1/* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 * 3 * LibTomCrypt is a library that provides various cryptographic 4 * algorithms in a highly modular and flexible manner. 5 * 6 * The library is free for all purposes without any express 7 * guarantee it works. 8 * 9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com 10 */ 11 12/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b 13 * 14 * All curves taken from NIST recommendation paper of July 1999 15 * Available at http://csrc.nist.gov/cryptval/dss.htm 16 */ 17#include "tomcrypt.h" 18 19/** 20 @file ecc_decrypt_key.c 21 ECC Crypto, Tom St Denis 22*/ 23 24#ifdef MECC 25 26/** 27 Decrypt an ECC encrypted key 28 @param in The ciphertext 29 @param inlen The length of the ciphertext (octets) 30 @param out [out] The plaintext 31 @param outlen [in/out] The max size and resulting size of the plaintext 32 @param key The corresponding private ECC key 33 @return CRYPT_OK if successful 34*/ 35int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, 36 unsigned char *out, unsigned long *outlen, 37 ecc_key *key) 38{ 39 unsigned char *ecc_shared, *skey, *pub_expt; 40 unsigned long x, y, hashOID[32]; 41 int hash, err; 42 ecc_key pubkey; 43 ltc_asn1_list decode[3]; 44 45 LTC_ARGCHK(in != NULL); 46 LTC_ARGCHK(out != NULL); 47 LTC_ARGCHK(outlen != NULL); 48 LTC_ARGCHK(key != NULL); 49 50 /* right key type? */ 51 if (key->type != PK_PRIVATE) { 52 return CRYPT_PK_NOT_PRIVATE; 53 } 54 55 /* decode to find out hash */ 56 LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); 57 58 if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { 59 return err; 60 } 61 62 hash = find_hash_oid(hashOID, decode[0].size); 63 if (hash_is_valid(hash) != CRYPT_OK) { 64 return CRYPT_INVALID_PACKET; 65 } 66 67 /* we now have the hash! */ 68 69 /* allocate memory */ 70 pub_expt = XMALLOC(ECC_BUF_SIZE); 71 ecc_shared = XMALLOC(ECC_BUF_SIZE); 72 skey = XMALLOC(MAXBLOCKSIZE); 73 if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { 74 if (pub_expt != NULL) { 75 XFREE(pub_expt); 76 } 77 if (ecc_shared != NULL) { 78 XFREE(ecc_shared); 79 } 80 if (skey != NULL) { 81 XFREE(skey); 82 } 83 return CRYPT_MEM; 84 } 85 LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE); 86 LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); 87 88 /* read the structure in now */ 89 if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { 90 goto LBL_ERR; 91 } 92 93 /* import ECC key from packet */ 94 if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) { 95 goto LBL_ERR; 96 } 97 98 /* make shared key */ 99 x = ECC_BUF_SIZE; 100 if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) { 101 ecc_free(&pubkey); 102 goto LBL_ERR; 103 } 104 ecc_free(&pubkey); 105 106 y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE); 107 if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) { 108 goto LBL_ERR; 109 } 110 111 /* ensure the hash of the shared secret is at least as big as the encrypt itself */ 112 if (decode[2].size > y) { 113 err = CRYPT_INVALID_PACKET; 114 goto LBL_ERR; 115 } 116 117 /* avoid buffer overflow */ 118 if (*outlen < decode[2].size) { 119 *outlen = decode[2].size; 120 err = CRYPT_BUFFER_OVERFLOW; 121 goto LBL_ERR; 122 } 123 124 /* Decrypt the key */ 125 for (x = 0; x < decode[2].size; x++) { 126 out[x] = skey[x] ^ ecc_shared[x]; 127 } 128 *outlen = x; 129 130 err = CRYPT_OK; 131LBL_ERR: 132#ifdef LTC_CLEAN_STACK 133 zeromem(pub_expt, ECC_BUF_SIZE); 134 zeromem(ecc_shared, ECC_BUF_SIZE); 135 zeromem(skey, MAXBLOCKSIZE); 136#endif 137 138 XFREE(pub_expt); 139 XFREE(ecc_shared); 140 XFREE(skey); 141 142 return err; 143} 144 145#endif 146 147/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c,v $ */ 148/* $Revision: 1.5 $ */ 149/* $Date: 2006/06/16 21:53:41 $ */ 150 151