mbedtls_dhm_calc_secret() function

This function derives and exports the shared secret \c (G^Y)^X mod \c P.

Syntax

Show:

Summary

Declaration

from dhm.h:282

int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);

Arguments

Argument

Description

ctx

The DHM context to use. This must be initialized and have its own private key generated and the peer's public key imported.

output

The buffer to write the generated shared key to. This must be a writable buffer of size \p output_size Bytes.

output_size

The size of the destination buffer. This must be at least the size of \c ctx->len (the size of \c P).

olen

On exit, holds the actual number of Bytes written.

f_rng

The RNG function. Must not be \c NULL. Used for blinding.

p_rng

The RNG context to be passed to \p f_rng. This may be \c NULL if \p f_rng doesn't need a context parameter.

Return value

\c 0 on success. An \c MBEDTLS_ERR_DHM_XXX error code on failure.

Notes

If \p f_rng is not \c NULL, it is used to blind the input as a countermeasure against timing attacks. Blinding is used only if our private key \c X is re-used, and not used otherwise. We recommend always passing a non-NULL \p f_rng argument.