1*c6672fdcSEdison Ai /* SPDX-License-Identifier: Apache-2.0 */ 2817466cbSJens Wiklander /** 3817466cbSJens Wiklander * \file ecdh.h 4817466cbSJens Wiklander * 5817466cbSJens Wiklander * \brief Elliptic curve Diffie-Hellman 6817466cbSJens Wiklander * 7817466cbSJens Wiklander * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8817466cbSJens Wiklander * 9817466cbSJens Wiklander * Licensed under the Apache License, Version 2.0 (the "License"); you may 10817466cbSJens Wiklander * not use this file except in compliance with the License. 11817466cbSJens Wiklander * You may obtain a copy of the License at 12817466cbSJens Wiklander * 13817466cbSJens Wiklander * http://www.apache.org/licenses/LICENSE-2.0 14817466cbSJens Wiklander * 15817466cbSJens Wiklander * Unless required by applicable law or agreed to in writing, software 16817466cbSJens Wiklander * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17817466cbSJens Wiklander * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18817466cbSJens Wiklander * See the License for the specific language governing permissions and 19817466cbSJens Wiklander * limitations under the License. 20817466cbSJens Wiklander * 21817466cbSJens Wiklander * This file is part of mbed TLS (https://tls.mbed.org) 22817466cbSJens Wiklander */ 23817466cbSJens Wiklander #ifndef MBEDTLS_ECDH_H 24817466cbSJens Wiklander #define MBEDTLS_ECDH_H 25817466cbSJens Wiklander 26817466cbSJens Wiklander #include "ecp.h" 27817466cbSJens Wiklander 28817466cbSJens Wiklander #ifdef __cplusplus 29817466cbSJens Wiklander extern "C" { 30817466cbSJens Wiklander #endif 31817466cbSJens Wiklander 32817466cbSJens Wiklander /** 33817466cbSJens Wiklander * When importing from an EC key, select if it is our key or the peer's key 34817466cbSJens Wiklander */ 35817466cbSJens Wiklander typedef enum 36817466cbSJens Wiklander { 37817466cbSJens Wiklander MBEDTLS_ECDH_OURS, 38817466cbSJens Wiklander MBEDTLS_ECDH_THEIRS, 39817466cbSJens Wiklander } mbedtls_ecdh_side; 40817466cbSJens Wiklander 41817466cbSJens Wiklander /** 42817466cbSJens Wiklander * \brief ECDH context structure 43817466cbSJens Wiklander */ 44817466cbSJens Wiklander typedef struct 45817466cbSJens Wiklander { 46817466cbSJens Wiklander mbedtls_ecp_group grp; /*!< elliptic curve used */ 47817466cbSJens Wiklander mbedtls_mpi d; /*!< our secret value (private key) */ 48817466cbSJens Wiklander mbedtls_ecp_point Q; /*!< our public value (public key) */ 49817466cbSJens Wiklander mbedtls_ecp_point Qp; /*!< peer's public value (public key) */ 50817466cbSJens Wiklander mbedtls_mpi z; /*!< shared secret */ 51817466cbSJens Wiklander int point_format; /*!< format for point export in TLS messages */ 52817466cbSJens Wiklander mbedtls_ecp_point Vi; /*!< blinding value (for later) */ 53817466cbSJens Wiklander mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */ 54817466cbSJens Wiklander mbedtls_mpi _d; /*!< previous d (for later) */ 55817466cbSJens Wiklander } 56817466cbSJens Wiklander mbedtls_ecdh_context; 57817466cbSJens Wiklander 58817466cbSJens Wiklander /** 59817466cbSJens Wiklander * \brief Generate a public key. 60817466cbSJens Wiklander * Raw function that only does the core computation. 61817466cbSJens Wiklander * 62817466cbSJens Wiklander * \param grp ECP group 63817466cbSJens Wiklander * \param d Destination MPI (secret exponent, aka private key) 64817466cbSJens Wiklander * \param Q Destination point (public key) 65817466cbSJens Wiklander * \param f_rng RNG function 66817466cbSJens Wiklander * \param p_rng RNG parameter 67817466cbSJens Wiklander * 68817466cbSJens Wiklander * \return 0 if successful, 69817466cbSJens Wiklander * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 70817466cbSJens Wiklander */ 71817466cbSJens Wiklander int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, 72817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), 73817466cbSJens Wiklander void *p_rng ); 74817466cbSJens Wiklander 75817466cbSJens Wiklander /** 76817466cbSJens Wiklander * \brief Compute shared secret 77817466cbSJens Wiklander * Raw function that only does the core computation. 78817466cbSJens Wiklander * 79817466cbSJens Wiklander * \param grp ECP group 80817466cbSJens Wiklander * \param z Destination MPI (shared secret) 81817466cbSJens Wiklander * \param Q Public key from other party 82817466cbSJens Wiklander * \param d Our secret exponent (private key) 83817466cbSJens Wiklander * \param f_rng RNG function (see notes) 84817466cbSJens Wiklander * \param p_rng RNG parameter 85817466cbSJens Wiklander * 86817466cbSJens Wiklander * \return 0 if successful, 87817466cbSJens Wiklander * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 88817466cbSJens Wiklander * 89817466cbSJens Wiklander * \note If f_rng is not NULL, it is used to implement 90817466cbSJens Wiklander * countermeasures against potential elaborate timing 91817466cbSJens Wiklander * attacks, see \c mbedtls_ecp_mul() for details. 92817466cbSJens Wiklander */ 93817466cbSJens Wiklander int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, 94817466cbSJens Wiklander const mbedtls_ecp_point *Q, const mbedtls_mpi *d, 95817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), 96817466cbSJens Wiklander void *p_rng ); 97817466cbSJens Wiklander 98817466cbSJens Wiklander /** 99817466cbSJens Wiklander * \brief Initialize context 100817466cbSJens Wiklander * 101817466cbSJens Wiklander * \param ctx Context to initialize 102817466cbSJens Wiklander */ 103817466cbSJens Wiklander void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); 104817466cbSJens Wiklander 105817466cbSJens Wiklander /** 106817466cbSJens Wiklander * \brief Free context 107817466cbSJens Wiklander * 108817466cbSJens Wiklander * \param ctx Context to free 109817466cbSJens Wiklander */ 110817466cbSJens Wiklander void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); 111817466cbSJens Wiklander 112817466cbSJens Wiklander /** 113817466cbSJens Wiklander * \brief Generate a public key and a TLS ServerKeyExchange payload. 114817466cbSJens Wiklander * (First function used by a TLS server for ECDHE.) 115817466cbSJens Wiklander * 116817466cbSJens Wiklander * \param ctx ECDH context 117817466cbSJens Wiklander * \param olen number of chars written 118817466cbSJens Wiklander * \param buf destination buffer 119817466cbSJens Wiklander * \param blen length of buffer 120817466cbSJens Wiklander * \param f_rng RNG function 121817466cbSJens Wiklander * \param p_rng RNG parameter 122817466cbSJens Wiklander * 123817466cbSJens Wiklander * \note This function assumes that ctx->grp has already been 124817466cbSJens Wiklander * properly set (for example using mbedtls_ecp_group_load). 125817466cbSJens Wiklander * 126817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 127817466cbSJens Wiklander */ 128817466cbSJens Wiklander int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, 129817466cbSJens Wiklander unsigned char *buf, size_t blen, 130817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), 131817466cbSJens Wiklander void *p_rng ); 132817466cbSJens Wiklander 133817466cbSJens Wiklander /** 134817466cbSJens Wiklander * \brief Parse and procress a TLS ServerKeyExhange payload. 135817466cbSJens Wiklander * (First function used by a TLS client for ECDHE.) 136817466cbSJens Wiklander * 137817466cbSJens Wiklander * \param ctx ECDH context 138817466cbSJens Wiklander * \param buf pointer to start of input buffer 139817466cbSJens Wiklander * \param end one past end of buffer 140817466cbSJens Wiklander * 141817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 142817466cbSJens Wiklander */ 143817466cbSJens Wiklander int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, 144817466cbSJens Wiklander const unsigned char **buf, const unsigned char *end ); 145817466cbSJens Wiklander 146817466cbSJens Wiklander /** 147817466cbSJens Wiklander * \brief Setup an ECDH context from an EC key. 148817466cbSJens Wiklander * (Used by clients and servers in place of the 149817466cbSJens Wiklander * ServerKeyEchange for static ECDH: import ECDH parameters 150817466cbSJens Wiklander * from a certificate's EC key information.) 151817466cbSJens Wiklander * 152817466cbSJens Wiklander * \param ctx ECDH constext to set 153817466cbSJens Wiklander * \param key EC key to use 154817466cbSJens Wiklander * \param side Is it our key (1) or the peer's key (0) ? 155817466cbSJens Wiklander * 156817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 157817466cbSJens Wiklander */ 158817466cbSJens Wiklander int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, 159817466cbSJens Wiklander mbedtls_ecdh_side side ); 160817466cbSJens Wiklander 161817466cbSJens Wiklander /** 162817466cbSJens Wiklander * \brief Generate a public key and a TLS ClientKeyExchange payload. 163817466cbSJens Wiklander * (Second function used by a TLS client for ECDH(E).) 164817466cbSJens Wiklander * 165817466cbSJens Wiklander * \param ctx ECDH context 166817466cbSJens Wiklander * \param olen number of bytes actually written 167817466cbSJens Wiklander * \param buf destination buffer 168817466cbSJens Wiklander * \param blen size of destination buffer 169817466cbSJens Wiklander * \param f_rng RNG function 170817466cbSJens Wiklander * \param p_rng RNG parameter 171817466cbSJens Wiklander * 172817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 173817466cbSJens Wiklander */ 174817466cbSJens Wiklander int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, 175817466cbSJens Wiklander unsigned char *buf, size_t blen, 176817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), 177817466cbSJens Wiklander void *p_rng ); 178817466cbSJens Wiklander 179817466cbSJens Wiklander /** 180817466cbSJens Wiklander * \brief Parse and process a TLS ClientKeyExchange payload. 181817466cbSJens Wiklander * (Second function used by a TLS server for ECDH(E).) 182817466cbSJens Wiklander * 183817466cbSJens Wiklander * \param ctx ECDH context 184817466cbSJens Wiklander * \param buf start of input buffer 185817466cbSJens Wiklander * \param blen length of input buffer 186817466cbSJens Wiklander * 187817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 188817466cbSJens Wiklander */ 189817466cbSJens Wiklander int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, 190817466cbSJens Wiklander const unsigned char *buf, size_t blen ); 191817466cbSJens Wiklander 192817466cbSJens Wiklander /** 193817466cbSJens Wiklander * \brief Derive and export the shared secret. 194817466cbSJens Wiklander * (Last function used by both TLS client en servers.) 195817466cbSJens Wiklander * 196817466cbSJens Wiklander * \param ctx ECDH context 197817466cbSJens Wiklander * \param olen number of bytes written 198817466cbSJens Wiklander * \param buf destination buffer 199817466cbSJens Wiklander * \param blen buffer length 200817466cbSJens Wiklander * \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared() 201817466cbSJens Wiklander * \param p_rng RNG parameter 202817466cbSJens Wiklander * 203817466cbSJens Wiklander * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code 204817466cbSJens Wiklander */ 205817466cbSJens Wiklander int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, 206817466cbSJens Wiklander unsigned char *buf, size_t blen, 207817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), 208817466cbSJens Wiklander void *p_rng ); 209817466cbSJens Wiklander 210817466cbSJens Wiklander #ifdef __cplusplus 211817466cbSJens Wiklander } 212817466cbSJens Wiklander #endif 213817466cbSJens Wiklander 214817466cbSJens Wiklander #endif /* ecdh.h */ 215