/* * Elliptic curve J-PAKE * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * References in the code are to the Thread v1.0 Specification, * available to members of the Thread Group http://threadgroup.org/ */ #include "common.h" #if defined(MBEDTLS_ECJPAKE_C) #include "mbedtls/ecjpake.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include <string.h> #if !defined(MBEDTLS_ECJPAKE_ALT) /* * Convert a mbedtls_ecjpake_role to identifier string */ static const char * const ecjpake_id[] = …; #define ID_MINE … #define ID_PEER … /** * Helper to Compute a hash from md_type */ static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type, const unsigned char *input, size_t ilen, unsigned char *output) { … } /* * Initialize context */ void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx) { … } /* * Free context */ void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx) { … } /* * Setup context */ int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len) { … } int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx, int point_format) { … } /* * Check if context is ready for use */ int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx) { … } /* * Write a point plus its length to a buffer */ static int ecjpake_write_len_point(unsigned char **p, const unsigned char *end, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *P) { … } /* * Size of the temporary buffer for ecjpake_hash: * 3 EC points plus their length, plus ID and its length (4 + 6 bytes) */ #define ECJPAKE_HASH_BUF_LEN … /* * Compute hash for ZKP (7.4.2.2.2.1) */ static int ecjpake_hash(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, const mbedtls_ecp_point *V, const mbedtls_ecp_point *X, const char *id, mbedtls_mpi *h) { … } /* * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3) */ static int ecjpake_zkp_read(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, const mbedtls_ecp_point *X, const char *id, const unsigned char **p, const unsigned char *end) { … } /* * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2) */ static int ecjpake_zkp_write(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, const mbedtls_mpi *x, const mbedtls_ecp_point *X, const char *id, unsigned char **p, const unsigned char *end, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof * Output: verified public key X */ static int ecjpake_kkp_read(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, mbedtls_ecp_point *X, const char *id, const unsigned char **p, const unsigned char *end) { … } /* * Generate an ECJPAKEKeyKP * Output: the serialized structure, plus private/public key pair */ static int ecjpake_kkp_write(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, mbedtls_mpi *x, mbedtls_ecp_point *X, const char *id, unsigned char **p, const unsigned char *end, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs * Outputs: verified peer public keys Xa, Xb */ static int ecjpake_kkpp_read(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, mbedtls_ecp_point *Xa, mbedtls_ecp_point *Xb, const char *id, const unsigned char *buf, size_t len) { … } /* * Generate a ECJPAKEKeyKPPairList * Outputs: the serialized structure, plus two private/public key pairs */ static int ecjpake_kkpp_write(const mbedtls_md_type_t md_type, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, mbedtls_mpi *xm1, mbedtls_ecp_point *Xa, mbedtls_mpi *xm2, mbedtls_ecp_point *Xb, const char *id, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Read and process the first round message */ int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len) { … } /* * Generate and write the first round message */ int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Compute the sum of three points R = A + B + C */ static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *A, const mbedtls_ecp_point *B, const mbedtls_ecp_point *C) { … } /* * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6) */ int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len) { … } /* * Compute R = +/- X * S mod N, taking care not to leak S */ static int ecjpake_mul_secret(mbedtls_mpi *R, int sign, const mbedtls_mpi *X, const mbedtls_mpi *S, const mbedtls_mpi *N, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6) */ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } /* * Derive PMS (7.4.2.7 / 7.4.2.8) */ static int mbedtls_ecjpake_derive_k(mbedtls_ecjpake_context *ctx, mbedtls_ecp_point *K, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { … } #undef ID_MINE #undef ID_PEER #endif /* ! MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_SELF_TEST) #include "mbedtls/platform.h" #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ !defined(MBEDTLS_MD_CAN_SHA256) int mbedtls_ecjpake_self_test(int verbose) { (void) verbose; return 0; } #else static const unsigned char ecjpake_test_password[] = …; #if !defined(MBEDTLS_ECJPAKE_ALT) static const unsigned char ecjpake_test_x1[] = …; static const unsigned char ecjpake_test_x2[] = …; static const unsigned char ecjpake_test_x3[] = …; static const unsigned char ecjpake_test_x4[] = …; static const unsigned char ecjpake_test_cli_one[] = …; static const unsigned char ecjpake_test_srv_one[] = …; static const unsigned char ecjpake_test_srv_two[] = …; static const unsigned char ecjpake_test_cli_two[] = …; static const unsigned char ecjpake_test_shared_key[] = …; static const unsigned char ecjpake_test_pms[] = …; /* * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! * * This is the linear congruential generator from numerical recipes, * except we only use the low byte as the output. See * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use */ static int self_test_rng(void *ctx, unsigned char *out, size_t len) { … } /* Load my private keys and generate the corresponding public keys */ static int ecjpake_test_load(mbedtls_ecjpake_context *ctx, const unsigned char *xm1, size_t len1, const unsigned char *xm2, size_t len2) { … } #endif /* ! MBEDTLS_ECJPAKE_ALT */ /* For tests we don't need a secure RNG; * use the LGC from Numerical Recipes for simplicity */ static int ecjpake_lgc(void *p, unsigned char *out, size_t len) { … } #define TEST_ASSERT … /* * Checkup routine */ int mbedtls_ecjpake_self_test(int verbose) { … } #undef TEST_ASSERT #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_MD_CAN_SHA256 */ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_ECJPAKE_C */
Codebase Browser
godot