wolf SSL / wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

Fork of wolfSSL by wolf SSL

wolfssl/wolfcrypt/ecc.h@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 26 00:39:20 2015 +0000
Revision:
0:d92f9d21154c
wolfSSL 3.6.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:d92f9d21154c 1 /* ecc.h
wolfSSL 0:d92f9d21154c 2 *
wolfSSL 0:d92f9d21154c 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:d92f9d21154c 4 *
wolfSSL 0:d92f9d21154c 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:d92f9d21154c 6 *
wolfSSL 0:d92f9d21154c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:d92f9d21154c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:d92f9d21154c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:d92f9d21154c 10 * (at your option) any later version.
wolfSSL 0:d92f9d21154c 11 *
wolfSSL 0:d92f9d21154c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:d92f9d21154c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:d92f9d21154c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:d92f9d21154c 15 * GNU General Public License for more details.
wolfSSL 0:d92f9d21154c 16 *
wolfSSL 0:d92f9d21154c 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:d92f9d21154c 18 * along with this program; if not, write to the Free Software
wolfSSL 0:d92f9d21154c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:d92f9d21154c 20 */
wolfSSL 0:d92f9d21154c 21
wolfSSL 0:d92f9d21154c 22 #ifndef WOLF_CRYPT_ECC_H
wolfSSL 0:d92f9d21154c 23 #define WOLF_CRYPT_ECC_H
wolfSSL 0:d92f9d21154c 24
wolfSSL 0:d92f9d21154c 25 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 0:d92f9d21154c 26
wolfSSL 0:d92f9d21154c 27 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 28
wolfSSL 0:d92f9d21154c 29 #include <wolfssl/wolfcrypt/integer.h>
wolfSSL 0:d92f9d21154c 30 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 0:d92f9d21154c 31
wolfSSL 0:d92f9d21154c 32 #ifdef __cplusplus
wolfSSL 0:d92f9d21154c 33 extern "C" {
wolfSSL 0:d92f9d21154c 34 #endif
wolfSSL 0:d92f9d21154c 35
wolfSSL 0:d92f9d21154c 36 enum {
wolfSSL 0:d92f9d21154c 37 ECC_PUBLICKEY = 1,
wolfSSL 0:d92f9d21154c 38 ECC_PRIVATEKEY = 2,
wolfSSL 0:d92f9d21154c 39 ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
wolfSSL 0:d92f9d21154c 40 SIG_HEADER_SZ = 6, /* ECC signature header size */
wolfSSL 0:d92f9d21154c 41 ECC_BUFSIZE = 256, /* for exported keys temp buffer */
wolfSSL 0:d92f9d21154c 42 ECC_MINSIZE = 20, /* MIN Private Key size */
wolfSSL 0:d92f9d21154c 43 ECC_MAXSIZE = 66 /* MAX Private Key size */
wolfSSL 0:d92f9d21154c 44 };
wolfSSL 0:d92f9d21154c 45
wolfSSL 0:d92f9d21154c 46
wolfSSL 0:d92f9d21154c 47 /* ECC set type defined a NIST GF(p) curve */
wolfSSL 0:d92f9d21154c 48 typedef struct {
wolfSSL 0:d92f9d21154c 49 int size; /* The size of the curve in octets */
wolfSSL 0:d92f9d21154c 50 const char* name; /* name of this curve */
wolfSSL 0:d92f9d21154c 51 const char* prime; /* prime that defines the field, curve is in (hex) */
wolfSSL 0:d92f9d21154c 52 const char* Af; /* fields A param (hex) */
wolfSSL 0:d92f9d21154c 53 const char* Bf; /* fields B param (hex) */
wolfSSL 0:d92f9d21154c 54 const char* order; /* order of the curve (hex) */
wolfSSL 0:d92f9d21154c 55 const char* Gx; /* x coordinate of the base point on curve (hex) */
wolfSSL 0:d92f9d21154c 56 const char* Gy; /* y coordinate of the base point on curve (hex) */
wolfSSL 0:d92f9d21154c 57 } ecc_set_type;
wolfSSL 0:d92f9d21154c 58
wolfSSL 0:d92f9d21154c 59
wolfSSL 0:d92f9d21154c 60 #ifdef ALT_ECC_SIZE
wolfSSL 0:d92f9d21154c 61
wolfSSL 0:d92f9d21154c 62 /* Note on ALT_ECC_SIZE:
wolfSSL 0:d92f9d21154c 63 * The fast math code uses an array of a fixed size to store the big integers.
wolfSSL 0:d92f9d21154c 64 * By default, the array is big enough for RSA keys. There is a size,
wolfSSL 0:d92f9d21154c 65 * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
wolfSSL 0:d92f9d21154c 66 * but not RSA. Some people want fast math sized for both RSA and ECC, where
wolfSSL 0:d92f9d21154c 67 * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
wolfSSL 0:d92f9d21154c 68 * ecc_point structure that uses an alternate fp_int that has a shorter array
wolfSSL 0:d92f9d21154c 69 * of fp_digits.
wolfSSL 0:d92f9d21154c 70 *
wolfSSL 0:d92f9d21154c 71 * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
wolfSSL 0:d92f9d21154c 72 * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
wolfSSL 0:d92f9d21154c 73 * of the point are pointers that are set to each of a three item array of
wolfSSL 0:d92f9d21154c 74 * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
wolfSSL 0:d92f9d21154c 75 * structure, the alt_fp_int will only have 512 bits. A size value was added
wolfSSL 0:d92f9d21154c 76 * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
wolfSSL 0:d92f9d21154c 77 * functions fp_zero() and fp_copy() use the size parameter. An int needs to
wolfSSL 0:d92f9d21154c 78 * be initialized before using it instead of just fp_zeroing it, the init will
wolfSSL 0:d92f9d21154c 79 * call zero. FP_MAX_BITS_ECC defaults to 512, but can be set to change the
wolfSSL 0:d92f9d21154c 80 * number of bits used in the alternate FP_INT.
wolfSSL 0:d92f9d21154c 81 *
wolfSSL 0:d92f9d21154c 82 * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
wolfSSL 0:d92f9d21154c 83 */
wolfSSL 0:d92f9d21154c 84
wolfSSL 0:d92f9d21154c 85 #ifndef FP_MAX_BITS_ECC
wolfSSL 0:d92f9d21154c 86 #define FP_MAX_BITS_ECC 512
wolfSSL 0:d92f9d21154c 87 #endif
wolfSSL 0:d92f9d21154c 88 #define FP_MAX_SIZE_ECC (FP_MAX_BITS_ECC+(8*DIGIT_BIT))
wolfSSL 0:d92f9d21154c 89 #if FP_MAX_BITS_ECC % CHAR_BIT
wolfSSL 0:d92f9d21154c 90 #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
wolfSSL 0:d92f9d21154c 91 #endif
wolfSSL 0:d92f9d21154c 92 #define FP_SIZE_ECC (FP_MAX_SIZE_ECC/DIGIT_BIT)
wolfSSL 0:d92f9d21154c 93
wolfSSL 0:d92f9d21154c 94 /* This needs to match the size of the fp_int struct, except the
wolfSSL 0:d92f9d21154c 95 * fp_digit array will be shorter. */
wolfSSL 0:d92f9d21154c 96 typedef struct alt_fp_int {
wolfSSL 0:d92f9d21154c 97 int used, sign, size;
wolfSSL 0:d92f9d21154c 98 fp_digit dp[FP_SIZE_ECC];
wolfSSL 0:d92f9d21154c 99 } alt_fp_int;
wolfSSL 0:d92f9d21154c 100 #endif
wolfSSL 0:d92f9d21154c 101
wolfSSL 0:d92f9d21154c 102 /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
wolfSSL 0:d92f9d21154c 103 (x/z^2, y/z^3, 1) when interpreted as affine */
wolfSSL 0:d92f9d21154c 104 typedef struct {
wolfSSL 0:d92f9d21154c 105 #ifndef ALT_ECC_SIZE
wolfSSL 0:d92f9d21154c 106 mp_int x[1]; /* The x coordinate */
wolfSSL 0:d92f9d21154c 107 mp_int y[1]; /* The y coordinate */
wolfSSL 0:d92f9d21154c 108 mp_int z[1]; /* The z coordinate */
wolfSSL 0:d92f9d21154c 109 #else
wolfSSL 0:d92f9d21154c 110 mp_int* x; /* The x coordinate */
wolfSSL 0:d92f9d21154c 111 mp_int* y; /* The y coordinate */
wolfSSL 0:d92f9d21154c 112 mp_int* z; /* The z coordinate */
wolfSSL 0:d92f9d21154c 113 alt_fp_int xyz[3];
wolfSSL 0:d92f9d21154c 114 #endif
wolfSSL 0:d92f9d21154c 115 } ecc_point;
wolfSSL 0:d92f9d21154c 116
wolfSSL 0:d92f9d21154c 117
wolfSSL 0:d92f9d21154c 118 /* An ECC Key */
wolfSSL 0:d92f9d21154c 119 typedef struct {
wolfSSL 0:d92f9d21154c 120 int type; /* Public or Private */
wolfSSL 0:d92f9d21154c 121 int idx; /* Index into the ecc_sets[] for the parameters of
wolfSSL 0:d92f9d21154c 122 this curve if -1, this key is using user supplied
wolfSSL 0:d92f9d21154c 123 curve in dp */
wolfSSL 0:d92f9d21154c 124 const ecc_set_type* dp; /* domain parameters, either points to NIST
wolfSSL 0:d92f9d21154c 125 curves (idx >= 0) or user supplied */
wolfSSL 0:d92f9d21154c 126 ecc_point pubkey; /* public key */
wolfSSL 0:d92f9d21154c 127 mp_int k; /* private key */
wolfSSL 0:d92f9d21154c 128 } ecc_key;
wolfSSL 0:d92f9d21154c 129
wolfSSL 0:d92f9d21154c 130
wolfSSL 0:d92f9d21154c 131 /* ECC predefined curve sets */
wolfSSL 0:d92f9d21154c 132 extern const ecc_set_type ecc_sets[];
wolfSSL 0:d92f9d21154c 133
wolfSSL 0:d92f9d21154c 134
wolfSSL 0:d92f9d21154c 135 WOLFSSL_API
wolfSSL 0:d92f9d21154c 136 int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key);
wolfSSL 0:d92f9d21154c 137 WOLFSSL_API
wolfSSL 0:d92f9d21154c 138 int wc_ecc_check_key(ecc_key* key);
wolfSSL 0:d92f9d21154c 139 WOLFSSL_API
wolfSSL 0:d92f9d21154c 140 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
wolfSSL 0:d92f9d21154c 141 word32* outlen);
wolfSSL 0:d92f9d21154c 142 WOLFSSL_API
wolfSSL 0:d92f9d21154c 143 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
wolfSSL 0:d92f9d21154c 144 RNG* rng, ecc_key* key);
wolfSSL 0:d92f9d21154c 145 WOLFSSL_API
wolfSSL 0:d92f9d21154c 146 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
wolfSSL 0:d92f9d21154c 147 word32 hashlen, int* stat, ecc_key* key);
wolfSSL 0:d92f9d21154c 148 WOLFSSL_API
wolfSSL 0:d92f9d21154c 149 int wc_ecc_init(ecc_key* key);
wolfSSL 0:d92f9d21154c 150 WOLFSSL_API
wolfSSL 0:d92f9d21154c 151 void wc_ecc_free(ecc_key* key);
wolfSSL 0:d92f9d21154c 152 WOLFSSL_API
wolfSSL 0:d92f9d21154c 153 void wc_ecc_fp_free(void);
wolfSSL 0:d92f9d21154c 154
wolfSSL 0:d92f9d21154c 155
wolfSSL 0:d92f9d21154c 156 /* ASN key helpers */
wolfSSL 0:d92f9d21154c 157 WOLFSSL_API
wolfSSL 0:d92f9d21154c 158 int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
wolfSSL 0:d92f9d21154c 159 WOLFSSL_API
wolfSSL 0:d92f9d21154c 160 int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
wolfSSL 0:d92f9d21154c 161 /* extended functionality with compressed option */
wolfSSL 0:d92f9d21154c 162 WOLFSSL_API
wolfSSL 0:d92f9d21154c 163 int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
wolfSSL 0:d92f9d21154c 164 WOLFSSL_API
wolfSSL 0:d92f9d21154c 165 int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
wolfSSL 0:d92f9d21154c 166 word32 pubSz, ecc_key* key);
wolfSSL 0:d92f9d21154c 167 WOLFSSL_API
wolfSSL 0:d92f9d21154c 168 int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
wolfSSL 0:d92f9d21154c 169 WOLFSSL_API
wolfSSL 0:d92f9d21154c 170 int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
wolfSSL 0:d92f9d21154c 171 const char* d, const char* curveName);
wolfSSL 0:d92f9d21154c 172
wolfSSL 0:d92f9d21154c 173 WOLFSSL_API
wolfSSL 0:d92f9d21154c 174 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
wolfSSL 0:d92f9d21154c 175
wolfSSL 0:d92f9d21154c 176 /* size helper */
wolfSSL 0:d92f9d21154c 177 WOLFSSL_API
wolfSSL 0:d92f9d21154c 178 int wc_ecc_size(ecc_key* key);
wolfSSL 0:d92f9d21154c 179 WOLFSSL_API
wolfSSL 0:d92f9d21154c 180 int wc_ecc_sig_size(ecc_key* key);
wolfSSL 0:d92f9d21154c 181
wolfSSL 0:d92f9d21154c 182
wolfSSL 0:d92f9d21154c 183 #ifdef HAVE_ECC_ENCRYPT
wolfSSL 0:d92f9d21154c 184 /* ecc encrypt */
wolfSSL 0:d92f9d21154c 185
wolfSSL 0:d92f9d21154c 186 enum ecEncAlgo {
wolfSSL 0:d92f9d21154c 187 ecAES_128_CBC = 1, /* default */
wolfSSL 0:d92f9d21154c 188 ecAES_256_CBC = 2
wolfSSL 0:d92f9d21154c 189 };
wolfSSL 0:d92f9d21154c 190
wolfSSL 0:d92f9d21154c 191 enum ecKdfAlgo {
wolfSSL 0:d92f9d21154c 192 ecHKDF_SHA256 = 1, /* default */
wolfSSL 0:d92f9d21154c 193 ecHKDF_SHA1 = 2
wolfSSL 0:d92f9d21154c 194 };
wolfSSL 0:d92f9d21154c 195
wolfSSL 0:d92f9d21154c 196 enum ecMacAlgo {
wolfSSL 0:d92f9d21154c 197 ecHMAC_SHA256 = 1, /* default */
wolfSSL 0:d92f9d21154c 198 ecHMAC_SHA1 = 2
wolfSSL 0:d92f9d21154c 199 };
wolfSSL 0:d92f9d21154c 200
wolfSSL 0:d92f9d21154c 201 enum {
wolfSSL 0:d92f9d21154c 202 KEY_SIZE_128 = 16,
wolfSSL 0:d92f9d21154c 203 KEY_SIZE_256 = 32,
wolfSSL 0:d92f9d21154c 204 IV_SIZE_64 = 8,
wolfSSL 0:d92f9d21154c 205 EXCHANGE_SALT_SZ = 16,
wolfSSL 0:d92f9d21154c 206 EXCHANGE_INFO_SZ = 23
wolfSSL 0:d92f9d21154c 207 };
wolfSSL 0:d92f9d21154c 208
wolfSSL 0:d92f9d21154c 209 enum ecFlags {
wolfSSL 0:d92f9d21154c 210 REQ_RESP_CLIENT = 1,
wolfSSL 0:d92f9d21154c 211 REQ_RESP_SERVER = 2
wolfSSL 0:d92f9d21154c 212 };
wolfSSL 0:d92f9d21154c 213
wolfSSL 0:d92f9d21154c 214
wolfSSL 0:d92f9d21154c 215 typedef struct ecEncCtx ecEncCtx;
wolfSSL 0:d92f9d21154c 216
wolfSSL 0:d92f9d21154c 217 WOLFSSL_API
wolfSSL 0:d92f9d21154c 218 ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng);
wolfSSL 0:d92f9d21154c 219 WOLFSSL_API
wolfSSL 0:d92f9d21154c 220 void wc_ecc_ctx_free(ecEncCtx*);
wolfSSL 0:d92f9d21154c 221 WOLFSSL_API
wolfSSL 0:d92f9d21154c 222 int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */
wolfSSL 0:d92f9d21154c 223
wolfSSL 0:d92f9d21154c 224 WOLFSSL_API
wolfSSL 0:d92f9d21154c 225 const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
wolfSSL 0:d92f9d21154c 226 WOLFSSL_API
wolfSSL 0:d92f9d21154c 227 int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
wolfSSL 0:d92f9d21154c 228 WOLFSSL_API
wolfSSL 0:d92f9d21154c 229 int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
wolfSSL 0:d92f9d21154c 230
wolfSSL 0:d92f9d21154c 231 WOLFSSL_API
wolfSSL 0:d92f9d21154c 232 int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 0:d92f9d21154c 233 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 0:d92f9d21154c 234 WOLFSSL_API
wolfSSL 0:d92f9d21154c 235 int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 0:d92f9d21154c 236 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 0:d92f9d21154c 237
wolfSSL 0:d92f9d21154c 238 #endif /* HAVE_ECC_ENCRYPT */
wolfSSL 0:d92f9d21154c 239
wolfSSL 0:d92f9d21154c 240 #ifdef __cplusplus
wolfSSL 0:d92f9d21154c 241 } /* extern "C" */
wolfSSL 0:d92f9d21154c 242 #endif
wolfSSL 0:d92f9d21154c 243
wolfSSL 0:d92f9d21154c 244 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 245 #endif /* WOLF_CRYPT_ECC_H */
wolfSSL 0:d92f9d21154c 246