TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 918b5f15d111dab389c7f22999750505e1f4b92c / . / library / ecdh.c
blob: 4c97f8ef359cf767ca2803bbcd6e56c8190129bb [file] [log] [blame]
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]1/*
2 * Elliptic curve Diffie-Hellman
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Bence Szépkúti4e9f7122020-06-05 13:02:18 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]24 *
Bence Szépkúti4e9f7122020-06-05 13:02:18 +0200[diff] [blame]25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]46 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]47 */
48
49/*
50 * References:
51 *
52 * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]53 * RFC 4492
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]54 */
55
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]56#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]57#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]58#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]59#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]60#endif
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]61
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]62#if defined(MBEDTLS_ECDH_C)
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]63
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]64#include "mbedtls/ecdh.h"
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]65
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]66#include <string.h>
67
Ron Eldora84c1cb2017-10-10 19:04:27 +0300[diff] [blame]68#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]69/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70 * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]71 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]73 int (*f_rng)(void *, unsigned char *, size_t),
74 void *p_rng )
75{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]77}
Ron Eldora84c1cb2017-10-10 19:04:27 +0300[diff] [blame]78#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]79
Ron Eldora84c1cb2017-10-10 19:04:27 +0300[diff] [blame]80#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]81/*
82 * Compute shared secret (SEC1 3.3.1)
83 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]84int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
85 const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]86 int (*f_rng)(void *, unsigned char *, size_t),
87 void *p_rng )
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]88{
89 int ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90 mbedtls_ecp_point P;
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]91
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92 mbedtls_ecp_point_init( &P );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]93
94 /*
95 * Make sure Q is a valid pubkey before using it
96 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97 MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]98
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]100
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]101 if( mbedtls_ecp_is_zero( &P ) )
Paul Bakkerb548d772013-07-26 14:21:34 +0200[diff] [blame]102 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]103 ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
Paul Bakkerb548d772013-07-26 14:21:34 +0200[diff] [blame]104 goto cleanup;
105 }
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]106
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]107 MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]108
109cleanup:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]110 mbedtls_ecp_point_free( &P );
Manuel Pégourié-Gonnard6545ca72013-01-26 16:05:22 +0100[diff] [blame]111
112 return( ret );
113}
Ron Eldora84c1cb2017-10-10 19:04:27 +0300[diff] [blame]114#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
115
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]116/*
117 * Initialize context
118 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]119void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]120{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]121 memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]122}
123
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]124/*
125 * Free context
126 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]128{
129 if( ctx == NULL )
130 return;
131
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]132 mbedtls_ecp_group_free( &ctx->grp );
133 mbedtls_ecp_point_free( &ctx->Q );
134 mbedtls_ecp_point_free( &ctx->Qp );
135 mbedtls_ecp_point_free( &ctx->Vi );
136 mbedtls_ecp_point_free( &ctx->Vf );
137 mbedtls_mpi_free( &ctx->d );
138 mbedtls_mpi_free( &ctx->z );
139 mbedtls_mpi_free( &ctx->_d );
Manuel Pégourié-Gonnard63533e42013-02-10 14:21:04 +0100[diff] [blame]140}
141
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]142/*
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]143 * Setup and write the ServerKeyExhange parameters (RFC 4492)
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]144 * struct {
145 * ECParameters curve_params;
146 * ECPoint public;
147 * } ServerECDHParams;
148 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]149int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]150 unsigned char *buf, size_t blen,
151 int (*f_rng)(void *, unsigned char *, size_t),
152 void *p_rng )
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]153{
154 int ret;
155 size_t grp_len, pt_len;
156
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]157 if( ctx == NULL || ctx->grp.pbits == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]158 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]160 if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]161 != 0 )
162 return( ret );
163
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]164 if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]165 != 0 )
166 return( ret );
167
168 buf += grp_len;
169 blen -= grp_len;
170
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]171 if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]172 &pt_len, buf, blen ) ) != 0 )
173 return( ret );
174
175 *olen = grp_len + pt_len;
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]176 return( 0 );
Manuel Pégourié-Gonnard13724762013-02-10 15:01:54 +0100[diff] [blame]177}
178
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]179/*
180 * Read the ServerKeyExhange parameters (RFC 4492)
181 * struct {
182 * ECParameters curve_params;
183 * ECPoint public;
184 * } ServerECDHParams;
185 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]186int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]187 const unsigned char **buf, const unsigned char *end )
188{
189 int ret;
190
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]191 if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]192 return( ret );
193
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]194 if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]195 != 0 )
196 return( ret );
197
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]198 return( 0 );
Manuel Pégourié-Gonnard854fbd72013-02-11 20:28:55 +0100[diff] [blame]199}
Manuel Pégourié-Gonnard0bad5c22013-01-26 15:30:46 +0100[diff] [blame]200
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]201/*
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]202 * Get parameters from a keypair
203 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]204int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
205 mbedtls_ecdh_side side )
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]206{
207 int ret;
208
Gilles Peskinef58078c2018-11-07 22:10:59 +0100[diff] [blame]209 if( ctx->grp.id == MBEDTLS_ECP_DP_NONE )
210 {
211 /* This is the first call to get_params(). Copy the group information
212 * into the context. */
213 if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
214 return( ret );
215 }
216 else
217 {
218 /* This is not the first call to get_params(). Check that the group
219 * is the same as the first time. */
220 if( ctx->grp.id != key->grp.id )
221 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
222 }
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]223
224 /* If it's not our key, just import the public part as Qp */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]225 if( side == MBEDTLS_ECDH_THEIRS )
226 return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]227
228 /* Our key: import public (as Q) and private parts */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]229 if( side != MBEDTLS_ECDH_OURS )
230 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]231
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]232 if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
233 ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
Manuel Pégourié-Gonnardcdff3cf2013-12-12 09:55:52 +0100[diff] [blame]234 return( ret );
235
236 return( 0 );
237}
238
239/*
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]240 * Setup and export the client public value
241 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]242int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]243 unsigned char *buf, size_t blen,
244 int (*f_rng)(void *, unsigned char *, size_t),
245 void *p_rng )
246{
247 int ret;
248
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]249 if( ctx == NULL || ctx->grp.pbits == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]250 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]251
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]252 if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]253 != 0 )
254 return( ret );
255
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256 return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]257 olen, buf, blen );
258}
259
260/*
261 * Parse and import the client's public value
262 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]263int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]264 const unsigned char *buf, size_t blen )
265{
Manuel Pégourié-Gonnard969ccc62014-03-26 19:53:25 +0100[diff] [blame]266 int ret;
267 const unsigned char *p = buf;
268
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]269 if( ctx == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]270 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]271
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]272 if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
Manuel Pégourié-Gonnard969ccc62014-03-26 19:53:25 +0100[diff] [blame]273 return( ret );
274
275 if( (size_t)( p - buf ) != blen )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]276 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard969ccc62014-03-26 19:53:25 +0100[diff] [blame]277
278 return( 0 );
Manuel Pégourié-Gonnard5cceb412013-02-11 21:51:45 +0100[diff] [blame]279}
280
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]281/*
282 * Derive and export the shared secret
283 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]284int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]285 unsigned char *buf, size_t blen,
286 int (*f_rng)(void *, unsigned char *, size_t),
287 void *p_rng )
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]288{
289 int ret;
290
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]291 if( ctx == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardf35b7392013-02-11 22:12:39 +0100[diff] [blame]293
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]294 if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]295 f_rng, p_rng ) ) != 0 )
296 {
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]297 return( ret );
Manuel Pégourié-Gonnarde09d2f82013-09-02 14:29:09 +0200[diff] [blame]298 }
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]299
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]300 if( mbedtls_mpi_size( &ctx->z ) > blen )
301 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]302
Manuel Pégourié-Gonnard0a56c2c2014-01-17 21:24:04 +0100[diff] [blame]303 *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]304 return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
Manuel Pégourié-Gonnard424fda52013-02-11 22:05:42 +0100[diff] [blame]305}
306
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307#endif /* MBEDTLS_ECDH_C */