[398] | 1 | /**
|
---|
| 2 | * \file ecdh.h
|
---|
| 3 | *
|
---|
| 4 | * \brief This file contains ECDH definitions and functions.
|
---|
| 5 | *
|
---|
| 6 | * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
|
---|
| 7 | * key agreement protocol allowing two parties to establish a shared
|
---|
| 8 | * secret over an insecure channel. Each party must have an
|
---|
| 9 | * elliptic-curve public–private key pair.
|
---|
| 10 | *
|
---|
| 11 | * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
|
---|
| 12 | * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
|
---|
| 13 | * Cryptography</em>.
|
---|
| 14 | */
|
---|
| 15 | /*
|
---|
| 16 | * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
|
---|
| 17 | * SPDX-License-Identifier: Apache-2.0
|
---|
| 18 | *
|
---|
| 19 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
| 20 | * not use this file except in compliance with the License.
|
---|
| 21 | * You may obtain a copy of the License at
|
---|
| 22 | *
|
---|
| 23 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
| 24 | *
|
---|
| 25 | * Unless required by applicable law or agreed to in writing, software
|
---|
| 26 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
| 27 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
| 28 | * See the License for the specific language governing permissions and
|
---|
| 29 | * limitations under the License.
|
---|
| 30 | *
|
---|
| 31 | * This file is part of Mbed TLS (https://tls.mbed.org)
|
---|
| 32 | */
|
---|
| 33 |
|
---|
| 34 | #ifndef MBEDTLS_ECDH_H
|
---|
| 35 | #define MBEDTLS_ECDH_H
|
---|
| 36 |
|
---|
| 37 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
| 38 | #include "config.h"
|
---|
| 39 | #else
|
---|
| 40 | #include MBEDTLS_CONFIG_FILE
|
---|
| 41 | #endif
|
---|
| 42 |
|
---|
| 43 | #include "ecp.h"
|
---|
| 44 |
|
---|
| 45 | /*
|
---|
| 46 | * Use a backward compatible ECDH context.
|
---|
| 47 | *
|
---|
| 48 | * This flag is always enabled for now and future versions might add a
|
---|
| 49 | * configuration option that conditionally undefines this flag.
|
---|
| 50 | * The configuration option in question may have a different name.
|
---|
| 51 | *
|
---|
| 52 | * Features undefining this flag, must have a warning in their description in
|
---|
| 53 | * config.h stating that the feature breaks backward compatibility.
|
---|
| 54 | */
|
---|
| 55 | #define MBEDTLS_ECDH_LEGACY_CONTEXT
|
---|
| 56 |
|
---|
| 57 | #ifdef __cplusplus
|
---|
| 58 | extern "C" {
|
---|
| 59 | #endif
|
---|
| 60 |
|
---|
| 61 | /**
|
---|
| 62 | * Defines the source of the imported EC key.
|
---|
| 63 | */
|
---|
| 64 | typedef enum
|
---|
| 65 | {
|
---|
| 66 | MBEDTLS_ECDH_OURS, /**< Our key. */
|
---|
| 67 | MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
|
---|
| 68 | } mbedtls_ecdh_side;
|
---|
| 69 |
|
---|
| 70 | #if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
---|
| 71 | /**
|
---|
| 72 | * Defines the ECDH implementation used.
|
---|
| 73 | *
|
---|
| 74 | * Later versions of the library may add new variants, therefore users should
|
---|
| 75 | * not make any assumptions about them.
|
---|
| 76 | */
|
---|
| 77 | typedef enum
|
---|
| 78 | {
|
---|
| 79 | MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
|
---|
| 80 | MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
|
---|
| 81 | } mbedtls_ecdh_variant;
|
---|
| 82 |
|
---|
| 83 | /**
|
---|
| 84 | * The context used by the default ECDH implementation.
|
---|
| 85 | *
|
---|
| 86 | * Later versions might change the structure of this context, therefore users
|
---|
| 87 | * should not make any assumptions about the structure of
|
---|
| 88 | * mbedtls_ecdh_context_mbed.
|
---|
| 89 | */
|
---|
| 90 | typedef struct mbedtls_ecdh_context_mbed
|
---|
| 91 | {
|
---|
| 92 | mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
---|
| 93 | mbedtls_mpi d; /*!< The private key. */
|
---|
| 94 | mbedtls_ecp_point Q; /*!< The public key. */
|
---|
| 95 | mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
---|
| 96 | mbedtls_mpi z; /*!< The shared secret. */
|
---|
| 97 | #if defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 98 | mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
---|
| 99 | #endif
|
---|
| 100 | } mbedtls_ecdh_context_mbed;
|
---|
| 101 | #endif
|
---|
| 102 |
|
---|
| 103 | /**
|
---|
| 104 | *
|
---|
| 105 | * \warning Performing multiple operations concurrently on the same
|
---|
| 106 | * ECDSA context is not supported; objects of this type
|
---|
| 107 | * should not be shared between multiple threads.
|
---|
| 108 | * \brief The ECDH context structure.
|
---|
| 109 | */
|
---|
| 110 | typedef struct mbedtls_ecdh_context
|
---|
| 111 | {
|
---|
| 112 | #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
---|
| 113 | mbedtls_ecp_group grp; /*!< The elliptic curve used. */
|
---|
| 114 | mbedtls_mpi d; /*!< The private key. */
|
---|
| 115 | mbedtls_ecp_point Q; /*!< The public key. */
|
---|
| 116 | mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
|
---|
| 117 | mbedtls_mpi z; /*!< The shared secret. */
|
---|
| 118 | int point_format; /*!< The format of point export in TLS messages. */
|
---|
| 119 | mbedtls_ecp_point Vi; /*!< The blinding value. */
|
---|
| 120 | mbedtls_ecp_point Vf; /*!< The unblinding value. */
|
---|
| 121 | mbedtls_mpi _d; /*!< The previous \p d. */
|
---|
| 122 | #if defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 123 | int restart_enabled; /*!< The flag for restartable mode. */
|
---|
| 124 | mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
|
---|
| 125 | #endif /* MBEDTLS_ECP_RESTARTABLE */
|
---|
| 126 | #else
|
---|
| 127 | uint8_t point_format; /*!< The format of point export in TLS messages
|
---|
| 128 | as defined in RFC 4492. */
|
---|
| 129 | mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
|
---|
| 130 | mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
|
---|
| 131 | union
|
---|
| 132 | {
|
---|
| 133 | mbedtls_ecdh_context_mbed mbed_ecdh;
|
---|
| 134 | } ctx; /*!< Implementation-specific context. The
|
---|
| 135 | context in use is specified by the \c var
|
---|
| 136 | field. */
|
---|
| 137 | #if defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 138 | uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
|
---|
| 139 | an alternative implementation not supporting
|
---|
| 140 | restartable mode must return
|
---|
| 141 | MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
|
---|
| 142 | if this flag is set. */
|
---|
| 143 | #endif /* MBEDTLS_ECP_RESTARTABLE */
|
---|
| 144 | #endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
|
---|
| 145 | }
|
---|
| 146 | mbedtls_ecdh_context;
|
---|
| 147 |
|
---|
| 148 | /**
|
---|
| 149 | * \brief This function generates an ECDH keypair on an elliptic
|
---|
| 150 | * curve.
|
---|
| 151 | *
|
---|
| 152 | * This function performs the first of two core computations
|
---|
| 153 | * implemented during the ECDH key exchange. The second core
|
---|
| 154 | * computation is performed by mbedtls_ecdh_compute_shared().
|
---|
| 155 | *
|
---|
| 156 | * \see ecp.h
|
---|
| 157 | *
|
---|
| 158 | * \param grp The ECP group to use. This must be initialized and have
|
---|
| 159 | * domain parameters loaded, for example through
|
---|
| 160 | * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
---|
| 161 | * \param d The destination MPI (private key).
|
---|
| 162 | * This must be initialized.
|
---|
| 163 | * \param Q The destination point (public key).
|
---|
| 164 | * This must be initialized.
|
---|
| 165 | * \param f_rng The RNG function to use. This must not be \c NULL.
|
---|
| 166 | * \param p_rng The RNG context to be passed to \p f_rng. This may be
|
---|
| 167 | * \c NULL in case \p f_rng doesn't need a context argument.
|
---|
| 168 | *
|
---|
| 169 | * \return \c 0 on success.
|
---|
| 170 | * \return Another \c MBEDTLS_ERR_ECP_XXX or
|
---|
| 171 | * \c MBEDTLS_MPI_XXX error code on failure.
|
---|
| 172 | */
|
---|
| 173 | int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
|
---|
| 174 | int (*f_rng)(void *, unsigned char *, size_t),
|
---|
| 175 | void *p_rng );
|
---|
| 176 |
|
---|
| 177 | /**
|
---|
| 178 | * \brief This function computes the shared secret.
|
---|
| 179 | *
|
---|
| 180 | * This function performs the second of two core computations
|
---|
| 181 | * implemented during the ECDH key exchange. The first core
|
---|
| 182 | * computation is performed by mbedtls_ecdh_gen_public().
|
---|
| 183 | *
|
---|
| 184 | * \see ecp.h
|
---|
| 185 | *
|
---|
| 186 | * \note If \p f_rng is not NULL, it is used to implement
|
---|
| 187 | * countermeasures against side-channel attacks.
|
---|
| 188 | * For more information, see mbedtls_ecp_mul().
|
---|
| 189 | *
|
---|
| 190 | * \param grp The ECP group to use. This must be initialized and have
|
---|
| 191 | * domain parameters loaded, for example through
|
---|
| 192 | * mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
|
---|
| 193 | * \param z The destination MPI (shared secret).
|
---|
| 194 | * This must be initialized.
|
---|
| 195 | * \param Q The public key from another party.
|
---|
| 196 | * This must be initialized.
|
---|
| 197 | * \param d Our secret exponent (private key).
|
---|
| 198 | * This must be initialized.
|
---|
| 199 | * \param f_rng The RNG function. This may be \c NULL if randomization
|
---|
| 200 | * of intermediate results during the ECP computations is
|
---|
| 201 | * not needed (discouraged). See the documentation of
|
---|
| 202 | * mbedtls_ecp_mul() for more.
|
---|
| 203 | * \param p_rng The RNG context to be passed to \p f_rng. This may be
|
---|
| 204 | * \c NULL if \p f_rng is \c NULL or doesn't need a
|
---|
| 205 | * context argument.
|
---|
| 206 | *
|
---|
| 207 | * \return \c 0 on success.
|
---|
| 208 | * \return Another \c MBEDTLS_ERR_ECP_XXX or
|
---|
| 209 | * \c MBEDTLS_MPI_XXX error code on failure.
|
---|
| 210 | */
|
---|
| 211 | int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
|
---|
| 212 | const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
|
---|
| 213 | int (*f_rng)(void *, unsigned char *, size_t),
|
---|
| 214 | void *p_rng );
|
---|
| 215 |
|
---|
| 216 | /**
|
---|
| 217 | * \brief This function initializes an ECDH context.
|
---|
| 218 | *
|
---|
| 219 | * \param ctx The ECDH context to initialize. This must not be \c NULL.
|
---|
| 220 | */
|
---|
| 221 | void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
|
---|
| 222 |
|
---|
| 223 | /**
|
---|
| 224 | * \brief This function sets up the ECDH context with the information
|
---|
| 225 | * given.
|
---|
| 226 | *
|
---|
| 227 | * This function should be called after mbedtls_ecdh_init() but
|
---|
| 228 | * before mbedtls_ecdh_make_params(). There is no need to call
|
---|
| 229 | * this function before mbedtls_ecdh_read_params().
|
---|
| 230 | *
|
---|
| 231 | * This is the first function used by a TLS server for ECDHE
|
---|
| 232 | * ciphersuites.
|
---|
| 233 | *
|
---|
| 234 | * \param ctx The ECDH context to set up. This must be initialized.
|
---|
| 235 | * \param grp_id The group id of the group to set up the context for.
|
---|
| 236 | *
|
---|
| 237 | * \return \c 0 on success.
|
---|
| 238 | */
|
---|
| 239 | int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
|
---|
| 240 | mbedtls_ecp_group_id grp_id );
|
---|
| 241 |
|
---|
| 242 | /**
|
---|
| 243 | * \brief This function frees a context.
|
---|
| 244 | *
|
---|
| 245 | * \param ctx The context to free. This may be \c NULL, in which
|
---|
| 246 | * case this function does nothing. If it is not \c NULL,
|
---|
| 247 | * it must point to an initialized ECDH context.
|
---|
| 248 | */
|
---|
| 249 | void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
|
---|
| 250 |
|
---|
| 251 | /**
|
---|
| 252 | * \brief This function generates an EC key pair and exports its
|
---|
| 253 | * in the format used in a TLS ServerKeyExchange handshake
|
---|
| 254 | * message.
|
---|
| 255 | *
|
---|
| 256 | * This is the second function used by a TLS server for ECDHE
|
---|
| 257 | * ciphersuites. (It is called after mbedtls_ecdh_setup().)
|
---|
| 258 | *
|
---|
| 259 | * \see ecp.h
|
---|
| 260 | *
|
---|
| 261 | * \param ctx The ECDH context to use. This must be initialized
|
---|
| 262 | * and bound to a group, for example via mbedtls_ecdh_setup().
|
---|
| 263 | * \param olen The address at which to store the number of Bytes written.
|
---|
| 264 | * \param buf The destination buffer. This must be a writable buffer of
|
---|
| 265 | * length \p blen Bytes.
|
---|
| 266 | * \param blen The length of the destination buffer \p buf in Bytes.
|
---|
| 267 | * \param f_rng The RNG function to use. This must not be \c NULL.
|
---|
| 268 | * \param p_rng The RNG context to be passed to \p f_rng. This may be
|
---|
| 269 | * \c NULL in case \p f_rng doesn't need a context argument.
|
---|
| 270 | *
|
---|
| 271 | * \return \c 0 on success.
|
---|
| 272 | * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
---|
| 273 | * operations was reached: see \c mbedtls_ecp_set_max_ops().
|
---|
| 274 | * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 275 | */
|
---|
| 276 | int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
|
---|
| 277 | unsigned char *buf, size_t blen,
|
---|
| 278 | int (*f_rng)(void *, unsigned char *, size_t),
|
---|
| 279 | void *p_rng );
|
---|
| 280 |
|
---|
| 281 | /**
|
---|
| 282 | * \brief This function parses the ECDHE parameters in a
|
---|
| 283 | * TLS ServerKeyExchange handshake message.
|
---|
| 284 | *
|
---|
| 285 | * \note In a TLS handshake, this is the how the client
|
---|
| 286 | * sets up its ECDHE context from the server's public
|
---|
| 287 | * ECDHE key material.
|
---|
| 288 | *
|
---|
| 289 | * \see ecp.h
|
---|
| 290 | *
|
---|
| 291 | * \param ctx The ECDHE context to use. This must be initialized.
|
---|
| 292 | * \param buf On input, \c *buf must be the start of the input buffer.
|
---|
| 293 | * On output, \c *buf is updated to point to the end of the
|
---|
| 294 | * data that has been read. On success, this is the first byte
|
---|
| 295 | * past the end of the ServerKeyExchange parameters.
|
---|
| 296 | * On error, this is the point at which an error has been
|
---|
| 297 | * detected, which is usually not useful except to debug
|
---|
| 298 | * failures.
|
---|
| 299 | * \param end The end of the input buffer.
|
---|
| 300 | *
|
---|
| 301 | * \return \c 0 on success.
|
---|
| 302 | * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 303 | *
|
---|
| 304 | */
|
---|
| 305 | int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
|
---|
| 306 | const unsigned char **buf,
|
---|
| 307 | const unsigned char *end );
|
---|
| 308 |
|
---|
| 309 | /**
|
---|
| 310 | * \brief This function sets up an ECDH context from an EC key.
|
---|
| 311 | *
|
---|
| 312 | * It is used by clients and servers in place of the
|
---|
| 313 | * ServerKeyEchange for static ECDH, and imports ECDH
|
---|
| 314 | * parameters from the EC key information of a certificate.
|
---|
| 315 | *
|
---|
| 316 | * \see ecp.h
|
---|
| 317 | *
|
---|
| 318 | * \param ctx The ECDH context to set up. This must be initialized.
|
---|
| 319 | * \param key The EC key to use. This must be initialized.
|
---|
| 320 | * \param side Defines the source of the key. Possible values are:
|
---|
| 321 | * - #MBEDTLS_ECDH_OURS: The key is ours.
|
---|
| 322 | * - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
|
---|
| 323 | *
|
---|
| 324 | * \return \c 0 on success.
|
---|
| 325 | * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 326 | *
|
---|
| 327 | */
|
---|
| 328 | int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
|
---|
| 329 | const mbedtls_ecp_keypair *key,
|
---|
| 330 | mbedtls_ecdh_side side );
|
---|
| 331 |
|
---|
| 332 | /**
|
---|
| 333 | * \brief This function generates a public key and exports it
|
---|
| 334 | * as a TLS ClientKeyExchange payload.
|
---|
| 335 | *
|
---|
| 336 | * This is the second function used by a TLS client for ECDH(E)
|
---|
| 337 | * ciphersuites.
|
---|
| 338 | *
|
---|
| 339 | * \see ecp.h
|
---|
| 340 | *
|
---|
| 341 | * \param ctx The ECDH context to use. This must be initialized
|
---|
| 342 | * and bound to a group, the latter usually by
|
---|
| 343 | * mbedtls_ecdh_read_params().
|
---|
| 344 | * \param olen The address at which to store the number of Bytes written.
|
---|
| 345 | * This must not be \c NULL.
|
---|
| 346 | * \param buf The destination buffer. This must be a writable buffer
|
---|
| 347 | * of length \p blen Bytes.
|
---|
| 348 | * \param blen The size of the destination buffer \p buf in Bytes.
|
---|
| 349 | * \param f_rng The RNG function to use. This must not be \c NULL.
|
---|
| 350 | * \param p_rng The RNG context to be passed to \p f_rng. This may be
|
---|
| 351 | * \c NULL in case \p f_rng doesn't need a context argument.
|
---|
| 352 | *
|
---|
| 353 | * \return \c 0 on success.
|
---|
| 354 | * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
---|
| 355 | * operations was reached: see \c mbedtls_ecp_set_max_ops().
|
---|
| 356 | * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 357 | */
|
---|
| 358 | int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
|
---|
| 359 | unsigned char *buf, size_t blen,
|
---|
| 360 | int (*f_rng)(void *, unsigned char *, size_t),
|
---|
| 361 | void *p_rng );
|
---|
| 362 |
|
---|
| 363 | /**
|
---|
| 364 | * \brief This function parses and processes the ECDHE payload of a
|
---|
| 365 | * TLS ClientKeyExchange message.
|
---|
| 366 | *
|
---|
| 367 | * This is the third function used by a TLS server for ECDH(E)
|
---|
| 368 | * ciphersuites. (It is called after mbedtls_ecdh_setup() and
|
---|
| 369 | * mbedtls_ecdh_make_params().)
|
---|
| 370 | *
|
---|
| 371 | * \see ecp.h
|
---|
| 372 | *
|
---|
| 373 | * \param ctx The ECDH context to use. This must be initialized
|
---|
| 374 | * and bound to a group, for example via mbedtls_ecdh_setup().
|
---|
| 375 | * \param buf The pointer to the ClientKeyExchange payload. This must
|
---|
| 376 | * be a readable buffer of length \p blen Bytes.
|
---|
| 377 | * \param blen The length of the input buffer \p buf in Bytes.
|
---|
| 378 | *
|
---|
| 379 | * \return \c 0 on success.
|
---|
| 380 | * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 381 | */
|
---|
| 382 | int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
|
---|
| 383 | const unsigned char *buf, size_t blen );
|
---|
| 384 |
|
---|
| 385 | /**
|
---|
| 386 | * \brief This function derives and exports the shared secret.
|
---|
| 387 | *
|
---|
| 388 | * This is the last function used by both TLS client
|
---|
| 389 | * and servers.
|
---|
| 390 | *
|
---|
| 391 | * \note If \p f_rng is not NULL, it is used to implement
|
---|
| 392 | * countermeasures against side-channel attacks.
|
---|
| 393 | * For more information, see mbedtls_ecp_mul().
|
---|
| 394 | *
|
---|
| 395 | * \see ecp.h
|
---|
| 396 |
|
---|
| 397 | * \param ctx The ECDH context to use. This must be initialized
|
---|
| 398 | * and have its own private key generated and the peer's
|
---|
| 399 | * public key imported.
|
---|
| 400 | * \param olen The address at which to store the total number of
|
---|
| 401 | * Bytes written on success. This must not be \c NULL.
|
---|
| 402 | * \param buf The buffer to write the generated shared key to. This
|
---|
| 403 | * must be a writable buffer of size \p blen Bytes.
|
---|
| 404 | * \param blen The length of the destination buffer \p buf in Bytes.
|
---|
| 405 | * \param f_rng The RNG function, for blinding purposes. This may
|
---|
| 406 | * b \c NULL if blinding isn't needed.
|
---|
| 407 | * \param p_rng The RNG context. This may be \c NULL if \p f_rng
|
---|
| 408 | * doesn't need a context argument.
|
---|
| 409 | *
|
---|
| 410 | * \return \c 0 on success.
|
---|
| 411 | * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
|
---|
| 412 | * operations was reached: see \c mbedtls_ecp_set_max_ops().
|
---|
| 413 | * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
|
---|
| 414 | */
|
---|
| 415 | int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
|
---|
| 416 | unsigned char *buf, size_t blen,
|
---|
| 417 | int (*f_rng)(void *, unsigned char *, size_t),
|
---|
| 418 | void *p_rng );
|
---|
| 419 |
|
---|
| 420 | #if defined(MBEDTLS_ECP_RESTARTABLE)
|
---|
| 421 | /**
|
---|
| 422 | * \brief This function enables restartable EC computations for this
|
---|
| 423 | * context. (Default: disabled.)
|
---|
| 424 | *
|
---|
| 425 | * \see \c mbedtls_ecp_set_max_ops()
|
---|
| 426 | *
|
---|
| 427 | * \note It is not possible to safely disable restartable
|
---|
| 428 | * computations once enabled, except by free-ing the context,
|
---|
| 429 | * which cancels possible in-progress operations.
|
---|
| 430 | *
|
---|
| 431 | * \param ctx The ECDH context to use. This must be initialized.
|
---|
| 432 | */
|
---|
| 433 | void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
|
---|
| 434 | #endif /* MBEDTLS_ECP_RESTARTABLE */
|
---|
| 435 |
|
---|
| 436 | #ifdef __cplusplus
|
---|
| 437 | }
|
---|
| 438 | #endif
|
---|
| 439 |
|
---|
| 440 | #endif /* ecdh.h */
|
---|