1 /**
2  * \file ecdh.h
3  *
4  * \brief Elliptic curve Diffie-Hellman
5  *
6  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  *
21  *  This file is part of mbed TLS (https://tls.mbed.org)
22  */
23 #ifndef MBEDTLS_ECDH_H
24 #define MBEDTLS_ECDH_H
25 
26 #include "ecp.h"
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31 
32 /**
33  * When importing from an EC key, select if it is our key or the peer's key
34  */
35 typedef enum
36 {
37     MBEDTLS_ECDH_OURS,
38     MBEDTLS_ECDH_THEIRS,
39 } mbedtls_ecdh_side;
40 
41 /**
42  * \brief           ECDH context structure
43  */
44 typedef struct
45 {
46     mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
47     mbedtls_mpi d;              /*!<  our secret value (private key)                */
48     mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
49     mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
50     mbedtls_mpi z;              /*!<  shared secret                                 */
51     int point_format;   /*!<  format for point export in TLS messages       */
52     mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
53     mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
54     mbedtls_mpi _d;             /*!<  previous d (for later)                        */
55 }
56 mbedtls_ecdh_context;
57 
58 /**
59  * \brief           Generate a public key.
60  *                  Raw function that only does the core computation.
61  *
62  * \param grp       ECP group
63  * \param d         Destination MPI (secret exponent, aka private key)
64  * \param Q         Destination point (public key)
65  * \param f_rng     RNG function
66  * \param p_rng     RNG parameter
67  *
68  * \return          0 if successful,
69  *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
70  */
71 int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
72                      int (*f_rng)(void *, unsigned char *, size_t),
73                      void *p_rng );
74 
75 /**
76  * \brief           Compute shared secret
77  *                  Raw function that only does the core computation.
78  *
79  * \param grp       ECP group
80  * \param z         Destination MPI (shared secret)
81  * \param Q         Public key from other party
82  * \param d         Our secret exponent (private key)
83  * \param f_rng     RNG function (see notes)
84  * \param p_rng     RNG parameter
85  *
86  * \return          0 if successful,
87  *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
88  *
89  * \note            If f_rng is not NULL, it is used to implement
90  *                  countermeasures against potential elaborate timing
91  *                  attacks, see \c mbedtls_ecp_mul() for details.
92  */
93 int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
94                          const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
95                          int (*f_rng)(void *, unsigned char *, size_t),
96                          void *p_rng );
97 
98 /**
99  * \brief           Initialize context
100  *
101  * \param ctx       Context to initialize
102  */
103 void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
104 
105 /**
106  * \brief           Free context
107  *
108  * \param ctx       Context to free
109  */
110 void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
111 
112 /**
113  * \brief           Generate a public key and a TLS ServerKeyExchange payload.
114  *                  (First function used by a TLS server for ECDHE.)
115  *
116  * \param ctx       ECDH context
117  * \param olen      number of chars written
118  * \param buf       destination buffer
119  * \param blen      length of buffer
120  * \param f_rng     RNG function
121  * \param p_rng     RNG parameter
122  *
123  * \note            This function assumes that ctx->grp has already been
124  *                  properly set (for example using mbedtls_ecp_group_load).
125  *
126  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
127  */
128 int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
129                       unsigned char *buf, size_t blen,
130                       int (*f_rng)(void *, unsigned char *, size_t),
131                       void *p_rng );
132 
133 /**
134  * \brief           Parse and procress a TLS ServerKeyExhange payload.
135  *                  (First function used by a TLS client for ECDHE.)
136  *
137  * \param ctx       ECDH context
138  * \param buf       pointer to start of input buffer
139  * \param end       one past end of buffer
140  *
141  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
142  */
143 int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
144                       const unsigned char **buf, const unsigned char *end );
145 
146 /**
147  * \brief           Setup an ECDH context from an EC key.
148  *                  (Used by clients and servers in place of the
149  *                  ServerKeyEchange for static ECDH: import ECDH parameters
150  *                  from a certificate's EC key information.)
151  *
152  * \param ctx       ECDH constext to set
153  * \param key       EC key to use
154  * \param side      Is it our key (1) or the peer's key (0) ?
155  *
156  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
157  */
158 int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
159                      mbedtls_ecdh_side side );
160 
161 /**
162  * \brief           Generate a public key and a TLS ClientKeyExchange payload.
163  *                  (Second function used by a TLS client for ECDH(E).)
164  *
165  * \param ctx       ECDH context
166  * \param olen      number of bytes actually written
167  * \param buf       destination buffer
168  * \param blen      size of destination buffer
169  * \param f_rng     RNG function
170  * \param p_rng     RNG parameter
171  *
172  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
173  */
174 int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
175                       unsigned char *buf, size_t blen,
176                       int (*f_rng)(void *, unsigned char *, size_t),
177                       void *p_rng );
178 
179 /**
180  * \brief           Parse and process a TLS ClientKeyExchange payload.
181  *                  (Second function used by a TLS server for ECDH(E).)
182  *
183  * \param ctx       ECDH context
184  * \param buf       start of input buffer
185  * \param blen      length of input buffer
186  *
187  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
188  */
189 int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
190                       const unsigned char *buf, size_t blen );
191 
192 /**
193  * \brief           Derive and export the shared secret.
194  *                  (Last function used by both TLS client en servers.)
195  *
196  * \param ctx       ECDH context
197  * \param olen      number of bytes written
198  * \param buf       destination buffer
199  * \param blen      buffer length
200  * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
201  * \param p_rng     RNG parameter
202  *
203  * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
204  */
205 int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
206                       unsigned char *buf, size_t blen,
207                       int (*f_rng)(void *, unsigned char *, size_t),
208                       void *p_rng );
209 
210 #ifdef __cplusplus
211 }
212 #endif
213 
214 #endif /* ecdh.h */
215