wolf SSL / CyaSSL

CyaSSL 3.0.0

Dependents:   HTTPClient-SSL HTTPClient HTTPClient-SSL http_access ... more

cyassl/ctaocrypt/ecc.h@3:64d4f7cb83d5, 2014-12-03 (annotated)

Committer:
wolfSSL
Date:
Wed Dec 03 05:24:18 2014 +0000
Revision:
3:64d4f7cb83d5
Parent:
0:1239e9b70ca2 
added IGNORE_KEY_EXTENSIONS

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* ecc.h
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 23
wolfSSL 0:1239e9b70ca2 24 #ifndef CTAO_CRYPT_ECC_H
wolfSSL 0:1239e9b70ca2 25 #define CTAO_CRYPT_ECC_H
wolfSSL 0:1239e9b70ca2 26
wolfSSL 0:1239e9b70ca2 27 #include <cyassl/ctaocrypt/types.h>
wolfSSL 0:1239e9b70ca2 28 #include <cyassl/ctaocrypt/integer.h>
wolfSSL 0:1239e9b70ca2 29 #include <cyassl/ctaocrypt/random.h>
wolfSSL 0:1239e9b70ca2 30
wolfSSL 0:1239e9b70ca2 31 #ifdef __cplusplus
wolfSSL 0:1239e9b70ca2 32 extern "C" {
wolfSSL 0:1239e9b70ca2 33 #endif
wolfSSL 0:1239e9b70ca2 34
wolfSSL 0:1239e9b70ca2 35
wolfSSL 0:1239e9b70ca2 36 enum {
wolfSSL 0:1239e9b70ca2 37 ECC_PUBLICKEY = 1,
wolfSSL 0:1239e9b70ca2 38 ECC_PRIVATEKEY = 2,
wolfSSL 0:1239e9b70ca2 39 ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
wolfSSL 0:1239e9b70ca2 40 SIG_HEADER_SZ = 6, /* ECC signature header size */
wolfSSL 0:1239e9b70ca2 41 ECC_BUFSIZE = 256, /* for exported keys temp buffer */
wolfSSL 0:1239e9b70ca2 42 ECC_MINSIZE = 20, /* MIN Private Key size */
wolfSSL 0:1239e9b70ca2 43 ECC_MAXSIZE = 66 /* MAX Private Key size */
wolfSSL 0:1239e9b70ca2 44 };
wolfSSL 0:1239e9b70ca2 45
wolfSSL 0:1239e9b70ca2 46
wolfSSL 0:1239e9b70ca2 47 /* ECC set type defined a NIST GF(p) curve */
wolfSSL 0:1239e9b70ca2 48 typedef struct {
wolfSSL 0:1239e9b70ca2 49 int size; /* The size of the curve in octets */
wolfSSL 0:1239e9b70ca2 50 const char* name; /* name of this curve */
wolfSSL 0:1239e9b70ca2 51 const char* prime; /* prime that defines the field, curve is in (hex) */
wolfSSL 0:1239e9b70ca2 52 const char* Bf; /* fields B param (hex) */
wolfSSL 0:1239e9b70ca2 53 const char* order; /* order of the curve (hex) */
wolfSSL 0:1239e9b70ca2 54 const char* Gx; /* x coordinate of the base point on curve (hex) */
wolfSSL 0:1239e9b70ca2 55 const char* Gy; /* y coordinate of the base point on curve (hex) */
wolfSSL 0:1239e9b70ca2 56 } ecc_set_type;
wolfSSL 0:1239e9b70ca2 57
wolfSSL 0:1239e9b70ca2 58
wolfSSL 0:1239e9b70ca2 59 /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
wolfSSL 0:1239e9b70ca2 60 (x/z^2, y/z^3, 1) when interpreted as affine */
wolfSSL 0:1239e9b70ca2 61 typedef struct {
wolfSSL 0:1239e9b70ca2 62 mp_int x; /* The x coordinate */
wolfSSL 0:1239e9b70ca2 63 mp_int y; /* The y coordinate */
wolfSSL 0:1239e9b70ca2 64 mp_int z; /* The z coordinate */
wolfSSL 0:1239e9b70ca2 65 } ecc_point;
wolfSSL 0:1239e9b70ca2 66
wolfSSL 0:1239e9b70ca2 67
wolfSSL 0:1239e9b70ca2 68 /* An ECC Key */
wolfSSL 0:1239e9b70ca2 69 typedef struct {
wolfSSL 0:1239e9b70ca2 70 int type; /* Public or Private */
wolfSSL 0:1239e9b70ca2 71 int idx; /* Index into the ecc_sets[] for the parameters of
wolfSSL 0:1239e9b70ca2 72 this curve if -1, this key is using user supplied
wolfSSL 0:1239e9b70ca2 73 curve in dp */
wolfSSL 0:1239e9b70ca2 74 const ecc_set_type* dp; /* domain parameters, either points to NIST
wolfSSL 0:1239e9b70ca2 75 curves (idx >= 0) or user supplied */
wolfSSL 0:1239e9b70ca2 76 ecc_point pubkey; /* public key */
wolfSSL 0:1239e9b70ca2 77 mp_int k; /* private key */
wolfSSL 0:1239e9b70ca2 78 } ecc_key;
wolfSSL 0:1239e9b70ca2 79
wolfSSL 0:1239e9b70ca2 80
wolfSSL 0:1239e9b70ca2 81 /* ECC predefined curve sets */
wolfSSL 0:1239e9b70ca2 82 extern const ecc_set_type ecc_sets[];
wolfSSL 0:1239e9b70ca2 83
wolfSSL 0:1239e9b70ca2 84
wolfSSL 0:1239e9b70ca2 85 CYASSL_API
wolfSSL 0:1239e9b70ca2 86 int ecc_make_key(RNG* rng, int keysize, ecc_key* key);
wolfSSL 0:1239e9b70ca2 87 CYASSL_API
wolfSSL 0:1239e9b70ca2 88 int ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
wolfSSL 0:1239e9b70ca2 89 word32* outlen);
wolfSSL 0:1239e9b70ca2 90 CYASSL_API
wolfSSL 0:1239e9b70ca2 91 int ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
wolfSSL 0:1239e9b70ca2 92 RNG* rng, ecc_key* key);
wolfSSL 0:1239e9b70ca2 93 CYASSL_API
wolfSSL 0:1239e9b70ca2 94 int ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
wolfSSL 0:1239e9b70ca2 95 word32 hashlen, int* stat, ecc_key* key);
wolfSSL 0:1239e9b70ca2 96 CYASSL_API
wolfSSL 0:1239e9b70ca2 97 void ecc_init(ecc_key* key);
wolfSSL 0:1239e9b70ca2 98 CYASSL_API
wolfSSL 0:1239e9b70ca2 99 void ecc_free(ecc_key* key);
wolfSSL 0:1239e9b70ca2 100 CYASSL_API
wolfSSL 0:1239e9b70ca2 101 void ecc_fp_free(void);
wolfSSL 0:1239e9b70ca2 102
wolfSSL 0:1239e9b70ca2 103
wolfSSL 0:1239e9b70ca2 104 /* ASN key helpers */
wolfSSL 0:1239e9b70ca2 105 CYASSL_API
wolfSSL 0:1239e9b70ca2 106 int ecc_export_x963(ecc_key*, byte* out, word32* outLen);
wolfSSL 0:1239e9b70ca2 107 CYASSL_API
wolfSSL 0:1239e9b70ca2 108 int ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
wolfSSL 0:1239e9b70ca2 109 CYASSL_API
wolfSSL 0:1239e9b70ca2 110 int ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
wolfSSL 0:1239e9b70ca2 111 word32 pubSz, ecc_key* key);
wolfSSL 0:1239e9b70ca2 112 CYASSL_API
wolfSSL 0:1239e9b70ca2 113 int ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
wolfSSL 0:1239e9b70ca2 114
wolfSSL 0:1239e9b70ca2 115 /* size helper */
wolfSSL 0:1239e9b70ca2 116 CYASSL_API
wolfSSL 0:1239e9b70ca2 117 int ecc_size(ecc_key* key);
wolfSSL 0:1239e9b70ca2 118 CYASSL_API
wolfSSL 0:1239e9b70ca2 119 int ecc_sig_size(ecc_key* key);
wolfSSL 0:1239e9b70ca2 120
wolfSSL 0:1239e9b70ca2 121
wolfSSL 0:1239e9b70ca2 122 #ifdef HAVE_ECC_ENCRYPT
wolfSSL 0:1239e9b70ca2 123 /* ecc encrypt */
wolfSSL 0:1239e9b70ca2 124
wolfSSL 0:1239e9b70ca2 125 enum ecEncAlgo {
wolfSSL 0:1239e9b70ca2 126 ecAES_128_CBC = 1, /* default */
wolfSSL 0:1239e9b70ca2 127 ecAES_256_CBC = 2
wolfSSL 0:1239e9b70ca2 128 };
wolfSSL 0:1239e9b70ca2 129
wolfSSL 0:1239e9b70ca2 130 enum ecKdfAlgo {
wolfSSL 0:1239e9b70ca2 131 ecHKDF_SHA256 = 1, /* default */
wolfSSL 0:1239e9b70ca2 132 ecHKDF_SHA1 = 2
wolfSSL 0:1239e9b70ca2 133 };
wolfSSL 0:1239e9b70ca2 134
wolfSSL 0:1239e9b70ca2 135 enum ecMacAlgo {
wolfSSL 0:1239e9b70ca2 136 ecHMAC_SHA256 = 1, /* default */
wolfSSL 0:1239e9b70ca2 137 ecHMAC_SHA1 = 2
wolfSSL 0:1239e9b70ca2 138 };
wolfSSL 0:1239e9b70ca2 139
wolfSSL 0:1239e9b70ca2 140 enum {
wolfSSL 0:1239e9b70ca2 141 KEY_SIZE_128 = 16,
wolfSSL 0:1239e9b70ca2 142 KEY_SIZE_256 = 32,
wolfSSL 0:1239e9b70ca2 143 IV_SIZE_64 = 8,
wolfSSL 0:1239e9b70ca2 144 EXCHANGE_SALT_SZ = 16,
wolfSSL 0:1239e9b70ca2 145 EXCHANGE_INFO_SZ = 23
wolfSSL 0:1239e9b70ca2 146 };
wolfSSL 0:1239e9b70ca2 147
wolfSSL 0:1239e9b70ca2 148 enum ecFlags {
wolfSSL 0:1239e9b70ca2 149 REQ_RESP_CLIENT = 1,
wolfSSL 0:1239e9b70ca2 150 REQ_RESP_SERVER = 2
wolfSSL 0:1239e9b70ca2 151 };
wolfSSL 0:1239e9b70ca2 152
wolfSSL 0:1239e9b70ca2 153
wolfSSL 0:1239e9b70ca2 154 typedef struct ecEncCtx ecEncCtx;
wolfSSL 0:1239e9b70ca2 155
wolfSSL 0:1239e9b70ca2 156 CYASSL_API
wolfSSL 0:1239e9b70ca2 157 ecEncCtx* ecc_ctx_new(int flags, RNG* rng);
wolfSSL 0:1239e9b70ca2 158 CYASSL_API
wolfSSL 0:1239e9b70ca2 159 void ecc_ctx_free(ecEncCtx*);
wolfSSL 0:1239e9b70ca2 160 CYASSL_API
wolfSSL 0:1239e9b70ca2 161 int ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */
wolfSSL 0:1239e9b70ca2 162
wolfSSL 0:1239e9b70ca2 163 CYASSL_API
wolfSSL 0:1239e9b70ca2 164 const byte* ecc_ctx_get_own_salt(ecEncCtx*);
wolfSSL 0:1239e9b70ca2 165 CYASSL_API
wolfSSL 0:1239e9b70ca2 166 int ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
wolfSSL 0:1239e9b70ca2 167
wolfSSL 0:1239e9b70ca2 168 CYASSL_API
wolfSSL 0:1239e9b70ca2 169 int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 0:1239e9b70ca2 170 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 0:1239e9b70ca2 171 CYASSL_API
wolfSSL 0:1239e9b70ca2 172 int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 0:1239e9b70ca2 173 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 0:1239e9b70ca2 174
wolfSSL 0:1239e9b70ca2 175 #endif /* HAVE_ECC_ENCRYPT */
wolfSSL 0:1239e9b70ca2 176
wolfSSL 0:1239e9b70ca2 177 #ifdef __cplusplus
wolfSSL 0:1239e9b70ca2 178 } /* extern "C" */
wolfSSL 0:1239e9b70ca2 179 #endif
wolfSSL 0:1239e9b70ca2 180
wolfSSL 0:1239e9b70ca2 181 #endif /* CTAO_CRYPT_ECC_H */
wolfSSL 0:1239e9b70ca2 182 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 183