Source code
Revision control
Copy as Markdown
Other Tools
/*
* All rights reserved.
*
* This code is originally derived from software contributed to
* The NetBSD Foundation by Alistair Crooks (agc@netbsd.org), and
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef EC_H_
#define EC_H_
#include "config.h"
#include <rnp/rnp_def.h>
#include <repgp/repgp_def.h>
#include "crypto/rng.h"
#include "crypto/mpi.h"
#define MAX_CURVE_BIT_SIZE 521 // secp521r1
/* Maximal byte size of elliptic curve order (NIST P-521) */
#define MAX_CURVE_BYTELEN ((MAX_CURVE_BIT_SIZE + 7) / 8)
/**
* Maximal length of the OID in hex representation.
*
* \see RFC4880 bis01 - 9.2 ECC Curve OID
*/
#define MAX_CURVE_OID_HEX_LEN 10U
/**
* Structure holds description of elliptic curve
*/
typedef struct ec_curve_desc_t {
const pgp_curve_t rnp_curve_id;
const size_t bitlen;
const uint8_t OIDhex[MAX_CURVE_OID_HEX_LEN];
const size_t OIDhex_len;
#if defined(CRYPTO_BACKEND_BOTAN)
const char *botan_name;
#endif
#if defined(CRYPTO_BACKEND_OPENSSL)
const char *openssl_name;
#endif
const char *pgp_name;
/* Curve is supported for keygen/sign/encrypt operations */
bool supported;
/* Curve parameters below. Needed for grip calculation */
const char *p;
const char *a;
const char *b;
const char *n;
const char *gx;
const char *gy;
const char *h;
} ec_curve_desc_t;
typedef struct pgp_ec_key_t {
pgp_curve_t curve;
pgp_mpi_t p;
/* secret mpi */
pgp_mpi_t x;
/* ecdh params */
pgp_hash_alg_t kdf_hash_alg; /* Hash used by kdf */
pgp_symm_alg_t key_wrap_alg; /* Symmetric algorithm used to wrap KEK*/
} pgp_ec_key_t;
typedef struct pgp_ec_signature_t {
pgp_mpi_t r;
pgp_mpi_t s;
} pgp_ec_signature_t;
/*
* @brief Finds curve ID by hex representation of OID
*
* @param oid buffer with OID in hex
* @param oid_len length of oid buffer
*
* @returns success curve ID
* failure PGP_CURVE_MAX is returned
*
* @remarks see RFC 4880 bis 01 - 9.2 ECC Curve OID
*/
pgp_curve_t find_curve_by_OID(const uint8_t *oid, size_t oid_len);
pgp_curve_t find_curve_by_name(const char *name);
/*
* @brief Returns pointer to the curve descriptor
*
* @param Valid curve ID
*
* @returns NULL if wrong ID provided, otherwise descriptor
*
*/
const ec_curve_desc_t *get_curve_desc(const pgp_curve_t curve_id);
bool alg_allows_curve(pgp_pubkey_alg_t alg, pgp_curve_t curve);
/**
* @brief Check whether curve is supported for operations.
* All available curves are supported for reading/parsing key data, however some of them
* may be disabled for use, i.e. for key generation/signing/encryption.
*/
bool curve_supported(pgp_curve_t curve);
/*
* @brief Generates EC key in uncompressed format
*
* @param rng initialized rnp::RNG context*
* @param key key data to be generated
* @param alg_id ID of EC algorithm
* @param curve underlying ECC curve ID
*
* @pre alg_id MUST be supported algorithm
*
* @returns RNP_ERROR_BAD_PARAMETERS unknown curve_id
* @returns RNP_ERROR_OUT_OF_MEMORY memory allocation failed
* @returns RNP_ERROR_KEY_GENERATION implementation error
*/
rnp_result_t ec_generate(rnp::RNG * rng,
pgp_ec_key_t * key,
const pgp_pubkey_alg_t alg_id,
const pgp_curve_t curve);
/*
* @brief Generates x25519 ECDH key in x25519-specific format
*
* @param rng initialized rnp::RNG context*
* @param key key data to be generated
*
* @returns RNP_ERROR_KEY_GENERATION implementation error
*/
rnp_result_t x25519_generate(rnp::RNG *rng, pgp_ec_key_t *key);
/**
* @brief Set least significant/most significant bits of the 25519 secret key as per
* specification.
*
* @param key secret key.
* @return true on success or false otherwise.
*/
bool x25519_tweak_bits(pgp_ec_key_t &key);
/**
* @brief Check whether least significant/most significant bits of 25519 secret key are
* correctly tweaked.
*
* @param key secret key.
* @return true if bits are set correctly, and false otherwise.
*/
bool x25519_bits_tweaked(const pgp_ec_key_t &key);
#endif