PolarSSL v1.3.4
ecdh.c
Go to the documentation of this file.
1 /*
2  * Elliptic curve Diffie-Hellman
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
26 /*
27  * References:
28  *
29  * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
30  * RFC 4492
31  */
32 
33 #include "polarssl/config.h"
34 
35 #if defined(POLARSSL_ECDH_C)
36 
37 #include "polarssl/ecdh.h"
38 
39 /*
40  * Generate public key: simple wrapper around ecp_gen_keypair
41  */
42 int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
43  int (*f_rng)(void *, unsigned char *, size_t),
44  void *p_rng )
45 {
46  return ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
47 }
48 
49 /*
50  * Compute shared secret (SEC1 3.3.1)
51  */
52 int ecdh_compute_shared( ecp_group *grp, mpi *z,
53  const ecp_point *Q, const mpi *d,
54  int (*f_rng)(void *, unsigned char *, size_t),
55  void *p_rng )
56 {
57  int ret;
58  ecp_point P;
59 
60  ecp_point_init( &P );
61 
62  /*
63  * Make sure Q is a valid pubkey before using it
64  */
65  MPI_CHK( ecp_check_pubkey( grp, Q ) );
66 
67  MPI_CHK( ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
68 
69  if( ecp_is_zero( &P ) )
70  {
72  goto cleanup;
73  }
74 
75  MPI_CHK( mpi_copy( z, &P.X ) );
76 
77 cleanup:
78  ecp_point_free( &P );
79 
80  return( ret );
81 }
82 
83 /*
84  * Initialize context
85  */
86 void ecdh_init( ecdh_context *ctx )
87 {
88  memset( ctx, 0, sizeof( ecdh_context ) );
89 }
90 
91 /*
92  * Free context
93  */
94 void ecdh_free( ecdh_context *ctx )
95 {
96  if( ctx == NULL )
97  return;
98 
99  ecp_group_free( &ctx->grp );
100  mpi_free ( &ctx->d );
101  ecp_point_free( &ctx->Q );
102  ecp_point_free( &ctx->Qp );
103  mpi_free ( &ctx->z );
104  ecp_point_free( &ctx->Vi );
105  ecp_point_free( &ctx->Vf );
106  mpi_free ( &ctx->_d );
107 }
108 
109 /*
110  * Setup and write the ServerKeyExhange parameters (RFC 4492)
111  * struct {
112  * ECParameters curve_params;
113  * ECPoint public;
114  * } ServerECDHParams;
115  */
116 int ecdh_make_params( ecdh_context *ctx, size_t *olen,
117  unsigned char *buf, size_t blen,
118  int (*f_rng)(void *, unsigned char *, size_t),
119  void *p_rng )
120 {
121  int ret;
122  size_t grp_len, pt_len;
123 
124  if( ctx == NULL || ctx->grp.pbits == 0 )
126 
127  if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
128  != 0 )
129  return( ret );
130 
131  if( ( ret = ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
132  != 0 )
133  return( ret );
134 
135  buf += grp_len;
136  blen -= grp_len;
137 
138  if( ( ret = ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
139  &pt_len, buf, blen ) ) != 0 )
140  return( ret );
141 
142  *olen = grp_len + pt_len;
143  return 0;
144 }
145 
146 /*
147  * Read the ServerKeyExhange parameters (RFC 4492)
148  * struct {
149  * ECParameters curve_params;
150  * ECPoint public;
151  * } ServerECDHParams;
152  */
154  const unsigned char **buf, const unsigned char *end )
155 {
156  int ret;
157 
158  if( ( ret = ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
159  return( ret );
160 
161  if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
162  != 0 )
163  return( ret );
164 
165  return 0;
166 }
167 
168 /*
169  * Get parameters from a keypair
170  */
171 int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
172  ecdh_side side )
173 {
174  int ret;
175 
176  if( ( ret = ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
177  return( ret );
178 
179  /* If it's not our key, just import the public part as Qp */
180  if( side == POLARSSL_ECDH_THEIRS )
181  return( ecp_copy( &ctx->Qp, &key->Q ) );
182 
183  /* Our key: import public (as Q) and private parts */
184  if( side != POLARSSL_ECDH_OURS )
186 
187  if( ( ret = ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
188  ( ret = mpi_copy( &ctx->d, &key->d ) ) != 0 )
189  return( ret );
190 
191  return( 0 );
192 }
193 
194 /*
195  * Setup and export the client public value
196  */
197 int ecdh_make_public( ecdh_context *ctx, size_t *olen,
198  unsigned char *buf, size_t blen,
199  int (*f_rng)(void *, unsigned char *, size_t),
200  void *p_rng )
201 {
202  int ret;
203 
204  if( ctx == NULL || ctx->grp.pbits == 0 )
206 
207  if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
208  != 0 )
209  return( ret );
210 
211  return ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
212  olen, buf, blen );
213 }
214 
215 /*
216  * Parse and import the client's public value
217  */
219  const unsigned char *buf, size_t blen )
220 {
221  if( ctx == NULL )
223 
224  return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
225 }
226 
227 /*
228  * Derive and export the shared secret
229  */
230 int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
231  unsigned char *buf, size_t blen,
232  int (*f_rng)(void *, unsigned char *, size_t),
233  void *p_rng )
234 {
235  int ret;
236 
237  if( ctx == NULL )
239 
240  if( ( ret = ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
241  f_rng, p_rng ) ) != 0 )
242  {
243  return( ret );
244  }
245 
246  if( mpi_size( &ctx->z ) > blen )
248 
249  *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
250  return mpi_write_binary( &ctx->z, buf, *olen );
251 }
252 
253 
254 #if defined(POLARSSL_SELF_TEST)
255 
256 /*
257  * Checkup routine
258  */
259 int ecdh_self_test( int verbose )
260 {
261  ((void) verbose );
262  return( 0 );
263 }
264 
265 #endif
266 
267 #endif /* defined(POLARSSL_ECDH_C) */
int ecdh_make_params(ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Setup and write the ServerKeyExhange parameters.
size_t pbits
Definition: ecp.h:140
int ecdh_make_public(ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Setup and export the client&#39;s public value.
#define POLARSSL_ERR_ECP_BAD_INPUT_DATA
Bad input parameters to function.
Definition: ecp.h:35
int ecp_group_copy(ecp_group *dst, const ecp_group *src)
Copy the contents of a group object.
int ecdh_calc_secret(ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive and export the shared secret.
int ecdh_read_public(ecdh_context *ctx, const unsigned char *buf, size_t blen)
Parse and import the client&#39;s public value.
ecp_point Vf
Definition: ecdh.h:57
ecp_group grp
Definition: ecp.h:161
int ecdh_compute_shared(ecp_group *grp, mpi *z, const ecp_point *Q, const mpi *d, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Compute shared secret.
int ecdh_gen_public(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a public key.
mpi _d
Definition: ecdh.h:58
ECP group structure.
Definition: ecp.h:132
Configuration options (set of defines)
int ecdh_get_params(ecdh_context *ctx, const ecp_keypair *key, ecdh_side side)
Setup an ECDH context from an EC key.
ECP key pair structure.
Definition: ecp.h:159
mpi d
Definition: ecp.h:162
MPI structure.
Definition: bignum.h:177
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
mpi d
Definition: ecdh.h:51
mpi X
Definition: ecp.h:105
ecp_point Qp
Definition: ecdh.h:53
ECP point structure (jacobian coordinates)
Definition: ecp.h:103
int point_format
Definition: ecdh.h:55
int ecp_is_zero(ecp_point *pt)
Tell if a point is zero.
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
void mpi_free(mpi *X)
Unallocate one MPI.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
ecdh_side
When importing from an EC key, select if it is our key or the peer&#39;s key.
Definition: ecdh.h:39
int ecp_tls_write_point(const ecp_group *grp, const ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
mpi z
Definition: ecdh.h:54
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
int ecdh_read_params(ecdh_context *ctx, const unsigned char **buf, const unsigned char *end)
Parse the ServerKeyExhange parameters.
Elliptic curve Diffie-Hellman.
ECDH context structure.
Definition: ecdh.h:48
int ecp_copy(ecp_point *P, const ecp_point *Q)
Copy the contents of point Q into P.
int ecp_tls_write_group(const ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
int mpi_write_binary(const mpi *X, unsigned char *buf, size_t buflen)
Export X into unsigned binary data, big endian.
int ecp_tls_read_group(ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
ecp_point Q
Definition: ecp.h:163
void ecdh_init(ecdh_context *ctx)
Initialize context.
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
ecp_point Vi
Definition: ecdh.h:56
int ecdh_self_test(int verbose)
Checkup routine.
void ecdh_free(ecdh_context *ctx)
Free context.
int ecp_tls_read_point(const ecp_group *grp, ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
ecp_group grp
Definition: ecdh.h:50
ecp_point Q
Definition: ecdh.h:52
#define MPI_CHK(f)
Definition: bignum.h:61
void ecp_point_free(ecp_point *pt)
Free the components of a point.