File ecdh.h
This file contains ECDH definitions and functions.
The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous key agreement protocol allowing two parties to establish a shared secret over an insecure channel. Each party must have an elliptic-curve public–private key pair.
For more information, see NIST SP 800-56A Rev. 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography.
Defines
-
MBEDTLS_ECDH_LEGACY_CONTEXT
Typedefs
-
typedef struct mbedtls_ecdh_context_mbed mbedtls_ecdh_context_mbed
The context used by the default ECDH implementation.
Later versions might change the structure of this context, therefore users should not make any assumptions about the structure of mbedtls_ecdh_context_mbed.
-
typedef struct mbedtls_ecdh_context mbedtls_ecdh_context
The ECDH context structure.
Warning
Performing multiple operations concurrently on the same ECDSA context is not supported; objects of this type should not be shared between multiple threads.
Enums
-
enum mbedtls_ecdh_side
Defines the source of the imported EC key.
Values:
-
enumerator MBEDTLS_ECDH_OURS
Our key.
-
enumerator MBEDTLS_ECDH_THEIRS
The key of the peer.
-
enumerator MBEDTLS_ECDH_OURS
-
enum mbedtls_ecdh_variant
Defines the ECDH implementation used.
Later versions of the library may add new variants, therefore users should not make any assumptions about them.
Values:
-
enumerator MBEDTLS_ECDH_VARIANT_NONE
Implementation not defined.
-
enumerator MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0
The default Mbed TLS implementation
-
enumerator MBEDTLS_ECDH_VARIANT_EVEREST
Everest implementation
-
enumerator MBEDTLS_ECDH_VARIANT_NONE
Functions
-
mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx)
Return the ECP group for provided context.
Note
To access group specific fields, users should use
mbedtls_ecp_curve_info_from_grp_id
ormbedtls_ecp_group_load
on the extractedgroup_id
.- Parameters:
ctx – The ECDH context to parse. This must not be
NULL
.- Returns:
The
mbedtls_ecp_group_id
of the context.
-
int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid)
Check whether a given group can be used for ECDH.
- Parameters:
gid – The ECP group ID to check.
- Returns:
1
if the group can be used,0
otherwise
-
int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)
This function generates an ECDH keypair on an elliptic curve.
This function performs the first of two core computations implemented during the ECDH key exchange. The second core computation is performed by mbedtls_ecdh_compute_shared().
See also
ecp.h
- Parameters:
grp – The ECP group to use. This must be initialized and have domain parameters loaded, for example through mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
d – The destination MPI (private key). This must be initialized.
Q – The destination point (public key). This must be initialized.
f_rng – The RNG function to use. This must not be
NULL
.p_rng – The RNG context to be passed to
f_rng
. This may beNULL
in casef_rng
doesn’t need a context argument.
- Returns:
0
on success.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
orMBEDTLS_MPI_XXX
error code on failure.
This function computes the shared secret.
This function performs the second of two core computations implemented during the ECDH key exchange. The first core computation is performed by mbedtls_ecdh_gen_public().
See also
ecp.h
Note
If
f_rng
is not NULL, it is used to implement countermeasures against side-channel attacks. For more information, see mbedtls_ecp_mul().- Parameters:
grp – The ECP group to use. This must be initialized and have domain parameters loaded, for example through mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
z – The destination MPI (shared secret). This must be initialized.
Q – The public key from another party. This must be initialized.
d – Our secret exponent (private key). This must be initialized.
f_rng – The RNG function to use. This must not be
NULL
.p_rng – The RNG context to be passed to
f_rng
. This may beNULL
iff_rng
isNULL
or doesn’t need a context argument.
- Returns:
0
on success.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
orMBEDTLS_MPI_XXX
error code on failure.
-
void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx)
This function initializes an ECDH context.
- Parameters:
ctx – The ECDH context to initialize. This must not be
NULL
.
-
int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id)
This function sets up the ECDH context with the information given.
This function should be called after mbedtls_ecdh_init() but before mbedtls_ecdh_make_params(). There is no need to call this function before mbedtls_ecdh_read_params().
This is the first function used by a TLS server for ECDHE ciphersuites.
- Parameters:
ctx – The ECDH context to set up. This must be initialized.
grp_id – The group id of the group to set up the context for.
- Returns:
0
on success.
-
void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
This function frees a context.
- Parameters:
ctx – The context to free. This may be
NULL
, in which case this function does nothing. If it is notNULL
, it must point to an initialized ECDH context.
-
int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)
This function generates an EC key pair and exports its in the format used in a TLS ServerKeyExchange handshake message.
This is the second function used by a TLS server for ECDHE ciphersuites. (It is called after mbedtls_ecdh_setup().)
See also
ecp.h
- Parameters:
ctx – The ECDH context to use. This must be initialized and bound to a group, for example via mbedtls_ecdh_setup().
olen – The address at which to store the number of Bytes written.
buf – The destination buffer. This must be a writable buffer of length
blen
Bytes.blen – The length of the destination buffer
buf
in Bytes.f_rng – The RNG function to use. This must not be
NULL
.p_rng – The RNG context to be passed to
f_rng
. This may beNULL
in casef_rng
doesn’t need a context argument.
- Returns:
0
on success.- Returns:
MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see
mbedtls_ecp_set_max_ops()
.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end)
This function parses the ECDHE parameters in a TLS ServerKeyExchange handshake message.
See also
ecp.h
Note
In a TLS handshake, this is the how the client sets up its ECDHE context from the server’s public ECDHE key material.
- Parameters:
ctx – The ECDHE context to use. This must be initialized.
buf – On input,
*buf
must be the start of the input buffer. On output,*buf
is updated to point to the end of the data that has been read. On success, this is the first byte past the end of the ServerKeyExchange parameters. On error, this is the point at which an error has been detected, which is usually not useful except to debug failures.end – The end of the input buffer.
- Returns:
0
on success.- Returns:
An
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side)
This function sets up an ECDH context from an EC key.
It is used by clients and servers in place of the ServerKeyExchange for static ECDH, and imports ECDH parameters from the EC key information of a certificate.
See also
ecp.h
- Parameters:
ctx – The ECDH context to set up. This must be initialized.
key – The EC key to use. This must be initialized.
side – Defines the source of the key. Possible values are:
MBEDTLS_ECDH_OURS: The key is ours.
MBEDTLS_ECDH_THEIRS: The key is that of the peer.
- Returns:
0
on success.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)
This function generates a public key and exports it as a TLS ClientKeyExchange payload.
This is the second function used by a TLS client for ECDH(E) ciphersuites.
See also
ecp.h
- Parameters:
ctx – The ECDH context to use. This must be initialized and bound to a group, the latter usually by mbedtls_ecdh_read_params().
olen – The address at which to store the number of Bytes written. This must not be
NULL
.buf – The destination buffer. This must be a writable buffer of length
blen
Bytes.blen – The size of the destination buffer
buf
in Bytes.f_rng – The RNG function to use. This must not be
NULL
.p_rng – The RNG context to be passed to
f_rng
. This may beNULL
in casef_rng
doesn’t need a context argument.
- Returns:
0
on success.- Returns:
MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see
mbedtls_ecp_set_max_ops()
.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, const unsigned char *buf, size_t blen)
This function parses and processes the ECDHE payload of a TLS ClientKeyExchange message.
This is the third function used by a TLS server for ECDH(E) ciphersuites. (It is called after mbedtls_ecdh_setup() and mbedtls_ecdh_make_params().)
See also
ecp.h
- Parameters:
ctx – The ECDH context to use. This must be initialized and bound to a group, for example via mbedtls_ecdh_setup().
buf – The pointer to the ClientKeyExchange payload. This must be a readable buffer of length
blen
Bytes.blen – The length of the input buffer
buf
in Bytes.
- Returns:
0
on success.- Returns:
An
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, int (*f_rng)(void*, unsigned char*, size_t), void *p_rng)
This function derives and exports the shared secret.
This is the last function used by both TLS client and servers.
See also
ecp.h
Note
If
f_rng
is not NULL, it is used to implement countermeasures against side-channel attacks. For more information, see mbedtls_ecp_mul().- Parameters:
ctx – The ECDH context to use. This must be initialized and have its own private key generated and the peer’s public key imported.
olen – The address at which to store the total number of Bytes written on success. This must not be
NULL
.buf – The buffer to write the generated shared key to. This must be a writable buffer of size
blen
Bytes.blen – The length of the destination buffer
buf
in Bytes.f_rng – The RNG function to use. This must not be
NULL
.p_rng – The RNG context. This may be
NULL
iff_rng
doesn’t need a context argument.
- Returns:
0
on success.- Returns:
MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of operations was reached: see
mbedtls_ecp_set_max_ops()
.- Returns:
Another
MBEDTLS_ERR_ECP_XXX
error code on failure.
-
void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx)
This function enables restartable EC computations for this context. (Default: disabled.)
See also
Note
It is not possible to safely disable restartable computations once enabled, except by free-ing the context, which cancels possible in-progress operations.
- Parameters:
ctx – The ECDH context to use. This must be initialized.
-
struct mbedtls_ecdh_context_mbed
- #include <ecdh.h>
The context used by the default ECDH implementation.
Later versions might change the structure of this context, therefore users should not make any assumptions about the structure of mbedtls_ecdh_context_mbed.
Public Members
-
mbedtls_ecp_group private_grp
The elliptic curve used.
-
mbedtls_mpi private_d
The private key.
-
mbedtls_ecp_point private_Q
The public key.
-
mbedtls_ecp_point private_Qp
The value of the public key of the peer.
-
mbedtls_mpi private_z
The shared secret.
-
mbedtls_ecp_restart_ctx private_rs
The restart context for EC computations.
-
mbedtls_ecp_group private_grp
-
struct mbedtls_ecdh_context
- #include <ecdh.h>
The ECDH context structure.
Warning
Performing multiple operations concurrently on the same ECDSA context is not supported; objects of this type should not be shared between multiple threads.
Public Members
-
uint8_t private_point_format
The format of point export in TLS messages as defined in RFC 4492.
-
mbedtls_ecp_group_id private_grp_id
The elliptic curve used.
-
mbedtls_ecdh_variant private_var
The ECDH implementation/structure used.
-
mbedtls_ecdh_context_mbed private_mbed_ecdh
-
mbedtls_ecdh_context_everest private_everest_ecdh
-
union mbedtls_ecdh_context::[anonymous] private_ctx
Implementation-specific context. The context in use is specified by the
var
field.
-
uint8_t private_restart_enabled
The flag for restartable mode. Functions of an alternative implementation not supporting restartable mode must return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error if this flag is set.
-
uint8_t private_point_format