This file contains ECDH definitions and functions. More...
#include "ecp.h"
Go to the source code of this file.
Classes | |
struct | mbedtls_ecdh_context |
The ECDH context structure. More... | |
Macros | |
#define | MBEDTLS_ECDH_LEGACY_CONTEXT |
Typedefs | |
typedef struct mbedtls_ecdh_context | mbedtls_ecdh_context |
The ECDH context structure. More... | |
Enumerations | |
enum | mbedtls_ecdh_side { MBEDTLS_ECDH_OURS, MBEDTLS_ECDH_THEIRS } |
Functions | |
int | mbedtls_ecdh_gen_public (mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function generates an ECDH keypair on an elliptic curve. More... | |
int | mbedtls_ecdh_compute_shared (mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function computes the shared secret. More... | |
void | mbedtls_ecdh_init (mbedtls_ecdh_context *ctx) |
This function initializes an ECDH context. More... | |
int | mbedtls_ecdh_setup (mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id) |
This function sets up the ECDH context with the information given. More... | |
void | mbedtls_ecdh_free (mbedtls_ecdh_context *ctx) |
This function frees a context. More... | |
int | mbedtls_ecdh_make_params (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function generates an EC key pair and exports its in the format used in a TLS ServerKeyExchange handshake message. More... | |
int | mbedtls_ecdh_read_params (mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end) |
This function parses the ECDHE parameters in a TLS ServerKeyExchange handshake message. More... | |
int | mbedtls_ecdh_get_params (mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side) |
This function sets up an ECDH context from an EC key. More... | |
int | mbedtls_ecdh_make_public (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function generates a public key and exports it as a TLS ClientKeyExchange payload. More... | |
int | mbedtls_ecdh_read_public (mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen) |
This function parses and processes the ECDHE payload of a TLS ClientKeyExchange message. More... | |
int | mbedtls_ecdh_calc_secret (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
This function derives and exports the shared secret. More... | |
This file contains ECDH definitions and functions.
The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous key agreement protocol allowing two parties to establish a shared secret over an insecure channel. Each party must have an elliptic-curve public–private key pair.
For more information, see NIST SP 800-56A Rev. 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography.
#define MBEDTLS_ECDH_LEGACY_CONTEXT |
typedef struct mbedtls_ecdh_context mbedtls_ecdh_context |
The ECDH context structure.
enum mbedtls_ecdh_side |
int mbedtls_ecdh_calc_secret | ( | mbedtls_ecdh_context * | ctx, |
size_t * | olen, | ||
unsigned char * | buf, | ||
size_t | blen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function derives and exports the shared secret.
This is the last function used by both TLS client and servers.
f_rng
is not NULL, it is used to implement countermeasures against side-channel attacks. For more information, see mbedtls_ecp_mul().ctx | The ECDH context to use. This must be initialized and have its own private key generated and the peer's public key imported. |
olen | The address at which to store the total number of Bytes written on success. This must not be NULL . |
buf | The buffer to write the generated shared key to. This must be a writable buffer of size blen Bytes. |
blen | The length of the destination buffer buf in Bytes. |
f_rng | The RNG function, for blinding purposes. This may b NULL if blinding isn't needed. |
p_rng | The RNG context. This may be NULL if f_rng doesn't need a context argument. |
0
on success. mbedtls_ecp_set_max_ops()
. MBEDTLS_ERR_ECP_XXX
error code on failure. int mbedtls_ecdh_compute_shared | ( | mbedtls_ecp_group * | grp, |
mbedtls_mpi * | z, | ||
const mbedtls_ecp_point * | Q, | ||
const mbedtls_mpi * | d, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function computes the shared secret.
This function performs the second of two core computations implemented during the ECDH key exchange. The first core computation is performed by mbedtls_ecdh_gen_public().
f_rng
is not NULL, it is used to implement countermeasures against side-channel attacks. For more information, see mbedtls_ecp_mul().grp | The ECP group to use. This must be initialized and have domain parameters loaded, for example through mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). |
z | The destination MPI (shared secret). This must be initialized. |
Q | The public key from another party. This must be initialized. |
d | Our secret exponent (private key). This must be initialized. |
f_rng | The RNG function. This may be NULL if randomization of intermediate results during the ECP computations is not needed (discouraged). See the documentation of mbedtls_ecp_mul() for more. |
p_rng | The RNG context to be passed to f_rng . This may be NULL if f_rng is NULL or doesn't need a context argument. |
0
on success. MBEDTLS_ERR_ECP_XXX
or MBEDTLS_MPI_XXX
error code on failure. void mbedtls_ecdh_free | ( | mbedtls_ecdh_context * | ctx | ) |
This function frees a context.
ctx | The context to free. This may be NULL , in which case this function does nothing. If it is not NULL , it must point to an initialized ECDH context. |
int mbedtls_ecdh_gen_public | ( | mbedtls_ecp_group * | grp, |
mbedtls_mpi * | d, | ||
mbedtls_ecp_point * | Q, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function generates an ECDH keypair on an elliptic curve.
This function performs the first of two core computations implemented during the ECDH key exchange. The second core computation is performed by mbedtls_ecdh_compute_shared().
grp | The ECP group to use. This must be initialized and have domain parameters loaded, for example through mbedtls_ecp_load() or mbedtls_ecp_tls_read_group(). |
d | The destination MPI (private key). This must be initialized. |
Q | The destination point (public key). This must be initialized. |
f_rng | The RNG function to use. This must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL in case f_rng doesn't need a context argument. |
0
on success. MBEDTLS_ERR_ECP_XXX
or MBEDTLS_MPI_XXX
error code on failure. int mbedtls_ecdh_get_params | ( | mbedtls_ecdh_context * | ctx, |
const mbedtls_ecp_keypair * | key, | ||
mbedtls_ecdh_side | side | ||
) |
This function sets up an ECDH context from an EC key.
It is used by clients and servers in place of the ServerKeyEchange for static ECDH, and imports ECDH parameters from the EC key information of a certificate.
ctx | The ECDH context to set up. This must be initialized. |
key | The EC key to use. This must be initialized. |
side | Defines the source of the key. Possible values are:
|
0
on success. MBEDTLS_ERR_ECP_XXX
error code on failure. void mbedtls_ecdh_init | ( | mbedtls_ecdh_context * | ctx | ) |
This function initializes an ECDH context.
ctx | The ECDH context to initialize. This must not be NULL . |
int mbedtls_ecdh_make_params | ( | mbedtls_ecdh_context * | ctx, |
size_t * | olen, | ||
unsigned char * | buf, | ||
size_t | blen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function generates an EC key pair and exports its in the format used in a TLS ServerKeyExchange handshake message.
This is the second function used by a TLS server for ECDHE ciphersuites. (It is called after mbedtls_ecdh_setup().)
ctx | The ECDH context to use. This must be initialized and bound to a group, for example via mbedtls_ecdh_setup(). |
olen | The address at which to store the number of Bytes written. |
buf | The destination buffer. This must be a writable buffer of length blen Bytes. |
blen | The length of the destination buffer buf in Bytes. |
f_rng | The RNG function to use. This must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL in case f_rng doesn't need a context argument. |
0
on success. mbedtls_ecp_set_max_ops()
. MBEDTLS_ERR_ECP_XXX
error code on failure. int mbedtls_ecdh_make_public | ( | mbedtls_ecdh_context * | ctx, |
size_t * | olen, | ||
unsigned char * | buf, | ||
size_t | blen, | ||
int(*)(void *, unsigned char *, size_t) | f_rng, | ||
void * | p_rng | ||
) |
This function generates a public key and exports it as a TLS ClientKeyExchange payload.
This is the second function used by a TLS client for ECDH(E) ciphersuites.
ctx | The ECDH context to use. This must be initialized and bound to a group, the latter usually by mbedtls_ecdh_read_params(). |
olen | The address at which to store the number of Bytes written. This must not be NULL . |
buf | The destination buffer. This must be a writable buffer of length blen Bytes. |
blen | The size of the destination buffer buf in Bytes. |
f_rng | The RNG function to use. This must not be NULL . |
p_rng | The RNG context to be passed to f_rng . This may be NULL in case f_rng doesn't need a context argument. |
0
on success. mbedtls_ecp_set_max_ops()
. MBEDTLS_ERR_ECP_XXX
error code on failure. int mbedtls_ecdh_read_params | ( | mbedtls_ecdh_context * | ctx, |
const unsigned char ** | buf, | ||
const unsigned char * | end | ||
) |
This function parses the ECDHE parameters in a TLS ServerKeyExchange handshake message.
ctx | The ECDHE context to use. This must be initialized. |
buf | On input, *buf must be the start of the input buffer. On output, *buf is updated to point to the end of the data that has been read. On success, this is the first byte past the end of the ServerKeyExchange parameters. On error, this is the point at which an error has been detected, which is usually not useful except to debug failures. |
end | The end of the input buffer. |
0
on success. MBEDTLS_ERR_ECP_XXX
error code on failure. int mbedtls_ecdh_read_public | ( | mbedtls_ecdh_context * | ctx, |
const unsigned char * | buf, | ||
size_t | blen | ||
) |
This function parses and processes the ECDHE payload of a TLS ClientKeyExchange message.
This is the third function used by a TLS server for ECDH(E) ciphersuites. (It is called after mbedtls_ecdh_setup() and mbedtls_ecdh_make_params().)
ctx | The ECDH context to use. This must be initialized and bound to a group, for example via mbedtls_ecdh_setup(). |
buf | The pointer to the ClientKeyExchange payload. This must be a readable buffer of length blen Bytes. |
blen | The length of the input buffer buf in Bytes. |
0
on success. MBEDTLS_ERR_ECP_XXX
error code on failure. int mbedtls_ecdh_setup | ( | mbedtls_ecdh_context * | ctx, |
mbedtls_ecp_group_id | grp_id | ||
) |
This function sets up the ECDH context with the information given.
This function should be called after mbedtls_ecdh_init() but before mbedtls_ecdh_make_params(). There is no need to call this function before mbedtls_ecdh_read_params().
This is the first function used by a TLS server for ECDHE ciphersuites.
ctx | The ECDH context to set up. This must be initialized. |
grp_id | The group id of the group to set up the context for. |
0
on success.