*
* This file is part of Trivial IP Encryption (TrIPE).
*
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
*
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
*
* You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
*/
/*----- Header files ------------------------------------------------------*/
static void ecdh_freege(const dhgrp *gg, dhge *YY)
{ ecdh_ge *Y = (ecdh_ge *)YY; EC_DESTROY(&Y->Q); DESTROY(Y); }
+/*----- The X25519 and similar groups -------------------------------------*/
+
+#define XDHS(_) \
+ _(x25519, X25519, "curve25519", 252, 255) \
+ _(x448, X448, "ed448-goldilocks", 446, 448)
+
+#ifdef NTRACE
+# define XDHTRACE(xdh, XDH, gname)
+#else
+
+ static const char *binstr(const octet *p, size_t sz)
+ {
+ char *q;
+
+ for (q = (char *)buf_u; sz--; p++, q += 2) sprintf(q, "%02x", *p);
+ return ((const char *)buf_u);
+ }
+
+# define XDHTRACE(xdh, XDH, gname) \
+ static void xdh##_tracegrp(const dhgrp *g) \
+ { trace(T_CRYPTO, "crypto: group type `" gname "'"); } \
+ \
+ static const char *xdh##_scstr(const dhgrp *g, const dhsc *xx) \
+ { \
+ const xdh##_sc *x = (const xdh##_sc *)xx; \
+ return (binstr(x->x, XDH##_KEYSZ)); \
+ } \
+ \
+ static const char *xdh##_gestr(const dhgrp *g, const dhge *YY) \
+ { \
+ const xdh##_ge *Y = (const xdh##_ge *)YY; \
+ return (binstr(Y->X, XDH##_PUBSZ)); \
+ }
+#endif
+
+#define XDHDEF(xdh, XDH, gname, groupbits, fieldbits) \
+ \
+ typedef struct xdh##_sc { octet x[XDH##_KEYSZ]; } xdh##_sc; \
+ typedef struct xdh##_ge { octet X[XDH##_PUBSZ]; } xdh##_ge; \
+ \
+ XDHTRACE(xdh, XDH, gname) \
+ \
+ static dhsc *xdh##_bintosc(const key_bin *b) \
+ { \
+ xdh##_sc *x; \
+ \
+ if (b->sz != XDH##_KEYSZ) return (0); \
+ x = CREATE(xdh##_sc); \
+ memcpy(x->x, b->k, XDH##_KEYSZ); \
+ return ((dhsc *)x); \
+ } \
+ \
+ static dhge *xdh##_bintoge(const key_bin *b) \
+ { \
+ xdh##_ge *Y; \
+ \
+ if (b->sz != XDH##_PUBSZ) return (0); \
+ Y = CREATE(xdh##_ge); \
+ memcpy(Y->X, b->k, XDH##_PUBSZ); \
+ return ((dhge *)Y); \
+ } \
+ \
+ KLOAD(xdh, xdh, XDH, \
+ { kd->grp = CREATE(dhgrp); \
+ kd->grp->scsz = XDH##_KEYSZ; \
+ }, \
+ { if ((kd->k = xdh##_bintosc(&p.priv)) == 0) { \
+ a_format(e, "bad-private-key", A_END); \
+ goto fail; \
+ } \
+ }, \
+ { if ((kd->K = xdh##_bintoge(&p.pub)) == 0) { \
+ a_format(e, "bad-public-vector", A_END); \
+ goto fail; \
+ } \
+ }) \
+ \
+ static const char *xdh##_checkgrp(const dhgrp *g) \
+ { return (0); } \
+ \
+ static void xdh##_grpinfo(const dhgrp *g, admin *adm) \
+ { \
+ a_info(adm, \
+ "kx-group=" gname, \
+ "kx-group-order-bits=%d", (groupbits), \
+ "kx-group-elt-bits=%d", (fieldbits), \
+ A_END); \
+ } \
+ \
+ static int xdh##_samegrpp(const dhgrp *g, const dhgrp *hh) \
+ { return (1); } \
+ \
+ static void xdh##_freegrp(dhgrp *g) \
+ { DESTROY(g); } \
+ \
+ static dhsc *xdh##_ldsc(const dhgrp *g, const void *p, size_t sz) \
+ { \
+ xdh##_sc *x; \
+ if (sz != XDH##_KEYSZ) return (0); \
+ x = CREATE(xdh##_sc); \
+ memcpy(x->x, p, XDH##_KEYSZ); \
+ return ((dhsc *)x); \
+ } \
+ \
+ static int xdh##_stsc(const dhgrp *g, void *p, size_t sz, \
+ const dhsc *xx) \
+ { \
+ const xdh##_sc *x = (const xdh##_sc *)xx; \
+ if (sz != XDH##_KEYSZ) return (-1); \
+ memcpy(p, x->x, XDH##_KEYSZ); \
+ return (0); \
+ } \
+ \
+ static dhsc *xdh##_randsc(const dhgrp *g) \
+ { \
+ xdh##_sc *x = CREATE(xdh##_sc); \
+ rand_get(RAND_GLOBAL, x->x, XDH##_KEYSZ); \
+ return ((dhsc *)x); \
+ } \
+ \
+ static void xdh##_freesc(const dhgrp *g, dhsc *xx) \
+ { xdh##_sc *x = (xdh##_sc *)xx; DESTROY(x); } \
+ \
+ static dhge *xdh##_ldge(const dhgrp *g, buf *b, int fmt) \
+ { \
+ xdh##_ge *Y; \
+ const octet *p; \
+ \
+ if ((p = buf_get(b, XDH##_PUBSZ)) == 0) return (0); \
+ Y = CREATE(xdh##_ge); memcpy(Y->X, p, XDH##_PUBSZ); \
+ return ((dhge *)Y); \
+ } \
+ \
+ static int xdh##_stge(const dhgrp *g, buf *b, \
+ const dhge *YY, int fmt) \
+ { \
+ const xdh##_ge *Y = (const xdh##_ge *)YY; \
+ return (buf_put(b, Y->X, XDH##_PUBSZ)); \
+ } \
+ \
+ static int xdh##_checkge(const dhgrp *g, const dhge *YY) \
+ { return (0); } \
+ \
+ static int xdh##_eq(const dhgrp *g, const dhge *YY, const dhge *ZZ) \
+ { \
+ const xdh##_ge \
+ *Y = (const xdh##_ge *)YY, *Z = (const xdh##_ge *)ZZ; \
+ return (ct_memeq(Y->X, Z->X, XDH##_PUBSZ)); \
+ } \
+ \
+ static dhge *xdh##_mul(const dhgrp *g, \
+ const dhsc *xx, const dhge *YY) \
+ { \
+ const xdh##_sc *x = (const xdh##_sc *)xx; \
+ const xdh##_ge *Y = (const xdh##_ge *)YY; \
+ xdh##_ge *Z = CREATE(xdh##_ge); \
+ \
+ xdh(Z->X, x->x, Y ? Y->X : xdh##_base); \
+ return ((dhge *)Z); \
+ } \
+ \
+ static void xdh##_freege(const dhgrp *g, dhge *YY) \
+ { xdh##_ge *Y = (xdh##_ge *)YY; DESTROY(Y); }
+
+XDHS(XDHDEF)
+
+#undef XDHDEF
+
/*----- Diffie--Hellman group table ---------------------------------------*/
const dhops dhtab[] = {
DH("dh", intdh)
DH("ec", ecdh)
+#define XDHDH(xdh, XDH, gname, groupbits, fieldbits) DH(#xdh, xdh)
+ XDHS(XDHDH)
+#undef XDHDH
+
#undef DH
{ 0 }