2013-01-26 15:30:46 +01:00
|
|
|
/**
|
|
|
|
|
* \file ecdh.h
|
|
|
|
|
*
|
|
|
|
|
* \brief Elliptic curve Diffie-Hellman
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
|
|
|
|
*
|
|
|
|
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
|
|
|
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
|
|
|
|
*
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
*/
|
|
|
|
|
#ifndef POLARSSL_ECDH_H
|
|
|
|
|
#define POLARSSL_ECDH_H
|
|
|
|
|
|
2013-10-03 11:50:39 +02:00
|
|
|
#include "ecp.h"
|
2013-01-26 15:30:46 +01:00
|
|
|
|
2013-06-27 14:29:21 +02:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-12-12 09:55:52 +01:00
|
|
|
/**
|
|
|
|
|
* When importing from an EC key, select if it is our key or the peer's key
|
|
|
|
|
*/
|
|
|
|
|
typedef enum
|
|
|
|
|
{
|
|
|
|
|
POLARSSL_ECDH_OURS,
|
|
|
|
|
POLARSSL_ECDH_THEIRS,
|
|
|
|
|
} ecdh_side;
|
|
|
|
|
|
2013-02-10 14:21:04 +01:00
|
|
|
/**
|
|
|
|
|
* \brief ECDH context structure
|
|
|
|
|
*/
|
|
|
|
|
typedef struct
|
|
|
|
|
{
|
2014-06-25 14:45:24 +02:00
|
|
|
ecp_group grp; /*!< elliptic curve used */
|
2014-06-25 13:55:10 +02:00
|
|
|
mpi d; /*!< our secret value (private key) */
|
|
|
|
|
ecp_point Q; /*!< our public value (public key) */
|
|
|
|
|
ecp_point Qp; /*!< peer's public value (public key) */
|
|
|
|
|
mpi z; /*!< shared secret */
|
|
|
|
|
int point_format; /*!< format for point export in TLS messages */
|
|
|
|
|
ecp_point Vi; /*!< blinding value (for later) */
|
|
|
|
|
ecp_point Vf; /*!< un-blinding value (for later) */
|
|
|
|
|
mpi _d; /*!< previous d (for later) */
|
2013-02-10 14:21:04 +01:00
|
|
|
}
|
|
|
|
|
ecdh_context;
|
|
|
|
|
|
2013-01-26 16:05:22 +01:00
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Generate a public key.
|
|
|
|
|
* Raw function that only does the core computation.
|
2013-01-26 16:05:22 +01:00
|
|
|
*
|
|
|
|
|
* \param grp ECP group
|
2014-06-25 13:55:10 +02:00
|
|
|
* \param d Destination MPI (secret exponent, aka private key)
|
2013-01-26 16:05:22 +01:00
|
|
|
* \param Q Destination point (public key)
|
|
|
|
|
* \param f_rng RNG function
|
|
|
|
|
* \param p_rng RNG parameter
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful,
|
|
|
|
|
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
|
|
|
|
|
*/
|
2013-09-17 19:13:10 +02:00
|
|
|
int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
|
2013-01-26 16:05:22 +01:00
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng );
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Compute shared secret
|
2014-06-25 13:55:10 +02:00
|
|
|
* Raw function that only does the core computation.
|
2013-01-26 16:05:22 +01:00
|
|
|
*
|
|
|
|
|
* \param grp ECP group
|
|
|
|
|
* \param z Destination MPI (shared secret)
|
|
|
|
|
* \param Q Public key from other party
|
2014-06-25 13:55:10 +02:00
|
|
|
* \param d Our secret exponent (private key)
|
2013-09-02 14:29:09 +02:00
|
|
|
* \param f_rng RNG function (see notes)
|
|
|
|
|
* \param p_rng RNG parameter
|
2013-01-26 16:05:22 +01:00
|
|
|
*
|
|
|
|
|
* \return 0 if successful,
|
|
|
|
|
* or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
|
2013-09-02 14:29:09 +02:00
|
|
|
*
|
|
|
|
|
* \note If f_rng is not NULL, it is used to implement
|
|
|
|
|
* countermeasures against potential elaborate timing
|
|
|
|
|
* attacks, see \c ecp_mul() for details.
|
2013-01-26 16:05:22 +01:00
|
|
|
*/
|
2013-09-17 19:13:10 +02:00
|
|
|
int ecdh_compute_shared( ecp_group *grp, mpi *z,
|
2013-09-02 14:29:09 +02:00
|
|
|
const ecp_point *Q, const mpi *d,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng );
|
2013-01-26 15:30:46 +01:00
|
|
|
|
2013-02-10 14:21:04 +01:00
|
|
|
/**
|
|
|
|
|
* \brief Initialize context
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to initialize
|
|
|
|
|
*/
|
|
|
|
|
void ecdh_init( ecdh_context *ctx );
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Free context
|
|
|
|
|
*
|
|
|
|
|
* \param ctx Context to free
|
|
|
|
|
*/
|
|
|
|
|
void ecdh_free( ecdh_context *ctx );
|
|
|
|
|
|
2013-02-10 15:01:54 +01:00
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Generate a public key and a TLS ServerKeyExchange payload.
|
|
|
|
|
* (First function used by a TLS server for ECDHE.)
|
2013-02-10 15:01:54 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH context
|
|
|
|
|
* \param olen number of chars written
|
2013-09-10 16:16:50 +02:00
|
|
|
* \param buf destination buffer
|
|
|
|
|
* \param blen length of buffer
|
2013-02-10 15:01:54 +01:00
|
|
|
* \param f_rng RNG function
|
|
|
|
|
* \param p_rng RNG parameter
|
|
|
|
|
*
|
|
|
|
|
* \note This function assumes that ctx->grp has already been
|
|
|
|
|
* properly set (for example using ecp_use_known_dp).
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
2013-02-11 20:28:55 +01:00
|
|
|
int ecdh_make_params( ecdh_context *ctx, size_t *olen,
|
|
|
|
|
unsigned char *buf, size_t blen,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng );
|
|
|
|
|
|
|
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Parse and procress a TLS ServerKeyExhange payload.
|
|
|
|
|
* (First function used by a TLS client for ECDHE.)
|
2013-02-11 20:28:55 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH context
|
2013-09-10 16:16:50 +02:00
|
|
|
* \param buf pointer to start of input buffer
|
2013-02-11 20:28:55 +01:00
|
|
|
* \param end one past end of buffer
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_read_params( ecdh_context *ctx,
|
|
|
|
|
const unsigned char **buf, const unsigned char *end );
|
2013-02-10 15:01:54 +01:00
|
|
|
|
2013-12-12 09:55:52 +01:00
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Setup an ECDH context from an EC key.
|
|
|
|
|
* (Used by clients and servers in place of the
|
|
|
|
|
* ServerKeyEchange for static ECDH: import ECDH parameters
|
|
|
|
|
* from a certificate's EC key information.)
|
2013-12-12 09:55:52 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH constext to set
|
|
|
|
|
* \param key EC key to use
|
2013-12-30 17:57:27 +01:00
|
|
|
* \param side Is it our key (1) or the peer's key (0) ?
|
2013-12-12 09:55:52 +01:00
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
|
|
|
|
|
ecdh_side side );
|
|
|
|
|
|
2013-02-11 21:51:45 +01:00
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Generate a public key and a TLS ClientKeyExchange payload.
|
|
|
|
|
* (Second function used by a TLS client for ECDH(E).)
|
2013-02-11 21:51:45 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH context
|
|
|
|
|
* \param olen number of bytes actually written
|
|
|
|
|
* \param buf destination buffer
|
|
|
|
|
* \param blen size of destination buffer
|
2013-09-10 16:16:50 +02:00
|
|
|
* \param f_rng RNG function
|
|
|
|
|
* \param p_rng RNG parameter
|
2013-02-11 21:51:45 +01:00
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_make_public( ecdh_context *ctx, size_t *olen,
|
|
|
|
|
unsigned char *buf, size_t blen,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng );
|
|
|
|
|
|
|
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Parse and process a TLS ClientKeyExchange payload.
|
|
|
|
|
* (Second function used by a TLS server for ECDH(E).)
|
2013-02-11 21:51:45 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH context
|
|
|
|
|
* \param buf start of input buffer
|
|
|
|
|
* \param blen length of input buffer
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_read_public( ecdh_context *ctx,
|
|
|
|
|
const unsigned char *buf, size_t blen );
|
|
|
|
|
|
2013-02-11 22:05:42 +01:00
|
|
|
/**
|
2014-06-25 13:55:10 +02:00
|
|
|
* \brief Derive and export the shared secret.
|
|
|
|
|
* (Last function used by both TLS client en servers.)
|
2013-02-11 22:05:42 +01:00
|
|
|
*
|
|
|
|
|
* \param ctx ECDH context
|
|
|
|
|
* \param olen number of bytes written
|
|
|
|
|
* \param buf destination buffer
|
|
|
|
|
* \param blen buffer length
|
2013-09-02 14:29:09 +02:00
|
|
|
* \param f_rng RNG function, see notes for \c ecdh_compute_shared()
|
|
|
|
|
* \param p_rng RNG parameter
|
2013-02-11 22:05:42 +01:00
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
|
2013-09-02 14:29:09 +02:00
|
|
|
unsigned char *buf, size_t blen,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng );
|
2013-02-11 22:05:42 +01:00
|
|
|
|
2013-01-26 15:30:46 +01:00
|
|
|
/**
|
|
|
|
|
* \brief Checkup routine
|
|
|
|
|
*
|
|
|
|
|
* \return 0 if successful, or 1 if the test failed
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_self_test( int verbose );
|
|
|
|
|
|
2013-01-26 16:05:22 +01:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-05-01 13:03:14 +02:00
|
|
|
#endif /* ecdh.h */
|
