mbed TLS v2.2.0
Data Structures | Enumerations | Functions
ecdh.h File Reference

Detailed Description

Elliptic curve Diffie-Hellman.

Copyright (C) 2006-2015, ARM Limited, All Rights Reserved SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Definition in file ecdh.h.

#include "ecp.h"
Include dependency graph for ecdh.h:

Go to the source code of this file.

Data Structures

struct  mbedtls_ecdh_context
 ECDH context structure. More...
 

Enumerations

enum  mbedtls_ecdh_side { MBEDTLS_ECDH_OURS, MBEDTLS_ECDH_THEIRS }
 When importing from an EC key, select if it is our key or the peer's key. More...
 

Functions

int mbedtls_ecdh_gen_public (mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Generate a public key. More...
 
int mbedtls_ecdh_compute_shared (mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Compute shared secret Raw function that only does the core computation. More...
 
void mbedtls_ecdh_init (mbedtls_ecdh_context *ctx)
 Initialize context. More...
 
void mbedtls_ecdh_free (mbedtls_ecdh_context *ctx)
 Free context. More...
 
int mbedtls_ecdh_make_params (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Generate a public key and a TLS ServerKeyExchange payload. More...
 
int mbedtls_ecdh_read_params (mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end)
 Parse and procress a TLS ServerKeyExhange payload. More...
 
int mbedtls_ecdh_get_params (mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side)
 Setup an ECDH context from an EC key. More...
 
int mbedtls_ecdh_make_public (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Generate a public key and a TLS ClientKeyExchange payload. More...
 
int mbedtls_ecdh_read_public (mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen)
 Parse and process a TLS ClientKeyExchange payload. More...
 
int mbedtls_ecdh_calc_secret (mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Derive and export the shared secret. More...
 

Enumeration Type Documentation

When importing from an EC key, select if it is our key or the peer's key.

Enumerator
MBEDTLS_ECDH_OURS 
MBEDTLS_ECDH_THEIRS 

Definition at line 35 of file ecdh.h.

Function Documentation

int mbedtls_ecdh_calc_secret ( mbedtls_ecdh_context ctx,
size_t *  olen,
unsigned char *  buf,
size_t  blen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Derive and export the shared secret.

(Last function used by both TLS client en servers.)

Parameters
ctxECDH context
olennumber of bytes written
bufdestination buffer
blenbuffer length
f_rngRNG function, see notes for mbedtls_ecdh_compute_shared()
p_rngRNG parameter
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
int mbedtls_ecdh_compute_shared ( mbedtls_ecp_group grp,
mbedtls_mpi z,
const mbedtls_ecp_point Q,
const mbedtls_mpi d,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Compute shared secret Raw function that only does the core computation.

Parameters
grpECP group
zDestination MPI (shared secret)
QPublic key from other party
dOur secret exponent (private key)
f_rngRNG function (see notes)
p_rngRNG parameter
Returns
0 if successful, or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
Note
If f_rng is not NULL, it is used to implement countermeasures against potential elaborate timing attacks, see mbedtls_ecp_mul() for details.
void mbedtls_ecdh_free ( mbedtls_ecdh_context ctx)

Free context.

Parameters
ctxContext to free
int mbedtls_ecdh_gen_public ( mbedtls_ecp_group grp,
mbedtls_mpi d,
mbedtls_ecp_point Q,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Generate a public key.

Raw function that only does the core computation.

Parameters
grpECP group
dDestination MPI (secret exponent, aka private key)
QDestination point (public key)
f_rngRNG function
p_rngRNG parameter
Returns
0 if successful, or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
int mbedtls_ecdh_get_params ( mbedtls_ecdh_context ctx,
const mbedtls_ecp_keypair key,
mbedtls_ecdh_side  side 
)

Setup an ECDH context from an EC key.

(Used by clients and servers in place of the ServerKeyEchange for static ECDH: import ECDH parameters from a certificate's EC key information.)

Parameters
ctxECDH constext to set
keyEC key to use
sideIs it our key (1) or the peer's key (0) ?
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
void mbedtls_ecdh_init ( mbedtls_ecdh_context ctx)

Initialize context.

Parameters
ctxContext to initialize
int mbedtls_ecdh_make_params ( mbedtls_ecdh_context ctx,
size_t *  olen,
unsigned char *  buf,
size_t  blen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Generate a public key and a TLS ServerKeyExchange payload.

(First function used by a TLS server for ECDHE.)

Parameters
ctxECDH context
olennumber of chars written
bufdestination buffer
blenlength of buffer
f_rngRNG function
p_rngRNG parameter
Note
This function assumes that ctx->grp has already been properly set (for example using mbedtls_ecp_group_load).
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
int mbedtls_ecdh_make_public ( mbedtls_ecdh_context ctx,
size_t *  olen,
unsigned char *  buf,
size_t  blen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Generate a public key and a TLS ClientKeyExchange payload.

(Second function used by a TLS client for ECDH(E).)

Parameters
ctxECDH context
olennumber of bytes actually written
bufdestination buffer
blensize of destination buffer
f_rngRNG function
p_rngRNG parameter
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
int mbedtls_ecdh_read_params ( mbedtls_ecdh_context ctx,
const unsigned char **  buf,
const unsigned char *  end 
)

Parse and procress a TLS ServerKeyExhange payload.

(First function used by a TLS client for ECDHE.)

Parameters
ctxECDH context
bufpointer to start of input buffer
endone past end of buffer
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
int mbedtls_ecdh_read_public ( mbedtls_ecdh_context ctx,
const unsigned char *  buf,
size_t  blen 
)

Parse and process a TLS ClientKeyExchange payload.

(Second function used by a TLS server for ECDH(E).)

Parameters
ctxECDH context
bufstart of input buffer
blenlength of input buffer
Returns
0 if successful, or an MBEDTLS_ERR_ECP_XXX error code