X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/07bdda1fdf877d00dd63d53ebd5159b5edd1df29..26936c8341691d67655a055956656f2506d53a63:/server/dh.c diff --git a/server/dh.c b/server/dh.c index 314da5e4..5c27a079 100644 --- a/server/dh.c +++ b/server/dh.c @@ -639,6 +639,172 @@ static const char *ecdh_gestr(const dhgrp *gg, const dhge *YY) static void ecdh_freege(const dhgrp *gg, dhge *YY) { ecdh_ge *Y = (ecdh_ge *)YY; EC_DESTROY(&Y->Q); DESTROY(Y); } +/*----- The X25519 and similar groups -------------------------------------*/ + +#define XDHS(_) \ + _(x25519, X25519, "curve25519", 252, 255) \ + _(x448, X448, "ed448-goldilocks", 446, 448) + +#ifdef NTRACE +# define XDHTRACE(xdh, XDH, gname) +#else + + static const char *binstr(const octet *p, size_t sz) + { + char *q; + + for (q = (char *)buf_u; sz--; p++, q += 2) sprintf(q, "%02x", *p); + return ((const char *)buf_u); + } + +# define XDHTRACE(xdh, XDH, gname) \ + static void xdh##_tracegrp(const dhgrp *g) \ + { trace(T_CRYPTO, "crypto: group type `" gname "'"); } \ + \ + static const char *xdh##_scstr(const dhgrp *g, const dhsc *xx) \ + { \ + const xdh##_sc *x = (const xdh##_sc *)xx; \ + return (binstr(x->x, XDH##_KEYSZ)); \ + } \ + \ + static const char *xdh##_gestr(const dhgrp *g, const dhge *YY) \ + { \ + const xdh##_ge *Y = (const xdh##_ge *)YY; \ + return (binstr(Y->X, XDH##_PUBSZ)); \ + } +#endif + +#define XDHDEF(xdh, XDH, gname, groupbits, fieldbits) \ + \ + typedef struct xdh##_sc { octet x[XDH##_KEYSZ]; } xdh##_sc; \ + typedef struct xdh##_ge { octet X[XDH##_PUBSZ]; } xdh##_ge; \ + \ + XDHTRACE(xdh, XDH, gname) \ + \ + static dhsc *xdh##_bintosc(const key_bin *b) \ + { \ + xdh##_sc *x; \ + \ + if (b->sz != XDH##_KEYSZ) return (0); \ + x = CREATE(xdh##_sc); \ + memcpy(x->x, b->k, XDH##_KEYSZ); \ + return ((dhsc *)x); \ + } \ + \ + static dhge *xdh##_bintoge(const key_bin *b) \ + { \ + xdh##_ge *Y; \ + \ + if (b->sz != XDH##_PUBSZ) return (0); \ + Y = CREATE(xdh##_ge); \ + memcpy(Y->X, b->k, XDH##_PUBSZ); \ + return ((dhge *)Y); \ + } \ + \ + KLOAD(xdh, xdh, XDH, \ + { kd->grp = CREATE(dhgrp); kd->grp->scsz = 32; }, \ + { if ((kd->k = xdh##_bintosc(&p.priv)) == 0) { \ + a_format(e, "bad-private-key", A_END); \ + goto fail; \ + } \ + }, \ + { if ((kd->K = xdh##_bintoge(&p.pub)) == 0) { \ + a_format(e, "bad-public-vector", A_END); \ + goto fail; \ + } \ + }) \ + \ + static const char *xdh##_checkgrp(const dhgrp *g) \ + { return (0); } \ + \ + static void xdh##_grpinfo(const dhgrp *g, admin *adm) \ + { \ + a_info(adm, \ + "kx-group=" gname, \ + "kx-group-order-bits=%d", (groupbits), \ + "kx-group-elt-bits=%d", (fieldbits), \ + A_END); \ + } \ + \ + static int xdh##_samegrpp(const dhgrp *g, const dhgrp *hh) \ + { return (1); } \ + \ + static void xdh##_freegrp(dhgrp *g) \ + { DESTROY(g); } \ + \ + static dhsc *xdh##_ldsc(const dhgrp *g, const void *p, size_t sz) \ + { \ + xdh##_sc *x; \ + if (sz != XDH##_KEYSZ) return (0); \ + x = CREATE(xdh##_sc); \ + memcpy(x->x, p, XDH##_KEYSZ); \ + return ((dhsc *)x); \ + } \ + \ + static int xdh##_stsc(const dhgrp *g, void *p, size_t sz, \ + const dhsc *xx) \ + { \ + const xdh##_sc *x = (const xdh##_sc *)xx; \ + if (sz != XDH##_KEYSZ) return (-1); \ + memcpy(p, x->x, XDH##_KEYSZ); \ + return (0); \ + } \ + \ + static dhsc *xdh##_randsc(const dhgrp *g) \ + { \ + xdh##_sc *x = CREATE(xdh##_sc); \ + rand_get(RAND_GLOBAL, x->x, XDH##_KEYSZ); \ + return ((dhsc *)x); \ + } \ + \ + static void xdh##_freesc(const dhgrp *g, dhsc *xx) \ + { xdh##_sc *x = (xdh##_sc *)xx; DESTROY(x); } \ + \ + static dhge *xdh##_ldge(const dhgrp *g, buf *b, int fmt) \ + { \ + xdh##_ge *Y; \ + const octet *p; \ + \ + if ((p = buf_get(b, XDH##_PUBSZ)) == 0) return (0); \ + Y = CREATE(xdh##_ge); memcpy(Y->X, p, XDH##_PUBSZ); \ + return ((dhge *)Y); \ + } \ + \ + static int xdh##_stge(const dhgrp *g, buf *b, \ + const dhge *YY, int fmt) \ + { \ + const xdh##_ge *Y = (const xdh##_ge *)YY; \ + return (buf_put(b, Y->X, XDH##_PUBSZ)); \ + } \ + \ + static int xdh##_checkge(const dhgrp *g, const dhge *YY) \ + { return (0); } \ + \ + static int xdh##_eq(const dhgrp *g, const dhge *YY, const dhge *ZZ) \ + { \ + const xdh##_ge \ + *Y = (const xdh##_ge *)YY, *Z = (const xdh##_ge *)ZZ; \ + return (ct_memeq(Y->X, Z->X, XDH##_PUBSZ)); \ + } \ + \ + static dhge *xdh##_mul(const dhgrp *g, \ + const dhsc *xx, const dhge *YY) \ + { \ + const xdh##_sc *x = (const xdh##_sc *)xx; \ + const xdh##_ge *Y = (const xdh##_ge *)YY; \ + xdh##_ge *Z = CREATE(xdh##_ge); \ + \ + xdh(Z->X, x->x, Y ? Y->X : xdh##_base); \ + return ((dhge *)Z); \ + } \ + \ + static void xdh##_freege(const dhgrp *g, dhge *YY) \ + { xdh##_ge *Y = (xdh##_ge *)YY; DESTROY(Y); } + +XDHS(XDHDEF) + +#undef XDHDEF + /*----- Diffie--Hellman group table ---------------------------------------*/ const dhops dhtab[] = { @@ -657,6 +823,10 @@ const dhops dhtab[] = { DH("dh", intdh) DH("ec", ecdh) +#define XDHDH(xdh, XDH, gname, groupbits, fieldbits) DH(#xdh, xdh) + XDHS(XDHDH) +#undef XDHDH + #undef DH { 0 }