search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
text
[RRG-proxmark3.git] / common / mbedtls / ecdh.c
blob71c8f1aa20586ba7c2cc841b05e2e11ac3f10b7e
1 /*
2 * Elliptic curve Diffie-Hellman
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 /*
21 * References:
22 *
23 * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
24 * RFC 4492
25 */
26
27 #include "common.h"
28
29 #if defined(MBEDTLS_ECDH_C)
30
31 #include "mbedtls/ecdh.h"
32 #include "mbedtls/platform_util.h"
33 #include "mbedtls/error.h"
34
35 #include <string.h>
36
37 /* Parameter validation macros based on platform_util.h */
38 #define ECDH_VALIDATE_RET( cond ) \
39 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
40 #define ECDH_VALIDATE( cond ) \
41 MBEDTLS_INTERNAL_VALIDATE( cond )
42
43 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
44 typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
45 #endif
46
47 static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
48 const mbedtls_ecdh_context *ctx) {
49 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
50 return (ctx->grp.id);
51 #else
52 return (ctx->grp_id);
53 #endif
54 }
55
56 int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid) {
57 /* At this time, all groups support ECDH. */
58 (void) gid;
59 return (1);
60 }
61
62 #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
63 /*
64 * Generate public key (restartable version)
65 *
66 * Note: this internal function relies on its caller preserving the value of
67 * the output parameter 'd' across continuation calls. This would not be
68 * acceptable for a public function but is OK here as we control call sites.
69 */
70 static int ecdh_gen_public_restartable(mbedtls_ecp_group *grp,
71 mbedtls_mpi *d, mbedtls_ecp_point *Q,
72 int (*f_rng)(void *, unsigned char *, size_t),
73 void *p_rng,
74 mbedtls_ecp_restart_ctx *rs_ctx) {
75 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
76
77 /* If multiplication is in progress, we already generated a privkey */
78 #if defined(MBEDTLS_ECP_RESTARTABLE)
79 if (rs_ctx == NULL || rs_ctx->rsm == NULL)
80 #endif
81 MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
82
83 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
84 f_rng, p_rng, rs_ctx));
85
86 cleanup:
87 return (ret);
88 }
89
90 /*
91 * Generate public key
92 */
93 int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
94 int (*f_rng)(void *, unsigned char *, size_t),
95 void *p_rng) {
96 ECDH_VALIDATE_RET(grp != NULL);
97 ECDH_VALIDATE_RET(d != NULL);
98 ECDH_VALIDATE_RET(Q != NULL);
99 ECDH_VALIDATE_RET(f_rng != NULL);
100 return (ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL));
101 }
102 #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
103
104 #if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
105 /*
106 * Compute shared secret (SEC1 3.3.1)
107 */
108 static int ecdh_compute_shared_restartable(mbedtls_ecp_group *grp,
109 mbedtls_mpi *z,
110 const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
111 int (*f_rng)(void *, unsigned char *, size_t),
112 void *p_rng,
113 mbedtls_ecp_restart_ctx *rs_ctx) {
114 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
115 mbedtls_ecp_point P;
116
117 mbedtls_ecp_point_init(&P);
118
119 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
120 f_rng, p_rng, rs_ctx));
121
122 if (mbedtls_ecp_is_zero(&P)) {
123 ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
124 goto cleanup;
125 }
126
127 MBEDTLS_MPI_CHK(mbedtls_mpi_copy(z, &P.X));
128
129 cleanup:
130 mbedtls_ecp_point_free(&P);
131
132 return (ret);
133 }
134
135 /*
136 * Compute shared secret (SEC1 3.3.1)
137 */
138 int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z,
139 const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
140 int (*f_rng)(void *, unsigned char *, size_t),
141 void *p_rng) {
142 ECDH_VALIDATE_RET(grp != NULL);
143 ECDH_VALIDATE_RET(Q != NULL);
144 ECDH_VALIDATE_RET(d != NULL);
145 ECDH_VALIDATE_RET(z != NULL);
146 return (ecdh_compute_shared_restartable(grp, z, Q, d,
147 f_rng, p_rng, NULL));
148 }
149 #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
150
151 static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) {
152 mbedtls_ecp_group_init(&ctx->grp);
153 mbedtls_mpi_init(&ctx->d);
154 mbedtls_ecp_point_init(&ctx->Q);
155 mbedtls_ecp_point_init(&ctx->Qp);
156 mbedtls_mpi_init(&ctx->z);
157
158 #if defined(MBEDTLS_ECP_RESTARTABLE)
159 mbedtls_ecp_restart_init(&ctx->rs);
160 #endif
161 }
162
163 /*
164 * Initialize context
165 */
166 void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) {
167 ECDH_VALIDATE(ctx != NULL);
168
169 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
170 ecdh_init_internal(ctx);
171 mbedtls_ecp_point_init(&ctx->Vi);
172 mbedtls_ecp_point_init(&ctx->Vf);
173 mbedtls_mpi_init(&ctx->_d);
174 #else
175 memset(ctx, 0, sizeof(mbedtls_ecdh_context));
176
177 ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
178 #endif
179 ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
180 #if defined(MBEDTLS_ECP_RESTARTABLE)
181 ctx->restart_enabled = 0;
182 #endif
183 }
184
185 static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx,
186 mbedtls_ecp_group_id grp_id) {
187 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
188
189 ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
190 if (ret != 0) {
191 return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE);
192 }
193
194 return (0);
195 }
196
197 /*
198 * Setup context
199 */
200 int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id) {
201 ECDH_VALIDATE_RET(ctx != NULL);
202
203 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
204 return (ecdh_setup_internal(ctx, grp_id));
205 #else
206 switch (grp_id) {
207 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
208 case MBEDTLS_ECP_DP_CURVE25519:
209 ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
210 ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
211 ctx->grp_id = grp_id;
212 return (mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id));
213 #endif
214 default:
215 ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
216 ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
217 ctx->grp_id = grp_id;
218 ecdh_init_internal(&ctx->ctx.mbed_ecdh);
219 return (ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id));
220 }
221 #endif
222 }
223
224 static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx) {
225 mbedtls_ecp_group_free(&ctx->grp);
226 mbedtls_mpi_free(&ctx->d);
227 mbedtls_ecp_point_free(&ctx->Q);
228 mbedtls_ecp_point_free(&ctx->Qp);
229 mbedtls_mpi_free(&ctx->z);
230
231 #if defined(MBEDTLS_ECP_RESTARTABLE)
232 mbedtls_ecp_restart_free(&ctx->rs);
233 #endif
234 }
235
236 #if defined(MBEDTLS_ECP_RESTARTABLE)
237 /*
238 * Enable restartable operations for context
239 */
240 void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx) {
241 ECDH_VALIDATE(ctx != NULL);
242
243 ctx->restart_enabled = 1;
244 }
245 #endif
246
247 /*
248 * Free context
249 */
250 void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) {
251 if (ctx == NULL)
252 return;
253
254 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
255 mbedtls_ecp_point_free(&ctx->Vi);
256 mbedtls_ecp_point_free(&ctx->Vf);
257 mbedtls_mpi_free(&ctx->_d);
258 ecdh_free_internal(ctx);
259 #else
260 switch (ctx->var) {
261 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
262 case MBEDTLS_ECDH_VARIANT_EVEREST:
263 mbedtls_everest_free(&ctx->ctx.everest_ecdh);
264 break;
265 #endif
266 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
267 ecdh_free_internal(&ctx->ctx.mbed_ecdh);
268 break;
269 default:
270 break;
271 }
272
273 ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
274 ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
275 ctx->grp_id = MBEDTLS_ECP_DP_NONE;
276 #endif
277 }
278
279 static int ecdh_make_params_internal(mbedtls_ecdh_context_mbed *ctx,
280 size_t *olen, int point_format,
281 unsigned char *buf, size_t blen,
282 int (*f_rng)(void *,
283 unsigned char *,
284 size_t),
285 void *p_rng,
286 int restart_enabled) {
287 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
288 size_t grp_len, pt_len;
289 #if defined(MBEDTLS_ECP_RESTARTABLE)
290 mbedtls_ecp_restart_ctx *rs_ctx = NULL;
291 #endif
292
293 if (ctx->grp.pbits == 0)
294 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
295
296 #if defined(MBEDTLS_ECP_RESTARTABLE)
297 if (restart_enabled)
298 rs_ctx = &ctx->rs;
299 #else
300 (void) restart_enabled;
301 #endif
302
303
304 #if defined(MBEDTLS_ECP_RESTARTABLE)
305 if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
306 f_rng, p_rng, rs_ctx)) != 0)
307 return (ret);
308 #else
309 if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
310 f_rng, p_rng)) != 0)
311 return (ret);
312 #endif /* MBEDTLS_ECP_RESTARTABLE */
313
314 if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
315 blen)) != 0)
316 return (ret);
317
318 buf += grp_len;
319 blen -= grp_len;
320
321 if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
322 &pt_len, buf, blen)) != 0)
323 return (ret);
324
325 *olen = grp_len + pt_len;
326 return (0);
327 }
328
329 /*
330 * Setup and write the ServerKeyExchange parameters (RFC 4492)
331 * struct {
332 * ECParameters curve_params;
333 * ECPoint public;
334 * } ServerECDHParams;
335 */
336 int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen,
337 unsigned char *buf, size_t blen,
338 int (*f_rng)(void *, unsigned char *, size_t),
339 void *p_rng) {
340 int restart_enabled = 0;
341 ECDH_VALIDATE_RET(ctx != NULL);
342 ECDH_VALIDATE_RET(olen != NULL);
343 ECDH_VALIDATE_RET(buf != NULL);
344 ECDH_VALIDATE_RET(f_rng != NULL);
345
346 #if defined(MBEDTLS_ECP_RESTARTABLE)
347 restart_enabled = ctx->restart_enabled;
348 #else
349 (void) restart_enabled;
350 #endif
351
352 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
353 return (ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
354 f_rng, p_rng, restart_enabled));
355 #else
356 switch (ctx->var) {
357 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
358 case MBEDTLS_ECDH_VARIANT_EVEREST:
359 return (mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
360 buf, blen, f_rng, p_rng));
361 #endif
362 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
363 return (ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
364 ctx->point_format, buf, blen,
365 f_rng, p_rng,
366 restart_enabled));
367 default:
368 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
369 }
370 #endif
371 }
372
373 static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx,
374 const unsigned char **buf,
375 const unsigned char *end) {
376 return (mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
377 end - *buf));
378 }
379
380 /*
381 * Read the ServerKeyExhange parameters (RFC 4492)
382 * struct {
383 * ECParameters curve_params;
384 * ECPoint public;
385 * } ServerECDHParams;
386 */
387 int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
388 const unsigned char **buf,
389 const unsigned char *end) {
390 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
391 mbedtls_ecp_group_id grp_id;
392 ECDH_VALIDATE_RET(ctx != NULL);
393 ECDH_VALIDATE_RET(buf != NULL);
394 ECDH_VALIDATE_RET(*buf != NULL);
395 ECDH_VALIDATE_RET(end != NULL);
396
397 if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
398 != 0)
399 return (ret);
400
401 if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0)
402 return (ret);
403
404 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
405 return (ecdh_read_params_internal(ctx, buf, end));
406 #else
407 switch (ctx->var) {
408 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
409 case MBEDTLS_ECDH_VARIANT_EVEREST:
410 return (mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
411 buf, end));
412 #endif
413 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
414 return (ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
415 buf, end));
416 default:
417 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
418 }
419 #endif
420 }
421
422 static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx,
423 const mbedtls_ecp_keypair *key,
424 mbedtls_ecdh_side side) {
425 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
426
427 /* If it's not our key, just import the public part as Qp */
428 if (side == MBEDTLS_ECDH_THEIRS)
429 return (mbedtls_ecp_copy(&ctx->Qp, &key->Q));
430
431 /* Our key: import public (as Q) and private parts */
432 if (side != MBEDTLS_ECDH_OURS)
433 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
434
435 if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
436 (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0)
437 return (ret);
438
439 return (0);
440 }
441
442 /*
443 * Get parameters from a keypair
444 */
445 int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
446 const mbedtls_ecp_keypair *key,
447 mbedtls_ecdh_side side) {
448 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
449 ECDH_VALIDATE_RET(ctx != NULL);
450 ECDH_VALIDATE_RET(key != NULL);
451 ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS ||
452 side == MBEDTLS_ECDH_THEIRS);
453
454 if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
455 /* This is the first call to get_params(). Set up the context
456 * for use with the group. */
457 if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0)
458 return (ret);
459 } else {
460 /* This is not the first call to get_params(). Check that the
461 * current key's group is the same as the context's, which was set
462 * from the first key's group. */
463 if (mbedtls_ecdh_grp_id(ctx) != key->grp.id)
464 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
465 }
466
467 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
468 return (ecdh_get_params_internal(ctx, key, side));
469 #else
470 switch (ctx->var) {
471 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
472 case MBEDTLS_ECDH_VARIANT_EVEREST: {
473 mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
474 MBEDTLS_EVEREST_ECDH_OURS :
475 MBEDTLS_EVEREST_ECDH_THEIRS;
476 return (mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
477 key, s));
478 }
479 #endif
480 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
481 return (ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
482 key, side));
483 default:
484 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
485 }
486 #endif
487 }
488
489 static int ecdh_make_public_internal(mbedtls_ecdh_context_mbed *ctx,
490 size_t *olen, int point_format,
491 unsigned char *buf, size_t blen,
492 int (*f_rng)(void *,
493 unsigned char *,
494 size_t),
495 void *p_rng,
496 int restart_enabled) {
497 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
498 #if defined(MBEDTLS_ECP_RESTARTABLE)
499 mbedtls_ecp_restart_ctx *rs_ctx = NULL;
500 #endif
501
502 if (ctx->grp.pbits == 0)
503 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
504
505 #if defined(MBEDTLS_ECP_RESTARTABLE)
506 if (restart_enabled)
507 rs_ctx = &ctx->rs;
508 #else
509 (void) restart_enabled;
510 #endif
511
512 #if defined(MBEDTLS_ECP_RESTARTABLE)
513 if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
514 f_rng, p_rng, rs_ctx)) != 0)
515 return (ret);
516 #else
517 if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
518 f_rng, p_rng)) != 0)
519 return (ret);
520 #endif /* MBEDTLS_ECP_RESTARTABLE */
521
522 return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
523 buf, blen);
524 }
525
526 /*
527 * Setup and export the client public value
528 */
529 int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen,
530 unsigned char *buf, size_t blen,
531 int (*f_rng)(void *, unsigned char *, size_t),
532 void *p_rng) {
533 int restart_enabled = 0;
534 ECDH_VALIDATE_RET(ctx != NULL);
535 ECDH_VALIDATE_RET(olen != NULL);
536 ECDH_VALIDATE_RET(buf != NULL);
537 ECDH_VALIDATE_RET(f_rng != NULL);
538
539 #if defined(MBEDTLS_ECP_RESTARTABLE)
540 restart_enabled = ctx->restart_enabled;
541 #endif
542
543 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
544 return (ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
545 f_rng, p_rng, restart_enabled));
546 #else
547 switch (ctx->var) {
548 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
549 case MBEDTLS_ECDH_VARIANT_EVEREST:
550 return (mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
551 buf, blen, f_rng, p_rng));
552 #endif
553 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
554 return (ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
555 ctx->point_format, buf, blen,
556 f_rng, p_rng,
557 restart_enabled));
558 default:
559 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
560 }
561 #endif
562 }
563
564 static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx,
565 const unsigned char *buf, size_t blen) {
566 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
567 const unsigned char *p = buf;
568
569 if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
570 blen)) != 0)
571 return (ret);
572
573 if ((size_t)(p - buf) != blen)
574 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
575
576 return (0);
577 }
578
579 /*
580 * Parse and import the client's public value
581 */
582 int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
583 const unsigned char *buf, size_t blen) {
584 ECDH_VALIDATE_RET(ctx != NULL);
585 ECDH_VALIDATE_RET(buf != NULL);
586
587 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
588 return (ecdh_read_public_internal(ctx, buf, blen));
589 #else
590 switch (ctx->var) {
591 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
592 case MBEDTLS_ECDH_VARIANT_EVEREST:
593 return (mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
594 buf, blen));
595 #endif
596 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
597 return (ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
598 buf, blen));
599 default:
600 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
601 }
602 #endif
603 }
604
605 static int ecdh_calc_secret_internal(mbedtls_ecdh_context_mbed *ctx,
606 size_t *olen, unsigned char *buf,
607 size_t blen,
608 int (*f_rng)(void *,
609 unsigned char *,
610 size_t),
611 void *p_rng,
612 int restart_enabled) {
613 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
614 #if defined(MBEDTLS_ECP_RESTARTABLE)
615 mbedtls_ecp_restart_ctx *rs_ctx = NULL;
616 #endif
617
618 if (ctx == NULL || ctx->grp.pbits == 0)
619 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
620
621 #if defined(MBEDTLS_ECP_RESTARTABLE)
622 if (restart_enabled)
623 rs_ctx = &ctx->rs;
624 #else
625 (void) restart_enabled;
626 #endif
627
628 #if defined(MBEDTLS_ECP_RESTARTABLE)
629 if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
630 &ctx->d, f_rng, p_rng,
631 rs_ctx)) != 0) {
632 return (ret);
633 }
634 #else
635 if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
636 &ctx->d, f_rng, p_rng)) != 0) {
637 return (ret);
638 }
639 #endif /* MBEDTLS_ECP_RESTARTABLE */
640
641 if (mbedtls_mpi_size(&ctx->z) > blen)
642 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
643
644 *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
645
646 if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY)
647 return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
648
649 return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
650 }
651
652 /*
653 * Derive and export the shared secret
654 */
655 int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen,
656 unsigned char *buf, size_t blen,
657 int (*f_rng)(void *, unsigned char *, size_t),
658 void *p_rng) {
659 int restart_enabled = 0;
660 ECDH_VALIDATE_RET(ctx != NULL);
661 ECDH_VALIDATE_RET(olen != NULL);
662 ECDH_VALIDATE_RET(buf != NULL);
663
664 #if defined(MBEDTLS_ECP_RESTARTABLE)
665 restart_enabled = ctx->restart_enabled;
666 #endif
667
668 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
669 return (ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
670 restart_enabled));
671 #else
672 switch (ctx->var) {
673 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
674 case MBEDTLS_ECDH_VARIANT_EVEREST:
675 return (mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
676 buf, blen, f_rng, p_rng));
677 #endif
678 case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
679 return (ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
680 blen, f_rng, p_rng,
681 restart_enabled));
682 default:
683 return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
684 }
685 #endif
686 }
687
688 #endif /* MBEDTLS_ECDH_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware