Mistake on this page?
Report an issue in GitHub or email us
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages
ecp_alt.h
1 /*
2  * mbed Microcontroller Library
3  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
4  * Copyright (C) 2019 Cypress Semiconductor Corporation
5  * SPDX-License-Identifier: Apache-2.0
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License"); you may
8  * not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 
20 /**
21  * \file ecp.h
22  * \version 1.0
23  *
24  * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
25  *
26  * The use of ECP in cryptography and TLS is defined in
27  * <em>Standards for Efficient Cryptography Group (SECG): SEC1
28  * Elliptic Curve Cryptography</em> and
29  * <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
30  * for Transport Layer Security (TLS)</em>.
31  *
32  * <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
33  * group types.
34  *
35  */
36 
37 #ifndef ECP_ALT_H
38 #define ECP_ALT_H
39 
40 #include "bignum.h"
41 
42 #ifdef __cplusplus
43 extern "C" {
44 #endif
45 
46 #if defined(MBEDTLS_ECP_ALT)
47 
48 #include "cy_crypto_core_ecc.h"
49 
50 /*
51  * default mbed TLS elliptic curve arithmetic implementation
52  *
53  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
54  * alternative implementation for the whole module and it will replace this
55  * one.)
56  */
57 
58 /**
59  * \brief The ECP group structure.
60  *
61  * We consider two types of curve equations:
62  * <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
63  * (SEC1 + RFC-4492)</li>
64  * <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
65  * Curve448)</li></ul>
66  * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
67  *
68  * For Short Weierstrass, this subgroup is the whole curve, and its
69  * cardinality is denoted by \p N. Our code requires that \p N is an
70  * odd prime as mbedtls_ecp_mul() requires an odd number, and
71  * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
72  *
73  * For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
74  * which is the quantity used in the formulas. Additionally, \p nbits is
75  * not the size of \p N but the required size for private keys.
76  *
77  * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
78  * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
79  * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
80  * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
81  * in size, so that it may be efficiently brought in the 0..P-1 range by a few
82  * additions or subtractions. Therefore, it is only an approximative modular
83  * reduction. It must return 0 on success and non-zero on failure.
84  *
85  */
86 typedef struct mbedtls_ecp_group
87 {
88  mbedtls_ecp_group_id id; /*!< An internal group identifier. */
89  mbedtls_mpi P; /*!< The prime modulus of the base field. */
90  mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
91  Montgomery curves: <code>(A + 2) / 4</code>. */
92  mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
93  For Montgomery curves: unused. */
94  mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
95  mbedtls_mpi N; /*!< The order of \p G. */
96  size_t pbits; /*!< The number of bits in \p P.*/
97  size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
98  For Montgomery curves: the number of bits in the
99  private keys. */
100  unsigned int h; /*!< \internal 1 if the constants are static. */
101  int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
102  mod \p P (see above).*/
103  int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
104  int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
105  void *t_data; /*!< Unused. */
106  mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
107  size_t T_size; /*!< The number of pre-computed points. */
108 }
109 mbedtls_ecp_group;
110 
111 #define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
112 
113 /* We want to declare restartable versions of existing functions anyway */
114 typedef void mbedtls_ecp_restart_ctx;
115 
116 
117 /**
118  * \name SECTION: Module settings
119  *
120  * The configuration options you can set for this module are in this section.
121  * Either change them in config.h, or define them using the compiler command line.
122  * \{
123  */
124 
125 #if !defined(MBEDTLS_ECP_MAX_BITS)
126 /**
127  * The maximum size of the groups, that is, of \c N and \c P.
128  */
129 #define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
130 #endif
131 
132 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
133 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
134 
135 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
136 /*
137  * Maximum "window" size used for point multiplication.
138  * Default: 6.
139  * Minimum value: 2. Maximum value: 7.
140  *
141  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
142  * points used for point multiplication. This value is directly tied to EC
143  * peak memory usage, so decreasing it by one should roughly cut memory usage
144  * by two (if large curves are in use).
145  *
146  * Reduction in size may reduce speed, but larger curves are impacted first.
147  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
148  * w-size: 6 5 4 3 2
149  * 521 145 141 135 120 97
150  * 384 214 209 198 177 146
151  * 256 320 320 303 262 226
152  * 224 475 475 453 398 342
153  * 192 640 640 633 587 476
154  */
155 #define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */
156 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
157 
158 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
159 /*
160  * Trade memory for speed on fixed-point multiplication.
161  *
162  * This speeds up repeated multiplication of the generator (that is, the
163  * multiplication in ECDSA signatures, and half of the multiplications in
164  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
165  *
166  * The cost is increasing EC peak memory usage by a factor roughly 2.
167  *
168  * Change this value to 0 to reduce peak memory usage.
169  */
170 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
171 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
172 
173 /* \} name SECTION: Module settings */
174 
175 cy_en_crypto_ecc_curve_id_t cy_get_dp_idx(mbedtls_ecp_group_id gid);
176 
177 #endif /* MBEDTLS_ECP_ALT */
178 
179 #ifdef __cplusplus
180 }
181 #endif
182 
183 #endif /* ecp_alt.h */
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.