tls_ffdhe.c
Go to the documentation of this file.
1 /**
2  * @file tls_ffdhe.c
3  * @brief FFDHE key exchange
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 //Switch to the appropriate trace level
30 #define TRACE_LEVEL TLS_TRACE_LEVEL
31 
32 //Dependencies
33 #include <string.h>
34 #include "tls.h"
35 #include "tls_ffdhe.h"
36 #include "debug.h"
37 
38 //Check TLS library configuration
39 #if (TLS_SUPPORT == ENABLED && TLS_FFDHE_SUPPORT == ENABLED)
40 
41 #if (TLS_FFDHE2048_SUPPORT == ENABLED)
42 
43 /**
44  * @brief ffdhe2048 group
45  **/
46 
48 {
49  //Group name
50  "ffdhe2048",
51  //Prime modulus
52  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
53  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
54  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
55  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
56  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
57  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
58  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
59  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
60  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
61  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
62  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
63  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
64  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
65  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
66  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
67  0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
68  256,
69  //Generator
70  2
71 };
72 
73 #endif
74 #if (TLS_FFDHE3072_SUPPORT == ENABLED)
75 
76 /**
77  * @brief ffdhe3072 group
78  **/
79 
81 {
82  //Group name
83  "ffdhe3072",
84  //Prime modulus
85  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
86  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
87  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
88  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
89  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
90  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
91  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
92  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
93  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
94  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
95  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
96  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
97  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
98  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
99  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
100  0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
101  0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
102  0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
103  0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
104  0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
105  0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
106  0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
107  0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
108  0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
109  384,
110  //Generator
111  2
112 };
113 
114 #endif
115 #if (TLS_FFDHE4096_SUPPORT == ENABLED)
116 
117 /**
118  * @brief ffdhe4096 group
119  **/
120 
122 {
123  //Group name
124  "ffdhe4096",
125  //Prime modulus
126  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
127  0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
128  0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
129  0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
130  0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
131  0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
132  0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
133  0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
134  0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
135  0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
136  0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
137  0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
138  0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
139  0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
140  0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
141  0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
142  0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
143  0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
144  0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
145  0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
146  0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
147  0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
148  0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
149  0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
150  0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
151  0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
152  0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
153  0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
154  0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
155  0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
156  0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
157  0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
158  512,
159  //Generator
160  2
161 };
162 
163 #endif
164 
165 
166 /**
167  * @brief Select the named group to be used when performing FFDHE key exchange
168  * @param[in] context Pointer to the TLS context
169  * @param[in] groupList List of named groups supported by the peer
170  * @return Error code
171  **/
172 
174  const TlsSupportedGroupList *groupList)
175 {
176  error_t error;
177  uint_t i;
178  uint_t j;
179  uint_t n;
180  uint16_t namedGroup;
181  bool_t ffdheGroupFound;
182 
183  //Initialize status code
184  error = ERROR_HANDSHAKE_FAILED;
185 
186  //Initialize flag
187  ffdheGroupFound = FALSE;
188 
189  //Reset the named group to its default value
190  context->namedGroup = TLS_GROUP_NONE;
191 
192  //Check whether a list of named groups is offered by the client
193  if(groupList != NULL)
194  {
195  //Get the number of named groups present in the list
196  n = ntohs(groupList->length) / sizeof(uint16_t);
197 
198  //Any preferred groups?
199  if(context->numSupportedGroups > 0)
200  {
201  //Loop through the list of allowed groups (most preferred first)
202  for(i = 0; i < context->numSupportedGroups; i++)
203  {
204  //Loop through the list of named groups the client supports
205  for(j = 0; j < n; j++)
206  {
207  //Convert the named group to host byte order
208  namedGroup = ntohs(groupList->value[j]);
209 
210  //Check whether the SupportedGroups extension contains codepoints
211  //between 256 and 511, inclusive
212  if(namedGroup >= TLS_GROUP_FFDHE2048 &&
213  namedGroup <= TLS_GROUP_FFDHE_MAX)
214  {
215  //The list contains at least one FFDHE group
216  ffdheGroupFound = TRUE;
217  }
218 
219  //The named group to be used when performing FFDHE key exchange
220  //must be one of those present in the SupportedGroups extension
221  if(context->supportedGroups[i] == namedGroup)
222  {
223  //Acceptable FFDHE group found?
224  if(tlsGetFfdheGroup(context, namedGroup) != NULL)
225  {
226  //Save the named group
227  if(context->namedGroup == TLS_GROUP_NONE)
228  {
229  context->namedGroup = namedGroup;
230  }
231  }
232  }
233  }
234  }
235  }
236  else
237  {
238  //The named group to be used when performing FFDHE key exchange must
239  //be one of those present in the SupportedGroups extension
240  for(j = 0; j < n; j++)
241  {
242  //Convert the named group to host byte order
243  namedGroup = ntohs(groupList->value[j]);
244 
245  //Check whether the SupportedGroups extension contains codepoints
246  //between 256 and 511, inclusive
247  if(namedGroup >= TLS_GROUP_FFDHE2048 &&
248  namedGroup <= TLS_GROUP_FFDHE_MAX)
249  {
250  //The list contains at least one FFDHE group
251  ffdheGroupFound = TRUE;
252  }
253 
254  //Acceptable FFDHE group found?
255  if(tlsGetFfdheGroup(context, namedGroup) != NULL)
256  {
257  //Save the named group
258  if(context->namedGroup == TLS_GROUP_NONE)
259  {
260  context->namedGroup = namedGroup;
261  }
262  }
263  }
264  }
265  }
266 
267  //If the SupportedGroups extension is either absent from the ClientHello
268  //entirely or contains no FFDHE groups, then the server knows that the
269  //client is not compatible with RFC 7919
270  if(!ffdheGroupFound)
271  {
272  //In this scenario, the server may select an FFDHE group of its choice
273  if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE2048) != NULL)
274  {
275  //Select ffdhe2048 finite field group
276  context->namedGroup = TLS_GROUP_FFDHE2048;
277  }
278  else if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE3072) != NULL)
279  {
280  //Select ffdhe3072 finite field group
281  context->namedGroup = TLS_GROUP_FFDHE3072;
282  }
283  else if(tlsGetFfdheGroup(context, TLS_GROUP_FFDHE4096) != NULL)
284  {
285  //Select ffdhe4096 finite field group
286  context->namedGroup = TLS_GROUP_FFDHE4096;
287  }
288  else
289  {
290  //Just for sanity
291  context->namedGroup = TLS_GROUP_NONE;
292  }
293  }
294 
295  //If no acceptable choices are presented, then return an error
296  if(context->namedGroup != TLS_GROUP_NONE)
297  {
298  error = NO_ERROR;
299  }
300 
301  //Return status code
302  return error;
303 }
304 
305 
306 /**
307  * @brief Get the FFDHE parameters that match the specified named group
308  * @param[in] context Pointer to the TLS context
309  * @param[in] namedGroup Named group
310  * @return FFDHE parameters
311  **/
312 
313 const TlsFfdheGroup *tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
314 {
315  uint_t i;
316  const TlsFfdheGroup *ffdheGroup;
317 
318  //Check named group
319  switch(namedGroup)
320  {
321 #if (TLS_FFDHE2048_SUPPORT == ENABLED)
322  //ffdhe2048 group?
323  case TLS_GROUP_FFDHE2048:
324  ffdheGroup = &ffdhe2048Group;
325  break;
326 #endif
327 #if (TLS_FFDHE3072_SUPPORT == ENABLED)
328  //ffdhe3072 group?
329  case TLS_GROUP_FFDHE3072:
330  ffdheGroup = &ffdhe3072Group;
331  break;
332 #endif
333 #if (TLS_FFDHE4096_SUPPORT == ENABLED)
334  //ffdhe4096 group?
335  case TLS_GROUP_FFDHE4096:
336  ffdheGroup = &ffdhe4096Group;
337  break;
338 #endif
339  //Unknown group?
340  default:
341  ffdheGroup = NULL;
342  break;
343  }
344 
345  //Restrict the use of certain FFDHE groups
346  if(context->numSupportedGroups > 0)
347  {
348  //Loop through the list of allowed named groups
349  for(i = 0; i < context->numSupportedGroups; i++)
350  {
351  //Compare named groups
352  if(context->supportedGroups[i] == namedGroup)
353  break;
354  }
355 
356  //Check whether the use of the FFDHE group is restricted
357  if(i >= context->numSupportedGroups)
358  ffdheGroup = NULL;
359  }
360 
361  //Return FFDHE parameters, if any
362  return ffdheGroup;
363 }
364 
365 
366 /**
367  * @brief Load FFDHE parameters
368  * @param[out] params Pointer to the structure to be initialized
369  * @param[in] ffdheGroup FFDHE parameters
370  * @return Error code
371  **/
372 
374  const TlsFfdheGroup *ffdheGroup)
375 {
376  error_t error;
377 
378  //Make sure the FFDHE group is supported
379  if(ffdheGroup != NULL)
380  {
381  //Convert the prime modulus to a multiple precision integer
382  error = mpiImport(&params->p, ffdheGroup->p, ffdheGroup->pLen,
384 
385  //Check status code
386  if(!error)
387  {
388  //Convert the generator to a multiple precision integer
389  error = mpiSetValue(&params->g, ffdheGroup->g);
390  }
391  }
392  else
393  {
394  //The specified FFDHE group is not supported
395  error = ERROR_FAILURE;
396  }
397 
398  //Return status code
399  return error;
400 }
401 
402 #endif
TLS (Transport Layer Security)
FFDHE key exchange.
Debugging facilities.
Generic error code.
Definition: error.h:43
FFDHE parameters.
Definition: tls_ffdhe.h:45
const TlsFfdheGroup ffdhe2048Group
ffdhe2048 group
Definition: tls_ffdhe.c:47
const TlsFfdheGroup ffdhe4096Group
ffdhe4096 group
Definition: tls_ffdhe.c:121
error_t mpiImport(Mpi *r, const uint8_t *data, uint_t length, MpiFormat format)
Octet string to integer conversion.
Definition: mpi.c:511
const TlsFfdheGroup ffdhe3072Group
ffdhe3072 group
Definition: tls_ffdhe.c:80
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
error_t tlsLoadFfdheParameters(DhParameters *params, const TlsFfdheGroup *ffdheGroup)
Load FFDHE parameters.
Definition: tls_ffdhe.c:373
#define TRUE
Definition: os_port.h:48
Mpi g
Generator.
Definition: dh.h:49
error_t mpiSetValue(Mpi *r, int_t a)
Set the value of a multiple precision integer.
Definition: mpi.c:429
#define ntohs(value)
Definition: cpu_endian.h:396
const TlsFfdheGroup * tlsGetFfdheGroup(TlsContext *context, uint16_t namedGroup)
Get the FFDHE parameters that match the specified named group.
Definition: tls_ffdhe.c:313
error_t tlsSelectFfdheGroup(TlsContext *context, const TlsSupportedGroupList *groupList)
Select the named group to be used when performing FFDHE key exchange.
Definition: tls_ffdhe.c:173
const uint8_t p[512]
Prime modulus.
Definition: tls_ffdhe.h:48
Success.
Definition: error.h:42
error_t
Error codes.
Definition: error.h:40
unsigned int uint_t
Definition: compiler_port.h:43
uint8_t g
Generator.
Definition: tls_ffdhe.h:50
size_t pLen
Length of the prime modulus, in bytes.
Definition: tls_ffdhe.h:49
uint8_t n
#define FALSE
Definition: os_port.h:44
#define TlsContext
Definition: tls.h:34
Diffie-Hellman parameters.
Definition: dh.h:46
int bool_t
Definition: compiler_port.h:47
Mpi p
Prime modulus.
Definition: dh.h:48