aboutsummaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--common/kem.c79
-rw-r--r--common/openpgp-oid.c42
-rw-r--r--common/util.h23
3 files changed, 109 insertions, 35 deletions
diff --git a/common/kem.c b/common/kem.c
index 65e533a83..94ad13457 100644
--- a/common/kem.c
+++ b/common/kem.c
@@ -35,7 +35,7 @@
#include <gpg-error.h>
#include <gcrypt.h>
#include "mischelp.h"
-
+#include "util.h"
/* domSeperation as per *PGP specs. */
#define KMAC_KEY "OpenPGPCompositeKeyDerivationFunction"
@@ -248,3 +248,80 @@ gnupg_kem_combiner (void *kek, size_t kek_len,
KMAC_CUSTOM, strlen (KMAC_CUSTOM), iov, 6);
return err;
}
+
+#define ECC_CURVE25519_INDEX 0
+static const struct gnupg_ecc_params ecc_table[] =
+ {
+ {
+ "Curve25519",
+ 33, 32, 32,
+ GCRY_MD_SHA3_256, GCRY_KEM_RAW_X25519,
+ 1, 1, 0
+ },
+ {
+ "X448",
+ 56, 56, 56,
+ GCRY_MD_SHA3_512, GCRY_KEM_RAW_X448,
+ 0, 0, 0
+ },
+ {
+ "NIST P-256",
+ 65, 32, 65,
+ GCRY_MD_SHA3_256, GCRY_KEM_RAW_P256R1,
+ 0, 0, 1
+ },
+ {
+ "NIST P-384",
+ 97, 48, 97,
+ GCRY_MD_SHA3_512, GCRY_KEM_RAW_P384R1,
+ 0, 0, 1
+ },
+ {
+ "NIST P-521",
+ 133, 66, 133,
+ GCRY_MD_SHA3_512, GCRY_KEM_RAW_P521R1,
+ 0, 0, 1
+ },
+ {
+ "brainpoolP256r1",
+ 65, 32, 65,
+ GCRY_MD_SHA3_256, GCRY_KEM_RAW_BP256,
+ 0, 0, 1
+ },
+ {
+ "brainpoolP384r1",
+ 97, 48, 97,
+ GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP384,
+ 0, 0, 1
+ },
+ {
+ "brainpoolP512r1",
+ 129, 64, 129,
+ GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP512,
+ 0, 0, 1
+ },
+#ifdef GCRY_KEM_RAW_P256K1
+ {
+ "secp256k1",
+ 65, 32, 65,
+ GCRY_MD_SHA3_256, GCRY_KEM_RAW_P256K1,
+ 0, 0, 1
+ },
+#endif
+ { NULL, 0, 0, 0, 0, 0, 0, 0, 0 }
+};
+
+
+/* Return the ECC parameters for CURVE. CURVE is expected to be the
+ * canonical name. */
+const struct gnupg_ecc_params *
+gnupg_get_ecc_params (const char *curve)
+{
+ int i;
+
+ for (i = 0; ecc_table[i].curve; i++)
+ if (!strcmp (ecc_table[i].curve, curve))
+ return &ecc_table[i];
+
+ return NULL;
+}
diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
index 91081231c..7c5fbef86 100644
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@@ -45,35 +45,34 @@ static struct {
const char *alias; /* NULL or alternative name of the curve. */
const char *abbr; /* NULL or abbreviated name of the curve. */
int pubkey_algo; /* Required OpenPGP algo or 0 for ECDSA/ECDH. */
- enum gcry_kem_algos kem_algo; /* 0 or the KEM algorithm for PQC. */
} oidtable[] = {
{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519", NULL,
- PUBKEY_ALGO_ECDH, GCRY_KEM_RAW_X25519 /* only during development */},
+ PUBKEY_ALGO_ECDH /* only during development */},
{ "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519", NULL,
PUBKEY_ALGO_EDDSA },
{ "Curve25519", "1.3.101.110", 255, "cv25519", NULL,
- PUBKEY_ALGO_ECDH, GCRY_KEM_RAW_X25519 },
+ PUBKEY_ALGO_ECDH },
{ "Ed25519", "1.3.101.112", 255, "ed25519", NULL,
PUBKEY_ALGO_EDDSA },
{ "X448", "1.3.101.111", 448, "cv448", NULL,
- PUBKEY_ALGO_ECDH, GCRY_KEM_RAW_X448 },
+ PUBKEY_ALGO_ECDH },
{ "Ed448", "1.3.101.113", 456, "ed448", NULL,
PUBKEY_ALGO_EDDSA },
{ "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256", NULL,
- 0, GCRY_KEM_RAW_P256R1 },
+ 0 },
{ "NIST P-384", "1.3.132.0.34", 384, "nistp384", NULL,
- 0, GCRY_KEM_RAW_P384R1 },
+ 0 },
{ "NIST P-521", "1.3.132.0.35", 521, "nistp521", NULL,
- 0, GCRY_KEM_RAW_P521R1 },
+ 0 },
{ "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256, NULL, "bp256",
- 0, GCRY_KEM_RAW_BP256 },
+ 0 },
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384, NULL, "bp384",
- 0, GCRY_KEM_RAW_BP384 },
+ 0 },
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 512, NULL, "bp512",
- 0, GCRY_KEM_RAW_BP512 },
+ 0 },
{ "secp256k1", "1.3.132.0.10", 256 },
@@ -559,29 +558,6 @@ openpgp_oid_or_name_to_curve (const char *oidname, int canon)
}
-/* Return the KEM algorithm id for the curve with OIDNAME. */
-enum gcry_kem_algos
-openpgp_oid_to_kem_algo (const char *oidname)
-{
- int i;
-
- if (!oidname)
- return 0;
-
- for (i=0; oidtable[i].name; i++)
- if (!strcmp (oidtable[i].oidstr, oidname))
- return oidtable[i].kem_algo;
-
- for (i=0; oidtable[i].name; i++)
- if (!ascii_strcasecmp (oidtable[i].name, oidname)
- || (oidtable[i].alias
- && !ascii_strcasecmp (oidtable[i].alias, oidname)))
- return oidtable[i].kem_algo;
-
- return 0;
-}
-
-
/* Return true if the curve with NAME is supported. */
static int
curve_supported_p (const char *name)
diff --git a/common/util.h b/common/util.h
index b81664c3e..3a5f086f9 100644
--- a/common/util.h
+++ b/common/util.h
@@ -227,7 +227,6 @@ int openpgp_oidbuf_is_cv25519 (const void *buf, size_t len);
int openpgp_oid_is_cv25519 (gcry_mpi_t a);
int openpgp_oid_is_cv448 (gcry_mpi_t a);
int openpgp_oid_is_ed448 (gcry_mpi_t a);
-enum gcry_kem_algos openpgp_oid_to_kem_algo (const char *oidname);
const char *openpgp_curve_to_oid (const char *name,
unsigned int *r_nbits, int *r_algo,
int selector);
@@ -324,6 +323,28 @@ gpg_error_t gnupg_kem_combiner (void *kek, size_t kek_len,
const void *mlkem_ct, size_t mlkem_ct_len,
const void *fixedinfo, size_t fixedinfo_len);
+/* ECC parameters for KEM encryption/decryption. */
+struct gnupg_ecc_params
+{
+ const char *curve; /* Canonical name of the curve. */
+ size_t pubkey_len; /* Pubkey length in the SEXP representation. */
+ size_t scalar_len;
+ size_t point_len;
+ int hash_algo; /* Hash algo when it's used for composite KEM. */
+ int kem_algo;
+ int scalar_reverse; /* Byte-oder is reverse. */
+ int may_have_prefix; /* Point representation may have prefix. */
+ int is_weierstrauss; /* True if it is Weierstrass curve. */
+};
+
+const struct gnupg_ecc_params *gnupg_get_ecc_params (const char *curve);
+
+/* Maximum buffer sizes required for ECC KEM. */
+#define ECC_SCALAR_LEN_MAX 66
+#define ECC_POINT_LEN_MAX (1+2*ECC_SCALAR_LEN_MAX)
+#define ECC_HASH_LEN_MAX 64
+
+
/*-- miscellaneous.c --*/
/* This function is called at startup to tell libgcrypt to use our own
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-04 17:47:26 +0000