1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/*-
* Copyright (c) 2017 Ribose Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef ECDH_H_
#define ECDH_H_
#include "crypto/ec.h"
/* Max size of wrapped and obfuscated key size
*
* RNP pads a key with PKCS-5 always to 8 byte granularity,
* then 8 bytes is added by AES-wrap (RFC3394).
*/
#define ECDH_WRAPPED_KEY_SIZE 48
/* Forward declarations */
typedef struct pgp_fingerprint_t pgp_fingerprint_t;
typedef struct pgp_ecdh_encrypted_t {
pgp_mpi_t p;
uint8_t m[ECDH_WRAPPED_KEY_SIZE];
size_t mlen;
} pgp_ecdh_encrypted_t;
rnp_result_t ecdh_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret);
/*
* @brief Sets hash algorithm and key wrapping algo
* based on curve_id
*
* @param key ec key to set parameters for
* @param curve underlying ECC curve ID
*
* @returns false if curve is not supported, otherwise true
*/
bool ecdh_set_params(pgp_ec_key_t *key, pgp_curve_t curve_id);
/*
* Encrypts session key with a KEK agreed during ECDH as specified in
* RFC 4880 bis 01, 13.5
*
* @param rng initialized rnp::RNG object
* @param session_key key to be encrypted
* @param session_key_len length of the key buffer
* @param wrapped_key [out] resulting key wrapped in by some AES
* as specified in RFC 3394
* @param wrapped_key_len [out] length of the `wrapped_key' buffer
* Current implementation always produces 48 bytes as key
* is padded with PKCS-5/7
* @param ephemeral_key [out] public ephemeral ECDH key used for key
* agreement (private part). Must be initialized
* @param pubkey public key to be used for encryption
* @param fingerprint fingerprint of the pubkey
*
* @return RNP_SUCCESS on success and output parameters are populated
* @return RNP_ERROR_NOT_SUPPORTED unknown curve
* @return RNP_ERROR_BAD_PARAMETERS unexpected input provided
* @return RNP_ERROR_SHORT_BUFFER `wrapped_key_len' to small to store result
* @return RNP_ERROR_GENERIC implementation error
*/
rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG * rng,
pgp_ecdh_encrypted_t * out,
const uint8_t *const in,
size_t in_len,
const pgp_ec_key_t * key,
const pgp_fingerprint_t &fingerprint);
/*
* Decrypts session key with a KEK agreed during ECDH as specified in
* RFC 4880 bis 01, 13.5
*
* @param session_key [out] resulting session key
* @param session_key_len [out] length of the resulting session key
* @param wrapped_key session key wrapped with some AES as specified
* in RFC 3394
* @param wrapped_key_len length of the `wrapped_key' buffer
* @param ephemeral_key public ephemeral ECDH key coming from
* encrypted packet.
* @param seckey secret key to be used for decryption
* @param fingerprint fingerprint of the key
*
* @return RNP_SUCCESS on success and output parameters are populated
* @return RNP_ERROR_NOT_SUPPORTED unknown curve
* @return RNP_ERROR_BAD_PARAMETERS unexpected input provided
* @return RNP_ERROR_SHORT_BUFFER `session_key_len' to small to store result
* @return RNP_ERROR_GENERIC decryption failed or implementation error
*/
rnp_result_t ecdh_decrypt_pkcs5(uint8_t * out,
size_t * out_len,
const pgp_ecdh_encrypted_t *in,
const pgp_ec_key_t * key,
const pgp_fingerprint_t & fingerprint);
#endif // ECDH_H_
|
