47 #define ID_MINE     ( ecjpake_id[ ctx->role ] )
48 #define ID_PEER     ( ecjpake_id[ 1 - ctx->role ] )
53 void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )  in mbedtls_ecjpake_init()  argument
55     if( ctx == NULL )  in mbedtls_ecjpake_init()
58     ctx->md_info = NULL;  in mbedtls_ecjpake_init()
59     mbedtls_ecp_group_init( &ctx->grp );  in mbedtls_ecjpake_init()
60     ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;  in mbedtls_ecjpake_init()
62     mbedtls_ecp_point_init( &ctx->Xm1 );  in mbedtls_ecjpake_init()
63     mbedtls_ecp_point_init( &ctx->Xm2 );  in mbedtls_ecjpake_init()
64     mbedtls_ecp_point_init( &ctx->Xp1 );  in mbedtls_ecjpake_init()
65     mbedtls_ecp_point_init( &ctx->Xp2 );  in mbedtls_ecjpake_init()
66     mbedtls_ecp_point_init( &ctx->Xp  );  in mbedtls_ecjpake_init()
68     mbedtls_mpi_init( &ctx->xm1 );  in mbedtls_ecjpake_init()
69     mbedtls_mpi_init( &ctx->xm2 );  in mbedtls_ecjpake_init()
70     mbedtls_mpi_init( &ctx->s   );  in mbedtls_ecjpake_init()
76 void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )  in mbedtls_ecjpake_free()  argument
78     if( ctx == NULL )  in mbedtls_ecjpake_free()
81     ctx->md_info = NULL;  in mbedtls_ecjpake_free()
82     mbedtls_ecp_group_free( &ctx->grp );  in mbedtls_ecjpake_free()
84     mbedtls_ecp_point_free( &ctx->Xm1 );  in mbedtls_ecjpake_free()
85     mbedtls_ecp_point_free( &ctx->Xm2 );  in mbedtls_ecjpake_free()
86     mbedtls_ecp_point_free( &ctx->Xp1 );  in mbedtls_ecjpake_free()
87     mbedtls_ecp_point_free( &ctx->Xp2 );  in mbedtls_ecjpake_free()
88     mbedtls_ecp_point_free( &ctx->Xp  );  in mbedtls_ecjpake_free()
90     mbedtls_mpi_free( &ctx->xm1 );  in mbedtls_ecjpake_free()
91     mbedtls_mpi_free( &ctx->xm2 );  in mbedtls_ecjpake_free()
92     mbedtls_mpi_free( &ctx->s   );  in mbedtls_ecjpake_free()
98 int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_setup()  argument
107     ctx->role = role;  in mbedtls_ecjpake_setup()
109     if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )  in mbedtls_ecjpake_setup()
112     MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );  in mbedtls_ecjpake_setup()
114     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );  in mbedtls_ecjpake_setup()
118         mbedtls_ecjpake_free( ctx );  in mbedtls_ecjpake_setup()
126 int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )  in mbedtls_ecjpake_check()  argument
128     if( ctx->md_info == NULL ||  in mbedtls_ecjpake_check()
129         ctx->grp.id == MBEDTLS_ECP_DP_NONE ||  in mbedtls_ecjpake_check()
130         ctx->s.p == NULL )  in mbedtls_ecjpake_check()
501 int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_read_round_one()  argument
505     return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,  in mbedtls_ecjpake_read_round_one()
506                                &ctx->grp.G,  in mbedtls_ecjpake_read_round_one()
507                                &ctx->Xp1, &ctx->Xp2, ID_PEER,  in mbedtls_ecjpake_read_round_one()
514 int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_write_round_one()  argument
519     return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,  in mbedtls_ecjpake_write_round_one()
520                                 &ctx->grp.G,  in mbedtls_ecjpake_write_round_one()
521                                 &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,  in mbedtls_ecjpake_write_round_one()
551 int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_read_round_two()  argument
570     MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,  in mbedtls_ecjpake_read_round_two()
571                                        &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );  in mbedtls_ecjpake_read_round_two()
579     if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )  in mbedtls_ecjpake_read_round_two()
582         if( grp.id != ctx->grp.id )  in mbedtls_ecjpake_read_round_two()
589     MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,  in mbedtls_ecjpake_read_round_two()
590                             ctx->point_format,  in mbedtls_ecjpake_read_round_two()
591                             &G, &ctx->Xp, ID_PEER, &p, end ) );  in mbedtls_ecjpake_read_round_two()
640 int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_write_round_two()  argument
664     MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,  in mbedtls_ecjpake_write_round_two()
665                                        &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );  in mbedtls_ecjpake_write_round_two()
666     MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,  in mbedtls_ecjpake_write_round_two()
667                                          &ctx->grp.N, f_rng, p_rng ) );  in mbedtls_ecjpake_write_round_two()
668     MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );  in mbedtls_ecjpake_write_round_two()
678     if( ctx->role == MBEDTLS_ECJPAKE_SERVER )  in mbedtls_ecjpake_write_round_two()
685         MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,  in mbedtls_ecjpake_write_round_two()
695     MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,  in mbedtls_ecjpake_write_round_two()
696                      ctx->point_format, &ec_len, p, end - p ) );  in mbedtls_ecjpake_write_round_two()
699     MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,  in mbedtls_ecjpake_write_round_two()
700                                         ctx->point_format,  in mbedtls_ecjpake_write_round_two()
717 int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,  in mbedtls_ecjpake_derive_secret()  argument
728     *olen = mbedtls_md_get_size( ctx->md_info );  in mbedtls_ecjpake_derive_secret()
743     MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,  in mbedtls_ecjpake_derive_secret()
744                                          &ctx->grp.N, f_rng, p_rng ) );  in mbedtls_ecjpake_derive_secret()
745     MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,  in mbedtls_ecjpake_derive_secret()
746                                          &one, &ctx->Xp,  in mbedtls_ecjpake_derive_secret()
747                                          &m_xm2_s, &ctx->Xp2 ) );  in mbedtls_ecjpake_derive_secret()
748     MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,  in mbedtls_ecjpake_derive_secret()
752     x_bytes = ( ctx->grp.pbits + 7 ) / 8;  in mbedtls_ecjpake_derive_secret()
754     MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );  in mbedtls_ecjpake_derive_secret()
918 static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,  in ecjpake_test_load()  argument
924     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );  in ecjpake_test_load()
925     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );  in ecjpake_test_load()
926     MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,  in ecjpake_test_load()
927                                       &ctx->grp.G, NULL, NULL ) );  in ecjpake_test_load()
928     MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,  in ecjpake_test_load()
929                                       &ctx->grp.G, NULL, NULL ) );  in ecjpake_test_load()