sandbox
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Christopher Haster
Embed:
(wiki syntax)
Show/hide line numbers
ecp.h
Go to the documentation of this file.
00001 /** 00002 * \file ecp.h 00003 * 00004 * \brief Elliptic curves over GF(p) 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_ECP_H 00024 #define MBEDTLS_ECP_H 00025 00026 #include "bignum.h" 00027 00028 /* 00029 * ECP error codes 00030 */ 00031 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ 00032 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ 00033 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */ 00034 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ 00035 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ 00036 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ 00037 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ 00038 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ 00039 00040 #ifdef __cplusplus 00041 extern "C" { 00042 #endif 00043 00044 /** 00045 * Domain parameters (curve, subgroup and generator) identifiers. 00046 * 00047 * Only curves over prime fields are supported. 00048 * 00049 * \warning This library does not support validation of arbitrary domain 00050 * parameters. Therefore, only well-known domain parameters from trusted 00051 * sources should be used. See mbedtls_ecp_group_load(). 00052 */ 00053 typedef enum 00054 { 00055 MBEDTLS_ECP_DP_NONE = 0, 00056 MBEDTLS_ECP_DP_SECP192R1 , /*!< 192-bits NIST curve */ 00057 MBEDTLS_ECP_DP_SECP224R1 , /*!< 224-bits NIST curve */ 00058 MBEDTLS_ECP_DP_SECP256R1 , /*!< 256-bits NIST curve */ 00059 MBEDTLS_ECP_DP_SECP384R1 , /*!< 384-bits NIST curve */ 00060 MBEDTLS_ECP_DP_SECP521R1 , /*!< 521-bits NIST curve */ 00061 MBEDTLS_ECP_DP_BP256R1 , /*!< 256-bits Brainpool curve */ 00062 MBEDTLS_ECP_DP_BP384R1 , /*!< 384-bits Brainpool curve */ 00063 MBEDTLS_ECP_DP_BP512R1 , /*!< 512-bits Brainpool curve */ 00064 MBEDTLS_ECP_DP_CURVE25519 , /*!< Curve25519 */ 00065 MBEDTLS_ECP_DP_SECP192K1 , /*!< 192-bits "Koblitz" curve */ 00066 MBEDTLS_ECP_DP_SECP224K1 , /*!< 224-bits "Koblitz" curve */ 00067 MBEDTLS_ECP_DP_SECP256K1 , /*!< 256-bits "Koblitz" curve */ 00068 } mbedtls_ecp_group_id; 00069 00070 /** 00071 * Number of supported curves (plus one for NONE). 00072 * 00073 * (Montgomery curves excluded for now.) 00074 */ 00075 #define MBEDTLS_ECP_DP_MAX 12 00076 00077 /** 00078 * Curve information for use by other modules 00079 */ 00080 typedef struct 00081 { 00082 mbedtls_ecp_group_id grp_id ; /*!< Internal identifier */ 00083 uint16_t tls_id ; /*!< TLS NamedCurve identifier */ 00084 uint16_t bit_size ; /*!< Curve size in bits */ 00085 const char *name ; /*!< Human-friendly name */ 00086 } mbedtls_ecp_curve_info; 00087 00088 /** 00089 * \brief ECP point structure (jacobian coordinates) 00090 * 00091 * \note All functions expect and return points satisfying 00092 * the following condition: Z == 0 or Z == 1. (Other 00093 * values of Z are used by internal functions only.) 00094 * The point is zero, or "at infinity", if Z == 0. 00095 * Otherwise, X and Y are its standard (affine) coordinates. 00096 */ 00097 typedef struct 00098 { 00099 mbedtls_mpi X ; /*!< the point's X coordinate */ 00100 mbedtls_mpi Y ; /*!< the point's Y coordinate */ 00101 mbedtls_mpi Z ; /*!< the point's Z coordinate */ 00102 } 00103 mbedtls_ecp_point; 00104 00105 /** 00106 * \brief ECP group structure 00107 * 00108 * We consider two types of curves equations: 00109 * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) 00110 * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) 00111 * In both cases, a generator G for a prime-order subgroup is fixed. In the 00112 * short weierstrass, this subgroup is actually the whole curve, and its 00113 * cardinal is denoted by N. 00114 * 00115 * In the case of Short Weierstrass curves, our code requires that N is an odd 00116 * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.) 00117 * 00118 * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is 00119 * the quantity actually used in the formulas. Also, nbits is not the size of N 00120 * but the required size for private keys. 00121 * 00122 * If modp is NULL, reduction modulo P is done using a generic algorithm. 00123 * Otherwise, it must point to a function that takes an mbedtls_mpi in the range 00124 * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more 00125 * than pbits, so that the integer may be efficiently brought in the 0..P-1 00126 * range by a few additions or substractions. It must return 0 on success and 00127 * non-zero on failure. 00128 */ 00129 typedef struct 00130 { 00131 mbedtls_ecp_group_id id ; /*!< internal group identifier */ 00132 mbedtls_mpi P ; /*!< prime modulus of the base field */ 00133 mbedtls_mpi A ; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ 00134 mbedtls_mpi B ; /*!< 1. B in the equation, or 2. unused */ 00135 mbedtls_ecp_point G ; /*!< generator of the (sub)group used */ 00136 mbedtls_mpi N ; /*!< 1. the order of G, or 2. unused */ 00137 size_t pbits ; /*!< number of bits in P */ 00138 size_t nbits ; /*!< number of bits in 1. P, or 2. private keys */ 00139 unsigned int h ; /*!< internal: 1 if the constants are static */ 00140 int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */ 00141 int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */ 00142 int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */ 00143 void *t_data ; /*!< unused */ 00144 mbedtls_ecp_point *T ; /*!< pre-computed points for ecp_mul_comb() */ 00145 size_t T_size ; /*!< number for pre-computed points */ 00146 } 00147 mbedtls_ecp_group; 00148 00149 /** 00150 * \brief ECP key pair structure 00151 * 00152 * A generic key pair that could be used for ECDSA, fixed ECDH, etc. 00153 * 00154 * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. 00155 */ 00156 typedef struct 00157 { 00158 mbedtls_ecp_group grp ; /*!< Elliptic curve and base point */ 00159 mbedtls_mpi d ; /*!< our secret value */ 00160 mbedtls_ecp_point Q ; /*!< our public value */ 00161 } 00162 mbedtls_ecp_keypair; 00163 00164 /** 00165 * \name SECTION: Module settings 00166 * 00167 * The configuration options you can set for this module are in this section. 00168 * Either change them in config.h or define them on the compiler command line. 00169 * \{ 00170 */ 00171 00172 #if !defined(MBEDTLS_ECP_MAX_BITS) 00173 /** 00174 * Maximum size of the groups (that is, of N and P) 00175 */ 00176 #define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 00177 #endif 00178 00179 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) 00180 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) 00181 00182 #if !defined(MBEDTLS_ECP_WINDOW_SIZE) 00183 /* 00184 * Maximum "window" size used for point multiplication. 00185 * Default: 6. 00186 * Minimum value: 2. Maximum value: 7. 00187 * 00188 * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) 00189 * points used for point multiplication. This value is directly tied to EC 00190 * peak memory usage, so decreasing it by one should roughly cut memory usage 00191 * by two (if large curves are in use). 00192 * 00193 * Reduction in size may reduce speed, but larger curves are impacted first. 00194 * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): 00195 * w-size: 6 5 4 3 2 00196 * 521 145 141 135 120 97 00197 * 384 214 209 198 177 146 00198 * 256 320 320 303 262 226 00199 00200 * 224 475 475 453 398 342 00201 * 192 640 640 633 587 476 00202 */ 00203 #define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 00204 #endif /* MBEDTLS_ECP_WINDOW_SIZE */ 00205 00206 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) 00207 /* 00208 * Trade memory for speed on fixed-point multiplication. 00209 * 00210 * This speeds up repeated multiplication of the generator (that is, the 00211 * multiplication in ECDSA signatures, and half of the multiplications in 00212 * ECDSA verification and ECDHE) by a factor roughly 3 to 4. 00213 * 00214 * The cost is increasing EC peak memory usage by a factor roughly 2. 00215 * 00216 * Change this value to 0 to reduce peak memory usage. 00217 */ 00218 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 00219 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ 00220 00221 /* \} name SECTION: Module settings */ 00222 00223 /* 00224 * Point formats, from RFC 4492's enum ECPointFormat 00225 */ 00226 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ 00227 #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ 00228 00229 /* 00230 * Some other constants from RFC 4492 00231 */ 00232 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ 00233 00234 /** 00235 * \brief Get the list of supported curves in order of preferrence 00236 * (full information) 00237 * 00238 * \return A statically allocated array, the last entry is 0. 00239 */ 00240 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); 00241 00242 /** 00243 * \brief Get the list of supported curves in order of preferrence 00244 * (grp_id only) 00245 * 00246 * \return A statically allocated array, 00247 * terminated with MBEDTLS_ECP_DP_NONE. 00248 */ 00249 const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); 00250 00251 /** 00252 * \brief Get curve information from an internal group identifier 00253 * 00254 * \param grp_id A MBEDTLS_ECP_DP_XXX value 00255 * 00256 * \return The associated curve information or NULL 00257 */ 00258 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); 00259 00260 /** 00261 * \brief Get curve information from a TLS NamedCurve value 00262 * 00263 * \param tls_id A MBEDTLS_ECP_DP_XXX value 00264 * 00265 * \return The associated curve information or NULL 00266 */ 00267 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); 00268 00269 /** 00270 * \brief Get curve information from a human-readable name 00271 * 00272 * \param name The name 00273 * 00274 * \return The associated curve information or NULL 00275 */ 00276 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); 00277 00278 /** 00279 * \brief Initialize a point (as zero) 00280 */ 00281 void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); 00282 00283 /** 00284 * \brief Initialize a group (to something meaningless) 00285 */ 00286 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); 00287 00288 /** 00289 * \brief Initialize a key pair (as an invalid one) 00290 */ 00291 void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); 00292 00293 /** 00294 * \brief Free the components of a point 00295 */ 00296 void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); 00297 00298 /** 00299 * \brief Free the components of an ECP group 00300 */ 00301 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); 00302 00303 /** 00304 * \brief Free the components of a key pair 00305 */ 00306 void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); 00307 00308 /** 00309 * \brief Copy the contents of point Q into P 00310 * 00311 * \param P Destination point 00312 * \param Q Source point 00313 * 00314 * \return 0 if successful, 00315 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00316 */ 00317 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); 00318 00319 /** 00320 * \brief Copy the contents of a group object 00321 * 00322 * \param dst Destination group 00323 * \param src Source group 00324 * 00325 * \return 0 if successful, 00326 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00327 */ 00328 int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); 00329 00330 /** 00331 * \brief Set a point to zero 00332 * 00333 * \param pt Destination point 00334 * 00335 * \return 0 if successful, 00336 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00337 */ 00338 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); 00339 00340 /** 00341 * \brief Tell if a point is zero 00342 * 00343 * \param pt Point to test 00344 * 00345 * \return 1 if point is zero, 0 otherwise 00346 */ 00347 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); 00348 00349 /** 00350 * \brief Compare two points 00351 * 00352 * \note This assumes the points are normalized. Otherwise, 00353 * they may compare as "not equal" even if they are. 00354 * 00355 * \param P First point to compare 00356 * \param Q Second point to compare 00357 * 00358 * \return 0 if the points are equal, 00359 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise 00360 */ 00361 int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, 00362 const mbedtls_ecp_point *Q ); 00363 00364 /** 00365 * \brief Import a non-zero point from two ASCII strings 00366 * 00367 * \param P Destination point 00368 * \param radix Input numeric base 00369 * \param x First affine coordinate as a null-terminated string 00370 * \param y Second affine coordinate as a null-terminated string 00371 * 00372 * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code 00373 */ 00374 int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, 00375 const char *x, const char *y ); 00376 00377 /** 00378 * \brief Export a point into unsigned binary data 00379 * 00380 * \param grp Group to which the point should belong 00381 * \param P Point to export 00382 * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro 00383 * \param olen Length of the actual output 00384 * \param buf Output buffer 00385 * \param buflen Length of the output buffer 00386 * 00387 * \return 0 if successful, 00388 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA 00389 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00390 */ 00391 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, 00392 int format, size_t *olen, 00393 unsigned char *buf, size_t buflen ); 00394 00395 /** 00396 * \brief Import a point from unsigned binary data 00397 * 00398 * \param grp Group to which the point should belong 00399 * \param P Point to import 00400 * \param buf Input buffer 00401 * \param ilen Actual length of input 00402 * 00403 * \return 0 if successful, 00404 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid, 00405 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, 00406 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format 00407 * is not implemented. 00408 * 00409 * \note This function does NOT check that the point actually 00410 * belongs to the given group, see mbedtls_ecp_check_pubkey() for 00411 * that. 00412 */ 00413 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, 00414 const unsigned char *buf, size_t ilen ); 00415 00416 /** 00417 * \brief Import a point from a TLS ECPoint record 00418 * 00419 * \param grp ECP group used 00420 * \param pt Destination point 00421 * \param buf $(Start of input buffer) 00422 * \param len Buffer length 00423 * 00424 * \note buf is updated to point right after the ECPoint on exit 00425 * 00426 * \return 0 if successful, 00427 * MBEDTLS_ERR_MPI_XXX if initialization failed 00428 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid 00429 */ 00430 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, 00431 const unsigned char **buf, size_t len ); 00432 00433 /** 00434 * \brief Export a point as a TLS ECPoint record 00435 * 00436 * \param grp ECP group used 00437 * \param pt Point to export 00438 * \param format Export format 00439 * \param olen length of data written 00440 * \param buf Buffer to write to 00441 * \param blen Buffer length 00442 * 00443 * \return 0 if successful, 00444 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA 00445 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00446 */ 00447 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, 00448 int format, size_t *olen, 00449 unsigned char *buf, size_t blen ); 00450 00451 /** 00452 * \brief Set a group using well-known domain parameters 00453 * 00454 * \param grp Destination group 00455 * \param index Index in the list of well-known domain parameters 00456 * 00457 * \return 0 if successful, 00458 * MBEDTLS_ERR_MPI_XXX if initialization failed 00459 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups 00460 * 00461 * \note Index should be a value of RFC 4492's enum NamedCurve, 00462 * usually in the form of a MBEDTLS_ECP_DP_XXX macro. 00463 */ 00464 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index ); 00465 00466 /** 00467 * \brief Set a group from a TLS ECParameters record 00468 * 00469 * \param grp Destination group 00470 * \param buf &(Start of input buffer) 00471 * \param len Buffer length 00472 * 00473 * \note buf is updated to point right after ECParameters on exit 00474 * 00475 * \return 0 if successful, 00476 * MBEDTLS_ERR_MPI_XXX if initialization failed 00477 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid 00478 */ 00479 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); 00480 00481 /** 00482 * \brief Write the TLS ECParameters record for a group 00483 * 00484 * \param grp ECP group used 00485 * \param olen Number of bytes actually written 00486 * \param buf Buffer to write to 00487 * \param blen Buffer length 00488 * 00489 * \return 0 if successful, 00490 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00491 */ 00492 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, 00493 unsigned char *buf, size_t blen ); 00494 00495 /** 00496 * \brief Multiplication by an integer: R = m * P 00497 * (Not thread-safe to use same group in multiple threads) 00498 * 00499 * \note In order to prevent timing attacks, this function 00500 * executes the exact same sequence of (base field) 00501 * operations for any valid m. It avoids any if-branch or 00502 * array index depending on the value of m. 00503 * 00504 * \note If f_rng is not NULL, it is used to randomize intermediate 00505 * results in order to prevent potential timing attacks 00506 * targeting these results. It is recommended to always 00507 * provide a non-NULL f_rng (the overhead is negligible). 00508 * 00509 * \param grp ECP group 00510 * \param R Destination point 00511 * \param m Integer by which to multiply 00512 * \param P Point to multiply 00513 * \param f_rng RNG function (see notes) 00514 * \param p_rng RNG parameter 00515 * 00516 * \return 0 if successful, 00517 * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey 00518 * or P is not a valid pubkey, 00519 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00520 */ 00521 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, 00522 const mbedtls_mpi *m, const mbedtls_ecp_point *P, 00523 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00524 00525 /** 00526 * \brief Multiplication and addition of two points by integers: 00527 * R = m * P + n * Q 00528 * (Not thread-safe to use same group in multiple threads) 00529 * 00530 * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee 00531 * a constant execution flow and timing. 00532 * 00533 * \param grp ECP group 00534 * \param R Destination point 00535 * \param m Integer by which to multiply P 00536 * \param P Point to multiply by m 00537 * \param n Integer by which to multiply Q 00538 * \param Q Point to be multiplied by n 00539 * 00540 * \return 0 if successful, 00541 * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey 00542 * or P or Q is not a valid pubkey, 00543 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00544 */ 00545 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, 00546 const mbedtls_mpi *m, const mbedtls_ecp_point *P, 00547 const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); 00548 00549 /** 00550 * \brief Check that a point is a valid public key on this curve 00551 * 00552 * \param grp Curve/group the point should belong to 00553 * \param pt Point to check 00554 * 00555 * \return 0 if point is a valid public key, 00556 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. 00557 * 00558 * \note This function only checks the point is non-zero, has valid 00559 * coordinates and lies on the curve, but not that it is 00560 * indeed a multiple of G. This is additional check is more 00561 * expensive, isn't required by standards, and shouldn't be 00562 * necessary if the group used has a small cofactor. In 00563 * particular, it is useless for the NIST groups which all 00564 * have a cofactor of 1. 00565 * 00566 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00567 * in order to ease use with other structures such as 00568 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00569 */ 00570 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); 00571 00572 /** 00573 * \brief Check that an mbedtls_mpi is a valid private key for this curve 00574 * 00575 * \param grp Group used 00576 * \param d Integer to check 00577 * 00578 * \return 0 if point is a valid private key, 00579 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. 00580 * 00581 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00582 * in order to ease use with other structures such as 00583 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00584 */ 00585 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); 00586 00587 /** 00588 * \brief Generate a keypair with configurable base point 00589 * 00590 * \param grp ECP group 00591 * \param G Chosen base point 00592 * \param d Destination MPI (secret part) 00593 * \param Q Destination point (public part) 00594 * \param f_rng RNG function 00595 * \param p_rng RNG parameter 00596 * 00597 * \return 0 if successful, 00598 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00599 * 00600 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00601 * in order to ease use with other structures such as 00602 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00603 */ 00604 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, 00605 const mbedtls_ecp_point *G, 00606 mbedtls_mpi *d, mbedtls_ecp_point *Q, 00607 int (*f_rng)(void *, unsigned char *, size_t), 00608 void *p_rng ); 00609 00610 /** 00611 * \brief Generate a keypair 00612 * 00613 * \param grp ECP group 00614 * \param d Destination MPI (secret part) 00615 * \param Q Destination point (public part) 00616 * \param f_rng RNG function 00617 * \param p_rng RNG parameter 00618 * 00619 * \return 0 if successful, 00620 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00621 * 00622 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00623 * in order to ease use with other structures such as 00624 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00625 */ 00626 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, 00627 int (*f_rng)(void *, unsigned char *, size_t), 00628 void *p_rng ); 00629 00630 /** 00631 * \brief Generate a keypair 00632 * 00633 * \param grp_id ECP group identifier 00634 * \param key Destination keypair 00635 * \param f_rng RNG function 00636 * \param p_rng RNG parameter 00637 * 00638 * \return 0 if successful, 00639 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00640 */ 00641 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, 00642 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00643 00644 /** 00645 * \brief Check a public-private key pair 00646 * 00647 * \param pub Keypair structure holding a public key 00648 * \param prv Keypair structure holding a private (plus public) key 00649 * 00650 * \return 0 if successful (keys are valid and match), or 00651 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or 00652 * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code. 00653 */ 00654 int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); 00655 00656 #if defined(MBEDTLS_SELF_TEST) 00657 /** 00658 * \brief Checkup routine 00659 * 00660 * \return 0 if successful, or 1 if a test failed 00661 */ 00662 int mbedtls_ecp_self_test( int verbose ); 00663 #endif 00664 00665 #ifdef __cplusplus 00666 } 00667 #endif 00668 00669 #endif /* ecp.h */
Generated on Tue Jul 12 2022 12:52:43 by
1.7.2