mbed TLS v2.7.6
ecp.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_ECP_H
25 #define MBEDTLS_ECP_H
26 
27 #include "bignum.h"
28 
29 /*
30  * ECP error codes
31  */
32 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
33 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
34 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
35 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
36 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
37 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
38 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
39 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
40 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80
42 #if !defined(MBEDTLS_ECP_ALT)
43 /*
44  * default mbed TLS elliptic curve arithmetic implementation
45  *
46  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
47  * alternative implementation for the whole module and it will replace this
48  * one.)
49  */
50 
51 #ifdef __cplusplus
52 extern "C" {
53 #endif
54 
64 typedef enum
65 {
80 
86 #define MBEDTLS_ECP_DP_MAX 12
87 
91 typedef struct
92 {
93  mbedtls_ecp_group_id grp_id;
94  uint16_t tls_id;
95  uint16_t bit_size;
96  const char *name;
98 
108 typedef struct
109 {
113 }
115 
140 typedef struct
141 {
142  mbedtls_ecp_group_id id;
148  size_t pbits;
149  size_t nbits;
150  unsigned int h;
151  int (*modp)(mbedtls_mpi *);
152  int (*t_pre)(mbedtls_ecp_point *, void *);
153  int (*t_post)(mbedtls_ecp_point *, void *);
154  void *t_data;
156  size_t T_size;
157 }
159 
167 typedef struct
168 {
172 }
174 
183 #if !defined(MBEDTLS_ECP_MAX_BITS)
184 
187 #define MBEDTLS_ECP_MAX_BITS 521
188 #endif
189 
190 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
191 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
192 
193 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
194 /*
195  * Maximum "window" size used for point multiplication.
196  * Default: 6.
197  * Minimum value: 2. Maximum value: 7.
198  *
199  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
200  * points used for point multiplication. This value is directly tied to EC
201  * peak memory usage, so decreasing it by one should roughly cut memory usage
202  * by two (if large curves are in use).
203  *
204  * Reduction in size may reduce speed, but larger curves are impacted first.
205  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
206  * w-size: 6 5 4 3 2
207  * 521 145 141 135 120 97
208  * 384 214 209 198 177 146
209  * 256 320 320 303 262 226
210 
211  * 224 475 475 453 398 342
212  * 192 640 640 633 587 476
213  */
214 #define MBEDTLS_ECP_WINDOW_SIZE 6
215 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
216 
217 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
218 /*
219  * Trade memory for speed on fixed-point multiplication.
220  *
221  * This speeds up repeated multiplication of the generator (that is, the
222  * multiplication in ECDSA signatures, and half of the multiplications in
223  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
224  *
225  * The cost is increasing EC peak memory usage by a factor roughly 2.
226  *
227  * Change this value to 0 to reduce peak memory usage.
228  */
229 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
230 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
231 
232 /* \} name SECTION: Module settings */
233 
234 /*
235  * Point formats, from RFC 4492's enum ECPointFormat
236  */
237 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0
238 #define MBEDTLS_ECP_PF_COMPRESSED 1
240 /*
241  * Some other constants from RFC 4492
242  */
243 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3
251 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
252 
260 const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
261 
269 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
270 
279 
288 
293 
298 
303 
308 
313 
318 
329 
340 
350 
359 
373  const mbedtls_ecp_point *Q );
374 
386  const char *x, const char *y );
387 
403  int format, size_t *olen,
404  unsigned char *buf, size_t buflen );
405 
425  const unsigned char *buf, size_t ilen );
426 
442  const unsigned char **buf, size_t len );
443 
459  int format, size_t *olen,
460  unsigned char *buf, size_t blen );
461 
475 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
476 
490 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
491 
503 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
504  unsigned char *buf, size_t blen );
505 
533  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
534  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
535 
557  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
558  const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
559 
582 
596 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
597 
616  const mbedtls_ecp_point *G,
618  int (*f_rng)(void *, unsigned char *, size_t),
619  void *p_rng );
620 
638  int (*f_rng)(void *, unsigned char *, size_t),
639  void *p_rng );
640 
652 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
653  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
654 
666 
667 #if defined(MBEDTLS_SELF_TEST)
668 
674 int mbedtls_ecp_self_test( int verbose );
675 
676 #endif /* MBEDTLS_SELF_TEST */
677 
678 #ifdef __cplusplus
679 }
680 #endif
681 
682 #else /* MBEDTLS_ECP_ALT */
683 #include "ecp_alt.h"
684 #endif /* MBEDTLS_ECP_ALT */
685 
686 #endif /* ecp.h */
uint16_t tls_id
Definition: ecp.h:94
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
Tell if a point is zero.
mbedtls_mpi N
Definition: ecp.h:147
mbedtls_mpi Z
Definition: ecp.h:112
int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
Multiplication and addition of two points by integers: R = m * P + n * Q (Not thread-safe to use same...
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
Check a public-private key pair.
int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
mbedtls_mpi Y
Definition: ecp.h:111
mbedtls_ecp_group grp
Definition: ecp.h:169
ECP key pair structure.
Definition: ecp.h:167
int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
Set a point to zero.
int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
Copy the contents of point Q into P.
const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)
int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
Copy the contents of a group object.
size_t nbits
Definition: ecp.h:149
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
Free the components of a point.
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
Initialize a key pair (as an invalid one)
size_t pbits
Definition: ecp.h:148
mbedtls_mpi X
Definition: ecp.h:110
Multi-precision integer library.
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
ECP group structure.
Definition: ecp.h:140
int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, const mbedtls_mpi *d)
Check that an mbedtls_mpi is a valid private key for this curve.
mbedtls_ecp_group_id id
Definition: ecp.h:142
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
Get curve information from an internal group identifier.
int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
Free the components of an ECP group.
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
Check that a point is a valid public key on this curve.
mbedtls_mpi A
Definition: ecp.h:144
mbedtls_mpi P
Definition: ecp.h:143
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
Free the components of a key pair.
int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
mbedtls_ecp_point Q
Definition: ecp.h:171
void * t_data
Definition: ecp.h:154
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
Initialize a point (as zero)
mbedtls_ecp_group_id
Definition: ecp.h:64
int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
int mbedtls_ecp_self_test(int verbose)
Checkup routine.
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
Export a point into unsigned binary data.
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
Get curve information from a TLS NamedCurve value.
int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
mbedtls_ecp_group_id grp_id
Definition: ecp.h:93
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair with configurable base point.
mbedtls_mpi d
Definition: ecp.h:170
unsigned int h
Definition: ecp.h:150
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
Compare two points.
int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
size_t T_size
Definition: ecp.h:156
mbedtls_ecp_point * T
Definition: ecp.h:155
mbedtls_ecp_point G
Definition: ecp.h:146
MPI structure.
Definition: bignum.h:180
ECP point structure (jacobian coordinates)
Definition: ecp.h:108
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name(const char *name)
Get curve information from a human-readable name.
const char * name
Definition: ecp.h:96
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
Set a group using well-known domain parameters.
uint16_t bit_size
Definition: ecp.h:95
mbedtls_mpi B
Definition: ecp.h:145
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
Initialize a group (to something meaningless)