121 void mbedtls_dhm_init( mbedtls_dhm_context *ctx )  in mbedtls_dhm_init()  argument
123     memset( ctx, 0, sizeof( mbedtls_dhm_context ) );  in mbedtls_dhm_init()
129 int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,  in mbedtls_dhm_read_params()  argument
135     if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||  in mbedtls_dhm_read_params()
136         ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||  in mbedtls_dhm_read_params()
137         ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )  in mbedtls_dhm_read_params()
140     if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )  in mbedtls_dhm_read_params()
143     ctx->len = mbedtls_mpi_size( &ctx->P );  in mbedtls_dhm_read_params()
151 int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,  in mbedtls_dhm_make_params()  argument
160     if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )  in mbedtls_dhm_make_params()
168         mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );  in mbedtls_dhm_make_params()
170         while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )  in mbedtls_dhm_make_params()
171             MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );  in mbedtls_dhm_make_params()
176     while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );  in mbedtls_dhm_make_params()
181     MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,  in mbedtls_dhm_make_params()
182                           &ctx->P , &ctx->RP ) );  in mbedtls_dhm_make_params()
184     if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )  in mbedtls_dhm_make_params()
195     n1 = mbedtls_mpi_size( &ctx->P  );  in mbedtls_dhm_make_params()
196     n2 = mbedtls_mpi_size( &ctx->G  );  in mbedtls_dhm_make_params()
197     n3 = mbedtls_mpi_size( &ctx->GX );  in mbedtls_dhm_make_params()
200     DHM_MPI_EXPORT( &ctx->P , n1 );  in mbedtls_dhm_make_params()
201     DHM_MPI_EXPORT( &ctx->G , n2 );  in mbedtls_dhm_make_params()
202     DHM_MPI_EXPORT( &ctx->GX, n3 );  in mbedtls_dhm_make_params()
206     ctx->len = n1;  in mbedtls_dhm_make_params()
219 int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,  in mbedtls_dhm_read_public()  argument
224     if( ctx == NULL || ilen < 1 || ilen > ctx->len )  in mbedtls_dhm_read_public()
227     if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )  in mbedtls_dhm_read_public()
236 int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,  in mbedtls_dhm_make_public()  argument
243     if( ctx == NULL || olen < 1 || olen > ctx->len )  in mbedtls_dhm_make_public()
246     if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )  in mbedtls_dhm_make_public()
254         mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );  in mbedtls_dhm_make_public()
256         while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )  in mbedtls_dhm_make_public()
257             MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );  in mbedtls_dhm_make_public()
262     while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );  in mbedtls_dhm_make_public()
264     MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,  in mbedtls_dhm_make_public()
265                           &ctx->P , &ctx->RP ) );  in mbedtls_dhm_make_public()
267     if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )  in mbedtls_dhm_make_public()
270     MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );  in mbedtls_dhm_make_public()
286 static int dhm_update_blinding( mbedtls_dhm_context *ctx,  in dhm_update_blinding()  argument
295     if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )  in dhm_update_blinding()
297         MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );  in dhm_update_blinding()
298         MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );  in dhm_update_blinding()
299         MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );  in dhm_update_blinding()
308     if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )  in dhm_update_blinding()
310         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );  in dhm_update_blinding()
311         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );  in dhm_update_blinding()
313         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );  in dhm_update_blinding()
314         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );  in dhm_update_blinding()
327         mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng );  in dhm_update_blinding()
329         while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )  in dhm_update_blinding()
330             MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );  in dhm_update_blinding()
335     while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );  in dhm_update_blinding()
338     MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );  in dhm_update_blinding()
339     MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );  in dhm_update_blinding()
348 int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,  in mbedtls_dhm_calc_secret()  argument
356     if( ctx == NULL || output_size < ctx->len )  in mbedtls_dhm_calc_secret()
359     if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )  in mbedtls_dhm_calc_secret()
367         MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );  in mbedtls_dhm_calc_secret()
368         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );  in mbedtls_dhm_calc_secret()
369         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );  in mbedtls_dhm_calc_secret()
372         MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );  in mbedtls_dhm_calc_secret()
375     MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,  in mbedtls_dhm_calc_secret()
376                           &ctx->P, &ctx->RP ) );  in mbedtls_dhm_calc_secret()
381         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );  in mbedtls_dhm_calc_secret()
382         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );  in mbedtls_dhm_calc_secret()
385     *olen = mbedtls_mpi_size( &ctx->K );  in mbedtls_dhm_calc_secret()
387     MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );  in mbedtls_dhm_calc_secret()
401 void mbedtls_dhm_free( mbedtls_dhm_context *ctx )  in mbedtls_dhm_free()  argument
403     mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi );  in mbedtls_dhm_free()
404     mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );  in mbedtls_dhm_free()
405     mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G );  in mbedtls_dhm_free()
406     mbedtls_mpi_free( &ctx->P );  in mbedtls_dhm_free()
408     mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );  in mbedtls_dhm_free()