algorithm of the
.BR key (1))
command to generate the key.
+.TP
+.B symm
+This is a simple symmetric encapsulation scheme. It works by hashing a
+binary key with a randomly-generated salt. Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
.PP
As well as the KEM itself, a number of supporting algorithms are used.
These are taken from appropriately named attributes on the key or,
command (see
.BR key (1))
to generate the key.
+.TP
+.B mac
+This uses a symmetric message-authentication algorithm rather than a
+digital signature. The precise message-authentication scheme used is
+determined by the
+.B mac
+attribute on the key, which defaults to
+.IB hash -hmac
+if unspecified. Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
.PP
As well as the signature algorithm itself, a hash function is used.
This is taken from the
octet *tag, *ct;
buf b;
size_t seq;
- char bb[16384];
+ char bb[65536];
unsigned f = 0;
key_file kf;
key *k;
command (see
.BR key (1))
to generate the key.
+.TP
+.B mac
+This uses a symmetric message-authentication algorithm rather than a
+digital signature. The precise message-authentication scheme used is
+determined by the
+.B mac
+attribute on the key, which defaults to
+.IB hash -hmac
+if unspecified. Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
.PP
As well as the signature algorithm itself, a hash function is used.
This is taken from the
ghash *h;
key_filter kf;
- h = GH_INIT(GH_CLASS(s->h));
+ h = GH_INIT(s->ch);
kf.f = KCAT_PUB;
kf.m = KF_CATMASK;
key_fingerprint(k, h, &kf);
G_DESTROY(de->g, de->y);
mp_drop(de->x);
G_DESTROYGROUP(de->g);
+ DESTROY(de);
}
static const kemops dh_encops = {
ec_decinit, dh_decdoit, dh_enccheck, dh_encdestroy
};
+/* --- Symmetric --- */
+
+typedef struct symm_ctx {
+ kem k;
+ key_packdef kp;
+ key_bin kb;
+} symm_ctx;
+
+static kem *symm_init(key *k, void *kd)
+{
+ symm_ctx *s;
+ dstr d = DSTR_INIT;
+ int err;
+
+ s = CREATE(symm_ctx);
+
+ key_fulltag(k, &d);
+ s->kp.e = KENC_BINARY;
+ s->kp.p = &s->kb;
+ s->kp.kd = 0;
+
+ if ((err = key_unpack(&s->kp, kd, &d)) != 0) {
+ die(EXIT_FAILURE, "failed to unpack symmetric key `%s': %s",
+ d.buf, key_strerror(err));
+ }
+ dstr_destroy(&d);
+ return (&s->k);
+}
+
+static int symm_decdoit(kem *k, dstr *d, ghash *h)
+{
+ symm_ctx *s = (symm_ctx *)k;
+
+ GH_HASH(h, s->kb.k, s->kb.sz);
+ GH_HASH(h, d->buf, d->len);
+ return (0);
+}
+
+static int symm_encdoit(kem *k, dstr *d, ghash *h)
+{
+ dstr_ensure(d, h->ops->c->hashsz);
+ d->len += h->ops->c->hashsz;
+ rand_get(RAND_GLOBAL, d->buf, d->len);
+ return (symm_decdoit(k, d, h));
+}
+
+static const char *symm_check(kem *k) { return (0); }
+
+static void symm_destroy(kem *k)
+ { symm_ctx *s = (symm_ctx *)k; key_unpackdone(&s->kp); }
+
+static const kemops symm_encops = {
+ 0, 0,
+ symm_init, symm_encdoit, symm_check, symm_destroy
+};
+
+static const kemops symm_decops = {
+ 0, 0,
+ symm_init, symm_decdoit, symm_check, symm_destroy
+};
+
/* --- The switch table --- */
const struct kemtab kemtab[] = {
{ "dh", &dh_encops, &dh_decops },
{ "bindh", &bindh_encops, &bindh_decops },
{ "ec", &ec_encops, &ec_decops },
+ { "symm", &symm_encops, &symm_decops },
{ 0, 0, 0 }
};
kalg, t.buf);
k_found:;
ko = wantpriv ? kt->decops : kt->encops;
- kd = xmalloc(ko->kdsz);
- kp = key_fetchinit(ko->kf, 0, kd);
- if ((e = key_fetch(kp, k)) != 0)
- die(EXIT_FAILURE, "error fetching key `%s': %s", t.buf, key_strerror(e));
+ if (!ko->kf) {
+ kd = k->k;
+ key_incref(kd);
+ } else {
+ kd = xmalloc(ko->kdsz);
+ kp = key_fetchinit(ko->kf, 0, kd);
+ if ((e = key_fetch(kp, k)) != 0) {
+ die(EXIT_FAILURE, "error fetching key `%s': %s",
+ t.buf, key_strerror(e));
+ }
+ }
kk = ko->init(k, kd);
kk->kp = kp;
kk->ops = ko;
void freekem(kem *k)
{
- key_fetchdone(k->kp);
- xfree(k->kd);
+ if (!k->ops->kf)
+ key_drop(k->kd);
+ else {
+ key_fetchdone(k->kp);
+ xfree(k->kd);
+ }
k->ops->destroy(k);
}
eckcdsa_vrfinit, kcdsa_vrfdoit, dsa_sigcheck, dsa_sigdestroy
};
+/* --- Symmetric message authentication --- */
+
+typedef struct mac_ctx {
+ sig s;
+ const gcmac *mc;
+ gmac *m;
+ key_packdef kp;
+ key_bin kb;
+} mac_ctx;
+
+static sig *mac_init(key *k, void *kd, const gchash *hc)
+{
+ mac_ctx *m;
+ dstr d = DSTR_INIT;
+ int err;
+ const char *mm;
+
+ m = CREATE(mac_ctx);
+
+ key_fulltag(k, &d);
+ m->kp.e = KENC_BINARY;
+ m->kp.p = &m->kb;
+ m->kp.kd = 0;
+
+ if ((mm = key_getattr(0 /*yik*/, k, "mac")) == 0) {
+ dstr_putf(&d, "%s-hmac", hc->name);
+ mm = d.buf;
+ }
+ if ((m->mc = gmac_byname(mm)) == 0)
+ die(EXIT_FAILURE, "unknown message authentication scheme `%s'", mm);
+ dstr_reset(&d);
+
+ if ((err = key_unpack(&m->kp, kd, &d)) != 0) {
+ die(EXIT_FAILURE, "failed to unpack symmetric key `%s': %s",
+ d.buf, key_strerror(err));
+ }
+ dstr_destroy(&d);
+
+ if (keysz(m->kb.sz, m->mc->keysz) != m->kb.sz) {
+ die(EXIT_FAILURE, "bad key size %lu for `%s'",
+ (unsigned long)m->kb.sz, m->mc->name);
+ }
+ m->m = GM_KEY(m->mc, m->kb.k, m->kb.sz);
+ m->s.h = GM_INIT(m->m);
+ return (&m->s);
+}
+
+static int mac_sigdoit(sig *s, dstr *d)
+{
+ mac_ctx *m = (mac_ctx *)s;
+
+ dstr_ensure(d, m->mc->hashsz);
+ GH_DONE(m->s.h, d->buf);
+ d->len += m->mc->hashsz;
+ return (0);
+}
+
+static int mac_vrfdoit(sig *s, dstr *d)
+{
+ mac_ctx *m = (mac_ctx *)s;
+ const octet *t;
+
+ t = GH_DONE(m->s.h, 0);
+ if (d->len != m->mc->hashsz || memcmp(d->buf, t, d->len) != 0)
+ return (-1);
+ return (0);
+}
+
+static const char *mac_check(sig *s) { return (0); }
+
+static void mac_destroy(sig *s)
+{
+ mac_ctx *m = (mac_ctx *)s;
+ GM_DESTROY(m->m);
+ key_unpackdone(&m->kp);
+}
+
+static const sigops mac_sig = {
+ 0, 0,
+ mac_init, mac_sigdoit, mac_check, mac_destroy
+};
+
+static const sigops mac_vrf = {
+ 0, 0,
+ mac_init, mac_vrfdoit, mac_check, mac_destroy
+};
+
/* --- The switch table --- */
const struct sigtab sigtab[] = {
{ "kcdsa", &kcdsa_sig, &kcdsa_vrf, &has160 },
{ "binkcdsa", &binkcdsa_sig, &binkcdsa_vrf, &has160 },
{ "eckcdsa", &eckcdsa_sig, &eckcdsa_vrf, &has160 },
+ { "mac", &mac_sig, &mac_vrf, &rmd160 },
{ 0, 0, 0 }
};
/* --- Load the key --- */
- kd = xmalloc(so->kdsz);
- kp = key_fetchinit(so->kf, 0, kd);
- if ((e = key_fetch(kp, k)) != 0)
- die(EXIT_FAILURE, "error fetching key `%s': %s", t.buf, key_strerror(e));
+ if (!so->kf) {
+ kd = k->k;
+ key_incref(kd);
+ } else {
+ kd = xmalloc(so->kdsz);
+ kp = key_fetchinit(so->kf, 0, kd);
+ if ((e = key_fetch(kp, k)) != 0) {
+ die(EXIT_FAILURE, "error fetching key `%s': %s",
+ t.buf, key_strerror(e));
+ }
+ }
s = so->init(k, kd, ch);
if (!s->h)
s->h = GH_INIT(ch);
s->kp = kp;
s->ops = so;
s->kd = kd;
+ s->ch = ch;
/* --- Free stuff up --- */
void freesig(sig *s)
{
GH_DESTROY(s->h);
- key_fetchdone(s->kp);
- xfree(s->kd);
+ if (!s->ops->kf)
+ key_drop(s->kd);
+ else {
+ key_fetchdone(s->kp);
+ xfree(s->kd);
+ }
s->ops->destroy(s);
}
const struct sigops *ops;
key_packdef *kp;
void *kd;
+ gchash *ch;
ghash *h;
} sig;