2013-01-26 15:30:46 +01:00
|
|
|
/*
|
|
|
|
|
* Elliptic curve Diffie-Hellman
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
|
|
|
|
*
|
|
|
|
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
|
|
|
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
|
|
|
|
*
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* References:
|
|
|
|
|
*
|
|
|
|
|
* SEC1 http://www.secg.org/index.php?action=secg,docs_secg
|
2013-02-10 14:21:04 +01:00
|
|
|
* RFC 4492
|
2013-01-26 15:30:46 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "polarssl/config.h"
|
|
|
|
|
|
2013-01-26 16:33:44 +01:00
|
|
|
#if defined(POLARSSL_ECDH_C)
|
2013-01-26 15:30:46 +01:00
|
|
|
|
|
|
|
|
#include "polarssl/ecdh.h"
|
|
|
|
|
|
2013-01-26 16:05:22 +01:00
|
|
|
/*
|
|
|
|
|
* Generate public key: simple wrapper around ecp_gen_keypair
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_gen_public( const ecp_group *grp, mpi *d, ecp_point *Q,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng )
|
|
|
|
|
{
|
|
|
|
|
return ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Compute shared secret (SEC1 3.3.1)
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_compute_shared( const ecp_group *grp, mpi *z,
|
|
|
|
|
const ecp_point *Q, const mpi *d )
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
ecp_point P;
|
|
|
|
|
|
|
|
|
|
ecp_point_init( &P );
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure Q is a valid pubkey before using it
|
|
|
|
|
*/
|
|
|
|
|
MPI_CHK( ecp_check_pubkey( grp, Q ) );
|
|
|
|
|
|
|
|
|
|
MPI_CHK( ecp_mul( grp, &P, d, Q ) );
|
|
|
|
|
|
|
|
|
|
if( ecp_is_zero( &P ) )
|
2013-07-26 14:21:34 +02:00
|
|
|
{
|
|
|
|
|
ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
2013-01-26 16:05:22 +01:00
|
|
|
|
|
|
|
|
MPI_CHK( mpi_copy( z, &P.X ) );
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
ecp_point_free( &P );
|
|
|
|
|
|
|
|
|
|
return( ret );
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-10 14:21:04 +01:00
|
|
|
/*
|
|
|
|
|
* Initialize context
|
|
|
|
|
*/
|
|
|
|
|
void ecdh_init( ecdh_context *ctx )
|
|
|
|
|
{
|
|
|
|
|
ecp_group_init( &ctx->grp );
|
|
|
|
|
mpi_init ( &ctx->d );
|
|
|
|
|
ecp_point_init( &ctx->Q );
|
|
|
|
|
ecp_point_init( &ctx->Qp );
|
|
|
|
|
mpi_init ( &ctx->z );
|
2013-02-10 15:01:54 +01:00
|
|
|
ctx->point_format = POLARSSL_ECP_PF_UNCOMPRESSED;
|
2013-02-10 14:21:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free context
|
|
|
|
|
*/
|
|
|
|
|
void ecdh_free( ecdh_context *ctx )
|
|
|
|
|
{
|
|
|
|
|
if( ctx == NULL )
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
ecp_group_free( &ctx->grp );
|
|
|
|
|
mpi_free ( &ctx->d );
|
|
|
|
|
ecp_point_free( &ctx->Q );
|
|
|
|
|
ecp_point_free( &ctx->Qp );
|
|
|
|
|
mpi_free ( &ctx->z );
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-10 15:01:54 +01:00
|
|
|
/*
|
2013-02-11 20:28:55 +01:00
|
|
|
* Setup and write the ServerKeyExhange parameters (RFC 4492)
|
2013-02-10 15:01:54 +01:00
|
|
|
* struct {
|
|
|
|
|
* ECParameters curve_params;
|
|
|
|
|
* ECPoint public;
|
|
|
|
|
* } ServerECDHParams;
|
|
|
|
|
*/
|
2013-02-11 20:28:55 +01:00
|
|
|
int ecdh_make_params( ecdh_context *ctx, size_t *olen,
|
|
|
|
|
unsigned char *buf, size_t blen,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng )
|
2013-02-10 15:01:54 +01:00
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
size_t grp_len, pt_len;
|
|
|
|
|
|
2013-02-11 22:12:39 +01:00
|
|
|
if( ctx == NULL || ctx->grp.pbits == 0 )
|
|
|
|
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
|
|
|
|
|
2013-02-10 15:01:54 +01:00
|
|
|
if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
|
|
|
|
|
!= 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
if( ( ret = ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
|
|
|
|
|
!= 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
buf += grp_len;
|
|
|
|
|
blen -= grp_len;
|
|
|
|
|
|
|
|
|
|
if( ( ret = ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
|
|
|
|
|
&pt_len, buf, blen ) ) != 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
*olen = grp_len + pt_len;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-11 20:28:55 +01:00
|
|
|
/*
|
|
|
|
|
* Read the ServerKeyExhange parameters (RFC 4492)
|
|
|
|
|
* struct {
|
|
|
|
|
* ECParameters curve_params;
|
|
|
|
|
* ECPoint public;
|
|
|
|
|
* } ServerECDHParams;
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_read_params( ecdh_context *ctx,
|
|
|
|
|
const unsigned char **buf, const unsigned char *end )
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if( ( ret = ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
|
|
|
|
|
!= 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2013-01-26 15:30:46 +01:00
|
|
|
|
2013-02-11 21:51:45 +01:00
|
|
|
/*
|
|
|
|
|
* Setup and export the client public value
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_make_public( ecdh_context *ctx, size_t *olen,
|
|
|
|
|
unsigned char *buf, size_t blen,
|
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
|
void *p_rng )
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
2013-02-11 22:12:39 +01:00
|
|
|
if( ctx == NULL || ctx->grp.pbits == 0 )
|
|
|
|
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
|
|
|
|
|
2013-02-11 21:51:45 +01:00
|
|
|
if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
|
|
|
|
|
!= 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
|
|
|
|
return ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
|
|
|
|
|
olen, buf, blen );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parse and import the client's public value
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_read_public( ecdh_context *ctx,
|
|
|
|
|
const unsigned char *buf, size_t blen )
|
|
|
|
|
{
|
2013-02-11 22:12:39 +01:00
|
|
|
if( ctx == NULL )
|
|
|
|
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
|
|
|
|
|
2013-02-11 21:51:45 +01:00
|
|
|
return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-11 22:05:42 +01:00
|
|
|
/*
|
|
|
|
|
* Derive and export the shared secret
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
|
|
|
|
|
unsigned char *buf, size_t blen )
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
2013-02-11 22:12:39 +01:00
|
|
|
if( ctx == NULL )
|
|
|
|
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
|
|
|
|
|
2013-02-11 22:05:42 +01:00
|
|
|
if( ( ret = ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d ) )
|
|
|
|
|
!= 0 )
|
|
|
|
|
return( ret );
|
|
|
|
|
|
2013-03-20 14:39:14 +01:00
|
|
|
if( mpi_size( &ctx->z ) > blen )
|
|
|
|
|
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
|
|
|
|
|
|
|
|
|
*olen = ctx->grp.nbits / 8 + ( ( ctx->grp.nbits % 8 ) != 0 );
|
|
|
|
|
return mpi_write_binary( &ctx->z, buf, *olen );
|
2013-02-11 22:05:42 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-01-26 15:30:46 +01:00
|
|
|
#if defined(POLARSSL_SELF_TEST)
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Checkup routine
|
|
|
|
|
*/
|
|
|
|
|
int ecdh_self_test( int verbose )
|
|
|
|
|
{
|
|
|
|
|
return( verbose++ );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-01-26 16:33:44 +01:00
|
|
|
#endif /* defined(POLARSSL_ECDH_C) */
|
