Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
SSL/include/polarssl/ecp.h@0:796d0f61a05b, 2018-09-27 (annotated)
- Committer:
- HannesTschofenig
- Date:
- Thu Sep 27 06:34:22 2018 +0000
- Revision:
- 0:796d0f61a05b
Example AES-GCM test program
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| HannesTschofenig | 0:796d0f61a05b | 1 | /** |
| HannesTschofenig | 0:796d0f61a05b | 2 | * \file ecp.h |
| HannesTschofenig | 0:796d0f61a05b | 3 | * |
| HannesTschofenig | 0:796d0f61a05b | 4 | * \brief Elliptic curves over GF(p) |
| HannesTschofenig | 0:796d0f61a05b | 5 | * |
| HannesTschofenig | 0:796d0f61a05b | 6 | * Copyright (C) 2006-2013, Brainspark B.V. |
| HannesTschofenig | 0:796d0f61a05b | 7 | * |
| HannesTschofenig | 0:796d0f61a05b | 8 | * This file is part of PolarSSL (http://www.polarssl.org) |
| HannesTschofenig | 0:796d0f61a05b | 9 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| HannesTschofenig | 0:796d0f61a05b | 10 | * |
| HannesTschofenig | 0:796d0f61a05b | 11 | * All rights reserved. |
| HannesTschofenig | 0:796d0f61a05b | 12 | * |
| HannesTschofenig | 0:796d0f61a05b | 13 | * This program is free software; you can redistribute it and/or modify |
| HannesTschofenig | 0:796d0f61a05b | 14 | * it under the terms of the GNU General Public License as published by |
| HannesTschofenig | 0:796d0f61a05b | 15 | * the Free Software Foundation; either version 2 of the License, or |
| HannesTschofenig | 0:796d0f61a05b | 16 | * (at your option) any later version. |
| HannesTschofenig | 0:796d0f61a05b | 17 | * |
| HannesTschofenig | 0:796d0f61a05b | 18 | * This program is distributed in the hope that it will be useful, |
| HannesTschofenig | 0:796d0f61a05b | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| HannesTschofenig | 0:796d0f61a05b | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| HannesTschofenig | 0:796d0f61a05b | 21 | * GNU General Public License for more details. |
| HannesTschofenig | 0:796d0f61a05b | 22 | * |
| HannesTschofenig | 0:796d0f61a05b | 23 | * You should have received a copy of the GNU General Public License along |
| HannesTschofenig | 0:796d0f61a05b | 24 | * with this program; if not, write to the Free Software Foundation, Inc., |
| HannesTschofenig | 0:796d0f61a05b | 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| HannesTschofenig | 0:796d0f61a05b | 26 | */ |
| HannesTschofenig | 0:796d0f61a05b | 27 | #ifndef POLARSSL_ECP_H |
| HannesTschofenig | 0:796d0f61a05b | 28 | #define POLARSSL_ECP_H |
| HannesTschofenig | 0:796d0f61a05b | 29 | |
| HannesTschofenig | 0:796d0f61a05b | 30 | #include "bignum.h" |
| HannesTschofenig | 0:796d0f61a05b | 31 | |
| HannesTschofenig | 0:796d0f61a05b | 32 | /* |
| HannesTschofenig | 0:796d0f61a05b | 33 | * ECP error codes |
| HannesTschofenig | 0:796d0f61a05b | 34 | */ |
| HannesTschofenig | 0:796d0f61a05b | 35 | #define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ |
| HannesTschofenig | 0:796d0f61a05b | 36 | #define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ |
| HannesTschofenig | 0:796d0f61a05b | 37 | #define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */ |
| HannesTschofenig | 0:796d0f61a05b | 38 | #define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ |
| HannesTschofenig | 0:796d0f61a05b | 39 | #define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ |
| HannesTschofenig | 0:796d0f61a05b | 40 | #define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ |
| HannesTschofenig | 0:796d0f61a05b | 41 | #define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ |
| HannesTschofenig | 0:796d0f61a05b | 42 | #define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ |
| HannesTschofenig | 0:796d0f61a05b | 43 | |
| HannesTschofenig | 0:796d0f61a05b | 44 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 45 | extern "C" { |
| HannesTschofenig | 0:796d0f61a05b | 46 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 47 | |
| HannesTschofenig | 0:796d0f61a05b | 48 | /** |
| HannesTschofenig | 0:796d0f61a05b | 49 | * Domain parameters (curve, subgroup and generator) identifiers. |
| HannesTschofenig | 0:796d0f61a05b | 50 | * |
| HannesTschofenig | 0:796d0f61a05b | 51 | * Only curves over prime fields are supported. |
| HannesTschofenig | 0:796d0f61a05b | 52 | * |
| HannesTschofenig | 0:796d0f61a05b | 53 | * \warning This library does not support validation of arbitrary domain |
| HannesTschofenig | 0:796d0f61a05b | 54 | * parameters. Therefore, only well-known domain parameters from trusted |
| HannesTschofenig | 0:796d0f61a05b | 55 | * sources should be used. See ecp_use_known_dp(). |
| HannesTschofenig | 0:796d0f61a05b | 56 | */ |
| HannesTschofenig | 0:796d0f61a05b | 57 | typedef enum |
| HannesTschofenig | 0:796d0f61a05b | 58 | { |
| HannesTschofenig | 0:796d0f61a05b | 59 | POLARSSL_ECP_DP_NONE = 0, |
| HannesTschofenig | 0:796d0f61a05b | 60 | POLARSSL_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */ |
| HannesTschofenig | 0:796d0f61a05b | 61 | POLARSSL_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */ |
| HannesTschofenig | 0:796d0f61a05b | 62 | POLARSSL_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */ |
| HannesTschofenig | 0:796d0f61a05b | 63 | POLARSSL_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */ |
| HannesTschofenig | 0:796d0f61a05b | 64 | POLARSSL_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ |
| HannesTschofenig | 0:796d0f61a05b | 65 | POLARSSL_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ |
| HannesTschofenig | 0:796d0f61a05b | 66 | POLARSSL_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ |
| HannesTschofenig | 0:796d0f61a05b | 67 | POLARSSL_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ |
| HannesTschofenig | 0:796d0f61a05b | 68 | POLARSSL_ECP_DP_M221, /*!< (not implemented yet) */ |
| HannesTschofenig | 0:796d0f61a05b | 69 | POLARSSL_ECP_DP_M255, /*!< Curve25519 */ |
| HannesTschofenig | 0:796d0f61a05b | 70 | POLARSSL_ECP_DP_M383, /*!< (not implemented yet) */ |
| HannesTschofenig | 0:796d0f61a05b | 71 | POLARSSL_ECP_DP_M511, /*!< (not implemented yet) */ |
| HannesTschofenig | 0:796d0f61a05b | 72 | POLARSSL_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ |
| HannesTschofenig | 0:796d0f61a05b | 73 | POLARSSL_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ |
| HannesTschofenig | 0:796d0f61a05b | 74 | POLARSSL_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ |
| HannesTschofenig | 0:796d0f61a05b | 75 | } ecp_group_id; |
| HannesTschofenig | 0:796d0f61a05b | 76 | |
| HannesTschofenig | 0:796d0f61a05b | 77 | /** |
| HannesTschofenig | 0:796d0f61a05b | 78 | * Number of supported curves (plus one for NONE). |
| HannesTschofenig | 0:796d0f61a05b | 79 | * |
| HannesTschofenig | 0:796d0f61a05b | 80 | * (Montgomery curves excluded for now.) |
| HannesTschofenig | 0:796d0f61a05b | 81 | */ |
| HannesTschofenig | 0:796d0f61a05b | 82 | #define POLARSSL_ECP_DP_MAX 12 |
| HannesTschofenig | 0:796d0f61a05b | 83 | |
| HannesTschofenig | 0:796d0f61a05b | 84 | /** |
| HannesTschofenig | 0:796d0f61a05b | 85 | * Curve information for use by other modules |
| HannesTschofenig | 0:796d0f61a05b | 86 | */ |
| HannesTschofenig | 0:796d0f61a05b | 87 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 88 | { |
| HannesTschofenig | 0:796d0f61a05b | 89 | ecp_group_id grp_id; /*!< Internal identifier */ |
| HannesTschofenig | 0:796d0f61a05b | 90 | uint16_t tls_id; /*!< TLS NamedCurve identifier */ |
| HannesTschofenig | 0:796d0f61a05b | 91 | uint16_t size; /*!< Curve size in bits */ |
| HannesTschofenig | 0:796d0f61a05b | 92 | const char *name; /*!< Human-friendly name */ |
| HannesTschofenig | 0:796d0f61a05b | 93 | } ecp_curve_info; |
| HannesTschofenig | 0:796d0f61a05b | 94 | |
| HannesTschofenig | 0:796d0f61a05b | 95 | /** |
| HannesTschofenig | 0:796d0f61a05b | 96 | * \brief ECP point structure (jacobian coordinates) |
| HannesTschofenig | 0:796d0f61a05b | 97 | * |
| HannesTschofenig | 0:796d0f61a05b | 98 | * \note All functions expect and return points satisfying |
| HannesTschofenig | 0:796d0f61a05b | 99 | * the following condition: Z == 0 or Z == 1. (Other |
| HannesTschofenig | 0:796d0f61a05b | 100 | * values of Z are used by internal functions only.) |
| HannesTschofenig | 0:796d0f61a05b | 101 | * The point is zero, or "at infinity", if Z == 0. |
| HannesTschofenig | 0:796d0f61a05b | 102 | * Otherwise, X and Y are its standard (affine) coordinates. |
| HannesTschofenig | 0:796d0f61a05b | 103 | */ |
| HannesTschofenig | 0:796d0f61a05b | 104 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 105 | { |
| HannesTschofenig | 0:796d0f61a05b | 106 | mpi X; /*!< the point's X coordinate */ |
| HannesTschofenig | 0:796d0f61a05b | 107 | mpi Y; /*!< the point's Y coordinate */ |
| HannesTschofenig | 0:796d0f61a05b | 108 | mpi Z; /*!< the point's Z coordinate */ |
| HannesTschofenig | 0:796d0f61a05b | 109 | } |
| HannesTschofenig | 0:796d0f61a05b | 110 | ecp_point; |
| HannesTschofenig | 0:796d0f61a05b | 111 | |
| HannesTschofenig | 0:796d0f61a05b | 112 | /** |
| HannesTschofenig | 0:796d0f61a05b | 113 | * \brief ECP group structure |
| HannesTschofenig | 0:796d0f61a05b | 114 | * |
| HannesTschofenig | 0:796d0f61a05b | 115 | * We consider two types of curves equations: |
| HannesTschofenig | 0:796d0f61a05b | 116 | * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) |
| HannesTschofenig | 0:796d0f61a05b | 117 | * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (M255 + draft) |
| HannesTschofenig | 0:796d0f61a05b | 118 | * In both cases, a generator G for a prime-order subgroup is fixed. In the |
| HannesTschofenig | 0:796d0f61a05b | 119 | * short weierstrass, this subgroup is actually the whole curve, and its |
| HannesTschofenig | 0:796d0f61a05b | 120 | * cardinal is denoted by N. |
| HannesTschofenig | 0:796d0f61a05b | 121 | * |
| HannesTschofenig | 0:796d0f61a05b | 122 | * In the case of Short Weierstrass curves, our code requires that N is an odd |
| HannesTschofenig | 0:796d0f61a05b | 123 | * prime. (Use odd in ecp_mul() and prime in ecdsa_sign() for blinding.) |
| HannesTschofenig | 0:796d0f61a05b | 124 | * |
| HannesTschofenig | 0:796d0f61a05b | 125 | * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is |
| HannesTschofenig | 0:796d0f61a05b | 126 | * the quantity actually used in the formulas. Also, nbits is not the size of N |
| HannesTschofenig | 0:796d0f61a05b | 127 | * but the required size for private keys. |
| HannesTschofenig | 0:796d0f61a05b | 128 | * |
| HannesTschofenig | 0:796d0f61a05b | 129 | * If modp is NULL, reduction modulo P is done using a generic algorithm. |
| HannesTschofenig | 0:796d0f61a05b | 130 | * Otherwise, it must point to a function that takes an mpi in the range |
| HannesTschofenig | 0:796d0f61a05b | 131 | * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more |
| HannesTschofenig | 0:796d0f61a05b | 132 | * than pbits, so that the integer may be efficiently brought in the 0..P-1 |
| HannesTschofenig | 0:796d0f61a05b | 133 | * range by a few additions or substractions. It must return 0 on success and |
| HannesTschofenig | 0:796d0f61a05b | 134 | * non-zero on failure. |
| HannesTschofenig | 0:796d0f61a05b | 135 | */ |
| HannesTschofenig | 0:796d0f61a05b | 136 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 137 | { |
| HannesTschofenig | 0:796d0f61a05b | 138 | ecp_group_id id; /*!< internal group identifier */ |
| HannesTschofenig | 0:796d0f61a05b | 139 | mpi P; /*!< prime modulus of the base field */ |
| HannesTschofenig | 0:796d0f61a05b | 140 | mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ |
| HannesTschofenig | 0:796d0f61a05b | 141 | mpi B; /*!< 1. B in the equation, or 2. unused */ |
| HannesTschofenig | 0:796d0f61a05b | 142 | ecp_point G; /*!< generator of the (sub)group used */ |
| HannesTschofenig | 0:796d0f61a05b | 143 | mpi N; /*!< 1. the order of G, or 2. unused */ |
| HannesTschofenig | 0:796d0f61a05b | 144 | size_t pbits; /*!< number of bits in P */ |
| HannesTschofenig | 0:796d0f61a05b | 145 | size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ |
| HannesTschofenig | 0:796d0f61a05b | 146 | unsigned int h; /*!< internal: 1 if the constants are static */ |
| HannesTschofenig | 0:796d0f61a05b | 147 | int (*modp)(mpi *); /*!< function for fast reduction mod P */ |
| HannesTschofenig | 0:796d0f61a05b | 148 | int (*t_pre)(ecp_point *, void *); /*!< unused */ |
| HannesTschofenig | 0:796d0f61a05b | 149 | int (*t_post)(ecp_point *, void *); /*!< unused */ |
| HannesTschofenig | 0:796d0f61a05b | 150 | void *t_data; /*!< unused */ |
| HannesTschofenig | 0:796d0f61a05b | 151 | ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */ |
| HannesTschofenig | 0:796d0f61a05b | 152 | size_t T_size; /*!< number for pre-computed points */ |
| HannesTschofenig | 0:796d0f61a05b | 153 | } |
| HannesTschofenig | 0:796d0f61a05b | 154 | ecp_group; |
| HannesTschofenig | 0:796d0f61a05b | 155 | |
| HannesTschofenig | 0:796d0f61a05b | 156 | /** |
| HannesTschofenig | 0:796d0f61a05b | 157 | * \brief ECP key pair structure |
| HannesTschofenig | 0:796d0f61a05b | 158 | * |
| HannesTschofenig | 0:796d0f61a05b | 159 | * A generic key pair that could be used for ECDSA, fixed ECDH, etc. |
| HannesTschofenig | 0:796d0f61a05b | 160 | * |
| HannesTschofenig | 0:796d0f61a05b | 161 | * \note Members purposefully in the same order as struc ecdsa_context. |
| HannesTschofenig | 0:796d0f61a05b | 162 | */ |
| HannesTschofenig | 0:796d0f61a05b | 163 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 164 | { |
| HannesTschofenig | 0:796d0f61a05b | 165 | ecp_group grp; /*!< Elliptic curve and base point */ |
| HannesTschofenig | 0:796d0f61a05b | 166 | mpi d; /*!< our secret value */ |
| HannesTschofenig | 0:796d0f61a05b | 167 | ecp_point Q; /*!< our public value */ |
| HannesTschofenig | 0:796d0f61a05b | 168 | } |
| HannesTschofenig | 0:796d0f61a05b | 169 | ecp_keypair; |
| HannesTschofenig | 0:796d0f61a05b | 170 | |
| HannesTschofenig | 0:796d0f61a05b | 171 | /** |
| HannesTschofenig | 0:796d0f61a05b | 172 | * \name SECTION: Module settings |
| HannesTschofenig | 0:796d0f61a05b | 173 | * |
| HannesTschofenig | 0:796d0f61a05b | 174 | * The configuration options you can set for this module are in this section. |
| HannesTschofenig | 0:796d0f61a05b | 175 | * Either change them in config.h or define them on the compiler command line. |
| HannesTschofenig | 0:796d0f61a05b | 176 | * \{ |
| HannesTschofenig | 0:796d0f61a05b | 177 | */ |
| HannesTschofenig | 0:796d0f61a05b | 178 | |
| HannesTschofenig | 0:796d0f61a05b | 179 | #if !defined(POLARSSL_ECP_MAX_BITS) |
| HannesTschofenig | 0:796d0f61a05b | 180 | /** |
| HannesTschofenig | 0:796d0f61a05b | 181 | * Maximum size of the groups (that is, of N and P) |
| HannesTschofenig | 0:796d0f61a05b | 182 | */ |
| HannesTschofenig | 0:796d0f61a05b | 183 | #define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ |
| HannesTschofenig | 0:796d0f61a05b | 184 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 185 | |
| HannesTschofenig | 0:796d0f61a05b | 186 | #define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 ) |
| HannesTschofenig | 0:796d0f61a05b | 187 | #define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 ) |
| HannesTschofenig | 0:796d0f61a05b | 188 | |
| HannesTschofenig | 0:796d0f61a05b | 189 | #if !defined(POLARSSL_ECP_WINDOW_SIZE) |
| HannesTschofenig | 0:796d0f61a05b | 190 | /* |
| HannesTschofenig | 0:796d0f61a05b | 191 | * Maximum "window" size used for point multiplication. |
| HannesTschofenig | 0:796d0f61a05b | 192 | * Default: 6. |
| HannesTschofenig | 0:796d0f61a05b | 193 | * Minimum value: 2. Maximum value: 7. |
| HannesTschofenig | 0:796d0f61a05b | 194 | * |
| HannesTschofenig | 0:796d0f61a05b | 195 | * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) ) |
| HannesTschofenig | 0:796d0f61a05b | 196 | * points used for point multiplication. This value is directly tied to EC |
| HannesTschofenig | 0:796d0f61a05b | 197 | * peak memory usage, so decreasing it by one should roughly cut memory usage |
| HannesTschofenig | 0:796d0f61a05b | 198 | * by two (if large curves are in use). |
| HannesTschofenig | 0:796d0f61a05b | 199 | * |
| HannesTschofenig | 0:796d0f61a05b | 200 | * Reduction in size may reduce speed, but larger curves are impacted first. |
| HannesTschofenig | 0:796d0f61a05b | 201 | * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): |
| HannesTschofenig | 0:796d0f61a05b | 202 | * w-size: 6 5 4 3 2 |
| HannesTschofenig | 0:796d0f61a05b | 203 | * 521 145 141 135 120 97 |
| HannesTschofenig | 0:796d0f61a05b | 204 | * 384 214 209 198 177 146 |
| HannesTschofenig | 0:796d0f61a05b | 205 | * 256 320 320 303 262 226 |
| HannesTschofenig | 0:796d0f61a05b | 206 | |
| HannesTschofenig | 0:796d0f61a05b | 207 | * 224 475 475 453 398 342 |
| HannesTschofenig | 0:796d0f61a05b | 208 | * 192 640 640 633 587 476 |
| HannesTschofenig | 0:796d0f61a05b | 209 | */ |
| HannesTschofenig | 0:796d0f61a05b | 210 | #define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ |
| HannesTschofenig | 0:796d0f61a05b | 211 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 212 | |
| HannesTschofenig | 0:796d0f61a05b | 213 | #if !defined(POLARSSL_ECP_FIXED_POINT_OPTIM) |
| HannesTschofenig | 0:796d0f61a05b | 214 | /* |
| HannesTschofenig | 0:796d0f61a05b | 215 | * Trade memory for speed on fixed-point multiplication. |
| HannesTschofenig | 0:796d0f61a05b | 216 | * |
| HannesTschofenig | 0:796d0f61a05b | 217 | * This speeds up repeated multiplication of the generator (that is, the |
| HannesTschofenig | 0:796d0f61a05b | 218 | * multiplication in ECDSA signatures, and half of the multiplications in |
| HannesTschofenig | 0:796d0f61a05b | 219 | * ECDSA verification and ECDHE) by a factor roughly 3 to 4. |
| HannesTschofenig | 0:796d0f61a05b | 220 | * |
| HannesTschofenig | 0:796d0f61a05b | 221 | * The cost is increasing EC peak memory usage by a factor roughly 2. |
| HannesTschofenig | 0:796d0f61a05b | 222 | * |
| HannesTschofenig | 0:796d0f61a05b | 223 | * Change this value to 0 to reduce peak memory usage. |
| HannesTschofenig | 0:796d0f61a05b | 224 | */ |
| HannesTschofenig | 0:796d0f61a05b | 225 | #define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ |
| HannesTschofenig | 0:796d0f61a05b | 226 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 227 | |
| HannesTschofenig | 0:796d0f61a05b | 228 | /* \} name SECTION: Module settings */ |
| HannesTschofenig | 0:796d0f61a05b | 229 | |
| HannesTschofenig | 0:796d0f61a05b | 230 | /* |
| HannesTschofenig | 0:796d0f61a05b | 231 | * Point formats, from RFC 4492's enum ECPointFormat |
| HannesTschofenig | 0:796d0f61a05b | 232 | */ |
| HannesTschofenig | 0:796d0f61a05b | 233 | #define POLARSSL_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ |
| HannesTschofenig | 0:796d0f61a05b | 234 | #define POLARSSL_ECP_PF_COMPRESSED 1 /**< Compressed point format */ |
| HannesTschofenig | 0:796d0f61a05b | 235 | |
| HannesTschofenig | 0:796d0f61a05b | 236 | /* |
| HannesTschofenig | 0:796d0f61a05b | 237 | * Some other constants from RFC 4492 |
| HannesTschofenig | 0:796d0f61a05b | 238 | */ |
| HannesTschofenig | 0:796d0f61a05b | 239 | #define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ |
| HannesTschofenig | 0:796d0f61a05b | 240 | |
| HannesTschofenig | 0:796d0f61a05b | 241 | /** |
| HannesTschofenig | 0:796d0f61a05b | 242 | * \brief Get the list of supported curves in order of preferrence |
| HannesTschofenig | 0:796d0f61a05b | 243 | * (full information) |
| HannesTschofenig | 0:796d0f61a05b | 244 | * |
| HannesTschofenig | 0:796d0f61a05b | 245 | * \return A statically allocated array, the last entry is 0. |
| HannesTschofenig | 0:796d0f61a05b | 246 | */ |
| HannesTschofenig | 0:796d0f61a05b | 247 | const ecp_curve_info *ecp_curve_list( void ); |
| HannesTschofenig | 0:796d0f61a05b | 248 | |
| HannesTschofenig | 0:796d0f61a05b | 249 | /** |
| HannesTschofenig | 0:796d0f61a05b | 250 | * \brief Get the list of supported curves in order of preferrence |
| HannesTschofenig | 0:796d0f61a05b | 251 | * (grp_id only) |
| HannesTschofenig | 0:796d0f61a05b | 252 | * |
| HannesTschofenig | 0:796d0f61a05b | 253 | * \return A statically allocated array, |
| HannesTschofenig | 0:796d0f61a05b | 254 | * terminated with POLARSSL_ECP_DP_NONE. |
| HannesTschofenig | 0:796d0f61a05b | 255 | */ |
| HannesTschofenig | 0:796d0f61a05b | 256 | const ecp_group_id *ecp_grp_id_list( void ); |
| HannesTschofenig | 0:796d0f61a05b | 257 | |
| HannesTschofenig | 0:796d0f61a05b | 258 | /** |
| HannesTschofenig | 0:796d0f61a05b | 259 | * \brief Get curve information from an internal group identifier |
| HannesTschofenig | 0:796d0f61a05b | 260 | * |
| HannesTschofenig | 0:796d0f61a05b | 261 | * \param grp_id A POLARSSL_ECP_DP_XXX value |
| HannesTschofenig | 0:796d0f61a05b | 262 | * |
| HannesTschofenig | 0:796d0f61a05b | 263 | * \return The associated curve information or NULL |
| HannesTschofenig | 0:796d0f61a05b | 264 | */ |
| HannesTschofenig | 0:796d0f61a05b | 265 | const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id ); |
| HannesTschofenig | 0:796d0f61a05b | 266 | |
| HannesTschofenig | 0:796d0f61a05b | 267 | /** |
| HannesTschofenig | 0:796d0f61a05b | 268 | * \brief Get curve information from a TLS NamedCurve value |
| HannesTschofenig | 0:796d0f61a05b | 269 | * |
| HannesTschofenig | 0:796d0f61a05b | 270 | * \param tls_id A POLARSSL_ECP_DP_XXX value |
| HannesTschofenig | 0:796d0f61a05b | 271 | * |
| HannesTschofenig | 0:796d0f61a05b | 272 | * \return The associated curve information or NULL |
| HannesTschofenig | 0:796d0f61a05b | 273 | */ |
| HannesTschofenig | 0:796d0f61a05b | 274 | const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id ); |
| HannesTschofenig | 0:796d0f61a05b | 275 | |
| HannesTschofenig | 0:796d0f61a05b | 276 | /** |
| HannesTschofenig | 0:796d0f61a05b | 277 | * \brief Get curve information from a human-readable name |
| HannesTschofenig | 0:796d0f61a05b | 278 | * |
| HannesTschofenig | 0:796d0f61a05b | 279 | * \param name The name |
| HannesTschofenig | 0:796d0f61a05b | 280 | * |
| HannesTschofenig | 0:796d0f61a05b | 281 | * \return The associated curve information or NULL |
| HannesTschofenig | 0:796d0f61a05b | 282 | */ |
| HannesTschofenig | 0:796d0f61a05b | 283 | const ecp_curve_info *ecp_curve_info_from_name( const char *name ); |
| HannesTschofenig | 0:796d0f61a05b | 284 | |
| HannesTschofenig | 0:796d0f61a05b | 285 | /** |
| HannesTschofenig | 0:796d0f61a05b | 286 | * \brief Initialize a point (as zero) |
| HannesTschofenig | 0:796d0f61a05b | 287 | */ |
| HannesTschofenig | 0:796d0f61a05b | 288 | void ecp_point_init( ecp_point *pt ); |
| HannesTschofenig | 0:796d0f61a05b | 289 | |
| HannesTschofenig | 0:796d0f61a05b | 290 | /** |
| HannesTschofenig | 0:796d0f61a05b | 291 | * \brief Initialize a group (to something meaningless) |
| HannesTschofenig | 0:796d0f61a05b | 292 | */ |
| HannesTschofenig | 0:796d0f61a05b | 293 | void ecp_group_init( ecp_group *grp ); |
| HannesTschofenig | 0:796d0f61a05b | 294 | |
| HannesTschofenig | 0:796d0f61a05b | 295 | /** |
| HannesTschofenig | 0:796d0f61a05b | 296 | * \brief Initialize a key pair (as an invalid one) |
| HannesTschofenig | 0:796d0f61a05b | 297 | */ |
| HannesTschofenig | 0:796d0f61a05b | 298 | void ecp_keypair_init( ecp_keypair *key ); |
| HannesTschofenig | 0:796d0f61a05b | 299 | |
| HannesTschofenig | 0:796d0f61a05b | 300 | /** |
| HannesTschofenig | 0:796d0f61a05b | 301 | * \brief Free the components of a point |
| HannesTschofenig | 0:796d0f61a05b | 302 | */ |
| HannesTschofenig | 0:796d0f61a05b | 303 | void ecp_point_free( ecp_point *pt ); |
| HannesTschofenig | 0:796d0f61a05b | 304 | |
| HannesTschofenig | 0:796d0f61a05b | 305 | /** |
| HannesTschofenig | 0:796d0f61a05b | 306 | * \brief Free the components of an ECP group |
| HannesTschofenig | 0:796d0f61a05b | 307 | */ |
| HannesTschofenig | 0:796d0f61a05b | 308 | void ecp_group_free( ecp_group *grp ); |
| HannesTschofenig | 0:796d0f61a05b | 309 | |
| HannesTschofenig | 0:796d0f61a05b | 310 | /** |
| HannesTschofenig | 0:796d0f61a05b | 311 | * \brief Free the components of a key pair |
| HannesTschofenig | 0:796d0f61a05b | 312 | */ |
| HannesTschofenig | 0:796d0f61a05b | 313 | void ecp_keypair_free( ecp_keypair *key ); |
| HannesTschofenig | 0:796d0f61a05b | 314 | |
| HannesTschofenig | 0:796d0f61a05b | 315 | /** |
| HannesTschofenig | 0:796d0f61a05b | 316 | * \brief Copy the contents of point Q into P |
| HannesTschofenig | 0:796d0f61a05b | 317 | * |
| HannesTschofenig | 0:796d0f61a05b | 318 | * \param P Destination point |
| HannesTschofenig | 0:796d0f61a05b | 319 | * \param Q Source point |
| HannesTschofenig | 0:796d0f61a05b | 320 | * |
| HannesTschofenig | 0:796d0f61a05b | 321 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 322 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 323 | */ |
| HannesTschofenig | 0:796d0f61a05b | 324 | int ecp_copy( ecp_point *P, const ecp_point *Q ); |
| HannesTschofenig | 0:796d0f61a05b | 325 | |
| HannesTschofenig | 0:796d0f61a05b | 326 | /** |
| HannesTschofenig | 0:796d0f61a05b | 327 | * \brief Copy the contents of a group object |
| HannesTschofenig | 0:796d0f61a05b | 328 | * |
| HannesTschofenig | 0:796d0f61a05b | 329 | * \param dst Destination group |
| HannesTschofenig | 0:796d0f61a05b | 330 | * \param src Source group |
| HannesTschofenig | 0:796d0f61a05b | 331 | * |
| HannesTschofenig | 0:796d0f61a05b | 332 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 333 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 334 | */ |
| HannesTschofenig | 0:796d0f61a05b | 335 | int ecp_group_copy( ecp_group *dst, const ecp_group *src ); |
| HannesTschofenig | 0:796d0f61a05b | 336 | |
| HannesTschofenig | 0:796d0f61a05b | 337 | /** |
| HannesTschofenig | 0:796d0f61a05b | 338 | * \brief Set a point to zero |
| HannesTschofenig | 0:796d0f61a05b | 339 | * |
| HannesTschofenig | 0:796d0f61a05b | 340 | * \param pt Destination point |
| HannesTschofenig | 0:796d0f61a05b | 341 | * |
| HannesTschofenig | 0:796d0f61a05b | 342 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 343 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 344 | */ |
| HannesTschofenig | 0:796d0f61a05b | 345 | int ecp_set_zero( ecp_point *pt ); |
| HannesTschofenig | 0:796d0f61a05b | 346 | |
| HannesTschofenig | 0:796d0f61a05b | 347 | /** |
| HannesTschofenig | 0:796d0f61a05b | 348 | * \brief Tell if a point is zero |
| HannesTschofenig | 0:796d0f61a05b | 349 | * |
| HannesTschofenig | 0:796d0f61a05b | 350 | * \param pt Point to test |
| HannesTschofenig | 0:796d0f61a05b | 351 | * |
| HannesTschofenig | 0:796d0f61a05b | 352 | * \return 1 if point is zero, 0 otherwise |
| HannesTschofenig | 0:796d0f61a05b | 353 | */ |
| HannesTschofenig | 0:796d0f61a05b | 354 | int ecp_is_zero( ecp_point *pt ); |
| HannesTschofenig | 0:796d0f61a05b | 355 | |
| HannesTschofenig | 0:796d0f61a05b | 356 | /** |
| HannesTschofenig | 0:796d0f61a05b | 357 | * \brief Import a non-zero point from two ASCII strings |
| HannesTschofenig | 0:796d0f61a05b | 358 | * |
| HannesTschofenig | 0:796d0f61a05b | 359 | * \param P Destination point |
| HannesTschofenig | 0:796d0f61a05b | 360 | * \param radix Input numeric base |
| HannesTschofenig | 0:796d0f61a05b | 361 | * \param x First affine coordinate as a null-terminated string |
| HannesTschofenig | 0:796d0f61a05b | 362 | * \param y Second affine coordinate as a null-terminated string |
| HannesTschofenig | 0:796d0f61a05b | 363 | * |
| HannesTschofenig | 0:796d0f61a05b | 364 | * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 365 | */ |
| HannesTschofenig | 0:796d0f61a05b | 366 | int ecp_point_read_string( ecp_point *P, int radix, |
| HannesTschofenig | 0:796d0f61a05b | 367 | const char *x, const char *y ); |
| HannesTschofenig | 0:796d0f61a05b | 368 | |
| HannesTschofenig | 0:796d0f61a05b | 369 | /** |
| HannesTschofenig | 0:796d0f61a05b | 370 | * \brief Export a point into unsigned binary data |
| HannesTschofenig | 0:796d0f61a05b | 371 | * |
| HannesTschofenig | 0:796d0f61a05b | 372 | * \param grp Group to which the point should belong |
| HannesTschofenig | 0:796d0f61a05b | 373 | * \param P Point to export |
| HannesTschofenig | 0:796d0f61a05b | 374 | * \param format Point format, should be a POLARSSL_ECP_PF_XXX macro |
| HannesTschofenig | 0:796d0f61a05b | 375 | * \param olen Length of the actual output |
| HannesTschofenig | 0:796d0f61a05b | 376 | * \param buf Output buffer |
| HannesTschofenig | 0:796d0f61a05b | 377 | * \param buflen Length of the output buffer |
| HannesTschofenig | 0:796d0f61a05b | 378 | * |
| HannesTschofenig | 0:796d0f61a05b | 379 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 380 | * or POLARSSL_ERR_ECP_BAD_INPUT_DATA |
| HannesTschofenig | 0:796d0f61a05b | 381 | * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL |
| HannesTschofenig | 0:796d0f61a05b | 382 | */ |
| HannesTschofenig | 0:796d0f61a05b | 383 | int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P, |
| HannesTschofenig | 0:796d0f61a05b | 384 | int format, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 385 | unsigned char *buf, size_t buflen ); |
| HannesTschofenig | 0:796d0f61a05b | 386 | |
| HannesTschofenig | 0:796d0f61a05b | 387 | /** |
| HannesTschofenig | 0:796d0f61a05b | 388 | * \brief Import a point from unsigned binary data |
| HannesTschofenig | 0:796d0f61a05b | 389 | * |
| HannesTschofenig | 0:796d0f61a05b | 390 | * \param grp Group to which the point should belong |
| HannesTschofenig | 0:796d0f61a05b | 391 | * \param P Point to import |
| HannesTschofenig | 0:796d0f61a05b | 392 | * \param buf Input buffer |
| HannesTschofenig | 0:796d0f61a05b | 393 | * \param ilen Actual length of input |
| HannesTschofenig | 0:796d0f61a05b | 394 | * |
| HannesTschofenig | 0:796d0f61a05b | 395 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 396 | * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid, |
| HannesTschofenig | 0:796d0f61a05b | 397 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed, |
| HannesTschofenig | 0:796d0f61a05b | 398 | * POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE if the point format |
| HannesTschofenig | 0:796d0f61a05b | 399 | * is not implemented. |
| HannesTschofenig | 0:796d0f61a05b | 400 | * |
| HannesTschofenig | 0:796d0f61a05b | 401 | * \note This function does NOT check that the point actually |
| HannesTschofenig | 0:796d0f61a05b | 402 | * belongs to the given group, see ecp_check_pubkey() for |
| HannesTschofenig | 0:796d0f61a05b | 403 | * that. |
| HannesTschofenig | 0:796d0f61a05b | 404 | */ |
| HannesTschofenig | 0:796d0f61a05b | 405 | int ecp_point_read_binary( const ecp_group *grp, ecp_point *P, |
| HannesTschofenig | 0:796d0f61a05b | 406 | const unsigned char *buf, size_t ilen ); |
| HannesTschofenig | 0:796d0f61a05b | 407 | |
| HannesTschofenig | 0:796d0f61a05b | 408 | /** |
| HannesTschofenig | 0:796d0f61a05b | 409 | * \brief Import a point from a TLS ECPoint record |
| HannesTschofenig | 0:796d0f61a05b | 410 | * |
| HannesTschofenig | 0:796d0f61a05b | 411 | * \param grp ECP group used |
| HannesTschofenig | 0:796d0f61a05b | 412 | * \param pt Destination point |
| HannesTschofenig | 0:796d0f61a05b | 413 | * \param buf $(Start of input buffer) |
| HannesTschofenig | 0:796d0f61a05b | 414 | * \param len Buffer length |
| HannesTschofenig | 0:796d0f61a05b | 415 | * |
| HannesTschofenig | 0:796d0f61a05b | 416 | * \return O if successful, |
| HannesTschofenig | 0:796d0f61a05b | 417 | * POLARSSL_ERR_MPI_XXX if initialization failed |
| HannesTschofenig | 0:796d0f61a05b | 418 | * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid |
| HannesTschofenig | 0:796d0f61a05b | 419 | */ |
| HannesTschofenig | 0:796d0f61a05b | 420 | int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt, |
| HannesTschofenig | 0:796d0f61a05b | 421 | const unsigned char **buf, size_t len ); |
| HannesTschofenig | 0:796d0f61a05b | 422 | |
| HannesTschofenig | 0:796d0f61a05b | 423 | /** |
| HannesTschofenig | 0:796d0f61a05b | 424 | * \brief Export a point as a TLS ECPoint record |
| HannesTschofenig | 0:796d0f61a05b | 425 | * |
| HannesTschofenig | 0:796d0f61a05b | 426 | * \param grp ECP group used |
| HannesTschofenig | 0:796d0f61a05b | 427 | * \param pt Point to export |
| HannesTschofenig | 0:796d0f61a05b | 428 | * \param format Export format |
| HannesTschofenig | 0:796d0f61a05b | 429 | * \param olen length of data written |
| HannesTschofenig | 0:796d0f61a05b | 430 | * \param buf Buffer to write to |
| HannesTschofenig | 0:796d0f61a05b | 431 | * \param blen Buffer length |
| HannesTschofenig | 0:796d0f61a05b | 432 | * |
| HannesTschofenig | 0:796d0f61a05b | 433 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 434 | * or POLARSSL_ERR_ECP_BAD_INPUT_DATA |
| HannesTschofenig | 0:796d0f61a05b | 435 | * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL |
| HannesTschofenig | 0:796d0f61a05b | 436 | */ |
| HannesTschofenig | 0:796d0f61a05b | 437 | int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt, |
| HannesTschofenig | 0:796d0f61a05b | 438 | int format, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 439 | unsigned char *buf, size_t blen ); |
| HannesTschofenig | 0:796d0f61a05b | 440 | |
| HannesTschofenig | 0:796d0f61a05b | 441 | /** |
| HannesTschofenig | 0:796d0f61a05b | 442 | * \brief Import an ECP group from null-terminated ASCII strings |
| HannesTschofenig | 0:796d0f61a05b | 443 | * |
| HannesTschofenig | 0:796d0f61a05b | 444 | * \param grp Destination group |
| HannesTschofenig | 0:796d0f61a05b | 445 | * \param radix Input numeric base |
| HannesTschofenig | 0:796d0f61a05b | 446 | * \param p Prime modulus of the base field |
| HannesTschofenig | 0:796d0f61a05b | 447 | * \param b Constant term in the equation |
| HannesTschofenig | 0:796d0f61a05b | 448 | * \param gx The generator's X coordinate |
| HannesTschofenig | 0:796d0f61a05b | 449 | * \param gy The generator's Y coordinate |
| HannesTschofenig | 0:796d0f61a05b | 450 | * \param n The generator's order |
| HannesTschofenig | 0:796d0f61a05b | 451 | * |
| HannesTschofenig | 0:796d0f61a05b | 452 | * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 453 | * |
| HannesTschofenig | 0:796d0f61a05b | 454 | * \note Sets all fields except modp. |
| HannesTschofenig | 0:796d0f61a05b | 455 | */ |
| HannesTschofenig | 0:796d0f61a05b | 456 | int ecp_group_read_string( ecp_group *grp, int radix, |
| HannesTschofenig | 0:796d0f61a05b | 457 | const char *p, const char *b, |
| HannesTschofenig | 0:796d0f61a05b | 458 | const char *gx, const char *gy, const char *n); |
| HannesTschofenig | 0:796d0f61a05b | 459 | |
| HannesTschofenig | 0:796d0f61a05b | 460 | /** |
| HannesTschofenig | 0:796d0f61a05b | 461 | * \brief Set a group using well-known domain parameters |
| HannesTschofenig | 0:796d0f61a05b | 462 | * |
| HannesTschofenig | 0:796d0f61a05b | 463 | * \param grp Destination group |
| HannesTschofenig | 0:796d0f61a05b | 464 | * \param index Index in the list of well-known domain parameters |
| HannesTschofenig | 0:796d0f61a05b | 465 | * |
| HannesTschofenig | 0:796d0f61a05b | 466 | * \return O if successful, |
| HannesTschofenig | 0:796d0f61a05b | 467 | * POLARSSL_ERR_MPI_XXX if initialization failed |
| HannesTschofenig | 0:796d0f61a05b | 468 | * POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups |
| HannesTschofenig | 0:796d0f61a05b | 469 | * |
| HannesTschofenig | 0:796d0f61a05b | 470 | * \note Index should be a value of RFC 4492's enum NamdeCurve, |
| HannesTschofenig | 0:796d0f61a05b | 471 | * possibly in the form of a POLARSSL_ECP_DP_XXX macro. |
| HannesTschofenig | 0:796d0f61a05b | 472 | */ |
| HannesTschofenig | 0:796d0f61a05b | 473 | int ecp_use_known_dp( ecp_group *grp, ecp_group_id index ); |
| HannesTschofenig | 0:796d0f61a05b | 474 | |
| HannesTschofenig | 0:796d0f61a05b | 475 | /** |
| HannesTschofenig | 0:796d0f61a05b | 476 | * \brief Set a group from a TLS ECParameters record |
| HannesTschofenig | 0:796d0f61a05b | 477 | * |
| HannesTschofenig | 0:796d0f61a05b | 478 | * \param grp Destination group |
| HannesTschofenig | 0:796d0f61a05b | 479 | * \param buf &(Start of input buffer) |
| HannesTschofenig | 0:796d0f61a05b | 480 | * \param len Buffer length |
| HannesTschofenig | 0:796d0f61a05b | 481 | * |
| HannesTschofenig | 0:796d0f61a05b | 482 | * \return O if successful, |
| HannesTschofenig | 0:796d0f61a05b | 483 | * POLARSSL_ERR_MPI_XXX if initialization failed |
| HannesTschofenig | 0:796d0f61a05b | 484 | * POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid |
| HannesTschofenig | 0:796d0f61a05b | 485 | */ |
| HannesTschofenig | 0:796d0f61a05b | 486 | int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len ); |
| HannesTschofenig | 0:796d0f61a05b | 487 | |
| HannesTschofenig | 0:796d0f61a05b | 488 | /** |
| HannesTschofenig | 0:796d0f61a05b | 489 | * \brief Write the TLS ECParameters record for a group |
| HannesTschofenig | 0:796d0f61a05b | 490 | * |
| HannesTschofenig | 0:796d0f61a05b | 491 | * \param grp ECP group used |
| HannesTschofenig | 0:796d0f61a05b | 492 | * \param olen Number of bytes actually written |
| HannesTschofenig | 0:796d0f61a05b | 493 | * \param buf Buffer to write to |
| HannesTschofenig | 0:796d0f61a05b | 494 | * \param blen Buffer length |
| HannesTschofenig | 0:796d0f61a05b | 495 | * |
| HannesTschofenig | 0:796d0f61a05b | 496 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 497 | * or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL |
| HannesTschofenig | 0:796d0f61a05b | 498 | */ |
| HannesTschofenig | 0:796d0f61a05b | 499 | int ecp_tls_write_group( const ecp_group *grp, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 500 | unsigned char *buf, size_t blen ); |
| HannesTschofenig | 0:796d0f61a05b | 501 | |
| HannesTschofenig | 0:796d0f61a05b | 502 | /** |
| HannesTschofenig | 0:796d0f61a05b | 503 | * \brief Addition: R = P + Q |
| HannesTschofenig | 0:796d0f61a05b | 504 | * |
| HannesTschofenig | 0:796d0f61a05b | 505 | * \param grp ECP group |
| HannesTschofenig | 0:796d0f61a05b | 506 | * \param R Destination point |
| HannesTschofenig | 0:796d0f61a05b | 507 | * \param P Left-hand point |
| HannesTschofenig | 0:796d0f61a05b | 508 | * \param Q Right-hand point |
| HannesTschofenig | 0:796d0f61a05b | 509 | * |
| HannesTschofenig | 0:796d0f61a05b | 510 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 511 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 512 | * |
| HannesTschofenig | 0:796d0f61a05b | 513 | * \note This function does not support Montgomery curves, such as |
| HannesTschofenig | 0:796d0f61a05b | 514 | * Curve25519. |
| HannesTschofenig | 0:796d0f61a05b | 515 | */ |
| HannesTschofenig | 0:796d0f61a05b | 516 | int ecp_add( const ecp_group *grp, ecp_point *R, |
| HannesTschofenig | 0:796d0f61a05b | 517 | const ecp_point *P, const ecp_point *Q ); |
| HannesTschofenig | 0:796d0f61a05b | 518 | |
| HannesTschofenig | 0:796d0f61a05b | 519 | /** |
| HannesTschofenig | 0:796d0f61a05b | 520 | * \brief Subtraction: R = P - Q |
| HannesTschofenig | 0:796d0f61a05b | 521 | * |
| HannesTschofenig | 0:796d0f61a05b | 522 | * \param grp ECP group |
| HannesTschofenig | 0:796d0f61a05b | 523 | * \param R Destination point |
| HannesTschofenig | 0:796d0f61a05b | 524 | * \param P Left-hand point |
| HannesTschofenig | 0:796d0f61a05b | 525 | * \param Q Right-hand point |
| HannesTschofenig | 0:796d0f61a05b | 526 | * |
| HannesTschofenig | 0:796d0f61a05b | 527 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 528 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 529 | * |
| HannesTschofenig | 0:796d0f61a05b | 530 | * \note This function does not support Montgomery curves, such as |
| HannesTschofenig | 0:796d0f61a05b | 531 | * Curve25519. |
| HannesTschofenig | 0:796d0f61a05b | 532 | */ |
| HannesTschofenig | 0:796d0f61a05b | 533 | int ecp_sub( const ecp_group *grp, ecp_point *R, |
| HannesTschofenig | 0:796d0f61a05b | 534 | const ecp_point *P, const ecp_point *Q ); |
| HannesTschofenig | 0:796d0f61a05b | 535 | |
| HannesTschofenig | 0:796d0f61a05b | 536 | /** |
| HannesTschofenig | 0:796d0f61a05b | 537 | * \brief Multiplication by an integer: R = m * P |
| HannesTschofenig | 0:796d0f61a05b | 538 | * (Not thread-safe to use same group in multiple threads) |
| HannesTschofenig | 0:796d0f61a05b | 539 | * |
| HannesTschofenig | 0:796d0f61a05b | 540 | * \param grp ECP group |
| HannesTschofenig | 0:796d0f61a05b | 541 | * \param R Destination point |
| HannesTschofenig | 0:796d0f61a05b | 542 | * \param m Integer by which to multiply |
| HannesTschofenig | 0:796d0f61a05b | 543 | * \param P Point to multiply |
| HannesTschofenig | 0:796d0f61a05b | 544 | * \param f_rng RNG function (see notes) |
| HannesTschofenig | 0:796d0f61a05b | 545 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 546 | * |
| HannesTschofenig | 0:796d0f61a05b | 547 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 548 | * POLARSSL_ERR_ECP_INVALID_KEY if m is not a valid privkey |
| HannesTschofenig | 0:796d0f61a05b | 549 | * or P is not a valid pubkey, |
| HannesTschofenig | 0:796d0f61a05b | 550 | * POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed |
| HannesTschofenig | 0:796d0f61a05b | 551 | * |
| HannesTschofenig | 0:796d0f61a05b | 552 | * \note In order to prevent timing attacks, this function |
| HannesTschofenig | 0:796d0f61a05b | 553 | * executes the exact same sequence of (base field) |
| HannesTschofenig | 0:796d0f61a05b | 554 | * operations for any valid m. It avoids any if-branch or |
| HannesTschofenig | 0:796d0f61a05b | 555 | * array index depending on the value of m. |
| HannesTschofenig | 0:796d0f61a05b | 556 | * |
| HannesTschofenig | 0:796d0f61a05b | 557 | * \note If f_rng is not NULL, it is used to randomize intermediate |
| HannesTschofenig | 0:796d0f61a05b | 558 | * results in order to prevent potential timing attacks |
| HannesTschofenig | 0:796d0f61a05b | 559 | * targeting these results. It is recommended to always |
| HannesTschofenig | 0:796d0f61a05b | 560 | * provide a non-NULL f_rng (the overhead is negligible). |
| HannesTschofenig | 0:796d0f61a05b | 561 | */ |
| HannesTschofenig | 0:796d0f61a05b | 562 | int ecp_mul( ecp_group *grp, ecp_point *R, |
| HannesTschofenig | 0:796d0f61a05b | 563 | const mpi *m, const ecp_point *P, |
| HannesTschofenig | 0:796d0f61a05b | 564 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); |
| HannesTschofenig | 0:796d0f61a05b | 565 | |
| HannesTschofenig | 0:796d0f61a05b | 566 | /** |
| HannesTschofenig | 0:796d0f61a05b | 567 | * \brief Check that a point is a valid public key on this curve |
| HannesTschofenig | 0:796d0f61a05b | 568 | * |
| HannesTschofenig | 0:796d0f61a05b | 569 | * \param grp Curve/group the point should belong to |
| HannesTschofenig | 0:796d0f61a05b | 570 | * \param pt Point to check |
| HannesTschofenig | 0:796d0f61a05b | 571 | * |
| HannesTschofenig | 0:796d0f61a05b | 572 | * \return 0 if point is a valid public key, |
| HannesTschofenig | 0:796d0f61a05b | 573 | * POLARSSL_ERR_ECP_INVALID_KEY otherwise. |
| HannesTschofenig | 0:796d0f61a05b | 574 | * |
| HannesTschofenig | 0:796d0f61a05b | 575 | * \note This function only checks the point is non-zero, has valid |
| HannesTschofenig | 0:796d0f61a05b | 576 | * coordinates and lies on the curve, but not that it is |
| HannesTschofenig | 0:796d0f61a05b | 577 | * indeed a multiple of G. This is additional check is more |
| HannesTschofenig | 0:796d0f61a05b | 578 | * expensive, isn't required by standards, and shouldn't be |
| HannesTschofenig | 0:796d0f61a05b | 579 | * necessary if the group used has a small cofactor. In |
| HannesTschofenig | 0:796d0f61a05b | 580 | * particular, it is useless for the NIST groups which all |
| HannesTschofenig | 0:796d0f61a05b | 581 | * have a cofactor of 1. |
| HannesTschofenig | 0:796d0f61a05b | 582 | * |
| HannesTschofenig | 0:796d0f61a05b | 583 | * \note Uses bare components rather than an ecp_keypair structure |
| HannesTschofenig | 0:796d0f61a05b | 584 | * in order to ease use with other structures such as |
| HannesTschofenig | 0:796d0f61a05b | 585 | * ecdh_context of ecdsa_context. |
| HannesTschofenig | 0:796d0f61a05b | 586 | */ |
| HannesTschofenig | 0:796d0f61a05b | 587 | int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt ); |
| HannesTschofenig | 0:796d0f61a05b | 588 | |
| HannesTschofenig | 0:796d0f61a05b | 589 | /** |
| HannesTschofenig | 0:796d0f61a05b | 590 | * \brief Check that an mpi is a valid private key for this curve |
| HannesTschofenig | 0:796d0f61a05b | 591 | * |
| HannesTschofenig | 0:796d0f61a05b | 592 | * \param grp Group used |
| HannesTschofenig | 0:796d0f61a05b | 593 | * \param d Integer to check |
| HannesTschofenig | 0:796d0f61a05b | 594 | * |
| HannesTschofenig | 0:796d0f61a05b | 595 | * \return 0 if point is a valid private key, |
| HannesTschofenig | 0:796d0f61a05b | 596 | * POLARSSL_ERR_ECP_INVALID_KEY otherwise. |
| HannesTschofenig | 0:796d0f61a05b | 597 | * |
| HannesTschofenig | 0:796d0f61a05b | 598 | * \note Uses bare components rather than an ecp_keypair structure |
| HannesTschofenig | 0:796d0f61a05b | 599 | * in order to ease use with other structures such as |
| HannesTschofenig | 0:796d0f61a05b | 600 | * ecdh_context of ecdsa_context. |
| HannesTschofenig | 0:796d0f61a05b | 601 | */ |
| HannesTschofenig | 0:796d0f61a05b | 602 | int ecp_check_privkey( const ecp_group *grp, const mpi *d ); |
| HannesTschofenig | 0:796d0f61a05b | 603 | |
| HannesTschofenig | 0:796d0f61a05b | 604 | /** |
| HannesTschofenig | 0:796d0f61a05b | 605 | * \brief Generate a keypair |
| HannesTschofenig | 0:796d0f61a05b | 606 | * |
| HannesTschofenig | 0:796d0f61a05b | 607 | * \param grp ECP group |
| HannesTschofenig | 0:796d0f61a05b | 608 | * \param d Destination MPI (secret part) |
| HannesTschofenig | 0:796d0f61a05b | 609 | * \param Q Destination point (public part) |
| HannesTschofenig | 0:796d0f61a05b | 610 | * \param f_rng RNG function |
| HannesTschofenig | 0:796d0f61a05b | 611 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 612 | * |
| HannesTschofenig | 0:796d0f61a05b | 613 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 614 | * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 615 | * |
| HannesTschofenig | 0:796d0f61a05b | 616 | * \note Uses bare components rather than an ecp_keypair structure |
| HannesTschofenig | 0:796d0f61a05b | 617 | * in order to ease use with other structures such as |
| HannesTschofenig | 0:796d0f61a05b | 618 | * ecdh_context of ecdsa_context. |
| HannesTschofenig | 0:796d0f61a05b | 619 | */ |
| HannesTschofenig | 0:796d0f61a05b | 620 | int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, |
| HannesTschofenig | 0:796d0f61a05b | 621 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 622 | void *p_rng ); |
| HannesTschofenig | 0:796d0f61a05b | 623 | |
| HannesTschofenig | 0:796d0f61a05b | 624 | /** |
| HannesTschofenig | 0:796d0f61a05b | 625 | * \brief Generate a keypair |
| HannesTschofenig | 0:796d0f61a05b | 626 | * |
| HannesTschofenig | 0:796d0f61a05b | 627 | * \param grp_id ECP group identifier |
| HannesTschofenig | 0:796d0f61a05b | 628 | * \param key Destination keypair |
| HannesTschofenig | 0:796d0f61a05b | 629 | * \param f_rng RNG function |
| HannesTschofenig | 0:796d0f61a05b | 630 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 631 | * |
| HannesTschofenig | 0:796d0f61a05b | 632 | * \return 0 if successful, |
| HannesTschofenig | 0:796d0f61a05b | 633 | * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 634 | */ |
| HannesTschofenig | 0:796d0f61a05b | 635 | int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key, |
| HannesTschofenig | 0:796d0f61a05b | 636 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); |
| HannesTschofenig | 0:796d0f61a05b | 637 | |
| HannesTschofenig | 0:796d0f61a05b | 638 | #if defined(POLARSSL_SELF_TEST) |
| HannesTschofenig | 0:796d0f61a05b | 639 | /** |
| HannesTschofenig | 0:796d0f61a05b | 640 | * \brief Checkup routine |
| HannesTschofenig | 0:796d0f61a05b | 641 | * |
| HannesTschofenig | 0:796d0f61a05b | 642 | * \return 0 if successful, or 1 if a test failed |
| HannesTschofenig | 0:796d0f61a05b | 643 | */ |
| HannesTschofenig | 0:796d0f61a05b | 644 | int ecp_self_test( int verbose ); |
| HannesTschofenig | 0:796d0f61a05b | 645 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 646 | |
| HannesTschofenig | 0:796d0f61a05b | 647 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 648 | } |
| HannesTschofenig | 0:796d0f61a05b | 649 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 650 | |
| HannesTschofenig | 0:796d0f61a05b | 651 | #endif /* ecp.h */ |
| HannesTschofenig | 0:796d0f61a05b | 652 | |
| HannesTschofenig | 0:796d0f61a05b | 653 |