[tls] Allow for NIST elliptic curve point formats

The elliptic curve point representation for the x25519 curve includes
only the X value, since the curve is designed such that the Montgomery
ladder does not need to ever know or calculate a Y value.  There is no
curve point format byte: the public key data is simply the X value.
The pre-master secret is also simply the X value of the shared secret
curve point.

The point representation for the NIST curves includes both X and Y
values, and a single curve point format byte that must indicate that
the format is uncompressed.  The pre-master secret for the NIST curves
does not include both X and Y values: only the X value is used.

Extend the definition of an elliptic curve to allow the point size to
be specified separately from the key size, and extend the definition
of a TLS named curve to include an optional curve point format byte
and a pre-master secret length.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2 files changed, 2 insertions, 0 deletions

diff --git a/src/crypto/mishmash/oid_x25519.c b/src/crypto/mishmash/oid_x25519.c
index 2f8aa065b..30b7905ea 100644
--- a/src/crypto/mishmash/oid_x25519.c
+++ b/src/crypto/mishmash/oid_x25519.c
@@ -42,4 +42,5 @@ struct asn1_algorithm x25519_algorithm __asn1_algorithm = {
 struct tls_named_curve tls_x25519_named_curve __tls_named_curve ( 01 ) = {
 	.curve = &x25519_curve,
 	.code = htons ( TLS_NAMED_CURVE_X25519 ),
+	.pre_master_secret_len = sizeof ( struct x25519_value ),
 };
diff --git a/src/crypto/x25519.c b/src/crypto/x25519.c
index ab5d2e8b0..995cfa352 100644
--- a/src/crypto/x25519.c
+++ b/src/crypto/x25519.c
@@ -839,6 +839,7 @@ static int x25519_curve_multiply ( const void *base, const void *scalar,
 /** X25519 elliptic curve */
 struct elliptic_curve x25519_curve = {
 	.name = "x25519",
+	.pointsize = sizeof ( struct x25519_value ),
 	.keysize = sizeof ( struct x25519_value ),
 	.multiply = x25519_curve_multiply,
 };