mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 14:05:28 +00:00
Merge branch 'development-proposed' into development-restricted-proposed
Resolve merge conflict in ecp.h, where `mbedtls_ecp_keypair` was moved.
This commit is contained in:
commit
8945343a51
|
@ -1,8 +1,11 @@
|
|||
/**
|
||||
* \file ccm.h
|
||||
*
|
||||
* \brief CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
* \brief This file provides an API for the CCM authenticated encryption
|
||||
* mode for block ciphers.
|
||||
*
|
||||
* CCM combines Counter mode encryption with CBC-MAC authentication
|
||||
* for 128-bit block ciphers.
|
||||
*
|
||||
* Input to CCM includes the following elements:
|
||||
* <ul><li>Payload - data that is both authenticated and encrypted.</li>
|
||||
|
@ -80,7 +83,8 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
|
|||
* \param key The encryption key.
|
||||
* \param keybits The key size in bits. This must be acceptable by the cipher.
|
||||
*
|
||||
* \return \c 0 on success, or a cipher-specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -98,6 +102,13 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
/**
|
||||
* \brief This function encrypts a buffer using CCM.
|
||||
*
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \param ctx The CCM context to use for encryption.
|
||||
* \param length The length of the input data in Bytes.
|
||||
* \param iv Initialization vector (nonce).
|
||||
|
@ -112,13 +123,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
|
|||
* \param tag_len The length of the tag to generate in Bytes:
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \note The tag is written to a separate buffer. To concatenate
|
||||
* the \p tag with the \p output, as done in <em>RFC-3610:
|
||||
* Counter with CBC-MAC (CCM)</em>, use
|
||||
* \p tag = \p output + \p length, and make sure that the
|
||||
* output buffer is at least \p length + \p tag_len wide.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return A CCM or cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -144,8 +150,9 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
|
|||
* \param tag_len The length of the tag in Bytes.
|
||||
* 4, 6, 8, 10, 12, 14 or 16.
|
||||
*
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return \c 0 on success. This indicates that the message is authentic.
|
||||
* \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
|
||||
* \return A cipher-specific error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -158,7 +165,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||
/**
|
||||
* \brief The CCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ccm_self_test( int verbose );
|
||||
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
/**
|
||||
* \file cipher.h
|
||||
*
|
||||
* \brief The generic cipher wrapper.
|
||||
* \brief This file contains an abstraction interface for use with the cipher
|
||||
* primitives provided by the library. It provides a common interface to all of
|
||||
* the available cipher operations.
|
||||
*
|
||||
* \author Adriaan de Jong <dejong@fox-it.com>
|
||||
*/
|
||||
|
@ -69,93 +71,93 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported ciphers.
|
||||
* \brief Supported cipher types.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_ID_NONE = 0,
|
||||
MBEDTLS_CIPHER_ID_NULL,
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
MBEDTLS_CIPHER_ID_DES,
|
||||
MBEDTLS_CIPHER_ID_3DES,
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA,
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH,
|
||||
MBEDTLS_CIPHER_ID_ARC4,
|
||||
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
|
||||
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
|
||||
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
|
||||
MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
|
||||
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
|
||||
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
|
||||
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
|
||||
} mbedtls_cipher_id_t;
|
||||
|
||||
/**
|
||||
* \brief An enumeration of supported (cipher, mode) pairs.
|
||||
* \brief Supported {cipher type, cipher mode} pairs.
|
||||
*
|
||||
* \warning ARC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. We recommend considering stronger
|
||||
* \warning RC4 and DES are considered weak ciphers and their use
|
||||
* constitutes a security risk. Arm recommends considering stronger
|
||||
* ciphers instead.
|
||||
*/
|
||||
typedef enum {
|
||||
MBEDTLS_CIPHER_NONE = 0,
|
||||
MBEDTLS_CIPHER_NULL,
|
||||
MBEDTLS_CIPHER_AES_128_ECB,
|
||||
MBEDTLS_CIPHER_AES_192_ECB,
|
||||
MBEDTLS_CIPHER_AES_256_ECB,
|
||||
MBEDTLS_CIPHER_AES_128_CBC,
|
||||
MBEDTLS_CIPHER_AES_192_CBC,
|
||||
MBEDTLS_CIPHER_AES_256_CBC,
|
||||
MBEDTLS_CIPHER_AES_128_CFB128,
|
||||
MBEDTLS_CIPHER_AES_192_CFB128,
|
||||
MBEDTLS_CIPHER_AES_256_CFB128,
|
||||
MBEDTLS_CIPHER_AES_128_CTR,
|
||||
MBEDTLS_CIPHER_AES_192_CTR,
|
||||
MBEDTLS_CIPHER_AES_256_CTR,
|
||||
MBEDTLS_CIPHER_AES_128_GCM,
|
||||
MBEDTLS_CIPHER_AES_192_GCM,
|
||||
MBEDTLS_CIPHER_AES_256_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM,
|
||||
MBEDTLS_CIPHER_DES_ECB,
|
||||
MBEDTLS_CIPHER_DES_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC,
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB,
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64,
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR,
|
||||
MBEDTLS_CIPHER_ARC4_128,
|
||||
MBEDTLS_CIPHER_AES_128_CCM,
|
||||
MBEDTLS_CIPHER_AES_192_CCM,
|
||||
MBEDTLS_CIPHER_AES_256_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM,
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM,
|
||||
MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair lists. */
|
||||
MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
|
||||
MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128 mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
|
||||
MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
|
||||
MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */
|
||||
MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */
|
||||
MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode. */
|
||||
MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode. */
|
||||
} mbedtls_cipher_type_t;
|
||||
|
||||
/** Supported cipher modes. */
|
||||
typedef enum {
|
||||
MBEDTLS_MODE_NONE = 0,
|
||||
MBEDTLS_MODE_ECB,
|
||||
MBEDTLS_MODE_CBC,
|
||||
MBEDTLS_MODE_CFB,
|
||||
MBEDTLS_MODE_OFB, /* Unused! */
|
||||
MBEDTLS_MODE_CTR,
|
||||
MBEDTLS_MODE_GCM,
|
||||
MBEDTLS_MODE_STREAM,
|
||||
MBEDTLS_MODE_CCM,
|
||||
MBEDTLS_MODE_NONE = 0, /**< None. */
|
||||
MBEDTLS_MODE_ECB, /**< The ECB cipher mode. */
|
||||
MBEDTLS_MODE_CBC, /**< The CBC cipher mode. */
|
||||
MBEDTLS_MODE_CFB, /**< The CFB cipher mode. */
|
||||
MBEDTLS_MODE_OFB, /**< The OFB cipher mode - unsupported. */
|
||||
MBEDTLS_MODE_CTR, /**< The CTR cipher mode. */
|
||||
MBEDTLS_MODE_GCM, /**< The GCM cipher mode. */
|
||||
MBEDTLS_MODE_STREAM, /**< The stream cipher mode. */
|
||||
MBEDTLS_MODE_CCM, /**< The CCM cipher mode. */
|
||||
} mbedtls_cipher_mode_t;
|
||||
|
||||
/** Supported cipher padding types. */
|
||||
|
@ -163,8 +165,8 @@ typedef enum {
|
|||
MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default). */
|
||||
MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding. */
|
||||
MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding. */
|
||||
MBEDTLS_PADDING_ZEROS, /**< zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< never pad (full blocks only). */
|
||||
MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
|
||||
MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only). */
|
||||
} mbedtls_cipher_padding_t;
|
||||
|
||||
/** Type of operation. */
|
||||
|
@ -228,7 +230,10 @@ typedef struct {
|
|||
*/
|
||||
unsigned int iv_size;
|
||||
|
||||
/** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */
|
||||
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
|
||||
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
|
||||
* cipher supports variable IV or variable key sizes, respectively.
|
||||
*/
|
||||
int flags;
|
||||
|
||||
/** The block size, in Bytes. */
|
||||
|
@ -299,7 +304,8 @@ const int *mbedtls_cipher_list( void );
|
|||
* \param cipher_name Name of the cipher to search for.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_name, or NULL if not found.
|
||||
* given \p cipher_name.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
|
||||
|
||||
|
@ -310,7 +316,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
|
|||
* \param cipher_type Type of the cipher to search for.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_type, or NULL if not found.
|
||||
* given \p cipher_type.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
|
||||
|
||||
|
@ -325,7 +332,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
|
|||
* \param mode The cipher mode. For example, #MBEDTLS_MODE_CBC.
|
||||
*
|
||||
* \return The cipher information structure associated with the
|
||||
* given \p cipher_id, or NULL if not found.
|
||||
* given \p cipher_id.
|
||||
* \return NULL if the associated cipher information is not found.
|
||||
*/
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
|
||||
int key_bitlen,
|
||||
|
@ -352,10 +360,11 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
|
|||
* \param ctx The context to initialize. May not be NULL.
|
||||
* \param cipher_info The cipher to use.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
|
||||
* #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context failed.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
|
||||
* cipher-specific context fails.
|
||||
*
|
||||
* \internal Currently, the function also clears the structure.
|
||||
* In future versions, the caller will be required to call
|
||||
|
@ -368,8 +377,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The size of the blocks of the cipher, or zero if \p ctx
|
||||
* has not been initialized.
|
||||
* \return The size of the blocks of the cipher.
|
||||
* \return 0 if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -385,8 +394,8 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_c
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The mode of operation, or #MBEDTLS_MODE_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
* \return The mode of operation.
|
||||
* \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -402,9 +411,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtl
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return <ul><li>If no IV has been set: the recommended IV size.
|
||||
* 0 for ciphers not using IV or nonce.</li>
|
||||
* <li>If IV has already been set: the actual size.</li></ul>
|
||||
* \return The recommended IV size if no IV has been set.
|
||||
* \return \c 0 for ciphers not using an IV or a nonce.
|
||||
* \return The actual size if an IV has been set.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -422,8 +431,8 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ct
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The type of the cipher, or #MBEDTLS_CIPHER_NONE if
|
||||
* \p ctx has not been initialized.
|
||||
* \return The type of the cipher.
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -439,8 +448,8 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_ciphe
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The name of the cipher, or NULL if \p ctx has not
|
||||
* been not initialized.
|
||||
* \return The name of the cipher.
|
||||
* \return NULL if \p ctx has not been not initialized.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -455,8 +464,8 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The key length of the cipher in bits, or
|
||||
* #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* \return The key length of the cipher in bits.
|
||||
* \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
|
||||
* initialized.
|
||||
*/
|
||||
static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
|
||||
|
@ -472,9 +481,8 @@ static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t
|
|||
*
|
||||
* \param ctx The context of the cipher. Must be initialized.
|
||||
*
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or
|
||||
* #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx
|
||||
* has not been initialized.
|
||||
* \return The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
* \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
|
||||
*/
|
||||
static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
|
||||
{
|
||||
|
@ -495,9 +503,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
|
|||
* \param operation The operation that the key will be used for:
|
||||
* #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails, or a cipher-specific
|
||||
* error code.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
|
||||
int key_bitlen, const mbedtls_operation_t operation );
|
||||
|
@ -512,9 +521,10 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *k
|
|||
* \param ctx The generic cipher context.
|
||||
* \param mode The padding mode.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
|
||||
* if the selected padding mode is not supported.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
|
||||
* does not support padding.
|
||||
*/
|
||||
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
|
||||
|
@ -524,15 +534,17 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
|
|||
* \brief This function sets the initialization vector (IV)
|
||||
* or nonce.
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
* This parameter is discarded by ciphers with fixed-size IV.
|
||||
*
|
||||
* \returns \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
*
|
||||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len );
|
||||
|
@ -542,8 +554,9 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
|
|||
*
|
||||
* \param ctx The generic cipher context.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
|
||||
* if parameter verification fails.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
*/
|
||||
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
||||
|
||||
|
@ -557,7 +570,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
|
|||
* \param ad The additional data to use.
|
||||
* \param ad_len the Length of \p ad.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *ad, size_t ad_len );
|
||||
|
@ -573,6 +587,11 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
* Exception: For MBEDTLS_MODE_ECB, expects a single block
|
||||
* in size. For example, 16 Bytes for AES.
|
||||
*
|
||||
* \note If the underlying cipher is used in GCM mode, all calls
|
||||
* to this function, except for the last one before
|
||||
* mbedtls_cipher_finish(), must have \p ilen as a
|
||||
* multiple of the block size of the cipher.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param input The buffer holding the input data.
|
||||
* \param ilen The length of the input data.
|
||||
|
@ -582,16 +601,12 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
|||
* \param olen The length of the output data, to be updated with the
|
||||
* actual number of Bytes written.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher, or a cipher-specific
|
||||
* error code.
|
||||
*
|
||||
* \note If the underlying cipher is GCM, all calls to this
|
||||
* function, except the last one before
|
||||
* mbedtls_cipher_finish(). Must have \p ilen as a
|
||||
* multiple of the block_size.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
|
||||
* unsupported mode for a cipher.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
|
||||
size_t ilen, unsigned char *output, size_t *olen );
|
||||
|
@ -606,13 +621,14 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
|
|||
* \param output The buffer to write data to. Needs block_size available.
|
||||
* \param olen The length of the data written to the \p output buffer.
|
||||
*
|
||||
* \returns \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
|
||||
* parameter verification fails,
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one,
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code
|
||||
* on failure for any other reason.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *output, size_t *olen );
|
||||
|
@ -627,7 +643,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer to write the tag to.
|
||||
* \param tag_len The length of the tag to write.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
@ -641,7 +658,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer holding the tag.
|
||||
* \param tag_len The length of the tag to check.
|
||||
*
|
||||
* \return \c 0 on success, or a specific error code on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return A specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *tag, size_t tag_len );
|
||||
|
@ -667,13 +685,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
|
|||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, use \p iv = NULL and \p iv_len = 0.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
|
||||
* expected a full block but was not provided one, or
|
||||
* #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting, or a cipher-specific error code on
|
||||
* failure for any other reason.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
|
||||
* expecting a full block but not receiving one.
|
||||
* \return #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
|
||||
* while decrypting.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -699,9 +718,10 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer for the authentication tag.
|
||||
* \param tag_len The desired length of the authentication tag.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* a cipher-specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
@ -713,6 +733,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
/**
|
||||
* \brief The generic autenticated decryption (AEAD) function.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*
|
||||
* \param ctx The generic cipher context.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
|
||||
* \param iv_len The IV length for ciphers with variable-size IV.
|
||||
|
@ -728,14 +752,11 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
|||
* \param tag The buffer holding the authentication tag.
|
||||
* \param tag_len The length of the authentication tag.
|
||||
*
|
||||
* \returns \c 0 on success, or
|
||||
* #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
|
||||
* #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic,
|
||||
* or a cipher-specific error code on failure for any other reason.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
|
||||
* parameter-verification failure.
|
||||
* \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
|
|
|
@ -1,7 +1,13 @@
|
|||
/**
|
||||
* \file dhm.h
|
||||
*
|
||||
* \brief Diffie-Hellman-Merkle key exchange.
|
||||
* \brief This file contains Diffie-Hellman-Merkle (DHM) key exchange
|
||||
* definitions and functions.
|
||||
*
|
||||
* Diffie-Hellman-Merkle (DHM) key exchange is defined in
|
||||
* <em>RFC-2631: Diffie-Hellman Key Agreement Method</em> and
|
||||
* <em>Public-Key Cryptography Standards (PKCS) #3: Diffie
|
||||
* Hellman Key Agreement Standard</em>.
|
||||
*
|
||||
* <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
|
||||
* Internet Key Exchange (IKE)</em> defines a number of standardized
|
||||
|
@ -130,8 +136,8 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
|
|||
* failures.
|
||||
* \param end The end of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
||||
unsigned char **p,
|
||||
|
@ -141,13 +147,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
* \brief This function sets up and writes the ServerKeyExchange
|
||||
* parameters.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private value size in Bytes.
|
||||
* \param olen The number of characters written.
|
||||
* \param output The destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note The destination buffer must be large enough to hold
|
||||
* the reduced binary presentation of the modulus, the generator
|
||||
* and the public key, each wrapped with a 2-byte length field.
|
||||
|
@ -160,8 +159,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
|
|||
* mbedtls_dhm_set_group() below in conjunction with
|
||||
* mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param olen The number of characters written.
|
||||
* \param output The destination buffer.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t *olen,
|
||||
|
@ -169,54 +175,54 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Set prime modulus and generator
|
||||
* \brief This function sets the prime modulus and generator.
|
||||
*
|
||||
* \note This function can be used to set \p P, \p G
|
||||
* in preparation for mbedtls_dhm_make_params().
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param P The MPI holding DHM prime modulus.
|
||||
* \param G The MPI holding DHM generator.
|
||||
* \param P The MPI holding the DHM prime modulus.
|
||||
* \param G The MPI holding the DHM generator.
|
||||
*
|
||||
* \note This function can be used to set P, G
|
||||
* in preparation for \c mbedtls_dhm_make_params.
|
||||
*
|
||||
* \return \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 if successful.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
|
||||
const mbedtls_mpi *P,
|
||||
const mbedtls_mpi *G );
|
||||
|
||||
/**
|
||||
* \brief This function imports the public value G^Y of the peer.
|
||||
* \brief This function imports the public value of the peer, G^Y.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param input The input buffer.
|
||||
* \param input The input buffer containing the G^Y value of the peer.
|
||||
* \param ilen The size of the input buffer.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
|
||||
const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief This function creates its own private value \c X and
|
||||
* \brief This function creates its own private key, \c X, and
|
||||
* exports \c G^X.
|
||||
*
|
||||
* \note The destination buffer is always fully written
|
||||
* so as to contain a big-endian representation of G^X mod P.
|
||||
* If it is larger than ctx->len, it is padded accordingly
|
||||
* with zero-bytes at the beginning.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param x_size The private value size in Bytes.
|
||||
* \param x_size The private key size in Bytes.
|
||||
* \param output The destination buffer.
|
||||
* \param olen The length of the destination buffer. Must be at least
|
||||
equal to ctx->len (the size of \c P).
|
||||
* equal to ctx->len (the size of \c P).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note The destination buffer will always be fully written
|
||||
* so as to contain a big-endian presentation of G^X mod P.
|
||||
* If it is larger than ctx->len, it will accordingly be
|
||||
* padded with zero-bytes in the beginning.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
||||
unsigned char *output, size_t olen,
|
||||
|
@ -227,22 +233,22 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||
* \brief This function derives and exports the shared secret
|
||||
* \c (G^Y)^X mod \c P.
|
||||
*
|
||||
* \note If \p f_rng is not NULL, it is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our private key \c X is re-used, and not used
|
||||
* otherwise. We recommend always passing a non-NULL
|
||||
* \p f_rng argument.
|
||||
*
|
||||
* \param ctx The DHM context.
|
||||
* \param output The destination buffer.
|
||||
* \param output_size The size of the destination buffer. Must be at least
|
||||
* the size of ctx->len.
|
||||
* the size of ctx->len (the size of \c P).
|
||||
* \param olen On exit, holds the actual number of Bytes written.
|
||||
* \param f_rng The RNG function, for blinding purposes.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
|
||||
* on failure.
|
||||
*
|
||||
* \note If non-NULL, \p f_rng is used to blind the input as
|
||||
* a countermeasure against timing attacks. Blinding is used
|
||||
* only if our secret value \p X is re-used and omitted
|
||||
* otherwise. Therefore, we recommend always passing a
|
||||
* non-NULL \p f_rng argument.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
||||
unsigned char *output, size_t output_size, size_t *olen,
|
||||
|
@ -250,7 +256,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief This function frees and clears the components of a DHM key.
|
||||
* \brief This function frees and clears the components of a DHM context.
|
||||
*
|
||||
* \param ctx The DHM context to free and clear.
|
||||
*/
|
||||
|
@ -266,8 +272,9 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
|
|||
* \param dhminlen The size of the buffer, including the terminating null
|
||||
* Byte for PEM data.
|
||||
*
|
||||
* \return \c 0 on success, or a specific DHM or PEM error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
||||
size_t dhminlen );
|
||||
|
@ -280,8 +287,9 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
|
|||
* \param dhm The DHM context to load the parameters to.
|
||||
* \param path The filename to read the DHM parameters from.
|
||||
*
|
||||
* \return \c 0 on success, or a specific DHM or PEM error code
|
||||
* on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error code
|
||||
* error code on failure.
|
||||
*/
|
||||
int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
|
@ -290,7 +298,8 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
|
|||
/**
|
||||
* \brief The DMH checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_dhm_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
/**
|
||||
* \file ecdsa.h
|
||||
*
|
||||
* \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
|
||||
* \brief This file contains ECDSA definitions and functions.
|
||||
*
|
||||
* ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
|
||||
* <em>Standards for Efficient Cryptography Group (SECG):
|
||||
* SEC1 Elliptic Curve Cryptography</em>.
|
||||
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
|
||||
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
|
@ -69,6 +70,14 @@ extern "C" {
|
|||
*
|
||||
* \note The deterministic version is usually preferred.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
|
@ -76,18 +85,11 @@ extern "C" {
|
|||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated
|
||||
* as defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX
|
||||
* or \c MBEDTLS_MPI_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -97,10 +99,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
/**
|
||||
* \brief This function computes the ECDSA signature of a
|
||||
* previously-hashed message, deterministic version.
|
||||
*
|
||||
* For more information, see <em>RFC-6979: Deterministic
|
||||
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param r The first output integer.
|
||||
* \param s The second output integer.
|
||||
|
@ -109,17 +120,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||
* \param blen The length of \p buf.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
||||
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
|
||||
|
@ -130,6 +133,14 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
* \brief This function verifies the ECDSA signature of a
|
||||
* previously-hashed message.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param grp The ECP group.
|
||||
* \param buf The message hash.
|
||||
* \param blen The length of \p buf.
|
||||
|
@ -137,18 +148,11 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
|
|||
* \param r The first integer of the signature.
|
||||
* \param s The second integer of the signature.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
|
||||
* is invalid.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*/
|
||||
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
||||
const unsigned char *buf, size_t blen,
|
||||
|
@ -169,15 +173,6 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
* of the Digital Signature Algorithm (DSA) and Elliptic
|
||||
* Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if
|
||||
* a 256-bit curve is used. A buffer length of
|
||||
|
@ -189,11 +184,20 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
|
|||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param md_alg The message digest that was used to hash the message.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -209,26 +213,17 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
#define MBEDTLS_DEPRECATED
|
||||
#endif
|
||||
/**
|
||||
* \brief This function computes an ECDSA signature and writes it to a buffer,
|
||||
* serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
|
||||
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
|
||||
* \brief This function computes an ECDSA signature and writes
|
||||
* it to a buffer, serialized as defined in <em>RFC-4492:
|
||||
* Elliptic Curve Cryptography (ECC) Cipher Suites for
|
||||
* Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA) and
|
||||
* Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
* The deterministic version is defined in <em>RFC-6979:
|
||||
* Deterministic Usage of the Digital Signature Algorithm (DSA)
|
||||
* and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
|
||||
*
|
||||
* \warning It is not thread-safe to use the same context in
|
||||
* multiple threads.
|
||||
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The Message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \note The \p sig buffer must be at least twice as large as the
|
||||
* size of the curve used, plus 9. For example, 73 Bytes if a
|
||||
|
@ -241,11 +236,21 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
|
|||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.3, step 5.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in
|
||||
* Mbed TLS version 2.0 and later.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The length of the hash.
|
||||
* \param sig The buffer that holds the signature.
|
||||
* \param slen The length of the signature written.
|
||||
* \param md_alg The MD algorithm used to hash the message.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
|
||||
* \c MBEDTLS_ERR_ASN1_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -258,26 +263,26 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
|
|||
/**
|
||||
* \brief This function reads and verifies an ECDSA signature.
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \note If the bitlength of the message hash is larger than the
|
||||
* bitlength of the group order, then the hash is truncated as
|
||||
* defined in <em>Standards for Efficient Cryptography Group
|
||||
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
|
||||
* 4.1.4, step 3.
|
||||
*
|
||||
* \return \c 0 on success,
|
||||
* #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
|
||||
* #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in sig but its length is less than \p siglen,
|
||||
* or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context.
|
||||
* \param hash The message hash.
|
||||
* \param hlen The size of the hash.
|
||||
* \param sig The signature to read and verify.
|
||||
* \param slen The size of \p sig.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
|
||||
* \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig, but its length is less than \p siglen.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on failure for any other reason.
|
||||
*/
|
||||
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
||||
const unsigned char *hash, size_t hlen,
|
||||
|
@ -286,16 +291,16 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
|
|||
/**
|
||||
* \brief This function generates an ECDSA keypair on the given curve.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to store the keypair in.
|
||||
* \param gid The elliptic curve to use. One of the various
|
||||
* \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG parameter.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
@ -303,13 +308,13 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
|
|||
/**
|
||||
* \brief This function sets an ECDSA context from an EC key pair.
|
||||
*
|
||||
* \see ecp.h
|
||||
*
|
||||
* \param ctx The ECDSA context to set.
|
||||
* \param key The EC key to use.
|
||||
*
|
||||
* \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
|
||||
* failure.
|
||||
*
|
||||
* \see ecp.h
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
|
||||
|
||||
|
|
|
@ -1,10 +1,21 @@
|
|||
/**
|
||||
* \file ecp.h
|
||||
*
|
||||
* \brief Elliptic curves over GF(p)
|
||||
* \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
|
||||
*
|
||||
* The use of ECP in cryptography and TLS is defined in
|
||||
* <em>Standards for Efficient Cryptography Group (SECG): SEC1
|
||||
* Elliptic Curve Cryptography</em> and
|
||||
* <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
|
||||
* for Transport Layer Security (TLS)</em>.
|
||||
*
|
||||
* <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
|
||||
* group types.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -19,8 +30,9 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* This file is part of mbed TLS (https://tls.mbed.org)
|
||||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_ECP_H
|
||||
#define MBEDTLS_ECP_H
|
||||
|
||||
|
@ -31,77 +43,79 @@
|
|||
*/
|
||||
#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */
|
||||
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */
|
||||
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */
|
||||
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< The requested feature is not available, for example, the requested curve is not supported. */
|
||||
#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */
|
||||
#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */
|
||||
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
|
||||
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as ephemeral key, failed. */
|
||||
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
|
||||
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< The buffer contains a valid signature followed by more data. */
|
||||
#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */
|
||||
#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< The ECP hardware accelerator failed. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Domain parameters (curve, subgroup and generator) identifiers.
|
||||
* Domain-parameter identifiers: curve, subgroup, and generator.
|
||||
*
|
||||
* Only curves over prime fields are supported.
|
||||
* \note Only curves over prime fields are supported.
|
||||
*
|
||||
* \warning This library does not support validation of arbitrary domain
|
||||
* parameters. Therefore, only well-known domain parameters from trusted
|
||||
* parameters. Therefore, only standardized domain parameters from trusted
|
||||
* sources should be used. See mbedtls_ecp_group_load().
|
||||
*/
|
||||
typedef enum
|
||||
{
|
||||
MBEDTLS_ECP_DP_NONE = 0,
|
||||
MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
|
||||
MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
|
||||
MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
|
||||
MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
|
||||
MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
|
||||
MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
|
||||
MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
|
||||
MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
|
||||
MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */
|
||||
MBEDTLS_ECP_DP_CURVE448, /*!< Curve448 */
|
||||
MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */
|
||||
MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
|
||||
MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
|
||||
MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
|
||||
MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
|
||||
MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve. */
|
||||
MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve. */
|
||||
MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve. */
|
||||
MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
|
||||
MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
|
||||
MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz" curve. */
|
||||
MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz" curve. */
|
||||
MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
||||
} mbedtls_ecp_group_id;
|
||||
|
||||
/**
|
||||
* Number of supported curves (plus one for NONE).
|
||||
* The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
|
||||
*
|
||||
* (Montgomery curves excluded for now.)
|
||||
* \note Montgomery curves are currently excluded.
|
||||
*/
|
||||
#define MBEDTLS_ECP_DP_MAX 12
|
||||
|
||||
/**
|
||||
* Curve information for use by other modules
|
||||
* Curve information, for use by other modules.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_ecp_group_id grp_id; /*!< Internal identifier */
|
||||
uint16_t tls_id; /*!< TLS NamedCurve identifier */
|
||||
uint16_t bit_size; /*!< Curve size in bits */
|
||||
const char *name; /*!< Human-friendly name */
|
||||
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
|
||||
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
|
||||
uint16_t bit_size; /*!< The curve size in bits. */
|
||||
const char *name; /*!< A human-friendly name. */
|
||||
} mbedtls_ecp_curve_info;
|
||||
|
||||
/**
|
||||
* \brief ECP point structure (jacobian coordinates)
|
||||
* \brief The ECP point structure, in Jacobian coordinates.
|
||||
*
|
||||
* \note All functions expect and return points satisfying
|
||||
* the following condition: Z == 0 or Z == 1. (Other
|
||||
* values of Z are used by internal functions only.)
|
||||
* The point is zero, or "at infinity", if Z == 0.
|
||||
* Otherwise, X and Y are its standard (affine) coordinates.
|
||||
* the following condition: <code>Z == 0</code> or
|
||||
* <code>Z == 1</code>. Other values of \p Z are
|
||||
* used only by internal functions.
|
||||
* The point is zero, or "at infinity", if <code>Z == 0</code>.
|
||||
* Otherwise, \p X and \p Y are its standard (affine)
|
||||
* coordinates.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_mpi X; /*!< the point's X coordinate */
|
||||
mbedtls_mpi Y; /*!< the point's Y coordinate */
|
||||
mbedtls_mpi Z; /*!< the point's Z coordinate */
|
||||
mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
|
||||
mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
|
||||
mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
|
||||
}
|
||||
mbedtls_ecp_point;
|
||||
|
||||
|
@ -115,46 +129,55 @@ mbedtls_ecp_point;
|
|||
*/
|
||||
|
||||
/**
|
||||
* \brief ECP group structure
|
||||
* \brief The ECP group structure.
|
||||
*
|
||||
* We consider two types of curves equations:
|
||||
* 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
|
||||
* 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
|
||||
* In both cases, a generator G for a prime-order subgroup is fixed. In the
|
||||
* short weierstrass, this subgroup is actually the whole curve, and its
|
||||
* cardinal is denoted by N.
|
||||
* We consider two types of curve equations:
|
||||
* <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
|
||||
* (SEC1 + RFC-4492)</li>
|
||||
* <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
|
||||
* Curve448)</li></ul>
|
||||
* In both cases, the generator (\p G) for a prime-order subgroup is fixed.
|
||||
*
|
||||
* In the case of Short Weierstrass curves, our code requires that N is an odd
|
||||
* prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
|
||||
* For Short Weierstrass, this subgroup is the whole curve, and its
|
||||
* cardinality is denoted by \p N. Our code requires that \p N is an
|
||||
* odd prime as mbedtls_ecp_mul() requires an odd number, and
|
||||
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
|
||||
*
|
||||
* In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
|
||||
* the quantity actually used in the formulas. Also, nbits is not the size of N
|
||||
* but the required size for private keys.
|
||||
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
|
||||
* which is the quantity used in the formulas. Additionally, \p nbits is
|
||||
* not the size of \p N but the required size for private keys.
|
||||
*
|
||||
* If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
|
||||
* Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
|
||||
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
|
||||
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits
|
||||
* in size, so that it may be efficiently brought in the 0..P-1 range by a few
|
||||
* additions or subtractions. Therefore, it is only an approximative modular
|
||||
* reduction. It must return 0 on success and non-zero on failure.
|
||||
*
|
||||
* If modp is NULL, reduction modulo P is done using a generic algorithm.
|
||||
* Otherwise, it must point to a function that takes an mbedtls_mpi in the range
|
||||
* 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
|
||||
* than pbits, so that the integer may be efficiently brought in the 0..P-1
|
||||
* range by a few additions or substractions. It must return 0 on success and
|
||||
* non-zero on failure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
mbedtls_ecp_group_id id; /*!< internal group identifier */
|
||||
mbedtls_mpi P; /*!< prime modulus of the base field */
|
||||
mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */
|
||||
mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */
|
||||
mbedtls_ecp_point G; /*!< generator of the (sub)group used */
|
||||
mbedtls_mpi N; /*!< the order of G */
|
||||
size_t pbits; /*!< number of bits in P */
|
||||
size_t nbits; /*!< number of bits in 1. P, or 2. private keys */
|
||||
unsigned int h; /*!< internal: 1 if the constants are static */
|
||||
int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */
|
||||
int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */
|
||||
int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */
|
||||
void *t_data; /*!< unused */
|
||||
mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */
|
||||
size_t T_size; /*!< number for pre-computed points */
|
||||
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
|
||||
mbedtls_mpi P; /*!< The prime modulus of the base field. */
|
||||
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
|
||||
Montgomery curves: <code>(A + 2) / 4</code>. */
|
||||
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
|
||||
For Montgomery curves: unused. */
|
||||
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
|
||||
mbedtls_mpi N; /*!< The order of \p G. */
|
||||
size_t pbits; /*!< The number of bits in \p P.*/
|
||||
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
|
||||
For Montgomery curves: the number of bits in the
|
||||
private keys. */
|
||||
unsigned int h; /*!< \internal 1 if the constants are static. */
|
||||
int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
|
||||
mod \p P (see above).*/
|
||||
int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
|
||||
int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
|
||||
void *t_data; /*!< Unused. */
|
||||
mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
|
||||
size_t T_size; /*!< The number of pre-computed points. */
|
||||
}
|
||||
mbedtls_ecp_group;
|
||||
|
||||
|
@ -162,15 +185,15 @@ mbedtls_ecp_group;
|
|||
* \name SECTION: Module settings
|
||||
*
|
||||
* The configuration options you can set for this module are in this section.
|
||||
* Either change them in config.h or define them on the compiler command line.
|
||||
* Either change them in config.h, or define them using the compiler command line.
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_ECP_MAX_BITS)
|
||||
/**
|
||||
* Maximum size of the groups (that is, of N and P)
|
||||
* The maximum size of the groups, that is, of \c N and \c P.
|
||||
*/
|
||||
#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
|
||||
#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
|
||||
|
@ -193,11 +216,10 @@ mbedtls_ecp_group;
|
|||
* 521 145 141 135 120 97
|
||||
* 384 214 209 198 177 146
|
||||
* 256 320 320 303 262 226
|
||||
|
||||
* 224 475 475 453 398 342
|
||||
* 192 640 640 633 587 476
|
||||
*/
|
||||
#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
|
||||
#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */
|
||||
#endif /* MBEDTLS_ECP_WINDOW_SIZE */
|
||||
|
||||
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
|
||||
|
@ -212,7 +234,7 @@ mbedtls_ecp_group;
|
|||
*
|
||||
* Change this value to 0 to reduce peak memory usage.
|
||||
*/
|
||||
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
|
||||
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
|
||||
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
|
||||
|
||||
/* \} name SECTION: Module settings */
|
||||
|
@ -222,11 +244,12 @@ mbedtls_ecp_group;
|
|||
#endif /* MBEDTLS_ECP_ALT */
|
||||
|
||||
/**
|
||||
* \brief ECP key pair structure
|
||||
* \brief The ECP key-pair structure.
|
||||
*
|
||||
* A generic key pair that could be used for ECDSA, fixed ECDH, etc.
|
||||
* A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
|
||||
*
|
||||
* \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
|
||||
* \note Members are deliberately in the same order as in the
|
||||
* ::mbedtls_ecdsa_context structure.
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
|
@ -239,25 +262,27 @@ mbedtls_ecp_keypair;
|
|||
/*
|
||||
* Point formats, from RFC 4492's enum ECPointFormat
|
||||
*/
|
||||
#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */
|
||||
#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */
|
||||
#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format. */
|
||||
#define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format. */
|
||||
|
||||
/*
|
||||
* Some other constants from RFC 4492
|
||||
*/
|
||||
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
|
||||
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< The named_curve of ECCurveType. */
|
||||
|
||||
/**
|
||||
* \brief Get the list of supported curves in order of preferrence
|
||||
* (full information)
|
||||
* \brief This function retrieves the information defined in
|
||||
* mbedtls_ecp_curve_info() for all supported curves in order
|
||||
* of preference.
|
||||
*
|
||||
* \return A statically allocated array, the last entry is 0.
|
||||
* \return A statically allocated array. The last entry is 0.
|
||||
*/
|
||||
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
|
||||
|
||||
/**
|
||||
* \brief Get the list of supported curves in order of preferrence
|
||||
* (grp_id only)
|
||||
* \brief This function retrieves the list of internal group
|
||||
* identifiers of all supported curves in the order of
|
||||
* preference.
|
||||
*
|
||||
* \return A statically allocated array,
|
||||
* terminated with MBEDTLS_ECP_DP_NONE.
|
||||
|
@ -265,357 +290,400 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
|
|||
const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
|
||||
|
||||
/**
|
||||
* \brief Get curve information from an internal group identifier
|
||||
* \brief This function retrieves curve information from an internal
|
||||
* group identifier.
|
||||
*
|
||||
* \param grp_id A MBEDTLS_ECP_DP_XXX value
|
||||
* \param grp_id An \c MBEDTLS_ECP_DP_XXX value.
|
||||
*
|
||||
* \return The associated curve information or NULL
|
||||
* \return The associated curve information on success.
|
||||
* \return NULL on failure.
|
||||
*/
|
||||
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
|
||||
|
||||
/**
|
||||
* \brief Get curve information from a TLS NamedCurve value
|
||||
* \brief This function retrieves curve information from a TLS
|
||||
* NamedCurve value.
|
||||
*
|
||||
* \param tls_id A MBEDTLS_ECP_DP_XXX value
|
||||
* \param tls_id An \c MBEDTLS_ECP_DP_XXX value.
|
||||
*
|
||||
* \return The associated curve information or NULL
|
||||
* \return The associated curve information on success.
|
||||
* \return NULL on failure.
|
||||
*/
|
||||
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
|
||||
|
||||
/**
|
||||
* \brief Get curve information from a human-readable name
|
||||
* \brief This function retrieves curve information from a
|
||||
* human-readable name.
|
||||
*
|
||||
* \param name The name
|
||||
* \param name The human-readable name.
|
||||
*
|
||||
* \return The associated curve information or NULL
|
||||
* \return The associated curve information on success.
|
||||
* \return NULL on failure.
|
||||
*/
|
||||
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
|
||||
|
||||
/**
|
||||
* \brief Initialize a point (as zero)
|
||||
* \brief This function initializes a point as zero.
|
||||
*
|
||||
* \param pt The point to initialize.
|
||||
*/
|
||||
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Initialize a group (to something meaningless)
|
||||
* \brief This function initializes an ECP group context
|
||||
* without loading any domain parameters.
|
||||
*
|
||||
* \note After this function is called, domain parameters
|
||||
* for various ECP groups can be loaded through the
|
||||
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
|
||||
* functions.
|
||||
*/
|
||||
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
|
||||
|
||||
/**
|
||||
* \brief Initialize a key pair (as an invalid one)
|
||||
* \brief This function initializes a key pair as an invalid one.
|
||||
*
|
||||
* \param key The key pair to initialize.
|
||||
*/
|
||||
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a point
|
||||
* \brief This function frees the components of a point.
|
||||
*
|
||||
* \param pt The point to free.
|
||||
*/
|
||||
void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Free the components of an ECP group
|
||||
* \brief This function frees the components of an ECP group.
|
||||
* \param grp The group to free.
|
||||
*/
|
||||
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
|
||||
|
||||
/**
|
||||
* \brief Free the components of a key pair
|
||||
* \brief This function frees the components of a key pair.
|
||||
* \param key The key pair to free.
|
||||
*/
|
||||
void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
|
||||
|
||||
/**
|
||||
* \brief Copy the contents of point Q into P
|
||||
* \brief This function copies the contents of point \p Q into
|
||||
* point \p P.
|
||||
*
|
||||
* \param P Destination point
|
||||
* \param Q Source point
|
||||
* \param P The destination point.
|
||||
* \param Q The source point.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
|
||||
|
||||
/**
|
||||
* \brief Copy the contents of a group object
|
||||
* \brief This function copies the contents of group \p src into
|
||||
* group \p dst.
|
||||
*
|
||||
* \param dst Destination group
|
||||
* \param src Source group
|
||||
* \param dst The destination group.
|
||||
* \param src The source group.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
|
||||
|
||||
/**
|
||||
* \brief Set a point to zero
|
||||
* \brief This function sets a point to zero.
|
||||
*
|
||||
* \param pt Destination point
|
||||
* \param pt The point to set.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Tell if a point is zero
|
||||
* \brief This function checks if a point is zero.
|
||||
*
|
||||
* \param pt Point to test
|
||||
* \param pt The point to test.
|
||||
*
|
||||
* \return 1 if point is zero, 0 otherwise
|
||||
* \return \c 1 if the point is zero.
|
||||
* \return \c 0 if the point is non-zero.
|
||||
*/
|
||||
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Compare two points
|
||||
* \brief This function compares two points.
|
||||
*
|
||||
* \note This assumes the points are normalized. Otherwise,
|
||||
* \note This assumes that the points are normalized. Otherwise,
|
||||
* they may compare as "not equal" even if they are.
|
||||
*
|
||||
* \param P First point to compare
|
||||
* \param Q Second point to compare
|
||||
* \param P The first point to compare.
|
||||
* \param Q The second point to compare.
|
||||
*
|
||||
* \return 0 if the points are equal,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
|
||||
* \return \c 0 if the points are equal.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
|
||||
*/
|
||||
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
|
||||
const mbedtls_ecp_point *Q );
|
||||
|
||||
/**
|
||||
* \brief Import a non-zero point from two ASCII strings
|
||||
* \brief This function imports a non-zero point from two ASCII
|
||||
* strings.
|
||||
*
|
||||
* \param P Destination point
|
||||
* \param radix Input numeric base
|
||||
* \param x First affine coordinate as a null-terminated string
|
||||
* \param y Second affine coordinate as a null-terminated string
|
||||
* \param P The destination point.
|
||||
* \param radix The numeric base of the input.
|
||||
* \param x The first affine coordinate, as a null-terminated string.
|
||||
* \param y The second affine coordinate, as a null-terminated string.
|
||||
*
|
||||
* \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on failure.
|
||||
*/
|
||||
int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
|
||||
const char *x, const char *y );
|
||||
|
||||
/**
|
||||
* \brief Export a point into unsigned binary data
|
||||
* \brief This function exports a point into unsigned binary data.
|
||||
*
|
||||
* \param grp Group to which the point should belong
|
||||
* \param P Point to export
|
||||
* \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro
|
||||
* \param olen Length of the actual output
|
||||
* \param buf Output buffer
|
||||
* \param buflen Length of the output buffer
|
||||
* \param grp The group to which the point should belong.
|
||||
* \param P The point to export.
|
||||
* \param format The point format. Should be an \c MBEDTLS_ECP_PF_XXX macro.
|
||||
* \param olen The length of the output.
|
||||
* \param buf The output buffer.
|
||||
* \param buflen The length of the output buffer.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
* or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
* or #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
*/
|
||||
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t buflen );
|
||||
|
||||
/**
|
||||
* \brief Import a point from unsigned binary data
|
||||
* \brief This function imports a point from unsigned binary data.
|
||||
*
|
||||
* \param grp Group to which the point should belong
|
||||
* \param P Point to import
|
||||
* \param buf Input buffer
|
||||
* \param ilen Actual length of input
|
||||
* \note This function does not check that the point actually
|
||||
* belongs to the given group, see mbedtls_ecp_check_pubkey()
|
||||
* for that.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
|
||||
* MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
|
||||
* \param grp The group to which the point should belong.
|
||||
* \param P The point to import.
|
||||
* \param buf The input buffer.
|
||||
* \param ilen The length of the input.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
|
||||
* is not implemented.
|
||||
*
|
||||
* \note This function does NOT check that the point actually
|
||||
* belongs to the given group, see mbedtls_ecp_check_pubkey() for
|
||||
* that.
|
||||
*/
|
||||
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
|
||||
const unsigned char *buf, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Import a point from a TLS ECPoint record
|
||||
* \brief This function imports a point from a TLS ECPoint record.
|
||||
*
|
||||
* \param grp ECP group used
|
||||
* \param pt Destination point
|
||||
* \param buf $(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
* \note On function return, \p buf is updated to point to immediately
|
||||
* after the ECPoint record.
|
||||
*
|
||||
* \note buf is updated to point right after the ECPoint on exit
|
||||
* \param grp The ECP group used.
|
||||
* \param pt The destination point.
|
||||
* \param buf The address of the pointer to the start of the input buffer.
|
||||
* \param len The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_XXX if initialization failed
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
|
||||
const unsigned char **buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Export a point as a TLS ECPoint record
|
||||
* \brief This function exports a point as a TLS ECPoint record.
|
||||
*
|
||||
* \param grp ECP group used
|
||||
* \param pt Point to export
|
||||
* \param format Export format
|
||||
* \param olen length of data written
|
||||
* \param buf Buffer to write to
|
||||
* \param blen Buffer length
|
||||
* \param grp The ECP group used.
|
||||
* \param pt The point format to export to. The point format is an
|
||||
* \c MBEDTLS_ECP_PF_XXX constant.
|
||||
* \param format The export format.
|
||||
* \param olen The length of the data written.
|
||||
* \param buf The buffer to write to.
|
||||
* \param blen The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
* or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA or
|
||||
* #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
|
||||
int format, size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief Set a group using well-known domain parameters
|
||||
* \brief This function sets a group using standardized domain parameters.
|
||||
*
|
||||
* \param grp Destination group
|
||||
* \param id Index in the list of well-known domain parameters
|
||||
* \note The index should be a value of the NamedCurve enum,
|
||||
* as defined in <em>RFC-4492: Elliptic Curve Cryptography
|
||||
* (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
|
||||
* usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_XXX if initialization failed
|
||||
* MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
|
||||
* \param grp The destination group.
|
||||
* \param id The identifier of the domain parameter set to load.
|
||||
*
|
||||
* \note Index should be a value of RFC 4492's enum NamedCurve,
|
||||
* usually in the form of a MBEDTLS_ECP_DP_XXX macro.
|
||||
* \return \c 0 on success,
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.
|
||||
|
||||
*/
|
||||
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
|
||||
|
||||
/**
|
||||
* \brief Set a group from a TLS ECParameters record
|
||||
* \brief This function sets a group from a TLS ECParameters record.
|
||||
*
|
||||
* \param grp Destination group
|
||||
* \param buf &(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
* \note \p buf is updated to point right after the ECParameters record
|
||||
* on exit.
|
||||
*
|
||||
* \note buf is updated to point right after ECParameters on exit
|
||||
* \param grp The destination group.
|
||||
* \param buf The address of the pointer to the start of the input buffer.
|
||||
* \param len The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_MPI_XXX if initialization failed
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_MPI_XXX error code on initialization failure.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
|
||||
*/
|
||||
int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Write the TLS ECParameters record for a group
|
||||
* \brief This function writes the TLS ECParameters record for a group.
|
||||
*
|
||||
* \param grp ECP group used
|
||||
* \param olen Number of bytes actually written
|
||||
* \param buf Buffer to write to
|
||||
* \param blen Buffer length
|
||||
* \param grp The ECP group used.
|
||||
* \param olen The number of Bytes written.
|
||||
* \param buf The buffer to write to.
|
||||
* \param blen The length of the buffer.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.
|
||||
*/
|
||||
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
|
||||
unsigned char *buf, size_t blen );
|
||||
|
||||
/**
|
||||
* \brief Multiplication by an integer: R = m * P
|
||||
* (Not thread-safe to use same group in multiple threads)
|
||||
* \brief This function performs multiplication of a point by
|
||||
* an integer: \p R = \p m * \p P.
|
||||
*
|
||||
* \note In order to prevent timing attacks, this function
|
||||
* executes the exact same sequence of (base field)
|
||||
* operations for any valid m. It avoids any if-branch or
|
||||
* array index depending on the value of m.
|
||||
* It is not thread-safe to use same group in multiple threads.
|
||||
*
|
||||
* \note If f_rng is not NULL, it is used to randomize intermediate
|
||||
* results in order to prevent potential timing attacks
|
||||
* targeting these results. It is recommended to always
|
||||
* provide a non-NULL f_rng (the overhead is negligible).
|
||||
* \note To prevent timing attacks, this function
|
||||
* executes the exact same sequence of base-field
|
||||
* operations for any valid \p m. It avoids any if-branch or
|
||||
* array index depending on the value of \p m.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param R Destination point
|
||||
* \param m Integer by which to multiply
|
||||
* \param P Point to multiply
|
||||
* \param f_rng RNG function (see notes)
|
||||
* \param p_rng RNG parameter
|
||||
* \note If \p f_rng is not NULL, it is used to randomize
|
||||
* intermediate results to prevent potential timing attacks
|
||||
* targeting these results. We recommend always providing
|
||||
* a non-NULL \p f_rng. The overhead is negligible.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
|
||||
* or P is not a valid pubkey,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param m The integer by which to multiply.
|
||||
* \param P The point to multiply.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
|
||||
* key, or \p P is not a valid public key.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Multiplication and addition of two points by integers:
|
||||
* R = m * P + n * Q
|
||||
* (Not thread-safe to use same group in multiple threads)
|
||||
* \brief This function performs multiplication and addition of two
|
||||
* points by integers: \p R = \p m * \p P + \p n * \p Q
|
||||
*
|
||||
* \note In contrast to mbedtls_ecp_mul(), this function does not guarantee
|
||||
* a constant execution flow and timing.
|
||||
* It is not thread-safe to use same group in multiple threads.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param R Destination point
|
||||
* \param m Integer by which to multiply P
|
||||
* \param P Point to multiply by m
|
||||
* \param n Integer by which to multiply Q
|
||||
* \param Q Point to be multiplied by n
|
||||
* \note In contrast to mbedtls_ecp_mul(), this function does not
|
||||
* guarantee a constant execution flow and timing.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
|
||||
* or P or Q is not a valid pubkey,
|
||||
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
|
||||
* \param grp The ECP group.
|
||||
* \param R The destination point.
|
||||
* \param m The integer by which to multiply \p P.
|
||||
* \param P The point to multiply by \p m.
|
||||
* \param n The integer by which to multiply \p Q.
|
||||
* \param Q The point to be multiplied by \p n.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
|
||||
* valid private keys, or \p P or \p Q are not valid public
|
||||
* keys.
|
||||
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
|
||||
*/
|
||||
int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
||||
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
|
||||
const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
|
||||
|
||||
/**
|
||||
* \brief Check that a point is a valid public key on this curve
|
||||
* \brief This function checks that a point is a valid public key
|
||||
* on this curve.
|
||||
*
|
||||
* \param grp Curve/group the point should belong to
|
||||
* \param pt Point to check
|
||||
* It only checks that the point is non-zero, has
|
||||
* valid coordinates and lies on the curve. It does not verify
|
||||
* that it is indeed a multiple of \p G. This additional
|
||||
* check is computationally more expensive, is not required
|
||||
* by standards, and should not be necessary if the group
|
||||
* used has a small cofactor. In particular, it is useless for
|
||||
* the NIST groups which all have a cofactor of 1.
|
||||
*
|
||||
* \return 0 if point is a valid public key,
|
||||
* MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
|
||||
* \note This function uses bare components rather than an
|
||||
* ::mbedtls_ecp_keypair structure, to ease use with other
|
||||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \note This function only checks the point is non-zero, has valid
|
||||
* coordinates and lies on the curve, but not that it is
|
||||
* indeed a multiple of G. This is additional check is more
|
||||
* expensive, isn't required by standards, and shouldn't be
|
||||
* necessary if the group used has a small cofactor. In
|
||||
* particular, it is useless for the NIST groups which all
|
||||
* have a cofactor of 1.
|
||||
* \param grp The curve the point should lie on.
|
||||
* \param pt The point to check.
|
||||
*
|
||||
* \note Uses bare components rather than an mbedtls_ecp_keypair structure
|
||||
* in order to ease use with other structures such as
|
||||
* mbedtls_ecdh_context of mbedtls_ecdsa_context.
|
||||
* \return \c 0 if the point is a valid public key.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
|
||||
|
||||
/**
|
||||
* \brief Check that an mbedtls_mpi is a valid private key for this curve
|
||||
* \brief This function checks that an \p mbedtls_mpi is a valid private
|
||||
* key for this curve.
|
||||
*
|
||||
* \param grp Group used
|
||||
* \param d Integer to check
|
||||
* \note This function uses bare components rather than an
|
||||
* ::mbedtls_ecp_keypair structure to ease use with other
|
||||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \return 0 if point is a valid private key,
|
||||
* MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
|
||||
* \param grp The group used.
|
||||
* \param d The integer to check.
|
||||
*
|
||||
* \note Uses bare components rather than an mbedtls_ecp_keypair structure
|
||||
* in order to ease use with other structures such as
|
||||
* mbedtls_ecdh_context of mbedtls_ecdsa_context.
|
||||
* \return \c 0 if the point is a valid private key.
|
||||
* \return #MBEDTLS_ERR_ECP_INVALID_KEY on failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
|
||||
|
||||
/**
|
||||
* \brief Generate a keypair with configurable base point
|
||||
* \brief This function generates a keypair with a configurable base
|
||||
* point.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param G Chosen base point
|
||||
* \param d Destination MPI (secret part)
|
||||
* \param Q Destination point (public part)
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \note This function uses bare components rather than an
|
||||
* ::mbedtls_ecp_keypair structure to ease use with other
|
||||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \param grp The ECP group.
|
||||
* \param G The chosen base point.
|
||||
* \param d The destination MPI (secret part).
|
||||
* \param Q The destination point (public part).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note Uses bare components rather than an mbedtls_ecp_keypair structure
|
||||
* in order to ease use with other structures such as
|
||||
* mbedtls_ecdh_context of mbedtls_ecdsa_context.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
||||
const mbedtls_ecp_point *G,
|
||||
|
@ -624,57 +692,66 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
|
|||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Generate a keypair
|
||||
* \brief This function generates an ECP keypair.
|
||||
*
|
||||
* \param grp ECP group
|
||||
* \param d Destination MPI (secret part)
|
||||
* \param Q Destination point (public part)
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \note This function uses bare components rather than an
|
||||
* ::mbedtls_ecp_keypair structure to ease use with other
|
||||
* structures, such as ::mbedtls_ecdh_context or
|
||||
* ::mbedtls_ecdsa_context.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \param grp The ECP group.
|
||||
* \param d The destination MPI (secret part).
|
||||
* \param Q The destination point (public part).
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \note Uses bare components rather than an mbedtls_ecp_keypair structure
|
||||
* in order to ease use with other structures such as
|
||||
* mbedtls_ecdh_context of mbedtls_ecdsa_context.
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Generate a keypair
|
||||
* \brief This function generates an ECP key.
|
||||
*
|
||||
* \param grp_id ECP group identifier
|
||||
* \param key Destination keypair
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
* \param grp_id The ECP group identifier.
|
||||
* \param key The destination key.
|
||||
* \param f_rng The RNG function.
|
||||
* \param p_rng The RNG context.
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
|
||||
* \return \c 0 on success.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check a public-private key pair
|
||||
* \brief This function checks that the keypair objects
|
||||
* \p pub and \p prv have the same group and the
|
||||
* same public point, and that the private key in
|
||||
* \p prv is consistent with the public key.
|
||||
*
|
||||
* \param pub Keypair structure holding a public key
|
||||
* \param prv Keypair structure holding a private (plus public) key
|
||||
* \param pub The keypair structure holding the public key.
|
||||
* If it contains a private key, that part is ignored.
|
||||
* \param prv The keypair structure holding the full keypair.
|
||||
*
|
||||
* \return 0 if successful (keys are valid and match), or
|
||||
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
|
||||
* a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
|
||||
* \return \c 0 on success, meaning that the keys are valid and match.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
|
||||
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
|
||||
* error code on calculation failure.
|
||||
*/
|
||||
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
* \brief The ECP checkup routine.
|
||||
*
|
||||
* \return 0 if successful, or 1 if a test failed
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_ecp_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
/**
|
||||
* \file gcm.h
|
||||
*
|
||||
* \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
* \brief This file contains GCM definitions and functions.
|
||||
*
|
||||
* The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
|
||||
* in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
|
||||
* (GCM), Natl. Inst. Stand. Technol.</em>
|
||||
*
|
||||
* For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
|
||||
* Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
|
||||
|
@ -95,7 +97,8 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or a cipher specific error code.
|
||||
* \return \c 0 on success.
|
||||
* \return A cipher-specific error code on failure.
|
||||
*/
|
||||
int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
||||
mbedtls_cipher_id_t cipher,
|
||||
|
@ -105,15 +108,16 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
/**
|
||||
* \brief This function performs GCM encryption or decryption of a buffer.
|
||||
*
|
||||
* \note For encryption, the output buffer can be the same as the input buffer.
|
||||
* For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For encryption, the output buffer can be the same as the
|
||||
* input buffer. For decryption, the output buffer cannot be
|
||||
* the same as input buffer. If the buffers overlap, the output
|
||||
* buffer must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context to use for encryption or decryption.
|
||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
|
@ -141,12 +145,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
* \brief This function performs a GCM authenticated decryption of a
|
||||
* buffer.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple
|
||||
* of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data.
|
||||
|
@ -156,8 +161,8 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return 0 if successful and authenticated, or
|
||||
* #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
|
||||
* \return 0 if successful and authenticated.
|
||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||
*/
|
||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -179,10 +184,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||
* #MBEDTLS_GCM_DECRYPT.
|
||||
* \param iv The initialization vector.
|
||||
* \param iv_len The length of the IV.
|
||||
* \param add The buffer holding the additional data, or NULL if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0, \p add is NULL.
|
||||
* \param add The buffer holding the additional data, or NULL
|
||||
* if \p add_len is 0.
|
||||
* \param add_len The length of the additional data. If 0,
|
||||
* \p add is NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
|
@ -199,16 +206,18 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as input buffer.
|
||||
* If the buffers overlap, the output buffer must trail at least 8 Bytes
|
||||
* behind the input buffer.
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context.
|
||||
* \param length The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data.
|
||||
* \param output The buffer for holding the output data.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
|
@ -226,7 +235,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||
* \param tag The buffer for holding the tag.
|
||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
|
@ -243,7 +253,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
|||
/**
|
||||
* \brief The GCM checkup routine.
|
||||
*
|
||||
* \return \c 0 on success, or \c 1 on failure.
|
||||
* \return \c 0 on success.
|
||||
* \return \c 1 on failure.
|
||||
*/
|
||||
int mbedtls_gcm_self_test( int verbose );
|
||||
|
||||
|
|
|
@ -256,19 +256,19 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The requested feature is not available, for example, the requested curve is not supported" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as ephemeral key, failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The buffer contains a valid signature followed by more data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );
|
||||
mbedtls_snprintf( buf, buflen, "ECP - The ECP hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
|
|
Loading…
Reference in a new issue