1 // Copyright 2015-2017 Brian Smith.
2 //
3 // Permission to use, copy, modify, and/or distribute this software for any
4 // purpose with or without fee is hereby granted, provided that the above
5 // copyright notice and this permission notice appear in all copies.
6 //
7 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
10 // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 
15 use crate::{ec, error, rand};
16 
17 /// A key agreement algorithm.
18 macro_rules! suite_b_curve {
19     ( $NAME:ident, $bits:expr, $private_key_ops:expr, $id:expr,
20       $check_private_key_bytes:ident, $generate_private_key:ident,
21       $public_from_private:ident) => {
22         /// Public keys are encoding in uncompressed form using the
23         /// Octet-String-to-Elliptic-Curve-Point algorithm in
24         /// [SEC 1: Elliptic Curve Cryptography, Version 2.0]. Public keys are
25         /// validated during key agreement according to
26         /// [NIST Special Publication 800-56A, revision 2] and Appendix B.3 of
27         /// the NSA's [Suite B Implementer's Guide to NIST SP 800-56A].
28         ///
29         /// [SEC 1: Elliptic Curve Cryptography, Version 2.0]:
30         ///     http://www.secg.org/sec1-v2.pdf
31         /// [NIST Special Publication 800-56A, revision 2]:
32         ///     http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
33         /// [Suite B Implementer's Guide to NIST SP 800-56A]:
34         ///     https://github.com/briansmith/ring/blob/main/doc/ecdh.pdf
35         pub static $NAME: ec::Curve = ec::Curve {
36             public_key_len: 1 + (2 * (($bits + 7) / 8)),
37             elem_scalar_seed_len: ($bits + 7) / 8,
38             id: $id,
39             check_private_key_bytes: $check_private_key_bytes,
40             generate_private_key: $generate_private_key,
41             public_from_private: $public_from_private,
42         };
43 
44         fn $check_private_key_bytes(bytes: &[u8]) -> Result<(), error::Unspecified> {
45             debug_assert_eq!(bytes.len(), $bits / 8);
46             ec::suite_b::private_key::check_scalar_big_endian_bytes($private_key_ops, bytes)
47         }
48 
49         fn $generate_private_key(
50             rng: &dyn rand::SecureRandom,
51             out: &mut [u8],
52         ) -> Result<(), error::Unspecified> {
53             ec::suite_b::private_key::generate_private_scalar_bytes($private_key_ops, rng, out)
54         }
55 
56         fn $public_from_private(
57             public_out: &mut [u8],
58             private_key: &ec::Seed,
59         ) -> Result<(), error::Unspecified> {
60             ec::suite_b::private_key::public_from_private($private_key_ops, public_out, private_key)
61         }
62     };
63 }
64 
65 suite_b_curve!(
66     P256,
67     256,
68     &ec::suite_b::ops::p256::PRIVATE_KEY_OPS,
69     ec::CurveID::P256,
70     p256_check_private_key_bytes,
71     p256_generate_private_key,
72     p256_public_from_private
73 );
74 
75 suite_b_curve!(
76     P384,
77     384,
78     &ec::suite_b::ops::p384::PRIVATE_KEY_OPS,
79     ec::CurveID::P384,
80     p384_check_private_key_bytes,
81     p384_generate_private_key,
82     p384_public_from_private
83 );
84