Xuyi Wang
ssh lib
wolfcrypt/ecc.h@1:e4ea39eba2fb, 2019-11-25 (annotated)
- Committer:
- sPymbed
- Date:
- Mon Nov 25 14:23:49 2019 +0000
- Revision:
- 1:e4ea39eba2fb
- Parent:
- 0:1387ff3eed4a
improved
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| sPymbed | 0:1387ff3eed4a | 1 | /* ecc.h |
| sPymbed | 0:1387ff3eed4a | 2 | * |
| sPymbed | 0:1387ff3eed4a | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
| sPymbed | 0:1387ff3eed4a | 4 | * |
| sPymbed | 0:1387ff3eed4a | 5 | * This file is part of wolfSSL. |
| sPymbed | 0:1387ff3eed4a | 6 | * |
| sPymbed | 0:1387ff3eed4a | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| sPymbed | 0:1387ff3eed4a | 8 | * it under the terms of the GNU General Public License as published by |
| sPymbed | 0:1387ff3eed4a | 9 | * the Free Software Foundation; either version 2 of the License, or |
| sPymbed | 0:1387ff3eed4a | 10 | * (at your option) any later version. |
| sPymbed | 0:1387ff3eed4a | 11 | * |
| sPymbed | 0:1387ff3eed4a | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| sPymbed | 0:1387ff3eed4a | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| sPymbed | 0:1387ff3eed4a | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| sPymbed | 0:1387ff3eed4a | 15 | * GNU General Public License for more details. |
| sPymbed | 0:1387ff3eed4a | 16 | * |
| sPymbed | 0:1387ff3eed4a | 17 | * You should have received a copy of the GNU General Public License |
| sPymbed | 0:1387ff3eed4a | 18 | * along with this program; if not, write to the Free Software |
| sPymbed | 0:1387ff3eed4a | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| sPymbed | 0:1387ff3eed4a | 20 | */ |
| sPymbed | 0:1387ff3eed4a | 21 | |
| sPymbed | 0:1387ff3eed4a | 22 | /*! |
| sPymbed | 0:1387ff3eed4a | 23 | \file wolfssl/wolfcrypt/ecc.h |
| sPymbed | 0:1387ff3eed4a | 24 | */ |
| sPymbed | 0:1387ff3eed4a | 25 | |
| sPymbed | 0:1387ff3eed4a | 26 | |
| sPymbed | 0:1387ff3eed4a | 27 | #ifndef WOLF_CRYPT_ECC_H |
| sPymbed | 0:1387ff3eed4a | 28 | #define WOLF_CRYPT_ECC_H |
| sPymbed | 0:1387ff3eed4a | 29 | |
| sPymbed | 0:1387ff3eed4a | 30 | #include <wolfcrypt/types.h> |
| sPymbed | 0:1387ff3eed4a | 31 | |
| sPymbed | 0:1387ff3eed4a | 32 | #ifdef HAVE_ECC |
| sPymbed | 0:1387ff3eed4a | 33 | |
| sPymbed | 0:1387ff3eed4a | 34 | #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) |
| sPymbed | 0:1387ff3eed4a | 35 | #include <wolfcrypt/fips.h> |
| sPymbed | 0:1387ff3eed4a | 36 | #endif /* HAVE_FIPS_VERSION >= 2 */ |
| sPymbed | 0:1387ff3eed4a | 37 | |
| sPymbed | 0:1387ff3eed4a | 38 | #include <wolfcrypt/integer.h> |
| sPymbed | 0:1387ff3eed4a | 39 | #include <wolfcrypt/random.h> |
| sPymbed | 0:1387ff3eed4a | 40 | |
| sPymbed | 0:1387ff3eed4a | 41 | #ifdef HAVE_X963_KDF |
| sPymbed | 0:1387ff3eed4a | 42 | #include <wolfcrypt/hash.h> |
| sPymbed | 0:1387ff3eed4a | 43 | #endif |
| sPymbed | 0:1387ff3eed4a | 44 | |
| sPymbed | 0:1387ff3eed4a | 45 | #ifdef WOLFSSL_ASYNC_CRYPT |
| sPymbed | 0:1387ff3eed4a | 46 | #include <wolfcrypt/async.h> |
| sPymbed | 0:1387ff3eed4a | 47 | #ifdef WOLFSSL_CERT_GEN |
| sPymbed | 0:1387ff3eed4a | 48 | #include <wolfcrypt/asn.h> |
| sPymbed | 0:1387ff3eed4a | 49 | #endif |
| sPymbed | 0:1387ff3eed4a | 50 | #endif |
| sPymbed | 0:1387ff3eed4a | 51 | |
| sPymbed | 0:1387ff3eed4a | 52 | #ifdef WOLFSSL_ATECC508A |
| sPymbed | 0:1387ff3eed4a | 53 | #include <wolfcrypt/port/atmel/atmel.h> |
| sPymbed | 0:1387ff3eed4a | 54 | #endif /* WOLFSSL_ATECC508A */ |
| sPymbed | 0:1387ff3eed4a | 55 | |
| sPymbed | 0:1387ff3eed4a | 56 | |
| sPymbed | 0:1387ff3eed4a | 57 | #ifdef __cplusplus |
| sPymbed | 0:1387ff3eed4a | 58 | extern "C" { |
| sPymbed | 0:1387ff3eed4a | 59 | #endif |
| sPymbed | 0:1387ff3eed4a | 60 | |
| sPymbed | 0:1387ff3eed4a | 61 | |
| sPymbed | 0:1387ff3eed4a | 62 | /* Enable curve B parameter if needed */ |
| sPymbed | 0:1387ff3eed4a | 63 | #if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE) |
| sPymbed | 0:1387ff3eed4a | 64 | #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */ |
| sPymbed | 0:1387ff3eed4a | 65 | #define USE_ECC_B_PARAM |
| sPymbed | 0:1387ff3eed4a | 66 | #endif |
| sPymbed | 0:1387ff3eed4a | 67 | #endif |
| sPymbed | 0:1387ff3eed4a | 68 | |
| sPymbed | 0:1387ff3eed4a | 69 | |
| sPymbed | 0:1387ff3eed4a | 70 | /* Use this as the key->idx if a custom ecc_set is used for key->dp */ |
| sPymbed | 0:1387ff3eed4a | 71 | #define ECC_CUSTOM_IDX (-1) |
| sPymbed | 0:1387ff3eed4a | 72 | |
| sPymbed | 0:1387ff3eed4a | 73 | |
| sPymbed | 0:1387ff3eed4a | 74 | /* Determine max ECC bits based on enabled curves */ |
| sPymbed | 0:1387ff3eed4a | 75 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
| sPymbed | 0:1387ff3eed4a | 76 | #define MAX_ECC_BITS 521 |
| sPymbed | 0:1387ff3eed4a | 77 | #elif defined(HAVE_ECC512) |
| sPymbed | 0:1387ff3eed4a | 78 | #define MAX_ECC_BITS 512 |
| sPymbed | 0:1387ff3eed4a | 79 | #elif defined(HAVE_ECC384) |
| sPymbed | 0:1387ff3eed4a | 80 | #define MAX_ECC_BITS 384 |
| sPymbed | 0:1387ff3eed4a | 81 | #elif defined(HAVE_ECC320) |
| sPymbed | 0:1387ff3eed4a | 82 | #define MAX_ECC_BITS 320 |
| sPymbed | 0:1387ff3eed4a | 83 | #elif !defined(NO_ECC256) |
| sPymbed | 0:1387ff3eed4a | 84 | #define MAX_ECC_BITS 256 |
| sPymbed | 0:1387ff3eed4a | 85 | #elif defined(HAVE_ECC239) |
| sPymbed | 0:1387ff3eed4a | 86 | #define MAX_ECC_BITS 239 |
| sPymbed | 0:1387ff3eed4a | 87 | #elif defined(HAVE_ECC224) |
| sPymbed | 0:1387ff3eed4a | 88 | #define MAX_ECC_BITS 224 |
| sPymbed | 0:1387ff3eed4a | 89 | #elif defined(HAVE_ECC192) |
| sPymbed | 0:1387ff3eed4a | 90 | #define MAX_ECC_BITS 192 |
| sPymbed | 0:1387ff3eed4a | 91 | #elif defined(HAVE_ECC160) |
| sPymbed | 0:1387ff3eed4a | 92 | #define MAX_ECC_BITS 160 |
| sPymbed | 0:1387ff3eed4a | 93 | #elif defined(HAVE_ECC128) |
| sPymbed | 0:1387ff3eed4a | 94 | #define MAX_ECC_BITS 128 |
| sPymbed | 0:1387ff3eed4a | 95 | #elif defined(HAVE_ECC112) |
| sPymbed | 0:1387ff3eed4a | 96 | #define MAX_ECC_BITS 112 |
| sPymbed | 0:1387ff3eed4a | 97 | #endif |
| sPymbed | 0:1387ff3eed4a | 98 | |
| sPymbed | 0:1387ff3eed4a | 99 | /* calculate max ECC bytes */ |
| sPymbed | 0:1387ff3eed4a | 100 | #if ((MAX_ECC_BITS * 2) % 8) == 0 |
| sPymbed | 0:1387ff3eed4a | 101 | #define MAX_ECC_BYTES (MAX_ECC_BITS / 8) |
| sPymbed | 0:1387ff3eed4a | 102 | #else |
| sPymbed | 0:1387ff3eed4a | 103 | /* add byte if not aligned */ |
| sPymbed | 0:1387ff3eed4a | 104 | #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1) |
| sPymbed | 0:1387ff3eed4a | 105 | #endif |
| sPymbed | 0:1387ff3eed4a | 106 | |
| sPymbed | 0:1387ff3eed4a | 107 | |
| sPymbed | 0:1387ff3eed4a | 108 | enum { |
| sPymbed | 0:1387ff3eed4a | 109 | ECC_PUBLICKEY = 1, |
| sPymbed | 0:1387ff3eed4a | 110 | ECC_PRIVATEKEY = 2, |
| sPymbed | 0:1387ff3eed4a | 111 | ECC_PRIVATEKEY_ONLY = 3, |
| sPymbed | 0:1387ff3eed4a | 112 | ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */ |
| sPymbed | 0:1387ff3eed4a | 113 | SIG_HEADER_SZ = 6, /* ECC signature header size */ |
| sPymbed | 0:1387ff3eed4a | 114 | ECC_BUFSIZE = 256, /* for exported keys temp buffer */ |
| sPymbed | 0:1387ff3eed4a | 115 | ECC_MINSIZE = 20, /* MIN Private Key size */ |
| sPymbed | 0:1387ff3eed4a | 116 | ECC_MAXSIZE = 66, /* MAX Private Key size */ |
| sPymbed | 0:1387ff3eed4a | 117 | ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/ |
| sPymbed | 0:1387ff3eed4a | 118 | ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */ |
| sPymbed | 0:1387ff3eed4a | 119 | ECC_MAX_OID_LEN = 16, |
| sPymbed | 0:1387ff3eed4a | 120 | ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), |
| sPymbed | 0:1387ff3eed4a | 121 | |
| sPymbed | 0:1387ff3eed4a | 122 | /* max crypto hardware size */ |
| sPymbed | 0:1387ff3eed4a | 123 | #ifdef WOLFSSL_ATECC508A |
| sPymbed | 0:1387ff3eed4a | 124 | ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ |
| sPymbed | 0:1387ff3eed4a | 125 | ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), |
| sPymbed | 0:1387ff3eed4a | 126 | #elif defined(PLUTON_CRYPTO_ECC) |
| sPymbed | 0:1387ff3eed4a | 127 | ECC_MAX_CRYPTO_HW_SIZE = 32, |
| sPymbed | 0:1387ff3eed4a | 128 | #endif |
| sPymbed | 0:1387ff3eed4a | 129 | |
| sPymbed | 0:1387ff3eed4a | 130 | /* point encoding type */ |
| sPymbed | 0:1387ff3eed4a | 131 | ECC_TYPE_HEX_STR = 1, |
| sPymbed | 0:1387ff3eed4a | 132 | ECC_TYPE_UNSIGNED_BIN = 2, |
| sPymbed | 0:1387ff3eed4a | 133 | |
| sPymbed | 0:1387ff3eed4a | 134 | /* point compression type */ |
| sPymbed | 0:1387ff3eed4a | 135 | ECC_POINT_COMP_EVEN = 0x02, |
| sPymbed | 0:1387ff3eed4a | 136 | ECC_POINT_COMP_ODD = 0x03, |
| sPymbed | 0:1387ff3eed4a | 137 | ECC_POINT_UNCOMP = 0x04, |
| sPymbed | 0:1387ff3eed4a | 138 | |
| sPymbed | 0:1387ff3eed4a | 139 | /* Shamir's dual add constants */ |
| sPymbed | 0:1387ff3eed4a | 140 | SHAMIR_PRECOMP_SZ = 16, |
| sPymbed | 0:1387ff3eed4a | 141 | }; |
| sPymbed | 0:1387ff3eed4a | 142 | |
| sPymbed | 0:1387ff3eed4a | 143 | /* Curve Types */ |
| sPymbed | 0:1387ff3eed4a | 144 | typedef enum ecc_curve_id { |
| sPymbed | 0:1387ff3eed4a | 145 | ECC_CURVE_INVALID = -1, |
| sPymbed | 0:1387ff3eed4a | 146 | ECC_CURVE_DEF = 0, /* NIST or SECP */ |
| sPymbed | 0:1387ff3eed4a | 147 | |
| sPymbed | 0:1387ff3eed4a | 148 | /* NIST Prime Curves */ |
| sPymbed | 0:1387ff3eed4a | 149 | ECC_SECP192R1, |
| sPymbed | 0:1387ff3eed4a | 150 | ECC_PRIME192V2, |
| sPymbed | 0:1387ff3eed4a | 151 | ECC_PRIME192V3, |
| sPymbed | 0:1387ff3eed4a | 152 | ECC_PRIME239V1, |
| sPymbed | 0:1387ff3eed4a | 153 | ECC_PRIME239V2, |
| sPymbed | 0:1387ff3eed4a | 154 | ECC_PRIME239V3, |
| sPymbed | 0:1387ff3eed4a | 155 | ECC_SECP256R1, |
| sPymbed | 0:1387ff3eed4a | 156 | |
| sPymbed | 0:1387ff3eed4a | 157 | /* SECP Curves */ |
| sPymbed | 0:1387ff3eed4a | 158 | ECC_SECP112R1, |
| sPymbed | 0:1387ff3eed4a | 159 | ECC_SECP112R2, |
| sPymbed | 0:1387ff3eed4a | 160 | ECC_SECP128R1, |
| sPymbed | 0:1387ff3eed4a | 161 | ECC_SECP128R2, |
| sPymbed | 0:1387ff3eed4a | 162 | ECC_SECP160R1, |
| sPymbed | 0:1387ff3eed4a | 163 | ECC_SECP160R2, |
| sPymbed | 0:1387ff3eed4a | 164 | ECC_SECP224R1, |
| sPymbed | 0:1387ff3eed4a | 165 | ECC_SECP384R1, |
| sPymbed | 0:1387ff3eed4a | 166 | ECC_SECP521R1, |
| sPymbed | 0:1387ff3eed4a | 167 | |
| sPymbed | 0:1387ff3eed4a | 168 | /* Koblitz */ |
| sPymbed | 0:1387ff3eed4a | 169 | ECC_SECP160K1, |
| sPymbed | 0:1387ff3eed4a | 170 | ECC_SECP192K1, |
| sPymbed | 0:1387ff3eed4a | 171 | ECC_SECP224K1, |
| sPymbed | 0:1387ff3eed4a | 172 | ECC_SECP256K1, |
| sPymbed | 0:1387ff3eed4a | 173 | |
| sPymbed | 0:1387ff3eed4a | 174 | /* Brainpool Curves */ |
| sPymbed | 0:1387ff3eed4a | 175 | ECC_BRAINPOOLP160R1, |
| sPymbed | 0:1387ff3eed4a | 176 | ECC_BRAINPOOLP192R1, |
| sPymbed | 0:1387ff3eed4a | 177 | ECC_BRAINPOOLP224R1, |
| sPymbed | 0:1387ff3eed4a | 178 | ECC_BRAINPOOLP256R1, |
| sPymbed | 0:1387ff3eed4a | 179 | ECC_BRAINPOOLP320R1, |
| sPymbed | 0:1387ff3eed4a | 180 | ECC_BRAINPOOLP384R1, |
| sPymbed | 0:1387ff3eed4a | 181 | ECC_BRAINPOOLP512R1, |
| sPymbed | 0:1387ff3eed4a | 182 | |
| sPymbed | 0:1387ff3eed4a | 183 | /* Twisted Edwards Curves */ |
| sPymbed | 0:1387ff3eed4a | 184 | #ifdef HAVE_CURVE25519 |
| sPymbed | 0:1387ff3eed4a | 185 | ECC_X25519, |
| sPymbed | 0:1387ff3eed4a | 186 | #endif |
| sPymbed | 0:1387ff3eed4a | 187 | #ifdef HAVE_X448 |
| sPymbed | 0:1387ff3eed4a | 188 | ECC_X448, |
| sPymbed | 0:1387ff3eed4a | 189 | #endif |
| sPymbed | 0:1387ff3eed4a | 190 | |
| sPymbed | 0:1387ff3eed4a | 191 | #ifdef WOLFSSL_CUSTOM_CURVES |
| sPymbed | 0:1387ff3eed4a | 192 | ECC_CURVE_CUSTOM, |
| sPymbed | 0:1387ff3eed4a | 193 | #endif |
| sPymbed | 0:1387ff3eed4a | 194 | } ecc_curve_id; |
| sPymbed | 0:1387ff3eed4a | 195 | |
| sPymbed | 0:1387ff3eed4a | 196 | #ifdef HAVE_OID_ENCODING |
| sPymbed | 0:1387ff3eed4a | 197 | typedef word16 ecc_oid_t; |
| sPymbed | 0:1387ff3eed4a | 198 | #else |
| sPymbed | 0:1387ff3eed4a | 199 | typedef byte ecc_oid_t; |
| sPymbed | 0:1387ff3eed4a | 200 | /* OID encoded with ASN scheme: |
| sPymbed | 0:1387ff3eed4a | 201 | first element = (oid[0] * 40) + oid[1] |
| sPymbed | 0:1387ff3eed4a | 202 | if any element > 127 then MSB 0x80 indicates additional byte */ |
| sPymbed | 0:1387ff3eed4a | 203 | #endif |
| sPymbed | 0:1387ff3eed4a | 204 | |
| sPymbed | 0:1387ff3eed4a | 205 | /* ECC set type defined a GF(p) curve */ |
| sPymbed | 0:1387ff3eed4a | 206 | #ifndef USE_WINDOWS_API |
| sPymbed | 0:1387ff3eed4a | 207 | typedef struct ecc_set_type { |
| sPymbed | 0:1387ff3eed4a | 208 | int size; /* The size of the curve in octets */ |
| sPymbed | 0:1387ff3eed4a | 209 | int id; /* id of this curve */ |
| sPymbed | 0:1387ff3eed4a | 210 | const char* name; /* name of this curve */ |
| sPymbed | 0:1387ff3eed4a | 211 | const char* prime; /* prime that defines the field, curve is in (hex) */ |
| sPymbed | 0:1387ff3eed4a | 212 | const char* Af; /* fields A param (hex) */ |
| sPymbed | 0:1387ff3eed4a | 213 | const char* Bf; /* fields B param (hex) */ |
| sPymbed | 0:1387ff3eed4a | 214 | const char* order; /* order of the curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 215 | const char* Gx; /* x coordinate of the base point on curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 216 | const char* Gy; /* y coordinate of the base point on curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 217 | const ecc_oid_t* oid; |
| sPymbed | 0:1387ff3eed4a | 218 | word32 oidSz; |
| sPymbed | 0:1387ff3eed4a | 219 | word32 oidSum; /* sum of encoded OID bytes */ |
| sPymbed | 0:1387ff3eed4a | 220 | int cofactor; |
| sPymbed | 0:1387ff3eed4a | 221 | } ecc_set_type; |
| sPymbed | 0:1387ff3eed4a | 222 | #else |
| sPymbed | 0:1387ff3eed4a | 223 | /* MSC does something different with the pointers to the arrays than GCC, |
| sPymbed | 0:1387ff3eed4a | 224 | * and it causes the FIPS checksum to fail. In the case of windows builds, |
| sPymbed | 0:1387ff3eed4a | 225 | * store everything as arrays instead of pointers to strings. */ |
| sPymbed | 0:1387ff3eed4a | 226 | |
| sPymbed | 0:1387ff3eed4a | 227 | #define MAX_ECC_NAME 16 |
| sPymbed | 0:1387ff3eed4a | 228 | #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) |
| sPymbed | 0:1387ff3eed4a | 229 | /* The values are stored as text strings. */ |
| sPymbed | 0:1387ff3eed4a | 230 | |
| sPymbed | 0:1387ff3eed4a | 231 | typedef struct ecc_set_type { |
| sPymbed | 0:1387ff3eed4a | 232 | int size; /* The size of the curve in octets */ |
| sPymbed | 0:1387ff3eed4a | 233 | int id; /* id of this curve */ |
| sPymbed | 0:1387ff3eed4a | 234 | const char name[MAX_ECC_NAME]; /* name of this curve */ |
| sPymbed | 0:1387ff3eed4a | 235 | const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */ |
| sPymbed | 0:1387ff3eed4a | 236 | const char Af[MAX_ECC_STRING]; /* fields A param (hex) */ |
| sPymbed | 0:1387ff3eed4a | 237 | const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */ |
| sPymbed | 0:1387ff3eed4a | 238 | const char order[MAX_ECC_STRING]; /* order of the curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 239 | const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 240 | const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */ |
| sPymbed | 0:1387ff3eed4a | 241 | const ecc_oid_t oid[10]; |
| sPymbed | 0:1387ff3eed4a | 242 | word32 oidSz; |
| sPymbed | 0:1387ff3eed4a | 243 | word32 oidSum; /* sum of encoded OID bytes */ |
| sPymbed | 0:1387ff3eed4a | 244 | int cofactor; |
| sPymbed | 0:1387ff3eed4a | 245 | } ecc_set_type; |
| sPymbed | 0:1387ff3eed4a | 246 | #endif |
| sPymbed | 0:1387ff3eed4a | 247 | |
| sPymbed | 0:1387ff3eed4a | 248 | |
| sPymbed | 0:1387ff3eed4a | 249 | #ifdef ALT_ECC_SIZE |
| sPymbed | 0:1387ff3eed4a | 250 | |
| sPymbed | 0:1387ff3eed4a | 251 | /* Note on ALT_ECC_SIZE: |
| sPymbed | 0:1387ff3eed4a | 252 | * The fast math code uses an array of a fixed size to store the big integers. |
| sPymbed | 0:1387ff3eed4a | 253 | * By default, the array is big enough for RSA keys. There is a size, |
| sPymbed | 0:1387ff3eed4a | 254 | * FP_MAX_BITS which can be used to make the array smaller when one wants ECC |
| sPymbed | 0:1387ff3eed4a | 255 | * but not RSA. Some people want fast math sized for both RSA and ECC, where |
| sPymbed | 0:1387ff3eed4a | 256 | * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate |
| sPymbed | 0:1387ff3eed4a | 257 | * ecc_point structure that uses an alternate fp_int that has a shorter array |
| sPymbed | 0:1387ff3eed4a | 258 | * of fp_digits. |
| sPymbed | 0:1387ff3eed4a | 259 | * |
| sPymbed | 0:1387ff3eed4a | 260 | * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of |
| sPymbed | 0:1387ff3eed4a | 261 | * mp_ints for the components of the point. With ALT_ECC_SIZE, the components |
| sPymbed | 0:1387ff3eed4a | 262 | * of the point are pointers that are set to each of a three item array of |
| sPymbed | 0:1387ff3eed4a | 263 | * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the |
| sPymbed | 0:1387ff3eed4a | 264 | * structure, the alt_fp_int will only have 528 bits. A size value was added |
| sPymbed | 0:1387ff3eed4a | 265 | * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The |
| sPymbed | 0:1387ff3eed4a | 266 | * functions fp_zero() and fp_copy() use the size parameter. An int needs to |
| sPymbed | 0:1387ff3eed4a | 267 | * be initialized before using it instead of just fp_zeroing it, the init will |
| sPymbed | 0:1387ff3eed4a | 268 | * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the |
| sPymbed | 0:1387ff3eed4a | 269 | * number of bits used in the alternate FP_INT. |
| sPymbed | 0:1387ff3eed4a | 270 | * |
| sPymbed | 0:1387ff3eed4a | 271 | * Do not enable ALT_ECC_SIZE and disable fast math in the configuration. |
| sPymbed | 0:1387ff3eed4a | 272 | */ |
| sPymbed | 0:1387ff3eed4a | 273 | |
| sPymbed | 0:1387ff3eed4a | 274 | #ifndef USE_FAST_MATH |
| sPymbed | 0:1387ff3eed4a | 275 | #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE |
| sPymbed | 0:1387ff3eed4a | 276 | #endif |
| sPymbed | 0:1387ff3eed4a | 277 | |
| sPymbed | 0:1387ff3eed4a | 278 | /* determine max bits required for ECC math */ |
| sPymbed | 0:1387ff3eed4a | 279 | #ifndef FP_MAX_BITS_ECC |
| sPymbed | 0:1387ff3eed4a | 280 | /* check alignment */ |
| sPymbed | 0:1387ff3eed4a | 281 | #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 |
| sPymbed | 0:1387ff3eed4a | 282 | /* max bits is double */ |
| sPymbed | 0:1387ff3eed4a | 283 | #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) |
| sPymbed | 0:1387ff3eed4a | 284 | #else |
| sPymbed | 0:1387ff3eed4a | 285 | /* max bits is doubled, plus one digit of fudge */ |
| sPymbed | 0:1387ff3eed4a | 286 | #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) |
| sPymbed | 0:1387ff3eed4a | 287 | #endif |
| sPymbed | 0:1387ff3eed4a | 288 | #else |
| sPymbed | 0:1387ff3eed4a | 289 | /* verify alignment */ |
| sPymbed | 0:1387ff3eed4a | 290 | #if FP_MAX_BITS_ECC % CHAR_BIT |
| sPymbed | 0:1387ff3eed4a | 291 | #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT |
| sPymbed | 0:1387ff3eed4a | 292 | #endif |
| sPymbed | 0:1387ff3eed4a | 293 | #endif |
| sPymbed | 0:1387ff3eed4a | 294 | |
| sPymbed | 0:1387ff3eed4a | 295 | /* determine buffer size */ |
| sPymbed | 0:1387ff3eed4a | 296 | #define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT) |
| sPymbed | 0:1387ff3eed4a | 297 | |
| sPymbed | 0:1387ff3eed4a | 298 | |
| sPymbed | 0:1387ff3eed4a | 299 | /* This needs to match the size of the fp_int struct, except the |
| sPymbed | 0:1387ff3eed4a | 300 | * fp_digit array will be shorter. */ |
| sPymbed | 0:1387ff3eed4a | 301 | typedef struct alt_fp_int { |
| sPymbed | 0:1387ff3eed4a | 302 | int used, sign, size; |
| sPymbed | 0:1387ff3eed4a | 303 | fp_digit dp[FP_SIZE_ECC]; |
| sPymbed | 0:1387ff3eed4a | 304 | } alt_fp_int; |
| sPymbed | 0:1387ff3eed4a | 305 | #endif /* ALT_ECC_SIZE */ |
| sPymbed | 0:1387ff3eed4a | 306 | |
| sPymbed | 0:1387ff3eed4a | 307 | #ifndef WC_ECCKEY_TYPE_DEFINED |
| sPymbed | 0:1387ff3eed4a | 308 | typedef struct ecc_key ecc_key; |
| sPymbed | 0:1387ff3eed4a | 309 | #define WC_ECCKEY_TYPE_DEFINED |
| sPymbed | 0:1387ff3eed4a | 310 | #endif |
| sPymbed | 0:1387ff3eed4a | 311 | |
| sPymbed | 0:1387ff3eed4a | 312 | |
| sPymbed | 0:1387ff3eed4a | 313 | /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) => |
| sPymbed | 0:1387ff3eed4a | 314 | (x/z^2, y/z^3, 1) when interpreted as affine */ |
| sPymbed | 0:1387ff3eed4a | 315 | typedef struct { |
| sPymbed | 0:1387ff3eed4a | 316 | #ifndef ALT_ECC_SIZE |
| sPymbed | 0:1387ff3eed4a | 317 | mp_int x[1]; /* The x coordinate */ |
| sPymbed | 0:1387ff3eed4a | 318 | mp_int y[1]; /* The y coordinate */ |
| sPymbed | 0:1387ff3eed4a | 319 | mp_int z[1]; /* The z coordinate */ |
| sPymbed | 0:1387ff3eed4a | 320 | #else |
| sPymbed | 0:1387ff3eed4a | 321 | mp_int* x; /* The x coordinate */ |
| sPymbed | 0:1387ff3eed4a | 322 | mp_int* y; /* The y coordinate */ |
| sPymbed | 0:1387ff3eed4a | 323 | mp_int* z; /* The z coordinate */ |
| sPymbed | 0:1387ff3eed4a | 324 | alt_fp_int xyz[3]; |
| sPymbed | 0:1387ff3eed4a | 325 | #endif |
| sPymbed | 0:1387ff3eed4a | 326 | #ifdef WOLFSSL_SMALL_STACK_CACHE |
| sPymbed | 0:1387ff3eed4a | 327 | ecc_key* key; |
| sPymbed | 0:1387ff3eed4a | 328 | #endif |
| sPymbed | 0:1387ff3eed4a | 329 | } ecc_point; |
| sPymbed | 0:1387ff3eed4a | 330 | |
| sPymbed | 0:1387ff3eed4a | 331 | /* ECC Flags */ |
| sPymbed | 0:1387ff3eed4a | 332 | enum { |
| sPymbed | 0:1387ff3eed4a | 333 | WC_ECC_FLAG_NONE = 0x00, |
| sPymbed | 0:1387ff3eed4a | 334 | #ifdef HAVE_ECC_CDH |
| sPymbed | 0:1387ff3eed4a | 335 | WC_ECC_FLAG_COFACTOR = 0x01, |
| sPymbed | 0:1387ff3eed4a | 336 | #endif |
| sPymbed | 0:1387ff3eed4a | 337 | }; |
| sPymbed | 0:1387ff3eed4a | 338 | |
| sPymbed | 0:1387ff3eed4a | 339 | /* An ECC Key */ |
| sPymbed | 0:1387ff3eed4a | 340 | struct ecc_key { |
| sPymbed | 0:1387ff3eed4a | 341 | int type; /* Public or Private */ |
| sPymbed | 0:1387ff3eed4a | 342 | int idx; /* Index into the ecc_sets[] for the parameters of |
| sPymbed | 0:1387ff3eed4a | 343 | this curve if -1, this key is using user supplied |
| sPymbed | 0:1387ff3eed4a | 344 | curve in dp */ |
| sPymbed | 0:1387ff3eed4a | 345 | int state; |
| sPymbed | 0:1387ff3eed4a | 346 | word32 flags; |
| sPymbed | 0:1387ff3eed4a | 347 | const ecc_set_type* dp; /* domain parameters, either points to NIST |
| sPymbed | 0:1387ff3eed4a | 348 | curves (idx >= 0) or user supplied */ |
| sPymbed | 0:1387ff3eed4a | 349 | #ifdef WOLFSSL_CUSTOM_CURVES |
| sPymbed | 0:1387ff3eed4a | 350 | int deallocSet; |
| sPymbed | 0:1387ff3eed4a | 351 | #endif |
| sPymbed | 0:1387ff3eed4a | 352 | void* heap; /* heap hint */ |
| sPymbed | 0:1387ff3eed4a | 353 | ecc_point pubkey; /* public key */ |
| sPymbed | 0:1387ff3eed4a | 354 | mp_int k; /* private key */ |
| sPymbed | 0:1387ff3eed4a | 355 | #ifdef WOLFSSL_ATECC508A |
| sPymbed | 0:1387ff3eed4a | 356 | int slot; /* Key Slot Number (-1 unknown) */ |
| sPymbed | 0:1387ff3eed4a | 357 | byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; |
| sPymbed | 0:1387ff3eed4a | 358 | #endif |
| sPymbed | 0:1387ff3eed4a | 359 | #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) |
| sPymbed | 0:1387ff3eed4a | 360 | int devId; |
| sPymbed | 0:1387ff3eed4a | 361 | #endif |
| sPymbed | 0:1387ff3eed4a | 362 | #ifdef WOLFSSL_ASYNC_CRYPT |
| sPymbed | 0:1387ff3eed4a | 363 | mp_int* r; /* sign/verify temps */ |
| sPymbed | 0:1387ff3eed4a | 364 | mp_int* s; |
| sPymbed | 0:1387ff3eed4a | 365 | WC_ASYNC_DEV asyncDev; |
| sPymbed | 0:1387ff3eed4a | 366 | #ifdef HAVE_CAVIUM_V |
| sPymbed | 0:1387ff3eed4a | 367 | mp_int* e; /* Sign, Verify and Shared Secret */ |
| sPymbed | 0:1387ff3eed4a | 368 | mp_int* signK; |
| sPymbed | 0:1387ff3eed4a | 369 | #endif |
| sPymbed | 0:1387ff3eed4a | 370 | #ifdef WOLFSSL_CERT_GEN |
| sPymbed | 0:1387ff3eed4a | 371 | CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ |
| sPymbed | 0:1387ff3eed4a | 372 | #endif |
| sPymbed | 0:1387ff3eed4a | 373 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
| sPymbed | 0:1387ff3eed4a | 374 | #ifdef WOLFSSL_SMALL_STACK_CACHE |
| sPymbed | 0:1387ff3eed4a | 375 | mp_int* t1; |
| sPymbed | 0:1387ff3eed4a | 376 | mp_int* t2; |
| sPymbed | 0:1387ff3eed4a | 377 | #ifdef ALT_ECC_SIZE |
| sPymbed | 0:1387ff3eed4a | 378 | mp_int* x; |
| sPymbed | 0:1387ff3eed4a | 379 | mp_int* y; |
| sPymbed | 0:1387ff3eed4a | 380 | mp_int* z; |
| sPymbed | 0:1387ff3eed4a | 381 | #endif |
| sPymbed | 0:1387ff3eed4a | 382 | #endif |
| sPymbed | 0:1387ff3eed4a | 383 | }; |
| sPymbed | 0:1387ff3eed4a | 384 | |
| sPymbed | 0:1387ff3eed4a | 385 | |
| sPymbed | 0:1387ff3eed4a | 386 | /* ECC predefined curve sets */ |
| sPymbed | 0:1387ff3eed4a | 387 | extern const ecc_set_type ecc_sets[]; |
| sPymbed | 0:1387ff3eed4a | 388 | |
| sPymbed | 0:1387ff3eed4a | 389 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 390 | const char* wc_ecc_get_name(int curve_id); |
| sPymbed | 0:1387ff3eed4a | 391 | |
| sPymbed | 0:1387ff3eed4a | 392 | #ifndef WOLFSSL_ATECC508A |
| sPymbed | 0:1387ff3eed4a | 393 | |
| sPymbed | 0:1387ff3eed4a | 394 | #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL |
| sPymbed | 0:1387ff3eed4a | 395 | #define ECC_API WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 396 | #else |
| sPymbed | 0:1387ff3eed4a | 397 | #define ECC_API WOLFSSL_LOCAL |
| sPymbed | 0:1387ff3eed4a | 398 | #endif |
| sPymbed | 0:1387ff3eed4a | 399 | |
| sPymbed | 0:1387ff3eed4a | 400 | ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA, |
| sPymbed | 0:1387ff3eed4a | 401 | ecc_point* B, mp_int* kB, |
| sPymbed | 0:1387ff3eed4a | 402 | ecc_point* C, mp_int* a, mp_int* modulus, void* heap); |
| sPymbed | 0:1387ff3eed4a | 403 | |
| sPymbed | 0:1387ff3eed4a | 404 | ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit); |
| sPymbed | 0:1387ff3eed4a | 405 | ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, |
| sPymbed | 0:1387ff3eed4a | 406 | mp_int* a, mp_int* modulus, mp_digit mp); |
| sPymbed | 0:1387ff3eed4a | 407 | ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, |
| sPymbed | 0:1387ff3eed4a | 408 | mp_int* modulus, mp_digit mp); |
| sPymbed | 0:1387ff3eed4a | 409 | |
| sPymbed | 0:1387ff3eed4a | 410 | #endif |
| sPymbed | 0:1387ff3eed4a | 411 | |
| sPymbed | 0:1387ff3eed4a | 412 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 413 | int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 414 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 415 | int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, |
| sPymbed | 0:1387ff3eed4a | 416 | int curve_id); |
| sPymbed | 0:1387ff3eed4a | 417 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 418 | int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); |
| sPymbed | 0:1387ff3eed4a | 419 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 420 | int wc_ecc_check_key(ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 421 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 422 | int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); |
| sPymbed | 0:1387ff3eed4a | 423 | |
| sPymbed | 0:1387ff3eed4a | 424 | #ifdef HAVE_ECC_DHE |
| sPymbed | 0:1387ff3eed4a | 425 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 426 | int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, |
| sPymbed | 0:1387ff3eed4a | 427 | word32* outlen); |
| sPymbed | 0:1387ff3eed4a | 428 | WOLFSSL_LOCAL |
| sPymbed | 0:1387ff3eed4a | 429 | int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point, |
| sPymbed | 0:1387ff3eed4a | 430 | byte* out, word32 *outlen); |
| sPymbed | 0:1387ff3eed4a | 431 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 432 | int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, |
| sPymbed | 0:1387ff3eed4a | 433 | byte* out, word32 *outlen); |
| sPymbed | 0:1387ff3eed4a | 434 | #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ |
| sPymbed | 0:1387ff3eed4a | 435 | #endif /* HAVE_ECC_DHE */ |
| sPymbed | 0:1387ff3eed4a | 436 | |
| sPymbed | 0:1387ff3eed4a | 437 | #ifdef HAVE_ECC_SIGN |
| sPymbed | 0:1387ff3eed4a | 438 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 439 | int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, |
| sPymbed | 0:1387ff3eed4a | 440 | WC_RNG* rng, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 441 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 442 | int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, |
| sPymbed | 0:1387ff3eed4a | 443 | ecc_key* key, mp_int *r, mp_int *s); |
| sPymbed | 0:1387ff3eed4a | 444 | #endif /* HAVE_ECC_SIGN */ |
| sPymbed | 0:1387ff3eed4a | 445 | |
| sPymbed | 0:1387ff3eed4a | 446 | #ifdef HAVE_ECC_VERIFY |
| sPymbed | 0:1387ff3eed4a | 447 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 448 | int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, |
| sPymbed | 0:1387ff3eed4a | 449 | word32 hashlen, int* stat, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 450 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 451 | int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, |
| sPymbed | 0:1387ff3eed4a | 452 | word32 hashlen, int* stat, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 453 | #endif /* HAVE_ECC_VERIFY */ |
| sPymbed | 0:1387ff3eed4a | 454 | |
| sPymbed | 0:1387ff3eed4a | 455 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 456 | int wc_ecc_init(ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 457 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 458 | int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); |
| sPymbed | 0:1387ff3eed4a | 459 | #ifdef WOLFSSL_CUSTOM_CURVES |
| sPymbed | 0:1387ff3eed4a | 460 | WOLFSSL_LOCAL |
| sPymbed | 0:1387ff3eed4a | 461 | void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); |
| sPymbed | 0:1387ff3eed4a | 462 | #endif |
| sPymbed | 0:1387ff3eed4a | 463 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 464 | int wc_ecc_free(ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 465 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 466 | int wc_ecc_set_flags(ecc_key* key, word32 flags); |
| sPymbed | 0:1387ff3eed4a | 467 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 468 | void wc_ecc_fp_free(void); |
| sPymbed | 0:1387ff3eed4a | 469 | |
| sPymbed | 0:1387ff3eed4a | 470 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 471 | int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); |
| sPymbed | 0:1387ff3eed4a | 472 | |
| sPymbed | 0:1387ff3eed4a | 473 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 474 | int wc_ecc_is_valid_idx(int n); |
| sPymbed | 0:1387ff3eed4a | 475 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 476 | int wc_ecc_get_curve_idx(int curve_id); |
| sPymbed | 0:1387ff3eed4a | 477 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 478 | int wc_ecc_get_curve_id(int curve_idx); |
| sPymbed | 0:1387ff3eed4a | 479 | #define wc_ecc_get_curve_name_from_id wc_ecc_get_name |
| sPymbed | 0:1387ff3eed4a | 480 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 481 | int wc_ecc_get_curve_size_from_id(int curve_id); |
| sPymbed | 0:1387ff3eed4a | 482 | |
| sPymbed | 0:1387ff3eed4a | 483 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 484 | int wc_ecc_get_curve_idx_from_name(const char* curveName); |
| sPymbed | 0:1387ff3eed4a | 485 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 486 | int wc_ecc_get_curve_size_from_name(const char* curveName); |
| sPymbed | 0:1387ff3eed4a | 487 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 488 | int wc_ecc_get_curve_id_from_name(const char* curveName); |
| sPymbed | 0:1387ff3eed4a | 489 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 490 | int wc_ecc_get_curve_id_from_params(int fieldSize, |
| sPymbed | 0:1387ff3eed4a | 491 | const byte* prime, word32 primeSz, const byte* Af, word32 AfSz, |
| sPymbed | 0:1387ff3eed4a | 492 | const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, |
| sPymbed | 0:1387ff3eed4a | 493 | const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor); |
| sPymbed | 0:1387ff3eed4a | 494 | |
| sPymbed | 0:1387ff3eed4a | 495 | |
| sPymbed | 0:1387ff3eed4a | 496 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 497 | ecc_point* wc_ecc_new_point(void); |
| sPymbed | 0:1387ff3eed4a | 498 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 499 | ecc_point* wc_ecc_new_point_h(void* h); |
| sPymbed | 0:1387ff3eed4a | 500 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 501 | void wc_ecc_del_point(ecc_point* p); |
| sPymbed | 0:1387ff3eed4a | 502 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 503 | void wc_ecc_del_point_h(ecc_point* p, void* h); |
| sPymbed | 0:1387ff3eed4a | 504 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 505 | int wc_ecc_copy_point(ecc_point* p, ecc_point *r); |
| sPymbed | 0:1387ff3eed4a | 506 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 507 | int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); |
| sPymbed | 0:1387ff3eed4a | 508 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 509 | int wc_ecc_point_is_at_infinity(ecc_point *p); |
| sPymbed | 0:1387ff3eed4a | 510 | |
| sPymbed | 0:1387ff3eed4a | 511 | #ifndef WOLFSSL_ATECC508A |
| sPymbed | 0:1387ff3eed4a | 512 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 513 | int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, |
| sPymbed | 0:1387ff3eed4a | 514 | mp_int* a, mp_int* modulus, int map); |
| sPymbed | 0:1387ff3eed4a | 515 | WOLFSSL_LOCAL |
| sPymbed | 0:1387ff3eed4a | 516 | int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, |
| sPymbed | 0:1387ff3eed4a | 517 | mp_int* a, mp_int* modulus, int map, void* heap); |
| sPymbed | 0:1387ff3eed4a | 518 | #endif /* !WOLFSSL_ATECC508A */ |
| sPymbed | 0:1387ff3eed4a | 519 | |
| sPymbed | 0:1387ff3eed4a | 520 | |
| sPymbed | 0:1387ff3eed4a | 521 | #ifdef HAVE_ECC_KEY_EXPORT |
| sPymbed | 0:1387ff3eed4a | 522 | /* ASN key helpers */ |
| sPymbed | 0:1387ff3eed4a | 523 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 524 | int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen); |
| sPymbed | 0:1387ff3eed4a | 525 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 526 | int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); |
| sPymbed | 0:1387ff3eed4a | 527 | /* extended functionality with compressed option */ |
| sPymbed | 0:1387ff3eed4a | 528 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| sPymbed | 0:1387ff3eed4a | 529 | |
| sPymbed | 0:1387ff3eed4a | 530 | #ifdef HAVE_ECC_KEY_IMPORT |
| sPymbed | 0:1387ff3eed4a | 531 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 532 | int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 533 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 534 | int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, |
| sPymbed | 0:1387ff3eed4a | 535 | int curve_id); |
| sPymbed | 0:1387ff3eed4a | 536 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 537 | int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, |
| sPymbed | 0:1387ff3eed4a | 538 | word32 pubSz, ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 539 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 540 | int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, |
| sPymbed | 0:1387ff3eed4a | 541 | const byte* pub, word32 pubSz, ecc_key* key, int curve_id); |
| sPymbed | 0:1387ff3eed4a | 542 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 543 | int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); |
| sPymbed | 0:1387ff3eed4a | 544 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 545 | int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, |
| sPymbed | 0:1387ff3eed4a | 546 | byte* out, word32* outlen); |
| sPymbed | 0:1387ff3eed4a | 547 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 548 | int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, |
| sPymbed | 0:1387ff3eed4a | 549 | byte* s, word32* sLen); |
| sPymbed | 0:1387ff3eed4a | 550 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 551 | int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, |
| sPymbed | 0:1387ff3eed4a | 552 | const char* d, const char* curveName); |
| sPymbed | 0:1387ff3eed4a | 553 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 554 | int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy, |
| sPymbed | 0:1387ff3eed4a | 555 | const char* d, int curve_id); |
| sPymbed | 0:1387ff3eed4a | 556 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 557 | int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, |
| sPymbed | 0:1387ff3eed4a | 558 | byte* d, int curve_id); |
| sPymbed | 0:1387ff3eed4a | 559 | #endif /* HAVE_ECC_KEY_IMPORT */ |
| sPymbed | 0:1387ff3eed4a | 560 | |
| sPymbed | 0:1387ff3eed4a | 561 | #ifdef HAVE_ECC_KEY_EXPORT |
| sPymbed | 0:1387ff3eed4a | 562 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 563 | int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); |
| sPymbed | 0:1387ff3eed4a | 564 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 565 | int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, |
| sPymbed | 0:1387ff3eed4a | 566 | byte* qy, word32* qyLen); |
| sPymbed | 0:1387ff3eed4a | 567 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 568 | int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, |
| sPymbed | 0:1387ff3eed4a | 569 | byte* qy, word32* qyLen, byte* d, word32* dLen); |
| sPymbed | 0:1387ff3eed4a | 570 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| sPymbed | 0:1387ff3eed4a | 571 | |
| sPymbed | 0:1387ff3eed4a | 572 | #ifdef HAVE_ECC_KEY_EXPORT |
| sPymbed | 0:1387ff3eed4a | 573 | |
| sPymbed | 0:1387ff3eed4a | 574 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 575 | int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, |
| sPymbed | 0:1387ff3eed4a | 576 | byte* out, word32* outLen); |
| sPymbed | 0:1387ff3eed4a | 577 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| sPymbed | 0:1387ff3eed4a | 578 | |
| sPymbed | 0:1387ff3eed4a | 579 | |
| sPymbed | 0:1387ff3eed4a | 580 | #ifdef HAVE_ECC_KEY_IMPORT |
| sPymbed | 0:1387ff3eed4a | 581 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 582 | int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, |
| sPymbed | 0:1387ff3eed4a | 583 | ecc_point* point); |
| sPymbed | 0:1387ff3eed4a | 584 | #endif /* HAVE_ECC_KEY_IMPORT */ |
| sPymbed | 0:1387ff3eed4a | 585 | |
| sPymbed | 0:1387ff3eed4a | 586 | /* size helper */ |
| sPymbed | 0:1387ff3eed4a | 587 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 588 | int wc_ecc_size(ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 589 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 590 | int wc_ecc_sig_size_calc(int sz); |
| sPymbed | 0:1387ff3eed4a | 591 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 592 | int wc_ecc_sig_size(ecc_key* key); |
| sPymbed | 0:1387ff3eed4a | 593 | |
| sPymbed | 0:1387ff3eed4a | 594 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 595 | int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz); |
| sPymbed | 0:1387ff3eed4a | 596 | |
| sPymbed | 0:1387ff3eed4a | 597 | #ifdef WOLFSSL_CUSTOM_CURVES |
| sPymbed | 0:1387ff3eed4a | 598 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 599 | int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp); |
| sPymbed | 0:1387ff3eed4a | 600 | #endif |
| sPymbed | 0:1387ff3eed4a | 601 | |
| sPymbed | 0:1387ff3eed4a | 602 | #ifdef HAVE_ECC_ENCRYPT |
| sPymbed | 0:1387ff3eed4a | 603 | /* ecc encrypt */ |
| sPymbed | 0:1387ff3eed4a | 604 | |
| sPymbed | 0:1387ff3eed4a | 605 | enum ecEncAlgo { |
| sPymbed | 0:1387ff3eed4a | 606 | ecAES_128_CBC = 1, /* default */ |
| sPymbed | 0:1387ff3eed4a | 607 | ecAES_256_CBC = 2 |
| sPymbed | 0:1387ff3eed4a | 608 | }; |
| sPymbed | 0:1387ff3eed4a | 609 | |
| sPymbed | 0:1387ff3eed4a | 610 | enum ecKdfAlgo { |
| sPymbed | 0:1387ff3eed4a | 611 | ecHKDF_SHA256 = 1, /* default */ |
| sPymbed | 0:1387ff3eed4a | 612 | ecHKDF_SHA1 = 2 |
| sPymbed | 0:1387ff3eed4a | 613 | }; |
| sPymbed | 0:1387ff3eed4a | 614 | |
| sPymbed | 0:1387ff3eed4a | 615 | enum ecMacAlgo { |
| sPymbed | 0:1387ff3eed4a | 616 | ecHMAC_SHA256 = 1, /* default */ |
| sPymbed | 0:1387ff3eed4a | 617 | ecHMAC_SHA1 = 2 |
| sPymbed | 0:1387ff3eed4a | 618 | }; |
| sPymbed | 0:1387ff3eed4a | 619 | |
| sPymbed | 0:1387ff3eed4a | 620 | enum { |
| sPymbed | 0:1387ff3eed4a | 621 | KEY_SIZE_128 = 16, |
| sPymbed | 0:1387ff3eed4a | 622 | KEY_SIZE_256 = 32, |
| sPymbed | 0:1387ff3eed4a | 623 | IV_SIZE_64 = 8, |
| sPymbed | 0:1387ff3eed4a | 624 | IV_SIZE_128 = 16, |
| sPymbed | 0:1387ff3eed4a | 625 | EXCHANGE_SALT_SZ = 16, |
| sPymbed | 0:1387ff3eed4a | 626 | EXCHANGE_INFO_SZ = 23 |
| sPymbed | 0:1387ff3eed4a | 627 | }; |
| sPymbed | 0:1387ff3eed4a | 628 | |
| sPymbed | 0:1387ff3eed4a | 629 | enum ecFlags { |
| sPymbed | 0:1387ff3eed4a | 630 | REQ_RESP_CLIENT = 1, |
| sPymbed | 0:1387ff3eed4a | 631 | REQ_RESP_SERVER = 2 |
| sPymbed | 0:1387ff3eed4a | 632 | }; |
| sPymbed | 0:1387ff3eed4a | 633 | |
| sPymbed | 0:1387ff3eed4a | 634 | |
| sPymbed | 0:1387ff3eed4a | 635 | typedef struct ecEncCtx ecEncCtx; |
| sPymbed | 0:1387ff3eed4a | 636 | |
| sPymbed | 0:1387ff3eed4a | 637 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 638 | ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); |
| sPymbed | 0:1387ff3eed4a | 639 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 640 | ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); |
| sPymbed | 0:1387ff3eed4a | 641 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 642 | void wc_ecc_ctx_free(ecEncCtx*); |
| sPymbed | 0:1387ff3eed4a | 643 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 644 | int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ |
| sPymbed | 0:1387ff3eed4a | 645 | |
| sPymbed | 0:1387ff3eed4a | 646 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 647 | const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); |
| sPymbed | 0:1387ff3eed4a | 648 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 649 | int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); |
| sPymbed | 0:1387ff3eed4a | 650 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 651 | int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); |
| sPymbed | 0:1387ff3eed4a | 652 | |
| sPymbed | 0:1387ff3eed4a | 653 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 654 | int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, |
| sPymbed | 0:1387ff3eed4a | 655 | word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); |
| sPymbed | 0:1387ff3eed4a | 656 | WOLFSSL_API |
| sPymbed | 0:1387ff3eed4a | 657 | int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, |
| sPymbed | 0:1387ff3eed4a | 658 | word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); |
| sPymbed | 0:1387ff3eed4a | 659 | |
| sPymbed | 0:1387ff3eed4a | 660 | #endif /* HAVE_ECC_ENCRYPT */ |
| sPymbed | 0:1387ff3eed4a | 661 | |
| sPymbed | 0:1387ff3eed4a | 662 | #ifdef HAVE_X963_KDF |
| sPymbed | 0:1387ff3eed4a | 663 | WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret, |
| sPymbed | 0:1387ff3eed4a | 664 | word32 secretSz, const byte* sinfo, word32 sinfoSz, |
| sPymbed | 0:1387ff3eed4a | 665 | byte* out, word32 outSz); |
| sPymbed | 0:1387ff3eed4a | 666 | #endif |
| sPymbed | 0:1387ff3eed4a | 667 | |
| sPymbed | 0:1387ff3eed4a | 668 | #ifdef ECC_CACHE_CURVE |
| sPymbed | 0:1387ff3eed4a | 669 | WOLFSSL_API int wc_ecc_curve_cache_init(void); |
| sPymbed | 0:1387ff3eed4a | 670 | WOLFSSL_API void wc_ecc_curve_cache_free(void); |
| sPymbed | 0:1387ff3eed4a | 671 | #endif |
| sPymbed | 0:1387ff3eed4a | 672 | |
| sPymbed | 0:1387ff3eed4a | 673 | |
| sPymbed | 0:1387ff3eed4a | 674 | #ifdef __cplusplus |
| sPymbed | 0:1387ff3eed4a | 675 | } /* extern "C" */ |
| sPymbed | 0:1387ff3eed4a | 676 | #endif |
| sPymbed | 0:1387ff3eed4a | 677 | |
| sPymbed | 0:1387ff3eed4a | 678 | #endif /* HAVE_ECC */ |
| sPymbed | 0:1387ff3eed4a | 679 | #endif /* WOLF_CRYPT_ECC_H */ |
| sPymbed | 0:1387ff3eed4a | 680 |