mbed TLS v2.7.16
ecjpake.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  *
10  * This file is provided under the Apache License 2.0, or the
11  * GNU General Public License v2.0 or later.
12  *
13  * **********
14  * Apache License 2.0:
15  *
16  * Licensed under the Apache License, Version 2.0 (the "License"); you may
17  * not use this file except in compliance with the License.
18  * You may obtain a copy of the License at
19  *
20  * http://www.apache.org/licenses/LICENSE-2.0
21  *
22  * Unless required by applicable law or agreed to in writing, software
23  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25  * See the License for the specific language governing permissions and
26  * limitations under the License.
27  *
28  * **********
29  *
30  * **********
31  * GNU General Public License v2.0 or later:
32  *
33  * This program is free software; you can redistribute it and/or modify
34  * it under the terms of the GNU General Public License as published by
35  * the Free Software Foundation; either version 2 of the License, or
36  * (at your option) any later version.
37  *
38  * This program is distributed in the hope that it will be useful,
39  * but WITHOUT ANY WARRANTY; without even the implied warranty of
40  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41  * GNU General Public License for more details.
42  *
43  * You should have received a copy of the GNU General Public License along
44  * with this program; if not, write to the Free Software Foundation, Inc.,
45  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46  *
47  * **********
48  *
49  * This file is part of mbed TLS (https://tls.mbed.org)
50  */
51 #ifndef MBEDTLS_ECJPAKE_H
52 #define MBEDTLS_ECJPAKE_H
53 
54 /*
55  * J-PAKE is a password-authenticated key exchange that allows deriving a
56  * strong shared secret from a (potentially low entropy) pre-shared
57  * passphrase, with forward secrecy and mutual authentication.
58  * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
59  *
60  * This file implements the Elliptic Curve variant of J-PAKE,
61  * as defined in Chapter 7.4 of the Thread v1.0 Specification,
62  * available to members of the Thread Group http://threadgroup.org/
63  *
64  * As the J-PAKE algorithm is inherently symmetric, so is our API.
65  * Each party needs to send its first round message, in any order, to the
66  * other party, then each sends its second round message, in any order.
67  * The payloads are serialized in a way suitable for use in TLS, but could
68  * also be use outside TLS.
69  */
70 #if !defined(MBEDTLS_CONFIG_FILE)
71 #include "config.h"
72 #else
73 #include MBEDTLS_CONFIG_FILE
74 #endif
75 
76 #include "ecp.h"
77 #include "md.h"
78 
79 #if !defined(MBEDTLS_ECJPAKE_ALT)
80 
81 #ifdef __cplusplus
82 extern "C" {
83 #endif
84 
88 typedef enum {
92 
104 typedef struct
105 {
122 
130 
149  mbedtls_md_type_t hash,
150  mbedtls_ecp_group_id curve,
151  const unsigned char *secret,
152  size_t len );
153 
163 
180  unsigned char *buf, size_t len, size_t *olen,
181  int (*f_rng)(void *, unsigned char *, size_t),
182  void *p_rng );
183 
197  const unsigned char *buf,
198  size_t len );
199 
215  unsigned char *buf, size_t len, size_t *olen,
216  int (*f_rng)(void *, unsigned char *, size_t),
217  void *p_rng );
218 
231  const unsigned char *buf,
232  size_t len );
233 
249  unsigned char *buf, size_t len, size_t *olen,
250  int (*f_rng)(void *, unsigned char *, size_t),
251  void *p_rng );
252 
259 
260 #ifdef __cplusplus
261 }
262 #endif
263 
264 #else /* MBEDTLS_ECJPAKE_ALT */
265 #include "ecjpake_alt.h"
266 #endif /* MBEDTLS_ECJPAKE_ALT */
267 
268 #if defined(MBEDTLS_SELF_TEST)
269 
270 #ifdef __cplusplus
271 extern "C" {
272 #endif
273 
279 int mbedtls_ecjpake_self_test( int verbose );
280 
281 #ifdef __cplusplus
282 }
283 #endif
284 
285 #endif /* MBEDTLS_SELF_TEST */
286 
287 #endif /* ecjpake.h */
mbedtls_ecp_point Xp2
Definition: ecjpake.h:114
mbedtls_ecp_point Xp1
Definition: ecjpake.h:113
mbedtls_ecp_point Xm1
Definition: ecjpake.h:111
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
Check if a context is ready for use.
Elliptic curves over GF(p)
const mbedtls_md_info_t * md_info
Definition: ecjpake.h:106
Configuration options (set of defines)
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len)
Set up a context for use.
ECP group structure.
Definition: ecp.h:173
mbedtls_ecp_point Xp
Definition: ecjpake.h:115
mbedtls_ecp_point Xm2
Definition: ecjpake.h:112
mbedtls_ecp_group grp
Definition: ecjpake.h:107
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
Free a context's content.
int mbedtls_ecjpake_self_test(int verbose)
Checkup routine.
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the first round message (TLS: contents of the Client/ServerHello extension...
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the second round message (TLS: contents of the Client/ServerKeyExchange) ...
mbedtls_ecjpake_role role
Definition: ecjpake.h:108
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
Initialize a context (just makes it ready for setup() or free()).
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive the shared secret (TLS: Pre-Master Secret)
mbedtls_ecp_group_id
Definition: ecp.h:97
mbedtls_ecjpake_role
Definition: ecjpake.h:88
The generic message-digest wrapper.
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the first round message (TLS: contents of the Client/ServerHello extension...
MPI structure.
Definition: bignum.h:207
struct mbedtls_md_info_t mbedtls_md_info_t
Definition: md.h:105
ECP point structure (jacobian coordinates)
Definition: ecp.h:141
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the second round message (TLS: contents of the Client/ServerKeyExchange) ...
mbedtls_md_type_t
Enumeration of supported message digests.
Definition: md.h:83