1 /*
2  *  ECDH with curve-optimized implementation multiplexing
3  *
4  *  Copyright 2016-2018 INRIA and Microsoft Corporation
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of Mbed TLS (https://tls.mbed.org)
20  */
21 
22 #ifndef MBEDTLS_X25519_H
23 #define MBEDTLS_X25519_H
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif
28 
29 #define MBEDTLS_ECP_TLS_CURVE25519 0x1d
30 #define MBEDTLS_X25519_KEY_SIZE_BYTES 32
31 
32 /**
33  * Defines the source of the imported EC key.
34  */
35 typedef enum
36 {
37     MBEDTLS_X25519_ECDH_OURS,   /**< Our key. */
38     MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */
39 } mbedtls_x25519_ecdh_side;
40 
41 /**
42  * \brief           The x25519 context structure.
43  */
44 typedef struct
45 {
46   unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES];
47   unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES];
48 } mbedtls_x25519_context;
49 
50 /**
51  * \brief           This function initializes an x25519 context.
52  *
53  * \param ctx       The x25519 context to initialize.
54  */
55 void mbedtls_x25519_init( mbedtls_x25519_context *ctx );
56 
57 /**
58  * \brief           This function frees a context.
59  *
60  * \param ctx       The context to free.
61  */
62 void mbedtls_x25519_free( mbedtls_x25519_context *ctx );
63 
64 /**
65  * \brief           This function generates a public key and a TLS
66  *                  ServerKeyExchange payload.
67  *
68  *                  This is the first function used by a TLS server for x25519.
69  *
70  *
71  * \param ctx       The x25519 context.
72  * \param olen      The number of characters written.
73  * \param buf       The destination buffer.
74  * \param blen      The length of the destination buffer.
75  * \param f_rng     The RNG function.
76  * \param p_rng     The RNG context.
77  *
78  * \return          \c 0 on success.
79  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
80  */
81 int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen,
82                         unsigned char *buf, size_t blen,
83                         int( *f_rng )(void *, unsigned char *, size_t),
84                         void *p_rng );
85 
86 /**
87  * \brief           This function parses and processes a TLS ServerKeyExchange
88  *                  payload.
89  *
90  *
91  * \param ctx       The x25519 context.
92  * \param buf       The pointer to the start of the input buffer.
93  * \param end       The address for one Byte past the end of the buffer.
94  *
95  * \return          \c 0 on success.
96  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
97  *
98  */
99 int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx,
100                         const unsigned char **buf, const unsigned char *end );
101 
102 /**
103  * \brief           This function sets up an x25519 context from an EC key.
104  *
105  *                  It is used by clients and servers in place of the
106  *                  ServerKeyEchange for static ECDH, and imports ECDH
107  *                  parameters from the EC key information of a certificate.
108  *
109  * \see             ecp.h
110  *
111  * \param ctx       The x25519 context to set up.
112  * \param key       The EC key to use.
113  * \param side      Defines the source of the key: 1: Our key, or
114  *                  0: The key of the peer.
115  *
116  * \return          \c 0 on success.
117  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
118  *
119  */
120 int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
121                                mbedtls_x25519_ecdh_side side );
122 
123 /**
124  * \brief           This function derives and exports the shared secret.
125  *
126  *                  This is the last function used by both TLS client
127  *                  and servers.
128  *
129  *
130  * \param ctx       The x25519 context.
131  * \param olen      The number of Bytes written.
132  * \param buf       The destination buffer.
133  * \param blen      The length of the destination buffer.
134  * \param f_rng     The RNG function.
135  * \param p_rng     The RNG context.
136  *
137  * \return          \c 0 on success.
138  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
139  */
140 int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen,
141                         unsigned char *buf, size_t blen,
142                         int( *f_rng )(void *, unsigned char *, size_t),
143                         void *p_rng );
144 
145 /**
146  * \brief           This function generates a public key and a TLS
147  *                  ClientKeyExchange payload.
148  *
149  *                  This is the second function used by a TLS client for x25519.
150  *
151  * \see             ecp.h
152  *
153  * \param ctx       The x25519 context.
154  * \param olen      The number of Bytes written.
155  * \param buf       The destination buffer.
156  * \param blen      The size of the destination buffer.
157  * \param f_rng     The RNG function.
158  * \param p_rng     The RNG context.
159  *
160  * \return          \c 0 on success.
161  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
162  */
163 int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen,
164                         unsigned char *buf, size_t blen,
165                         int( *f_rng )(void *, unsigned char *, size_t),
166                         void *p_rng );
167 
168 /**
169  * \brief       This function parses and processes a TLS ClientKeyExchange
170  *              payload.
171  *
172  *              This is the second function used by a TLS server for x25519.
173  *
174  * \see         ecp.h
175  *
176  * \param ctx   The x25519 context.
177  * \param buf   The start of the input buffer.
178  * \param blen  The length of the input buffer.
179  *
180  * \return      \c 0 on success.
181  * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
182  */
183 int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx,
184                         const unsigned char *buf, size_t blen );
185 
186 #ifdef __cplusplus
187 }
188 #endif
189 
190 #endif /* x25519.h */
191