Mbed TLS v3.6.4
ecjpake.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 #ifndef MBEDTLS_ECJPAKE_H
11 #define MBEDTLS_ECJPAKE_H
12 #include "mbedtls/private_access.h"
13 
14 /*
15  * J-PAKE is a password-authenticated key exchange that allows deriving a
16  * strong shared secret from a (potentially low entropy) pre-shared
17  * passphrase, with forward secrecy and mutual authentication.
18  * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
19  *
20  * This file implements the Elliptic Curve variant of J-PAKE,
21  * as defined in Chapter 7.4 of the Thread v1.0 Specification,
22  * available to members of the Thread Group http://threadgroup.org/
23  *
24  * As the J-PAKE algorithm is inherently symmetric, so is our API.
25  * Each party needs to send its first round message, in any order, to the
26  * other party, then each sends its second round message, in any order.
27  * The payloads are serialized in a way suitable for use in TLS, but could
28  * also be use outside TLS.
29  */
30 #include "mbedtls/build_info.h"
31 
32 #include "mbedtls/ecp.h"
33 #include "mbedtls/md.h"
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
42 typedef enum {
47 
48 #if !defined(MBEDTLS_ECJPAKE_ALT)
49 
60 typedef struct mbedtls_ecjpake_context {
64  int MBEDTLS_PRIVATE(point_format);
77 
78 #else /* MBEDTLS_ECJPAKE_ALT */
79 #include "ecjpake_alt.h"
80 #endif /* MBEDTLS_ECJPAKE_ALT */
81 
89 
113  mbedtls_md_type_t hash,
114  mbedtls_ecp_group_id curve,
115  const unsigned char *secret,
116  size_t len);
117 
131  int point_format);
132 
143 
164  unsigned char *buf, size_t len, size_t *olen,
165  mbedtls_f_rng_t *f_rng,
166  void *p_rng);
167 
183  const unsigned char *buf,
184  size_t len);
185 
205  unsigned char *buf, size_t len, size_t *olen,
206  mbedtls_f_rng_t *f_rng,
207  void *p_rng);
208 
223  const unsigned char *buf,
224  size_t len);
225 
245  unsigned char *buf, size_t len, size_t *olen,
246  mbedtls_f_rng_t *f_rng,
247  void *p_rng);
248 
268  unsigned char *buf, size_t len, size_t *olen,
269  mbedtls_f_rng_t *f_rng,
270  void *p_rng);
271 
281 
282 #if defined(MBEDTLS_SELF_TEST)
283 
289 int mbedtls_ecjpake_self_test(int verbose);
290 
291 #endif /* MBEDTLS_SELF_TEST */
292 
293 #ifdef __cplusplus
294 }
295 #endif
296 
297 
298 #endif /* ecjpake.h */
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, mbedtls_f_rng_t *f_rng, void *p_rng)
Generate and write the first round message (TLS: contents of the Client/ServerHello extension...
int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size)
The type of custom random generator (RNG) callbacks.
int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, mbedtls_f_rng_t *f_rng, void *p_rng)
Write the shared key material to be passed to a Key Derivation Function as described in RFC8236...
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
Check if an ECJPAKE context is ready for use.
This file provides an API for Elliptic Curves over GF(P) (ECP).
#define MBEDTLS_PRIVATE(member)
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len)
Set up an ECJPAKE context for use.
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, mbedtls_f_rng_t *f_rng, void *p_rng)
Derive the shared secret (TLS: Pre-Master Secret).
The ECP group structure.
Definition: ecp.h:233
int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx, int point_format)
Set the point format for future reads and writes.
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
This clears an ECJPAKE context and frees any embedded data structure.
int mbedtls_ecjpake_self_test(int verbose)
Checkup routine.
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, mbedtls_f_rng_t *f_rng, void *p_rng)
Generate and write the second round message (TLS: contents of the Client/ServerKeyExchange).
Macro wrapper for struct's members.
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
Initialize an ECJPAKE context.
mbedtls_ecp_group_id
Definition: ecp.h:102
Build-time configuration info.
mbedtls_ecjpake_role
Definition: ecjpake.h:42
This file contains the generic functions for message-digest (hashing) and HMAC.
struct mbedtls_ecjpake_context mbedtls_ecjpake_context
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the first round message (TLS: contents of the Client/ServerHello extension...
MPI structure.
Definition: bignum.h:208
The ECP point structure, in Jacobian coordinates.
Definition: ecp.h:158
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the second round message (TLS: contents of the Client/ServerKeyExchange).
mbedtls_md_type_t
Supported message digests.
Definition: md.h:47