Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:
include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
- code of an extracted function was changed
library/ssl_cli.c:
- code addition on one side near code change on the other side
(ciphersuite validation)
library/x509_crt.c -> various things
- top fo file: helper structure added near old zeroize removed
- documentation of find_parent_in()'s signature: improved on one side,
added arguments on the other side
- documentation of find_parent()'s signature: same as above
- verify_chain(): variables initialised later to give compiler an
opportunity to warn us if not initialised on a code path
- find_parent(): funcion structure completely changed, for some reason git
tried to insert a paragraph of the old structure...
- merge_flags_with_cb(): data structure changed, one line was fixed with a
cast to keep MSVC happy, this cast is already in the new version
- in verify_restratable(): adjacent independent changes (function
signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
- testing for IN_PROGRESS return code near idle() (event-driven):
don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions
* development: (1059 commits)
Change symlink to hardlink to avoid permission issues
Fix out-of-tree testing symlinks on Windows
Updated version number to 2.10.0 for release
Add a disabled CMAC define in the no-entropy configuration
Adapt the ARIA test cases for new ECB function
Fix file permissions for ssl.h
Add ChangeLog entry for PR#1651
Fix MicroBlaze register typo.
Fix typo in doc and copy missing warning
Fix edit mistake in cipher_wrap.c
Update CTR doc for the 64-bit block cipher
Update CTR doc for other 128-bit block ciphers
Slightly tune ARIA CTR documentation
Remove double declaration of mbedtls_ssl_list_ciphersuites
Update CTR documentation
Use zeroize function from new platform_util
Move to new header style for ALT implementations
Add ifdef for selftest in header file
Fix typo in comments
Use more appropriate type for local variable
...
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 435ba00..f6e6702 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -1,9 +1,19 @@
/**
* \file ecdh.h
*
- * \brief Elliptic curve Diffie-Hellman
+ * \brief This file contains ECDH definitions and functions.
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
+ * key agreement protocol allowing two parties to establish a shared
+ * secret over an insecure channel. Each party must have an
+ * elliptic-curve public–private key pair.
+ *
+ * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
+ * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
+ * Cryptography</em>.
+ */
+/*
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -18,8 +28,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
+
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
@@ -30,52 +41,59 @@
#endif
/**
- * When importing from an EC key, select if it is our key or the peer's key
+ * Defines the source of the imported EC key.
*/
typedef enum
{
- MBEDTLS_ECDH_OURS,
- MBEDTLS_ECDH_THEIRS,
+ MBEDTLS_ECDH_OURS, /**< Our key. */
+ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
} mbedtls_ecdh_side;
/**
- * \brief ECDH context structure
*
* \warning Performing multiple operations concurrently on the same
* ECDSA context is not supported; objects of this type
* should not be shared between multiple threads.
+ * \brief The ECDH context structure.
*/
typedef struct
{
- mbedtls_ecp_group grp; /*!< elliptic curve used */
- mbedtls_mpi d; /*!< our secret value (private key) */
- mbedtls_ecp_point Q; /*!< our public value (public key) */
- mbedtls_ecp_point Qp; /*!< peer's public value (public key) */
- mbedtls_mpi z; /*!< shared secret */
- int point_format; /*!< format for point export in TLS */
- mbedtls_ecp_point Vi; /*!< blinding value (for later) */
- mbedtls_ecp_point Vf; /*!< un-blinding value (for later) */
- mbedtls_mpi _d; /*!< previous d (for later) */
+ mbedtls_ecp_group grp; /*!< The elliptic curve used. */
+ mbedtls_mpi d; /*!< The private key. */
+ mbedtls_ecp_point Q; /*!< The public key. */
+ mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
+ mbedtls_mpi z; /*!< The shared secret. */
+ int point_format; /*!< The format of point export in TLS messages. */
+ mbedtls_ecp_point Vi; /*!< The blinding value. */
+ mbedtls_ecp_point Vf; /*!< The unblinding value. */
+ mbedtls_mpi _d; /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- int restart_enabled; /*!< enable restartalbe EC computations? */
- mbedtls_ecp_restart_ctx rs; /*!< restart context for EC computations */
+ int restart_enabled; /*!< The flag for restartable mode. */
+ mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
#endif
}
mbedtls_ecdh_context;
/**
- * \brief Generate a public key.
- * Raw function that only does the core computation.
+ * \brief This function generates an ECDH keypair on an elliptic
+ * curve.
*
- * \param grp ECP group
- * \param d Destination MPI (secret exponent, aka private key)
- * \param Q Destination point (public key)
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * This function performs the first of two core computations
+ * implemented during the ECDH key exchange. The second core
+ * computation is performed by mbedtls_ecdh_compute_shared().
*
- * \return 0 if successful,
- * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
- * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * \see ecp.h
+ *
+ * \param grp The ECP group.
+ * \param d The destination MPI (private key).
+ * \param Q The destination point (public key).
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or
+ * \c MBEDTLS_MPI_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
@@ -83,24 +101,30 @@
void *p_rng );
/**
- * \brief Compute shared secret
- * Raw function that only does the core computation.
+ * \brief This function computes the shared secret.
*
- * \param grp ECP group
- * \param z Destination MPI (shared secret)
- * \param Q Public key from other party
- * \param d Our secret exponent (private key)
- * \param f_rng RNG function (see notes)
- * \param p_rng RNG parameter
+ * This function performs the second of two core computations
+ * implemented during the ECDH key exchange. The first core
+ * computation is performed by mbedtls_ecdh_gen_public().
*
- * \return 0 if successful,
- * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
- * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * \see ecp.h
+ *
+ * \note If \p f_rng is not NULL, it is used to implement
+ * countermeasures against side-channel attacks.
+ * For more information, see mbedtls_ecp_mul().
+ *
+ * \param grp The ECP group.
+ * \param z The destination MPI (shared secret).
+ * \param Q The public key from another party.
+ * \param d Our secret exponent (private key).
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX or
+ * \c MBEDTLS_MPI_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
- *
- * \note If f_rng is not NULL, it is used to implement
- * countermeasures against potential elaborate timing
- * attacks, see \c mbedtls_ecp_mul() for details.
*/
int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
@@ -108,35 +132,42 @@
void *p_rng );
/**
- * \brief Initialize context
+ * \brief This function initializes an ECDH context.
*
- * \param ctx Context to initialize
+ * \param ctx The ECDH context to initialize.
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
/**
- * \brief Free context
+ * \brief This function frees a context.
*
- * \param ctx Context to free
+ * \param ctx The context to free.
*/
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
/**
- * \brief Generate a public key and a TLS ServerKeyExchange payload.
- * (First function used by a TLS server for ECDHE.)
+ * \brief This function generates a public key and a TLS
+ * ServerKeyExchange payload.
*
- * \param ctx ECDH context
- * \param olen number of chars written
- * \param buf destination buffer
- * \param blen length of buffer
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * This is the first function used by a TLS server for ECDHE
+ * ciphersuites.
*
- * \note This function assumes that ctx->grp has already been
- * properly set (for example using mbedtls_ecp_group_load).
+ * \note This function assumes that the ECP group (grp) of the
+ * \p ctx context has already been properly set,
+ * for example, using mbedtls_ecp_group_load().
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
- * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of characters written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
@@ -145,46 +176,67 @@
void *p_rng );
/**
- * \brief Parse and procress a TLS ServerKeyExhange payload.
- * (First function used by a TLS client for ECDHE.)
+ * \brief This function parses and processes a TLS ServerKeyExhange
+ * payload.
*
- * \param ctx ECDH context
- * \param buf pointer to start of input buffer
- * \param end one past end of buffer
+ * This is the first function used by a TLS client for ECDHE
+ * ciphersuites.
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param buf The pointer to the start of the input buffer.
+ * \param end The address for one Byte past the end of the buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ *
*/
int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end );
/**
- * \brief Setup an ECDH context from an EC key.
- * (Used by clients and servers in place of the
- * ServerKeyEchange for static ECDH: import ECDH parameters
- * from a certificate's EC key information.)
+ * \brief This function sets up an ECDH context from an EC key.
*
- * \param ctx ECDH context to set
- * \param key EC key to use
- * \param side Is it our key (1) or the peer's key (0) ?
+ * It is used by clients and servers in place of the
+ * ServerKeyEchange for static ECDH, and imports ECDH
+ * parameters from the EC key information of a certificate.
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context to set up.
+ * \param key The EC key to use.
+ * \param side Defines the source of the key: 1: Our key, or
+ * 0: The key of the peer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * operations was reached: see \c mbedtls_ecp_set_max_ops().
+ *
*/
int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
mbedtls_ecdh_side side );
/**
- * \brief Generate a public key and a TLS ClientKeyExchange payload.
- * (Second function used by a TLS client for ECDH(E).)
+ * \brief This function generates a public key and a TLS
+ * ClientKeyExchange payload.
*
- * \param ctx ECDH context
- * \param olen number of bytes actually written
- * \param buf destination buffer
- * \param blen size of destination buffer
- * \param f_rng RNG function
- * \param p_rng RNG parameter
+ * This is the second function used by a TLS client for ECDH(E)
+ * ciphersuites.
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
- * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The size of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
@@ -193,31 +245,46 @@
void *p_rng );
/**
- * \brief Parse and process a TLS ClientKeyExchange payload.
- * (Second function used by a TLS server for ECDH(E).)
+ * \brief This function parses and processes a TLS ClientKeyExchange
+ * payload.
*
- * \param ctx ECDH context
- * \param buf start of input buffer
- * \param blen length of input buffer
+ * This is the second function used by a TLS server for ECDH(E)
+ * ciphersuites.
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param buf The start of the input buffer.
+ * \param blen The length of the input buffer.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
*/
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen );
/**
- * \brief Derive and export the shared secret.
- * (Last function used by both TLS client en servers.)
+ * \brief This function derives and exports the shared secret.
*
- * \param ctx ECDH context
- * \param olen number of bytes written
- * \param buf destination buffer
- * \param blen buffer length
- * \param f_rng RNG function, see notes for \c mbedtls_ecdh_compute_shared()
- * \param p_rng RNG parameter
+ * This is the last function used by both TLS client
+ * and servers.
*
- * \return 0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
- * MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+ * \note If \p f_rng is not NULL, it is used to implement
+ * countermeasures against side-channel attacks.
+ * For more information, see mbedtls_ecp_mul().
+ *
+ * \see ecp.h
+ *
+ * \param ctx The ECDH context.
+ * \param olen The number of Bytes written.
+ * \param buf The destination buffer.
+ * \param blen The length of the destination buffer.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context.
+ *
+ * \return \c 0 on success.
+ * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+ * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
* operations was reached: see \c mbedtls_ecp_set_max_ops().
*/
int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
@@ -227,16 +294,16 @@
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
- * \brief Enable restartable EC computations for this context.
- * (Default: disabled.)
+ * \brief This function enables restartable EC computations for this
+ * context. (Default: disabled.)
*
- * \sa \c mbedtls_ecp_set_max_ops()
+ * \see \c mbedtls_ecp_set_max_ops()
*
* \note It is not possible to safely disable restartable
* computations once enabled, except by free-ing the context,
* which cancels possible in-progress operations.
*
- * \param ctx ECDH context
+ * \param ctx The ECDH context.
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
#endif /* MBEDTLS_ECP_RESTARTABLE */