Add support for passphrase in the context

2015-08-13 09:37:00 +02:00 · 2015-08-13 09:37:00 +02:00 · 23dcbe3f16
commit 23dcbe3f16
parent 4e8bc78ad9
2 changed files with 26 additions and 7 deletions
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@ -42,6 +42,8 @@ typedef struct

    mbedtls_mpi xa;                     /**< Our first secret (x1 or x3)    */
    mbedtls_mpi xb;                     /**< Our second secret (x2 or x4)   */
+
+    mbedtls_mpi s;                      /**< Pre-shared secret              */
 } mbedtls_ecjpake_context;

 /*
@ -61,13 +63,17 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
 * \param ctx       context to set up
 * \param hash      hash function to use (MBEDTLS_MD_XXX)
 * \param curve     elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
+ * \param secret    shared secret
+ * \param len       length of the shared secret
 *
 * \return          0 if successfull,
 *                  a negative error code otherwise
 */
 int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve );
+                           mbedtls_ecp_group_id curve,
+                           const unsigned char *secret,
+                           size_t len );

 /*
 * \brief           Generate and write contents of ClientHello extension
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -54,6 +54,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )

    mbedtls_mpi_init( &ctx->xa );
    mbedtls_mpi_init( &ctx->xb );
+    mbedtls_mpi_init( &ctx->s  );
 }

 /*
@ -74,6 +75,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )

    mbedtls_mpi_free( &ctx->xa );
    mbedtls_mpi_free( &ctx->xb );
+    mbedtls_mpi_free( &ctx->s  );
 }

 /*
@ -81,17 +83,25 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
 */
 int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve )
+                           mbedtls_ecp_group_id curve,
+                           const unsigned char *secret,
+                           size_t len )
 {
    int ret;

    if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );

-    if( ( ret = mbedtls_ecp_group_load( &ctx->grp, curve ) ) != 0 )
-        return( ret );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );

-    return( 0 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->s, &ctx->s, &ctx->grp.N ) );
+
+cleanup:
+    if( ret != 0 )
+        mbedtls_ecjpake_free( ctx );
+
+    return( ret );
 }

 /*
@ -575,12 +585,15 @@ int mbedtls_ecjpake_self_test( int verbose )
    mbedtls_ecjpake_context ctx;
    unsigned char buf[1000];
    size_t len;
+    char secret[] = "test passphrase";

    mbedtls_ecjpake_init( &ctx );

    /* Common to all tests */
-    TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_MD_SHA256,
-                                        MBEDTLS_ECP_DP_SECP256R1 ) == 0 );
+    TEST_ASSERT( mbedtls_ecjpake_setup( &ctx,
+                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+                    (const unsigned char *) secret,
+                    sizeof( secret ) - 1 ) == 0 );

    if( verbose != 0 )
        mbedtls_printf( "  ECJPAKE test #1 (client ext read): " );