in,
+                                size_t                   in_len,
+                                const pgp_ec_key_t *     key,
+                                const pgp_fingerprint_t &fingerprint);
+
+/*
+ * Decrypts session key with a KEK agreed during ECDH as specified in
+ * RFC 4880 bis 01, 13.5
+ *
+ * @param session_key [out] resulting session key
+ * @param session_key_len [out] length of the resulting session key
+ * @param wrapped_key session key wrapped with some AES as specified
+ *        in RFC 3394
+ * @param wrapped_key_len length of the `wrapped_key' buffer
+ * @param ephemeral_key public ephemeral ECDH key coming from
+ *        encrypted packet.
+ * @param seckey secret key to be used for decryption
+ * @param fingerprint fingerprint of the key
+ *
+ * @return RNP_SUCCESS on success and output parameters are populated
+ * @return RNP_ERROR_NOT_SUPPORTED unknown curve
+ * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided
+ * @return RNP_ERROR_SHORT_BUFFER `session_key_len' to small to store result
+ * @return RNP_ERROR_GENERIC decryption failed or implementation error
+ */
+rnp_result_t ecdh_decrypt_pkcs5(uint8_t *                   out,
+                                size_t *                    out_len,
+                                const pgp_ecdh_encrypted_t *in,
+                                const pgp_ec_key_t *        key,
+                                const pgp_fingerprint_t &   fingerprint);
+
+#endif // ECDH_H_