Gleb Klochkov
/
Climatcontroll_Main
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ecp.h
00001 /** 00002 * \file ecp.h 00003 * 00004 * \brief Elliptic curves over GF(p) 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_ECP_H 00025 #define MBEDTLS_ECP_H 00026 00027 #include "bignum.h" 00028 00029 /* 00030 * ECP error codes 00031 */ 00032 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ 00033 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ 00034 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 /**< Requested curve not available. */ 00035 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ 00036 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 /**< Memory allocation failed. */ 00037 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ 00038 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ 00039 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ 00040 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ 00041 00042 #if !defined(MBEDTLS_ECP_ALT) 00043 /* 00044 * default mbed TLS elliptic curve arithmetic implementation 00045 * 00046 * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an 00047 * alternative implementation for the whole module and it will replace this 00048 * one.) 00049 */ 00050 00051 #ifdef __cplusplus 00052 extern "C" { 00053 #endif 00054 00055 /** 00056 * Domain parameters (curve, subgroup and generator) identifiers. 00057 * 00058 * Only curves over prime fields are supported. 00059 * 00060 * \warning This library does not support validation of arbitrary domain 00061 * parameters. Therefore, only well-known domain parameters from trusted 00062 * sources should be used. See mbedtls_ecp_group_load(). 00063 */ 00064 typedef enum 00065 { 00066 MBEDTLS_ECP_DP_NONE = 0, 00067 MBEDTLS_ECP_DP_SECP192R1, /*!< 192-bits NIST curve */ 00068 MBEDTLS_ECP_DP_SECP224R1, /*!< 224-bits NIST curve */ 00069 MBEDTLS_ECP_DP_SECP256R1, /*!< 256-bits NIST curve */ 00070 MBEDTLS_ECP_DP_SECP384R1, /*!< 384-bits NIST curve */ 00071 MBEDTLS_ECP_DP_SECP521R1, /*!< 521-bits NIST curve */ 00072 MBEDTLS_ECP_DP_BP256R1, /*!< 256-bits Brainpool curve */ 00073 MBEDTLS_ECP_DP_BP384R1, /*!< 384-bits Brainpool curve */ 00074 MBEDTLS_ECP_DP_BP512R1, /*!< 512-bits Brainpool curve */ 00075 MBEDTLS_ECP_DP_CURVE25519, /*!< Curve25519 */ 00076 MBEDTLS_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */ 00077 MBEDTLS_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */ 00078 MBEDTLS_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */ 00079 } mbedtls_ecp_group_id; 00080 00081 /** 00082 * Number of supported curves (plus one for NONE). 00083 * 00084 * (Montgomery curves excluded for now.) 00085 */ 00086 #define MBEDTLS_ECP_DP_MAX 12 00087 00088 /** 00089 * Curve information for use by other modules 00090 */ 00091 typedef struct 00092 { 00093 mbedtls_ecp_group_id grp_id ; /*!< Internal identifier */ 00094 uint16_t tls_id ; /*!< TLS NamedCurve identifier */ 00095 uint16_t bit_size ; /*!< Curve size in bits */ 00096 const char *name ; /*!< Human-friendly name */ 00097 } mbedtls_ecp_curve_info; 00098 00099 /** 00100 * \brief ECP point structure (jacobian coordinates) 00101 * 00102 * \note All functions expect and return points satisfying 00103 * the following condition: Z == 0 or Z == 1. (Other 00104 * values of Z are used by internal functions only.) 00105 * The point is zero, or "at infinity", if Z == 0. 00106 * Otherwise, X and Y are its standard (affine) coordinates. 00107 */ 00108 typedef struct 00109 { 00110 mbedtls_mpi X ; /*!< the point's X coordinate */ 00111 mbedtls_mpi Y ; /*!< the point's Y coordinate */ 00112 mbedtls_mpi Z ; /*!< the point's Z coordinate */ 00113 } 00114 mbedtls_ecp_point; 00115 00116 /** 00117 * \brief ECP group structure 00118 * 00119 * We consider two types of curves equations: 00120 * 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492) 00121 * 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) 00122 * In both cases, a generator G for a prime-order subgroup is fixed. In the 00123 * short weierstrass, this subgroup is actually the whole curve, and its 00124 * cardinal is denoted by N. 00125 * 00126 * In the case of Short Weierstrass curves, our code requires that N is an odd 00127 * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.) 00128 * 00129 * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is 00130 * the quantity actually used in the formulas. Also, nbits is not the size of N 00131 * but the required size for private keys. 00132 * 00133 * If modp is NULL, reduction modulo P is done using a generic algorithm. 00134 * Otherwise, it must point to a function that takes an mbedtls_mpi in the range 00135 * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more 00136 * than pbits, so that the integer may be efficiently brought in the 0..P-1 00137 * range by a few additions or substractions. It must return 0 on success and 00138 * non-zero on failure. 00139 */ 00140 typedef struct 00141 { 00142 mbedtls_ecp_group_id id ; /*!< internal group identifier */ 00143 mbedtls_mpi P ; /*!< prime modulus of the base field */ 00144 mbedtls_mpi A ; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ 00145 mbedtls_mpi B ; /*!< 1. B in the equation, or 2. unused */ 00146 mbedtls_ecp_point G ; /*!< generator of the (sub)group used */ 00147 mbedtls_mpi N ; /*!< 1. the order of G, or 2. unused */ 00148 size_t pbits ; /*!< number of bits in P */ 00149 size_t nbits ; /*!< number of bits in 1. P, or 2. private keys */ 00150 unsigned int h ; /*!< internal: 1 if the constants are static */ 00151 int (*modp)(mbedtls_mpi *); /*!< function for fast reduction mod P */ 00152 int (*t_pre)(mbedtls_ecp_point *, void *); /*!< unused */ 00153 int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused */ 00154 void *t_data ; /*!< unused */ 00155 mbedtls_ecp_point *T ; /*!< pre-computed points for ecp_mul_comb() */ 00156 size_t T_size ; /*!< number for pre-computed points */ 00157 } 00158 mbedtls_ecp_group; 00159 00160 /** 00161 * \brief ECP key pair structure 00162 * 00163 * A generic key pair that could be used for ECDSA, fixed ECDH, etc. 00164 * 00165 * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. 00166 */ 00167 typedef struct 00168 { 00169 mbedtls_ecp_group grp ; /*!< Elliptic curve and base point */ 00170 mbedtls_mpi d ; /*!< our secret value */ 00171 mbedtls_ecp_point Q ; /*!< our public value */ 00172 } 00173 mbedtls_ecp_keypair; 00174 00175 /** 00176 * \name SECTION: Module settings 00177 * 00178 * The configuration options you can set for this module are in this section. 00179 * Either change them in config.h or define them on the compiler command line. 00180 * \{ 00181 */ 00182 00183 #if !defined(MBEDTLS_ECP_MAX_BITS) 00184 /** 00185 * Maximum size of the groups (that is, of N and P) 00186 */ 00187 #define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 00188 #endif 00189 00190 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) 00191 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) 00192 00193 #if !defined(MBEDTLS_ECP_WINDOW_SIZE) 00194 /* 00195 * Maximum "window" size used for point multiplication. 00196 * Default: 6. 00197 * Minimum value: 2. Maximum value: 7. 00198 * 00199 * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) 00200 * points used for point multiplication. This value is directly tied to EC 00201 * peak memory usage, so decreasing it by one should roughly cut memory usage 00202 * by two (if large curves are in use). 00203 * 00204 * Reduction in size may reduce speed, but larger curves are impacted first. 00205 * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): 00206 * w-size: 6 5 4 3 2 00207 * 521 145 141 135 120 97 00208 * 384 214 209 198 177 146 00209 * 256 320 320 303 262 226 00210 00211 * 224 475 475 453 398 342 00212 * 192 640 640 633 587 476 00213 */ 00214 #define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 00215 #endif /* MBEDTLS_ECP_WINDOW_SIZE */ 00216 00217 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) 00218 /* 00219 * Trade memory for speed on fixed-point multiplication. 00220 * 00221 * This speeds up repeated multiplication of the generator (that is, the 00222 * multiplication in ECDSA signatures, and half of the multiplications in 00223 * ECDSA verification and ECDHE) by a factor roughly 3 to 4. 00224 * 00225 * The cost is increasing EC peak memory usage by a factor roughly 2. 00226 * 00227 * Change this value to 0 to reduce peak memory usage. 00228 */ 00229 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 00230 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ 00231 00232 /* \} name SECTION: Module settings */ 00233 00234 /* 00235 * Point formats, from RFC 4492's enum ECPointFormat 00236 */ 00237 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ 00238 #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ 00239 00240 /* 00241 * Some other constants from RFC 4492 00242 */ 00243 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */ 00244 00245 /** 00246 * \brief Get the list of supported curves in order of preferrence 00247 * (full information) 00248 * 00249 * \return A statically allocated array, the last entry is 0. 00250 */ 00251 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); 00252 00253 /** 00254 * \brief Get the list of supported curves in order of preferrence 00255 * (grp_id only) 00256 * 00257 * \return A statically allocated array, 00258 * terminated with MBEDTLS_ECP_DP_NONE. 00259 */ 00260 const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); 00261 00262 /** 00263 * \brief Get curve information from an internal group identifier 00264 * 00265 * \param grp_id A MBEDTLS_ECP_DP_XXX value 00266 * 00267 * \return The associated curve information or NULL 00268 */ 00269 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); 00270 00271 /** 00272 * \brief Get curve information from a TLS NamedCurve value 00273 * 00274 * \param tls_id A MBEDTLS_ECP_DP_XXX value 00275 * 00276 * \return The associated curve information or NULL 00277 */ 00278 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); 00279 00280 /** 00281 * \brief Get curve information from a human-readable name 00282 * 00283 * \param name The name 00284 * 00285 * \return The associated curve information or NULL 00286 */ 00287 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); 00288 00289 /** 00290 * \brief Initialize a point (as zero) 00291 */ 00292 void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); 00293 00294 /** 00295 * \brief Initialize a group (to something meaningless) 00296 */ 00297 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); 00298 00299 /** 00300 * \brief Initialize a key pair (as an invalid one) 00301 */ 00302 void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); 00303 00304 /** 00305 * \brief Free the components of a point 00306 */ 00307 void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); 00308 00309 /** 00310 * \brief Free the components of an ECP group 00311 */ 00312 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); 00313 00314 /** 00315 * \brief Free the components of a key pair 00316 */ 00317 void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); 00318 00319 /** 00320 * \brief Copy the contents of point Q into P 00321 * 00322 * \param P Destination point 00323 * \param Q Source point 00324 * 00325 * \return 0 if successful, 00326 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00327 */ 00328 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); 00329 00330 /** 00331 * \brief Copy the contents of a group object 00332 * 00333 * \param dst Destination group 00334 * \param src Source group 00335 * 00336 * \return 0 if successful, 00337 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00338 */ 00339 int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ); 00340 00341 /** 00342 * \brief Set a point to zero 00343 * 00344 * \param pt Destination point 00345 * 00346 * \return 0 if successful, 00347 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00348 */ 00349 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); 00350 00351 /** 00352 * \brief Tell if a point is zero 00353 * 00354 * \param pt Point to test 00355 * 00356 * \return 1 if point is zero, 0 otherwise 00357 */ 00358 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); 00359 00360 /** 00361 * \brief Compare two points 00362 * 00363 * \note This assumes the points are normalized. Otherwise, 00364 * they may compare as "not equal" even if they are. 00365 * 00366 * \param P First point to compare 00367 * \param Q Second point to compare 00368 * 00369 * \return 0 if the points are equal, 00370 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise 00371 */ 00372 int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, 00373 const mbedtls_ecp_point *Q ); 00374 00375 /** 00376 * \brief Import a non-zero point from two ASCII strings 00377 * 00378 * \param P Destination point 00379 * \param radix Input numeric base 00380 * \param x First affine coordinate as a null-terminated string 00381 * \param y Second affine coordinate as a null-terminated string 00382 * 00383 * \return 0 if successful, or a MBEDTLS_ERR_MPI_XXX error code 00384 */ 00385 int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, 00386 const char *x, const char *y ); 00387 00388 /** 00389 * \brief Export a point into unsigned binary data 00390 * 00391 * \param grp Group to which the point should belong 00392 * \param P Point to export 00393 * \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro 00394 * \param olen Length of the actual output 00395 * \param buf Output buffer 00396 * \param buflen Length of the output buffer 00397 * 00398 * \return 0 if successful, 00399 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA 00400 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00401 */ 00402 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, 00403 int format, size_t *olen, 00404 unsigned char *buf, size_t buflen ); 00405 00406 /** 00407 * \brief Import a point from unsigned binary data 00408 * 00409 * \param grp Group to which the point should belong 00410 * \param P Point to import 00411 * \param buf Input buffer 00412 * \param ilen Actual length of input 00413 * 00414 * \return 0 if successful, 00415 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid, 00416 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed, 00417 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format 00418 * is not implemented. 00419 * 00420 * \note This function does NOT check that the point actually 00421 * belongs to the given group, see mbedtls_ecp_check_pubkey() for 00422 * that. 00423 */ 00424 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, 00425 const unsigned char *buf, size_t ilen ); 00426 00427 /** 00428 * \brief Import a point from a TLS ECPoint record 00429 * 00430 * \param grp ECP group used 00431 * \param pt Destination point 00432 * \param buf $(Start of input buffer) 00433 * \param len Buffer length 00434 * 00435 * \note buf is updated to point right after the ECPoint on exit 00436 * 00437 * \return 0 if successful, 00438 * MBEDTLS_ERR_MPI_XXX if initialization failed 00439 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid 00440 */ 00441 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, 00442 const unsigned char **buf, size_t len ); 00443 00444 /** 00445 * \brief Export a point as a TLS ECPoint record 00446 * 00447 * \param grp ECP group used 00448 * \param pt Point to export 00449 * \param format Export format 00450 * \param olen length of data written 00451 * \param buf Buffer to write to 00452 * \param blen Buffer length 00453 * 00454 * \return 0 if successful, 00455 * or MBEDTLS_ERR_ECP_BAD_INPUT_DATA 00456 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00457 */ 00458 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, 00459 int format, size_t *olen, 00460 unsigned char *buf, size_t blen ); 00461 00462 /** 00463 * \brief Set a group using well-known domain parameters 00464 * 00465 * \param grp Destination group 00466 * \param id Index in the list of well-known domain parameters 00467 * 00468 * \return 0 if successful, 00469 * MBEDTLS_ERR_MPI_XXX if initialization failed 00470 * MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups 00471 * 00472 * \note Index should be a value of RFC 4492's enum NamedCurve, 00473 * usually in the form of a MBEDTLS_ECP_DP_XXX macro. 00474 */ 00475 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); 00476 00477 /** 00478 * \brief Set a group from a TLS ECParameters record 00479 * 00480 * \param grp Destination group 00481 * \param buf &(Start of input buffer) 00482 * \param len Buffer length 00483 * 00484 * \note buf is updated to point right after ECParameters on exit 00485 * 00486 * \return 0 if successful, 00487 * MBEDTLS_ERR_MPI_XXX if initialization failed 00488 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid 00489 */ 00490 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ); 00491 00492 /** 00493 * \brief Write the TLS ECParameters record for a group 00494 * 00495 * \param grp ECP group used 00496 * \param olen Number of bytes actually written 00497 * \param buf Buffer to write to 00498 * \param blen Buffer length 00499 * 00500 * \return 0 if successful, 00501 * or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL 00502 */ 00503 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, 00504 unsigned char *buf, size_t blen ); 00505 00506 /** 00507 * \brief Multiplication by an integer: R = m * P 00508 * (Not thread-safe to use same group in multiple threads) 00509 * 00510 * \note In order to prevent timing attacks, this function 00511 * executes the exact same sequence of (base field) 00512 * operations for any valid m. It avoids any if-branch or 00513 * array index depending on the value of m. 00514 * 00515 * \note If f_rng is not NULL, it is used to randomize intermediate 00516 * results in order to prevent potential timing attacks 00517 * targeting these results. It is recommended to always 00518 * provide a non-NULL f_rng (the overhead is negligible). 00519 * 00520 * \param grp ECP group 00521 * \param R Destination point 00522 * \param m Integer by which to multiply 00523 * \param P Point to multiply 00524 * \param f_rng RNG function (see notes) 00525 * \param p_rng RNG parameter 00526 * 00527 * \return 0 if successful, 00528 * MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey 00529 * or P is not a valid pubkey, 00530 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00531 */ 00532 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, 00533 const mbedtls_mpi *m, const mbedtls_ecp_point *P, 00534 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00535 00536 /** 00537 * \brief Multiplication and addition of two points by integers: 00538 * R = m * P + n * Q 00539 * (Not thread-safe to use same group in multiple threads) 00540 * 00541 * \note In contrast to mbedtls_ecp_mul(), this function does not guarantee 00542 * a constant execution flow and timing. 00543 * 00544 * \param grp ECP group 00545 * \param R Destination point 00546 * \param m Integer by which to multiply P 00547 * \param P Point to multiply by m 00548 * \param n Integer by which to multiply Q 00549 * \param Q Point to be multiplied by n 00550 * 00551 * \return 0 if successful, 00552 * MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey 00553 * or P or Q is not a valid pubkey, 00554 * MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed 00555 */ 00556 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, 00557 const mbedtls_mpi *m, const mbedtls_ecp_point *P, 00558 const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); 00559 00560 /** 00561 * \brief Check that a point is a valid public key on this curve 00562 * 00563 * \param grp Curve/group the point should belong to 00564 * \param pt Point to check 00565 * 00566 * \return 0 if point is a valid public key, 00567 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. 00568 * 00569 * \note This function only checks the point is non-zero, has valid 00570 * coordinates and lies on the curve, but not that it is 00571 * indeed a multiple of G. This is additional check is more 00572 * expensive, isn't required by standards, and shouldn't be 00573 * necessary if the group used has a small cofactor. In 00574 * particular, it is useless for the NIST groups which all 00575 * have a cofactor of 1. 00576 * 00577 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00578 * in order to ease use with other structures such as 00579 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00580 */ 00581 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ); 00582 00583 /** 00584 * \brief Check that an mbedtls_mpi is a valid private key for this curve 00585 * 00586 * \param grp Group used 00587 * \param d Integer to check 00588 * 00589 * \return 0 if point is a valid private key, 00590 * MBEDTLS_ERR_ECP_INVALID_KEY otherwise. 00591 * 00592 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00593 * in order to ease use with other structures such as 00594 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00595 */ 00596 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ); 00597 00598 /** 00599 * \brief Generate a keypair with configurable base point 00600 * 00601 * \param grp ECP group 00602 * \param G Chosen base point 00603 * \param d Destination MPI (secret part) 00604 * \param Q Destination point (public part) 00605 * \param f_rng RNG function 00606 * \param p_rng RNG parameter 00607 * 00608 * \return 0 if successful, 00609 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00610 * 00611 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00612 * in order to ease use with other structures such as 00613 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00614 */ 00615 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, 00616 const mbedtls_ecp_point *G, 00617 mbedtls_mpi *d, mbedtls_ecp_point *Q, 00618 int (*f_rng)(void *, unsigned char *, size_t), 00619 void *p_rng ); 00620 00621 /** 00622 * \brief Generate a keypair 00623 * 00624 * \param grp ECP group 00625 * \param d Destination MPI (secret part) 00626 * \param Q Destination point (public part) 00627 * \param f_rng RNG function 00628 * \param p_rng RNG parameter 00629 * 00630 * \return 0 if successful, 00631 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00632 * 00633 * \note Uses bare components rather than an mbedtls_ecp_keypair structure 00634 * in order to ease use with other structures such as 00635 * mbedtls_ecdh_context of mbedtls_ecdsa_context. 00636 */ 00637 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, 00638 int (*f_rng)(void *, unsigned char *, size_t), 00639 void *p_rng ); 00640 00641 /** 00642 * \brief Generate a keypair 00643 * 00644 * \param grp_id ECP group identifier 00645 * \param key Destination keypair 00646 * \param f_rng RNG function 00647 * \param p_rng RNG parameter 00648 * 00649 * \return 0 if successful, 00650 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code 00651 */ 00652 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, 00653 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00654 00655 /** 00656 * \brief Check a public-private key pair 00657 * 00658 * \param pub Keypair structure holding a public key 00659 * \param prv Keypair structure holding a private (plus public) key 00660 * 00661 * \return 0 if successful (keys are valid and match), or 00662 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or 00663 * a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code. 00664 */ 00665 int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ); 00666 00667 #if defined(MBEDTLS_SELF_TEST) 00668 00669 /** 00670 * \brief Checkup routine 00671 * 00672 * \return 0 if successful, or 1 if a test failed 00673 */ 00674 int mbedtls_ecp_self_test( int verbose ); 00675 00676 #endif /* MBEDTLS_SELF_TEST */ 00677 00678 #ifdef __cplusplus 00679 } 00680 #endif 00681 00682 #else /* MBEDTLS_ECP_ALT */ 00683 #include "ecp_alt.h" 00684 #endif /* MBEDTLS_ECP_ALT */ 00685 00686 #endif /* ecp.h */
Generated on Tue Jul 12 2022 14:23:35 by
1.7.2