2 * xdh.c: x-coordinate-only Montgomery-ladder elliptic-curve Diffie--Hellman
5 * This file is Free Software. It was originally written for secnet.
7 * Copyright 2017 Mark Wooding
9 * You may redistribute secnet as a whole and/or modify it under the
10 * terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 3, or (at your option) any
14 * You may redistribute this file and/or modify it under the terms of
15 * the GNU General Public License as published by the Free Software
16 * Foundation; either version 2, or (at your option) any later
19 * This software is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with this software; if not, see
26 * https://www.gnu.org/licenses/gpl.html.
41 typedef void xdh_fn(uint8_t *z
, const uint8_t *k
, const uint8_t *x
);
50 static int32_t xdh_makepublic(void *sst
, void *pub
, int32_t publen
,
51 uint8_t *k
, int32_t klen
)
55 assert(klen
== st
->ops
.secret_len
);
56 assert(publen
>= st
->ops
.public_len
);
57 st
->fn(pub
, k
, st
->base
);
58 return st
->ops
.public_len
;
61 static bool_t
xdh_makeshared(void *sst
,
62 uint8_t *k
, int32_t klen
,
63 const void *pub
, int32_t publen
,
64 uint8_t *z
, int32_t zlen
)
68 assert(klen
== st
->ops
.secret_len
);
69 assert(zlen
>= st
->ops
.shared_len
);
70 if (publen
!= st
->ops
.public_len
) {
72 "xdh_makeshared: incoming public point has wrong length");
79 static void make_xdh_closure(dict_t
*dict
, const char *name
, xdh_fn
*fn
,
80 const uint8_t *base
, size_t sz
, int cap
)
85 st
->cl
.description
= name
;
88 st
->cl
.interface
= &st
->ops
;
90 st
->ops
.makepublic
= xdh_makepublic
;
91 st
->ops
.makeshared
= xdh_makeshared
;
92 st
->ops
.secret_len
= st
->ops
.public_len
= st
->ops
.shared_len
= sz
;
93 st
->ops
.capab_bit
= cap
;
96 dict_add(dict
, name
, new_closure(&st
->cl
));
99 void xdh_module(dict_t
*dict
)
101 make_xdh_closure(dict
, "x25519", x25519
, x25519_base
,
102 X25519_PUBSZ
, CAPAB_BIT_X25519
);
103 make_xdh_closure(dict
, "x448", x448
, x448_base
,
104 X448_PUBSZ
, CAPAB_BIT_X448
);