ecdh.h - mozsearch

/*-

 * Copyright (c) 2017 Ribose Inc.

 * All rights reserved.

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

 * POSSIBILITY OF SUCH DAMAGE.

*/

#ifndef ECDH_H_

#define ECDH_H_

#include "crypto/ec.h"

/* Max size of wrapped and obfuscated key size

 * RNP pads a key with PKCS-5 always to 8 byte granularity,

 * then 8 bytes is added by AES-wrap (RFC3394).

*/

#define ECDH_WRAPPED_KEY_SIZE 48

/* Forward declarations */

typedef struct pgp_fingerprint_t pgp_fingerprint_t;

typedef struct pgp_ecdh_encrypted_t {

    pgp_mpi_t p;

    uint8_t   m[ECDH_WRAPPED_KEY_SIZE];

    size_t    mlen;

} pgp_ecdh_encrypted_t;

rnp_result_t ecdh_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret);

/*

 * @brief   Sets hash algorithm and key wrapping algo

 *          based on curve_id

 * @param   key   ec key to set parameters for

 * @param   curve       underlying ECC curve ID

 * @returns false if curve is not supported, otherwise true

*/

bool ecdh_set_params(pgp_ec_key_t *key, pgp_curve_t curve_id);

/*

 * Encrypts session key with a KEK agreed during ECDH as specified in

 * RFC 4880 bis 01, 13.5

 * @param rng initialized rnp::RNG object

 * @param session_key key to be encrypted

 * @param session_key_len length of the key buffer

 * @param wrapped_key [out] resulting key wrapped in by some AES

 *        as specified in RFC 3394

 * @param wrapped_key_len [out] length of the `wrapped_key' buffer

 *        Current implementation always produces 48 bytes as key

 *        is padded with PKCS-5/7

 * @param ephemeral_key [out] public ephemeral ECDH key used for key

 *        agreement (private part). Must be initialized

 * @param pubkey public key to be used for encryption

 * @param fingerprint fingerprint of the pubkey

 * @return RNP_SUCCESS on success and output parameters are populated

 * @return RNP_ERROR_NOT_SUPPORTED unknown curve

 * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided

 * @return RNP_ERROR_SHORT_BUFFER `wrapped_key_len' to small to store result

 * @return RNP_ERROR_GENERIC implementation error

*/

rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG *               rng,

                                pgp_ecdh_encrypted_t *   out,

                                const uint8_t *const     in,

                                size_t                   in_len,

                                const pgp_ec_key_t *     key,

                                const pgp_fingerprint_t &fingerprint);

/*

 * Decrypts session key with a KEK agreed during ECDH as specified in

 * RFC 4880 bis 01, 13.5

 * @param session_key [out] resulting session key

 * @param session_key_len [out] length of the resulting session key

 * @param wrapped_key session key wrapped with some AES as specified

 *        in RFC 3394

 * @param wrapped_key_len length of the `wrapped_key' buffer

 * @param ephemeral_key public ephemeral ECDH key coming from

 *        encrypted packet.

 * @param seckey secret key to be used for decryption

 * @param fingerprint fingerprint of the key

 * @return RNP_SUCCESS on success and output parameters are populated

 * @return RNP_ERROR_NOT_SUPPORTED unknown curve

 * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided

 * @return RNP_ERROR_SHORT_BUFFER `session_key_len' to small to store result

 * @return RNP_ERROR_GENERIC decryption failed or implementation error

*/

rnp_result_t ecdh_decrypt_pkcs5(uint8_t *                   out,

                                size_t *                    out_len,

                                const pgp_ecdh_encrypted_t *in,

                                const pgp_ec_key_t *        key,

                                const pgp_fingerprint_t &   fingerprint);

#endif // ECDH_H_