ECDH: Add new ECDH context for Everest Curve25519
This commit is contained in:
parent
2a9684e7c9
commit
de4fcf2ae3
6 changed files with 774 additions and 0 deletions
228
3rdparty/everest/include/everest/everest.h
vendored
Normal file
228
3rdparty/everest/include/everest/everest.h
vendored
Normal file
|
@ -0,0 +1,228 @@
|
|||
/*
|
||||
* Interface to code from Project Everest
|
||||
*
|
||||
* Copyright 2016-2018 INRIA and Microsoft Corporation
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org).
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_EVEREST_H
|
||||
#define MBEDTLS_EVEREST_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
struct mbedtls_ecdh_context;
|
||||
typedef struct mbedtls_ecdh_context mbedtls_ecdh_context;
|
||||
|
||||
struct mbedtls_x25519_context_;
|
||||
|
||||
typedef struct {
|
||||
struct mbedtls_x25519_context_ *ctx;
|
||||
} mbedtls_ecdh_context_everest;
|
||||
|
||||
|
||||
/**
|
||||
* \brief This function sets up the ECDH context with the information
|
||||
* given.
|
||||
*
|
||||
* This function should be called after mbedtls_ecdh_init() but
|
||||
* before mbedtls_ecdh_make_params(). There is no need to call
|
||||
* this function before mbedtls_ecdh_read_params().
|
||||
*
|
||||
* This is the first function used by a TLS server for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param grp The group id of the group to set up the context for.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp );
|
||||
|
||||
/**
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx The context to free.
|
||||
*/
|
||||
void mbedtls_everest_free( mbedtls_ecdh_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ServerKeyExchange payload.
|
||||
*
|
||||
* This is the second function used by a TLS server for ECDHE
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup().)
|
||||
*
|
||||
* \note This function assumes that the ECP group (grp) of the
|
||||
* \p ctx context has already been properly set,
|
||||
* for example, using mbedtls_ecp_group_load().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ServerKeyExhange
|
||||
* payload.
|
||||
*
|
||||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ServerKeyExhange
|
||||
* payload.
|
||||
*
|
||||
* This is the first function used by a TLS client for ECDHE
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function sets up an ECDH context from an EC key.
|
||||
*
|
||||
* It is used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key: 1: Our key, or
|
||||
* 0: The key of the peer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
int side );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ClientKeyExchange payload.
|
||||
*
|
||||
* This is the second function used by a TLS client for ECDH(E)
|
||||
* ciphersuites.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ClientKeyExchange
|
||||
* payload.
|
||||
*
|
||||
* This is the third function used by a TLS server for ECDH(E)
|
||||
* ciphersuites. (It is called after mbedtls_ecdh_setup() and
|
||||
* mbedtls_ecdh_make_params().)
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief This function derives and exports the shared secret.
|
||||
*
|
||||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to implement
|
||||
* countermeasures against side-channel attacks.
|
||||
* For more information, see mbedtls_ecp_mul().
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDH context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_EVEREST_H */
|
181
3rdparty/everest/include/everest/x25519.h
vendored
Normal file
181
3rdparty/everest/include/everest/x25519.h
vendored
Normal file
|
@ -0,0 +1,181 @@
|
|||
/*
|
||||
* ECDH with curve-optimized implementation multiplexing
|
||||
*
|
||||
* Copyright 2016-2018 INRIA and Microsoft Corporation
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_X25519_H
|
||||
#define MBEDTLS_X25519_H
|
||||
|
||||
#include <mbedtls/ecdh.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ECP_TLS_CURVE25519 0x1d
|
||||
|
||||
/**
|
||||
* \brief The x25519 context structure.
|
||||
*/
|
||||
typedef struct mbedtls_x25519_context_ {
|
||||
unsigned char our_secret[32];
|
||||
unsigned char peer_point[32];
|
||||
} mbedtls_x25519_context;
|
||||
|
||||
/**
|
||||
* \brief This function initializes an x25519 context.
|
||||
*
|
||||
* \param ctx The x25519 context to initialize.
|
||||
*/
|
||||
void mbedtls_x25519_init( mbedtls_x25519_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function frees a context.
|
||||
*
|
||||
* \param ctx The context to free.
|
||||
*/
|
||||
void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ServerKeyExchange payload.
|
||||
*
|
||||
* This is the first function used by a TLS server for x25519.
|
||||
*
|
||||
*
|
||||
* \param ctx The x25519 context.
|
||||
* \param olen The number of characters written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ServerKeyExchange
|
||||
* payload.
|
||||
*
|
||||
*
|
||||
* \param ctx The x25519 context.
|
||||
* \param buf The pointer to the start of the input buffer.
|
||||
* \param end The address for one Byte past the end of the buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end );
|
||||
|
||||
/**
|
||||
* \brief This function sets up an x25519 context from an EC key.
|
||||
*
|
||||
* It is used by clients and servers in place of the
|
||||
* ServerKeyEchange for static ECDH, and imports ECDH
|
||||
* parameters from the EC key information of a certificate.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The x25519 context to set up.
|
||||
* \param key The EC key to use.
|
||||
* \param side Defines the source of the key: 1: Our key, or
|
||||
* 0: The key of the peer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*
|
||||
*/
|
||||
int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
int side );
|
||||
|
||||
/**
|
||||
* \brief This function derives and exports the shared secret.
|
||||
*
|
||||
* This is the last function used by both TLS client
|
||||
* and servers.
|
||||
*
|
||||
*
|
||||
* \param ctx The x25519 context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The length of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function generates a public key and a TLS
|
||||
* ClientKeyExchange payload.
|
||||
*
|
||||
* This is the second function used by a TLS client for x25519.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The x25519 context.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The destination buffer.
|
||||
* \param blen The size of the destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function parses and processes a TLS ClientKeyExchange
|
||||
* payload.
|
||||
*
|
||||
* This is the second function used by a TLS server for x25519.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The x25519 context.
|
||||
* \param buf The start of the input buffer.
|
||||
* \param blen The length of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
|
||||
const unsigned char *buf, size_t blen );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* x25519.h */
|
151
3rdparty/everest/library/everest.c
vendored
Normal file
151
3rdparty/everest/library/everest.c
vendored
Normal file
|
@ -0,0 +1,151 @@
|
|||
/*
|
||||
* Interface to code from Project Everest
|
||||
*
|
||||
* Copyright 2016-2018 INRIA and Microsoft Corporation
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org).
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "mbedtls/ecdh.h"
|
||||
|
||||
#include "everest/x25519.h"
|
||||
#include "everest/everest.h"
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
#endif
|
||||
|
||||
int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp )
|
||||
{
|
||||
if( grp != MBEDTLS_ECP_DP_CURVE25519 )
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
|
||||
ctx->grp_id = grp;
|
||||
|
||||
ctx->ctx.everest_ecdh.ctx = mbedtls_calloc( 1, sizeof( mbedtls_x25519_context ) );
|
||||
mbedtls_x25519_init( ctx->ctx.everest_ecdh.ctx );
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void mbedtls_everest_free( mbedtls_ecdh_context *ctx )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
|
||||
mbedtls_x25519_free( x25519_ctx );
|
||||
mbedtls_free( x25519_ctx );
|
||||
|
||||
ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
|
||||
ctx->grp_id = MBEDTLS_ECP_DP_NONE;
|
||||
}
|
||||
|
||||
int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t grp_len;
|
||||
mbedtls_ecp_group grp;
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST )
|
||||
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
|
||||
mbedtls_ecp_group_init( &grp );
|
||||
|
||||
if( ( ret = mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ) ) != 0 )
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
|
||||
mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 );
|
||||
ret = mbedtls_ecp_tls_write_group( &grp, &grp_len, buf, blen );
|
||||
mbedtls_ecp_group_free( &grp );
|
||||
if (ret != 0)
|
||||
return( ret );
|
||||
|
||||
buf += grp_len;
|
||||
blen -= grp_len;
|
||||
|
||||
if( blen < 32 )
|
||||
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
|
||||
|
||||
memcpy( x25519_ctx->peer_point, buf, 32 );
|
||||
*olen = grp_len + 1 + 32;
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
return mbedtls_x25519_read_params( x25519_ctx, buf, end );
|
||||
}
|
||||
|
||||
int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
int side )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
return mbedtls_x25519_get_params( x25519_ctx, key, side );
|
||||
}
|
||||
|
||||
int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng );
|
||||
}
|
||||
|
||||
int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
return mbedtls_x25519_read_public ( x25519_ctx, buf, blen );
|
||||
}
|
||||
|
||||
int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )( void *, unsigned char *, size_t ),
|
||||
void *p_rng )
|
||||
{
|
||||
mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
|
||||
mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
|
||||
if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
|
||||
return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng );
|
||||
}
|
187
3rdparty/everest/library/x25519.c
vendored
Normal file
187
3rdparty/everest/library/x25519.c
vendored
Normal file
|
@ -0,0 +1,187 @@
|
|||
/*
|
||||
* ECDH with curve-optimized implementation multiplexing
|
||||
*
|
||||
* Copyright 2016-2018 INRIA and Microsoft Corporation
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
|
||||
#include <Hacl_Curve25519.h>
|
||||
#include <mbedtls/platform_util.h>
|
||||
|
||||
#include "x25519.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
void mbedtls_x25519_init( mbedtls_x25519_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_x25519_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Free context
|
||||
*/
|
||||
void mbedtls_x25519_free( mbedtls_x25519_context *ctx )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx->our_secret, 32 );
|
||||
mbedtls_platform_zeroize( ctx->peer_point, 32 );
|
||||
}
|
||||
|
||||
int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
uint8_t base[32] = {0};
|
||||
|
||||
if( ( ret = f_rng( p_rng, ctx->our_secret, 32 ) ) != 0 )
|
||||
return ret;
|
||||
|
||||
*olen = 36;
|
||||
if( blen < *olen )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
||||
*buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
|
||||
*buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8;
|
||||
*buf++ = MBEDTLS_ECP_TLS_CURVE25519 & 0xFF;
|
||||
*buf++ = 32;
|
||||
|
||||
base[0] = 9;
|
||||
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
|
||||
|
||||
base[0] = 0;
|
||||
if( memcmp( buf, base, 32) == 0 )
|
||||
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
|
||||
const unsigned char **buf, const unsigned char *end )
|
||||
{
|
||||
if( end - *buf < 33 )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
if( ( *(*buf)++ != 32 ) )
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
|
||||
memcpy( ctx->peer_point, *buf, 32 );
|
||||
*buf += 32;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
|
||||
int side )
|
||||
{
|
||||
size_t olen = 0;
|
||||
|
||||
switch( side ) {
|
||||
case MBEDTLS_ECDH_THEIRS:
|
||||
mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 );
|
||||
/* untested; defensively throw an error for now. */
|
||||
return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE);
|
||||
case MBEDTLS_ECDH_OURS:
|
||||
mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 );
|
||||
/* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */
|
||||
/* untested; defensively throw an error for now. */
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
default:
|
||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
}
|
||||
|
||||
int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
/* CMW: Is it okay that f_rng, p_rng are not used? */
|
||||
(( void )f_rng);
|
||||
(( void )p_rng);
|
||||
|
||||
*olen = 32;
|
||||
|
||||
if( blen < *olen )
|
||||
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
|
||||
|
||||
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point);
|
||||
|
||||
/* Wipe the DH secret and don't let the peer chose a small subgroup point */
|
||||
memset( ctx->our_secret, 0, 32 );
|
||||
if( memcmp( buf, ctx->our_secret, 32) == 0 )
|
||||
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
|
||||
unsigned char *buf, size_t blen,
|
||||
int( *f_rng )(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
{
|
||||
unsigned char base[32] = { 0 };
|
||||
|
||||
/* CMW: Is it okay that f_rng, p_rng are not used? */
|
||||
(( void )f_rng);
|
||||
(( void )p_rng);
|
||||
|
||||
if( ctx == NULL )
|
||||
return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
|
||||
|
||||
*olen = 33;
|
||||
if( blen < *olen )
|
||||
return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
|
||||
*buf++ = 32;
|
||||
|
||||
base[0] = 9;
|
||||
Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base );
|
||||
|
||||
base[0] = 0;
|
||||
if( memcmp( buf, base, 32 ) == 0 )
|
||||
return MBEDTLS_ERR_ECP_RANDOM_FAILED;
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
|
||||
const unsigned char *buf, size_t blen )
|
||||
{
|
||||
if( blen < 33 )
|
||||
return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL);
|
||||
if( (*buf++ != 32) )
|
||||
return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
|
||||
memcpy( ctx->peer_point, buf, 32 );
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
#endif /* MBEDTLS_ECDH_C */
|
|
@ -2078,6 +2078,22 @@
|
|||
*/
|
||||
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
|
||||
|
||||
/*
|
||||
* \def MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
*
|
||||
* Enable the verified implementations of crypto primitives
|
||||
* from Project Everest (currently only Curve25519).
|
||||
* This feature breaks ECDH backward compatibility (see also
|
||||
* MBEDTLS_ECDH_LEGACY_CONTEXT).
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations
|
||||
|
|
|
@ -42,6 +42,11 @@
|
|||
|
||||
#include "mbedtls/ecp.h"
|
||||
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
|
||||
#include "everest/everest.h"
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -66,6 +71,9 @@ typedef enum
|
|||
{
|
||||
MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
|
||||
MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
|
||||
#endif
|
||||
} mbedtls_ecdh_variant;
|
||||
|
||||
/**
|
||||
|
@ -119,6 +127,9 @@ typedef struct mbedtls_ecdh_context
|
|||
union
|
||||
{
|
||||
mbedtls_ecdh_context_mbed mbed_ecdh;
|
||||
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
|
||||
mbedtls_ecdh_context_everest everest_ecdh;
|
||||
#endif
|
||||
} ctx; /*!< Implementation-specific context. The
|
||||
context in use is specified by the \c var
|
||||
field. */
|
||||
|
|
Loading…
Reference in a new issue