1 /*
2  *  Interface to code from Project Everest
3  *
4  *  Copyright 2016-2018 INRIA and Microsoft Corporation
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of Mbed TLS (https://tls.mbed.org).
20  */
21 
22 #ifndef MBEDTLS_EVEREST_H
23 #define MBEDTLS_EVEREST_H
24 
25 #include "everest/x25519.h"
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 /**
32  * Defines the source of the imported EC key.
33  */
34 typedef enum
35 {
36     MBEDTLS_EVEREST_ECDH_OURS,   /**< Our key. */
37     MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */
38 } mbedtls_everest_ecdh_side;
39 
40 typedef struct {
41     mbedtls_x25519_context ctx;
42 } mbedtls_ecdh_context_everest;
43 
44 
45 /**
46  * \brief           This function sets up the ECDH context with the information
47  *                  given.
48  *
49  *                  This function should be called after mbedtls_ecdh_init() but
50  *                  before mbedtls_ecdh_make_params(). There is no need to call
51  *                  this function before mbedtls_ecdh_read_params().
52  *
53  *                  This is the first function used by a TLS server for ECDHE
54  *                  ciphersuites.
55  *
56  * \param ctx       The ECDH context to set up.
57  * \param grp_id    The group id of the group to set up the context for.
58  *
59  * \return          \c 0 on success.
60  */
61 int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id );
62 
63 /**
64  * \brief           This function frees a context.
65  *
66  * \param ctx       The context to free.
67  */
68 void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
69 
70 /**
71  * \brief           This function generates a public key and a TLS
72  *                  ServerKeyExchange payload.
73  *
74  *                  This is the second function used by a TLS server for ECDHE
75  *                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
76  *
77  * \note            This function assumes that the ECP group (grp) of the
78  *                  \p ctx context has already been properly set,
79  *                  for example, using mbedtls_ecp_group_load().
80  *
81  * \see             ecp.h
82  *
83  * \param ctx       The ECDH context.
84  * \param olen      The number of characters written.
85  * \param buf       The destination buffer.
86  * \param blen      The length of the destination buffer.
87  * \param f_rng     The RNG function.
88  * \param p_rng     The RNG context.
89  *
90  * \return          \c 0 on success.
91  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
92  */
93 int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
94                                  unsigned char *buf, size_t blen,
95                                  int( *f_rng )( void *, unsigned char *, size_t ),
96                                  void *p_rng );
97 
98 /**
99  * \brief           This function parses and processes a TLS ServerKeyExhange
100  *                  payload.
101  *
102  *                  This is the first function used by a TLS client for ECDHE
103  *                  ciphersuites.
104  *
105  * \see             ecp.h
106  *
107  * \param ctx       The ECDH context.
108  * \param buf       The pointer to the start of the input buffer.
109  * \param end       The address for one Byte past the end of the buffer.
110  *
111  * \return          \c 0 on success.
112  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
113  *
114  */
115 int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
116                                  const unsigned char **buf, const unsigned char *end );
117 
118 /**
119  * \brief           This function parses and processes a TLS ServerKeyExhange
120  *                  payload.
121  *
122  *                  This is the first function used by a TLS client for ECDHE
123  *                  ciphersuites.
124  *
125  * \see             ecp.h
126  *
127  * \param ctx       The ECDH context.
128  * \param buf       The pointer to the start of the input buffer.
129  * \param end       The address for one Byte past the end of the buffer.
130  *
131  * \return          \c 0 on success.
132  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
133  *
134  */
135 int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
136                                  const unsigned char **buf, const unsigned char *end );
137 
138 /**
139  * \brief           This function sets up an ECDH context from an EC key.
140  *
141  *                  It is used by clients and servers in place of the
142  *                  ServerKeyEchange for static ECDH, and imports ECDH
143  *                  parameters from the EC key information of a certificate.
144  *
145  * \see             ecp.h
146  *
147  * \param ctx       The ECDH context to set up.
148  * \param key       The EC key to use.
149  * \param side      Defines the source of the key: 1: Our key, or
150  *                  0: The key of the peer.
151  *
152  * \return          \c 0 on success.
153  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
154  *
155  */
156 int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key,
157                                 mbedtls_everest_ecdh_side side );
158 
159 /**
160  * \brief           This function generates a public key and a TLS
161  *                  ClientKeyExchange payload.
162  *
163  *                  This is the second function used by a TLS client for ECDH(E)
164  *                  ciphersuites.
165  *
166  * \see             ecp.h
167  *
168  * \param ctx       The ECDH context.
169  * \param olen      The number of Bytes written.
170  * \param buf       The destination buffer.
171  * \param blen      The size of the destination buffer.
172  * \param f_rng     The RNG function.
173  * \param p_rng     The RNG context.
174  *
175  * \return          \c 0 on success.
176  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
177  */
178 int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
179                                  unsigned char *buf, size_t blen,
180                                  int( *f_rng )( void *, unsigned char *, size_t ),
181                                  void *p_rng );
182 
183 /**
184  * \brief       This function parses and processes a TLS ClientKeyExchange
185  *              payload.
186  *
187  *              This is the third function used by a TLS server for ECDH(E)
188  *              ciphersuites. (It is called after mbedtls_ecdh_setup() and
189  *              mbedtls_ecdh_make_params().)
190  *
191  * \see         ecp.h
192  *
193  * \param ctx   The ECDH context.
194  * \param buf   The start of the input buffer.
195  * \param blen  The length of the input buffer.
196  *
197  * \return      \c 0 on success.
198  * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
199  */
200 int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
201                                  const unsigned char *buf, size_t blen );
202 
203 /**
204  * \brief           This function derives and exports the shared secret.
205  *
206  *                  This is the last function used by both TLS client
207  *                  and servers.
208  *
209  * \note            If \p f_rng is not NULL, it is used to implement
210  *                  countermeasures against side-channel attacks.
211  *                  For more information, see mbedtls_ecp_mul().
212  *
213  * \see             ecp.h
214  *
215  * \param ctx       The ECDH context.
216  * \param olen      The number of Bytes written.
217  * \param buf       The destination buffer.
218  * \param blen      The length of the destination buffer.
219  * \param f_rng     The RNG function.
220  * \param p_rng     The RNG context.
221  *
222  * \return          \c 0 on success.
223  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
224  */
225 int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
226                                  unsigned char *buf, size_t blen,
227                                  int( *f_rng )( void *, unsigned char *, size_t ),
228                                  void *p_rng );
229 
230 #ifdef __cplusplus
231 }
232 #endif
233 
234 #endif /* MBEDTLS_EVEREST_H */
235