summaryrefslogtreecommitdiffstats
path: root/g10/ecdh.c
diff options
context:
space:
mode:
Diffstat (limited to 'g10/ecdh.c')
-rw-r--r--g10/ecdh.c451
1 files changed, 261 insertions, 190 deletions
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 091a28cde..cb251fef2 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -1,5 +1,5 @@
/* ecdh.c - ECDH public key operations used in public key glue code
- * Copyright (C) 2000, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -31,10 +31,12 @@
#include "options.h"
gcry_mpi_t
-pk_ecdh_default_params_to_mpi( int qbits ) {
+pk_ecdh_default_params_to_mpi (int qbits)
+{
gpg_error_t err;
gcry_mpi_t result;
- /* Defaults are the strongest possible choices. Performance is not an issue here, only interoperability. */
+ /* Defaults are the strongest possible choices. Performance is not
+ an issue here, only interoperability. */
byte kek_params[4] = {
3 /*size of following field*/,
1 /*fixed version for KDF+AESWRAP*/,
@@ -50,41 +52,49 @@ pk_ecdh_default_params_to_mpi( int qbits ) {
} kek_params_table[] = {
{ 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES },
{ 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
- { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } // 528 is 521 rounded to the 8 bit boundary
+
+ /* Note: 528 is 521 rounded to the 8 bit boundary */
+ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }
};
- for( i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++ ) {
- if( kek_params_table[i].qbits >= qbits ) {
- kek_params[2] = kek_params_table[i].openpgp_hash_id;
- kek_params[3] = kek_params_table[i].openpgp_cipher_id;
- break;
+ for (i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++)
+ {
+ if (kek_params_table[i].qbits >= qbits)
+ {
+ kek_params[2] = kek_params_table[i].openpgp_hash_id;
+ kek_params[3] = kek_params_table[i].openpgp_cipher_id;
+ break;
+ }
}
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
- err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, kek_params, sizeof(kek_params), NULL);
+ err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG,
+ kek_params, sizeof(kek_params), NULL);
if (err)
log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
return result;
}
-/* returns allocated (binary) KEK parameters; the size is returned in sizeout.
- * The caller must free returned value with xfree.
- * Returns NULL on error
+
+/* Returns allocated (binary) KEK parameters; the size is returned in
+ * sizeout. The caller must free the returned value with xfree.
+ * Returns NULL on error.
*/
byte *
-pk_ecdh_default_params( int qbits, size_t *sizeout ) {
- /* Defaults are the strongest possible choices. Performance is not an issue here, only interoperability. */
+pk_ecdh_default_params (int qbits, size_t *sizeout)
+{
+ /* Defaults are the strongest possible choices. Performance is not
+ an issue here, only interoperability. */
byte kek_params[4] = {
3 /*size of following field*/,
1 /*fixed version for KDF+AESWRAP*/,
DIGEST_ALGO_SHA512 /* KEK MD */,
- CIPHER_ALGO_AES256 /*KEK AESWRAP alg*/
+ CIPHER_ALGO_AES256 /* KEK AESWRAP alg */
};
int i;
-
+
static const struct {
int qbits;
int openpgp_hash_id;
@@ -92,39 +102,48 @@ pk_ecdh_default_params( int qbits, size_t *sizeout ) {
} kek_params_table[] = {
{ 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES },
{ 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
- { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } // 528 is 521 rounded to the 8 bit boundary
+ /* Note: 528 is 521 rounded to the 8 bit boundary */
+ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }
};
byte *p;
*sizeout = 0;
-
- for( i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++ ) {
- if( kek_params_table[i].qbits >= qbits ) {
- kek_params[2] = kek_params_table[i].openpgp_hash_id;
- kek_params[3] = kek_params_table[i].openpgp_cipher_id;
- break;
+
+ for (i=0; i<sizeof(kek_params_table)/sizeof(kek_params_table[0]); i++)
+ {
+ if (kek_params_table[i].qbits >= qbits)
+ {
+ kek_params[2] = kek_params_table[i].openpgp_hash_id;
+ kek_params[3] = kek_params_table[i].openpgp_cipher_id;
+ break;
+ }
}
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params) );
+ if (DBG_CIPHER )
+ log_printhex ("ecdh kek params are", kek_params, sizeof(kek_params));
- p = xtrymalloc( sizeof(kek_params) );
- if( p == NULL )
+ p = xtrymalloc (sizeof(kek_params));
+ if (!p)
return NULL;
- memcpy( p, kek_params, sizeof(kek_params) );
+ memcpy (p, kek_params, sizeof(kek_params));
*sizeout = sizeof(kek_params);
return p;
}
-/* Encrypts/decrypts 'data' with a key derived from shared_mpi ECC point using FIPS SP 800-56A compliant method, which is
- * key derivation + key wrapping. The direction is determined by the first parameter (is_encrypt=1 --> this is encryption).
- * The result is returned in out as a size+value MPI.
+
+/* Encrypts/decrypts 'data' with a key derived from shared_mpi ECC
+ * point using FIPS SP 800-56A compliant method, which is key
+ * derivation + key wrapping. The direction is determined by the first
+ * parameter (is_encrypt=1 --> this is encryption). The result is
+ * returned in out as a size+value MPI.
+ *
* TODO: memory leaks (x_secret).
*/
static int
-pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
- const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey, gcry_mpi_t *out)
+pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
+ const byte pk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t *pkey,
+ gcry_mpi_t *out)
{
byte *secret_x;
int secret_x_size;
@@ -141,55 +160,70 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
{
size_t nbytes;
- /* extract x component of the shared point: this is the actual shared secret */
+ /* Extract x component of the shared point: this is the actual
+ shared secret */
nbytes = (mpi_get_nbits (pkey[1] /* public point */)+7)/8;
secret_x = xmalloc_secure( nbytes );
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, secret_x, nbytes, &nbytes, shared_mpi);
- if( rc ) {
- xfree( secret_x );
- log_error ("ec ephemeral export of shared point failed: %s\n", gpg_strerror (rc) );
- return rc;
- }
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, secret_x, nbytes,
+ &nbytes, shared_mpi);
+ if (rc)
+ {
+ xfree (secret_x);
+ log_error ("ec ephemeral export of shared point failed: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
secret_x_size = (nbits+7)/8;
- assert( nbytes > secret_x_size );
- memmove( secret_x, secret_x+1, secret_x_size );
- memset( secret_x+secret_x_size, 0, nbytes-secret_x_size );
+ assert (nbytes > secret_x_size);
+ memmove (secret_x, secret_x+1, secret_x_size);
+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
- if( DBG_CIPHER )
- log_printhex ("ecdh shared secret X is:", secret_x, secret_x_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh shared secret X is:", secret_x, secret_x_size );
}
- /*** We have now the shared secret bytes in secret_x ***/
+ /*** We have now the shared secret bytes in secret_x. ***/
- /* At this point we are done with PK encryption and the rest of the function uses symmetric
- * key encryption techniques to protect the input 'data'. The following two sections will
- * simply replace current secret_x with a value derived from it. This will become a KEK.
+ /* At this point we are done with PK encryption and the rest of the
+ * function uses symmetric key encryption techniques to protect the
+ * input 'data'. The following two sections will simply replace
+ * current secret_x with a value derived from it. This will become
+ * a KEK.
*/
{
IOBUF obuf = iobuf_temp();
rc = iobuf_write_size_body_mpi ( obuf, pkey[2] ); /* KEK params */
+
+ kdf_params_size = iobuf_temp_to_buffer (obuf,
+ kdf_params, sizeof(kdf_params));
- kdf_params_size = iobuf_temp_to_buffer( obuf, kdf_params, sizeof(kdf_params) );
-
- if( DBG_CIPHER )
- log_printhex ("ecdh KDF public key params are:", kdf_params, kdf_params_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh KDF public key params are:",
+ kdf_params, kdf_params_size );
- if( kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1 ) /* expect 4 bytes 03 01 hash_alg symm_alg */
+ /* Expect 4 bytes 03 01 hash_alg symm_alg. */
+ if (kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1)
return GPG_ERR_BAD_PUBKEY;
kdf_hash_algo = kdf_params[2];
kdf_encr_algo = kdf_params[3];
- if( DBG_CIPHER )
- log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n", gcry_md_algo_name (kdf_hash_algo), openpgp_cipher_algo_name (kdf_encr_algo) );
+ if (DBG_CIPHER)
+ log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n",
+ gcry_md_algo_name (kdf_hash_algo),
+ openpgp_cipher_algo_name (kdf_encr_algo));
- if( kdf_hash_algo != GCRY_MD_SHA256 && kdf_hash_algo != GCRY_MD_SHA384 && kdf_hash_algo != GCRY_MD_SHA512 )
+ if (kdf_hash_algo != GCRY_MD_SHA256
+ && kdf_hash_algo != GCRY_MD_SHA384
+ && kdf_hash_algo != GCRY_MD_SHA512)
return GPG_ERR_BAD_PUBKEY;
- if( kdf_encr_algo != GCRY_CIPHER_AES128 && kdf_encr_algo != GCRY_CIPHER_AES192 && kdf_encr_algo != GCRY_CIPHER_AES256 )
+ if (kdf_encr_algo != GCRY_CIPHER_AES128
+ && kdf_encr_algo != GCRY_CIPHER_AES192
+ && kdf_encr_algo != GCRY_CIPHER_AES256)
return GPG_ERR_BAD_PUBKEY;
}
- /* build kdf_params */
+ /* Build kdf_params. */
{
IOBUF obuf;
@@ -205,13 +239,15 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
/* fixed-length field 5, recipient fp */
iobuf_write (obuf, pk_fp, 20);
- kdf_params_size = iobuf_temp_to_buffer( obuf, kdf_params, sizeof(kdf_params) );
- iobuf_close( obuf );
- if( rc ) {
+ kdf_params_size = iobuf_temp_to_buffer (obuf,
+ kdf_params, sizeof(kdf_params));
+ iobuf_close (obuf);
+ if (rc)
return rc;
- }
- if( DBG_CIPHER )
- log_printhex ("ecdh KDF message params are:", kdf_params, kdf_params_size );
+
+ if(DBG_CIPHER)
+ log_printhex ("ecdh KDF message params are:",
+ kdf_params, kdf_params_size );
}
/* Derive a KEK (key wrapping key) using kdf_params and secret_x. */
@@ -231,7 +267,8 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
- memcpy (secret_x, gcry_md_read (h, kdf_hash_algo), gcry_md_get_algo_dlen (kdf_hash_algo));
+ memcpy (secret_x, gcry_md_read (h, kdf_hash_algo),
+ gcry_md_get_algo_dlen (kdf_hash_algo));
gcry_md_close (h);
old_size = secret_x_size;
@@ -239,12 +276,13 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
secret_x_size = gcry_cipher_get_algo_keylen( kdf_encr_algo );
assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
- memset( secret_x+secret_x_size, old_size-secret_x_size, 0 ); /* we could have allocated more, so clean the tail before returning */
- if( DBG_CIPHER )
+ /* We could have allocated more, so clean the tail before returning. */
+ memset( secret_x+secret_x_size, old_size-secret_x_size, 0 );
+ if (DBG_CIPHER)
log_printhex ("ecdh KEK is:", secret_x, secret_x_size );
- }
-
- /* And, finally, aeswrap with key secret_x */
+ }
+
+ /* And, finally, aeswrap with key secret_x. */
{
gcry_cipher_hd_t hd;
size_t nbytes;
@@ -256,115 +294,134 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
rc = gcry_cipher_open (&hd, kdf_encr_algo, GCRY_CIPHER_MODE_AESWRAP, 0);
if (rc)
- {
- log_error( "ecdh failed to initialize AESWRAP: %s\n", gpg_strerror (rc));
- return rc;
- }
+ {
+ log_error ("ecdh failed to initialize AESWRAP: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
rc = gcry_cipher_setkey (hd, secret_x, secret_x_size);
xfree( secret_x );
if (rc)
- {
- gcry_cipher_close (hd);
- log_error("ecdh failed in gcry_cipher_setkey: %s\n", gpg_strerror (rc));
- return rc;
- }
-
- data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
- assert( (data_buf_size & 7) == (is_encrypt ? 0 : 1) );
-
- data_buf = xmalloc_secure( 1 + 2*data_buf_size + 8 );
- if( !data_buf ) {
- gcry_cipher_close (hd);
- return GPG_ERR_ENOMEM;
- }
-
- if( is_encrypt ) {
- byte *in = data_buf+1+data_buf_size+8;
-
- /* write data MPI into the end of data_buf. data_buf is size aeswrap data */
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, in, data_buf_size, &nbytes, data/*in*/);
- if( rc ) {
- log_error("ecdh failed to export DEK: %s\n", gpg_strerror (rc));
+ {
gcry_cipher_close (hd);
- xfree( data_buf );
+ log_error ("ecdh failed in gcry_cipher_setkey: %s\n",
+ gpg_strerror (rc));
return rc;
}
- if( DBG_CIPHER )
- log_printhex ("ecdh encrypting :", in, data_buf_size );
+ data_buf_size = (gcry_mpi_get_nbits(data)+7)/8;
+ assert ((data_buf_size & 7) == (is_encrypt ? 0 : 1));
- rc = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8, in, data_buf_size);
- memset( in, 0, data_buf_size);
- gcry_cipher_close (hd);
- if(rc)
+ data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8);
+ if (!data_buf)
{
- log_error("ecdh failed in gcry_cipher_encrypt: %s\n", gpg_strerror (rc));
- xfree( data_buf );
- return rc;
+ gcry_cipher_close (hd);
+ return GPG_ERR_ENOMEM;
}
- data_buf[0] = data_buf_size+8;
-
- if( DBG_CIPHER )
- log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] );
- rc = gcry_mpi_scan ( &result, GCRYMPI_FMT_USG, data_buf, 1+data_buf[0], NULL); /* (byte)size + aeswrap of DEK */
- xfree( data_buf );
- if(rc)
+ if (is_encrypt)
{
- log_error("ecdh failed to create an MPI: %s\n", gpg_strerror (rc));
- return rc;
- }
-
- *out = result;
- }
- else {
- byte *in;
+ byte *in = data_buf+1+data_buf_size+8;
+
+ /* Write data MPI into the end of data_buf. data_buf is size
+ aeswrap data. */
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, in,
+ data_buf_size, &nbytes, data/*in*/);
+ if (rc)
+ {
+ log_error ("ecdh failed to export DEK: %s\n", gpg_strerror (rc));
+ gcry_cipher_close (hd);
+ xfree (data_buf);
+ return rc;
+ }
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh encrypting :", in, data_buf_size );
+
+ rc = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8,
+ in, data_buf_size);
+ memset (in, 0, data_buf_size);
+ gcry_cipher_close (hd);
+ if (rc)
+ {
+ log_error ("ecdh failed in gcry_cipher_encrypt: %s\n",
+ gpg_strerror (rc));
+ xfree (data_buf);
+ return rc;
+ }
+ data_buf[0] = data_buf_size+8;
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] );
- rc = gcry_mpi_print (GCRYMPI_FMT_USG, data_buf, data_buf_size, &nbytes, data/*in*/);
- if( nbytes != data_buf_size || data_buf[0] != data_buf_size-1 ) {
- log_error("ecdh inconsistent size\n");
+ rc = gcry_mpi_scan (&result, GCRYMPI_FMT_USG,
+ data_buf, 1+data_buf[0], NULL);
+ /* (byte)size + aeswrap of DEK */
xfree( data_buf );
- return GPG_ERR_BAD_MPI;
+ if (rc)
+ {
+ log_error ("ecdh failed to create an MPI: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ *out = result;
}
+ else
+ {
+ byte *in;
+
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, data_buf, data_buf_size,
+ &nbytes, data/*in*/);
+ if (nbytes != data_buf_size || data_buf[0] != data_buf_size-1)
+ {
+ log_error ("ecdh inconsistent size\n");
+ xfree (data_buf);
+ return GPG_ERR_BAD_MPI;
+ }
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
-
- if( DBG_CIPHER )
- log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size );
- rc = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, data_buf_size );
+ if (DBG_CIPHER)
+ log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size);
+
+ rc = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
+ data_buf_size);
gcry_cipher_close (hd);
- if(rc)
- {
- log_error("ecdh failed in gcry_cipher_decrypt: %s\n", gpg_strerror (rc));
- xfree( data_buf );
- return rc;
- }
-
- data_buf_size-=8;
-
- if( DBG_CIPHER )
- log_printhex ("ecdh decrypted to :", in, data_buf_size );
-
- /* padding is removed later */
- //if( in[data_buf_size-1] > 8 ) {
- // log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", in[data_buf_size-1] );
- // return GPG_ERR_BAD_KEY;
- //}
+ if (rc)
+ {
+ log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
+ gpg_strerror (rc));
+ xfree (data_buf);
+ return rc;
+ }
+
+ data_buf_size -= 8;
+
+ if (DBG_CIPHER)
+ log_printhex ("ecdh decrypted to :", in, data_buf_size);
+
+ /* Padding is removed later. */
+ /* if (in[data_buf_size-1] > 8 ) */
+ /* { */
+ /* log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", */
+ /* in[data_buf_size-1] ); */
+ /* return GPG_ERR_BAD_KEY; */
+ /* } */
rc = gcry_mpi_scan ( &result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
- xfree( data_buf );
- if(rc)
- {
- log_error("ecdh failed to create a plain text MPI: %s\n", gpg_strerror (rc));
- return rc;
- }
-
+ xfree (data_buf);
+ if (rc)
+ {
+ log_error ("ecdh failed to create a plain text MPI: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
+
*out = result;
- }
+ }
}
-
+
return rc;
}
@@ -380,21 +437,22 @@ gen_k (unsigned nbits)
gcry_mpi_randomize (k, nbits-1, GCRY_STRONG_RANDOM);
- if( DBG_CIPHER ) {
- unsigned char *buffer;
- if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k))
- BUG ();
- log_debug("ephemeral scalar MPI #0: %s\n", buffer);
- gcry_free( buffer );
- }
+ if (DBG_CIPHER)
+ {
+ unsigned char *buffer;
+ if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k))
+ BUG ();
+ log_debug("ephemeral scalar MPI #0: %s\n", buffer);
+ gcry_free( buffer );
+ }
return k;
}
-/* Perform ECDH encryption, which involves ECDH key generation.
- */
+/* Perform ECDH encryption, which involves ECDH key generation. */
int
-pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey)
+pk_ecdh_encrypt (gcry_mpi_t *resarr, const byte pk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t * pkey)
{
gcry_sexp_t s_ciph, s_data, s_pkey;
@@ -402,9 +460,9 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
int rc;
gcry_mpi_t k;
- nbits = pubkey_nbits( PUBKEY_ALGO_ECDH, pkey );
+ nbits = pubkey_nbits (PUBKEY_ALGO_ECDH, pkey);
- /*** Generate an ephemeral key, actually, a scalar ***/
+ /*** Generate an ephemeral key, actually, a scalar. ***/
k = gen_k (nbits);
if( k == NULL )
@@ -414,50 +472,63 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
* Now use ephemeral secret to get the shared secret. ***/
rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecdh(c%m)(q%m)(p%m)))", pkey[0], pkey[1], pkey[2]);
+ "(public-key(ecdh(c%m)(q%m)(p%m)))",
+ pkey[0], pkey[1], pkey[2]);
if (rc)
BUG ();
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "%m", k)) /* ephemeral scalar goes as data */
+ /* Put the data into a simple list. */
+ /* Ephemeral scalar goes as data. */
+ if (gcry_sexp_build (&s_data, NULL, "%m", k))
BUG ();
- /* pass it to libgcrypt */
+ /* Pass it to libgcrypt. */
rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
gcry_sexp_release (s_data);
gcry_sexp_release (s_pkey);
if (rc)
return rc;
- /* finally, perform encryption */
+ /* Finally, perform encryption. */
{
- gcry_mpi_t shared = mpi_from_sexp (s_ciph, "a"); /* ... and get the shared point */
+ /* ... and get the shared point/ */
+ gcry_mpi_t shared;
+
+ shared = mpi_from_sexp (s_ciph, "a");
gcry_sexp_release (s_ciph);
- resarr[0] = mpi_from_sexp (s_ciph, "b"); /* ephemeral public key */
+ /* Ephemeral public key. */
+ resarr[0] = mpi_from_sexp (s_ciph, "b");
- if( DBG_CIPHER ) {
+ if (DBG_CIPHER)
+ {
unsigned char *buffer;
+
if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, resarr[0]))
BUG ();
log_debug("ephemeral key MPI: %s\n", buffer);
gcry_free( buffer );
- }
-
- rc = pk_ecdh_encrypt_with_shared_point ( 1 /*=encrypton*/, shared, pk_fp, data, pkey, resarr+1 );
- mpi_release( shared );
+ }
+
+ rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
+ pk_fp, data, pkey, resarr+1);
+ mpi_release (shared);
}
-
+
return rc;
}
-/* Perform ECDH decryption.
- */
+
+/* Perform ECDH decryption. */
int
-pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey) {
+pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN],
+ gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey)
+{
if (!data)
return gpg_error (GPG_ERR_BAD_MPI);
- return pk_ecdh_encrypt_with_shared_point ( 0 /*=decryption*/, shared, sk_fp, data/*encr data as an MPI*/, skey, result );
+ return pk_ecdh_encrypt_with_shared_point (0 /*=decryption*/, shared,
+ sk_fp, data/*encr data as an MPI*/,
+ skey, result);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 15:16:52 +0100