wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/wolfcrypt/ecc.h@15:117db924cf7c, 2018-08-18 (annotated)
- Committer:
- wolfSSL
- Date:
- Sat Aug 18 22:20:43 2018 +0000
- Revision:
- 15:117db924cf7c
- Child:
- 16:8e0d178b1d1e
wolfSSL 3.15.3
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 15:117db924cf7c | 1 | /* ecc.h |
| wolfSSL | 15:117db924cf7c | 2 | * |
| wolfSSL | 15:117db924cf7c | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
| wolfSSL | 15:117db924cf7c | 4 | * |
| wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
| wolfSSL | 15:117db924cf7c | 6 | * |
| wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
| wolfSSL | 15:117db924cf7c | 11 | * |
| wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
| wolfSSL | 15:117db924cf7c | 16 | * |
| wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| wolfSSL | 15:117db924cf7c | 20 | */ |
| wolfSSL | 15:117db924cf7c | 21 | |
| wolfSSL | 15:117db924cf7c | 22 | /*! |
| wolfSSL | 15:117db924cf7c | 23 | \file wolfssl/wolfcrypt/ecc.h |
| wolfSSL | 15:117db924cf7c | 24 | */ |
| wolfSSL | 15:117db924cf7c | 25 | |
| wolfSSL | 15:117db924cf7c | 26 | |
| wolfSSL | 15:117db924cf7c | 27 | #ifndef WOLF_CRYPT_ECC_H |
| wolfSSL | 15:117db924cf7c | 28 | #define WOLF_CRYPT_ECC_H |
| wolfSSL | 15:117db924cf7c | 29 | |
| wolfSSL | 15:117db924cf7c | 30 | #include <wolfssl/wolfcrypt/types.h> |
| wolfSSL | 15:117db924cf7c | 31 | |
| wolfSSL | 15:117db924cf7c | 32 | #ifdef HAVE_ECC |
| wolfSSL | 15:117db924cf7c | 33 | |
| wolfSSL | 15:117db924cf7c | 34 | #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) |
| wolfSSL | 15:117db924cf7c | 35 | #include <wolfssl/wolfcrypt/fips.h> |
| wolfSSL | 15:117db924cf7c | 36 | #endif /* HAVE_FIPS_VERSION >= 2 */ |
| wolfSSL | 15:117db924cf7c | 37 | |
| wolfSSL | 15:117db924cf7c | 38 | #include <wolfssl/wolfcrypt/integer.h> |
| wolfSSL | 15:117db924cf7c | 39 | #include <wolfssl/wolfcrypt/random.h> |
| wolfSSL | 15:117db924cf7c | 40 | |
| wolfSSL | 15:117db924cf7c | 41 | #ifdef HAVE_X963_KDF |
| wolfSSL | 15:117db924cf7c | 42 | #include <wolfssl/wolfcrypt/hash.h> |
| wolfSSL | 15:117db924cf7c | 43 | #endif |
| wolfSSL | 15:117db924cf7c | 44 | |
| wolfSSL | 15:117db924cf7c | 45 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 46 | #include <wolfssl/wolfcrypt/async.h> |
| wolfSSL | 15:117db924cf7c | 47 | #ifdef WOLFSSL_CERT_GEN |
| wolfSSL | 15:117db924cf7c | 48 | #include <wolfssl/wolfcrypt/asn.h> |
| wolfSSL | 15:117db924cf7c | 49 | #endif |
| wolfSSL | 15:117db924cf7c | 50 | #endif |
| wolfSSL | 15:117db924cf7c | 51 | |
| wolfSSL | 15:117db924cf7c | 52 | #ifdef WOLFSSL_ATECC508A |
| wolfSSL | 15:117db924cf7c | 53 | #include <wolfssl/wolfcrypt/port/atmel/atmel.h> |
| wolfSSL | 15:117db924cf7c | 54 | #endif /* WOLFSSL_ATECC508A */ |
| wolfSSL | 15:117db924cf7c | 55 | |
| wolfSSL | 15:117db924cf7c | 56 | |
| wolfSSL | 15:117db924cf7c | 57 | #ifdef __cplusplus |
| wolfSSL | 15:117db924cf7c | 58 | extern "C" { |
| wolfSSL | 15:117db924cf7c | 59 | #endif |
| wolfSSL | 15:117db924cf7c | 60 | |
| wolfSSL | 15:117db924cf7c | 61 | |
| wolfSSL | 15:117db924cf7c | 62 | /* Enable curve B parameter if needed */ |
| wolfSSL | 15:117db924cf7c | 63 | #if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE) |
| wolfSSL | 15:117db924cf7c | 64 | #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */ |
| wolfSSL | 15:117db924cf7c | 65 | #define USE_ECC_B_PARAM |
| wolfSSL | 15:117db924cf7c | 66 | #endif |
| wolfSSL | 15:117db924cf7c | 67 | #endif |
| wolfSSL | 15:117db924cf7c | 68 | |
| wolfSSL | 15:117db924cf7c | 69 | |
| wolfSSL | 15:117db924cf7c | 70 | /* Use this as the key->idx if a custom ecc_set is used for key->dp */ |
| wolfSSL | 15:117db924cf7c | 71 | #define ECC_CUSTOM_IDX (-1) |
| wolfSSL | 15:117db924cf7c | 72 | |
| wolfSSL | 15:117db924cf7c | 73 | |
| wolfSSL | 15:117db924cf7c | 74 | /* Determine max ECC bits based on enabled curves */ |
| wolfSSL | 15:117db924cf7c | 75 | #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) |
| wolfSSL | 15:117db924cf7c | 76 | #define MAX_ECC_BITS 521 |
| wolfSSL | 15:117db924cf7c | 77 | #elif defined(HAVE_ECC512) |
| wolfSSL | 15:117db924cf7c | 78 | #define MAX_ECC_BITS 512 |
| wolfSSL | 15:117db924cf7c | 79 | #elif defined(HAVE_ECC384) |
| wolfSSL | 15:117db924cf7c | 80 | #define MAX_ECC_BITS 384 |
| wolfSSL | 15:117db924cf7c | 81 | #elif defined(HAVE_ECC320) |
| wolfSSL | 15:117db924cf7c | 82 | #define MAX_ECC_BITS 320 |
| wolfSSL | 15:117db924cf7c | 83 | #elif !defined(NO_ECC256) |
| wolfSSL | 15:117db924cf7c | 84 | #define MAX_ECC_BITS 256 |
| wolfSSL | 15:117db924cf7c | 85 | #elif defined(HAVE_ECC239) |
| wolfSSL | 15:117db924cf7c | 86 | #define MAX_ECC_BITS 239 |
| wolfSSL | 15:117db924cf7c | 87 | #elif defined(HAVE_ECC224) |
| wolfSSL | 15:117db924cf7c | 88 | #define MAX_ECC_BITS 224 |
| wolfSSL | 15:117db924cf7c | 89 | #elif defined(HAVE_ECC192) |
| wolfSSL | 15:117db924cf7c | 90 | #define MAX_ECC_BITS 192 |
| wolfSSL | 15:117db924cf7c | 91 | #elif defined(HAVE_ECC160) |
| wolfSSL | 15:117db924cf7c | 92 | #define MAX_ECC_BITS 160 |
| wolfSSL | 15:117db924cf7c | 93 | #elif defined(HAVE_ECC128) |
| wolfSSL | 15:117db924cf7c | 94 | #define MAX_ECC_BITS 128 |
| wolfSSL | 15:117db924cf7c | 95 | #elif defined(HAVE_ECC112) |
| wolfSSL | 15:117db924cf7c | 96 | #define MAX_ECC_BITS 112 |
| wolfSSL | 15:117db924cf7c | 97 | #endif |
| wolfSSL | 15:117db924cf7c | 98 | |
| wolfSSL | 15:117db924cf7c | 99 | /* calculate max ECC bytes */ |
| wolfSSL | 15:117db924cf7c | 100 | #if ((MAX_ECC_BITS * 2) % 8) == 0 |
| wolfSSL | 15:117db924cf7c | 101 | #define MAX_ECC_BYTES (MAX_ECC_BITS / 8) |
| wolfSSL | 15:117db924cf7c | 102 | #else |
| wolfSSL | 15:117db924cf7c | 103 | /* add byte if not aligned */ |
| wolfSSL | 15:117db924cf7c | 104 | #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1) |
| wolfSSL | 15:117db924cf7c | 105 | #endif |
| wolfSSL | 15:117db924cf7c | 106 | |
| wolfSSL | 15:117db924cf7c | 107 | |
| wolfSSL | 15:117db924cf7c | 108 | enum { |
| wolfSSL | 15:117db924cf7c | 109 | ECC_PUBLICKEY = 1, |
| wolfSSL | 15:117db924cf7c | 110 | ECC_PRIVATEKEY = 2, |
| wolfSSL | 15:117db924cf7c | 111 | ECC_PRIVATEKEY_ONLY = 3, |
| wolfSSL | 15:117db924cf7c | 112 | ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */ |
| wolfSSL | 15:117db924cf7c | 113 | SIG_HEADER_SZ = 6, /* ECC signature header size */ |
| wolfSSL | 15:117db924cf7c | 114 | ECC_BUFSIZE = 256, /* for exported keys temp buffer */ |
| wolfSSL | 15:117db924cf7c | 115 | ECC_MINSIZE = 20, /* MIN Private Key size */ |
| wolfSSL | 15:117db924cf7c | 116 | ECC_MAXSIZE = 66, /* MAX Private Key size */ |
| wolfSSL | 15:117db924cf7c | 117 | ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/ |
| wolfSSL | 15:117db924cf7c | 118 | ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */ |
| wolfSSL | 15:117db924cf7c | 119 | ECC_MAX_OID_LEN = 16, |
| wolfSSL | 15:117db924cf7c | 120 | ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), |
| wolfSSL | 15:117db924cf7c | 121 | |
| wolfSSL | 15:117db924cf7c | 122 | /* max crypto hardware size */ |
| wolfSSL | 15:117db924cf7c | 123 | #ifdef WOLFSSL_ATECC508A |
| wolfSSL | 15:117db924cf7c | 124 | ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ |
| wolfSSL | 15:117db924cf7c | 125 | ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), |
| wolfSSL | 15:117db924cf7c | 126 | #elif defined(PLUTON_CRYPTO_ECC) |
| wolfSSL | 15:117db924cf7c | 127 | ECC_MAX_CRYPTO_HW_SIZE = 32, |
| wolfSSL | 15:117db924cf7c | 128 | #endif |
| wolfSSL | 15:117db924cf7c | 129 | |
| wolfSSL | 15:117db924cf7c | 130 | /* point encoding type */ |
| wolfSSL | 15:117db924cf7c | 131 | ECC_TYPE_HEX_STR = 1, |
| wolfSSL | 15:117db924cf7c | 132 | ECC_TYPE_UNSIGNED_BIN = 2, |
| wolfSSL | 15:117db924cf7c | 133 | |
| wolfSSL | 15:117db924cf7c | 134 | /* point compression type */ |
| wolfSSL | 15:117db924cf7c | 135 | ECC_POINT_COMP_EVEN = 0x02, |
| wolfSSL | 15:117db924cf7c | 136 | ECC_POINT_COMP_ODD = 0x03, |
| wolfSSL | 15:117db924cf7c | 137 | ECC_POINT_UNCOMP = 0x04, |
| wolfSSL | 15:117db924cf7c | 138 | |
| wolfSSL | 15:117db924cf7c | 139 | /* Shamir's dual add constants */ |
| wolfSSL | 15:117db924cf7c | 140 | SHAMIR_PRECOMP_SZ = 16, |
| wolfSSL | 15:117db924cf7c | 141 | }; |
| wolfSSL | 15:117db924cf7c | 142 | |
| wolfSSL | 15:117db924cf7c | 143 | /* Curve Types */ |
| wolfSSL | 15:117db924cf7c | 144 | typedef enum ecc_curve_id { |
| wolfSSL | 15:117db924cf7c | 145 | ECC_CURVE_INVALID = -1, |
| wolfSSL | 15:117db924cf7c | 146 | ECC_CURVE_DEF = 0, /* NIST or SECP */ |
| wolfSSL | 15:117db924cf7c | 147 | |
| wolfSSL | 15:117db924cf7c | 148 | /* NIST Prime Curves */ |
| wolfSSL | 15:117db924cf7c | 149 | ECC_SECP192R1, |
| wolfSSL | 15:117db924cf7c | 150 | ECC_PRIME192V2, |
| wolfSSL | 15:117db924cf7c | 151 | ECC_PRIME192V3, |
| wolfSSL | 15:117db924cf7c | 152 | ECC_PRIME239V1, |
| wolfSSL | 15:117db924cf7c | 153 | ECC_PRIME239V2, |
| wolfSSL | 15:117db924cf7c | 154 | ECC_PRIME239V3, |
| wolfSSL | 15:117db924cf7c | 155 | ECC_SECP256R1, |
| wolfSSL | 15:117db924cf7c | 156 | |
| wolfSSL | 15:117db924cf7c | 157 | /* SECP Curves */ |
| wolfSSL | 15:117db924cf7c | 158 | ECC_SECP112R1, |
| wolfSSL | 15:117db924cf7c | 159 | ECC_SECP112R2, |
| wolfSSL | 15:117db924cf7c | 160 | ECC_SECP128R1, |
| wolfSSL | 15:117db924cf7c | 161 | ECC_SECP128R2, |
| wolfSSL | 15:117db924cf7c | 162 | ECC_SECP160R1, |
| wolfSSL | 15:117db924cf7c | 163 | ECC_SECP160R2, |
| wolfSSL | 15:117db924cf7c | 164 | ECC_SECP224R1, |
| wolfSSL | 15:117db924cf7c | 165 | ECC_SECP384R1, |
| wolfSSL | 15:117db924cf7c | 166 | ECC_SECP521R1, |
| wolfSSL | 15:117db924cf7c | 167 | |
| wolfSSL | 15:117db924cf7c | 168 | /* Koblitz */ |
| wolfSSL | 15:117db924cf7c | 169 | ECC_SECP160K1, |
| wolfSSL | 15:117db924cf7c | 170 | ECC_SECP192K1, |
| wolfSSL | 15:117db924cf7c | 171 | ECC_SECP224K1, |
| wolfSSL | 15:117db924cf7c | 172 | ECC_SECP256K1, |
| wolfSSL | 15:117db924cf7c | 173 | |
| wolfSSL | 15:117db924cf7c | 174 | /* Brainpool Curves */ |
| wolfSSL | 15:117db924cf7c | 175 | ECC_BRAINPOOLP160R1, |
| wolfSSL | 15:117db924cf7c | 176 | ECC_BRAINPOOLP192R1, |
| wolfSSL | 15:117db924cf7c | 177 | ECC_BRAINPOOLP224R1, |
| wolfSSL | 15:117db924cf7c | 178 | ECC_BRAINPOOLP256R1, |
| wolfSSL | 15:117db924cf7c | 179 | ECC_BRAINPOOLP320R1, |
| wolfSSL | 15:117db924cf7c | 180 | ECC_BRAINPOOLP384R1, |
| wolfSSL | 15:117db924cf7c | 181 | ECC_BRAINPOOLP512R1, |
| wolfSSL | 15:117db924cf7c | 182 | |
| wolfSSL | 15:117db924cf7c | 183 | /* Twisted Edwards Curves */ |
| wolfSSL | 15:117db924cf7c | 184 | #ifdef HAVE_CURVE25519 |
| wolfSSL | 15:117db924cf7c | 185 | ECC_X25519, |
| wolfSSL | 15:117db924cf7c | 186 | #endif |
| wolfSSL | 15:117db924cf7c | 187 | #ifdef HAVE_X448 |
| wolfSSL | 15:117db924cf7c | 188 | ECC_X448, |
| wolfSSL | 15:117db924cf7c | 189 | #endif |
| wolfSSL | 15:117db924cf7c | 190 | |
| wolfSSL | 15:117db924cf7c | 191 | #ifdef WOLFSSL_CUSTOM_CURVES |
| wolfSSL | 15:117db924cf7c | 192 | ECC_CURVE_CUSTOM, |
| wolfSSL | 15:117db924cf7c | 193 | #endif |
| wolfSSL | 15:117db924cf7c | 194 | } ecc_curve_id; |
| wolfSSL | 15:117db924cf7c | 195 | |
| wolfSSL | 15:117db924cf7c | 196 | #ifdef HAVE_OID_ENCODING |
| wolfSSL | 15:117db924cf7c | 197 | typedef word16 ecc_oid_t; |
| wolfSSL | 15:117db924cf7c | 198 | #else |
| wolfSSL | 15:117db924cf7c | 199 | typedef byte ecc_oid_t; |
| wolfSSL | 15:117db924cf7c | 200 | /* OID encoded with ASN scheme: |
| wolfSSL | 15:117db924cf7c | 201 | first element = (oid[0] * 40) + oid[1] |
| wolfSSL | 15:117db924cf7c | 202 | if any element > 127 then MSB 0x80 indicates additional byte */ |
| wolfSSL | 15:117db924cf7c | 203 | #endif |
| wolfSSL | 15:117db924cf7c | 204 | |
| wolfSSL | 15:117db924cf7c | 205 | /* ECC set type defined a GF(p) curve */ |
| wolfSSL | 15:117db924cf7c | 206 | #ifndef USE_WINDOWS_API |
| wolfSSL | 15:117db924cf7c | 207 | typedef struct ecc_set_type { |
| wolfSSL | 15:117db924cf7c | 208 | int size; /* The size of the curve in octets */ |
| wolfSSL | 15:117db924cf7c | 209 | int id; /* id of this curve */ |
| wolfSSL | 15:117db924cf7c | 210 | const char* name; /* name of this curve */ |
| wolfSSL | 15:117db924cf7c | 211 | const char* prime; /* prime that defines the field, curve is in (hex) */ |
| wolfSSL | 15:117db924cf7c | 212 | const char* Af; /* fields A param (hex) */ |
| wolfSSL | 15:117db924cf7c | 213 | const char* Bf; /* fields B param (hex) */ |
| wolfSSL | 15:117db924cf7c | 214 | const char* order; /* order of the curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 215 | const char* Gx; /* x coordinate of the base point on curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 216 | const char* Gy; /* y coordinate of the base point on curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 217 | const ecc_oid_t* oid; |
| wolfSSL | 15:117db924cf7c | 218 | word32 oidSz; |
| wolfSSL | 15:117db924cf7c | 219 | word32 oidSum; /* sum of encoded OID bytes */ |
| wolfSSL | 15:117db924cf7c | 220 | int cofactor; |
| wolfSSL | 15:117db924cf7c | 221 | } ecc_set_type; |
| wolfSSL | 15:117db924cf7c | 222 | #else |
| wolfSSL | 15:117db924cf7c | 223 | /* MSC does something different with the pointers to the arrays than GCC, |
| wolfSSL | 15:117db924cf7c | 224 | * and it causes the FIPS checksum to fail. In the case of windows builds, |
| wolfSSL | 15:117db924cf7c | 225 | * store everything as arrays instead of pointers to strings. */ |
| wolfSSL | 15:117db924cf7c | 226 | |
| wolfSSL | 15:117db924cf7c | 227 | #define MAX_ECC_NAME 16 |
| wolfSSL | 15:117db924cf7c | 228 | #define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1) |
| wolfSSL | 15:117db924cf7c | 229 | /* The values are stored as text strings. */ |
| wolfSSL | 15:117db924cf7c | 230 | |
| wolfSSL | 15:117db924cf7c | 231 | typedef struct ecc_set_type { |
| wolfSSL | 15:117db924cf7c | 232 | int size; /* The size of the curve in octets */ |
| wolfSSL | 15:117db924cf7c | 233 | int id; /* id of this curve */ |
| wolfSSL | 15:117db924cf7c | 234 | const char name[MAX_ECC_NAME]; /* name of this curve */ |
| wolfSSL | 15:117db924cf7c | 235 | const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */ |
| wolfSSL | 15:117db924cf7c | 236 | const char Af[MAX_ECC_STRING]; /* fields A param (hex) */ |
| wolfSSL | 15:117db924cf7c | 237 | const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */ |
| wolfSSL | 15:117db924cf7c | 238 | const char order[MAX_ECC_STRING]; /* order of the curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 239 | const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 240 | const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */ |
| wolfSSL | 15:117db924cf7c | 241 | const ecc_oid_t oid[10]; |
| wolfSSL | 15:117db924cf7c | 242 | word32 oidSz; |
| wolfSSL | 15:117db924cf7c | 243 | word32 oidSum; /* sum of encoded OID bytes */ |
| wolfSSL | 15:117db924cf7c | 244 | int cofactor; |
| wolfSSL | 15:117db924cf7c | 245 | } ecc_set_type; |
| wolfSSL | 15:117db924cf7c | 246 | #endif |
| wolfSSL | 15:117db924cf7c | 247 | |
| wolfSSL | 15:117db924cf7c | 248 | |
| wolfSSL | 15:117db924cf7c | 249 | #ifdef ALT_ECC_SIZE |
| wolfSSL | 15:117db924cf7c | 250 | |
| wolfSSL | 15:117db924cf7c | 251 | /* Note on ALT_ECC_SIZE: |
| wolfSSL | 15:117db924cf7c | 252 | * The fast math code uses an array of a fixed size to store the big integers. |
| wolfSSL | 15:117db924cf7c | 253 | * By default, the array is big enough for RSA keys. There is a size, |
| wolfSSL | 15:117db924cf7c | 254 | * FP_MAX_BITS which can be used to make the array smaller when one wants ECC |
| wolfSSL | 15:117db924cf7c | 255 | * but not RSA. Some people want fast math sized for both RSA and ECC, where |
| wolfSSL | 15:117db924cf7c | 256 | * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate |
| wolfSSL | 15:117db924cf7c | 257 | * ecc_point structure that uses an alternate fp_int that has a shorter array |
| wolfSSL | 15:117db924cf7c | 258 | * of fp_digits. |
| wolfSSL | 15:117db924cf7c | 259 | * |
| wolfSSL | 15:117db924cf7c | 260 | * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of |
| wolfSSL | 15:117db924cf7c | 261 | * mp_ints for the components of the point. With ALT_ECC_SIZE, the components |
| wolfSSL | 15:117db924cf7c | 262 | * of the point are pointers that are set to each of a three item array of |
| wolfSSL | 15:117db924cf7c | 263 | * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the |
| wolfSSL | 15:117db924cf7c | 264 | * structure, the alt_fp_int will only have 528 bits. A size value was added |
| wolfSSL | 15:117db924cf7c | 265 | * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The |
| wolfSSL | 15:117db924cf7c | 266 | * functions fp_zero() and fp_copy() use the size parameter. An int needs to |
| wolfSSL | 15:117db924cf7c | 267 | * be initialized before using it instead of just fp_zeroing it, the init will |
| wolfSSL | 15:117db924cf7c | 268 | * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the |
| wolfSSL | 15:117db924cf7c | 269 | * number of bits used in the alternate FP_INT. |
| wolfSSL | 15:117db924cf7c | 270 | * |
| wolfSSL | 15:117db924cf7c | 271 | * Do not enable ALT_ECC_SIZE and disable fast math in the configuration. |
| wolfSSL | 15:117db924cf7c | 272 | */ |
| wolfSSL | 15:117db924cf7c | 273 | |
| wolfSSL | 15:117db924cf7c | 274 | #ifndef USE_FAST_MATH |
| wolfSSL | 15:117db924cf7c | 275 | #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE |
| wolfSSL | 15:117db924cf7c | 276 | #endif |
| wolfSSL | 15:117db924cf7c | 277 | |
| wolfSSL | 15:117db924cf7c | 278 | /* determine max bits required for ECC math */ |
| wolfSSL | 15:117db924cf7c | 279 | #ifndef FP_MAX_BITS_ECC |
| wolfSSL | 15:117db924cf7c | 280 | /* check alignment */ |
| wolfSSL | 15:117db924cf7c | 281 | #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 |
| wolfSSL | 15:117db924cf7c | 282 | /* max bits is double */ |
| wolfSSL | 15:117db924cf7c | 283 | #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) |
| wolfSSL | 15:117db924cf7c | 284 | #else |
| wolfSSL | 15:117db924cf7c | 285 | /* max bits is doubled, plus one digit of fudge */ |
| wolfSSL | 15:117db924cf7c | 286 | #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) |
| wolfSSL | 15:117db924cf7c | 287 | #endif |
| wolfSSL | 15:117db924cf7c | 288 | #else |
| wolfSSL | 15:117db924cf7c | 289 | /* verify alignment */ |
| wolfSSL | 15:117db924cf7c | 290 | #if FP_MAX_BITS_ECC % CHAR_BIT |
| wolfSSL | 15:117db924cf7c | 291 | #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT |
| wolfSSL | 15:117db924cf7c | 292 | #endif |
| wolfSSL | 15:117db924cf7c | 293 | #endif |
| wolfSSL | 15:117db924cf7c | 294 | |
| wolfSSL | 15:117db924cf7c | 295 | /* determine buffer size */ |
| wolfSSL | 15:117db924cf7c | 296 | #define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT) |
| wolfSSL | 15:117db924cf7c | 297 | |
| wolfSSL | 15:117db924cf7c | 298 | |
| wolfSSL | 15:117db924cf7c | 299 | /* This needs to match the size of the fp_int struct, except the |
| wolfSSL | 15:117db924cf7c | 300 | * fp_digit array will be shorter. */ |
| wolfSSL | 15:117db924cf7c | 301 | typedef struct alt_fp_int { |
| wolfSSL | 15:117db924cf7c | 302 | int used, sign, size; |
| wolfSSL | 15:117db924cf7c | 303 | fp_digit dp[FP_SIZE_ECC]; |
| wolfSSL | 15:117db924cf7c | 304 | } alt_fp_int; |
| wolfSSL | 15:117db924cf7c | 305 | #endif /* ALT_ECC_SIZE */ |
| wolfSSL | 15:117db924cf7c | 306 | |
| wolfSSL | 15:117db924cf7c | 307 | #ifndef WC_ECCKEY_TYPE_DEFINED |
| wolfSSL | 15:117db924cf7c | 308 | typedef struct ecc_key ecc_key; |
| wolfSSL | 15:117db924cf7c | 309 | #define WC_ECCKEY_TYPE_DEFINED |
| wolfSSL | 15:117db924cf7c | 310 | #endif |
| wolfSSL | 15:117db924cf7c | 311 | |
| wolfSSL | 15:117db924cf7c | 312 | |
| wolfSSL | 15:117db924cf7c | 313 | /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) => |
| wolfSSL | 15:117db924cf7c | 314 | (x/z^2, y/z^3, 1) when interpreted as affine */ |
| wolfSSL | 15:117db924cf7c | 315 | typedef struct { |
| wolfSSL | 15:117db924cf7c | 316 | #ifndef ALT_ECC_SIZE |
| wolfSSL | 15:117db924cf7c | 317 | mp_int x[1]; /* The x coordinate */ |
| wolfSSL | 15:117db924cf7c | 318 | mp_int y[1]; /* The y coordinate */ |
| wolfSSL | 15:117db924cf7c | 319 | mp_int z[1]; /* The z coordinate */ |
| wolfSSL | 15:117db924cf7c | 320 | #else |
| wolfSSL | 15:117db924cf7c | 321 | mp_int* x; /* The x coordinate */ |
| wolfSSL | 15:117db924cf7c | 322 | mp_int* y; /* The y coordinate */ |
| wolfSSL | 15:117db924cf7c | 323 | mp_int* z; /* The z coordinate */ |
| wolfSSL | 15:117db924cf7c | 324 | alt_fp_int xyz[3]; |
| wolfSSL | 15:117db924cf7c | 325 | #endif |
| wolfSSL | 15:117db924cf7c | 326 | #ifdef WOLFSSL_SMALL_STACK_CACHE |
| wolfSSL | 15:117db924cf7c | 327 | ecc_key* key; |
| wolfSSL | 15:117db924cf7c | 328 | #endif |
| wolfSSL | 15:117db924cf7c | 329 | } ecc_point; |
| wolfSSL | 15:117db924cf7c | 330 | |
| wolfSSL | 15:117db924cf7c | 331 | /* ECC Flags */ |
| wolfSSL | 15:117db924cf7c | 332 | enum { |
| wolfSSL | 15:117db924cf7c | 333 | WC_ECC_FLAG_NONE = 0x00, |
| wolfSSL | 15:117db924cf7c | 334 | #ifdef HAVE_ECC_CDH |
| wolfSSL | 15:117db924cf7c | 335 | WC_ECC_FLAG_COFACTOR = 0x01, |
| wolfSSL | 15:117db924cf7c | 336 | #endif |
| wolfSSL | 15:117db924cf7c | 337 | }; |
| wolfSSL | 15:117db924cf7c | 338 | |
| wolfSSL | 15:117db924cf7c | 339 | /* An ECC Key */ |
| wolfSSL | 15:117db924cf7c | 340 | struct ecc_key { |
| wolfSSL | 15:117db924cf7c | 341 | int type; /* Public or Private */ |
| wolfSSL | 15:117db924cf7c | 342 | int idx; /* Index into the ecc_sets[] for the parameters of |
| wolfSSL | 15:117db924cf7c | 343 | this curve if -1, this key is using user supplied |
| wolfSSL | 15:117db924cf7c | 344 | curve in dp */ |
| wolfSSL | 15:117db924cf7c | 345 | int state; |
| wolfSSL | 15:117db924cf7c | 346 | word32 flags; |
| wolfSSL | 15:117db924cf7c | 347 | const ecc_set_type* dp; /* domain parameters, either points to NIST |
| wolfSSL | 15:117db924cf7c | 348 | curves (idx >= 0) or user supplied */ |
| wolfSSL | 15:117db924cf7c | 349 | #ifdef WOLFSSL_CUSTOM_CURVES |
| wolfSSL | 15:117db924cf7c | 350 | int deallocSet; |
| wolfSSL | 15:117db924cf7c | 351 | #endif |
| wolfSSL | 15:117db924cf7c | 352 | void* heap; /* heap hint */ |
| wolfSSL | 15:117db924cf7c | 353 | ecc_point pubkey; /* public key */ |
| wolfSSL | 15:117db924cf7c | 354 | mp_int k; /* private key */ |
| wolfSSL | 15:117db924cf7c | 355 | #ifdef WOLFSSL_ATECC508A |
| wolfSSL | 15:117db924cf7c | 356 | int slot; /* Key Slot Number (-1 unknown) */ |
| wolfSSL | 15:117db924cf7c | 357 | byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; |
| wolfSSL | 15:117db924cf7c | 358 | #endif |
| wolfSSL | 15:117db924cf7c | 359 | #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) |
| wolfSSL | 15:117db924cf7c | 360 | int devId; |
| wolfSSL | 15:117db924cf7c | 361 | #endif |
| wolfSSL | 15:117db924cf7c | 362 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 363 | mp_int* r; /* sign/verify temps */ |
| wolfSSL | 15:117db924cf7c | 364 | mp_int* s; |
| wolfSSL | 15:117db924cf7c | 365 | WC_ASYNC_DEV asyncDev; |
| wolfSSL | 15:117db924cf7c | 366 | #ifdef HAVE_CAVIUM_V |
| wolfSSL | 15:117db924cf7c | 367 | mp_int* e; /* Sign, Verify and Shared Secret */ |
| wolfSSL | 15:117db924cf7c | 368 | mp_int* signK; |
| wolfSSL | 15:117db924cf7c | 369 | #endif |
| wolfSSL | 15:117db924cf7c | 370 | #ifdef WOLFSSL_CERT_GEN |
| wolfSSL | 15:117db924cf7c | 371 | CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ |
| wolfSSL | 15:117db924cf7c | 372 | #endif |
| wolfSSL | 15:117db924cf7c | 373 | #endif /* WOLFSSL_ASYNC_CRYPT */ |
| wolfSSL | 15:117db924cf7c | 374 | #ifdef WOLFSSL_SMALL_STACK_CACHE |
| wolfSSL | 15:117db924cf7c | 375 | mp_int* t1; |
| wolfSSL | 15:117db924cf7c | 376 | mp_int* t2; |
| wolfSSL | 15:117db924cf7c | 377 | #ifdef ALT_ECC_SIZE |
| wolfSSL | 15:117db924cf7c | 378 | mp_int* x; |
| wolfSSL | 15:117db924cf7c | 379 | mp_int* y; |
| wolfSSL | 15:117db924cf7c | 380 | mp_int* z; |
| wolfSSL | 15:117db924cf7c | 381 | #endif |
| wolfSSL | 15:117db924cf7c | 382 | #endif |
| wolfSSL | 15:117db924cf7c | 383 | }; |
| wolfSSL | 15:117db924cf7c | 384 | |
| wolfSSL | 15:117db924cf7c | 385 | |
| wolfSSL | 15:117db924cf7c | 386 | /* ECC predefined curve sets */ |
| wolfSSL | 15:117db924cf7c | 387 | extern const ecc_set_type ecc_sets[]; |
| wolfSSL | 15:117db924cf7c | 388 | |
| wolfSSL | 15:117db924cf7c | 389 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 390 | const char* wc_ecc_get_name(int curve_id); |
| wolfSSL | 15:117db924cf7c | 391 | |
| wolfSSL | 15:117db924cf7c | 392 | #ifndef WOLFSSL_ATECC508A |
| wolfSSL | 15:117db924cf7c | 393 | |
| wolfSSL | 15:117db924cf7c | 394 | #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL |
| wolfSSL | 15:117db924cf7c | 395 | #define ECC_API WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 396 | #else |
| wolfSSL | 15:117db924cf7c | 397 | #define ECC_API WOLFSSL_LOCAL |
| wolfSSL | 15:117db924cf7c | 398 | #endif |
| wolfSSL | 15:117db924cf7c | 399 | |
| wolfSSL | 15:117db924cf7c | 400 | ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA, |
| wolfSSL | 15:117db924cf7c | 401 | ecc_point* B, mp_int* kB, |
| wolfSSL | 15:117db924cf7c | 402 | ecc_point* C, mp_int* a, mp_int* modulus, void* heap); |
| wolfSSL | 15:117db924cf7c | 403 | |
| wolfSSL | 15:117db924cf7c | 404 | ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit); |
| wolfSSL | 15:117db924cf7c | 405 | ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, |
| wolfSSL | 15:117db924cf7c | 406 | mp_int* a, mp_int* modulus, mp_digit mp); |
| wolfSSL | 15:117db924cf7c | 407 | ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, |
| wolfSSL | 15:117db924cf7c | 408 | mp_int* modulus, mp_digit mp); |
| wolfSSL | 15:117db924cf7c | 409 | |
| wolfSSL | 15:117db924cf7c | 410 | #endif |
| wolfSSL | 15:117db924cf7c | 411 | |
| wolfSSL | 15:117db924cf7c | 412 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 413 | int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 414 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 415 | int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, |
| wolfSSL | 15:117db924cf7c | 416 | int curve_id); |
| wolfSSL | 15:117db924cf7c | 417 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 418 | int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); |
| wolfSSL | 15:117db924cf7c | 419 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 420 | int wc_ecc_check_key(ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 421 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 422 | int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); |
| wolfSSL | 15:117db924cf7c | 423 | |
| wolfSSL | 15:117db924cf7c | 424 | #ifdef HAVE_ECC_DHE |
| wolfSSL | 15:117db924cf7c | 425 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 426 | int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, |
| wolfSSL | 15:117db924cf7c | 427 | word32* outlen); |
| wolfSSL | 15:117db924cf7c | 428 | WOLFSSL_LOCAL |
| wolfSSL | 15:117db924cf7c | 429 | int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point, |
| wolfSSL | 15:117db924cf7c | 430 | byte* out, word32 *outlen); |
| wolfSSL | 15:117db924cf7c | 431 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 432 | int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, |
| wolfSSL | 15:117db924cf7c | 433 | byte* out, word32 *outlen); |
| wolfSSL | 15:117db924cf7c | 434 | #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ |
| wolfSSL | 15:117db924cf7c | 435 | #endif /* HAVE_ECC_DHE */ |
| wolfSSL | 15:117db924cf7c | 436 | |
| wolfSSL | 15:117db924cf7c | 437 | #ifdef HAVE_ECC_SIGN |
| wolfSSL | 15:117db924cf7c | 438 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 439 | int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, |
| wolfSSL | 15:117db924cf7c | 440 | WC_RNG* rng, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 441 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 442 | int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, |
| wolfSSL | 15:117db924cf7c | 443 | ecc_key* key, mp_int *r, mp_int *s); |
| wolfSSL | 15:117db924cf7c | 444 | #endif /* HAVE_ECC_SIGN */ |
| wolfSSL | 15:117db924cf7c | 445 | |
| wolfSSL | 15:117db924cf7c | 446 | #ifdef HAVE_ECC_VERIFY |
| wolfSSL | 15:117db924cf7c | 447 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 448 | int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, |
| wolfSSL | 15:117db924cf7c | 449 | word32 hashlen, int* stat, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 450 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 451 | int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, |
| wolfSSL | 15:117db924cf7c | 452 | word32 hashlen, int* stat, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 453 | #endif /* HAVE_ECC_VERIFY */ |
| wolfSSL | 15:117db924cf7c | 454 | |
| wolfSSL | 15:117db924cf7c | 455 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 456 | int wc_ecc_init(ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 457 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 458 | int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); |
| wolfSSL | 15:117db924cf7c | 459 | #ifdef WOLFSSL_CUSTOM_CURVES |
| wolfSSL | 15:117db924cf7c | 460 | WOLFSSL_LOCAL |
| wolfSSL | 15:117db924cf7c | 461 | void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); |
| wolfSSL | 15:117db924cf7c | 462 | #endif |
| wolfSSL | 15:117db924cf7c | 463 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 464 | int wc_ecc_free(ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 465 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 466 | int wc_ecc_set_flags(ecc_key* key, word32 flags); |
| wolfSSL | 15:117db924cf7c | 467 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 468 | void wc_ecc_fp_free(void); |
| wolfSSL | 15:117db924cf7c | 469 | |
| wolfSSL | 15:117db924cf7c | 470 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 471 | int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); |
| wolfSSL | 15:117db924cf7c | 472 | |
| wolfSSL | 15:117db924cf7c | 473 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 474 | int wc_ecc_is_valid_idx(int n); |
| wolfSSL | 15:117db924cf7c | 475 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 476 | int wc_ecc_get_curve_idx(int curve_id); |
| wolfSSL | 15:117db924cf7c | 477 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 478 | int wc_ecc_get_curve_id(int curve_idx); |
| wolfSSL | 15:117db924cf7c | 479 | #define wc_ecc_get_curve_name_from_id wc_ecc_get_name |
| wolfSSL | 15:117db924cf7c | 480 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 481 | int wc_ecc_get_curve_size_from_id(int curve_id); |
| wolfSSL | 15:117db924cf7c | 482 | |
| wolfSSL | 15:117db924cf7c | 483 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 484 | int wc_ecc_get_curve_idx_from_name(const char* curveName); |
| wolfSSL | 15:117db924cf7c | 485 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 486 | int wc_ecc_get_curve_size_from_name(const char* curveName); |
| wolfSSL | 15:117db924cf7c | 487 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 488 | int wc_ecc_get_curve_id_from_name(const char* curveName); |
| wolfSSL | 15:117db924cf7c | 489 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 490 | int wc_ecc_get_curve_id_from_params(int fieldSize, |
| wolfSSL | 15:117db924cf7c | 491 | const byte* prime, word32 primeSz, const byte* Af, word32 AfSz, |
| wolfSSL | 15:117db924cf7c | 492 | const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, |
| wolfSSL | 15:117db924cf7c | 493 | const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor); |
| wolfSSL | 15:117db924cf7c | 494 | |
| wolfSSL | 15:117db924cf7c | 495 | |
| wolfSSL | 15:117db924cf7c | 496 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 497 | ecc_point* wc_ecc_new_point(void); |
| wolfSSL | 15:117db924cf7c | 498 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 499 | ecc_point* wc_ecc_new_point_h(void* h); |
| wolfSSL | 15:117db924cf7c | 500 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 501 | void wc_ecc_del_point(ecc_point* p); |
| wolfSSL | 15:117db924cf7c | 502 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 503 | void wc_ecc_del_point_h(ecc_point* p, void* h); |
| wolfSSL | 15:117db924cf7c | 504 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 505 | int wc_ecc_copy_point(ecc_point* p, ecc_point *r); |
| wolfSSL | 15:117db924cf7c | 506 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 507 | int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); |
| wolfSSL | 15:117db924cf7c | 508 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 509 | int wc_ecc_point_is_at_infinity(ecc_point *p); |
| wolfSSL | 15:117db924cf7c | 510 | |
| wolfSSL | 15:117db924cf7c | 511 | #ifndef WOLFSSL_ATECC508A |
| wolfSSL | 15:117db924cf7c | 512 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 513 | int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, |
| wolfSSL | 15:117db924cf7c | 514 | mp_int* a, mp_int* modulus, int map); |
| wolfSSL | 15:117db924cf7c | 515 | WOLFSSL_LOCAL |
| wolfSSL | 15:117db924cf7c | 516 | int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, |
| wolfSSL | 15:117db924cf7c | 517 | mp_int* a, mp_int* modulus, int map, void* heap); |
| wolfSSL | 15:117db924cf7c | 518 | #endif /* !WOLFSSL_ATECC508A */ |
| wolfSSL | 15:117db924cf7c | 519 | |
| wolfSSL | 15:117db924cf7c | 520 | |
| wolfSSL | 15:117db924cf7c | 521 | #ifdef HAVE_ECC_KEY_EXPORT |
| wolfSSL | 15:117db924cf7c | 522 | /* ASN key helpers */ |
| wolfSSL | 15:117db924cf7c | 523 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 524 | int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen); |
| wolfSSL | 15:117db924cf7c | 525 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 526 | int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed); |
| wolfSSL | 15:117db924cf7c | 527 | /* extended functionality with compressed option */ |
| wolfSSL | 15:117db924cf7c | 528 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| wolfSSL | 15:117db924cf7c | 529 | |
| wolfSSL | 15:117db924cf7c | 530 | #ifdef HAVE_ECC_KEY_IMPORT |
| wolfSSL | 15:117db924cf7c | 531 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 532 | int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 533 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 534 | int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, |
| wolfSSL | 15:117db924cf7c | 535 | int curve_id); |
| wolfSSL | 15:117db924cf7c | 536 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 537 | int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, |
| wolfSSL | 15:117db924cf7c | 538 | word32 pubSz, ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 539 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 540 | int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, |
| wolfSSL | 15:117db924cf7c | 541 | const byte* pub, word32 pubSz, ecc_key* key, int curve_id); |
| wolfSSL | 15:117db924cf7c | 542 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 543 | int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen); |
| wolfSSL | 15:117db924cf7c | 544 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 545 | int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz, |
| wolfSSL | 15:117db924cf7c | 546 | byte* out, word32* outlen); |
| wolfSSL | 15:117db924cf7c | 547 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 548 | int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen, |
| wolfSSL | 15:117db924cf7c | 549 | byte* s, word32* sLen); |
| wolfSSL | 15:117db924cf7c | 550 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 551 | int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy, |
| wolfSSL | 15:117db924cf7c | 552 | const char* d, const char* curveName); |
| wolfSSL | 15:117db924cf7c | 553 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 554 | int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy, |
| wolfSSL | 15:117db924cf7c | 555 | const char* d, int curve_id); |
| wolfSSL | 15:117db924cf7c | 556 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 557 | int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy, |
| wolfSSL | 15:117db924cf7c | 558 | byte* d, int curve_id); |
| wolfSSL | 15:117db924cf7c | 559 | #endif /* HAVE_ECC_KEY_IMPORT */ |
| wolfSSL | 15:117db924cf7c | 560 | |
| wolfSSL | 15:117db924cf7c | 561 | #ifdef HAVE_ECC_KEY_EXPORT |
| wolfSSL | 15:117db924cf7c | 562 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 563 | int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); |
| wolfSSL | 15:117db924cf7c | 564 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 565 | int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen, |
| wolfSSL | 15:117db924cf7c | 566 | byte* qy, word32* qyLen); |
| wolfSSL | 15:117db924cf7c | 567 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 568 | int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen, |
| wolfSSL | 15:117db924cf7c | 569 | byte* qy, word32* qyLen, byte* d, word32* dLen); |
| wolfSSL | 15:117db924cf7c | 570 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| wolfSSL | 15:117db924cf7c | 571 | |
| wolfSSL | 15:117db924cf7c | 572 | #ifdef HAVE_ECC_KEY_EXPORT |
| wolfSSL | 15:117db924cf7c | 573 | |
| wolfSSL | 15:117db924cf7c | 574 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 575 | int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, |
| wolfSSL | 15:117db924cf7c | 576 | byte* out, word32* outLen); |
| wolfSSL | 15:117db924cf7c | 577 | #endif /* HAVE_ECC_KEY_EXPORT */ |
| wolfSSL | 15:117db924cf7c | 578 | |
| wolfSSL | 15:117db924cf7c | 579 | |
| wolfSSL | 15:117db924cf7c | 580 | #ifdef HAVE_ECC_KEY_IMPORT |
| wolfSSL | 15:117db924cf7c | 581 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 582 | int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, |
| wolfSSL | 15:117db924cf7c | 583 | ecc_point* point); |
| wolfSSL | 15:117db924cf7c | 584 | #endif /* HAVE_ECC_KEY_IMPORT */ |
| wolfSSL | 15:117db924cf7c | 585 | |
| wolfSSL | 15:117db924cf7c | 586 | /* size helper */ |
| wolfSSL | 15:117db924cf7c | 587 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 588 | int wc_ecc_size(ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 589 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 590 | int wc_ecc_sig_size_calc(int sz); |
| wolfSSL | 15:117db924cf7c | 591 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 592 | int wc_ecc_sig_size(ecc_key* key); |
| wolfSSL | 15:117db924cf7c | 593 | |
| wolfSSL | 15:117db924cf7c | 594 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 595 | int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz); |
| wolfSSL | 15:117db924cf7c | 596 | |
| wolfSSL | 15:117db924cf7c | 597 | #ifdef WOLFSSL_CUSTOM_CURVES |
| wolfSSL | 15:117db924cf7c | 598 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 599 | int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp); |
| wolfSSL | 15:117db924cf7c | 600 | #endif |
| wolfSSL | 15:117db924cf7c | 601 | |
| wolfSSL | 15:117db924cf7c | 602 | #ifdef HAVE_ECC_ENCRYPT |
| wolfSSL | 15:117db924cf7c | 603 | /* ecc encrypt */ |
| wolfSSL | 15:117db924cf7c | 604 | |
| wolfSSL | 15:117db924cf7c | 605 | enum ecEncAlgo { |
| wolfSSL | 15:117db924cf7c | 606 | ecAES_128_CBC = 1, /* default */ |
| wolfSSL | 15:117db924cf7c | 607 | ecAES_256_CBC = 2 |
| wolfSSL | 15:117db924cf7c | 608 | }; |
| wolfSSL | 15:117db924cf7c | 609 | |
| wolfSSL | 15:117db924cf7c | 610 | enum ecKdfAlgo { |
| wolfSSL | 15:117db924cf7c | 611 | ecHKDF_SHA256 = 1, /* default */ |
| wolfSSL | 15:117db924cf7c | 612 | ecHKDF_SHA1 = 2 |
| wolfSSL | 15:117db924cf7c | 613 | }; |
| wolfSSL | 15:117db924cf7c | 614 | |
| wolfSSL | 15:117db924cf7c | 615 | enum ecMacAlgo { |
| wolfSSL | 15:117db924cf7c | 616 | ecHMAC_SHA256 = 1, /* default */ |
| wolfSSL | 15:117db924cf7c | 617 | ecHMAC_SHA1 = 2 |
| wolfSSL | 15:117db924cf7c | 618 | }; |
| wolfSSL | 15:117db924cf7c | 619 | |
| wolfSSL | 15:117db924cf7c | 620 | enum { |
| wolfSSL | 15:117db924cf7c | 621 | KEY_SIZE_128 = 16, |
| wolfSSL | 15:117db924cf7c | 622 | KEY_SIZE_256 = 32, |
| wolfSSL | 15:117db924cf7c | 623 | IV_SIZE_64 = 8, |
| wolfSSL | 15:117db924cf7c | 624 | IV_SIZE_128 = 16, |
| wolfSSL | 15:117db924cf7c | 625 | EXCHANGE_SALT_SZ = 16, |
| wolfSSL | 15:117db924cf7c | 626 | EXCHANGE_INFO_SZ = 23 |
| wolfSSL | 15:117db924cf7c | 627 | }; |
| wolfSSL | 15:117db924cf7c | 628 | |
| wolfSSL | 15:117db924cf7c | 629 | enum ecFlags { |
| wolfSSL | 15:117db924cf7c | 630 | REQ_RESP_CLIENT = 1, |
| wolfSSL | 15:117db924cf7c | 631 | REQ_RESP_SERVER = 2 |
| wolfSSL | 15:117db924cf7c | 632 | }; |
| wolfSSL | 15:117db924cf7c | 633 | |
| wolfSSL | 15:117db924cf7c | 634 | |
| wolfSSL | 15:117db924cf7c | 635 | typedef struct ecEncCtx ecEncCtx; |
| wolfSSL | 15:117db924cf7c | 636 | |
| wolfSSL | 15:117db924cf7c | 637 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 638 | ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); |
| wolfSSL | 15:117db924cf7c | 639 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 640 | ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); |
| wolfSSL | 15:117db924cf7c | 641 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 642 | void wc_ecc_ctx_free(ecEncCtx*); |
| wolfSSL | 15:117db924cf7c | 643 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 644 | int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */ |
| wolfSSL | 15:117db924cf7c | 645 | |
| wolfSSL | 15:117db924cf7c | 646 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 647 | const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); |
| wolfSSL | 15:117db924cf7c | 648 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 649 | int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); |
| wolfSSL | 15:117db924cf7c | 650 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 651 | int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); |
| wolfSSL | 15:117db924cf7c | 652 | |
| wolfSSL | 15:117db924cf7c | 653 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 654 | int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, |
| wolfSSL | 15:117db924cf7c | 655 | word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); |
| wolfSSL | 15:117db924cf7c | 656 | WOLFSSL_API |
| wolfSSL | 15:117db924cf7c | 657 | int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, |
| wolfSSL | 15:117db924cf7c | 658 | word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx); |
| wolfSSL | 15:117db924cf7c | 659 | |
| wolfSSL | 15:117db924cf7c | 660 | #endif /* HAVE_ECC_ENCRYPT */ |
| wolfSSL | 15:117db924cf7c | 661 | |
| wolfSSL | 15:117db924cf7c | 662 | #ifdef HAVE_X963_KDF |
| wolfSSL | 15:117db924cf7c | 663 | WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret, |
| wolfSSL | 15:117db924cf7c | 664 | word32 secretSz, const byte* sinfo, word32 sinfoSz, |
| wolfSSL | 15:117db924cf7c | 665 | byte* out, word32 outSz); |
| wolfSSL | 15:117db924cf7c | 666 | #endif |
| wolfSSL | 15:117db924cf7c | 667 | |
| wolfSSL | 15:117db924cf7c | 668 | #ifdef ECC_CACHE_CURVE |
| wolfSSL | 15:117db924cf7c | 669 | WOLFSSL_API int wc_ecc_curve_cache_init(void); |
| wolfSSL | 15:117db924cf7c | 670 | WOLFSSL_API void wc_ecc_curve_cache_free(void); |
| wolfSSL | 15:117db924cf7c | 671 | #endif |
| wolfSSL | 15:117db924cf7c | 672 | |
| wolfSSL | 15:117db924cf7c | 673 | |
| wolfSSL | 15:117db924cf7c | 674 | #ifdef __cplusplus |
| wolfSSL | 15:117db924cf7c | 675 | } /* extern "C" */ |
| wolfSSL | 15:117db924cf7c | 676 | #endif |
| wolfSSL | 15:117db924cf7c | 677 | |
| wolfSSL | 15:117db924cf7c | 678 | #endif /* HAVE_ECC */ |
| wolfSSL | 15:117db924cf7c | 679 | #endif /* WOLF_CRYPT_ECC_H */ |
| wolfSSL | 15:117db924cf7c | 680 |