wolfSSL | Mbed

Users » sPymbed » Code » wolfSSL

wolfcrypt/src/curve25519.c@7:481bce714567, 2017-05-02 (annotated)

Committer:: wolfSSL
Date:: Tue May 02 08:44:47 2017 +0000
Revision:: 7:481bce714567

wolfSSL3.10.2

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	7:481bce714567	1	/* curve25519.c
wolfSSL	7:481bce714567	2	*
wolfSSL	7:481bce714567	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	7:481bce714567	4	*
wolfSSL	7:481bce714567	5	* This file is part of wolfSSL.
wolfSSL	7:481bce714567	6	*
wolfSSL	7:481bce714567	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	7:481bce714567	8	* it under the terms of the GNU General Public License as published by
wolfSSL	7:481bce714567	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	7:481bce714567	10	* (at your option) any later version.
wolfSSL	7:481bce714567	11	*
wolfSSL	7:481bce714567	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	7:481bce714567	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	7:481bce714567	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	7:481bce714567	15	* GNU General Public License for more details.
wolfSSL	7:481bce714567	16	*
wolfSSL	7:481bce714567	17	* You should have received a copy of the GNU General Public License
wolfSSL	7:481bce714567	18	* along with this program; if not, write to the Free Software
wolfSSL	7:481bce714567	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	7:481bce714567	20	*/
wolfSSL	7:481bce714567	21
wolfSSL	7:481bce714567	22
wolfSSL	7:481bce714567	23	/* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
wolfSSL	7:481bce714567	24
wolfSSL	7:481bce714567	25
wolfSSL	7:481bce714567	26	#ifdef HAVE_CONFIG_H
wolfSSL	7:481bce714567	27	#include <config.h>
wolfSSL	7:481bce714567	28	#endif
wolfSSL	7:481bce714567	29
wolfSSL	7:481bce714567	30	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	7:481bce714567	31
wolfSSL	7:481bce714567	32	#ifdef HAVE_CURVE25519
wolfSSL	7:481bce714567	33
wolfSSL	7:481bce714567	34	#include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL	7:481bce714567	35	#include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL	7:481bce714567	36	#ifdef NO_INLINE
wolfSSL	7:481bce714567	37	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	7:481bce714567	38	#else
wolfSSL	7:481bce714567	39	#define WOLFSSL_MISC_INCLUDED
wolfSSL	7:481bce714567	40	#include <wolfcrypt/src/misc.c>
wolfSSL	7:481bce714567	41	#endif
wolfSSL	7:481bce714567	42
wolfSSL	7:481bce714567	43	#if defined(FREESCALE_LTC_ECC)
wolfSSL	7:481bce714567	44	#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
wolfSSL	7:481bce714567	45	#endif
wolfSSL	7:481bce714567	46
wolfSSL	7:481bce714567	47	const curve25519_set_type curve25519_sets[] = {
wolfSSL	7:481bce714567	48	{
wolfSSL	7:481bce714567	49	32,
wolfSSL	7:481bce714567	50	"CURVE25519",
wolfSSL	7:481bce714567	51	}
wolfSSL	7:481bce714567	52	};
wolfSSL	7:481bce714567	53
wolfSSL	7:481bce714567	54	int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
wolfSSL	7:481bce714567	55	{
wolfSSL	7:481bce714567	56	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	57	const ECPoint* basepoint = wc_curve25519_GetBasePoint();
wolfSSL	7:481bce714567	58	#else
wolfSSL	7:481bce714567	59	unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
wolfSSL	7:481bce714567	60	#endif
wolfSSL	7:481bce714567	61	int ret;
wolfSSL	7:481bce714567	62
wolfSSL	7:481bce714567	63	if (key == NULL \|\| rng == NULL)
wolfSSL	7:481bce714567	64	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	65
wolfSSL	7:481bce714567	66	/* currently only a key size of 32 bytes is used */
wolfSSL	7:481bce714567	67	if (keysize != CURVE25519_KEYSIZE)
wolfSSL	7:481bce714567	68	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	69
wolfSSL	7:481bce714567	70	/* random number for private key */
wolfSSL	7:481bce714567	71	ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
wolfSSL	7:481bce714567	72	if (ret != 0)
wolfSSL	7:481bce714567	73	return ret;
wolfSSL	7:481bce714567	74
wolfSSL	7:481bce714567	75	/* Clamp the private key */
wolfSSL	7:481bce714567	76	key->k.point[0] &= 248;
wolfSSL	7:481bce714567	77	key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because \|=64 after */
wolfSSL	7:481bce714567	78	key->k.point[CURVE25519_KEYSIZE-1] \|= 64;
wolfSSL	7:481bce714567	79
wolfSSL	7:481bce714567	80	/* compute public key */
wolfSSL	7:481bce714567	81	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	82	ret = wc_curve25519(&key->p, key->k.point, basepoint, kLTC_Weierstrass); /* input basepoint on Weierstrass curve */
wolfSSL	7:481bce714567	83	#else
wolfSSL	7:481bce714567	84	ret = curve25519(key->p.point, key->k.point, basepoint);
wolfSSL	7:481bce714567	85	#endif
wolfSSL	7:481bce714567	86	if (ret != 0) {
wolfSSL	7:481bce714567	87	ForceZero(key->k.point, keysize);
wolfSSL	7:481bce714567	88	ForceZero(key->p.point, keysize);
wolfSSL	7:481bce714567	89	return ret;
wolfSSL	7:481bce714567	90	}
wolfSSL	7:481bce714567	91
wolfSSL	7:481bce714567	92	return ret;
wolfSSL	7:481bce714567	93	}
wolfSSL	7:481bce714567	94
wolfSSL	7:481bce714567	95	#ifdef HAVE_CURVE25519_SHARED_SECRET
wolfSSL	7:481bce714567	96
wolfSSL	7:481bce714567	97	int wc_curve25519_shared_secret(curve25519_key* private_key,
wolfSSL	7:481bce714567	98	curve25519_key* public_key,
wolfSSL	7:481bce714567	99	byte* out, word32* outlen)
wolfSSL	7:481bce714567	100	{
wolfSSL	7:481bce714567	101	return wc_curve25519_shared_secret_ex(private_key, public_key,
wolfSSL	7:481bce714567	102	out, outlen, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	103	}
wolfSSL	7:481bce714567	104
wolfSSL	7:481bce714567	105	int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
wolfSSL	7:481bce714567	106	curve25519_key* public_key,
wolfSSL	7:481bce714567	107	byte* out, word32* outlen, int endian)
wolfSSL	7:481bce714567	108	{
wolfSSL	7:481bce714567	109	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	110	ECPoint o = {{0}};
wolfSSL	7:481bce714567	111	#else
wolfSSL	7:481bce714567	112	unsigned char o[CURVE25519_KEYSIZE];
wolfSSL	7:481bce714567	113	#endif
wolfSSL	7:481bce714567	114	int ret = 0;
wolfSSL	7:481bce714567	115
wolfSSL	7:481bce714567	116	/* sanity check */
wolfSSL	7:481bce714567	117	if (private_key == NULL \|\| public_key == NULL \|\|
wolfSSL	7:481bce714567	118	out == NULL \|\| outlen == NULL \|\| *outlen < CURVE25519_KEYSIZE)
wolfSSL	7:481bce714567	119	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	120
wolfSSL	7:481bce714567	121	/* avoid implementation fingerprinting */
wolfSSL	7:481bce714567	122	if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F)
wolfSSL	7:481bce714567	123	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	124
wolfSSL	7:481bce714567	125	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	126	ret = wc_curve25519(&o, private_key->k.point, &public_key->p, kLTC_Curve25519 /* input point P on Curve25519 */);
wolfSSL	7:481bce714567	127	#else
wolfSSL	7:481bce714567	128	ret = curve25519(o, private_key->k.point, public_key->p.point);
wolfSSL	7:481bce714567	129	#endif
wolfSSL	7:481bce714567	130	if (ret != 0) {
wolfSSL	7:481bce714567	131	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	132	ForceZero(o.point, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	133	ForceZero(o.pointY, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	134	#else
wolfSSL	7:481bce714567	135	ForceZero(o, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	136	#endif
wolfSSL	7:481bce714567	137	return ret;
wolfSSL	7:481bce714567	138	}
wolfSSL	7:481bce714567	139
wolfSSL	7:481bce714567	140	if (endian == EC25519_BIG_ENDIAN) {
wolfSSL	7:481bce714567	141	int i;
wolfSSL	7:481bce714567	142	/* put shared secret key in Big Endian format */
wolfSSL	7:481bce714567	143	for (i = 0; i < CURVE25519_KEYSIZE; i++)
wolfSSL	7:481bce714567	144	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	145	out[i] = o.point[CURVE25519_KEYSIZE - i -1];
wolfSSL	7:481bce714567	146	#else
wolfSSL	7:481bce714567	147	out[i] = o[CURVE25519_KEYSIZE - i -1];
wolfSSL	7:481bce714567	148	#endif
wolfSSL	7:481bce714567	149	}
wolfSSL	7:481bce714567	150	else /* put shared secret key in Little Endian format */
wolfSSL	7:481bce714567	151	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	152	XMEMCPY(out, o.point, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	153	#else
wolfSSL	7:481bce714567	154	XMEMCPY(out, o, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	155	#endif
wolfSSL	7:481bce714567	156
wolfSSL	7:481bce714567	157	*outlen = CURVE25519_KEYSIZE;
wolfSSL	7:481bce714567	158
wolfSSL	7:481bce714567	159	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	160	ForceZero(o.point, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	161	ForceZero(o.pointY, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	162	#else
wolfSSL	7:481bce714567	163	ForceZero(o, CURVE25519_KEYSIZE);
wolfSSL	7:481bce714567	164	#endif
wolfSSL	7:481bce714567	165
wolfSSL	7:481bce714567	166	return ret;
wolfSSL	7:481bce714567	167	}
wolfSSL	7:481bce714567	168
wolfSSL	7:481bce714567	169	#endif /* HAVE_CURVE25519_SHARED_SECRET */
wolfSSL	7:481bce714567	170
wolfSSL	7:481bce714567	171	#ifdef HAVE_CURVE25519_KEY_EXPORT
wolfSSL	7:481bce714567	172
wolfSSL	7:481bce714567	173	/* export curve25519 public key (Big endian)
wolfSSL	7:481bce714567	174	* return 0 on success */
wolfSSL	7:481bce714567	175	int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
wolfSSL	7:481bce714567	176	{
wolfSSL	7:481bce714567	177	return wc_curve25519_export_public_ex(key, out, outLen, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	178	}
wolfSSL	7:481bce714567	179
wolfSSL	7:481bce714567	180	/* export curve25519 public key (Big or Little endian)
wolfSSL	7:481bce714567	181	* return 0 on success */
wolfSSL	7:481bce714567	182	int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
wolfSSL	7:481bce714567	183	word32* outLen, int endian)
wolfSSL	7:481bce714567	184	{
wolfSSL	7:481bce714567	185	word32 keySz;
wolfSSL	7:481bce714567	186
wolfSSL	7:481bce714567	187	if (key == NULL \|\| out == NULL \|\| outLen == NULL)
wolfSSL	7:481bce714567	188	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	189
wolfSSL	7:481bce714567	190	/* check size of outgoing key */
wolfSSL	7:481bce714567	191	keySz = wc_curve25519_size(key);
wolfSSL	7:481bce714567	192
wolfSSL	7:481bce714567	193	/* check and set outgoing key size */
wolfSSL	7:481bce714567	194	if (*outLen < keySz) {
wolfSSL	7:481bce714567	195	*outLen = keySz;
wolfSSL	7:481bce714567	196	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	197	}
wolfSSL	7:481bce714567	198	*outLen = keySz;
wolfSSL	7:481bce714567	199
wolfSSL	7:481bce714567	200	if (endian == EC25519_BIG_ENDIAN) {
wolfSSL	7:481bce714567	201	int i;
wolfSSL	7:481bce714567	202
wolfSSL	7:481bce714567	203	/* read keys in Big Endian format */
wolfSSL	7:481bce714567	204	for (i = 0; i < CURVE25519_KEYSIZE; i++)
wolfSSL	7:481bce714567	205	out[i] = key->p.point[CURVE25519_KEYSIZE - i - 1];
wolfSSL	7:481bce714567	206	}
wolfSSL	7:481bce714567	207	else
wolfSSL	7:481bce714567	208	XMEMCPY(out, key->p.point, keySz);
wolfSSL	7:481bce714567	209
wolfSSL	7:481bce714567	210	return 0;
wolfSSL	7:481bce714567	211	}
wolfSSL	7:481bce714567	212
wolfSSL	7:481bce714567	213	#endif /* HAVE_CURVE25519_KEY_EXPORT */
wolfSSL	7:481bce714567	214
wolfSSL	7:481bce714567	215	#ifdef HAVE_CURVE25519_KEY_IMPORT
wolfSSL	7:481bce714567	216
wolfSSL	7:481bce714567	217	/* import curve25519 public key (Big endian)
wolfSSL	7:481bce714567	218	* return 0 on success */
wolfSSL	7:481bce714567	219	int wc_curve25519_import_public(const byte* in, word32 inLen,
wolfSSL	7:481bce714567	220	curve25519_key* key)
wolfSSL	7:481bce714567	221	{
wolfSSL	7:481bce714567	222	return wc_curve25519_import_public_ex(in, inLen, key, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	223	}
wolfSSL	7:481bce714567	224
wolfSSL	7:481bce714567	225	/* import curve25519 public key (Big or Little endian)
wolfSSL	7:481bce714567	226	* return 0 on success */
wolfSSL	7:481bce714567	227	int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
wolfSSL	7:481bce714567	228	curve25519_key* key, int endian)
wolfSSL	7:481bce714567	229	{
wolfSSL	7:481bce714567	230	word32 keySz;
wolfSSL	7:481bce714567	231
wolfSSL	7:481bce714567	232	/* sanity check */
wolfSSL	7:481bce714567	233	if (key == NULL \|\| in == NULL)
wolfSSL	7:481bce714567	234	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	235
wolfSSL	7:481bce714567	236	/* check size of incoming keys */
wolfSSL	7:481bce714567	237	keySz = wc_curve25519_size(key);
wolfSSL	7:481bce714567	238	if (inLen != keySz)
wolfSSL	7:481bce714567	239	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	240
wolfSSL	7:481bce714567	241	if (endian == EC25519_BIG_ENDIAN) {
wolfSSL	7:481bce714567	242	int i;
wolfSSL	7:481bce714567	243
wolfSSL	7:481bce714567	244	/* read keys in Big Endian format */
wolfSSL	7:481bce714567	245	for (i = 0; i < CURVE25519_KEYSIZE; i++)
wolfSSL	7:481bce714567	246	key->p.point[i] = in[CURVE25519_KEYSIZE - i - 1];
wolfSSL	7:481bce714567	247	}
wolfSSL	7:481bce714567	248	else
wolfSSL	7:481bce714567	249	XMEMCPY(key->p.point, in, inLen);
wolfSSL	7:481bce714567	250
wolfSSL	7:481bce714567	251	key->dp = &curve25519_sets[0];
wolfSSL	7:481bce714567	252
wolfSSL	7:481bce714567	253
wolfSSL	7:481bce714567	254	/* LTC needs also Y coordinate - let's compute it */
wolfSSL	7:481bce714567	255	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	256	ltc_pkha_ecc_point_t ltcPoint;
wolfSSL	7:481bce714567	257	ltcPoint.X = &key->p.point[0];
wolfSSL	7:481bce714567	258	ltcPoint.Y = &key->p.pointY[0];
wolfSSL	7:481bce714567	259	LTC_PKHA_Curve25519ComputeY(&ltcPoint);
wolfSSL	7:481bce714567	260	#endif
wolfSSL	7:481bce714567	261
wolfSSL	7:481bce714567	262	return 0;
wolfSSL	7:481bce714567	263	}
wolfSSL	7:481bce714567	264
wolfSSL	7:481bce714567	265	#endif /* HAVE_CURVE25519_KEY_IMPORT */
wolfSSL	7:481bce714567	266
wolfSSL	7:481bce714567	267
wolfSSL	7:481bce714567	268	#ifdef HAVE_CURVE25519_KEY_EXPORT
wolfSSL	7:481bce714567	269
wolfSSL	7:481bce714567	270	/* export curve25519 private key only raw (Big endian)
wolfSSL	7:481bce714567	271	* outLen is in/out size
wolfSSL	7:481bce714567	272	* return 0 on success */
wolfSSL	7:481bce714567	273	int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
wolfSSL	7:481bce714567	274	word32* outLen)
wolfSSL	7:481bce714567	275	{
wolfSSL	7:481bce714567	276	return wc_curve25519_export_private_raw_ex(key, out, outLen,
wolfSSL	7:481bce714567	277	EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	278	}
wolfSSL	7:481bce714567	279
wolfSSL	7:481bce714567	280	/* export curve25519 private key only raw (Big or Little endian)
wolfSSL	7:481bce714567	281	* outLen is in/out size
wolfSSL	7:481bce714567	282	* return 0 on success */
wolfSSL	7:481bce714567	283	int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
wolfSSL	7:481bce714567	284	word32* outLen, int endian)
wolfSSL	7:481bce714567	285	{
wolfSSL	7:481bce714567	286	word32 keySz;
wolfSSL	7:481bce714567	287
wolfSSL	7:481bce714567	288	/* sanity check */
wolfSSL	7:481bce714567	289	if (key == NULL \|\| out == NULL \|\| outLen == NULL)
wolfSSL	7:481bce714567	290	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	291
wolfSSL	7:481bce714567	292	/* check size of outgoing buffer */
wolfSSL	7:481bce714567	293	keySz = wc_curve25519_size(key);
wolfSSL	7:481bce714567	294	if (*outLen < keySz) {
wolfSSL	7:481bce714567	295	*outLen = keySz;
wolfSSL	7:481bce714567	296	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	297	}
wolfSSL	7:481bce714567	298	*outLen = keySz;
wolfSSL	7:481bce714567	299
wolfSSL	7:481bce714567	300	if (endian == EC25519_BIG_ENDIAN) {
wolfSSL	7:481bce714567	301	int i;
wolfSSL	7:481bce714567	302
wolfSSL	7:481bce714567	303	/* put the key in Big Endian format */
wolfSSL	7:481bce714567	304	for (i = 0; i < CURVE25519_KEYSIZE; i++)
wolfSSL	7:481bce714567	305	out[i] = key->k.point[CURVE25519_KEYSIZE - i - 1];
wolfSSL	7:481bce714567	306	}
wolfSSL	7:481bce714567	307	else
wolfSSL	7:481bce714567	308	XMEMCPY(out, key->k.point, keySz);
wolfSSL	7:481bce714567	309
wolfSSL	7:481bce714567	310	return 0;
wolfSSL	7:481bce714567	311	}
wolfSSL	7:481bce714567	312
wolfSSL	7:481bce714567	313	/* curve25519 key pair export (Big or Little endian)
wolfSSL	7:481bce714567	314	* return 0 on success */
wolfSSL	7:481bce714567	315	int wc_curve25519_export_key_raw(curve25519_key* key,
wolfSSL	7:481bce714567	316	byte* priv, word32 *privSz,
wolfSSL	7:481bce714567	317	byte* pub, word32 *pubSz)
wolfSSL	7:481bce714567	318	{
wolfSSL	7:481bce714567	319	return wc_curve25519_export_key_raw_ex(key, priv, privSz,
wolfSSL	7:481bce714567	320	pub, pubSz, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	321	}
wolfSSL	7:481bce714567	322
wolfSSL	7:481bce714567	323	/* curve25519 key pair export (Big or Little endian)
wolfSSL	7:481bce714567	324	* return 0 on success */
wolfSSL	7:481bce714567	325	int wc_curve25519_export_key_raw_ex(curve25519_key* key,
wolfSSL	7:481bce714567	326	byte* priv, word32 *privSz,
wolfSSL	7:481bce714567	327	byte* pub, word32 *pubSz,
wolfSSL	7:481bce714567	328	int endian)
wolfSSL	7:481bce714567	329	{
wolfSSL	7:481bce714567	330	int ret;
wolfSSL	7:481bce714567	331
wolfSSL	7:481bce714567	332	/* export private part */
wolfSSL	7:481bce714567	333	ret = wc_curve25519_export_private_raw_ex(key, priv, privSz, endian);
wolfSSL	7:481bce714567	334	if (ret != 0)
wolfSSL	7:481bce714567	335	return ret;
wolfSSL	7:481bce714567	336
wolfSSL	7:481bce714567	337	/* export public part */
wolfSSL	7:481bce714567	338	return wc_curve25519_export_public_ex(key, pub, pubSz, endian);
wolfSSL	7:481bce714567	339	}
wolfSSL	7:481bce714567	340
wolfSSL	7:481bce714567	341	#endif /* HAVE_CURVE25519_KEY_EXPORT */
wolfSSL	7:481bce714567	342
wolfSSL	7:481bce714567	343	#ifdef HAVE_CURVE25519_KEY_IMPORT
wolfSSL	7:481bce714567	344
wolfSSL	7:481bce714567	345	/* curve25519 private key import (Big endian)
wolfSSL	7:481bce714567	346	* Public key to match private key needs to be imported too
wolfSSL	7:481bce714567	347	* return 0 on success */
wolfSSL	7:481bce714567	348	int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
wolfSSL	7:481bce714567	349	const byte* pub, word32 pubSz,
wolfSSL	7:481bce714567	350	curve25519_key* key)
wolfSSL	7:481bce714567	351	{
wolfSSL	7:481bce714567	352	return wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
wolfSSL	7:481bce714567	353	key, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	354	}
wolfSSL	7:481bce714567	355
wolfSSL	7:481bce714567	356	/* curve25519 private key import (Big or Little endian)
wolfSSL	7:481bce714567	357	* Public key to match private key needs to be imported too
wolfSSL	7:481bce714567	358	* return 0 on success */
wolfSSL	7:481bce714567	359	int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
wolfSSL	7:481bce714567	360	const byte* pub, word32 pubSz,
wolfSSL	7:481bce714567	361	curve25519_key* key, int endian)
wolfSSL	7:481bce714567	362	{
wolfSSL	7:481bce714567	363	int ret;
wolfSSL	7:481bce714567	364
wolfSSL	7:481bce714567	365	/* import private part */
wolfSSL	7:481bce714567	366	ret = wc_curve25519_import_private_ex(priv, privSz, key, endian);
wolfSSL	7:481bce714567	367	if (ret != 0)
wolfSSL	7:481bce714567	368	return ret;
wolfSSL	7:481bce714567	369
wolfSSL	7:481bce714567	370	/* import public part */
wolfSSL	7:481bce714567	371	return wc_curve25519_import_public_ex(pub, pubSz, key, endian);
wolfSSL	7:481bce714567	372	}
wolfSSL	7:481bce714567	373
wolfSSL	7:481bce714567	374	/* curve25519 private key import only. (Big endian)
wolfSSL	7:481bce714567	375	* return 0 on success */
wolfSSL	7:481bce714567	376	int wc_curve25519_import_private(const byte* priv, word32 privSz,
wolfSSL	7:481bce714567	377	curve25519_key* key)
wolfSSL	7:481bce714567	378	{
wolfSSL	7:481bce714567	379	return wc_curve25519_import_private_ex(priv, privSz,
wolfSSL	7:481bce714567	380	key, EC25519_BIG_ENDIAN);
wolfSSL	7:481bce714567	381	}
wolfSSL	7:481bce714567	382
wolfSSL	7:481bce714567	383	/* curve25519 private key import only. (Big or Little endian)
wolfSSL	7:481bce714567	384	* return 0 on success */
wolfSSL	7:481bce714567	385	int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
wolfSSL	7:481bce714567	386	curve25519_key* key, int endian)
wolfSSL	7:481bce714567	387	{
wolfSSL	7:481bce714567	388	/* sanity check */
wolfSSL	7:481bce714567	389	if (key == NULL \|\| priv == NULL)
wolfSSL	7:481bce714567	390	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	391
wolfSSL	7:481bce714567	392	/* check size of incoming keys */
wolfSSL	7:481bce714567	393	if ((int)privSz != wc_curve25519_size(key))
wolfSSL	7:481bce714567	394	return ECC_BAD_ARG_E;
wolfSSL	7:481bce714567	395
wolfSSL	7:481bce714567	396	if (endian == EC25519_BIG_ENDIAN) {
wolfSSL	7:481bce714567	397	int i;
wolfSSL	7:481bce714567	398
wolfSSL	7:481bce714567	399	/* read the key in Big Endian format */
wolfSSL	7:481bce714567	400	for (i = 0; i < CURVE25519_KEYSIZE; i++)
wolfSSL	7:481bce714567	401	key->k.point[i] = priv[CURVE25519_KEYSIZE - i - 1];
wolfSSL	7:481bce714567	402	}
wolfSSL	7:481bce714567	403	else
wolfSSL	7:481bce714567	404	XMEMCPY(key->k.point, priv, privSz);
wolfSSL	7:481bce714567	405
wolfSSL	7:481bce714567	406	key->dp = &curve25519_sets[0];
wolfSSL	7:481bce714567	407
wolfSSL	7:481bce714567	408	/* Clamp the key */
wolfSSL	7:481bce714567	409	key->k.point[0] &= 248;
wolfSSL	7:481bce714567	410	key->k.point[privSz-1] &= 63; /* same &=127 because \|=64 after */
wolfSSL	7:481bce714567	411	key->k.point[privSz-1] \|= 64;
wolfSSL	7:481bce714567	412
wolfSSL	7:481bce714567	413	return 0;
wolfSSL	7:481bce714567	414	}
wolfSSL	7:481bce714567	415
wolfSSL	7:481bce714567	416	#endif /* HAVE_CURVE25519_KEY_IMPORT */
wolfSSL	7:481bce714567	417
wolfSSL	7:481bce714567	418
wolfSSL	7:481bce714567	419	int wc_curve25519_init(curve25519_key* key)
wolfSSL	7:481bce714567	420	{
wolfSSL	7:481bce714567	421	if (key == NULL)
wolfSSL	7:481bce714567	422	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	423
wolfSSL	7:481bce714567	424	/* currently the format for curve25519 */
wolfSSL	7:481bce714567	425	key->dp = &curve25519_sets[0];
wolfSSL	7:481bce714567	426
wolfSSL	7:481bce714567	427	XMEMSET(key->k.point, 0, key->dp->size);
wolfSSL	7:481bce714567	428	XMEMSET(key->p.point, 0, key->dp->size);
wolfSSL	7:481bce714567	429	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	430	XMEMSET(key->k.pointY, 0, key->dp->size);
wolfSSL	7:481bce714567	431	XMEMSET(key->p.pointY, 0, key->dp->size);
wolfSSL	7:481bce714567	432	#endif
wolfSSL	7:481bce714567	433	return 0;
wolfSSL	7:481bce714567	434	}
wolfSSL	7:481bce714567	435
wolfSSL	7:481bce714567	436
wolfSSL	7:481bce714567	437	/* Clean the memory of a key */
wolfSSL	7:481bce714567	438	void wc_curve25519_free(curve25519_key* key)
wolfSSL	7:481bce714567	439	{
wolfSSL	7:481bce714567	440	if (key == NULL)
wolfSSL	7:481bce714567	441	return;
wolfSSL	7:481bce714567	442
wolfSSL	7:481bce714567	443	key->dp = NULL;
wolfSSL	7:481bce714567	444	ForceZero(key->p.point, sizeof(key->p.point));
wolfSSL	7:481bce714567	445	ForceZero(key->k.point, sizeof(key->k.point));
wolfSSL	7:481bce714567	446	#ifdef FREESCALE_LTC_ECC
wolfSSL	7:481bce714567	447	ForceZero(key->p.point, sizeof(key->p.pointY));
wolfSSL	7:481bce714567	448	ForceZero(key->k.point, sizeof(key->k.pointY));
wolfSSL	7:481bce714567	449	#endif
wolfSSL	7:481bce714567	450	}
wolfSSL	7:481bce714567	451
wolfSSL	7:481bce714567	452
wolfSSL	7:481bce714567	453	/* get key size */
wolfSSL	7:481bce714567	454	int wc_curve25519_size(curve25519_key* key)
wolfSSL	7:481bce714567	455	{
wolfSSL	7:481bce714567	456	if (key == NULL)
wolfSSL	7:481bce714567	457	return 0;
wolfSSL	7:481bce714567	458
wolfSSL	7:481bce714567	459	return key->dp->size;
wolfSSL	7:481bce714567	460	}
wolfSSL	7:481bce714567	461
wolfSSL	7:481bce714567	462	#endif /HAVE_CURVE25519/
wolfSSL	7:481bce714567	463
wolfSSL	7:481bce714567	464

Repository toolbox

Repository details

Type:	Library
Created:	19 Nov 2019
Imports:	7
Forks:	0
Commits:	18
Dependents:	1
Dependencies:	0
Followers:	1

Important changes to repositories hosted on mbed.com

wolfcrypt/src/curve25519.c@7:481bce714567, 2017-05-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Important changes to repositories hosted on mbed.com

wolfcrypt/src/curve25519.c@7:481bce714567, 2017-05-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning