PolarSSL v1.3.1
ecdh.c
Go to the documentation of this file.
1 /*
2  * Elliptic curve Diffie-Hellman
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
26 /*
27  * References:
28  *
29  * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
30  * RFC 4492
31  */
32 
33 #include "polarssl/config.h"
34 
35 #if defined(POLARSSL_ECDH_C)
36 
37 #include "polarssl/ecdh.h"
38 
39 /*
40  * Generate public key: simple wrapper around ecp_gen_keypair
41  */
42 int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
43  int (*f_rng)(void *, unsigned char *, size_t),
44  void *p_rng )
45 {
46  return ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
47 }
48 
49 /*
50  * Compute shared secret (SEC1 3.3.1)
51  */
52 int ecdh_compute_shared( ecp_group *grp, mpi *z,
53  const ecp_point *Q, const mpi *d,
54  int (*f_rng)(void *, unsigned char *, size_t),
55  void *p_rng )
56 {
57  int ret;
58  ecp_point P;
59 
60  ecp_point_init( &P );
61 
62  /*
63  * Make sure Q is a valid pubkey before using it
64  */
65  MPI_CHK( ecp_check_pubkey( grp, Q ) );
66 
67  MPI_CHK( ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
68 
69  if( ecp_is_zero( &P ) )
70  {
72  goto cleanup;
73  }
74 
75  MPI_CHK( mpi_copy( z, &P.X ) );
76 
77 cleanup:
78  ecp_point_free( &P );
79 
80  return( ret );
81 }
82 
83 /*
84  * Initialize context
85  */
86 void ecdh_init( ecdh_context *ctx )
87 {
88  memset( ctx, 0, sizeof( ecdh_context ) );
89 }
90 
91 /*
92  * Free context
93  */
94 void ecdh_free( ecdh_context *ctx )
95 {
96  if( ctx == NULL )
97  return;
98 
99  ecp_group_free( &ctx->grp );
100  mpi_free ( &ctx->d );
101  ecp_point_free( &ctx->Q );
102  ecp_point_free( &ctx->Qp );
103  mpi_free ( &ctx->z );
104  ecp_point_free( &ctx->Vi );
105  ecp_point_free( &ctx->Vf );
106  mpi_free ( &ctx->_d );
107 }
108 
109 /*
110  * Setup and write the ServerKeyExhange parameters (RFC 4492)
111  * struct {
112  * ECParameters curve_params;
113  * ECPoint public;
114  * } ServerECDHParams;
115  */
116 int ecdh_make_params( ecdh_context *ctx, size_t *olen,
117  unsigned char *buf, size_t blen,
118  int (*f_rng)(void *, unsigned char *, size_t),
119  void *p_rng )
120 {
121  int ret;
122  size_t grp_len, pt_len;
123 
124  if( ctx == NULL || ctx->grp.pbits == 0 )
126 
127  if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
128  != 0 )
129  return( ret );
130 
131  if( ( ret = ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
132  != 0 )
133  return( ret );
134 
135  buf += grp_len;
136  blen -= grp_len;
137 
138  if( ( ret = ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
139  &pt_len, buf, blen ) ) != 0 )
140  return( ret );
141 
142  *olen = grp_len + pt_len;
143  return 0;
144 }
145 
146 /*
147  * Read the ServerKeyExhange parameters (RFC 4492)
148  * struct {
149  * ECParameters curve_params;
150  * ECPoint public;
151  * } ServerECDHParams;
152  */
154  const unsigned char **buf, const unsigned char *end )
155 {
156  int ret;
157 
158  if( ( ret = ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
159  return( ret );
160 
161  if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
162  != 0 )
163  return( ret );
164 
165  return 0;
166 }
167 
168 /*
169  * Setup and export the client public value
170  */
171 int ecdh_make_public( ecdh_context *ctx, size_t *olen,
172  unsigned char *buf, size_t blen,
173  int (*f_rng)(void *, unsigned char *, size_t),
174  void *p_rng )
175 {
176  int ret;
177 
178  if( ctx == NULL || ctx->grp.pbits == 0 )
180 
181  if( ( ret = ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
182  != 0 )
183  return( ret );
184 
185  return ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
186  olen, buf, blen );
187 }
188 
189 /*
190  * Parse and import the client's public value
191  */
193  const unsigned char *buf, size_t blen )
194 {
195  if( ctx == NULL )
197 
198  return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
199 }
200 
201 /*
202  * Derive and export the shared secret
203  */
204 int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
205  unsigned char *buf, size_t blen,
206  int (*f_rng)(void *, unsigned char *, size_t),
207  void *p_rng )
208 {
209  int ret;
210 
211  if( ctx == NULL )
213 
214  if( ( ret = ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
215  f_rng, p_rng ) ) != 0 )
216  {
217  return( ret );
218  }
219 
220  if( mpi_size( &ctx->z ) > blen )
222 
223  *olen = ctx->grp.nbits / 8 + ( ( ctx->grp.nbits % 8 ) != 0 );
224  return mpi_write_binary( &ctx->z, buf, *olen );
225 }
226 
227 
228 #if defined(POLARSSL_SELF_TEST)
229 
230 /*
231  * Checkup routine
232  */
233 int ecdh_self_test( int verbose )
234 {
235  return( verbose++ );
236 }
237 
238 #endif
239 
240 #endif /* defined(POLARSSL_ECDH_C) */