From 4936beb5136e26271247de49588045f71f740806 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 12 Dec 2018 17:26:41 +0000 Subject: [PATCH] ECDH: Clean up the interface to Everest code --- 3rdparty/everest/include/everest/everest.h | 38 +++++++----- 3rdparty/everest/include/everest/x25519.h | 13 +++- 3rdparty/everest/library/everest.c | 70 ++++++++-------------- 3rdparty/everest/library/x25519.c | 8 ++- library/ecdh.c | 35 ++++++++--- 5 files changed, 88 insertions(+), 76 deletions(-) mode change 100644 => 100755 3rdparty/everest/include/everest/everest.h mode change 100644 => 100755 3rdparty/everest/include/everest/x25519.h mode change 100644 => 100755 3rdparty/everest/library/x25519.c diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h old mode 100644 new mode 100755 index aceeeae69..58065001f --- a/3rdparty/everest/include/everest/everest.h +++ b/3rdparty/everest/include/everest/everest.h @@ -22,17 +22,23 @@ #ifndef MBEDTLS_EVEREST_H #define MBEDTLS_EVEREST_H +#include "everest/x25519.h" + #ifdef __cplusplus extern "C" { #endif -struct mbedtls_ecdh_context; -typedef struct mbedtls_ecdh_context mbedtls_ecdh_context; - -struct mbedtls_x25519_context_; +/** + * Defines the source of the imported EC key. + */ +typedef enum +{ + MBEDTLS_EVEREST_ECDH_OURS, /**< Our key. */ + MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */ +} mbedtls_everest_ecdh_side; typedef struct { - struct mbedtls_x25519_context_ *ctx; + mbedtls_x25519_context ctx; } mbedtls_ecdh_context_everest; @@ -48,18 +54,18 @@ typedef struct { * ciphersuites. * * \param ctx The ECDH context to set up. - * \param grp The group id of the group to set up the context for. + * \param grp_id The group id of the group to set up the context for. * * \return \c 0 on success. */ -int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ); +int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id ); /** * \brief This function frees a context. * * \param ctx The context to free. */ -void mbedtls_everest_free( mbedtls_ecdh_context *ctx ); +void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx ); /** * \brief This function generates a public key and a TLS @@ -84,7 +90,7 @@ void mbedtls_everest_free( mbedtls_ecdh_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); @@ -106,7 +112,7 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, const unsigned char **buf, const unsigned char *end ); /** @@ -126,7 +132,7 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, const unsigned char **buf, const unsigned char *end ); /** @@ -147,8 +153,8 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - int side ); +int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key, + mbedtls_everest_ecdh_side side ); /** * \brief This function generates a public key and a TLS @@ -169,7 +175,7 @@ int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_key * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); @@ -191,7 +197,7 @@ int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx, const unsigned char *buf, size_t blen ); /** @@ -216,7 +222,7 @@ int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h old mode 100644 new mode 100755 index e332ff23c..cdfb16f53 --- a/3rdparty/everest/include/everest/x25519.h +++ b/3rdparty/everest/include/everest/x25519.h @@ -22,14 +22,21 @@ #ifndef MBEDTLS_X25519_H #define MBEDTLS_X25519_H -#include - #ifdef __cplusplus extern "C" { #endif #define MBEDTLS_ECP_TLS_CURVE25519 0x1d +/** + * Defines the source of the imported EC key. + */ +typedef enum +{ + MBEDTLS_X25519_ECDH_OURS, /**< Our key. */ + MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */ +} mbedtls_x25519_ecdh_side; + /** * \brief The x25519 context structure. */ @@ -109,7 +116,7 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, * */ int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, - int side ); + mbedtls_x25519_ecdh_side side ); /** * \brief This function derives and exports the shared secret. diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 2b111af00..4b3a799dc 100755 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -41,89 +41,69 @@ #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ) +int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id ) { - if( grp != MBEDTLS_ECP_DP_CURVE25519 ) + if( grp_id != MBEDTLS_ECP_DP_CURVE25519 ) return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; - ctx->grp_id = grp; - - ctx->ctx.everest_ecdh.ctx = mbedtls_calloc( 1, sizeof( mbedtls_x25519_context ) ); - mbedtls_x25519_init( ctx->ctx.everest_ecdh.ctx ); - + mbedtls_x25519_init( &ctx->ctx ); return 0; } -void mbedtls_everest_free( mbedtls_ecdh_context *ctx ) +void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - - mbedtls_x25519_free( x25519_ctx ); - mbedtls_free( x25519_ctx ); - - ctx->var = MBEDTLS_ECDH_VARIANT_NONE; - ctx->grp_id = MBEDTLS_ECP_DP_NONE; + mbedtls_x25519_free( &ctx->ctx ); } -int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, const unsigned char *end ) +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, + const unsigned char **buf, + const unsigned char *end ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_read_params( x25519_ctx, buf, end ); } -int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - int side ) +int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_everest_ecdh_side side ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - return mbedtls_x25519_get_params( x25519_ctx, key, side ); + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; + mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ? + MBEDTLS_X25519_ECDH_OURS : + MBEDTLS_X25519_ECDH_THEIRS; + return mbedtls_x25519_get_params( x25519_ctx, key, s ); } -int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } -int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx, const unsigned char *buf, size_t blen ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_read_public ( x25519_ctx, buf, blen ); } -int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c old mode 100644 new mode 100755 index 72cab6bbe..830018c46 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -27,6 +27,8 @@ #if defined(MBEDTLS_ECDH_C) +#include + #include #include @@ -100,16 +102,16 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, } int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, - int side ) + mbedtls_x25519_ecdh_side side ) { size_t olen = 0; switch( side ) { - case MBEDTLS_ECDH_THEIRS: + case MBEDTLS_X25519_ECDH_THEIRS: mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 ); /* untested; defensively throw an error for now. */ return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - case MBEDTLS_ECDH_OURS: + case MBEDTLS_X25519_ECDH_OURS: mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 ); /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */ /* untested; defensively throw an error for now. */ diff --git a/library/ecdh.c b/library/ecdh.c index b0367ec15..fec88d081 100755 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -221,8 +221,12 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - return( mbedtls_everest_setup( ctx, grp_id ) ); - break; + { + ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; + ctx->grp_id = grp_id; + return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); + } #endif default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; @@ -277,7 +281,9 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - mbedtls_everest_free( ctx ); + mbedtls_everest_free( &ctx->ctx.everest_ecdh ); + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; + ctx->grp_id = MBEDTLS_ECP_DP_NONE; break; #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: @@ -376,7 +382,8 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, @@ -429,7 +436,8 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_params( ctx, buf, end) ); + return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh, + buf, end) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, @@ -497,7 +505,13 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_get_params( ctx, key, side ) ); + { + mbedtls_x25519_ecdh_side s = side == MBEDTLS_ECDH_OURS ? + MBEDTLS_EVEREST_ECDH_OURS : + MBEDTLS_EVEREST_ECDH_THEIRS; + return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh, + key, s) ); + } #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, @@ -572,7 +586,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_public( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, @@ -617,7 +632,8 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_public( ctx, buf, blen ) ); + return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh, + buf, blen ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, @@ -703,7 +719,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_calc_secret( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,