This file contains Diffie-Hellman-Merkle (DHM) key exchange definitions and functions. More...
Go to the source code of this file.
Classes | |
struct | mbedtls_dhm_context |
The DHM context structure. More... | |
Typedefs | |
typedef struct mbedtls_dhm_context | mbedtls_dhm_context |
The DHM context structure. More... | |
Functions | |
void | mbedtls_dhm_init (mbedtls_dhm_context *ctx) |
This function initializes the DHM context. More... | |
int | mbedtls_dhm_read_params (mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end) |
This function parses the DHM parameters in a TLS ServerKeyExchange handshake message (DHM modulus, generator, and public key). More... | |
int | mbedtls_dhm_make_params (mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function generates a DHM key pair and exports its public part together with the DHM parameters in the format used in a TLS ServerKeyExchange handshake message. More... | |
int | mbedtls_dhm_set_group (mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G) |
This function sets the prime modulus and generator. More... | |
int | mbedtls_dhm_read_public (mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen) |
This function imports the raw public value of the peer. More... | |
int | mbedtls_dhm_make_public (mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function creates a DHM key pair and exports the raw public key in big-endian format. More... | |
int | mbedtls_dhm_calc_secret (mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function derives and exports the shared secret (G^Y)^X mod P . More... | |
void | mbedtls_dhm_free (mbedtls_dhm_context *ctx) |
This function frees and clears the components of a DHM context. More... | |
int | mbedtls_dhm_self_test (int verbose) |
The DMH checkup routine. More... | |
This file contains Diffie-Hellman-Merkle (DHM) key exchange definitions and functions.
Diffie-Hellman-Merkle (DHM) key exchange is defined in RFC-2631: Diffie-Hellman Key Agreement Method and Public-Key Cryptography Standards (PKCS) #3: Diffie Hellman Key Agreement Standard.
RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) defines a number of standardized Diffie-Hellman groups for IKE.
RFC-5114: Additional Diffie-Hellman Groups for Use with IETF Standards defines a number of standardized Diffie-Hellman groups that can be used.
#define MBEDTLS_DHM_RFC3526_MODP_2048_G MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) |
The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC3526_MODP_2048_P |
The hexadecimal presentation of the prime underlying the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN |
#define MBEDTLS_DHM_RFC3526_MODP_3072_G MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) |
The hexadecimal presentation of the chosen generator of the 3072-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC3526_MODP_3072_P |
The hexadecimal presentation of the prime underlying the 3072-bit MODP Group, as defined in RFC-3072: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN |
#define MBEDTLS_DHM_RFC3526_MODP_4096_G MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) |
The hexadecimal presentation of the chosen generator of the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC3526_MODP_4096_P |
The hexadecimal presentation of the prime underlying the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN |
#define MBEDTLS_DHM_RFC5114_MODP_2048_G |
The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: Additional Diffie-Hellman Groups for Use with IETF Standards.
#define MBEDTLS_DHM_RFC5114_MODP_2048_P |
RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman groups, some of which are included here for use within the SSL/TLS module and the user's convenience when configuring the Diffie-Hellman parameters by hand through mbedtls_ssl_conf_dh_param
.
The following lists the source of the above groups in the standards:
The constants with suffix "_p" denote the chosen prime moduli, while the constants with suffix "_g" denote the chosen generator of the associated prime field.
The constants further suffixed with "_bin" are provided in binary format, while all other constants represent null-terminated strings holding the hexadecimal presentation of the respective numbers.
The primes from RFC 3526 and RFC 7919 have been generating by the following trust-worthy procedure:
#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN |
#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN |
#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN |
#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN |
#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 } |
#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN |
#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 |
Allocation of memory failed.
#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 |
Bad input parameters.
#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 |
Calculation of the DHM secret failed.
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 |
Read or write of file failed.
#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 |
DHM hardware accelerator failed.
#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 |
The ASN.1 data is not formatted correctly.
#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 |
Making of the DHM parameters failed.
#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 |
Making of the public value failed.
#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 |
Reading of the DHM parameters failed.
#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 |
Reading of the public values failed.
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 |
Setting the modulus and generator failed.
typedef struct mbedtls_dhm_context mbedtls_dhm_context |
The DHM context structure.
int mbedtls_dhm_calc_secret | ( | mbedtls_dhm_context * | ctx, |
unsigned char * | output, | ||
size_t | output_size, | ||
size_t * | olen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function derives and exports the shared secret (G^Y)^X mod
P
.
f_rng
is not NULL
, it is used to blind the input as a countermeasure against timing attacks. Blinding is used only if our private key X
is re-used, and not used otherwise. We recommend always passing a non-NULL f_rng
argument.ctx | The DHM context to use. This must be initialized and have its own private key generated and the peer's public key imported. |
output | The buffer to write the generated shared key to. This must be a writable buffer of size output_size Bytes. |
output_size | The size of the destination buffer. This must be at least the size of ctx->len (the size of P ). |
olen | On exit, holds the actual number of Bytes written. |
f_rng | The RNG function, for blinding purposes. This may b NULL if blinding isn't needed. |
p_rng | The RNG context. This may be NULL if f_rng doesn't need a context argument. |
0
on success. MBEDTLS_ERR_DHM_XXX
error code on failure. void mbedtls_dhm_free | ( | mbedtls_dhm_context * | ctx | ) |
This function frees and clears the components of a DHM context.
ctx | The DHM context to free and clear. This may be NULL , in which case this function is a no-op. If it is not NULL , it must point to an initialized DHM context. |
void mbedtls_dhm_init | ( | mbedtls_dhm_context * | ctx | ) |
This function initializes the DHM context.
ctx | The DHM context to initialize. |
int mbedtls_dhm_make_params | ( | mbedtls_dhm_context * | ctx, |
int | x_size, | ||
unsigned char * | output, | ||
size_t * | olen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function generates a DHM key pair and exports its public part together with the DHM parameters in the format used in a TLS ServerKeyExchange handshake message.
ctx->P
and ctx->G
have already been properly set. For that, use mbedtls_dhm_set_group() below in conjunction with mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().ctx | The DHM context to use. This must be initialized and have the DHM parameters set. It may or may not already have imported the peer's public key. |
x_size | The private key size in Bytes. |
olen | The address at which to store the number of Bytes written on success. This must not be NULL . |
output | The destination buffer. This must be a writable buffer of sufficient size to hold the reduced binary presentation of the modulus, the generator and the public key, each wrapped with a 2-byte length field. It is the responsibility of the caller to ensure that enough space is available. Refer to mbedtls_mpi_size() to computing the byte-size of an MPI. |
f_rng | The RNG function. Must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng doesn't need a context parameter. |
0
on success. MBEDTLS_ERR_DHM_XXX
error code on failure. int mbedtls_dhm_make_public | ( | mbedtls_dhm_context * | ctx, |
int | x_size, | ||
unsigned char * | output, | ||
size_t | olen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function creates a DHM key pair and exports the raw public key in big-endian format.
ctx->len
, it is padded accordingly with zero-bytes at the beginning.ctx | The DHM context to use. This must be initialized and have the DHM parameters set. It may or may not already have imported the peer's public key. |
x_size | The private key size in Bytes. |
output | The destination buffer. This must be a writable buffer of size olen Bytes. |
olen | The length of the destination buffer. This must be at least equal to ctx->len (the size of P ). |
f_rng | The RNG function. This must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng doesn't need a context argument. |
0
on success. MBEDTLS_ERR_DHM_XXX
error code on failure. int mbedtls_dhm_read_params | ( | mbedtls_dhm_context * | ctx, |
unsigned char ** | p, | ||
const unsigned char * | end | ||
) |
This function parses the DHM parameters in a TLS ServerKeyExchange handshake message (DHM modulus, generator, and public key).
ctx | The DHM context to use. This must be initialized. |
p | On input, *p must be the start of the input buffer. On output, *p is updated to point to the end of the data that has been read. On success, this is the first byte past the end of the ServerKeyExchange parameters. On error, this is the point at which an error has been detected, which is usually not useful except to debug failures. |
end | The end of the input buffer. |
0
on success. MBEDTLS_ERR_DHM_XXX
error code on failure. int mbedtls_dhm_read_public | ( | mbedtls_dhm_context * | ctx, |
const unsigned char * | input, | ||
size_t | ilen | ||
) |
This function imports the raw public value of the peer.
ctx | The DHM context to use. This must be initialized and have its DHM parameters set, e.g. via mbedtls_dhm_set_group(). It may or may not already have generated its own private key. |
input | The input buffer containing the G^Y value of the peer. This must be a readable buffer of size ilen Bytes. |
ilen | The size of the input buffer input in Bytes. |
0
on success. MBEDTLS_ERR_DHM_XXX
error code on failure. int mbedtls_dhm_self_test | ( | int | verbose | ) |
The DMH checkup routine.
0
on success. 1
on failure. int mbedtls_dhm_set_group | ( | mbedtls_dhm_context * | ctx, |
const mbedtls_mpi * | P, | ||
const mbedtls_mpi * | G | ||
) |
This function sets the prime modulus and generator.
ctx->P
, ctx->G
in preparation for mbedtls_dhm_make_params().ctx | The DHM context to configure. This must be initialized. |
P | The MPI holding the DHM prime modulus. This must be an initialized MPI. |
G | The MPI holding the DHM generator. This must be an initialized MPI. |
0
if successful. MBEDTLS_ERR_DHM_XXX
error code on failure.