2 files changed, 91 insertions, 1 deletions

diff --git a/common/kem.c b/common/kem.c
index 65e533a83..5d994f0d6 100644
--- a/common/kem.c
+++ b/common/kem.c
@@ -35,7 +35,7 @@
 #include <gpg-error.h>
 #include <gcrypt.h>
 #include "mischelp.h"
-
+#include "util.h"
 
 /* domSeperation as per *PGP specs. */
 #define KMAC_KEY "OpenPGPCompositeKeyDerivationFunction"
@@ -248,3 +248,72 @@ gnupg_kem_combiner (void *kek, size_t kek_len,
                          KMAC_CUSTOM, strlen (KMAC_CUSTOM), iov, 6);
   return err;
 }
+
+#define ECC_CURVE25519_INDEX 0
+static const struct gnupg_ecc_params ecc_table[] =
+  {
+    {
+      "Curve25519",
+      33, 32, 32,
+      GCRY_MD_SHA3_256, GCRY_KEM_RAW_X25519,
+      1, 1
+    },
+    {
+      "X448",
+      56, 56, 56,
+      GCRY_MD_SHA3_512, GCRY_KEM_RAW_X448,
+      0, 0
+    },
+    {
+      "NIST P-256",
+      65, 32, 65,
+      GCRY_MD_SHA3_256, GCRY_KEM_RAW_P256R1,
+      0, 0
+    },
+    {
+      "NIST P-384",
+      97, 48, 97,
+      GCRY_MD_SHA3_512, GCRY_KEM_RAW_P384R1,
+      0, 0
+    },
+    {
+      "NIST P-521",
+      133, 66, 133,
+      GCRY_MD_SHA3_512, GCRY_KEM_RAW_P521R1,
+      0, 0
+    },
+    {
+      "brainpoolP256r1",
+      65, 32, 65,
+      GCRY_MD_SHA3_256, GCRY_KEM_RAW_BP256,
+      0, 0
+    },
+    {
+      "brainpoolP384r1",
+      97, 48, 97,
+      GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP384,
+      0, 0
+    },
+    {
+      "brainpoolP512r1",
+      129, 64, 129,
+      GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP512,
+      0, 0
+    },
+    { NULL, 0, 0, 0, 0, 0, 0, 0 }
+};
+
+
+/* Return the ECC parameters for CURVE.  CURVE is expected to be the
+ * canonical name.  */
+const struct gnupg_ecc_params *
+gnupg_get_ecc_params (const char *curve)
+{
+  int i;
+
+  for (i = 0; ecc_table[i].curve; i++)
+    if (!strcmp (ecc_table[i].curve, curve))
+      return &ecc_table[i];
+
+  return NULL;
+}
diff --git a/common/util.h b/common/util.h
index b81664c3e..b13f4300d 100644
--- a/common/util.h
+++ b/common/util.h
@@ -324,6 +324,27 @@ gpg_error_t gnupg_kem_combiner  (void *kek, size_t kek_len,
                                  const void *mlkem_ct, size_t mlkem_ct_len,
                                  const void *fixedinfo, size_t fixedinfo_len);
 
+/* ECC parameters for KEM encryption/decryption.  */
+struct gnupg_ecc_params
+{
+  const char *curve;      /* Canonical name of the curve.  */
+  size_t pubkey_len;      /* Pubkey length in the SEXP representation.  */
+  size_t scalar_len;
+  size_t point_len;
+  int hash_algo;          /* Hash algo when it's used for composite KEM.  */
+  int kem_algo;
+  int scalar_reverse;     /* Byte-oder is reverse.  */
+  int may_have_prefix;    /* Point representation may have prefix.  */
+};
+
+const struct gnupg_ecc_params *gnupg_get_ecc_params (const char *curve);
+
+/* Maximum buffer sizes required for ECC KEM.  */
+#define ECC_SCALAR_LEN_MAX 66
+#define ECC_POINT_LEN_MAX (1+2*ECC_SCALAR_LEN_MAX)
+#define ECC_HASH_LEN_MAX 64
+
+
 /*-- miscellaneous.c --*/
 
 /* This function is called at startup to tell libgcrypt to use our own