TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 41ad0824840484c4e1613ac342ce963590eb1156 / . / include / mbedtls / dhm.h
blob: b1750f1d462eb0d6d8173eb8c1fb04b3438f9a78 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file dhm.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]4 * \brief Diffie-Hellman-Merkle key exchange.
5 *
6 * <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
7 * Internet Key Exchange (IKE)</em> defines a number of standardized
8 * Diffie-Hellman groups for IKE.
9 *
10 * <em>RFC-5114: Additional Diffie-Hellman Groups for Use with IETF
11 * Standards</em> defines a number of standardized Diffie-Hellman
12 * groups that can be used.
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]13 */
14/*
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]15 * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]16 * SPDX-License-Identifier: Apache-2.0
17 *
18 * Licensed under the Apache License, Version 2.0 (the "License"); you may
19 * not use this file except in compliance with the License.
20 * You may obtain a copy of the License at
21 *
22 * http://www.apache.org/licenses/LICENSE-2.0
23 *
24 * Unless required by applicable law or agreed to in writing, software
25 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
26 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
27 * See the License for the specific language governing permissions and
28 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]29 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]30 * This file is part of Mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31 */
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#ifndef MBEDTLS_DHM_H
34#define MBEDTLS_DHM_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Reuven Levin1f35ca92017-12-07 10:09:32 +0000[diff] [blame]36#if !defined(MBEDTLS_CONFIG_FILE)
37#include "config.h"
38#else
39#include MBEDTLS_CONFIG_FILE
40#endif
Paul Bakker314052f2011-08-15 09:07:52 +0000[diff] [blame]41#include "bignum.h"
Reuven Levin1f35ca92017-12-07 10:09:32 +0000[diff] [blame]42#if !defined(MBEDTLS_DHM_ALT)
43
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]44/*
45 * DHM Error codes
46 */
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]47#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Bad input parameters. */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Reading of the DHM parameters failed. */
49#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Making of the DHM parameters failed. */
50#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Reading of the public values failed. */
51#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
52#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
53#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]54#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]55#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */
Gilles Peskine7ecab3d2018-01-26 17:56:38 +0100[diff] [blame]56#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]57
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]58
59 /* The following lists the source of the above groups in the standards:
60 * - RFC-3526 section 3: 2048-bit MODP Group
61 * - RFC-3526 section 4: 3072-bit MODP Group
62 * - RFC-3526 section 5: 4096-bit MODP Group
63 * - RFC-5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup
64 * .
65 */
66
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]67/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]68 * The hexadecimal presentation of the prime underlying the 2048-bit MODP
69 * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
70 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]71 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72#define MBEDTLS_DHM_RFC3526_MODP_2048_P \
Paul Bakkerda7e3f22012-09-28 07:18:17 +0000[diff] [blame]73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
83 "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
84
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]85/**
86 * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
87 * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
88 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
89 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90#define MBEDTLS_DHM_RFC3526_MODP_2048_G "02"
Paul Bakkerda7e3f22012-09-28 07:18:17 +0000[diff] [blame]91
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]92/**
93 * The hexadecimal presentation of the prime underlying the 3072-bit MODP
94 * Group, as defined in <em>RFC-3072: More Modular Exponential (MODP)
95 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
96 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97#define MBEDTLS_DHM_RFC3526_MODP_3072_P \
Paul Bakkerda7e3f22012-09-28 07:18:17 +0000[diff] [blame]98 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
99 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
100 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
101 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
102 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
103 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
104 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
105 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
106 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
107 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
108 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
109 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
110 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
111 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
112 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
113 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
114
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]115/**
116 * The hexadecimal presentation of the chosen generator of the 3072-bit MODP
117 * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
118 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
119 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120#define MBEDTLS_DHM_RFC3526_MODP_3072_G "02"
Paul Bakkerda7e3f22012-09-28 07:18:17 +0000[diff] [blame]121
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]122/**
123 * The hexadecimal presentation of the prime underlying the 4096-bit MODP
124 * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
125 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
126 */
Manuel Pégourié-Gonnard78931032015-07-03 17:06:39 +0200[diff] [blame]127#define MBEDTLS_DHM_RFC3526_MODP_4096_P \
128 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
129 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
130 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
131 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
132 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
133 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
134 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
135 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
136 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
137 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
138 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
139 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
140 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
141 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
142 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
143 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
144 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
145 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
146 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
147 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
148 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
149 "FFFFFFFFFFFFFFFF"
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]150
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]151/**
152 * The hexadecimal presentation of the chosen generator of the 4096-bit MODP
153 * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
154 * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
155 */
Manuel Pégourié-Gonnard78931032015-07-03 17:06:39 +0200[diff] [blame]156#define MBEDTLS_DHM_RFC3526_MODP_4096_G "02"
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]157
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]158/**
159 * The hexadecimal presentation of the prime underlying the
160 * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined
161 * in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
162 * IETF Standards</em>.
163 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]164#define MBEDTLS_DHM_RFC5114_MODP_2048_P \
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]165 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
166 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
167 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
168 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
169 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
170 "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
171 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
172 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
173 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
174 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
Paul Bakkera864f2e2012-09-26 08:29:20 +0000[diff] [blame]175 "CF9DE5384E71B81C0AC4DFFE0C10E64F"
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]176
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]177/**
178 * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
179 * Group with 224-bit Prime Order Subgroup, as defined in <em>RFC-5114:
180 * Additional Diffie-Hellman Groups for Use with IETF Standards</em>.
181 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]182#define MBEDTLS_DHM_RFC5114_MODP_2048_G \
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]183 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
184 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
185 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
186 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
187 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
188 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
189 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
190 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
191 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
192 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
Paul Bakkera864f2e2012-09-26 08:29:20 +0000[diff] [blame]193 "81BC087F2A7065B384B890D3191F2BFA"
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]194
Paul Bakker407a0da2013-06-27 14:29:21 +0200[diff] [blame]195#ifdef __cplusplus
196extern "C" {
197#endif
198
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]199/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]200 * \brief The DHM context structure.
Paul Bakkerf3b86c12011-01-27 15:24:17 +0000[diff] [blame]201 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]202typedef struct
203{
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]204 size_t len; /*!< The size of \p P in Bytes. */
205 mbedtls_mpi P; /*!< The prime modulus. */
206 mbedtls_mpi G; /*!< The generator. */
207 mbedtls_mpi X; /*!< Our secret value. */
208 mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */
209 mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */
210 mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */
211 mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */
212 mbedtls_mpi Vi; /*!< The blinding value. */
213 mbedtls_mpi Vf; /*!< The unblinding value. */
214 mbedtls_mpi pX; /*!< The previous \c X. */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]215}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]216mbedtls_dhm_context;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]217
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]218/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]219 * \brief This function initializes the DHM context.
Paul Bakker8f870b02014-06-20 13:32:38 +0200[diff] [blame]220 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]221 * \param ctx The DHM context to initialize.
Paul Bakker8f870b02014-06-20 13:32:38 +0200[diff] [blame]222 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]223void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
Paul Bakker8f870b02014-06-20 13:32:38 +0200[diff] [blame]224
225/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]226 * \brief This function parses the ServerKeyExchange parameters.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]227 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]228 * \param ctx The DHM context.
229 * \param p The start of the input buffer.
230 * \param end The end of the input buffer.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]231 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]232 * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
233 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]234 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]235int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]236 unsigned char **p,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]237 const unsigned char *end );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]238
239/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]240 * \brief This function sets up and writes the ServerKeyExchange
241 * parameters.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]242 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]243 * \param ctx The DHM context.
244 * \param x_size The private value size in Bytes.
245 * \param olen The number of characters written.
246 * \param output The destination buffer.
247 * \param f_rng The RNG function.
248 * \param p_rng The RNG parameter.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]249 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]250 * \note This function assumes that the \c ctx->P and \c ctx->G have
251 * already been properly set, for example, using
252 * mbedtls_mpi_read_string() or mbedtls_mpi_read_binary().
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]254 * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
255 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]257int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]258 unsigned char *output, size_t *olen,
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]259 int (*f_rng)(void *, unsigned char *, size_t),
260 void *p_rng );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]261
262/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]263 * \brief This function imports the public value G^Y of the peer.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]264 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]265 * \param ctx The DHM context.
266 * \param input The input buffer.
267 * \param ilen The size of the input buffer.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]268 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]269 * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
270 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]272int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]273 const unsigned char *input, size_t ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274
275/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]276 * \brief This function creates its own private value \c X and
277 * exports \c G^X.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]278 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]279 * \param ctx The DHM context.
280 * \param x_size The private value size in Bytes.
281 * \param output The destination buffer.
282 * \param olen The length of the destination buffer. Must be at least
283 equal to ctx->len (the size of \c P).
284 * \param f_rng The RNG function.
285 * \param p_rng The RNG parameter.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]286 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]287 * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
288 * on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]289 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]290int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]291 unsigned char *output, size_t olen,
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]292 int (*f_rng)(void *, unsigned char *, size_t),
293 void *p_rng );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294
295/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]296 * \brief This function derives and exports the shared secret
297 * \c (G^Y)^X mod \c P.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]299 * \param ctx The DHM context.
300 * \param output The destination buffer.
301 * \param output_size The size of the destination buffer.
302 * \param olen On exit, holds the actual number of Bytes written.
303 * \param f_rng The RNG function, for blinding purposes.
304 * \param p_rng The RNG parameter.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]305 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]306 * \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
307 * on failure.
Manuel Pégourié-Gonnard143b5022013-09-04 16:29:59 +0200[diff] [blame]308 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]309 * \note If non-NULL, \p f_rng is used to blind the input as
310 * a countermeasure against timing attacks. Blinding is used
311 * only if our secret value \p X is re-used and omitted
312 * otherwise. Therefore, we recommend always passing a
313 * non-NULL \p f_rng argument.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]314 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]315int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
Manuel Pégourié-Gonnard33352052015-06-02 16:17:08 +0100[diff] [blame]316 unsigned char *output, size_t output_size, size_t *olen,
Manuel Pégourié-Gonnard2d627642013-09-04 14:22:07 +0200[diff] [blame]317 int (*f_rng)(void *, unsigned char *, size_t),
318 void *p_rng );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]319
Paul Bakker9a736322012-11-14 12:39:52 +0000[diff] [blame]320/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]321 * \brief This function frees and clears the components of a DHM key.
Paul Bakker8f870b02014-06-20 13:32:38 +0200[diff] [blame]322 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]323 * \param ctx The DHM context to free and clear.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]324 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]325void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]327#if defined(MBEDTLS_ASN1_PARSE_C)
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]328/** \ingroup x509_module */
329/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]330 * \brief This function parses DHM parameters in PEM or DER format.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]331 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]332 * \param dhm The DHM context to initialize.
333 * \param dhmin The input buffer.
334 * \param dhminlen The size of the buffer, including the terminating null
335 * Byte for PEM data.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]336 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]337 * \return \c 0 on success, or a specific DHM or PEM error code
338 * on failure.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]339 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]340int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]341 size_t dhminlen );
342
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]343#if defined(MBEDTLS_FS_IO)
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]344/** \ingroup x509_module */
345/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]346 * \brief This function loads and parses DHM parameters from a file.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]347 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]348 * \param dhm The DHM context to load the parameters to.
349 * \param path The filename to read the DHM parameters from.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]350 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]351 * \return \c 0 on success, or a specific DHM or PEM error code
352 * on failure.
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]353 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
355#endif /* MBEDTLS_FS_IO */
356#endif /* MBEDTLS_ASN1_PARSE_C */
nirekh01d569ecf2018-01-09 16:43:21 +0000[diff] [blame]357
358#ifdef __cplusplus
359}
360#endif
361
362#else /* MBEDTLS_DHM_ALT */
Reuven Levin1f35ca92017-12-07 10:09:32 +0000[diff] [blame]363#include "dhm_alt.h"
364#endif /* MBEDTLS_DHM_ALT */
Paul Bakker40ce79f2013-09-15 17:43:54 +0200[diff] [blame]365
nirekh01d569ecf2018-01-09 16:43:21 +0000[diff] [blame]366#ifdef __cplusplus
367extern "C" {
368#endif
369
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370/**
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]371 * \brief The DMH checkup routine.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372 *
Rose Zadik41ad0822018-01-26 10:54:57 +0000[diff] [blame^]373 * \return \c 0 on success, or \c 1 on failure.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]374 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]375int mbedtls_dhm_self_test( int verbose );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]376
377#ifdef __cplusplus
378}
379#endif
380
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]381#endif /* dhm.h */