1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10 */
11
12 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
13 *
14 * All curves taken from NIST recommendation paper of July 1999
15 * Available at http://csrc.nist.gov/cryptval/dss.htm
16 */
17 #include "tomcrypt.h"
18
19 /**
20 @file ecc_decrypt_key.c
21 ECC Crypto, Tom St Denis
22 */
23
24 #ifdef MECC
25
26 /**
27 Decrypt an ECC encrypted key
28 @param in The ciphertext
29 @param inlen The length of the ciphertext (octets)
30 @param out [out] The plaintext
31 @param outlen [in/out] The max size and resulting size of the plaintext
32 @param key The corresponding private ECC key
33 @return CRYPT_OK if successful
34 */
ecc_decrypt_key(const unsigned char * in,unsigned long inlen,unsigned char * out,unsigned long * outlen,ecc_key * key)35 int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
36 unsigned char *out, unsigned long *outlen,
37 ecc_key *key)
38 {
39 unsigned char *ecc_shared, *skey, *pub_expt;
40 unsigned long x, y, hashOID[32];
41 int hash, err;
42 ecc_key pubkey;
43 ltc_asn1_list decode[3];
44
45 LTC_ARGCHK(in != NULL);
46 LTC_ARGCHK(out != NULL);
47 LTC_ARGCHK(outlen != NULL);
48 LTC_ARGCHK(key != NULL);
49
50 /* right key type? */
51 if (key->type != PK_PRIVATE) {
52 return CRYPT_PK_NOT_PRIVATE;
53 }
54
55 /* decode to find out hash */
56 LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
57
58 if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
59 return err;
60 }
61
62 hash = find_hash_oid(hashOID, decode[0].size);
63 if (hash_is_valid(hash) != CRYPT_OK) {
64 return CRYPT_INVALID_PACKET;
65 }
66
67 /* we now have the hash! */
68
69 /* allocate memory */
70 pub_expt = XMALLOC(ECC_BUF_SIZE);
71 ecc_shared = XMALLOC(ECC_BUF_SIZE);
72 skey = XMALLOC(MAXBLOCKSIZE);
73 if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
74 if (pub_expt != NULL) {
75 XFREE(pub_expt);
76 }
77 if (ecc_shared != NULL) {
78 XFREE(ecc_shared);
79 }
80 if (skey != NULL) {
81 XFREE(skey);
82 }
83 return CRYPT_MEM;
84 }
85 LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE);
86 LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
87
88 /* read the structure in now */
89 if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
90 goto LBL_ERR;
91 }
92
93 /* import ECC key from packet */
94 if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
95 goto LBL_ERR;
96 }
97
98 /* make shared key */
99 x = ECC_BUF_SIZE;
100 if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) {
101 ecc_free(&pubkey);
102 goto LBL_ERR;
103 }
104 ecc_free(&pubkey);
105
106 y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE);
107 if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) {
108 goto LBL_ERR;
109 }
110
111 /* ensure the hash of the shared secret is at least as big as the encrypt itself */
112 if (decode[2].size > y) {
113 err = CRYPT_INVALID_PACKET;
114 goto LBL_ERR;
115 }
116
117 /* avoid buffer overflow */
118 if (*outlen < decode[2].size) {
119 *outlen = decode[2].size;
120 err = CRYPT_BUFFER_OVERFLOW;
121 goto LBL_ERR;
122 }
123
124 /* Decrypt the key */
125 for (x = 0; x < decode[2].size; x++) {
126 out[x] = skey[x] ^ ecc_shared[x];
127 }
128 *outlen = x;
129
130 err = CRYPT_OK;
131 LBL_ERR:
132 #ifdef LTC_CLEAN_STACK
133 zeromem(pub_expt, ECC_BUF_SIZE);
134 zeromem(ecc_shared, ECC_BUF_SIZE);
135 zeromem(skey, MAXBLOCKSIZE);
136 #endif
137
138 XFREE(pub_expt);
139 XFREE(ecc_shared);
140 XFREE(skey);
141
142 return err;
143 }
144
145 #endif
146
147 /* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c,v $ */
148 /* $Revision: 1.5 $ */
149 /* $Date: 2006/06/16 21:53:41 $ */
150
151