ECDH: Clean up the interface to Everest code

commit: 4936beb5136e26271247de49588045f71f740806 [log] [tgz]
author: Christoph M. Wintersteiger <cwinter@microsoft.com> Wed Dec 12 17:26:41 2018 +0000
committer: Janos Follath <janos.follath@arm.com> Mon Aug 19 13:36:44 2019 +0100
tree: d02198ba0c3e230450fe220ad262921dd6599133
parent: 48d26c21c61c3f0e1c4ca38035366f8ae968401b [diff]
diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h
old mode 100644
new mode 100755
index aceeeae..5806500
--- a/3rdparty/everest/include/everest/everest.h
+++ b/3rdparty/everest/include/everest/everest.h

@@ -22,17 +22,23 @@
 #ifndef MBEDTLS_EVEREST_H
 #define MBEDTLS_EVEREST_H
 
+#include "everest/x25519.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-struct mbedtls_ecdh_context;
-typedef struct mbedtls_ecdh_context mbedtls_ecdh_context;
-
-struct mbedtls_x25519_context_;
+/**
+ * Defines the source of the imported EC key.
+ */
+typedef enum
+{
+    MBEDTLS_EVEREST_ECDH_OURS,   /**< Our key. */
+    MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */
+} mbedtls_everest_ecdh_side;
 
 typedef struct {
-    struct mbedtls_x25519_context_ *ctx;
+    mbedtls_x25519_context ctx;
 } mbedtls_ecdh_context_everest;
 
 
@@ -48,18 +54,18 @@
  *                  ciphersuites.
  *
  * \param ctx       The ECDH context to set up.
- * \param grp       The group id of the group to set up the context for.
+ * \param grp_id    The group id of the group to set up the context for.
  *
  * \return          \c 0 on success.
  */
-int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp );
+int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id );
 
 /**
  * \brief           This function frees a context.
  *
  * \param ctx       The context to free.
  */
-void mbedtls_everest_free( mbedtls_ecdh_context *ctx );
+void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx );
 
 /**
  * \brief           This function generates a public key and a TLS
@@ -84,7 +90,7 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng );
@@ -106,7 +112,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
                                  const unsigned char **buf, const unsigned char *end );
 
 /**
@@ -126,7 +132,7 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
                                  const unsigned char **buf, const unsigned char *end );
 
 /**
@@ -147,8 +153,8 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-                                int side );
+int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key,
+                                mbedtls_everest_ecdh_side side );
 
 /**
  * \brief           This function generates a public key and a TLS
@@ -169,7 +175,7 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng );
@@ -191,7 +197,7 @@
  * \return      \c 0 on success.
  * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx,
+int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
                                  const unsigned char *buf, size_t blen );
 
 /**
@@ -216,7 +222,7 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng );

diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
old mode 100644
new mode 100755
index e332ff2..cdfb16f
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h

@@ -22,8 +22,6 @@
 #ifndef MBEDTLS_X25519_H
 #define MBEDTLS_X25519_H
 
-#include <mbedtls/ecdh.h>
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -31,6 +29,15 @@
 #define MBEDTLS_ECP_TLS_CURVE25519 0x1d
 
 /**
+ * Defines the source of the imported EC key.
+ */
+typedef enum
+{
+    MBEDTLS_X25519_ECDH_OURS,   /**< Our key. */
+    MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */
+} mbedtls_x25519_ecdh_side;
+
+/**
  * \brief           The x25519 context structure.
  */
 typedef struct mbedtls_x25519_context_ {
@@ -109,7 +116,7 @@
  *
  */
 int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
-                        int side );
+                               mbedtls_x25519_ecdh_side side );
 
 /**
  * \brief           This function derives and exports the shared secret.

diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c
index 2b111af..4b3a799 100755
--- a/3rdparty/everest/library/everest.c
+++ b/3rdparty/everest/library/everest.c

@@ -41,89 +41,69 @@
 
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
 
-int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp )
+int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id )
 {
-    if( grp != MBEDTLS_ECP_DP_CURVE25519 )
+    if( grp_id != MBEDTLS_ECP_DP_CURVE25519 )
         return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-
-    ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
-    ctx->grp_id = grp;
-
-    ctx->ctx.everest_ecdh.ctx = mbedtls_calloc( 1, sizeof( mbedtls_x25519_context ) );
-    mbedtls_x25519_init( ctx->ctx.everest_ecdh.ctx );
-
+    mbedtls_x25519_init( &ctx->ctx );
     return 0;
 }
 
-void mbedtls_everest_free( mbedtls_ecdh_context *ctx )
+void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-
-    mbedtls_x25519_free( x25519_ctx );
-    mbedtls_free( x25519_ctx );
-
-    ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
-    ctx->grp_id = MBEDTLS_ECP_DP_NONE;
+    mbedtls_x25519_free( &ctx->ctx );
 }
 
-int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
     return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng );
 }
 
-int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx,
-                                 const unsigned char **buf, const unsigned char *end )
+int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx,
+                                 const unsigned char **buf,
+                                 const unsigned char *end )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
     return mbedtls_x25519_read_params( x25519_ctx, buf, end );
 }
 
-int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-    int side )
+int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx,
+                                const mbedtls_ecp_keypair *key,
+                                mbedtls_everest_ecdh_side side )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    return mbedtls_x25519_get_params( x25519_ctx, key, side );
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
+    mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ?
+                                            MBEDTLS_X25519_ECDH_OURS :
+                                            MBEDTLS_X25519_ECDH_THEIRS;
+    return mbedtls_x25519_get_params( x25519_ctx, key, s );
 }
 
-int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
     return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng );
 }
 
-int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx,
+int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx,
                                  const unsigned char *buf, size_t blen )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
     return mbedtls_x25519_read_public ( x25519_ctx, buf, blen );
 }
 
-int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen,
                                  unsigned char *buf, size_t blen,
                                  int( *f_rng )( void *, unsigned char *, size_t ),
                                  void *p_rng )
 {
-    mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh;
-    mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx;
-    if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    mbedtls_x25519_context *x25519_ctx = &ctx->ctx;
     return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng );
 }
 

diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
old mode 100644
new mode 100755
index 72cab6b..830018c
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c

@@ -27,6 +27,8 @@
 
 #if defined(MBEDTLS_ECDH_C)
 
+#include <mbedtls/ecdh.h>
+
 #include <Hacl_Curve25519.h>
 #include <mbedtls/platform_util.h>
 
@@ -100,16 +102,16 @@
 }
 
 int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key,
-                        int side )
+                               mbedtls_x25519_ecdh_side side )
 {
     size_t olen = 0;
 
     switch( side ) {
-    case MBEDTLS_ECDH_THEIRS:
+    case MBEDTLS_X25519_ECDH_THEIRS:
         mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 );
         /* untested; defensively throw an error for now. */
         return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE);
-    case MBEDTLS_ECDH_OURS:
+    case MBEDTLS_X25519_ECDH_OURS:
         mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 );
         /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */
         /* untested; defensively throw an error for now. */

diff --git a/library/ecdh.c b/library/ecdh.c
index b0367ec..fec88d0 100755
--- a/library/ecdh.c
+++ b/library/ecdh.c

@@ -221,8 +221,12 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECP_DP_CURVE25519:
-            return( mbedtls_everest_setup( ctx, grp_id ) );
-            break;
+        {
+            ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
+            ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
+            ctx->grp_id = grp_id;
+            return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
+        }
 #endif
         default:
             ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
@@ -277,7 +281,9 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            mbedtls_everest_free( ctx );
+            mbedtls_everest_free( &ctx->ctx.everest_ecdh );
+            ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
+            ctx->grp_id = MBEDTLS_ECP_DP_NONE;
             break;
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
@@ -376,7 +382,8 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_params( ctx, olen, buf, blen, f_rng, p_rng ) );
+            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
+                                                 buf, blen, f_rng, p_rng ) );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
@@ -429,7 +436,8 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_params( ctx, buf, end) );
+            return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
+                                                 buf, end) );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
@@ -497,7 +505,13 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_get_params( ctx, key, side ) );
+        {
+            mbedtls_x25519_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
+                                                   MBEDTLS_EVEREST_ECDH_OURS :
+                                                   MBEDTLS_EVEREST_ECDH_THEIRS;
+            return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
+                                                key, s) );
+        }
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
@@ -572,7 +586,8 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_public( ctx, olen, buf, blen, f_rng, p_rng ) );
+            return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
+                                                 buf, blen, f_rng, p_rng ) );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
@@ -617,7 +632,8 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_public( ctx, buf, blen ) );
+            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
+                                                 buf, blen ) );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
@@ -703,7 +719,8 @@
     {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_calc_secret( ctx, olen, buf, blen, f_rng, p_rng ) );
+            return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
+                                                 buf, blen, f_rng, p_rng ) );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
             return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
commit	4936beb5136e26271247de49588045f71f740806	[log] [tgz]
author	Christoph M. Wintersteiger <cwinter@microsoft.com>	Wed Dec 12 17:26:41 2018 +0000
committer	Janos Follath <janos.follath@arm.com>	Mon Aug 19 13:36:44 2019 +0100
tree	d02198ba0c3e230450fe220ad262921dd6599133
parent	48d26c21c61c3f0e1c4ca38035366f8ae968401b [diff]