Eric Tsai / mbedtls

Modified mbed TLS headers for AES functionality only to reduce build size

Dependents:   BLE_Gateway_Linker_fix BLE_Gateway

Fork of mbedtls by sandbox

mbedtls/ecp.h@5:f09f5ed830ca, 2017-07-10 (annotated)

Committer:
electronichamsters
Date:
Mon Jul 10 04:00:25 2017 +0000
Revision:
5:f09f5ed830ca
Parent:
1:24750b9ad5ef 
working gateway

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /**
Christopher Haster 1:24750b9ad5ef 2 * \file ecp.h
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * \brief Elliptic curves over GF(p)
Christopher Haster 1:24750b9ad5ef 5 *
Christopher Haster 1:24750b9ad5ef 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 7 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 8 *
Christopher Haster 1:24750b9ad5ef 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 10 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 11 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 14 *
Christopher Haster 1:24750b9ad5ef 15 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 18 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 19 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 20 *
Christopher Haster 1:24750b9ad5ef 21 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 22 */
Christopher Haster 1:24750b9ad5ef 23 #ifndef MBEDTLS_ECP_H
Christopher Haster 1:24750b9ad5ef 24 #define MBEDTLS_ECP_H
Christopher Haster 1:24750b9ad5ef 25
Christopher Haster 1:24750b9ad5ef 26 #include "bignum.h"
Christopher Haster 1:24750b9ad5ef 27
Christopher Haster 1:24750b9ad5ef 28 /*
Christopher Haster 1:24750b9ad5ef 29 * ECP error codes
Christopher Haster 1:24750b9ad5ef 30 */
Christopher Haster 1:24750b9ad5ef 31 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */
Christopher Haster 1:24750b9ad5ef 32 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */
Christopher Haster 1:24750b9ad5ef 33 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */
Christopher Haster 1:24750b9ad5ef 34 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */
Christopher Haster 1:24750b9ad5ef 35 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */
Christopher Haster 1:24750b9ad5ef 36 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
Christopher Haster 1:24750b9ad5ef 37 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
Christopher Haster 1:24750b9ad5ef 38 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
Christopher Haster 1:24750b9ad5ef 39
Christopher Haster 1:24750b9ad5ef 40 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 41 extern "C" {
Christopher Haster 1:24750b9ad5ef 42 #endif
Christopher Haster 1:24750b9ad5ef 43
Christopher Haster 1:24750b9ad5ef 44 /**
Christopher Haster 1:24750b9ad5ef 45 * Domain parameters (curve, subgroup and generator) identifiers.
Christopher Haster 1:24750b9ad5ef 46 *
Christopher Haster 1:24750b9ad5ef 47 * Only curves over prime fields are supported.
Christopher Haster 1:24750b9ad5ef 48 *
Christopher Haster 1:24750b9ad5ef 49 * \warning This library does not support validation of arbitrary domain
Christopher Haster 1:24750b9ad5ef 50 * parameters. Therefore, only well-known domain parameters from trusted
Christopher Haster 1:24750b9ad5ef 51 * sources should be used. See mbedtls_ecp_group_load().
Christopher Haster 1:24750b9ad5ef 52 */
Christopher Haster 1:24750b9ad5ef 53 typedef enum
Christopher Haster 1:24750b9ad5ef 54 {
Christopher Haster 1:24750b9ad5ef 55 MBEDTLS_ECP_DP_NONE = 0,
Christopher Haster 1:24750b9ad5ef 56 MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */
Christopher Haster 1:24750b9ad5ef 57 MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */
Christopher Haster 1:24750b9ad5ef 58 MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */
Christopher Haster 1:24750b9ad5ef 59 MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */
Christopher Haster 1:24750b9ad5ef 60 MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */
Christopher Haster 1:24750b9ad5ef 61 MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */
Christopher Haster 1:24750b9ad5ef 62 MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */
Christopher Haster 1:24750b9ad5ef 63 MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */
Christopher Haster 1:24750b9ad5ef 64 MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */
Christopher Haster 1:24750b9ad5ef 65 MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */
Christopher Haster 1:24750b9ad5ef 66 MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
Christopher Haster 1:24750b9ad5ef 67 MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
Christopher Haster 1:24750b9ad5ef 68 } mbedtls_ecp_group_id;
Christopher Haster 1:24750b9ad5ef 69
Christopher Haster 1:24750b9ad5ef 70 /**
Christopher Haster 1:24750b9ad5ef 71 * Number of supported curves (plus one for NONE).
Christopher Haster 1:24750b9ad5ef 72 *
Christopher Haster 1:24750b9ad5ef 73 * (Montgomery curves excluded for now.)
Christopher Haster 1:24750b9ad5ef 74 */
Christopher Haster 1:24750b9ad5ef 75 #define MBEDTLS_ECP_DP_MAX 12
Christopher Haster 1:24750b9ad5ef 76
Christopher Haster 1:24750b9ad5ef 77 /**
Christopher Haster 1:24750b9ad5ef 78 * Curve information for use by other modules
Christopher Haster 1:24750b9ad5ef 79 */
Christopher Haster 1:24750b9ad5ef 80 typedef struct
Christopher Haster 1:24750b9ad5ef 81 {
Christopher Haster 1:24750b9ad5ef 82 mbedtls_ecp_group_id grp_id; /*!< Internal identifier */
Christopher Haster 1:24750b9ad5ef 83 uint16_t tls_id; /*!< TLS NamedCurve identifier */
Christopher Haster 1:24750b9ad5ef 84 uint16_t bit_size; /*!< Curve size in bits */
Christopher Haster 1:24750b9ad5ef 85 const char *name; /*!< Human-friendly name */
Christopher Haster 1:24750b9ad5ef 86 } mbedtls_ecp_curve_info;
Christopher Haster 1:24750b9ad5ef 87
Christopher Haster 1:24750b9ad5ef 88 /**
Christopher Haster 1:24750b9ad5ef 89 * \brief ECP point structure (jacobian coordinates)
Christopher Haster 1:24750b9ad5ef 90 *
Christopher Haster 1:24750b9ad5ef 91 * \note All functions expect and return points satisfying
Christopher Haster 1:24750b9ad5ef 92 * the following condition: Z == 0 or Z == 1. (Other
Christopher Haster 1:24750b9ad5ef 93 * values of Z are used by internal functions only.)
Christopher Haster 1:24750b9ad5ef 94 * The point is zero, or "at infinity", if Z == 0.
Christopher Haster 1:24750b9ad5ef 95 * Otherwise, X and Y are its standard (affine) coordinates.
Christopher Haster 1:24750b9ad5ef 96 */
Christopher Haster 1:24750b9ad5ef 97 typedef struct
Christopher Haster 1:24750b9ad5ef 98 {
Christopher Haster 1:24750b9ad5ef 99 mbedtls_mpi X; /*!< the point's X coordinate */
Christopher Haster 1:24750b9ad5ef 100 mbedtls_mpi Y; /*!< the point's Y coordinate */
Christopher Haster 1:24750b9ad5ef 101 mbedtls_mpi Z; /*!< the point's Z coordinate */
Christopher Haster 1:24750b9ad5ef 102 }
Christopher Haster 1:24750b9ad5ef 103 mbedtls_ecp_point;
Christopher Haster 1:24750b9ad5ef 104
Christopher Haster 1:24750b9ad5ef 105 /**
Christopher Haster 1:24750b9ad5ef 106 * \brief ECP group structure
Christopher Haster 1:24750b9ad5ef 107 *
Christopher Haster 1:24750b9ad5ef 108 * We consider two types of curves equations:
Christopher Haster 1:24750b9ad5ef 109 * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
Christopher Haster 1:24750b9ad5ef 110 * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
Christopher Haster 1:24750b9ad5ef 111 * In both cases, a generator G for a prime-order subgroup is fixed. In the
Christopher Haster 1:24750b9ad5ef 112 * short weierstrass, this subgroup is actually the whole curve, and its
Christopher Haster 1:24750b9ad5ef 113 * cardinal is denoted by N.
Christopher Haster 1:24750b9ad5ef 114 *
Christopher Haster 1:24750b9ad5ef 115 * In the case of Short Weierstrass curves, our code requires that N is an odd
Christopher Haster 1:24750b9ad5ef 116 * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
Christopher Haster 1:24750b9ad5ef 117 *
Christopher Haster 1:24750b9ad5ef 118 * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
Christopher Haster 1:24750b9ad5ef 119 * the quantity actually used in the formulas. Also, nbits is not the size of N
Christopher Haster 1:24750b9ad5ef 120 * but the required size for private keys.
Christopher Haster 1:24750b9ad5ef 121 *
Christopher Haster 1:24750b9ad5ef 122 * If modp is NULL, reduction modulo P is done using a generic algorithm.
Christopher Haster 1:24750b9ad5ef 123 * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
Christopher Haster 1:24750b9ad5ef 124 * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
Christopher Haster 1:24750b9ad5ef 125 * than pbits, so that the integer may be efficiently brought in the 0..P-1
Christopher Haster 1:24750b9ad5ef 126 * range by a few additions or substractions. It must return 0 on success and
Christopher Haster 1:24750b9ad5ef 127 * non-zero on failure.
Christopher Haster 1:24750b9ad5ef 128 */
Christopher Haster 1:24750b9ad5ef 129 typedef struct
Christopher Haster 1:24750b9ad5ef 130 {
Christopher Haster 1:24750b9ad5ef 131 mbedtls_ecp_group_id id; /*!< internal group identifier */
Christopher Haster 1:24750b9ad5ef 132 mbedtls_mpi P; /*!< prime modulus of the base field */
Christopher Haster 1:24750b9ad5ef 133 mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */
Christopher Haster 1:24750b9ad5ef 134 mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */
Christopher Haster 1:24750b9ad5ef 135 mbedtls_ecp_point G; /*!< generator of the (sub)group used */
Christopher Haster 1:24750b9ad5ef 136 mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */
Christopher Haster 1:24750b9ad5ef 137 size_t pbits; /*!< number of bits in P */
Christopher Haster 1:24750b9ad5ef 138 size_t nbits; /*!< number of bits in 1. P, or 2. private keys */
Christopher Haster 1:24750b9ad5ef 139 unsigned int h; /*!< internal: 1 if the constants are static */
Christopher Haster 1:24750b9ad5ef 140 int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */
Christopher Haster 1:24750b9ad5ef 141 int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */
Christopher Haster 1:24750b9ad5ef 142 int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */
Christopher Haster 1:24750b9ad5ef 143 void *t_data; /*!< unused */
Christopher Haster 1:24750b9ad5ef 144 mbedtls_ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */
Christopher Haster 1:24750b9ad5ef 145 size_t T_size; /*!< number for pre-computed points */
Christopher Haster 1:24750b9ad5ef 146 }
Christopher Haster 1:24750b9ad5ef 147 mbedtls_ecp_group;
Christopher Haster 1:24750b9ad5ef 148
Christopher Haster 1:24750b9ad5ef 149 /**
Christopher Haster 1:24750b9ad5ef 150 * \brief ECP key pair structure
Christopher Haster 1:24750b9ad5ef 151 *
Christopher Haster 1:24750b9ad5ef 152 * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
Christopher Haster 1:24750b9ad5ef 153 *
Christopher Haster 1:24750b9ad5ef 154 * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
Christopher Haster 1:24750b9ad5ef 155 */
Christopher Haster 1:24750b9ad5ef 156 typedef struct
Christopher Haster 1:24750b9ad5ef 157 {
Christopher Haster 1:24750b9ad5ef 158 mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
Christopher Haster 1:24750b9ad5ef 159 mbedtls_mpi d; /*!< our secret value */
Christopher Haster 1:24750b9ad5ef 160 mbedtls_ecp_point Q; /*!< our public value */
Christopher Haster 1:24750b9ad5ef 161 }
Christopher Haster 1:24750b9ad5ef 162 mbedtls_ecp_keypair;
Christopher Haster 1:24750b9ad5ef 163
Christopher Haster 1:24750b9ad5ef 164 /**
Christopher Haster 1:24750b9ad5ef 165 * \name SECTION: Module settings
Christopher Haster 1:24750b9ad5ef 166 *
Christopher Haster 1:24750b9ad5ef 167 * The configuration options you can set for this module are in this section.
Christopher Haster 1:24750b9ad5ef 168 * Either change them in config.h or define them on the compiler command line.
Christopher Haster 1:24750b9ad5ef 169 * \{
Christopher Haster 1:24750b9ad5ef 170 */
Christopher Haster 1:24750b9ad5ef 171
Christopher Haster 1:24750b9ad5ef 172 #if !defined(MBEDTLS_ECP_MAX_BITS)
Christopher Haster 1:24750b9ad5ef 173 /**
Christopher Haster 1:24750b9ad5ef 174 * Maximum size of the groups (that is, of N and P)
Christopher Haster 1:24750b9ad5ef 175 */
Christopher Haster 1:24750b9ad5ef 176 #define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
Christopher Haster 1:24750b9ad5ef 177 #endif
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
Christopher Haster 1:24750b9ad5ef 180 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
Christopher Haster 1:24750b9ad5ef 181
Christopher Haster 1:24750b9ad5ef 182 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
Christopher Haster 1:24750b9ad5ef 183 /*
Christopher Haster 1:24750b9ad5ef 184 * Maximum "window" size used for point multiplication.
Christopher Haster 1:24750b9ad5ef 185 * Default: 6.
Christopher Haster 1:24750b9ad5ef 186 * Minimum value: 2. Maximum value: 7.
Christopher Haster 1:24750b9ad5ef 187 *
Christopher Haster 1:24750b9ad5ef 188 * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
Christopher Haster 1:24750b9ad5ef 189 * points used for point multiplication. This value is directly tied to EC
Christopher Haster 1:24750b9ad5ef 190 * peak memory usage, so decreasing it by one should roughly cut memory usage
Christopher Haster 1:24750b9ad5ef 191 * by two (if large curves are in use).
Christopher Haster 1:24750b9ad5ef 192 *
Christopher Haster 1:24750b9ad5ef 193 * Reduction in size may reduce speed, but larger curves are impacted first.
Christopher Haster 1:24750b9ad5ef 194 * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
Christopher Haster 1:24750b9ad5ef 195 * w-size: 6 5 4 3 2
Christopher Haster 1:24750b9ad5ef 196 * 521 145 141 135 120 97
Christopher Haster 1:24750b9ad5ef 197 * 384 214 209 198 177 146
Christopher Haster 1:24750b9ad5ef 198 * 256 320 320 303 262 226
Christopher Haster 1:24750b9ad5ef 199
Christopher Haster 1:24750b9ad5ef 200 * 224 475 475 453 398 342
Christopher Haster 1:24750b9ad5ef 201 * 192 640 640 633 587 476
Christopher Haster 1:24750b9ad5ef 202 */
Christopher Haster 1:24750b9ad5ef 203 #define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
Christopher Haster 1:24750b9ad5ef 204 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
Christopher Haster 1:24750b9ad5ef 205
Christopher Haster 1:24750b9ad5ef 206 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
Christopher Haster 1:24750b9ad5ef 207 /*
Christopher Haster 1:24750b9ad5ef 208 * Trade memory for speed on fixed-point multiplication.
Christopher Haster 1:24750b9ad5ef 209 *
Christopher Haster 1:24750b9ad5ef 210 * This speeds up repeated multiplication of the generator (that is, the
Christopher Haster 1:24750b9ad5ef 211 * multiplication in ECDSA signatures, and half of the multiplications in
Christopher Haster 1:24750b9ad5ef 212 * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
Christopher Haster 1:24750b9ad5ef 213 *
Christopher Haster 1:24750b9ad5ef 214 * The cost is increasing EC peak memory usage by a factor roughly 2.
Christopher Haster 1:24750b9ad5ef 215 *
Christopher Haster 1:24750b9ad5ef 216 * Change this value to 0 to reduce peak memory usage.
Christopher Haster 1:24750b9ad5ef 217 */
Christopher Haster 1:24750b9ad5ef 218 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
Christopher Haster 1:24750b9ad5ef 219 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
Christopher Haster 1:24750b9ad5ef 220
Christopher Haster 1:24750b9ad5ef 221 /* \} name SECTION: Module settings */
Christopher Haster 1:24750b9ad5ef 222
Christopher Haster 1:24750b9ad5ef 223 /*
Christopher Haster 1:24750b9ad5ef 224 * Point formats, from RFC 4492's enum ECPointFormat
Christopher Haster 1:24750b9ad5ef 225 */
Christopher Haster 1:24750b9ad5ef 226 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */
Christopher Haster 1:24750b9ad5ef 227 #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */
Christopher Haster 1:24750b9ad5ef 228
Christopher Haster 1:24750b9ad5ef 229 /*
Christopher Haster 1:24750b9ad5ef 230 * Some other constants from RFC 4492
Christopher Haster 1:24750b9ad5ef 231 */
Christopher Haster 1:24750b9ad5ef 232 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
Christopher Haster 1:24750b9ad5ef 233
Christopher Haster 1:24750b9ad5ef 234 /**
Christopher Haster 1:24750b9ad5ef 235 * \brief Get the list of supported curves in order of preferrence
Christopher Haster 1:24750b9ad5ef 236 * (full information)
Christopher Haster 1:24750b9ad5ef 237 *
Christopher Haster 1:24750b9ad5ef 238 * \return A statically allocated array, the last entry is 0.
Christopher Haster 1:24750b9ad5ef 239 */
Christopher Haster 1:24750b9ad5ef 240 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
Christopher Haster 1:24750b9ad5ef 241
Christopher Haster 1:24750b9ad5ef 242 /**
Christopher Haster 1:24750b9ad5ef 243 * \brief Get the list of supported curves in order of preferrence
Christopher Haster 1:24750b9ad5ef 244 * (grp_id only)
Christopher Haster 1:24750b9ad5ef 245 *
Christopher Haster 1:24750b9ad5ef 246 * \return A statically allocated array,
Christopher Haster 1:24750b9ad5ef 247 * terminated with MBEDTLS_ECP_DP_NONE.
Christopher Haster 1:24750b9ad5ef 248 */
Christopher Haster 1:24750b9ad5ef 249 const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
Christopher Haster 1:24750b9ad5ef 250
Christopher Haster 1:24750b9ad5ef 251 /**
Christopher Haster 1:24750b9ad5ef 252 * \brief Get curve information from an internal group identifier
Christopher Haster 1:24750b9ad5ef 253 *
Christopher Haster 1:24750b9ad5ef 254 * \param grp_id A MBEDTLS_ECP_DP_XXX value
Christopher Haster 1:24750b9ad5ef 255 *
Christopher Haster 1:24750b9ad5ef 256 * \return The associated curve information or NULL
Christopher Haster 1:24750b9ad5ef 257 */
Christopher Haster 1:24750b9ad5ef 258 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
Christopher Haster 1:24750b9ad5ef 259
Christopher Haster 1:24750b9ad5ef 260 /**
Christopher Haster 1:24750b9ad5ef 261 * \brief Get curve information from a TLS NamedCurve value
Christopher Haster 1:24750b9ad5ef 262 *
Christopher Haster 1:24750b9ad5ef 263 * \param tls_id A MBEDTLS_ECP_DP_XXX value
Christopher Haster 1:24750b9ad5ef 264 *
Christopher Haster 1:24750b9ad5ef 265 * \return The associated curve information or NULL
Christopher Haster 1:24750b9ad5ef 266 */
Christopher Haster 1:24750b9ad5ef 267 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
Christopher Haster 1:24750b9ad5ef 268
Christopher Haster 1:24750b9ad5ef 269 /**
Christopher Haster 1:24750b9ad5ef 270 * \brief Get curve information from a human-readable name
Christopher Haster 1:24750b9ad5ef 271 *
Christopher Haster 1:24750b9ad5ef 272 * \param name The name
Christopher Haster 1:24750b9ad5ef 273 *
Christopher Haster 1:24750b9ad5ef 274 * \return The associated curve information or NULL
Christopher Haster 1:24750b9ad5ef 275 */
Christopher Haster 1:24750b9ad5ef 276 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
Christopher Haster 1:24750b9ad5ef 277
Christopher Haster 1:24750b9ad5ef 278 /**
Christopher Haster 1:24750b9ad5ef 279 * \brief Initialize a point (as zero)
Christopher Haster 1:24750b9ad5ef 280 */
Christopher Haster 1:24750b9ad5ef 281 void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
Christopher Haster 1:24750b9ad5ef 282
Christopher Haster 1:24750b9ad5ef 283 /**
Christopher Haster 1:24750b9ad5ef 284 * \brief Initialize a group (to something meaningless)
Christopher Haster 1:24750b9ad5ef 285 */
Christopher Haster 1:24750b9ad5ef 286 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
Christopher Haster 1:24750b9ad5ef 287
Christopher Haster 1:24750b9ad5ef 288 /**
Christopher Haster 1:24750b9ad5ef 289 * \brief Initialize a key pair (as an invalid one)
Christopher Haster 1:24750b9ad5ef 290 */
Christopher Haster 1:24750b9ad5ef 291 void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
Christopher Haster 1:24750b9ad5ef 292
Christopher Haster 1:24750b9ad5ef 293 /**
Christopher Haster 1:24750b9ad5ef 294 * \brief Free the components of a point
Christopher Haster 1:24750b9ad5ef 295 */
Christopher Haster 1:24750b9ad5ef 296 void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
Christopher Haster 1:24750b9ad5ef 297
Christopher Haster 1:24750b9ad5ef 298 /**
Christopher Haster 1:24750b9ad5ef 299 * \brief Free the components of an ECP group
Christopher Haster 1:24750b9ad5ef 300 */
Christopher Haster 1:24750b9ad5ef 301 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
Christopher Haster 1:24750b9ad5ef 302
Christopher Haster 1:24750b9ad5ef 303 /**
Christopher Haster 1:24750b9ad5ef 304 * \brief Free the components of a key pair
Christopher Haster 1:24750b9ad5ef 305 */
Christopher Haster 1:24750b9ad5ef 306 void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
Christopher Haster 1:24750b9ad5ef 307
Christopher Haster 1:24750b9ad5ef 308 /**
Christopher Haster 1:24750b9ad5ef 309 * \brief Copy the contents of point Q into P
Christopher Haster 1:24750b9ad5ef 310 *
Christopher Haster 1:24750b9ad5ef 311 * \param P Destination point
Christopher Haster 1:24750b9ad5ef 312 * \param Q Source point
Christopher Haster 1:24750b9ad5ef 313 *
Christopher Haster 1:24750b9ad5ef 314 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 315 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
Christopher Haster 1:24750b9ad5ef 316 */
Christopher Haster 1:24750b9ad5ef 317 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
Christopher Haster 1:24750b9ad5ef 318
Christopher Haster 1:24750b9ad5ef 319 /**
Christopher Haster 1:24750b9ad5ef 320 * \brief Copy the contents of a group object
Christopher Haster 1:24750b9ad5ef 321 *
Christopher Haster 1:24750b9ad5ef 322 * \param dst Destination group
Christopher Haster 1:24750b9ad5ef 323 * \param src Source group
Christopher Haster 1:24750b9ad5ef 324 *
Christopher Haster 1:24750b9ad5ef 325 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 326 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
Christopher Haster 1:24750b9ad5ef 327 */
Christopher Haster 1:24750b9ad5ef 328 int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
Christopher Haster 1:24750b9ad5ef 329
Christopher Haster 1:24750b9ad5ef 330 /**
Christopher Haster 1:24750b9ad5ef 331 * \brief Set a point to zero
Christopher Haster 1:24750b9ad5ef 332 *
Christopher Haster 1:24750b9ad5ef 333 * \param pt Destination point
Christopher Haster 1:24750b9ad5ef 334 *
Christopher Haster 1:24750b9ad5ef 335 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 336 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
Christopher Haster 1:24750b9ad5ef 337 */
Christopher Haster 1:24750b9ad5ef 338 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
Christopher Haster 1:24750b9ad5ef 339
Christopher Haster 1:24750b9ad5ef 340 /**
Christopher Haster 1:24750b9ad5ef 341 * \brief Tell if a point is zero
Christopher Haster 1:24750b9ad5ef 342 *
Christopher Haster 1:24750b9ad5ef 343 * \param pt Point to test
Christopher Haster 1:24750b9ad5ef 344 *
Christopher Haster 1:24750b9ad5ef 345 * \return 1 if point is zero, 0 otherwise
Christopher Haster 1:24750b9ad5ef 346 */
Christopher Haster 1:24750b9ad5ef 347 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
Christopher Haster 1:24750b9ad5ef 348
Christopher Haster 1:24750b9ad5ef 349 /**
Christopher Haster 1:24750b9ad5ef 350 * \brief Compare two points
Christopher Haster 1:24750b9ad5ef 351 *
Christopher Haster 1:24750b9ad5ef 352 * \note This assumes the points are normalized. Otherwise,
Christopher Haster 1:24750b9ad5ef 353 * they may compare as "not equal" even if they are.
Christopher Haster 1:24750b9ad5ef 354 *
Christopher Haster 1:24750b9ad5ef 355 * \param P First point to compare
Christopher Haster 1:24750b9ad5ef 356 * \param Q Second point to compare
Christopher Haster 1:24750b9ad5ef 357 *
Christopher Haster 1:24750b9ad5ef 358 * \return 0 if the points are equal,
Christopher Haster 1:24750b9ad5ef 359 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
Christopher Haster 1:24750b9ad5ef 360 */
Christopher Haster 1:24750b9ad5ef 361 int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
Christopher Haster 1:24750b9ad5ef 362 const mbedtls_ecp_point *Q );
Christopher Haster 1:24750b9ad5ef 363
Christopher Haster 1:24750b9ad5ef 364 /**
Christopher Haster 1:24750b9ad5ef 365 * \brief Import a non-zero point from two ASCII strings
Christopher Haster 1:24750b9ad5ef 366 *
Christopher Haster 1:24750b9ad5ef 367 * \param P Destination point
Christopher Haster 1:24750b9ad5ef 368 * \param radix Input numeric base
Christopher Haster 1:24750b9ad5ef 369 * \param x First affine coordinate as a null-terminated string
Christopher Haster 1:24750b9ad5ef 370 * \param y Second affine coordinate as a null-terminated string
Christopher Haster 1:24750b9ad5ef 371 *
Christopher Haster 1:24750b9ad5ef 372 * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
Christopher Haster 1:24750b9ad5ef 373 */
Christopher Haster 1:24750b9ad5ef 374 int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
Christopher Haster 1:24750b9ad5ef 375 const char *x, const char *y );
Christopher Haster 1:24750b9ad5ef 376
Christopher Haster 1:24750b9ad5ef 377 /**
Christopher Haster 1:24750b9ad5ef 378 * \brief Export a point into unsigned binary data
Christopher Haster 1:24750b9ad5ef 379 *
Christopher Haster 1:24750b9ad5ef 380 * \param grp Group to which the point should belong
Christopher Haster 1:24750b9ad5ef 381 * \param P Point to export
Christopher Haster 1:24750b9ad5ef 382 * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro
Christopher Haster 1:24750b9ad5ef 383 * \param olen Length of the actual output
Christopher Haster 1:24750b9ad5ef 384 * \param buf Output buffer
Christopher Haster 1:24750b9ad5ef 385 * \param buflen Length of the output buffer
Christopher Haster 1:24750b9ad5ef 386 *
Christopher Haster 1:24750b9ad5ef 387 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 388 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Christopher Haster 1:24750b9ad5ef 389 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
Christopher Haster 1:24750b9ad5ef 390 */
Christopher Haster 1:24750b9ad5ef 391 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
Christopher Haster 1:24750b9ad5ef 392 int format, size_t *olen,
Christopher Haster 1:24750b9ad5ef 393 unsigned char *buf, size_t buflen );
Christopher Haster 1:24750b9ad5ef 394
Christopher Haster 1:24750b9ad5ef 395 /**
Christopher Haster 1:24750b9ad5ef 396 * \brief Import a point from unsigned binary data
Christopher Haster 1:24750b9ad5ef 397 *
Christopher Haster 1:24750b9ad5ef 398 * \param grp Group to which the point should belong
Christopher Haster 1:24750b9ad5ef 399 * \param P Point to import
Christopher Haster 1:24750b9ad5ef 400 * \param buf Input buffer
Christopher Haster 1:24750b9ad5ef 401 * \param ilen Actual length of input
Christopher Haster 1:24750b9ad5ef 402 *
Christopher Haster 1:24750b9ad5ef 403 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 404 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
Christopher Haster 1:24750b9ad5ef 405 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
Christopher Haster 1:24750b9ad5ef 406 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
Christopher Haster 1:24750b9ad5ef 407 * is not implemented.
Christopher Haster 1:24750b9ad5ef 408 *
Christopher Haster 1:24750b9ad5ef 409 * \note This function does NOT check that the point actually
Christopher Haster 1:24750b9ad5ef 410 * belongs to the given group, see mbedtls_ecp_check_pubkey() for
Christopher Haster 1:24750b9ad5ef 411 * that.
Christopher Haster 1:24750b9ad5ef 412 */
Christopher Haster 1:24750b9ad5ef 413 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
Christopher Haster 1:24750b9ad5ef 414 const unsigned char *buf, size_t ilen );
Christopher Haster 1:24750b9ad5ef 415
Christopher Haster 1:24750b9ad5ef 416 /**
Christopher Haster 1:24750b9ad5ef 417 * \brief Import a point from a TLS ECPoint record
Christopher Haster 1:24750b9ad5ef 418 *
Christopher Haster 1:24750b9ad5ef 419 * \param grp ECP group used
Christopher Haster 1:24750b9ad5ef 420 * \param pt Destination point
Christopher Haster 1:24750b9ad5ef 421 * \param buf $(Start of input buffer)
Christopher Haster 1:24750b9ad5ef 422 * \param len Buffer length
Christopher Haster 1:24750b9ad5ef 423 *
Christopher Haster 1:24750b9ad5ef 424 * \note buf is updated to point right after the ECPoint on exit
Christopher Haster 1:24750b9ad5ef 425 *
Christopher Haster 1:24750b9ad5ef 426 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 427 * MBEDTLS_ERR_MPI_XXX if initialization failed
Christopher Haster 1:24750b9ad5ef 428 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
Christopher Haster 1:24750b9ad5ef 429 */
Christopher Haster 1:24750b9ad5ef 430 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
Christopher Haster 1:24750b9ad5ef 431 const unsigned char **buf, size_t len );
Christopher Haster 1:24750b9ad5ef 432
Christopher Haster 1:24750b9ad5ef 433 /**
Christopher Haster 1:24750b9ad5ef 434 * \brief Export a point as a TLS ECPoint record
Christopher Haster 1:24750b9ad5ef 435 *
Christopher Haster 1:24750b9ad5ef 436 * \param grp ECP group used
Christopher Haster 1:24750b9ad5ef 437 * \param pt Point to export
Christopher Haster 1:24750b9ad5ef 438 * \param format Export format
Christopher Haster 1:24750b9ad5ef 439 * \param olen length of data written
Christopher Haster 1:24750b9ad5ef 440 * \param buf Buffer to write to
Christopher Haster 1:24750b9ad5ef 441 * \param blen Buffer length
Christopher Haster 1:24750b9ad5ef 442 *
Christopher Haster 1:24750b9ad5ef 443 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 444 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Christopher Haster 1:24750b9ad5ef 445 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
Christopher Haster 1:24750b9ad5ef 446 */
Christopher Haster 1:24750b9ad5ef 447 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
Christopher Haster 1:24750b9ad5ef 448 int format, size_t *olen,
Christopher Haster 1:24750b9ad5ef 449 unsigned char *buf, size_t blen );
Christopher Haster 1:24750b9ad5ef 450
Christopher Haster 1:24750b9ad5ef 451 /**
Christopher Haster 1:24750b9ad5ef 452 * \brief Set a group using well-known domain parameters
Christopher Haster 1:24750b9ad5ef 453 *
Christopher Haster 1:24750b9ad5ef 454 * \param grp Destination group
Christopher Haster 1:24750b9ad5ef 455 * \param index Index in the list of well-known domain parameters
Christopher Haster 1:24750b9ad5ef 456 *
Christopher Haster 1:24750b9ad5ef 457 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 458 * MBEDTLS_ERR_MPI_XXX if initialization failed
Christopher Haster 1:24750b9ad5ef 459 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
Christopher Haster 1:24750b9ad5ef 460 *
Christopher Haster 1:24750b9ad5ef 461 * \note Index should be a value of RFC 4492's enum NamedCurve,
Christopher Haster 1:24750b9ad5ef 462 * usually in the form of a MBEDTLS_ECP_DP_XXX macro.
Christopher Haster 1:24750b9ad5ef 463 */
Christopher Haster 1:24750b9ad5ef 464 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
Christopher Haster 1:24750b9ad5ef 465
Christopher Haster 1:24750b9ad5ef 466 /**
Christopher Haster 1:24750b9ad5ef 467 * \brief Set a group from a TLS ECParameters record
Christopher Haster 1:24750b9ad5ef 468 *
Christopher Haster 1:24750b9ad5ef 469 * \param grp Destination group
Christopher Haster 1:24750b9ad5ef 470 * \param buf &(Start of input buffer)
Christopher Haster 1:24750b9ad5ef 471 * \param len Buffer length
Christopher Haster 1:24750b9ad5ef 472 *
Christopher Haster 1:24750b9ad5ef 473 * \note buf is updated to point right after ECParameters on exit
Christopher Haster 1:24750b9ad5ef 474 *
Christopher Haster 1:24750b9ad5ef 475 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 476 * MBEDTLS_ERR_MPI_XXX if initialization failed
Christopher Haster 1:24750b9ad5ef 477 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
Christopher Haster 1:24750b9ad5ef 478 */
Christopher Haster 1:24750b9ad5ef 479 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
Christopher Haster 1:24750b9ad5ef 480
Christopher Haster 1:24750b9ad5ef 481 /**
Christopher Haster 1:24750b9ad5ef 482 * \brief Write the TLS ECParameters record for a group
Christopher Haster 1:24750b9ad5ef 483 *
Christopher Haster 1:24750b9ad5ef 484 * \param grp ECP group used
Christopher Haster 1:24750b9ad5ef 485 * \param olen Number of bytes actually written
Christopher Haster 1:24750b9ad5ef 486 * \param buf Buffer to write to
Christopher Haster 1:24750b9ad5ef 487 * \param blen Buffer length
Christopher Haster 1:24750b9ad5ef 488 *
Christopher Haster 1:24750b9ad5ef 489 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 490 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
Christopher Haster 1:24750b9ad5ef 491 */
Christopher Haster 1:24750b9ad5ef 492 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
Christopher Haster 1:24750b9ad5ef 493 unsigned char *buf, size_t blen );
Christopher Haster 1:24750b9ad5ef 494
Christopher Haster 1:24750b9ad5ef 495 /**
Christopher Haster 1:24750b9ad5ef 496 * \brief Multiplication by an integer: R = m * P
Christopher Haster 1:24750b9ad5ef 497 * (Not thread-safe to use same group in multiple threads)
Christopher Haster 1:24750b9ad5ef 498 *
Christopher Haster 1:24750b9ad5ef 499 * \note In order to prevent timing attacks, this function
Christopher Haster 1:24750b9ad5ef 500 * executes the exact same sequence of (base field)
Christopher Haster 1:24750b9ad5ef 501 * operations for any valid m. It avoids any if-branch or
Christopher Haster 1:24750b9ad5ef 502 * array index depending on the value of m.
Christopher Haster 1:24750b9ad5ef 503 *
Christopher Haster 1:24750b9ad5ef 504 * \note If f_rng is not NULL, it is used to randomize intermediate
Christopher Haster 1:24750b9ad5ef 505 * results in order to prevent potential timing attacks
Christopher Haster 1:24750b9ad5ef 506 * targeting these results. It is recommended to always
Christopher Haster 1:24750b9ad5ef 507 * provide a non-NULL f_rng (the overhead is negligible).
Christopher Haster 1:24750b9ad5ef 508 *
Christopher Haster 1:24750b9ad5ef 509 * \param grp ECP group
Christopher Haster 1:24750b9ad5ef 510 * \param R Destination point
Christopher Haster 1:24750b9ad5ef 511 * \param m Integer by which to multiply
Christopher Haster 1:24750b9ad5ef 512 * \param P Point to multiply
Christopher Haster 1:24750b9ad5ef 513 * \param f_rng RNG function (see notes)
Christopher Haster 1:24750b9ad5ef 514 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 515 *
Christopher Haster 1:24750b9ad5ef 516 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 517 * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
Christopher Haster 1:24750b9ad5ef 518 * or P is not a valid pubkey,
Christopher Haster 1:24750b9ad5ef 519 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
Christopher Haster 1:24750b9ad5ef 520 */
Christopher Haster 1:24750b9ad5ef 521 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
Christopher Haster 1:24750b9ad5ef 522 const mbedtls_mpi *m, const mbedtls_ecp_point *P,
Christopher Haster 1:24750b9ad5ef 523 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
Christopher Haster 1:24750b9ad5ef 524
Christopher Haster 1:24750b9ad5ef 525 /**
Christopher Haster 1:24750b9ad5ef 526 * \brief Multiplication and addition of two points by integers:
Christopher Haster 1:24750b9ad5ef 527 * R = m * P + n * Q
Christopher Haster 1:24750b9ad5ef 528 * (Not thread-safe to use same group in multiple threads)
Christopher Haster 1:24750b9ad5ef 529 *
Christopher Haster 1:24750b9ad5ef 530 * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee
Christopher Haster 1:24750b9ad5ef 531 * a constant execution flow and timing.
Christopher Haster 1:24750b9ad5ef 532 *
Christopher Haster 1:24750b9ad5ef 533 * \param grp ECP group
Christopher Haster 1:24750b9ad5ef 534 * \param R Destination point
Christopher Haster 1:24750b9ad5ef 535 * \param m Integer by which to multiply P
Christopher Haster 1:24750b9ad5ef 536 * \param P Point to multiply by m
Christopher Haster 1:24750b9ad5ef 537 * \param n Integer by which to multiply Q
Christopher Haster 1:24750b9ad5ef 538 * \param Q Point to be multiplied by n
Christopher Haster 1:24750b9ad5ef 539 *
Christopher Haster 1:24750b9ad5ef 540 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 541 * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
Christopher Haster 1:24750b9ad5ef 542 * or P or Q is not a valid pubkey,
Christopher Haster 1:24750b9ad5ef 543 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
Christopher Haster 1:24750b9ad5ef 544 */
Christopher Haster 1:24750b9ad5ef 545 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
Christopher Haster 1:24750b9ad5ef 546 const mbedtls_mpi *m, const mbedtls_ecp_point *P,
Christopher Haster 1:24750b9ad5ef 547 const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
Christopher Haster 1:24750b9ad5ef 548
Christopher Haster 1:24750b9ad5ef 549 /**
Christopher Haster 1:24750b9ad5ef 550 * \brief Check that a point is a valid public key on this curve
Christopher Haster 1:24750b9ad5ef 551 *
Christopher Haster 1:24750b9ad5ef 552 * \param grp Curve/group the point should belong to
Christopher Haster 1:24750b9ad5ef 553 * \param pt Point to check
Christopher Haster 1:24750b9ad5ef 554 *
Christopher Haster 1:24750b9ad5ef 555 * \return 0 if point is a valid public key,
Christopher Haster 1:24750b9ad5ef 556 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
Christopher Haster 1:24750b9ad5ef 557 *
Christopher Haster 1:24750b9ad5ef 558 * \note This function only checks the point is non-zero, has valid
Christopher Haster 1:24750b9ad5ef 559 * coordinates and lies on the curve, but not that it is
Christopher Haster 1:24750b9ad5ef 560 * indeed a multiple of G. This is additional check is more
Christopher Haster 1:24750b9ad5ef 561 * expensive, isn't required by standards, and shouldn't be
Christopher Haster 1:24750b9ad5ef 562 * necessary if the group used has a small cofactor. In
Christopher Haster 1:24750b9ad5ef 563 * particular, it is useless for the NIST groups which all
Christopher Haster 1:24750b9ad5ef 564 * have a cofactor of 1.
Christopher Haster 1:24750b9ad5ef 565 *
Christopher Haster 1:24750b9ad5ef 566 * \note Uses bare components rather than an mbedtls_ecp_keypair structure
Christopher Haster 1:24750b9ad5ef 567 * in order to ease use with other structures such as
Christopher Haster 1:24750b9ad5ef 568 * mbedtls_ecdh_context of mbedtls_ecdsa_context.
Christopher Haster 1:24750b9ad5ef 569 */
Christopher Haster 1:24750b9ad5ef 570 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
Christopher Haster 1:24750b9ad5ef 571
Christopher Haster 1:24750b9ad5ef 572 /**
Christopher Haster 1:24750b9ad5ef 573 * \brief Check that an mbedtls_mpi is a valid private key for this curve
Christopher Haster 1:24750b9ad5ef 574 *
Christopher Haster 1:24750b9ad5ef 575 * \param grp Group used
Christopher Haster 1:24750b9ad5ef 576 * \param d Integer to check
Christopher Haster 1:24750b9ad5ef 577 *
Christopher Haster 1:24750b9ad5ef 578 * \return 0 if point is a valid private key,
Christopher Haster 1:24750b9ad5ef 579 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
Christopher Haster 1:24750b9ad5ef 580 *
Christopher Haster 1:24750b9ad5ef 581 * \note Uses bare components rather than an mbedtls_ecp_keypair structure
Christopher Haster 1:24750b9ad5ef 582 * in order to ease use with other structures such as
Christopher Haster 1:24750b9ad5ef 583 * mbedtls_ecdh_context of mbedtls_ecdsa_context.
Christopher Haster 1:24750b9ad5ef 584 */
Christopher Haster 1:24750b9ad5ef 585 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
Christopher Haster 1:24750b9ad5ef 586
Christopher Haster 1:24750b9ad5ef 587 /**
Christopher Haster 1:24750b9ad5ef 588 * \brief Generate a keypair with configurable base point
Christopher Haster 1:24750b9ad5ef 589 *
Christopher Haster 1:24750b9ad5ef 590 * \param grp ECP group
Christopher Haster 1:24750b9ad5ef 591 * \param G Chosen base point
Christopher Haster 1:24750b9ad5ef 592 * \param d Destination MPI (secret part)
Christopher Haster 1:24750b9ad5ef 593 * \param Q Destination point (public part)
Christopher Haster 1:24750b9ad5ef 594 * \param f_rng RNG function
Christopher Haster 1:24750b9ad5ef 595 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 596 *
Christopher Haster 1:24750b9ad5ef 597 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 598 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
Christopher Haster 1:24750b9ad5ef 599 *
Christopher Haster 1:24750b9ad5ef 600 * \note Uses bare components rather than an mbedtls_ecp_keypair structure
Christopher Haster 1:24750b9ad5ef 601 * in order to ease use with other structures such as
Christopher Haster 1:24750b9ad5ef 602 * mbedtls_ecdh_context of mbedtls_ecdsa_context.
Christopher Haster 1:24750b9ad5ef 603 */
Christopher Haster 1:24750b9ad5ef 604 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
Christopher Haster 1:24750b9ad5ef 605 const mbedtls_ecp_point *G,
Christopher Haster 1:24750b9ad5ef 606 mbedtls_mpi *d, mbedtls_ecp_point *Q,
Christopher Haster 1:24750b9ad5ef 607 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 608 void *p_rng );
Christopher Haster 1:24750b9ad5ef 609
Christopher Haster 1:24750b9ad5ef 610 /**
Christopher Haster 1:24750b9ad5ef 611 * \brief Generate a keypair
Christopher Haster 1:24750b9ad5ef 612 *
Christopher Haster 1:24750b9ad5ef 613 * \param grp ECP group
Christopher Haster 1:24750b9ad5ef 614 * \param d Destination MPI (secret part)
Christopher Haster 1:24750b9ad5ef 615 * \param Q Destination point (public part)
Christopher Haster 1:24750b9ad5ef 616 * \param f_rng RNG function
Christopher Haster 1:24750b9ad5ef 617 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 618 *
Christopher Haster 1:24750b9ad5ef 619 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 620 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
Christopher Haster 1:24750b9ad5ef 621 *
Christopher Haster 1:24750b9ad5ef 622 * \note Uses bare components rather than an mbedtls_ecp_keypair structure
Christopher Haster 1:24750b9ad5ef 623 * in order to ease use with other structures such as
Christopher Haster 1:24750b9ad5ef 624 * mbedtls_ecdh_context of mbedtls_ecdsa_context.
Christopher Haster 1:24750b9ad5ef 625 */
Christopher Haster 1:24750b9ad5ef 626 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
Christopher Haster 1:24750b9ad5ef 627 int (*f_rng)(void *, unsigned char *, size_t),
Christopher Haster 1:24750b9ad5ef 628 void *p_rng );
Christopher Haster 1:24750b9ad5ef 629
Christopher Haster 1:24750b9ad5ef 630 /**
Christopher Haster 1:24750b9ad5ef 631 * \brief Generate a keypair
Christopher Haster 1:24750b9ad5ef 632 *
Christopher Haster 1:24750b9ad5ef 633 * \param grp_id ECP group identifier
Christopher Haster 1:24750b9ad5ef 634 * \param key Destination keypair
Christopher Haster 1:24750b9ad5ef 635 * \param f_rng RNG function
Christopher Haster 1:24750b9ad5ef 636 * \param p_rng RNG parameter
Christopher Haster 1:24750b9ad5ef 637 *
Christopher Haster 1:24750b9ad5ef 638 * \return 0 if successful,
Christopher Haster 1:24750b9ad5ef 639 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
Christopher Haster 1:24750b9ad5ef 640 */
Christopher Haster 1:24750b9ad5ef 641 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
Christopher Haster 1:24750b9ad5ef 642 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
Christopher Haster 1:24750b9ad5ef 643
Christopher Haster 1:24750b9ad5ef 644 /**
Christopher Haster 1:24750b9ad5ef 645 * \brief Check a public-private key pair
Christopher Haster 1:24750b9ad5ef 646 *
Christopher Haster 1:24750b9ad5ef 647 * \param pub Keypair structure holding a public key
Christopher Haster 1:24750b9ad5ef 648 * \param prv Keypair structure holding a private (plus public) key
Christopher Haster 1:24750b9ad5ef 649 *
Christopher Haster 1:24750b9ad5ef 650 * \return 0 if successful (keys are valid and match), or
Christopher Haster 1:24750b9ad5ef 651 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
Christopher Haster 1:24750b9ad5ef 652 * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
Christopher Haster 1:24750b9ad5ef 653 */
Christopher Haster 1:24750b9ad5ef 654 int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
Christopher Haster 1:24750b9ad5ef 655
Christopher Haster 1:24750b9ad5ef 656 #if defined(MBEDTLS_SELF_TEST)
Christopher Haster 1:24750b9ad5ef 657 /**
Christopher Haster 1:24750b9ad5ef 658 * \brief Checkup routine
Christopher Haster 1:24750b9ad5ef 659 *
Christopher Haster 1:24750b9ad5ef 660 * \return 0 if successful, or 1 if a test failed
Christopher Haster 1:24750b9ad5ef 661 */
Christopher Haster 1:24750b9ad5ef 662 int mbedtls_ecp_self_test( int verbose );
Christopher Haster 1:24750b9ad5ef 663 #endif
Christopher Haster 1:24750b9ad5ef 664
Christopher Haster 1:24750b9ad5ef 665 #ifdef __cplusplus
Christopher Haster 1:24750b9ad5ef 666 }
Christopher Haster 1:24750b9ad5ef 667 #endif
Christopher Haster 1:24750b9ad5ef 668
Christopher Haster 1:24750b9ad5ef 669 #endif /* ecp.h */