PolarSSL v1.3.9
dhm.c
Go to the documentation of this file.
1/*
2 * Diffie-Hellman-Merkle key exchange
3 *
4 * Copyright (C) 2006-2014, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * Reference:
27 *
28 * http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12)
29 */
30
31#if !defined(POLARSSL_CONFIG_FILE)
32#include "polarssl/config.h"
33#else
34#include POLARSSL_CONFIG_FILE
35#endif
36
37#if defined(POLARSSL_DHM_C)
38
39#include "polarssl/dhm.h"
40
41#if defined(POLARSSL_PEM_PARSE_C)
42#include "polarssl/pem.h"
43#endif
44
45#if defined(POLARSSL_ASN1_PARSE_C)
46#include "polarssl/asn1.h"
47#endif
48
49#if defined(POLARSSL_PLATFORM_C)
50#include "polarssl/platform.h"
51#else
52#include <stdlib.h>
53#define polarssl_printf printf
54#define polarssl_malloc malloc
55#define polarssl_free free
56#endif
57
58/* Implementation that should never be optimized out by the compiler */
59static void polarssl_zeroize( void *v, size_t n ) {
60 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
61}
62
63/*
64 * helper to validate the mpi size and import it
65 */
66static int dhm_read_bignum( mpi *X,
67 unsigned char **p,
68 const unsigned char *end )
69{
70 int ret, n;
71
72 if( end - *p < 2 )
73 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
74
75 n = ( (*p)[0] << 8 ) | (*p)[1];
76 (*p) += 2;
77
78 if( (int)( end - *p ) < n )
79 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
80
81 if( ( ret = mpi_read_binary( X, *p, n ) ) != 0 )
82 return( POLARSSL_ERR_DHM_READ_PARAMS_FAILED + ret );
83
84 (*p) += n;
85
86 return( 0 );
87}
88
89/*
90 * Verify sanity of parameter with regards to P
91 *
92 * Parameter should be: 2 <= public_param <= P - 2
93 *
94 * For more information on the attack, see:
95 * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
96 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
97 */
98static int dhm_check_range( const mpi *param, const mpi *P )
99{
100 mpi L, U;
101 int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
102
103 mpi_init( &L ); mpi_init( &U );
104
105 MPI_CHK( mpi_lset( &L, 2 ) );
106 MPI_CHK( mpi_sub_int( &U, P, 2 ) );
107
108 if( mpi_cmp_mpi( param, &L ) >= 0 &&
109 mpi_cmp_mpi( param, &U ) <= 0 )
110 {
111 ret = 0;
112 }
113
114cleanup:
115 mpi_free( &L ); mpi_free( &U );
116 return( ret );
117}
118
119void dhm_init( dhm_context *ctx )
120{
121 memset( ctx, 0, sizeof( dhm_context ) );
122}
123
124/*
125 * Parse the ServerKeyExchange parameters
126 */
127int dhm_read_params( dhm_context *ctx,
128 unsigned char **p,
129 const unsigned char *end )
130{
131 int ret;
132
133 if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
134 ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
135 ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
136 return( ret );
137
138 if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
139 return( ret );
140
141 ctx->len = mpi_size( &ctx->P );
142
143 return( 0 );
144}
145
146/*
147 * Setup and write the ServerKeyExchange parameters
148 */
149int dhm_make_params( dhm_context *ctx, int x_size,
150 unsigned char *output, size_t *olen,
151 int (*f_rng)(void *, unsigned char *, size_t),
152 void *p_rng )
153{
154 int ret, count = 0;
155 size_t n1, n2, n3;
156 unsigned char *p;
157
158 if( mpi_cmp_int( &ctx->P, 0 ) == 0 )
159 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
160
161 /*
162 * Generate X as large as possible ( < P )
163 */
164 do
165 {
166 mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
167
168 while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
169 MPI_CHK( mpi_shift_r( &ctx->X, 1 ) );
170
171 if( count++ > 10 )
172 return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED );
173 }
174 while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
175
176 /*
177 * Calculate GX = G^X mod P
178 */
179 MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
180 &ctx->P , &ctx->RP ) );
181
182 if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
183 return( ret );
184
185 /*
186 * export P, G, GX
187 */
188#define DHM_MPI_EXPORT(X,n) \
189 MPI_CHK( mpi_write_binary( X, p + 2, n ) ); \
190 *p++ = (unsigned char)( n >> 8 ); \
191 *p++ = (unsigned char)( n ); p += n;
192
193 n1 = mpi_size( &ctx->P );
194 n2 = mpi_size( &ctx->G );
195 n3 = mpi_size( &ctx->GX );
196
197 p = output;
198 DHM_MPI_EXPORT( &ctx->P , n1 );
199 DHM_MPI_EXPORT( &ctx->G , n2 );
200 DHM_MPI_EXPORT( &ctx->GX, n3 );
201
202 *olen = p - output;
203
204 ctx->len = n1;
205
206cleanup:
207
208 if( ret != 0 )
209 return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED + ret );
210
211 return( 0 );
212}
213
214/*
215 * Import the peer's public value G^Y
216 */
217int dhm_read_public( dhm_context *ctx,
218 const unsigned char *input, size_t ilen )
219{
220 int ret;
221
222 if( ctx == NULL || ilen < 1 || ilen > ctx->len )
223 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
224
225 if( ( ret = mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
226 return( POLARSSL_ERR_DHM_READ_PUBLIC_FAILED + ret );
227
228 return( 0 );
229}
230
231/*
232 * Create own private value X and export G^X
233 */
234int dhm_make_public( dhm_context *ctx, int x_size,
235 unsigned char *output, size_t olen,
236 int (*f_rng)(void *, unsigned char *, size_t),
237 void *p_rng )
238{
239 int ret, count = 0;
240
241 if( ctx == NULL || olen < 1 || olen > ctx->len )
242 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
243
244 if( mpi_cmp_int( &ctx->P, 0 ) == 0 )
245 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
246
247 /*
248 * generate X and calculate GX = G^X mod P
249 */
250 do
251 {
252 mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
253
254 while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
255 MPI_CHK( mpi_shift_r( &ctx->X, 1 ) );
256
257 if( count++ > 10 )
258 return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
259 }
260 while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
261
262 MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
263 &ctx->P , &ctx->RP ) );
264
265 if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
266 return( ret );
267
268 MPI_CHK( mpi_write_binary( &ctx->GX, output, olen ) );
269
270cleanup:
271
272 if( ret != 0 )
273 return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED + ret );
274
275 return( 0 );
276}
277
278/*
279 * Use the blinding method and optimisation suggested in section 10 of:
280 * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
281 * DSS, and other systems. In : Advances in Cryptology—CRYPTO’96. Springer
282 * Berlin Heidelberg, 1996. p. 104-113.
283 */
284static int dhm_update_blinding( dhm_context *ctx,
285 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
286{
287 int ret, count;
288
289 /*
290 * Don't use any blinding the first time a particular X is used,
291 * but remember it to use blinding next time.
292 */
293 if( mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
294 {
295 MPI_CHK( mpi_copy( &ctx->pX, &ctx->X ) );
296 MPI_CHK( mpi_lset( &ctx->Vi, 1 ) );
297 MPI_CHK( mpi_lset( &ctx->Vf, 1 ) );
298
299 return( 0 );
300 }
301
302 /*
303 * Ok, we need blinding. Can we re-use existing values?
304 * If yes, just update them by squaring them.
305 */
306 if( mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
307 {
308 MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
309 MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
310
311 MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
312 MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
313
314 return( 0 );
315 }
316
317 /*
318 * We need to generate blinding values from scratch
319 */
320
321 /* Vi = random( 2, P-1 ) */
322 count = 0;
323 do
324 {
325 mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng );
326
327 while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
328 MPI_CHK( mpi_shift_r( &ctx->Vi, 1 ) );
329
330 if( count++ > 10 )
331 return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
332 }
333 while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
334
335 /* Vf = Vi^-X mod P */
336 MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
337 MPI_CHK( mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
338
339cleanup:
340 return( ret );
341}
342
343/*
344 * Derive and export the shared secret (G^Y)^X mod P
345 */
346int dhm_calc_secret( dhm_context *ctx,
347 unsigned char *output, size_t *olen,
348 int (*f_rng)(void *, unsigned char *, size_t),
349 void *p_rng )
350{
351 int ret;
352 mpi GYb;
353
354 if( ctx == NULL || *olen < ctx->len )
355 return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );
356
357 if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
358 return( ret );
359
360 mpi_init( &GYb );
361
362 /* Blind peer's value */
363 if( f_rng != NULL )
364 {
365 MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
366 MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
367 MPI_CHK( mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
368 }
369 else
370 MPI_CHK( mpi_copy( &GYb, &ctx->GY ) );
371
372 /* Do modular exponentiation */
373 MPI_CHK( mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
374 &ctx->P, &ctx->RP ) );
375
376 /* Unblind secret value */
377 if( f_rng != NULL )
378 {
379 MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
380 MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
381 }
382
383 *olen = mpi_size( &ctx->K );
384
385 MPI_CHK( mpi_write_binary( &ctx->K, output, *olen ) );
386
387cleanup:
388 mpi_free( &GYb );
389
390 if( ret != 0 )
391 return( POLARSSL_ERR_DHM_CALC_SECRET_FAILED + ret );
392
393 return( 0 );
394}
395
396/*
397 * Free the components of a DHM key
398 */
399void dhm_free( dhm_context *ctx )
400{
401 mpi_free( &ctx->pX); mpi_free( &ctx->Vf ); mpi_free( &ctx->Vi );
402 mpi_free( &ctx->RP ); mpi_free( &ctx->K ); mpi_free( &ctx->GY );
403 mpi_free( &ctx->GX ); mpi_free( &ctx->X ); mpi_free( &ctx->G );
404 mpi_free( &ctx->P );
405
406 polarssl_zeroize( ctx, sizeof( dhm_context ) );
407}
408
409#if defined(POLARSSL_ASN1_PARSE_C)
410/*
411 * Parse DHM parameters
412 */
413int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
414 size_t dhminlen )
415{
416 int ret;
417 size_t len;
418 unsigned char *p, *end;
419#if defined(POLARSSL_PEM_PARSE_C)
420 pem_context pem;
421
422 pem_init( &pem );
423
424 ret = pem_read_buffer( &pem,
425 "-----BEGIN DH PARAMETERS-----",
426 "-----END DH PARAMETERS-----",
427 dhmin, NULL, 0, &dhminlen );
428
429 if( ret == 0 )
430 {
431 /*
432 * Was PEM encoded
433 */
434 dhminlen = pem.buflen;
435 }
436 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
437 goto exit;
438
439 p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
440#else
441 p = (unsigned char *) dhmin;
442#endif /* POLARSSL_PEM_PARSE_C */
443 end = p + dhminlen;
444
445 /*
446 * DHParams ::= SEQUENCE {
447 * prime INTEGER, -- P
448 * generator INTEGER, -- g
449 * }
450 */
451 if( ( ret = asn1_get_tag( &p, end, &len,
452 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
453 {
454 ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
455 goto exit;
456 }
457
458 end = p + len;
459
460 if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
461 ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
462 {
463 ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret;
464 goto exit;
465 }
466
467 if( p != end )
468 {
469 ret = POLARSSL_ERR_DHM_INVALID_FORMAT +
470 POLARSSL_ERR_ASN1_LENGTH_MISMATCH;
471 goto exit;
472 }
473
474 ret = 0;
475
476 dhm->len = mpi_size( &dhm->P );
477
478exit:
479#if defined(POLARSSL_PEM_PARSE_C)
480 pem_free( &pem );
481#endif
482 if( ret != 0 )
483 dhm_free( dhm );
484
485 return( ret );
486}
487
488#if defined(POLARSSL_FS_IO)
489/*
490 * Load all data from a file into a given buffer.
491 */
492static int load_file( const char *path, unsigned char **buf, size_t *n )
493{
494 FILE *f;
495 long size;
496
497 if( ( f = fopen( path, "rb" ) ) == NULL )
498 return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
499
500 fseek( f, 0, SEEK_END );
501 if( ( size = ftell( f ) ) == -1 )
502 {
503 fclose( f );
504 return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
505 }
506 fseek( f, 0, SEEK_SET );
507
508 *n = (size_t) size;
509
510 if( *n + 1 == 0 ||
511 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
512 {
513 fclose( f );
514 return( POLARSSL_ERR_DHM_MALLOC_FAILED );
515 }
516
517 if( fread( *buf, 1, *n, f ) != *n )
518 {
519 fclose( f );
520 polarssl_free( *buf );
521 return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
522 }
523
524 fclose( f );
525
526 (*buf)[*n] = '\0';
527
528 return( 0 );
529}
530
531/*
532 * Load and parse DHM parameters
533 */
534int dhm_parse_dhmfile( dhm_context *dhm, const char *path )
535{
536 int ret;
537 size_t n;
538 unsigned char *buf;
539
540 if( ( ret = load_file( path, &buf, &n ) ) != 0 )
541 return( ret );
542
543 ret = dhm_parse_dhm( dhm, buf, n );
544
545 polarssl_zeroize( buf, n + 1 );
546 polarssl_free( buf );
547
548 return( ret );
549}
550#endif /* POLARSSL_FS_IO */
551#endif /* POLARSSL_ASN1_PARSE_C */
552
553#if defined(POLARSSL_SELF_TEST)
554
555#include "polarssl/certs.h"
556
557/*
558 * Checkup routine
559 */
560int dhm_self_test( int verbose )
561{
562#if defined(POLARSSL_CERTS_C)
563 int ret;
564 dhm_context dhm;
565
566 dhm_init( &dhm );
567
568 if( verbose != 0 )
569 polarssl_printf( " DHM parameter load: " );
570
571 if( ( ret = dhm_parse_dhm( &dhm, (const unsigned char *) test_dhm_params,
572 strlen( test_dhm_params ) ) ) != 0 )
573 {
574 if( verbose != 0 )
575 polarssl_printf( "failed\n" );
576
577 ret = 1;
578 goto exit;
579 }
580
581 if( verbose != 0 )
582 polarssl_printf( "passed\n\n" );
583
584exit:
585 dhm_free( &dhm );
586
587 return( ret );
588#else
589 if( verbose != 0 )
590 polarssl_printf( " DHM parameter load: skipped\n" );
591
592 return( 0 );
593#endif /* POLARSSL_CERTS_C */
594}
595
596#endif /* POLARSSL_SELF_TEST */
597
598#endif /* POLARSSL_DHM_C */
asn1.h
Generic ASN.1 parsing.
mpi_lset
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
mpi_shift_r
int mpi_shift_r(mpi *X, size_t count)
Right-shift: X >>= count.
mpi_read_binary
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
MPI_CHK
#define MPI_CHK(f)
Definition: bignum.h:65
mpi_mod_mpi
int mpi_mod_mpi(mpi *R, const mpi *A, const mpi *B)
Modulo: R = A mod B.
mpi_inv_mod
int mpi_inv_mod(mpi *X, const mpi *A, const mpi *N)
Modular inverse: X = A^-1 mod N.
mpi_init
void mpi_init(mpi *X)
Initialize one MPI.
mpi_fill_random
int mpi_fill_random(mpi *X, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Fill an MPI X with size bytes of random.
mpi_write_binary
int mpi_write_binary(const mpi *X, unsigned char *buf, size_t buflen)
Export X into unsigned binary data, big endian.
mpi_copy
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
mpi_exp_mod
int mpi_exp_mod(mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR)
Sliding-window exponentiation: X = A^E mod N.
mpi_size
size_t mpi_size(const mpi *X)
Return the total size in bytes.
mpi_mul_mpi
int mpi_mul_mpi(mpi *X, const mpi *A, const mpi *B)
Baseline multiplication: X = A * B.
POLARSSL_ERR_MPI_NOT_ACCEPTABLE
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE
The input arguments are not acceptable.
Definition: bignum.h:62
mpi_sub_int
int mpi_sub_int(mpi *X, const mpi *A, t_sint b)
Signed subtraction: X = A - b.
mpi_free
void mpi_free(mpi *X)
Unallocate one MPI.
mpi_cmp_mpi
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
mpi_cmp_int
int mpi_cmp_int(const mpi *X, t_sint z)
Compare signed values.
certs.h
Sample certificates and DHM parameters for testing.
config.h
Configuration options (set of defines)
dhm.h
Diffie-Hellman-Merkle key exchange.
dhm_read_public
int dhm_read_public(dhm_context *ctx, const unsigned char *input, size_t ilen)
Import the peer's public value G^Y.
dhm_make_public
int dhm_make_public(dhm_context *ctx, int x_size, unsigned char *output, size_t olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Create own private value X and export G^X.
POLARSSL_ERR_DHM_READ_PARAMS_FAILED
#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED
Reading of the DHM parameters failed.
Definition: dhm.h:36
dhm_make_params
int dhm_make_params(dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Setup and write the ServerKeyExchange parameters.
POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED
Making of the public value failed.
Definition: dhm.h:39
POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED
Making of the DHM parameters failed.
Definition: dhm.h:37
dhm_calc_secret
int dhm_calc_secret(dhm_context *ctx, unsigned char *output, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Derive and export the shared secret (G^Y)^X mod P.
POLARSSL_ERR_DHM_READ_PUBLIC_FAILED
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED
Reading of the public values failed.
Definition: dhm.h:38
dhm_self_test
int dhm_self_test(int verbose)
Checkup routine.
dhm_read_params
int dhm_read_params(dhm_context *ctx, unsigned char **p, const unsigned char *end)
Parse the ServerKeyExchange parameters.
dhm_init
void dhm_init(dhm_context *ctx)
Initialize DHM context.
POLARSSL_ERR_DHM_BAD_INPUT_DATA
#define POLARSSL_ERR_DHM_BAD_INPUT_DATA
Bad input parameters to function.
Definition: dhm.h:35
POLARSSL_ERR_DHM_CALC_SECRET_FAILED
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED
Calculation of the DHM secret failed.
Definition: dhm.h:40
POLARSSL_ERR_DHM_INVALID_FORMAT
#define POLARSSL_ERR_DHM_INVALID_FORMAT
The ASN.1 data is not formatted correctly.
Definition: dhm.h:41
POLARSSL_ERR_DHM_MALLOC_FAILED
#define POLARSSL_ERR_DHM_MALLOC_FAILED
Allocation of memory failed.
Definition: dhm.h:42
dhm_free
void dhm_free(dhm_context *ctx)
Free and clear the components of a DHM key.
POLARSSL_ERR_DHM_FILE_IO_ERROR
#define POLARSSL_ERR_DHM_FILE_IO_ERROR
Read/write of file failed.
Definition: dhm.h:43
ASN1_CONSTRUCTED
#define ASN1_CONSTRUCTED
Definition: asn1.h:92
asn1_get_mpi
int asn1_get_mpi(unsigned char **p, const unsigned char *end, mpi *X)
Retrieve a MPI value from an integer ASN.1 tag.
ASN1_SEQUENCE
#define ASN1_SEQUENCE
Definition: asn1.h:82
asn1_get_tag
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
POLARSSL_ERR_ASN1_LENGTH_MISMATCH
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:57
dhm_parse_dhm
int dhm_parse_dhm(dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen)
Parse DHM parameters.
dhm_parse_dhmfile
int dhm_parse_dhmfile(dhm_context *dhm, const char *path)
Load and parse DHM parameters.
pem.h
Privacy Enhanced Mail (PEM) decoding.
POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
platform.h
PolarSSL Platform abstraction layer.
dhm_context
DHM context structure.
Definition: dhm.h:157
dhm_context::Vf
mpi Vf
Definition: dhm.h:167
dhm_context::G
mpi G
Definition: dhm.h:160
dhm_context::Vi
mpi Vi
Definition: dhm.h:166
dhm_context::GX
mpi GX
Definition: dhm.h:162
dhm_context::RP
mpi RP
Definition: dhm.h:165
dhm_context::GY
mpi GY
Definition: dhm.h:163
dhm_context::len
size_t len
Definition: dhm.h:158
dhm_context::K
mpi K
Definition: dhm.h:164
dhm_context::X
mpi X
Definition: dhm.h:161
dhm_context::pX
mpi pX
Definition: dhm.h:168
dhm_context::P
mpi P
Definition: dhm.h:159
mpi
MPI structure.
Definition: bignum.h:183
polarssl_malloc
#define polarssl_malloc
Definition: test_suite_aes.cbc.c:310
polarssl_free
#define polarssl_free
Definition: test_suite_aes.cbc.c:311
polarssl_printf
#define polarssl_printf
Definition: test_suite_aes.cbc.c:309
Generated on Sat Jul 2 2022 03:36:39 for PolarSSL v1.3.9 by doxygen 1.9.3