mbed TLS v1.3.21
ecp.h
Go to the documentation of this file.
1 
24 #ifndef POLARSSL_ECP_H
25 #define POLARSSL_ECP_H
26 
27 #include "bignum.h"
28 
29 /*
30  * ECP error codes
31  */
32 #define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80
33 #define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
34 #define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
35 #define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00
36 #define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80
37 #define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00
38 #define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80
39 #define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
54 typedef enum
55 {
72 } ecp_group_id;
73 
79 #define POLARSSL_ECP_DP_MAX 12
80 
84 typedef struct
85 {
87  uint16_t tls_id;
88  uint16_t size;
89  const char *name;
91 
101 typedef struct
102 {
103  mpi X;
104  mpi Y;
105  mpi Z;
106 }
107 ecp_point;
108 
133 typedef struct
134 {
136  mpi P;
137  mpi A;
138  mpi B;
140  mpi N;
141  size_t pbits;
142  size_t nbits;
143  unsigned int h;
144  int (*modp)(mpi *);
145  int (*t_pre)(ecp_point *, void *);
146  int (*t_post)(ecp_point *, void *);
147  void *t_data;
149  size_t T_size;
150 }
151 ecp_group;
152 
160 typedef struct
161 {
163  mpi d;
165 }
167 
176 #if !defined(POLARSSL_ECP_MAX_BITS)
177 
180 #define POLARSSL_ECP_MAX_BITS 521
181 #endif
182 
183 #define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 )
184 #define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
185 
186 #if !defined(POLARSSL_ECP_WINDOW_SIZE)
187 /*
188  * Maximum "window" size used for point multiplication.
189  * Default: 6.
190  * Minimum value: 2. Maximum value: 7.
191  *
192  * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
193  * points used for point multiplication. This value is directly tied to EC
194  * peak memory usage, so decreasing it by one should roughly cut memory usage
195  * by two (if large curves are in use).
196  *
197  * Reduction in size may reduce speed, but larger curves are impacted first.
198  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
199  * w-size: 6 5 4 3 2
200  * 521 145 141 135 120 97
201  * 384 214 209 198 177 146
202  * 256 320 320 303 262 226
203 
204  * 224 475 475 453 398 342
205  * 192 640 640 633 587 476
206  */
207 #define POLARSSL_ECP_WINDOW_SIZE 6
208 #endif /* POLARSSL_ECP_WINDOW_SIZE */
209 
210 #if !defined(POLARSSL_ECP_FIXED_POINT_OPTIM)
211 /*
212  * Trade memory for speed on fixed-point multiplication.
213  *
214  * This speeds up repeated multiplication of the generator (that is, the
215  * multiplication in ECDSA signatures, and half of the multiplications in
216  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
217  *
218  * The cost is increasing EC peak memory usage by a factor roughly 2.
219  *
220  * Change this value to 0 to reduce peak memory usage.
221  */
222 #define POLARSSL_ECP_FIXED_POINT_OPTIM 1
223 #endif /* POLARSSL_ECP_FIXED_POINT_OPTIM */
224 
225 /* \} name SECTION: Module settings */
226 
227 /*
228  * Point formats, from RFC 4492's enum ECPointFormat
229  */
230 #define POLARSSL_ECP_PF_UNCOMPRESSED 0
231 #define POLARSSL_ECP_PF_COMPRESSED 1
233 /*
234  * Some other constants from RFC 4492
235  */
236 #define POLARSSL_ECP_TLS_NAMED_CURVE 3
244 const ecp_curve_info *ecp_curve_list( void );
245 
253 const ecp_group_id *ecp_grp_id_list( void );
254 
263 
271 const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
272 
280 const ecp_curve_info *ecp_curve_info_from_name( const char *name );
281 
285 void ecp_point_init( ecp_point *pt );
286 
290 void ecp_group_init( ecp_group *grp );
291 
295 void ecp_keypair_init( ecp_keypair *key );
296 
300 void ecp_point_free( ecp_point *pt );
301 
305 void ecp_group_free( ecp_group *grp );
306 
310 void ecp_keypair_free( ecp_keypair *key );
311 
321 int ecp_copy( ecp_point *P, const ecp_point *Q );
322 
332 int ecp_group_copy( ecp_group *dst, const ecp_group *src );
333 
342 int ecp_set_zero( ecp_point *pt );
343 
351 int ecp_is_zero( ecp_point *pt );
352 
363 int ecp_point_read_string( ecp_point *P, int radix,
364  const char *x, const char *y );
365 
380 int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
381  int format, size_t *olen,
382  unsigned char *buf, size_t buflen );
383 
402 int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
403  const unsigned char *buf, size_t ilen );
404 
419 int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
420  const unsigned char **buf, size_t len );
421 
436 int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
437  int format, size_t *olen,
438  unsigned char *buf, size_t blen );
439 
455 int ecp_group_read_string( ecp_group *grp, int radix,
456  const char *p, const char *b,
457  const char *gx, const char *gy, const char *n);
458 
472 int ecp_use_known_dp( ecp_group *grp, ecp_group_id id );
473 
487 int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len );
488 
500 int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
501  unsigned char *buf, size_t blen );
502 
517 int ecp_add( const ecp_group *grp, ecp_point *R,
518  const ecp_point *P, const ecp_point *Q );
519 
534 int ecp_sub( const ecp_group *grp, ecp_point *R,
535  const ecp_point *P, const ecp_point *Q );
536 
563 int ecp_mul( ecp_group *grp, ecp_point *R,
564  const mpi *m, const ecp_point *P,
565  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
566 
588 int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
589 
603 int ecp_check_privkey( const ecp_group *grp, const mpi *d );
604 
621 int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
622  int (*f_rng)(void *, unsigned char *, size_t),
623  void *p_rng );
624 
636 int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
637  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
638 
649 int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv );
650 
651 #if defined(POLARSSL_SELF_TEST)
652 
657 int ecp_self_test( int verbose );
658 #endif
659 
660 #ifdef __cplusplus
661 }
662 #endif
663 
664 #endif /* ecp.h */
size_t pbits
Definition: ecp.h:141
int ecp_sub(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Subtraction: R = P - Q.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
void ecp_keypair_init(ecp_keypair *key)
Initialize a key pair (as an invalid one)
int ecp_group_copy(ecp_group *dst, const ecp_group *src)
Copy the contents of a group object.
void * t_data
Definition: ecp.h:147
ecp_group_id grp_id
Definition: ecp.h:86
const char * name
Definition: ecp.h:89
int ecp_self_test(int verbose)
Checkup routine.
mpi P
Definition: ecp.h:136
ecp_group grp
Definition: ecp.h:162
ECP group structure.
Definition: ecp.h:133
unsigned int h
Definition: ecp.h:143
ECP key pair structure.
Definition: ecp.h:160
mpi d
Definition: ecp.h:163
MPI structure.
Definition: bignum.h:183
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
mpi X
Definition: ecp.h:103
int ecp_check_pub_priv(const ecp_keypair *pub, const ecp_keypair *prv)
Check a public-private key pair.
Multi-precision integer library.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id id)
Set a group using well-known domain parameters.
int ecp_gen_key(ecp_group_id grp_id, ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
ecp_point G
Definition: ecp.h:139
ecp_group_id id
Definition: ecp.h:135
ECP point structure (jacobian coordinates)
Definition: ecp.h:101
size_t T_size
Definition: ecp.h:149
int ecp_is_zero(ecp_point *pt)
Tell if a point is zero.
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
mpi B
Definition: ecp.h:138
mpi N
Definition: ecp.h:140
const ecp_curve_info * ecp_curve_info_from_grp_id(ecp_group_id grp_id)
Get curve information from an internal group identifier.
int ecp_point_read_string(ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
Curve information for use by other modules.
Definition: ecp.h:84
int ecp_tls_write_point(const ecp_group *grp, const ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
uint16_t size
Definition: ecp.h:88
int ecp_copy(ecp_point *P, const ecp_point *Q)
Copy the contents of point Q into P.
mpi A
Definition: ecp.h:137
int ecp_tls_write_group(const ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:54
int ecp_point_write_binary(const ecp_group *grp, const ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
Export a point into unsigned binary data.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
size_t nbits
Definition: ecp.h:142
mpi Y
Definition: ecp.h:104
int ecp_tls_read_group(ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
ecp_point Q
Definition: ecp.h:164
mpi Z
Definition: ecp.h:105
uint16_t tls_id
Definition: ecp.h:87
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
const ecp_curve_info * ecp_curve_info_from_tls_id(uint16_t tls_id)
Get curve information from a TLS NamedCurve value.
const ecp_curve_info * ecp_curve_info_from_name(const char *name)
Get curve information from a human-readable name.
int ecp_add(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Addition: R = P + Q.
int ecp_set_zero(ecp_point *pt)
Set a point to zero.
ecp_point * T
Definition: ecp.h:148
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
int ecp_tls_read_point(const ecp_group *grp, ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
const ecp_group_id * ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)
int ecp_group_read_string(ecp_group *grp, int radix, const char *p, const char *b, const char *gx, const char *gy, const char *n)
Import an ECP group from null-terminated ASCII strings.
void ecp_point_free(ecp_point *pt)
Free the components of a point.