KLOAD_HALF(pre, ty, TY, priv, PRIV, setgroup, setpriv, setpub) \
KLOAD_HALF(pre, ty, TY, pub, PUB, setgroup, { kd->k = 0; }, setpub)
+enum { DHSER_V0, DHSER_CONSTLEN };
+
+static int get_serialization(key_file *kf, key *k, dstr *e)
+{
+ const char *p = key_getattr(kf, k, "serialization");
+ if (!p || strcmp(p, "v0") == 0) return (DHSER_V0);
+ else if (strcmp(p, "constlen") == 0) return (DHSER_CONSTLEN);
+ else {
+ a_format(e, "unknown-serialization-format", "%s", p, A_END);
+ return (-1);
+ }
+}
+
#ifndef NTRACE
static void setupstr(mptext_stringctx *sc)
{ sc->buf = (char *)buf_u; sc->lim = sc->buf + sizeof(buf_u); }
mpmont mm;
mp *q, *G;
size_t gesz;
+ int ser;
} intdh_grp;
typedef struct intdh_sc { mp *x; } intdh_sc;
typedef struct intdh_ge { mp *X; } intdh_ge;
-static dhgrp *intdh_mkgroup(const dh_param *dp)
+static dhgrp *intdh_mkgroup(key_file *kf, key *k,
+ const dh_param *dp, dstr *e)
{
- intdh_grp *g = CREATE(intdh_grp);
+ intdh_grp *g;
+ int ser;
+
+ if ((ser = get_serialization(kf, k, e)) < 0) return (0);
+ g = CREATE(intdh_grp);
+ g->ser = ser;
g->_g.scsz = mp_octets(dp->q);
g->gesz = mp_octets(dp->p);
mpmont_create(&g->mm, dp->p);
}
KLOAD(intdh, dh, DH,
- { kd->grp = intdh_mkgroup(&p.dp); },
+ { if ((kd->grp = intdh_mkgroup(kf, k, &p.dp, e)) == 0) goto fail; },
{ kd->k = intdh_mptosc(kd->grp, p.x); },
{ kd->K = intdh_mptoge(kd->grp, p.y); })
static int intdh_samegrpp(const dhgrp *gg, const dhgrp *hh)
{
const intdh_grp *g = (const intdh_grp *)gg, *h = (const intdh_grp *)hh;
- return (MP_EQ(g->mm.m, h->mm.m) && MP_EQ(g->q, h->q) && MP_EQ(g->G, h->G));
+ return (MP_EQ(g->mm.m, h->mm.m) &&
+ MP_EQ(g->q, h->q) && MP_EQ(g->G, h->G) &&
+ g->ser == h->ser);
}
static void intdh_freegrp(dhgrp *gg)
const octet *p;
switch (fmt) {
- case DHFMT_VAR: case DHFMT_HASH:
+ case DHFMT_HASH: if (g->ser == DHSER_CONSTLEN) goto std;
+ case DHFMT_VAR:
if ((t = buf_getmp(b)) == 0) return (0);
break;
- case DHFMT_STD:
+ case DHFMT_STD: std:
if ((p = buf_get(b, g->gesz)) == 0) return (0);
t = mp_loadb(MP_NEW, p, g->gesz);
break;
t = mpmont_reduce(&g->mm, MP_NEW, Y->X);
switch (fmt) {
- case DHFMT_VAR: case DHFMT_HASH:
+ case DHFMT_HASH: if (g->ser == DHSER_CONSTLEN) goto std;
+ case DHFMT_VAR:
rc = buf_putmp(b, t);
break;
- case DHFMT_STD:
+ case DHFMT_STD: std:
if ((p = buf_get(b, g->gesz)) == 0)
rc = -1;
else {
dhgrp _g;
ec_info ei;
ec P;
+ int ser;
} ecdh_grp;
typedef struct ecdh_sc { mp *x; } ecdh_sc;
typedef struct ecdh_ge { ec Q; } ecdh_ge;
-static dhgrp *ecdh_mkgroup(const char *cstr, dstr *e)
+static dhgrp *ecdh_mkgroup(key_file *kf, key *k, const char *cstr, dstr *e)
{
ecdh_grp *g;
ec_info ei;
+ int ser;
const char *err;
+ if ((ser = get_serialization(kf, k, e)) < 0) return (0);
if ((err = ec_getinfo(&ei, cstr)) != 0) {
a_format(e, "decode-failed", "%s", err, A_END);
return (0);
}
g = CREATE(ecdh_grp);
+ g->ser = ser;
g->ei = ei;
EC_CREATE(&g->P); EC_IN(g->ei.c, &g->P, &g->ei.g);
g->_g.scsz = mp_octets(g->ei.r);
}
KLOAD(ecdh, ec, EC,
- { if ((kd->grp = ecdh_mkgroup(p.cstr, e)) == 0) goto fail; },
+ { if ((kd->grp = ecdh_mkgroup(kf, k, p.cstr, e)) == 0) goto fail; },
{ kd->k = ecdh_mptosc(kd->grp, p.x); },
{ if ((kd->K = ecdh_ectoge(kd->grp, &p.p)) == 0) {
a_format(e, "bad-public-vector", A_END);
static int ecdh_samegrpp(const dhgrp *gg, const dhgrp *hh)
{
const ecdh_grp *g = (const ecdh_grp *)gg, *h = (const ecdh_grp *)hh;
- return (ec_sameinfop(&g->ei, &h->ei));
+ return (ec_sameinfop(&g->ei, &h->ei) &&
+ g->ser == h->ser);
}
static void ecdh_freegrp(dhgrp *gg)
ec T = EC_INIT;
switch (fmt) {
- case DHFMT_VAR: case DHFMT_HASH: if (buf_getec(b, &T)) return (0); break;
- case DHFMT_STD: if (ec_getraw(g->ei.c, b, &T)) return (0); break;
+ case DHFMT_HASH: if (g->ser == DHSER_CONSTLEN) goto std;
+ case DHFMT_VAR: if (buf_getec(b, &T)) return (0); break;
+ case DHFMT_STD: std: if (ec_getraw(g->ei.c, b, &T)) return (0); break;
default:
abort();
}
EC_OUT(g->ei.c, &T, &Y->Q);
switch (fmt) {
- case DHFMT_VAR: case DHFMT_HASH: rc = buf_putec(b, &T); break;
- case DHFMT_STD: rc = ec_putraw(g->ei.c, b, &T); break;
+ case DHFMT_HASH: if (g->ser == DHSER_CONSTLEN) goto std;
+ case DHFMT_VAR: rc = buf_putec(b, &T); break;
+ case DHFMT_STD: std: rc = ec_putraw(g->ei.c, b, &T); break;
default: abort();
}
EC_DESTROY(&T);
-000f1070:tripe-ec-param struct:[curve=string,shared:secp160r1] forever forever bulk=iiv
-63803f04:tripe-ec:carol struct:[p=ec,public:0x42a11d34a1e19a69222a67c6ec29ff1d421cb021,0xc7d35a6dc9c330a09ee8e30680397b8bf51c29de,private=struct:[x=integer,private,burn:964893088925854502228477969935127891578649410999],curve=string,shared:secp160r1] forever forever bulk=iiv
-4045911b:tripe-ec:bob struct:[p=ec,public:0xcfc0b74fe1c4f30ced726bb70fbe4592ed8456ba,0x351d4dcbc200ccd3f3b6f4ecc112ecbf2043402d,private=struct:[x=integer,private,burn:333869955870933965311262832506583263321304092611],curve=string,shared:secp160r1] forever forever bulk=iiv
-e1a55f0e:tripe-ec:alice struct:[p=ec,public:0xce3bdc518066042b19083e2d27b0ded1915cb6b9,0xadef0e2006072f7bf038ef608e039a47e5767070,private=struct:[x=integer,private,burn:184161721501402669384082492238940360070520035996],curve=string,shared:secp160r1] forever forever bulk=iiv
+000f1070:tripe-ec-param struct:[curve=string,shared:secp160r1] forever forever bulk=iiv&serialization=constlen
+63803f04:tripe-ec:carol struct:[p=ec,public:0x42a11d34a1e19a69222a67c6ec29ff1d421cb021,0xc7d35a6dc9c330a09ee8e30680397b8bf51c29de,private=struct:[x=integer,private,burn:964893088925854502228477969935127891578649410999],curve=string,shared:secp160r1] forever forever bulk=iiv&serialization=constlen
+4045911b:tripe-ec:bob struct:[p=ec,public:0xcfc0b74fe1c4f30ced726bb70fbe4592ed8456ba,0x351d4dcbc200ccd3f3b6f4ecc112ecbf2043402d,private=struct:[x=integer,private,burn:333869955870933965311262832506583263321304092611],curve=string,shared:secp160r1] forever forever bulk=iiv&serialization=constlen
+e1a55f0e:tripe-ec:alice struct:[p=ec,public:0xce3bdc518066042b19083e2d27b0ded1915cb6b9,0xadef0e2006072f7bf038ef608e039a47e5767070,private=struct:[x=integer,private,burn:184161721501402669384082492238940360070520035996],curve=string,shared:secp160r1] forever forever bulk=iiv&serialization=constlen