ECDH: Add mbedtls_ecdh_setup()
In the future we want to support alternative ECDH implementations. We
can't make assumptions about the structure of the context they might
use, and therefore shouldn't access the members of
`mbedtls_ecdh_context`.
Currently the lifecycle of the context can't be done without direct
manipulation. This commit adds `mbedtls_ecdh_setup()` to complete
covering the context lifecycle with functions.
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 27f2ffc..68a6989 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -135,6 +135,24 @@
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
/**
+ * \brief This function sets up the ECDH context with the information
+ * given.
+ *
+ * This function should be called after mbedtls_ecdh_init() but
+ * before mbedtls_ecdh_make_params(). There is no need to call
+ * this function before mbedtls_ecdh_read_params().
+ *
+ * This is the first function used by a TLS server for ECDHE
+ * ciphersuites.
+ *
+ * \param ctx The ECDH context to set up.
+ * \param grp_id The group id of the group to set up the context for.
+ *
+ * \return \c 0 on success.
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id );
+
+/**
* \brief This function frees a context.
*
* \param ctx The context to free.
@@ -145,8 +163,8 @@
* \brief This function generates a public key and a TLS
* ServerKeyExchange payload.
*
- * This is the first function used by a TLS server for ECDHE
- * ciphersuites.
+ * This is the second function used by a TLS server for ECDHE
+ * ciphersuites. (It is called after mbedtls_ecdh_setup().)
*
* \note This function assumes that the ECP group (grp) of the
* \p ctx context has already been properly set,
@@ -242,8 +260,9 @@
* \brief This function parses and processes a TLS ClientKeyExchange
* payload.
*
- * This is the second function used by a TLS server for ECDH(E)
- * ciphersuites.
+ * This is the third function used by a TLS server for ECDH(E)
+ * ciphersuites. (It is called after mbedtls_ecdh_setup() and
+ * mbedtls_ecdh_make_params().)
*
* \see ecp.h
*
diff --git a/library/ecdh.c b/library/ecdh.c
index e6ae999..702ba1a 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -146,6 +146,23 @@
}
/*
+ * Setup context
+ */
+int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
+{
+ int ret;
+
+ ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
+ if( ret != 0 )
+ {
+ mbedtls_ecdh_free( ctx );
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ }
+
+ return( 0 );
+}
+
+/*
* Free context
*/
void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
@@ -240,12 +257,17 @@
const unsigned char **buf, const unsigned char *end )
{
int ret;
+ mbedtls_ecp_group_id grp_id;
- if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
+ if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
+ != 0 )
return( ret );
- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
- != 0 )
+ if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
+ return( ret );
+
+ if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
+ end - *buf ) ) != 0 )
return( ret );
return( 0 );
@@ -259,7 +281,7 @@
{
int ret;
- if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
+ if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
/* If it's not our key, just import the public part as Qp */