xref: /third_party/mbedtls/library/ecjpake.c

33 #define ID_MINE     (ecjpake_id[ctx->role])
34 #define ID_PEER     (ecjpake_id[1 - ctx->role])
50 void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
52     ctx->md_type = MBEDTLS_MD_NONE;
53     mbedtls_ecp_group_init(&ctx->grp);
54     ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
56     mbedtls_ecp_point_init(&ctx->Xm1);
57     mbedtls_ecp_point_init(&ctx->Xm2);
58     mbedtls_ecp_point_init(&ctx->Xp1);
59     mbedtls_ecp_point_init(&ctx->Xp2);
60     mbedtls_ecp_point_init(&ctx->Xp);
62     mbedtls_mpi_init(&ctx->xm1);
63     mbedtls_mpi_init(&ctx->xm2);
64     mbedtls_mpi_init(&ctx->s);
70 void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
72     if (ctx == NULL) {
76     ctx->md_type = MBEDTLS_MD_NONE;
77     mbedtls_ecp_group_free(&ctx->grp);
79     mbedtls_ecp_point_free(&ctx->Xm1);
80     mbedtls_ecp_point_free(&ctx->Xm2);
81     mbedtls_ecp_point_free(&ctx->Xp1);
82     mbedtls_ecp_point_free(&ctx->Xp2);
83     mbedtls_ecp_point_free(&ctx->Xp);
85     mbedtls_mpi_free(&ctx->xm1);
86     mbedtls_mpi_free(&ctx->xm2);
87     mbedtls_mpi_free(&ctx->s);
93 int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
106     ctx->role = role;
112     ctx->md_type = hash;
114     MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve));
116     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
120         mbedtls_ecjpake_free(ctx);
126 int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
132             ctx->point_format = point_format;
142 int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
144     if (ctx->md_type == MBEDTLS_MD_NONE ||
145         ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
146         ctx->s.p == NULL) {
516 int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
520     return ecjpake_kkpp_read(ctx->md_type, &ctx->grp, ctx->point_format,
521                              &ctx->grp.G,
522                              &ctx->Xp1, &ctx->Xp2, ID_PEER,
529 int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
534     return ecjpake_kkpp_write(ctx->md_type, &ctx->grp, ctx->point_format,
535                               &ctx->grp.G,
536                               &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
566 int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
585     MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
586                                      &ctx->Xm1, &ctx->Xm2, &ctx->Xp1));
594     if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
596         if (grp.id != ctx->grp.id) {
602     MBEDTLS_MPI_CHK(ecjpake_kkp_read(ctx->md_type, &ctx->grp,
603                                      ctx->point_format,
604                                      &G, &ctx->Xp, ID_PEER, &p, end));
652 int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
676     MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G,
677                                      &ctx->Xp1, &ctx->Xp2, &ctx->Xm1));
678     MBEDTLS_MPI_CHK(ecjpake_mul_secret(&xm, 1, &ctx->xm2, &ctx->s,
679                                        &ctx->grp.N, f_rng, p_rng));
680     MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &Xm, &xm, &G, f_rng, p_rng));
690     if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
695         MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len,
704     MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm,
705                                                 ctx->point_format, &ec_len, p, (size_t) (end - p)));
708     MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_type, &ctx->grp,
709                                       ctx->point_format,
726 static int mbedtls_ecjpake_derive_k(mbedtls_ecjpake_context *ctx,
744     MBEDTLS_MPI_CHK(ecjpake_mul_secret(&m_xm2_s, -1, &ctx->xm2, &ctx->s,
745                                        &ctx->grp.N, f_rng, p_rng));
746     MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(&ctx->grp, K,
747                                        &one, &ctx->Xp,
748                                        &m_xm2_s, &ctx->Xp2));
749     MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, K, &ctx->xm2, K,
759 int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
769     *olen = mbedtls_md_get_size_from_type(ctx->md_type);
776     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
782     x_bytes = (ctx->grp.pbits + 7) / 8;
784     MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(ctx->md_type,
793 int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx,
803     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
808     ret = mbedtls_ecp_point_write_binary(&ctx->grp, &K, ctx->point_format,
987 static int self_test_rng(void *ctx, unsigned char *out, size_t len)
991     (void) ctx;
1002 static int ecjpake_test_load(mbedtls_ecjpake_context *ctx,
1008     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1));
1009     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len2));
1010     MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm1, &ctx->xm1,
1011                                     &ctx->grp.G, self_test_rng, NULL));
1012     MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm2, &ctx->xm2,
1013                                     &ctx->grp.G, self_test_rng, NULL));

Indexes created Thu Nov 07 10:32:03 CST 2024