Mbed OS Reference
Loading...
Searching...
No Matches
Data Structures | Macros | Typedefs | Functions
Diffie-Hellman-Merkle
Public API » Cryptography » Mbed TLS

Data Structures

struct  mbedtls_dhm_context
 The DHM context structure. More...
 

Macros

#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA   -0x3080
 Bad input parameters. More...
 
#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED   -0x3100
 Reading of the DHM parameters failed. More...
 
#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED   -0x3180
 Making of the DHM parameters failed. More...
 
#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED   -0x3200
 Reading of the public values failed. More...
 
#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED   -0x3280
 Making of the public value failed. More...
 
#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED   -0x3300
 Calculation of the DHM secret failed. More...
 
#define MBEDTLS_ERR_DHM_INVALID_FORMAT   -0x3380
 The ASN.1 data is not formatted correctly. More...
 
#define MBEDTLS_ERR_DHM_ALLOC_FAILED   -0x3400
 Allocation of memory failed. More...
 
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR   -0x3480
 Read or write of file failed. More...
 
#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED   -0x3500
 DHM hardware accelerator failed. More...
 
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED   -0x3580
 Setting the modulus and generator failed. More...
 
#define MBEDTLS_DHM_RFC5114_MODP_2048_P
 RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman groups, some of which are included here for use within the SSL/TLS module and the user's convenience when configuring the Diffie-Hellman parameters by hand through mbedtls_ssl_conf_dh_param. More...
 
#define MBEDTLS_DHM_RFC5114_MODP_2048_G
 The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: Additional Diffie-Hellman Groups for Use with IETF Standards. More...
 
#define MBEDTLS_DHM_RFC3526_MODP_2048_P
 The hexadecimal presentation of the prime underlying the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 
#define MBEDTLS_DHM_RFC3526_MODP_2048_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
 The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 
#define MBEDTLS_DHM_RFC3526_MODP_3072_P
 The hexadecimal presentation of the prime underlying the 3072-bit MODP Group, as defined in RFC-3072: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 
#define MBEDTLS_DHM_RFC3526_MODP_3072_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
 The hexadecimal presentation of the chosen generator of the 3072-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 
#define MBEDTLS_DHM_RFC3526_MODP_4096_P
 The hexadecimal presentation of the prime underlying the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 
#define MBEDTLS_DHM_RFC3526_MODP_4096_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
 The hexadecimal presentation of the chosen generator of the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). More...
 

Typedefs

typedef struct mbedtls_dhm_context mbedtls_dhm_context
 The DHM context structure. More...
 

Functions

void mbedtls_dhm_init (mbedtls_dhm_context *ctx)
 This function initializes the DHM context. More...
 
int mbedtls_dhm_read_params (mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end)
 This function parses the DHM parameters in a TLS ServerKeyExchange handshake message (DHM modulus, generator, and public key). More...
 
int mbedtls_dhm_make_params (mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function generates a DHM key pair and exports its public part together with the DHM parameters in the format used in a TLS ServerKeyExchange handshake message. More...
 
int mbedtls_dhm_set_group (mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G)
 This function sets the prime modulus and generator. More...
 
int mbedtls_dhm_read_public (mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen)
 This function imports the raw public value of the peer. More...
 
int mbedtls_dhm_make_public (mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function creates a DHM key pair and exports the raw public key in big-endian format. More...
 
int mbedtls_dhm_calc_secret (mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function derives and exports the shared secret (G^Y)^X mod P. More...
 
void mbedtls_dhm_free (mbedtls_dhm_context *ctx)
 This function frees and clears the components of a DHM context. More...
 

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_ERR_DHM_BAD_INPUT_DATA

#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA   -0x3080

Bad input parameters.

Definition at line 84 of file dhm.h.

◆ MBEDTLS_ERR_DHM_READ_PARAMS_FAILED

#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED   -0x3100

Reading of the DHM parameters failed.

Definition at line 85 of file dhm.h.

◆ MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED

#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED   -0x3180

Making of the DHM parameters failed.

Definition at line 86 of file dhm.h.

◆ MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED

#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED   -0x3200

Reading of the public values failed.

Definition at line 87 of file dhm.h.

◆ MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED

#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED   -0x3280

Making of the public value failed.

Definition at line 88 of file dhm.h.

◆ MBEDTLS_ERR_DHM_CALC_SECRET_FAILED

#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED   -0x3300

Calculation of the DHM secret failed.

Definition at line 89 of file dhm.h.

◆ MBEDTLS_ERR_DHM_INVALID_FORMAT

#define MBEDTLS_ERR_DHM_INVALID_FORMAT   -0x3380

The ASN.1 data is not formatted correctly.

Definition at line 90 of file dhm.h.

◆ MBEDTLS_ERR_DHM_ALLOC_FAILED

#define MBEDTLS_ERR_DHM_ALLOC_FAILED   -0x3400

Allocation of memory failed.

Definition at line 91 of file dhm.h.

◆ MBEDTLS_ERR_DHM_FILE_IO_ERROR

#define MBEDTLS_ERR_DHM_FILE_IO_ERROR   -0x3480

Read or write of file failed.

Definition at line 92 of file dhm.h.

◆ MBEDTLS_ERR_DHM_HW_ACCEL_FAILED

#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED   -0x3500

DHM hardware accelerator failed.

Definition at line 95 of file dhm.h.

◆ MBEDTLS_ERR_DHM_SET_GROUP_FAILED

#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED   -0x3580

Setting the modulus and generator failed.

Definition at line 97 of file dhm.h.

◆ MBEDTLS_DHM_RFC5114_MODP_2048_P

#define MBEDTLS_DHM_RFC5114_MODP_2048_P
Value:
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
"CF9DE5384E71B81C0AC4DFFE0C10E64F" )

RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman groups, some of which are included here for use within the SSL/TLS module and the user's convenience when configuring the Diffie-Hellman parameters by hand through mbedtls_ssl_conf_dh_param.

The following lists the source of the above groups in the standards:

  • RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup
  • RFC 3526 section 3: 2048-bit MODP Group
  • RFC 3526 section 4: 3072-bit MODP Group
  • RFC 3526 section 5: 4096-bit MODP Group
  • RFC 7919 section A.1: ffdhe2048
  • RFC 7919 section A.2: ffdhe3072
  • RFC 7919 section A.3: ffdhe4096
  • RFC 7919 section A.4: ffdhe6144
  • RFC 7919 section A.5: ffdhe8192

The constants with suffix "_p" denote the chosen prime moduli, while the constants with suffix "_g" denote the chosen generator of the associated prime field.

The constants further suffixed with "_bin" are provided in binary format, while all other constants represent null-terminated strings holding the hexadecimal presentation of the respective numbers.

The primes from RFC 3526 and RFC 7919 have been generating by the following trust-worthy procedure:

  • Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number the first and last 64 bits are all 1, and the remaining N - 128 bits of which are 0x7ff...ff.
  • Add the smallest multiple of the first N - 129 bits of the binary expansion of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string such that the resulting integer is a safe-prime.
  • The result is the respective RFC 3526 / 7919 prime, and the corresponding generator is always chosen to be 2 (which is a square for these prime, hence the corresponding subgroup has order (p-1)/2 and avoids leaking a bit in the private exponent).
    Warning
    The origin of the primes in RFC 5114 is not documented and their use therefore constitutes a security risk!
    Deprecated:
    The hex-encoded primes from RFC 5114 are deprecated and are likely to be removed in a future version of the library without replacement.
    The hexadecimal presentation of the prime underlying the 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: Additional Diffie-Hellman Groups for Use with IETF Standards.

Definition at line 414 of file dhm.h.

◆ MBEDTLS_DHM_RFC5114_MODP_2048_G

#define MBEDTLS_DHM_RFC5114_MODP_2048_G
Value:
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \
"F180EB34118E98D119529A45D6F834566E3025E316A330EF" \
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \
"81BC087F2A7065B384B890D3191F2BFA" )

The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: Additional Diffie-Hellman Groups for Use with IETF Standards.

Definition at line 433 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_2048_P

#define MBEDTLS_DHM_RFC3526_MODP_2048_P
Value:
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF" )

The hexadecimal presentation of the prime underlying the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Deprecated:
The hex-encoded primes from RFC 3625 are deprecated and superseded by the corresponding macros providing them as binary constants. Their hex-encoded constants are likely to be removed in a future version of the library.

Definition at line 458 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_2048_G

#define MBEDTLS_DHM_RFC3526_MODP_2048_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )

The hexadecimal presentation of the chosen generator of the 2048-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Definition at line 477 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_3072_P

#define MBEDTLS_DHM_RFC3526_MODP_3072_P
Value:
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )

The hexadecimal presentation of the prime underlying the 3072-bit MODP Group, as defined in RFC-3072: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Definition at line 485 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_3072_G

#define MBEDTLS_DHM_RFC3526_MODP_3072_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )

The hexadecimal presentation of the chosen generator of the 3072-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Definition at line 509 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_4096_P

#define MBEDTLS_DHM_RFC3526_MODP_4096_P
Value:
MBEDTLS_DEPRECATED_STRING_CONSTANT( \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
"FFFFFFFFFFFFFFFF" )

The hexadecimal presentation of the prime underlying the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Definition at line 517 of file dhm.h.

◆ MBEDTLS_DHM_RFC3526_MODP_4096_G

#define MBEDTLS_DHM_RFC3526_MODP_4096_G    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )

The hexadecimal presentation of the chosen generator of the 4096-bit MODP Group, as defined in RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

Definition at line 547 of file dhm.h.

Typedef Documentation

◆ mbedtls_dhm_context

typedef struct mbedtls_dhm_context mbedtls_dhm_context

The DHM context structure.

Function Documentation

◆ mbedtls_dhm_init()

void mbedtls_dhm_init ( mbedtls_dhm_context ctx)

This function initializes the DHM context.

Parameters
ctxThe DHM context to initialize.

◆ mbedtls_dhm_read_params()

int mbedtls_dhm_read_params ( mbedtls_dhm_context ctx,
unsigned char **  p,
const unsigned char *  end 
)

This function parses the DHM parameters in a TLS ServerKeyExchange handshake message (DHM modulus, generator, and public key).

Note
In a TLS handshake, this is the how the client sets up its DHM context from the server's public DHM key material.
Parameters
ctxThe DHM context to use. This must be initialized.
pOn input, *p must be the start of the input buffer. On output, *p is updated to point to the end of the data that has been read. On success, this is the first byte past the end of the ServerKeyExchange parameters. On error, this is the point at which an error has been detected, which is usually not useful except to debug failures.
endThe end of the input buffer.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_make_params()

int mbedtls_dhm_make_params ( mbedtls_dhm_context ctx,
int  x_size,
unsigned char *  output,
size_t *  olen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function generates a DHM key pair and exports its public part together with the DHM parameters in the format used in a TLS ServerKeyExchange handshake message.

Note
This function assumes that the DHM parameters ctx->P and ctx->G have already been properly set. For that, use mbedtls_dhm_set_group() below in conjunction with mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
In a TLS handshake, this is the how the server generates and exports its DHM key material.
Parameters
ctxThe DHM context to use. This must be initialized and have the DHM parameters set. It may or may not already have imported the peer's public key.
x_sizeThe private key size in Bytes.
olenThe address at which to store the number of Bytes written on success. This must not be NULL.
outputThe destination buffer. This must be a writable buffer of sufficient size to hold the reduced binary presentation of the modulus, the generator and the public key, each wrapped with a 2-byte length field. It is the responsibility of the caller to ensure that enough space is available. Refer to mbedtls_mpi_size() to computing the byte-size of an MPI.
f_rngThe RNG function. Must not be NULL.
p_rngThe RNG context to be passed to f_rng. This may be NULL if f_rng doesn't need a context parameter.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_set_group()

int mbedtls_dhm_set_group ( mbedtls_dhm_context ctx,
const mbedtls_mpi P,
const mbedtls_mpi G 
)

This function sets the prime modulus and generator.

Note
This function can be used to set ctx->P, ctx->G in preparation for mbedtls_dhm_make_params().
Parameters
ctxThe DHM context to configure. This must be initialized.
PThe MPI holding the DHM prime modulus. This must be an initialized MPI.
GThe MPI holding the DHM generator. This must be an initialized MPI.
Returns
0 if successful.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_read_public()

int mbedtls_dhm_read_public ( mbedtls_dhm_context ctx,
const unsigned char *  input,
size_t  ilen 
)

This function imports the raw public value of the peer.

Note
In a TLS handshake, this is the how the server imports the Client's public DHM key.
Parameters
ctxThe DHM context to use. This must be initialized and have its DHM parameters set, e.g. via mbedtls_dhm_set_group(). It may or may not already have generated its own private key.
inputThe input buffer containing the G^Y value of the peer. This must be a readable buffer of size ilen Bytes.
ilenThe size of the input buffer input in Bytes.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_make_public()

int mbedtls_dhm_make_public ( mbedtls_dhm_context ctx,
int  x_size,
unsigned char *  output,
size_t  olen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function creates a DHM key pair and exports the raw public key in big-endian format.

Note
The destination buffer is always fully written so as to contain a big-endian representation of G^X mod P. If it is larger than ctx->len, it is padded accordingly with zero-bytes at the beginning.
Parameters
ctxThe DHM context to use. This must be initialized and have the DHM parameters set. It may or may not already have imported the peer's public key.
x_sizeThe private key size in Bytes.
outputThe destination buffer. This must be a writable buffer of size olen Bytes.
olenThe length of the destination buffer. This must be at least equal to ctx->len (the size of P).
f_rngThe RNG function. This must not be NULL.
p_rngThe RNG context to be passed to f_rng. This may be NULL if f_rng doesn't need a context argument.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_calc_secret()

int mbedtls_dhm_calc_secret ( mbedtls_dhm_context ctx,
unsigned char *  output,
size_t  output_size,
size_t *  olen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function derives and exports the shared secret (G^Y)^X mod P.

Note
If f_rng is not NULL, it is used to blind the input as a countermeasure against timing attacks. Blinding is used only if our private key X is re-used, and not used otherwise. We recommend always passing a non-NULL f_rng argument.
Parameters
ctxThe DHM context to use. This must be initialized and have its own private key generated and the peer's public key imported.
outputThe buffer to write the generated shared key to. This must be a writable buffer of size output_size Bytes.
output_sizeThe size of the destination buffer. This must be at least the size of ctx->len (the size of P).
olenOn exit, holds the actual number of Bytes written.
f_rngThe RNG function, for blinding purposes. This may b NULL if blinding isn't needed.
p_rngThe RNG context. This may be NULL if f_rng doesn't need a context argument.
Returns
0 on success.
An MBEDTLS_ERR_DHM_XXX error code on failure.

◆ mbedtls_dhm_free()

void mbedtls_dhm_free ( mbedtls_dhm_context ctx)

This function frees and clears the components of a DHM context.

Parameters
ctxThe DHM context to free and clear. This may be NULL, in which case this function is a no-op. If it is not NULL, it must point to an initialized DHM context.