48 #if defined(POLARSSL_ECP_C)
52 #if defined(POLARSSL_MEMORY_C)
55 #define polarssl_malloc malloc
56 #define polarssl_free free
62 #if defined(POLARSSL_SELF_TEST)
67 unsigned long add_count, dbl_count;
79 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
82 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
85 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
88 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
91 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
94 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
97 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
100 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
111 return ecp_supported_curves;
182 for( i = 0; i < grp->
T_size; i++ )
253 const char *x,
const char *y )
268 static int ecp_group_read_string_gen(
ecp_group *grp,
int radix,
269 const char *p,
const char *a,
const char *b,
270 const char *gx,
const char *gy,
const char *n)
294 const char *p,
const char *b,
295 const char *gx,
const char *gy,
const char *n)
299 MPI_CHK( ecp_group_read_string_gen( grp, radix, p,
"00", b, gx, gy, n ) );
313 int format,
size_t *olen,
314 unsigned char *buf,
size_t buflen )
341 *olen = 2 * plen + 1;
369 const unsigned char *buf,
size_t ilen ) {
373 if( ilen == 1 && buf[0] == 0x00 )
378 if( ilen != 2 * plen + 1 || buf[0] != 0x04 )
396 const unsigned char **buf,
size_t buf_len )
398 unsigned char data_len;
399 const unsigned char *buf_start;
407 data_len = *(*buf)++;
408 if( data_len < 1 || data_len > buf_len - 1 )
427 int format,
size_t *olen,
428 unsigned char *buf,
size_t blen )
439 olen, buf + 1, blen - 1) ) != 0 )
445 buf[0] = (
unsigned char) *olen;
459 if( grp->
modp == NULL )
477 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
481 #define P192_SIZE_INT ( 192 / CHAR_BIT / sizeof( t_uint ) )
488 #define P192_CHUNKS 3
489 #define P192_CHUNK_CHAR ( 64 / CHAR_BIT )
490 #define P192_CHUNK_INT ( P192_CHUNK_CHAR / sizeof( t_uint ) )
492 const signed char p192_tbl[][P192_CHUNKS] = {
501 static int ecp_mod_p192(
mpi *N )
504 unsigned char i, j, offset;
507 t_uint tmp_p[P192_SIZE_INT], acc_p[P192_SIZE_INT + 1];
510 tmp.
n =
sizeof( tmp_p ) /
sizeof( tmp_p[0] );
514 acc.
n =
sizeof( acc_p ) /
sizeof( acc_p[0] );
522 memset( acc_p, 0,
sizeof( acc_p ) );
523 memcpy( acc_p, N->
p, P192_CHUNK_CHAR * P192_CHUNKS );
525 for( i = 0; i <
sizeof( p192_tbl ) /
sizeof( p192_tbl[0] ); i++)
530 memset( tmp_p, 0,
sizeof( tmp_p ) );
531 for( j = 0, offset = P192_CHUNKS - 1; j < P192_CHUNKS; j++, offset-- )
533 chunk = p192_tbl[i][j];
535 memcpy( tmp_p + offset * P192_CHUNK_INT,
536 N->
p + chunk * P192_CHUNK_INT,
553 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
557 #define P521_SIZE_INT ( 521 / CHAR_BIT / sizeof( t_uint ) + 1 )
562 #if defined(POLARSS_HAVE_INT8)
563 #define P521_MASK 0x01
565 #define P521_MASK 0x01FF
571 static int ecp_mod_p521(
mpi *N )
577 if( N->
n < P521_SIZE_INT )
580 memset( Mp, 0, P521_SIZE_INT *
sizeof(
t_uint ) );
581 memcpy( Mp, N->
p, P521_SIZE_INT *
sizeof(
t_uint ) );
582 Mp[P521_SIZE_INT - 1] &= P521_MASK;
600 #define SECP192R1_P \
601 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"
602 #define SECP192R1_B \
603 "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"
604 #define SECP192R1_GX \
605 "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"
606 #define SECP192R1_GY \
607 "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"
608 #define SECP192R1_N \
609 "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"
614 #define SECP224R1_P \
615 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"
616 #define SECP224R1_B \
617 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"
618 #define SECP224R1_GX \
619 "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"
620 #define SECP224R1_GY \
621 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"
622 #define SECP224R1_N \
623 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"
628 #define SECP256R1_P \
629 "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"
630 #define SECP256R1_B \
631 "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"
632 #define SECP256R1_GX \
633 "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
634 #define SECP256R1_GY \
635 "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"
636 #define SECP256R1_N \
637 "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"
642 #define SECP384R1_P \
643 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
644 "FFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"
645 #define SECP384R1_B \
646 "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE814112" \
647 "0314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"
648 #define SECP384R1_GX \
649 "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B98" \
650 "59F741E082542A385502F25DBF55296C3A545E3872760AB7"
651 #define SECP384R1_GY \
652 "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147C" \
653 "E9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"
654 #define SECP384R1_N \
655 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
656 "C7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"
661 #define SECP521R1_P \
662 "000001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
663 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
664 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
665 #define SECP521R1_B \
666 "00000051953EB9618E1C9A1F929A21A0B68540EEA2DA725B" \
667 "99B315F3B8B489918EF109E156193951EC7E937B1652C0BD" \
668 "3BB1BF073573DF883D2C34F1EF451FD46B503F00"
669 #define SECP521R1_GX \
670 "000000C6858E06B70404E9CD9E3ECB662395B4429C648139" \
671 "053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127" \
672 "A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
673 #define SECP521R1_GY \
674 "0000011839296A789A3BC0045C8A5FB42C7D1BD998F54449" \
675 "579B446817AFBD17273E662C97EE72995EF42640C550B901" \
676 "3FAD0761353C7086A272C24088BE94769FD16650"
677 #define SECP521R1_N \
678 "000001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
679 "FFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148" \
680 "F709A5D03BB5C9B8899C47AEBB6FB71E91386409"
686 "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377"
688 "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9"
690 "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6"
692 "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262"
694 "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997"
696 "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"
702 "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB711" \
703 "23ACD3A729901D1A71874700133107EC53"
705 "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F9" \
706 "0F8AA5814A503AD4EB04A8C7DD22CE2826"
708 "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62" \
709 "D57CB4390295DBC9943AB78696FA504C11"
711 "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10" \
712 "E8E826E03436D646AAEF87B2E247D4AF1E"
714 "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129" \
715 "280E4646217791811142820341263C5315"
717 "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425" \
718 "A7CF3AB6AF6B7FC3103B883202E9046565"
724 "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308" \
725 "717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3"
727 "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863" \
728 "BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA"
730 "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117" \
731 "A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723"
733 "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D009" \
734 "8EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822"
736 "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F81" \
737 "11B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892"
739 "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308" \
740 "70553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"
751 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
753 grp->
modp = ecp_mod_p192;
755 SECP192R1_P, SECP192R1_B,
756 SECP192R1_GX, SECP192R1_GY, SECP192R1_N ) );
759 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
762 SECP224R1_P, SECP224R1_B,
763 SECP224R1_GX, SECP224R1_GY, SECP224R1_N ) );
766 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
769 SECP256R1_P, SECP256R1_B,
770 SECP256R1_GX, SECP256R1_GY, SECP256R1_N ) );
773 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
776 SECP384R1_P, SECP384R1_B,
777 SECP384R1_GX, SECP384R1_GY, SECP384R1_N ) );
780 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
782 grp->
modp = ecp_mod_p521;
784 SECP521R1_P, SECP521R1_B,
785 SECP521R1_GX, SECP521R1_GY, SECP521R1_N ) );
788 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
790 return( ecp_group_read_string_gen( grp, 16,
791 BP256R1_P, BP256R1_A, BP256R1_B,
792 BP256R1_GX, BP256R1_GY, BP256R1_N ) );
795 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
797 return( ecp_group_read_string_gen( grp, 16,
798 BP384R1_P, BP384R1_A, BP384R1_B,
799 BP384R1_GX, BP384R1_GY, BP384R1_N ) );
802 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
804 return( ecp_group_read_string_gen( grp, 16,
805 BP512R1_P, BP512R1_A, BP512R1_B,
806 BP512R1_GX, BP512R1_GY, BP512R1_N ) );
852 unsigned char *buf,
size_t blen )
874 buf[0] = curve_info->
tls_id >> 8;
875 buf[1] = curve_info->
tls_id & 0xFF;
891 if( curve_info->
tls_id == tls_id )
892 return( curve_info );
909 if( curve_info->
grp_id == grp_id )
910 return( curve_info );
929 #define MOD_MUL( N ) MPI_CHK( ecp_modp( &N, grp ) )
934 #define MOD_SUB( N ) \
935 while( mpi_cmp_int( &N, 0 ) < 0 ) \
936 MPI_CHK( mpi_add_mpi( &N, &N, &grp->P ) )
941 #define MOD_ADD( N ) \
942 while( mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
943 MPI_CHK( mpi_sub_mpi( &N, &N, &grp->P ) )
992 static int ecp_normalize_many(
const ecp_group *grp,
1000 return( ecp_normalize( grp, T ) );
1006 for( i = 0; i < t_len; i++ )
1013 for( i = 1; i < t_len; i++ )
1024 for( i = t_len - 1; ; i-- )
1055 for( i = 0; i < t_len; i++ )
1074 mpi T1, T2, T3, X3, Y3, Z3;
1076 #if defined(POLARSSL_SELF_TEST)
1135 mpi T1, T2, T3, T4, X, Y, Z;
1137 #if defined(POLARSSL_SELF_TEST)
1155 if( ret == 0 && sign < 0)
1193 ret = ecp_double_jac( grp, R, P );
1236 MPI_CHK( ecp_add_mixed( grp, R, P, Q , 1 ) );
1237 MPI_CHK( ecp_normalize( grp, R ) );
1251 MPI_CHK( ecp_add_mixed( grp, R, P, Q, -1 ) );
1252 MPI_CHK( ecp_normalize( grp, R ) );
1284 static int ecp_w_naf_fixed(
signed char x[],
size_t k,
1285 unsigned char w,
const mpi *m )
1288 unsigned int i, u, mask, carry;
1294 mask = ( 1 << w ) - 1;
1295 carry = 1 << ( w - 1 );
1297 for( i = 0; i < k; i++ )
1301 if( ( u & 1 ) == 0 && i > 0 )
1325 static int ecp_precompute(
const ecp_group *grp,
1339 for( i = 1; i < t_len; i++ )
1340 MPI_CHK( ecp_add_mixed( grp, &T[i], &T[i-1], &PP, +1 ) );
1345 MPI_CHK( ecp_normalize_many( grp, T + 1, t_len - 1 ) );
1360 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
1364 size_t p_size = (grp->
pbits + 7) / 8;
1402 #define MAX_PRE_LEN ( 1 << (POLARSSL_ECP_WINDOW_SIZE - 1) )
1409 #define MAX_NAF_LEN ( POLARSSL_ECP_MAX_BITS / 2 + 1 )
1426 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
1429 unsigned char w, m_is_odd, p_eq_g;
1430 size_t pre_len = 1, naf_len, i, j;
1431 signed char naf[ MAX_NAF_LEN ];
1457 w = grp->
nbits >= 512 ? 6 :
1458 grp->
nbits >= 224 ? 5 :
1469 if( w < 2 || w >= grp->
nbits )
1472 pre_len <<= ( w - 1 );
1473 naf_len = grp->
nbits / w + 1;
1479 if( ! p_eq_g || grp->
T == NULL )
1488 for( i = 0; i < pre_len; i++ )
1491 MPI_CHK( ecp_precompute( grp, T, pre_len, P ) );
1504 if( pre_len != grp->
T_size )
1523 MPI_CHK( ecp_w_naf_fixed( naf, naf_len, w, &M ) );
1539 ecp_randomize_coordinates( grp, &Q, f_rng, p_rng );
1543 MPI_CHK( ecp_add_mixed( grp, &Q, &Q, &T[ - naf[i] - 1 ], -1 ) );
1547 MPI_CHK( ecp_add_mixed( grp, &Q, &Q, &T[ naf[i] ], +1 ) );
1554 for( j = 0; j < w; j++ )
1556 MPI_CHK( ecp_double_jac( grp, &Q, &Q ) );
1570 if( T != NULL && ! p_eq_g )
1572 for( i = 0; i < pre_len; i++ )
1646 int (*f_rng)(
void *,
unsigned char *,
size_t),
1650 size_t n_size = (grp->
nbits + 7) / 8;
1667 return(
ecp_mul( grp, Q, d, &grp->
G, f_rng, p_rng ) );
1670 #if defined(POLARSSL_SELF_TEST)
1682 unsigned long add_c_prev, dbl_c_prev;
1684 const char *exponents[] =
1686 "000000000000000000000000000000000000000000000000",
1687 "000000000000000000000000000000000000000000000001",
1688 "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
1689 "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25",
1690 "400000000000000000000000000000000000000000000000",
1691 "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
1692 "555555555555555555555555555555555555555555555555",
1701 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
1708 printf(
" ECP test #1 (constant op_count, base point G): " );
1719 for( i = 1; i <
sizeof( exponents ) /
sizeof( exponents[0] ); i++ )
1721 add_c_prev = add_count;
1722 dbl_c_prev = dbl_count;
1729 if( add_count != add_c_prev || dbl_count != dbl_c_prev )
1732 printf(
"failed (%zu)\n", i );
1740 printf(
"passed\n" );
1743 printf(
" ECP test #2 (constant op_count, other point): " );
1751 for( i = 1; i <
sizeof( exponents ) /
sizeof( exponents[0] ); i++ )
1753 add_c_prev = add_count;
1754 dbl_c_prev = dbl_count;
1761 if( add_count != add_c_prev || dbl_count != dbl_c_prev )
1764 printf(
"failed (%zu)\n", i );
1772 printf(
"passed\n" );
1776 if( ret < 0 && verbose != 0 )
1777 printf(
"Unexpected error, return code = %08X\n", ret );
int mpi_cmp_int(const mpi *X, t_sint z)
Compare signed values.
#define POLARSSL_ECP_TLS_NAMED_CURVE
ECCurveType's named_curve.
int ecp_sub(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Subtraction: R = P - Q.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
#define POLARSSL_ERR_ECP_BAD_INPUT_DATA
Bad input parameters to function.
void ecp_keypair_init(ecp_keypair *key)
Initialize a key pair (as an invalid one)
int ecp_group_copy(ecp_group *dst, const ecp_group *src)
Copy the contents of a group object.
void *(* polarssl_malloc)(size_t len)
#define POLARSSL_ECP_PF_COMPRESSED
Compressed point format.
const ecp_curve_info * ecp_curve_list(void)
Return the list of supported curves with associated info.
int ecp_self_test(int verbose)
Checkup routine.
Elliptic curves over GF(p)
int mpi_fill_random(mpi *X, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Fill an MPI X with size bytes of random.
#define POLARSSL_ERR_ECP_MALLOC_FAILED
Memory allocation failed.
#define POLARSSL_ECP_PF_UNCOMPRESSED
Uncompressed point format.
Configuration options (set of defines)
int mpi_add_int(mpi *X, const mpi *A, t_sint b)
Signed addition: X = A + b.
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
void mpi_init(mpi *X)
Initialize one MPI.
int mpi_cmp_mpi(const mpi *X, const mpi *Y)
Compare signed values.
#define POLARSSL_ECP_WINDOW_SIZE
Maximum NAF width used.
int mpi_shift_r(mpi *X, size_t count)
Right-shift: X >>= count.
#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
The buffer is too small to write to.
int mpi_add_mpi(mpi *X, const mpi *A, const mpi *B)
Signed addition: X = A + B.
ECP point structure (jacobian coordinates)
int ecp_is_zero(ecp_point *pt)
Tell if a point is zero.
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
void(* polarssl_free)(void *ptr)
const ecp_curve_info * ecp_curve_info_from_grp_id(ecp_group_id grp_id)
Get curve information from an internal group identifier.
int mpi_inv_mod(mpi *X, const mpi *A, const mpi *N)
Modular inverse: X = A^-1 mod N.
int ecp_point_read_string(ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
void mpi_free(mpi *X)
Unallocate one MPI.
int mpi_mul_int(mpi *X, const mpi *A, t_sint b)
Baseline multiplication: X = A * b Note: b is an unsigned integer type, thus Negative values of b are...
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
int mpi_grow(mpi *X, size_t nblimbs)
Enlarge to the specified number of limbs.
Curve information for use by other modules.
int ecp_tls_write_point(const ecp_group *grp, const ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant '1' bit'.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_add_abs(mpi *X, const mpi *A, const mpi *B)
Unsigned addition: X = |A| + |B|.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
int ecp_copy(ecp_point *P, const ecp_point *Q)
Copy the contents of point Q into P.
int mpi_read_binary(mpi *X, const unsigned char *buf, size_t buflen)
Import X from unsigned binary data, big endian.
int ecp_tls_write_group(const ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
int ecp_point_write_binary(const ecp_group *grp, const ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
Export a point into unsigned binary data.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
#define POLARSSL_ERR_ECP_RANDOM_FAILED
Generation of random value, such as (ephemeral) key, failed.
size_t mpi_size(const mpi *X)
Return the total size in bytes.
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
int mpi_mod_mpi(mpi *R, const mpi *A, const mpi *B)
Modulo: R = A mod B.
int mpi_get_bit(const mpi *X, size_t pos)
Get a specific bit from X.
int mpi_write_binary(const mpi *X, unsigned char *buf, size_t buflen)
Export X into unsigned binary data, big endian.
int ecp_tls_read_group(ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
const ecp_curve_info * ecp_curve_info_from_tls_id(uint16_t tls_id)
Get curve information from a TLS NamedCurve value.
int ecp_add(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Addition: R = P + Q.
int mpi_mul_mpi(mpi *X, const mpi *A, const mpi *B)
Baseline multiplication: X = A * B.
int ecp_set_zero(ecp_point *pt)
Set a point to zero.
int mpi_sub_mpi(mpi *X, const mpi *A, const mpi *B)
Signed substraction: X = A - B.
#define POLARSSL_ERR_ECP_INVALID_KEY
Invalid private or public key.
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
int ecp_tls_read_point(const ecp_group *grp, ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
int ecp_group_read_string(ecp_group *grp, int radix, const char *p, const char *b, const char *gx, const char *gy, const char *n)
Import an ECP group from null-terminated ASCII strings.
void ecp_point_free(ecp_point *pt)
Free the components of a point.