ecdh.h

00001 /**
00002  * \file ecdh.h
00003  *
00004  * \brief Elliptic curve Diffie-Hellman
00005  *
00006  *  Copyright (C) 2006-2013, Brainspark B.V.
00007  *
00008  *  This file is part of PolarSSL (http://www.polarssl.org)
00009  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
00010  *
00011  *  All rights reserved.
00012  *
00013  *  This program is free software; you can redistribute it and/or modify
00014  *  it under the terms of the GNU General Public License as published by
00015  *  the Free Software Foundation; either version 2 of the License, or
00016  *  (at your option) any later version.
00017  *
00018  *  This program is distributed in the hope that it will be useful,
00019  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00020  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00021  *  GNU General Public License for more details.
00022  *
00023  *  You should have received a copy of the GNU General Public License along
00024  *  with this program; if not, write to the Free Software Foundation, Inc.,
00025  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00026  */
00027 #ifndef POLARSSL_ECDH_H
00028 #define POLARSSL_ECDH_H
00029 
00030 #include "ecp.h"
00031 
00032 #ifdef __cplusplus
00033 extern "C" {
00034 #endif
00035 
00036 /**
00037  * When importing from an EC key, select if it is our key or the peer's key
00038  */
00039 typedef enum
00040 {
00041     POLARSSL_ECDH_OURS,
00042     POLARSSL_ECDH_THEIRS,
00043 } ecdh_side;
00044 
00045 /**
00046  * \brief           ECDH context structure
00047  */
00048 typedef struct
00049 {
00050     ecp_group grp ;      /*!<  ellipitic curve used      */
00051     mpi d ;              /*!<  our secret value          */
00052     ecp_point Q ;        /*!<  our public value          */
00053     ecp_point Qp ;       /*!<  peer's public value       */
00054     mpi z ;              /*!<  shared secret             */
00055     int point_format ;   /*!<  format for point export   */
00056     ecp_point Vi ;       /*!<  blinding value (for later)    */
00057     ecp_point Vf ;       /*!<  un-blinding value (for later) */
00058     mpi _d ;             /*!<  previous d                    */
00059 }
00060 ecdh_context;
00061 
00062 /**
00063  * \brief           Generate a public key
00064  *
00065  * \param grp       ECP group
00066  * \param d         Destination MPI (secret exponent)
00067  * \param Q         Destination point (public key)
00068  * \param f_rng     RNG function
00069  * \param p_rng     RNG parameter
00070  *
00071  * \return          0 if successful,
00072  *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
00073  */
00074 int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
00075                      int (*f_rng)(void *, unsigned char *, size_t),
00076                      void *p_rng );
00077 
00078 /**
00079  * \brief           Compute shared secret
00080  *
00081  * \param grp       ECP group
00082  * \param z         Destination MPI (shared secret)
00083  * \param Q         Public key from other party
00084  * \param d         Our secret exponent
00085  * \param f_rng     RNG function (see notes)
00086  * \param p_rng     RNG parameter
00087  *
00088  * \return          0 if successful,
00089  *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
00090  *
00091  * \note            If f_rng is not NULL, it is used to implement
00092  *                  countermeasures against potential elaborate timing
00093  *                  attacks, see \c ecp_mul() for details.
00094  */
00095 int ecdh_compute_shared( ecp_group *grp, mpi *z,
00096                          const ecp_point *Q, const mpi *d,
00097                          int (*f_rng)(void *, unsigned char *, size_t),
00098                          void *p_rng );
00099 
00100 /**
00101  * \brief           Initialize context
00102  *
00103  * \param ctx       Context to initialize
00104  */
00105 void ecdh_init( ecdh_context *ctx );
00106 
00107 /**
00108  * \brief           Free context
00109  *
00110  * \param ctx       Context to free
00111  */
00112 void ecdh_free( ecdh_context *ctx );
00113 
00114 /**
00115  * \brief           Setup and write the ServerKeyExhange parameters
00116  *
00117  * \param ctx       ECDH context
00118  * \param olen      number of chars written
00119  * \param buf       destination buffer
00120  * \param blen      length of buffer
00121  * \param f_rng     RNG function
00122  * \param p_rng     RNG parameter
00123  *
00124  * \note            This function assumes that ctx->grp has already been
00125  *                  properly set (for example using ecp_use_known_dp).
00126  *
00127  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00128  */
00129 int ecdh_make_params( ecdh_context *ctx, size_t *olen,
00130                       unsigned char *buf, size_t blen,
00131                       int (*f_rng)(void *, unsigned char *, size_t),
00132                       void *p_rng );
00133 
00134 /**
00135  * \brief           Parse the ServerKeyExhange parameters
00136  *
00137  * \param ctx       ECDH context
00138  * \param buf       pointer to start of input buffer
00139  * \param end       one past end of buffer
00140  *
00141  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00142  */
00143 int ecdh_read_params( ecdh_context *ctx,
00144                       const unsigned char **buf, const unsigned char *end );
00145 
00146 /**
00147  * \brief           Setup an ECDH context from an EC key
00148  *
00149  * \param ctx       ECDH constext to set
00150  * \param key       EC key to use
00151  * \param side      Is it our key (1) or the peer's key (0) ?
00152  *
00153  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00154  */
00155 int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
00156                      ecdh_side side );
00157 
00158 /**
00159  * \brief           Setup and export the client's public value
00160  *
00161  * \param ctx       ECDH context
00162  * \param olen      number of bytes actually written
00163  * \param buf       destination buffer
00164  * \param blen      size of destination buffer
00165  * \param f_rng     RNG function
00166  * \param p_rng     RNG parameter
00167  *
00168  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00169  */
00170 int ecdh_make_public( ecdh_context *ctx, size_t *olen,
00171                       unsigned char *buf, size_t blen,
00172                       int (*f_rng)(void *, unsigned char *, size_t),
00173                       void *p_rng );
00174 
00175 /**
00176  * \brief           Parse and import the client's public value
00177  *
00178  * \param ctx       ECDH context
00179  * \param buf       start of input buffer
00180  * \param blen      length of input buffer
00181  *
00182  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00183  */
00184 int ecdh_read_public( ecdh_context *ctx,
00185                       const unsigned char *buf, size_t blen );
00186 
00187 /**
00188  * \brief           Derive and export the shared secret
00189  *
00190  * \param ctx       ECDH context
00191  * \param olen      number of bytes written
00192  * \param buf       destination buffer
00193  * \param blen      buffer length
00194  * \param f_rng     RNG function, see notes for \c ecdh_compute_shared()
00195  * \param p_rng     RNG parameter
00196  *
00197  * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
00198  */
00199 int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
00200                       unsigned char *buf, size_t blen,
00201                       int (*f_rng)(void *, unsigned char *, size_t),
00202                       void *p_rng );
00203 
00204 /**
00205  * \brief          Checkup routine
00206  *
00207  * \return         0 if successful, or 1 if the test failed
00208  */
00209 int ecdh_self_test( int verbose );
00210 
00211 #ifdef __cplusplus
00212 }
00213 #endif
00214 
00215 #endif /* ecdh.h */
00216 
00217