tls_ffdhe.c
Go to the documentation of this file.
1 /**
2  * @file tls_ffdhe.c
3  * @brief FFDHE key exchange
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include <string.h>
36 #include "tls.h"
37 #include "tls_ffdhe.h"
38 #include "debug.h"
39 
40 //Check TLS library configuration
41 #if (TLS_SUPPORT == ENABLED && TLS_FFDHE_SUPPORT == ENABLED)
42 
43 #if (TLS_FFDHE2048_SUPPORT == ENABLED)
44 
45 /**
46  * @brief ffdhe2048 group
47  **/
48 
50 {
51  //Group name
52  "ffdhe2048",
53  //Prime modulus
54  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
55  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
56  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
57  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
58  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
59  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
60  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
61  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
62  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
63  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
64  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
65  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
66  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
67  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
68  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
69  0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
70  256,
71  //Generator
72  2
73 };
74 
75 #endif
76 #if (TLS_FFDHE3072_SUPPORT == ENABLED)
77 
78 /**
79  * @brief ffdhe3072 group
80  **/
81 
83 {
84  //Group name
85  "ffdhe3072",
86  //Prime modulus
87  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
88  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
89  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
90  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
91  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
92  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
93  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
94  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
95  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
96  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
97  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
98  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
99  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
100  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
101  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
102  0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
103  0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
104  0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
105  0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
106  0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
107  0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
108  0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
109  0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
110  0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
111  384,
112  //Generator
113  2
114 };
115 
116 #endif
117 #if (TLS_FFDHE4096_SUPPORT == ENABLED)
118 
119 /**
120  * @brief ffdhe4096 group
121  **/
122 
124 {
125  //Group name
126  "ffdhe4096",
127  //Prime modulus
128  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
129  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
130  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
131  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
132  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
133  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
134  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
135  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
136  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
137  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
138  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
139  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
140  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
141  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
142  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
143  0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
144  0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
145  0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
146  0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
147  0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
148  0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
149  0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
150  0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
151  0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
152  0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
153  0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
154  0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
155  0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
156  0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
157  0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
158  0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
159  0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
160  512,
161  //Generator
162  2
163 };
164 
165 #endif
166 
167 
168 /**
169  * @brief Select the named group to be used when performing FFDHE key exchange
170  * @param[in] context Pointer to the TLS context
171  * @param[in] groupList List of named groups supported by the peer
172  * @return Error code
173  **/
174 
176  const TlsSupportedGroupList *groupList)
177 {
178  error_t error;
179  uint_t i;
180  uint_t j;
181  uint_t n;
182  uint16_t namedGroup;
183  bool_t ffdheGroupFound;
184 
185  //Initialize status code
186  error = ERROR_HANDSHAKE_FAILED;
187 
188  //Initialize flag
189  ffdheGroupFound = FALSE;
190 
191  //Reset the named group to its default value
192  context->namedGroup = TLS_GROUP_NONE;
193 
194  //Check whether a list of named groups is offered by the client
195  if(groupList != NULL)
196  {
197  //Get the number of named groups present in the list
198  n = ntohs(groupList->length) / sizeof(uint16_t);
199 
200  //Any preferred groups?
201  if(context->numSupportedGroups > 0)
202  {
203  //Loop through the list of allowed groups (most preferred first)
204  for(i = 0; i < context->numSupportedGroups; i++)
205  {
206  //Loop through the list of named groups the client supports
207  for(j = 0; j < n; j++)
208  {
209  //Convert the named group to host byte order
210  namedGroup = ntohs(groupList->value[j]);
211 
212  //Check whether the SupportedGroups extension contains codepoints
213  //between 256 and 511, inclusive
214  if(namedGroup >= TLS_GROUP_FFDHE2048 &&
215  namedGroup <= TLS_GROUP_FFDHE_MAX)
216  {
217  //The list contains at least one FFDHE group
218  ffdheGroupFound = TRUE;
219  }
220 
221  //The named group to be used when performing FFDHE key exchange
222  //must be one of those present in the SupportedGroups extension
223  if(context->supportedGroups[i] == namedGroup)
224  {
225  //Acceptable FFDHE group found?
226  if(tlsGetFfdheGroup(context, namedGroup) != NULL)
227  {
228  //Save the named group
229  if(context->namedGroup == TLS_GROUP_NONE)
230  {
231  context->namedGroup = namedGroup;
232  }
233  }
234  }
235  }
236  }
237  }
238  else
239  {
240  //The named group to be used when performing FFDHE key exchange must
241  //be one of those present in the SupportedGroups extension
242  for(j = 0; j < n; j++)
243  {
244  //Convert the named group to host byte order
245  namedGroup = ntohs(groupList->value[j]);
246 
247  //Check whether the SupportedGroups extension contains codepoints
248  //between 256 and 511, inclusive
249  if(namedGroup >= TLS_GROUP_FFDHE2048 &&
250  namedGroup <= TLS_GROUP_FFDHE_MAX)
251  {
252  //The list contains at least one FFDHE group
253  ffdheGroupFound = TRUE;
254  }
255 
256  //Acceptable FFDHE group found?
257  if(tlsGetFfdheGroup(context, namedGroup) != NULL)
258  {
259  //Save the named group
260  if(context->namedGroup == TLS_GROUP_NONE)
261  {
262  context->namedGroup = namedGroup;
263  }
264  }
265  }
266  }
267  }
268 
269  //If the SupportedGroups extension is either absent from the ClientHello
270  //entirely or contains no FFDHE groups, then the server knows that the
271  //client is not compatible with RFC 7919
272  if(!ffdheGroupFound)
273  {
274  //In this scenario, the server may select an FFDHE group of its choice
275  if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE2048) != NULL)
276  {
277  //Select ffdhe2048 finite field group
278  context->namedGroup = TLS_GROUP_FFDHE2048;
279  }
280  else if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE3072) != NULL)
281  {
282  //Select ffdhe3072 finite field group
283  context->namedGroup = TLS_GROUP_FFDHE3072;
284  }
285  else if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE4096) != NULL)
286  {
287  //Select ffdhe4096 finite field group
288  context->namedGroup = TLS_GROUP_FFDHE4096;
289  }
290  else
291  {
292  //Just for sanity
293  context->namedGroup = TLS_GROUP_NONE;
294  }
295  }
296 
297  //If no acceptable choices are presented, then return an error
298  if(context->namedGroup != TLS_GROUP_NONE)
299  {
300  error = NO_ERROR;
301  }
302 
303  //Return status code
304  return error;
305 }
306 
307 
308 /**
309  * @brief Get the FFDHE parameters that match the specified named group
310  * @param[in] context Pointer to the TLS context
311  * @param[in] namedGroup Named group
312  * @return FFDHE parameters
313  **/
314 
315 const TlsFfdheGroup *tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
316 {
317  uint_t i;
318  const TlsFfdheGroup *ffdheGroup;
319 
320  //Check named group
321  switch(namedGroup)
322  {
323 #if (TLS_FFDHE2048_SUPPORT == ENABLED)
324  //ffdhe2048 group?
325  case TLS_GROUP_FFDHE2048:
326  ffdheGroup = &ffdhe2048Group;
327  break;
328 #endif
329 #if (TLS_FFDHE3072_SUPPORT == ENABLED)
330  //ffdhe3072 group?
331  case TLS_GROUP_FFDHE3072:
332  ffdheGroup = &ffdhe3072Group;
333  break;
334 #endif
335 #if (TLS_FFDHE4096_SUPPORT == ENABLED)
336  //ffdhe4096 group?
337  case TLS_GROUP_FFDHE4096:
338  ffdheGroup = &ffdhe4096Group;
339  break;
340 #endif
341  //Unknown group?
342  default:
343  ffdheGroup = NULL;
344  break;
345  }
346 
347  //Restrict the use of certain FFDHE groups
348  if(context->numSupportedGroups > 0)
349  {
350  //Loop through the list of allowed named groups
351  for(i = 0; i < context->numSupportedGroups; i++)
352  {
353  //Compare named groups
354  if(context->supportedGroups[i] == namedGroup)
355  break;
356  }
357 
358  //Check whether the use of the FFDHE group is restricted
359  if(i >= context->numSupportedGroups)
360  ffdheGroup = NULL;
361  }
362 
363  //Return FFDHE parameters, if any
364  return ffdheGroup;
365 }
366 
367 
368 /**
369  * @brief Load FFDHE parameters
370  * @param[out] params Pointer to the structure to be initialized
371  * @param[in] ffdheGroup FFDHE parameters
372  * @return Error code
373  **/
374 
376  const TlsFfdheGroup *ffdheGroup)
377 {
378  error_t error;
379 
380  //Make sure the FFDHE group is supported
381  if(ffdheGroup != NULL)
382  {
383  //Convert the prime modulus to a multiple precision integer
384  error = mpiImport(&params->p, ffdheGroup->p, ffdheGroup->pLen,
386 
387  //Check status code
388  if(!error)
389  {
390  //Convert the generator to a multiple precision integer
391  error = mpiSetValue(&params->g, ffdheGroup->g);
392  }
393  }
394  else
395  {
396  //The specified FFDHE group is not supported
397  error = ERROR_FAILURE;
398  }
399 
400  //Return status code
401  return error;
402 }
403 
404 #endif
int bool_t
Definition: compiler_port.h:49
#define TRUE
Definition: os_port.h:50
error_t mpiSetValue(Mpi *r, int_t a)
Set the value of a multiple precision integer.
Definition: mpi.c:437
@ ERROR_HANDSHAKE_FAILED
Definition: error.h:228
FFDHE parameters.
Definition: tls_ffdhe.h:47
error_t mpiImport(Mpi *r, const uint8_t *data, uint_t length, MpiFormat format)
Octet string to integer conversion.
Definition: mpi.c:533
const TlsFfdheGroup ffdhe2048Group
ffdhe2048 group
Definition: tls_ffdhe.c:49
const TlsFfdheGroup ffdhe3072Group
ffdhe3072 group
Definition: tls_ffdhe.c:82
const TlsFfdheGroup ffdhe4096Group
ffdhe4096 group
Definition: tls_ffdhe.c:123
#define FALSE
Definition: os_port.h:46
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:42
@ TLS_GROUP_NONE
Definition: tls.h:1207
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
@ TLS_GROUP_FFDHE4096
Definition: tls.h:1250
Mpi p
Prime modulus.
Definition: dh.h:50
@ TLS_GROUP_FFDHE2048
Definition: tls.h:1248
const TlsFfdheGroup * tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
Get the FFDHE parameters that match the specified named group.
Definition: tls_ffdhe.c:315
error_t tlsLoadFfdheParameters(DhParameters *params, const TlsFfdheGroup *ffdheGroup)
Load FFDHE parameters.
Definition: tls_ffdhe.c:375
error_t tlsSelectFfdheGroup(TlsContext *context, const TlsSupportedGroupList *groupList)
Select the named group to be used when performing FFDHE key exchange.
Definition: tls_ffdhe.c:175
const uint8_t p[512]
Prime modulus.
Definition: tls_ffdhe.h:50
@ TLS_GROUP_FFDHE3072
Definition: tls.h:1249
#define ntohs(value)
Definition: cpu_endian.h:398
uint8_t n
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
@ TLS_GROUP_FFDHE_MAX
Definition: tls.h:1253
@ MPI_FORMAT_BIG_ENDIAN
Definition: mpi.h:61
TLS (Transport Layer Security)
Mpi g
Generator.
Definition: dh.h:51
FFDHE key exchange.
uint8_t g
Generator.
Definition: tls_ffdhe.h:52
Diffie-Hellman parameters.
Definition: dh.h:48
unsigned int uint_t
Definition: compiler_port.h:45
size_t pLen
Length of the prime modulus, in bytes.
Definition: tls_ffdhe.h:51
@ NO_ERROR
Success.
Definition: error.h:44
Debugging facilities.