Mbed TLS v3.5.0
ecjpake.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_ECJPAKE_H
23 #define MBEDTLS_ECJPAKE_H
24 #include "mbedtls/private_access.h"
25 
26 /*
27  * J-PAKE is a password-authenticated key exchange that allows deriving a
28  * strong shared secret from a (potentially low entropy) pre-shared
29  * passphrase, with forward secrecy and mutual authentication.
30  * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
31  *
32  * This file implements the Elliptic Curve variant of J-PAKE,
33  * as defined in Chapter 7.4 of the Thread v1.0 Specification,
34  * available to members of the Thread Group http://threadgroup.org/
35  *
36  * As the J-PAKE algorithm is inherently symmetric, so is our API.
37  * Each party needs to send its first round message, in any order, to the
38  * other party, then each sends its second round message, in any order.
39  * The payloads are serialized in a way suitable for use in TLS, but could
40  * also be use outside TLS.
41  */
42 #include "mbedtls/build_info.h"
43 
44 #include "mbedtls/ecp.h"
45 #include "mbedtls/md.h"
46 
47 #ifdef __cplusplus
48 extern "C" {
49 #endif
50 
54 typedef enum {
59 
60 #if !defined(MBEDTLS_ECJPAKE_ALT)
72 typedef struct mbedtls_ecjpake_context {
76  int MBEDTLS_PRIVATE(point_format);
89 
90 #else /* MBEDTLS_ECJPAKE_ALT */
91 #include "ecjpake_alt.h"
92 #endif /* MBEDTLS_ECJPAKE_ALT */
93 
101 
125  mbedtls_md_type_t hash,
126  mbedtls_ecp_group_id curve,
127  const unsigned char *secret,
128  size_t len);
129 
143  int point_format);
144 
155 
176  unsigned char *buf, size_t len, size_t *olen,
177  int (*f_rng)(void *, unsigned char *, size_t),
178  void *p_rng);
179 
195  const unsigned char *buf,
196  size_t len);
197 
217  unsigned char *buf, size_t len, size_t *olen,
218  int (*f_rng)(void *, unsigned char *, size_t),
219  void *p_rng);
220 
235  const unsigned char *buf,
236  size_t len);
237 
257  unsigned char *buf, size_t len, size_t *olen,
258  int (*f_rng)(void *, unsigned char *, size_t),
259  void *p_rng);
260 
280  unsigned char *buf, size_t len, size_t *olen,
281  int (*f_rng)(void *, unsigned char *, size_t),
282  void *p_rng);
283 
293 
294 #if defined(MBEDTLS_SELF_TEST)
295 
301 int mbedtls_ecjpake_self_test(int verbose);
302 
303 #endif /* MBEDTLS_SELF_TEST */
304 
305 #ifdef __cplusplus
306 }
307 #endif
308 
309 
310 #endif /* ecjpake.h */
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the second round message (TLS: contents of the Client/ServerKeyExchange).
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the first round message (TLS: contents of the Client/ServerHello extension,...
mbedtls_ecjpake_role
Definition: ecjpake.h:54
@ MBEDTLS_ECJPAKE_NONE
Definition: ecjpake.h:57
@ MBEDTLS_ECJPAKE_CLIENT
Definition: ecjpake.h:55
@ MBEDTLS_ECJPAKE_SERVER
Definition: ecjpake.h:56
int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx, int point_format)
Set the point format for future reads and writes.
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len)
Set up an ECJPAKE context for use.
struct mbedtls_ecjpake_context mbedtls_ecjpake_context
int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write the shared key material to be passed to a Key Derivation Function as described in RFC8236.
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
Initialize an ECJPAKE context.
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the second round message (TLS: contents of the Client/ServerKeyExchange).
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive the shared secret (TLS: Pre-Master Secret).
int mbedtls_ecjpake_self_test(int verbose)
Checkup routine.
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
Check if an ECJPAKE context is ready for use.
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the first round message (TLS: contents of the Client/ServerHello extension,...
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
This clears an ECJPAKE context and frees any embedded data structure.
This file provides an API for Elliptic Curves over GF(P) (ECP).
mbedtls_ecp_group_id
Definition: ecp.h:113
Build-time configuration info.
This file contains the generic functions for message-digest (hashing) and HMAC.
mbedtls_md_type_t
Supported message digests.
Definition: md.h:173
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
The ECP group structure.
Definition: ecp.h:244
The ECP point structure, in Jacobian coordinates.
Definition: ecp.h:169
MPI structure.
Definition: bignum.h:219