1 /* ecc_dh.h - TinyCrypt interface to EC-DH implementation */ 2 3 /* 4 * Copyright (c) 2014, Kenneth MacKay 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * 10 * * Redistributions of source code must retain the above copyright notice, this 11 * list of conditions and the following disclaimer. 12 * 13 * * Redistributions in binary form must reproduce the above copyright notice, 14 * this list of conditions and the following disclaimer in the documentation 15 * and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 /* Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions are met: 34 * 35 * - Redistributions of source code must retain the above copyright notice, 36 * this list of conditions and the following disclaimer. 37 * 38 * - Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 42 * - Neither the name of Intel Corporation nor the names of its contributors 43 * may be used to endorse or promote products derived from this software 44 * without specific prior written permission. 45 * 46 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 47 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 49 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 50 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 51 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 52 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 53 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 54 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 55 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 56 * POSSIBILITY OF SUCH DAMAGE. 57 */ 58 59 /** 60 * @file 61 * @brief -- Interface to EC-DH implementation. 62 * 63 * Overview: This software is an implementation of EC-DH. This implementation 64 * uses curve NIST p-256. 65 * 66 * Security: The curve NIST p-256 provides approximately 128 bits of security. 67 */ 68 69 #ifndef __TC_ECC_DH_H__ 70 #define __TC_ECC_DH_H__ 71 72 #include <tinycrypt/ecc.h> 73 74 #ifdef __cplusplus 75 extern "C" { 76 #endif 77 78 /** 79 * @brief Create a public/private key pair. 80 * @return returns TC_CRYPTO_SUCCESS (1) if the key pair was generated successfully 81 * returns TC_CRYPTO_FAIL (0) if error while generating key pair 82 * 83 * @param p_public_key OUT -- Will be filled in with the public key. Must be at 84 * least 2 * the curve size (in bytes) long. For curve secp256r1, p_public_key 85 * must be 64 bytes long. 86 * @param p_private_key OUT -- Will be filled in with the private key. Must be as 87 * long as the curve order (for secp256r1, p_private_key must be 32 bytes long). 88 * 89 * @note side-channel countermeasure: algorithm strengthened against timing 90 * attack. 91 * @warning A cryptographically-secure PRNG function must be set (using 92 * uECC_set_rng()) before calling uECC_make_key(). 93 */ 94 int uECC_make_key(uint8_t *p_public_key, uint8_t *p_private_key, uECC_Curve curve); 95 96 #ifdef ENABLE_TESTS 97 98 /** 99 * @brief Create a public/private key pair given a specific d. 100 * 101 * @note THIS FUNCTION SHOULD BE CALLED ONLY FOR TEST PURPOSES. Refer to 102 * uECC_make_key() function for real applications. 103 */ 104 int uECC_make_key_with_d(uint8_t *p_public_key, uint8_t *p_private_key, 105 unsigned int *d, uECC_Curve curve); 106 #endif 107 108 /** 109 * @brief Compute a shared secret given your secret key and someone else's 110 * public key. 111 * @return returns TC_CRYPTO_SUCCESS (1) if the shared secret was computed successfully 112 * returns TC_CRYPTO_FAIL (0) otherwise 113 * 114 * @param p_secret OUT -- Will be filled in with the shared secret value. Must be 115 * the same size as the curve size (for curve secp256r1, secret must be 32 bytes 116 * long. 117 * @param p_public_key IN -- The public key of the remote party. 118 * @param p_private_key IN -- Your private key. 119 * 120 * @warning It is recommended to use the output of uECC_shared_secret() as the 121 * input of a recommended Key Derivation Function (see NIST SP 800-108) in 122 * order to produce a cryptographically secure symmetric key. 123 */ 124 int uECC_shared_secret(const uint8_t *p_public_key, const uint8_t *p_private_key, 125 uint8_t *p_secret, uECC_Curve curve); 126 127 #ifdef __cplusplus 128 } 129 #endif 130 131 #endif /* __TC_ECC_DH_H__ */ 132