Modified mbed TLS headers for AES functionality only to reduce build size
Dependents: BLE_Gateway_Linker_fix BLE_Gateway
Fork of mbedtls by
mbedtls/ecjpake.h@5:f09f5ed830ca, 2017-07-10 (annotated)
- Committer:
- electronichamsters
- Date:
- Mon Jul 10 04:00:25 2017 +0000
- Revision:
- 5:f09f5ed830ca
- Parent:
- 1:24750b9ad5ef
working gateway
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Christopher Haster |
1:24750b9ad5ef | 1 | /** |
Christopher Haster |
1:24750b9ad5ef | 2 | * \file ecjpake.h |
Christopher Haster |
1:24750b9ad5ef | 3 | * |
Christopher Haster |
1:24750b9ad5ef | 4 | * \brief Elliptic curve J-PAKE |
Christopher Haster |
1:24750b9ad5ef | 5 | * |
Christopher Haster |
1:24750b9ad5ef | 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
Christopher Haster |
1:24750b9ad5ef | 7 | * SPDX-License-Identifier: Apache-2.0 |
Christopher Haster |
1:24750b9ad5ef | 8 | * |
Christopher Haster |
1:24750b9ad5ef | 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
Christopher Haster |
1:24750b9ad5ef | 10 | * not use this file except in compliance with the License. |
Christopher Haster |
1:24750b9ad5ef | 11 | * You may obtain a copy of the License at |
Christopher Haster |
1:24750b9ad5ef | 12 | * |
Christopher Haster |
1:24750b9ad5ef | 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
Christopher Haster |
1:24750b9ad5ef | 14 | * |
Christopher Haster |
1:24750b9ad5ef | 15 | * Unless required by applicable law or agreed to in writing, software |
Christopher Haster |
1:24750b9ad5ef | 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
Christopher Haster |
1:24750b9ad5ef | 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
Christopher Haster |
1:24750b9ad5ef | 18 | * See the License for the specific language governing permissions and |
Christopher Haster |
1:24750b9ad5ef | 19 | * limitations under the License. |
Christopher Haster |
1:24750b9ad5ef | 20 | * |
Christopher Haster |
1:24750b9ad5ef | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
Christopher Haster |
1:24750b9ad5ef | 22 | */ |
Christopher Haster |
1:24750b9ad5ef | 23 | #ifndef MBEDTLS_ECJPAKE_H |
Christopher Haster |
1:24750b9ad5ef | 24 | #define MBEDTLS_ECJPAKE_H |
Christopher Haster |
1:24750b9ad5ef | 25 | |
Christopher Haster |
1:24750b9ad5ef | 26 | /* |
Christopher Haster |
1:24750b9ad5ef | 27 | * J-PAKE is a password-authenticated key exchange that allows deriving a |
Christopher Haster |
1:24750b9ad5ef | 28 | * strong shared secret from a (potentially low entropy) pre-shared |
Christopher Haster |
1:24750b9ad5ef | 29 | * passphrase, with forward secrecy and mutual authentication. |
Christopher Haster |
1:24750b9ad5ef | 30 | * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling |
Christopher Haster |
1:24750b9ad5ef | 31 | * |
Christopher Haster |
1:24750b9ad5ef | 32 | * This file implements the Elliptic Curve variant of J-PAKE, |
Christopher Haster |
1:24750b9ad5ef | 33 | * as defined in Chapter 7.4 of the Thread v1.0 Specification, |
Christopher Haster |
1:24750b9ad5ef | 34 | * available to members of the Thread Group http://threadgroup.org/ |
Christopher Haster |
1:24750b9ad5ef | 35 | * |
Christopher Haster |
1:24750b9ad5ef | 36 | * As the J-PAKE algorithm is inherently symmetric, so is our API. |
Christopher Haster |
1:24750b9ad5ef | 37 | * Each party needs to send its first round message, in any order, to the |
Christopher Haster |
1:24750b9ad5ef | 38 | * other party, then each sends its second round message, in any order. |
Christopher Haster |
1:24750b9ad5ef | 39 | * The payloads are serialized in a way suitable for use in TLS, but could |
Christopher Haster |
1:24750b9ad5ef | 40 | * also be use outside TLS. |
Christopher Haster |
1:24750b9ad5ef | 41 | */ |
Christopher Haster |
1:24750b9ad5ef | 42 | |
Christopher Haster |
1:24750b9ad5ef | 43 | #include "ecp.h" |
Christopher Haster |
1:24750b9ad5ef | 44 | #include "md.h" |
Christopher Haster |
1:24750b9ad5ef | 45 | |
Christopher Haster |
1:24750b9ad5ef | 46 | #ifdef __cplusplus |
Christopher Haster |
1:24750b9ad5ef | 47 | extern "C" { |
Christopher Haster |
1:24750b9ad5ef | 48 | #endif |
Christopher Haster |
1:24750b9ad5ef | 49 | |
Christopher Haster |
1:24750b9ad5ef | 50 | /** |
Christopher Haster |
1:24750b9ad5ef | 51 | * Roles in the EC J-PAKE exchange |
Christopher Haster |
1:24750b9ad5ef | 52 | */ |
Christopher Haster |
1:24750b9ad5ef | 53 | typedef enum { |
Christopher Haster |
1:24750b9ad5ef | 54 | MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */ |
Christopher Haster |
1:24750b9ad5ef | 55 | MBEDTLS_ECJPAKE_SERVER, /**< Server */ |
Christopher Haster |
1:24750b9ad5ef | 56 | } mbedtls_ecjpake_role; |
Christopher Haster |
1:24750b9ad5ef | 57 | |
Christopher Haster |
1:24750b9ad5ef | 58 | /** |
Christopher Haster |
1:24750b9ad5ef | 59 | * EC J-PAKE context structure. |
Christopher Haster |
1:24750b9ad5ef | 60 | * |
Christopher Haster |
1:24750b9ad5ef | 61 | * J-PAKE is a symmetric protocol, except for the identifiers used in |
Christopher Haster |
1:24750b9ad5ef | 62 | * Zero-Knowledge Proofs, and the serialization of the second message |
Christopher Haster |
1:24750b9ad5ef | 63 | * (KeyExchange) as defined by the Thread spec. |
Christopher Haster |
1:24750b9ad5ef | 64 | * |
Christopher Haster |
1:24750b9ad5ef | 65 | * In order to benefit from this symmetry, we choose a different naming |
Christopher Haster |
1:24750b9ad5ef | 66 | * convetion from the Thread v1.0 spec. Correspondance is indicated in the |
Christopher Haster |
1:24750b9ad5ef | 67 | * description as a pair C: <client name>, S: <server name> |
Christopher Haster |
1:24750b9ad5ef | 68 | */ |
Christopher Haster |
1:24750b9ad5ef | 69 | typedef struct |
Christopher Haster |
1:24750b9ad5ef | 70 | { |
Christopher Haster |
1:24750b9ad5ef | 71 | const mbedtls_md_info_t *md_info; /**< Hash to use */ |
Christopher Haster |
1:24750b9ad5ef | 72 | mbedtls_ecp_group grp; /**< Elliptic curve */ |
Christopher Haster |
1:24750b9ad5ef | 73 | mbedtls_ecjpake_role role; /**< Are we client or server? */ |
Christopher Haster |
1:24750b9ad5ef | 74 | int point_format; /**< Format for point export */ |
Christopher Haster |
1:24750b9ad5ef | 75 | |
Christopher Haster |
1:24750b9ad5ef | 76 | mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */ |
Christopher Haster |
1:24750b9ad5ef | 77 | mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */ |
Christopher Haster |
1:24750b9ad5ef | 78 | mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */ |
Christopher Haster |
1:24750b9ad5ef | 79 | mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */ |
Christopher Haster |
1:24750b9ad5ef | 80 | mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */ |
Christopher Haster |
1:24750b9ad5ef | 81 | |
Christopher Haster |
1:24750b9ad5ef | 82 | mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */ |
Christopher Haster |
1:24750b9ad5ef | 83 | mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */ |
Christopher Haster |
1:24750b9ad5ef | 84 | |
Christopher Haster |
1:24750b9ad5ef | 85 | mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ |
Christopher Haster |
1:24750b9ad5ef | 86 | } mbedtls_ecjpake_context; |
Christopher Haster |
1:24750b9ad5ef | 87 | |
Christopher Haster |
1:24750b9ad5ef | 88 | /** |
Christopher Haster |
1:24750b9ad5ef | 89 | * \brief Initialize a context |
Christopher Haster |
1:24750b9ad5ef | 90 | * (just makes it ready for setup() or free()). |
Christopher Haster |
1:24750b9ad5ef | 91 | * |
Christopher Haster |
1:24750b9ad5ef | 92 | * \param ctx context to initialize |
Christopher Haster |
1:24750b9ad5ef | 93 | */ |
Christopher Haster |
1:24750b9ad5ef | 94 | void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); |
Christopher Haster |
1:24750b9ad5ef | 95 | |
Christopher Haster |
1:24750b9ad5ef | 96 | /** |
Christopher Haster |
1:24750b9ad5ef | 97 | * \brief Set up a context for use |
Christopher Haster |
1:24750b9ad5ef | 98 | * |
Christopher Haster |
1:24750b9ad5ef | 99 | * \note Currently the only values for hash/curve allowed by the |
Christopher Haster |
1:24750b9ad5ef | 100 | * standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1. |
Christopher Haster |
1:24750b9ad5ef | 101 | * |
Christopher Haster |
1:24750b9ad5ef | 102 | * \param ctx context to set up |
Christopher Haster |
1:24750b9ad5ef | 103 | * \param role Our role: client or server |
Christopher Haster |
1:24750b9ad5ef | 104 | * \param hash hash function to use (MBEDTLS_MD_XXX) |
Christopher Haster |
1:24750b9ad5ef | 105 | * \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX) |
Christopher Haster |
1:24750b9ad5ef | 106 | * \param secret pre-shared secret (passphrase) |
Christopher Haster |
1:24750b9ad5ef | 107 | * \param len length of the shared secret |
Christopher Haster |
1:24750b9ad5ef | 108 | * |
Christopher Haster |
1:24750b9ad5ef | 109 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 110 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 111 | */ |
Christopher Haster |
1:24750b9ad5ef | 112 | int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 113 | mbedtls_ecjpake_role role, |
Christopher Haster |
1:24750b9ad5ef | 114 | mbedtls_md_type_t hash, |
Christopher Haster |
1:24750b9ad5ef | 115 | mbedtls_ecp_group_id curve, |
Christopher Haster |
1:24750b9ad5ef | 116 | const unsigned char *secret, |
Christopher Haster |
1:24750b9ad5ef | 117 | size_t len ); |
Christopher Haster |
1:24750b9ad5ef | 118 | |
Christopher Haster |
1:24750b9ad5ef | 119 | /* |
Christopher Haster |
1:24750b9ad5ef | 120 | * \brief Check if a context is ready for use |
Christopher Haster |
1:24750b9ad5ef | 121 | * |
Christopher Haster |
1:24750b9ad5ef | 122 | * \param ctx Context to check |
Christopher Haster |
1:24750b9ad5ef | 123 | * |
Christopher Haster |
1:24750b9ad5ef | 124 | * \return 0 if the context is ready for use, |
Christopher Haster |
1:24750b9ad5ef | 125 | * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise |
Christopher Haster |
1:24750b9ad5ef | 126 | */ |
Christopher Haster |
1:24750b9ad5ef | 127 | int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); |
Christopher Haster |
1:24750b9ad5ef | 128 | |
Christopher Haster |
1:24750b9ad5ef | 129 | /** |
Christopher Haster |
1:24750b9ad5ef | 130 | * \brief Generate and write the first round message |
Christopher Haster |
1:24750b9ad5ef | 131 | * (TLS: contents of the Client/ServerHello extension, |
Christopher Haster |
1:24750b9ad5ef | 132 | * excluding extension type and length bytes) |
Christopher Haster |
1:24750b9ad5ef | 133 | * |
Christopher Haster |
1:24750b9ad5ef | 134 | * \param ctx Context to use |
Christopher Haster |
1:24750b9ad5ef | 135 | * \param buf Buffer to write the contents to |
Christopher Haster |
1:24750b9ad5ef | 136 | * \param len Buffer size |
Christopher Haster |
1:24750b9ad5ef | 137 | * \param olen Will be updated with the number of bytes written |
Christopher Haster |
1:24750b9ad5ef | 138 | * \param f_rng RNG function |
Christopher Haster |
1:24750b9ad5ef | 139 | * \param p_rng RNG parameter |
Christopher Haster |
1:24750b9ad5ef | 140 | * |
Christopher Haster |
1:24750b9ad5ef | 141 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 142 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 143 | */ |
Christopher Haster |
1:24750b9ad5ef | 144 | int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 145 | unsigned char *buf, size_t len, size_t *olen, |
Christopher Haster |
1:24750b9ad5ef | 146 | int (*f_rng)(void *, unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 147 | void *p_rng ); |
Christopher Haster |
1:24750b9ad5ef | 148 | |
Christopher Haster |
1:24750b9ad5ef | 149 | /** |
Christopher Haster |
1:24750b9ad5ef | 150 | * \brief Read and process the first round message |
Christopher Haster |
1:24750b9ad5ef | 151 | * (TLS: contents of the Client/ServerHello extension, |
Christopher Haster |
1:24750b9ad5ef | 152 | * excluding extension type and length bytes) |
Christopher Haster |
1:24750b9ad5ef | 153 | * |
Christopher Haster |
1:24750b9ad5ef | 154 | * \param ctx Context to use |
Christopher Haster |
1:24750b9ad5ef | 155 | * \param buf Pointer to extension contents |
Christopher Haster |
1:24750b9ad5ef | 156 | * \param len Extension length |
Christopher Haster |
1:24750b9ad5ef | 157 | * |
Christopher Haster |
1:24750b9ad5ef | 158 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 159 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 160 | */ |
Christopher Haster |
1:24750b9ad5ef | 161 | int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 162 | const unsigned char *buf, |
Christopher Haster |
1:24750b9ad5ef | 163 | size_t len ); |
Christopher Haster |
1:24750b9ad5ef | 164 | |
Christopher Haster |
1:24750b9ad5ef | 165 | /** |
Christopher Haster |
1:24750b9ad5ef | 166 | * \brief Generate and write the second round message |
Christopher Haster |
1:24750b9ad5ef | 167 | * (TLS: contents of the Client/ServerKeyExchange) |
Christopher Haster |
1:24750b9ad5ef | 168 | * |
Christopher Haster |
1:24750b9ad5ef | 169 | * \param ctx Context to use |
Christopher Haster |
1:24750b9ad5ef | 170 | * \param buf Buffer to write the contents to |
Christopher Haster |
1:24750b9ad5ef | 171 | * \param len Buffer size |
Christopher Haster |
1:24750b9ad5ef | 172 | * \param olen Will be updated with the number of bytes written |
Christopher Haster |
1:24750b9ad5ef | 173 | * \param f_rng RNG function |
Christopher Haster |
1:24750b9ad5ef | 174 | * \param p_rng RNG parameter |
Christopher Haster |
1:24750b9ad5ef | 175 | * |
Christopher Haster |
1:24750b9ad5ef | 176 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 177 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 178 | */ |
Christopher Haster |
1:24750b9ad5ef | 179 | int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 180 | unsigned char *buf, size_t len, size_t *olen, |
Christopher Haster |
1:24750b9ad5ef | 181 | int (*f_rng)(void *, unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 182 | void *p_rng ); |
Christopher Haster |
1:24750b9ad5ef | 183 | |
Christopher Haster |
1:24750b9ad5ef | 184 | /** |
Christopher Haster |
1:24750b9ad5ef | 185 | * \brief Read and process the second round message |
Christopher Haster |
1:24750b9ad5ef | 186 | * (TLS: contents of the Client/ServerKeyExchange) |
Christopher Haster |
1:24750b9ad5ef | 187 | * |
Christopher Haster |
1:24750b9ad5ef | 188 | * \param ctx Context to use |
Christopher Haster |
1:24750b9ad5ef | 189 | * \param buf Pointer to the message |
Christopher Haster |
1:24750b9ad5ef | 190 | * \param len Message length |
Christopher Haster |
1:24750b9ad5ef | 191 | * |
Christopher Haster |
1:24750b9ad5ef | 192 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 193 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 194 | */ |
Christopher Haster |
1:24750b9ad5ef | 195 | int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 196 | const unsigned char *buf, |
Christopher Haster |
1:24750b9ad5ef | 197 | size_t len ); |
Christopher Haster |
1:24750b9ad5ef | 198 | |
Christopher Haster |
1:24750b9ad5ef | 199 | /** |
Christopher Haster |
1:24750b9ad5ef | 200 | * \brief Derive the shared secret |
Christopher Haster |
1:24750b9ad5ef | 201 | * (TLS: Pre-Master Secret) |
Christopher Haster |
1:24750b9ad5ef | 202 | * |
Christopher Haster |
1:24750b9ad5ef | 203 | * \param ctx Context to use |
Christopher Haster |
1:24750b9ad5ef | 204 | * \param buf Buffer to write the contents to |
Christopher Haster |
1:24750b9ad5ef | 205 | * \param len Buffer size |
Christopher Haster |
1:24750b9ad5ef | 206 | * \param olen Will be updated with the number of bytes written |
Christopher Haster |
1:24750b9ad5ef | 207 | * \param f_rng RNG function |
Christopher Haster |
1:24750b9ad5ef | 208 | * \param p_rng RNG parameter |
Christopher Haster |
1:24750b9ad5ef | 209 | * |
Christopher Haster |
1:24750b9ad5ef | 210 | * \return 0 if successfull, |
Christopher Haster |
1:24750b9ad5ef | 211 | * a negative error code otherwise |
Christopher Haster |
1:24750b9ad5ef | 212 | */ |
Christopher Haster |
1:24750b9ad5ef | 213 | int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, |
Christopher Haster |
1:24750b9ad5ef | 214 | unsigned char *buf, size_t len, size_t *olen, |
Christopher Haster |
1:24750b9ad5ef | 215 | int (*f_rng)(void *, unsigned char *, size_t), |
Christopher Haster |
1:24750b9ad5ef | 216 | void *p_rng ); |
Christopher Haster |
1:24750b9ad5ef | 217 | |
Christopher Haster |
1:24750b9ad5ef | 218 | /** |
Christopher Haster |
1:24750b9ad5ef | 219 | * \brief Free a context's content |
Christopher Haster |
1:24750b9ad5ef | 220 | * |
Christopher Haster |
1:24750b9ad5ef | 221 | * \param ctx context to free |
Christopher Haster |
1:24750b9ad5ef | 222 | */ |
Christopher Haster |
1:24750b9ad5ef | 223 | void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); |
Christopher Haster |
1:24750b9ad5ef | 224 | |
Christopher Haster |
1:24750b9ad5ef | 225 | #if defined(MBEDTLS_SELF_TEST) |
Christopher Haster |
1:24750b9ad5ef | 226 | /** |
Christopher Haster |
1:24750b9ad5ef | 227 | * \brief Checkup routine |
Christopher Haster |
1:24750b9ad5ef | 228 | * |
Christopher Haster |
1:24750b9ad5ef | 229 | * \return 0 if successful, or 1 if a test failed |
Christopher Haster |
1:24750b9ad5ef | 230 | */ |
Christopher Haster |
1:24750b9ad5ef | 231 | int mbedtls_ecjpake_self_test( int verbose ); |
Christopher Haster |
1:24750b9ad5ef | 232 | #endif |
Christopher Haster |
1:24750b9ad5ef | 233 | |
Christopher Haster |
1:24750b9ad5ef | 234 | #ifdef __cplusplus |
Christopher Haster |
1:24750b9ad5ef | 235 | } |
Christopher Haster |
1:24750b9ad5ef | 236 | #endif |
Christopher Haster |
1:24750b9ad5ef | 237 | |
Christopher Haster |
1:24750b9ad5ef | 238 | #endif /* ecjpake.h */ |