TlsContext *tlsInit(void)
{
TlsContext *context;
//Allocate a memory buffer to hold the TLS context
context = osAllocMem(sizeof(TlsContext));
//Failed to allocate memory
if(!context) return NULL;
//Clear TLS context
memset(context, 0, sizeof(TlsContext));
//Reference to the underlying socket
#if (TLS_BSD_SOCKET_SUPPORT == ENABLED)
context->socket = -1;
#else
context->socket = NULL;
#endif
//Default operation mode
context->entity = TLS_CONNECTION_END_CLIENT;
//Default TLS version
context->version = TLS_MIN_VERSION;
//Default client authentication mode
context->clientAuthMode = TLS_CLIENT_AUTH_NONE;
//Initialize Diffie-Hellman context
dhInit(&context->dhContext);
//Initialize ECDH context
ecdhInit(&context->ecdhContext);
//Initialize peer's RSA public key
rsaInitPublicKey(&context->peerRsaPublicKey);
//Initialize peer's DSA public key
dsaInitPublicKey(&context->peerDsaPublicKey);
//Initialize peer's EC domain parameters
ecInitDomainParameters(&context->peerEcParams);
//Initialize peer's EC public key
ecInit(&context->peerEcPublicKey);
//Allocate send and receive buffers
context->txBuffer = osAllocMem(TLS_TX_BUFFER_SIZE);
context->rxBuffer = osAllocMem(TLS_RX_BUFFER_SIZE);
//Failed to allocate memory?
if(!context->txBuffer || !context->rxBuffer)
{
//Free previously allocated memory
osFreeMem(context->txBuffer);
osFreeMem(context->rxBuffer);
osFreeMem(context);
//Report an error
return NULL;
}
//Clear send and receive buffers
memset(context->txBuffer, 0, TLS_TX_BUFFER_SIZE);
memset(context->rxBuffer, 0, TLS_RX_BUFFER_SIZE);
//Return a handle to the freshly created TLS context
return context;
}
void ecInitDomainParameters(EcDomainParameters *params)
{
//Initialize structure
params->type = EC_CURVE_TYPE_NONE;
params->mod = NULL;
//Initialize EC domain parameters
mpiInit(¶ms->p);
mpiInit(¶ms->a);
mpiInit(¶ms->b);
ecInit(¶ms->g);
mpiInit(¶ms->q);
}
error_t ecFullSub(const EcDomainParameters *params, EcPoint *r, const EcPoint *s, const EcPoint *t)
{
error_t error;
EcPoint u;
//Initialize EC point
ecInit(&u);
//Set Ux = Tx and Uz = Tz
MPI_CHECK(mpiCopy(&u.x, &t->x));
MPI_CHECK(mpiCopy(&u.z, &t->z));
//Set Uy = p - Ty
MPI_CHECK(mpiSub(&u.y, ¶ms->p, &t->y));
//Compute R = S + U
EC_CHECK(ecFullAdd(params, r, s, &u));
end:
//Release EC point
ecFree(&u);
//Return status code
return error;
}
error_t ecTwinMult(const EcDomainParameters *params, EcPoint *r,
const Mpi *d0, const EcPoint *s, const Mpi *d1, const EcPoint *t)
{
error_t error;
int_t k;
uint_t m;
uint_t m0;
uint_t m1;
uint_t c0;
uint_t c1;
uint_t h0;
uint_t h1;
int_t u0;
int_t u1;
EcPoint spt;
EcPoint smt;
//Initialize EC points
ecInit(&spt);
ecInit(&smt);
//Precompute SpT = S + T
EC_CHECK(ecFullAdd(params, &spt, s, t));
//Precompute SmT = S - T
EC_CHECK(ecFullSub(params, &smt, s, t));
//Let m0 be the bit length of d0
m0 = mpiGetBitLength(d0);
//Let m1 be the bit length of d1
m1 = mpiGetBitLength(d1);
//Let m = MAX(m0, m1)
m = MAX(m0, m1);
//Let c be a 2 x 6 binary matrix
c0 = mpiGetBitValue(d0, m - 4);
c0 |= mpiGetBitValue(d0, m - 3) << 1;
c0 |= mpiGetBitValue(d0, m - 2) << 2;
c0 |= mpiGetBitValue(d0, m - 1) << 3;
c1 = mpiGetBitValue(d1, m - 4);
c1 |= mpiGetBitValue(d1, m - 3) << 1;
c1 |= mpiGetBitValue(d1, m - 2) << 2;
c1 |= mpiGetBitValue(d1, m - 1) << 3;
//Set R = (1, 1, 0)
MPI_CHECK(mpiSetValue(&r->x, 1));
MPI_CHECK(mpiSetValue(&r->y, 1));
MPI_CHECK(mpiSetValue(&r->z, 0));
//Calculate both multiplications at the same time
for(k = m; k >= 0; k--)
{
//Compute h(0) = 16 * c(0,1) + 8 * c(0,2) + 4 * c(0,3) + 2 * c(0,4) + c(0,5)
h0 = c0 & 0x1F;
//Check whether c(0,0) == 1
if(c0 & 0x20)
h0 = 31 - h0;
//Compute h(1) = 16 * c(1,1) + 8 * c(1,2) + 4 * c(1,3) + 2 * c(1,4) + c(1,5)
h1 = c1 & 0x1F;
//Check whether c(1,0) == 1
if(c1 & 0x20)
h1 = 31 - h1;
//Compute u(0)
if(h0 < ecTwinMultF(h1))
u0 = 0;
else if(c0 & 0x20)
u0 = -1;
else
u0 = 1;
//Compute u(1)
if(h1 < ecTwinMultF(h0))
u1 = 0;
else if(c1 & 0x20)
u1 = -1;
else
u1 = 1;
//Update c matrix
c0 <<= 1;
c0 |= mpiGetBitValue(d0, k - 5);
c0 ^= u0 ? 0x20 : 0x00;
c1 <<= 1;
c1 |= mpiGetBitValue(d1, k - 5);
c1 ^= u1 ? 0x20 : 0x00;
//Point doubling
EC_CHECK(ecDouble(params, r, r));
//Check u(0) and u(1)
if(u0 == -1 && u1 == -1)
{
//Compute R = R - SpT
EC_CHECK(ecFullSub(params, r, r, &spt));
}
else if(u0 == -1 && u1 == 0)
{
//Compute R = R - S
EC_CHECK(ecFullSub(params, r, r, s));
}
else if(u0 == -1 && u1 == 1)
{
//Compute R = R - SmT
EC_CHECK(ecFullSub(params, r, r, &smt));
}
else if(u0 == 0 && u1 == -1)
{
//Compute R = R - T
EC_CHECK(ecFullSub(params, r, r, t));
}
else if(u0 == 0 && u1 == 1)
{
//Compute R = R + T
EC_CHECK(ecFullAdd(params, r, r, t));
}
else if(u0 == 1 && u1 == -1)
{
//Compute R = R + SmT
EC_CHECK(ecFullAdd(params, r, r, &smt));
}
else if(u0 == 1 && u1 == 0)
{
//Compute R = R + S
EC_CHECK(ecFullAdd(params, r, r, s));
}
else if(u0 == 1 && u1 == 1)
{
//Compute R = R + SpT
EC_CHECK(ecFullAdd(params, r, r, &spt));
}
}
end:
//Release EC points
ecFree(&spt);
ecFree(&smt);
//Return status code
return error;
}
