mbed TLS v2.6.0
ecjpake.h
Go to the documentation of this file.
1 
25 #ifndef MBEDTLS_ECJPAKE_H
26 #define MBEDTLS_ECJPAKE_H
27 
28 /*
29  * J-PAKE is a password-authenticated key exchange that allows deriving a
30  * strong shared secret from a (potentially low entropy) pre-shared
31  * passphrase, with forward secrecy and mutual authentication.
32  * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
33  *
34  * This file implements the Elliptic Curve variant of J-PAKE,
35  * as defined in Chapter 7.4 of the Thread v1.0 Specification,
36  * available to members of the Thread Group http://threadgroup.org/
37  *
38  * As the J-PAKE algorithm is inherently symmetric, so is our API.
39  * Each party needs to send its first round message, in any order, to the
40  * other party, then each sends its second round message, in any order.
41  * The payloads are serialized in a way suitable for use in TLS, but could
42  * also be use outside TLS.
43  */
44 
45 #include "ecp.h"
46 #include "md.h"
47 
48 #ifdef __cplusplus
49 extern "C" {
50 #endif
51 
55 typedef enum {
59 
71 typedef struct
72 {
89 
97 
116  mbedtls_md_type_t hash,
117  mbedtls_ecp_group_id curve,
118  const unsigned char *secret,
119  size_t len );
120 
130 
147  unsigned char *buf, size_t len, size_t *olen,
148  int (*f_rng)(void *, unsigned char *, size_t),
149  void *p_rng );
150 
164  const unsigned char *buf,
165  size_t len );
166 
182  unsigned char *buf, size_t len, size_t *olen,
183  int (*f_rng)(void *, unsigned char *, size_t),
184  void *p_rng );
185 
198  const unsigned char *buf,
199  size_t len );
200 
216  unsigned char *buf, size_t len, size_t *olen,
217  int (*f_rng)(void *, unsigned char *, size_t),
218  void *p_rng );
219 
226 
227 #if defined(MBEDTLS_SELF_TEST)
228 
233 int mbedtls_ecjpake_self_test( int verbose );
234 #endif
235 
236 #ifdef __cplusplus
237 }
238 #endif
239 
240 #endif /* ecjpake.h */
mbedtls_mpi xm1
My private key 1 C: x1, S: x3.
Definition: ecjpake.h:84
mbedtls_ecp_point Xp2
Peer public key 2 C: X4, S: X2.
Definition: ecjpake.h:81
mbedtls_ecp_point Xp1
Peer public key 1 C: X3, S: X1.
Definition: ecjpake.h:80
mbedtls_ecp_point Xm1
My public key 1 C: X1, S: X3.
Definition: ecjpake.h:78
int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx)
Check if a context is ready for use.
Elliptic curves over GF(p)
const mbedtls_md_info_t * md_info
Hash to use.
Definition: ecjpake.h:73
int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, size_t len)
Set up a context for use.
int point_format
Format for point export.
Definition: ecjpake.h:76
ECP group structure.
Definition: ecp.h:140
mbedtls_ecp_point Xp
Peer public key C: Xs, S: Xc.
Definition: ecjpake.h:82
mbedtls_ecp_point Xm2
My public key 2 C: X2, S: X4.
Definition: ecjpake.h:79
mbedtls_ecp_group grp
Elliptic curve.
Definition: ecjpake.h:74
mbedtls_mpi xm2
My private key 2 C: x2, S: x4.
Definition: ecjpake.h:85
void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
Free a context's content.
mbedtls_mpi s
Pre-shared secret (passphrase)
Definition: ecjpake.h:87
int mbedtls_ecjpake_self_test(int verbose)
Checkup routine.
int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the first round message (TLS: contents of the Client/ServerHello extension...
int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate and write the second round message (TLS: contents of the Client/ServerKeyExchange) ...
mbedtls_ecjpake_role role
Are we client or server?
Definition: ecjpake.h:75
void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx)
Initialize a context (just makes it ready for setup() or free()).
int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive the shared secret (TLS: Pre-Master Secret)
mbedtls_ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:64
mbedtls_ecjpake_role
Roles in the EC J-PAKE exchange.
Definition: ecjpake.h:55
Generic message digest wrapper.
int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the first round message (TLS: contents of the Client/ServerHello extension...
MPI structure.
Definition: bignum.h:181
struct mbedtls_md_info_t mbedtls_md_info_t
Opaque struct defined in md_internal.h.
Definition: md.h:63
ECP point structure (jacobian coordinates)
Definition: ecp.h:108
EC J-PAKE context structure.
Definition: ecjpake.h:71
int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, const unsigned char *buf, size_t len)
Read and process the second round message (TLS: contents of the Client/ServerKeyExchange) ...
mbedtls_md_type_t
Definition: md.h:41