wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/wolfcrypt/ecc.h@11:cee25a834751, 2017-05-30 (annotated)

Committer:
wolfSSL
Date:
Tue May 30 01:44:10 2017 +0000
Revision:
11:cee25a834751
wolfSSL 3.11.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 11:cee25a834751 1 /* ecc.h
wolfSSL 11:cee25a834751 2 *
wolfSSL 11:cee25a834751 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 11:cee25a834751 4 *
wolfSSL 11:cee25a834751 5 * This file is part of wolfSSL.
wolfSSL 11:cee25a834751 6 *
wolfSSL 11:cee25a834751 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 11:cee25a834751 8 * it under the terms of the GNU General Public License as published by
wolfSSL 11:cee25a834751 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 11:cee25a834751 10 * (at your option) any later version.
wolfSSL 11:cee25a834751 11 *
wolfSSL 11:cee25a834751 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 11:cee25a834751 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 11:cee25a834751 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 11:cee25a834751 15 * GNU General Public License for more details.
wolfSSL 11:cee25a834751 16 *
wolfSSL 11:cee25a834751 17 * You should have received a copy of the GNU General Public License
wolfSSL 11:cee25a834751 18 * along with this program; if not, write to the Free Software
wolfSSL 11:cee25a834751 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 11:cee25a834751 20 */
wolfSSL 11:cee25a834751 21
wolfSSL 11:cee25a834751 22
wolfSSL 11:cee25a834751 23 #ifndef WOLF_CRYPT_ECC_H
wolfSSL 11:cee25a834751 24 #define WOLF_CRYPT_ECC_H
wolfSSL 11:cee25a834751 25
wolfSSL 11:cee25a834751 26 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 11:cee25a834751 27
wolfSSL 11:cee25a834751 28 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 29
wolfSSL 11:cee25a834751 30 #include <wolfssl/wolfcrypt/integer.h>
wolfSSL 11:cee25a834751 31 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 11:cee25a834751 32
wolfSSL 11:cee25a834751 33 #ifdef HAVE_X963_KDF
wolfSSL 11:cee25a834751 34 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 11:cee25a834751 35 #endif
wolfSSL 11:cee25a834751 36
wolfSSL 11:cee25a834751 37 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 38 #include <wolfssl/wolfcrypt/async.h>
wolfSSL 11:cee25a834751 39 #ifdef WOLFSSL_CERT_GEN
wolfSSL 11:cee25a834751 40 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 11:cee25a834751 41 #endif
wolfSSL 11:cee25a834751 42 #endif
wolfSSL 11:cee25a834751 43
wolfSSL 11:cee25a834751 44 #ifdef WOLFSSL_ATECC508A
wolfSSL 11:cee25a834751 45 #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
wolfSSL 11:cee25a834751 46 #endif /* WOLFSSL_ATECC508A */
wolfSSL 11:cee25a834751 47
wolfSSL 11:cee25a834751 48
wolfSSL 11:cee25a834751 49 #ifdef __cplusplus
wolfSSL 11:cee25a834751 50 extern "C" {
wolfSSL 11:cee25a834751 51 #endif
wolfSSL 11:cee25a834751 52
wolfSSL 11:cee25a834751 53
wolfSSL 11:cee25a834751 54 /* Enable curve B parameter if needed */
wolfSSL 11:cee25a834751 55 #if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
wolfSSL 11:cee25a834751 56 #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */
wolfSSL 11:cee25a834751 57 #define USE_ECC_B_PARAM
wolfSSL 11:cee25a834751 58 #endif
wolfSSL 11:cee25a834751 59 #endif
wolfSSL 11:cee25a834751 60
wolfSSL 11:cee25a834751 61
wolfSSL 11:cee25a834751 62 /* Use this as the key->idx if a custom ecc_set is used for key->dp */
wolfSSL 11:cee25a834751 63 #define ECC_CUSTOM_IDX (-1)
wolfSSL 11:cee25a834751 64
wolfSSL 11:cee25a834751 65
wolfSSL 11:cee25a834751 66 /* Determine max ECC bits based on enabled curves */
wolfSSL 11:cee25a834751 67 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 68 #define MAX_ECC_BITS 521
wolfSSL 11:cee25a834751 69 #elif defined(HAVE_ECC512)
wolfSSL 11:cee25a834751 70 #define MAX_ECC_BITS 512
wolfSSL 11:cee25a834751 71 #elif defined(HAVE_ECC384)
wolfSSL 11:cee25a834751 72 #define MAX_ECC_BITS 384
wolfSSL 11:cee25a834751 73 #elif defined(HAVE_ECC320)
wolfSSL 11:cee25a834751 74 #define MAX_ECC_BITS 320
wolfSSL 11:cee25a834751 75 #elif defined(HAVE_ECC239)
wolfSSL 11:cee25a834751 76 #define MAX_ECC_BITS 239
wolfSSL 11:cee25a834751 77 #elif defined(HAVE_ECC224)
wolfSSL 11:cee25a834751 78 #define MAX_ECC_BITS 224
wolfSSL 11:cee25a834751 79 #elif !defined(NO_ECC256)
wolfSSL 11:cee25a834751 80 #define MAX_ECC_BITS 256
wolfSSL 11:cee25a834751 81 #elif defined(HAVE_ECC192)
wolfSSL 11:cee25a834751 82 #define MAX_ECC_BITS 192
wolfSSL 11:cee25a834751 83 #elif defined(HAVE_ECC160)
wolfSSL 11:cee25a834751 84 #define MAX_ECC_BITS 160
wolfSSL 11:cee25a834751 85 #elif defined(HAVE_ECC128)
wolfSSL 11:cee25a834751 86 #define MAX_ECC_BITS 128
wolfSSL 11:cee25a834751 87 #elif defined(HAVE_ECC112)
wolfSSL 11:cee25a834751 88 #define MAX_ECC_BITS 112
wolfSSL 11:cee25a834751 89 #endif
wolfSSL 11:cee25a834751 90
wolfSSL 11:cee25a834751 91 /* calculate max ECC bytes */
wolfSSL 11:cee25a834751 92 #if ((MAX_ECC_BITS * 2) % 8) == 0
wolfSSL 11:cee25a834751 93 #define MAX_ECC_BYTES (MAX_ECC_BITS / 8)
wolfSSL 11:cee25a834751 94 #else
wolfSSL 11:cee25a834751 95 /* add byte if not aligned */
wolfSSL 11:cee25a834751 96 #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1)
wolfSSL 11:cee25a834751 97 #endif
wolfSSL 11:cee25a834751 98
wolfSSL 11:cee25a834751 99
wolfSSL 11:cee25a834751 100 enum {
wolfSSL 11:cee25a834751 101 ECC_PUBLICKEY = 1,
wolfSSL 11:cee25a834751 102 ECC_PRIVATEKEY = 2,
wolfSSL 11:cee25a834751 103 ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
wolfSSL 11:cee25a834751 104 SIG_HEADER_SZ = 6, /* ECC signature header size */
wolfSSL 11:cee25a834751 105 ECC_BUFSIZE = 256, /* for exported keys temp buffer */
wolfSSL 11:cee25a834751 106 ECC_MINSIZE = 20, /* MIN Private Key size */
wolfSSL 11:cee25a834751 107 ECC_MAXSIZE = 66, /* MAX Private Key size */
wolfSSL 11:cee25a834751 108 ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
wolfSSL 11:cee25a834751 109 ECC_MAX_PAD_SZ = 4, /* ECC maximum padding size */
wolfSSL 11:cee25a834751 110 ECC_MAX_OID_LEN = 16,
wolfSSL 11:cee25a834751 111 ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ)
wolfSSL 11:cee25a834751 112 };
wolfSSL 11:cee25a834751 113
wolfSSL 11:cee25a834751 114 /* Curve Types */
wolfSSL 11:cee25a834751 115 typedef enum ecc_curve_id {
wolfSSL 11:cee25a834751 116 ECC_CURVE_INVALID = -1,
wolfSSL 11:cee25a834751 117 ECC_CURVE_DEF = 0, /* NIST or SECP */
wolfSSL 11:cee25a834751 118
wolfSSL 11:cee25a834751 119 /* NIST Prime Curves */
wolfSSL 11:cee25a834751 120 ECC_SECP192R1,
wolfSSL 11:cee25a834751 121 ECC_PRIME192V2,
wolfSSL 11:cee25a834751 122 ECC_PRIME192V3,
wolfSSL 11:cee25a834751 123 ECC_PRIME239V1,
wolfSSL 11:cee25a834751 124 ECC_PRIME239V2,
wolfSSL 11:cee25a834751 125 ECC_PRIME239V3,
wolfSSL 11:cee25a834751 126 ECC_SECP256R1,
wolfSSL 11:cee25a834751 127
wolfSSL 11:cee25a834751 128 /* SECP Curves */
wolfSSL 11:cee25a834751 129 ECC_SECP112R1,
wolfSSL 11:cee25a834751 130 ECC_SECP112R2,
wolfSSL 11:cee25a834751 131 ECC_SECP128R1,
wolfSSL 11:cee25a834751 132 ECC_SECP128R2,
wolfSSL 11:cee25a834751 133 ECC_SECP160R1,
wolfSSL 11:cee25a834751 134 ECC_SECP160R2,
wolfSSL 11:cee25a834751 135 ECC_SECP224R1,
wolfSSL 11:cee25a834751 136 ECC_SECP384R1,
wolfSSL 11:cee25a834751 137 ECC_SECP521R1,
wolfSSL 11:cee25a834751 138
wolfSSL 11:cee25a834751 139 /* Koblitz */
wolfSSL 11:cee25a834751 140 ECC_SECP160K1,
wolfSSL 11:cee25a834751 141 ECC_SECP192K1,
wolfSSL 11:cee25a834751 142 ECC_SECP224K1,
wolfSSL 11:cee25a834751 143 ECC_SECP256K1,
wolfSSL 11:cee25a834751 144
wolfSSL 11:cee25a834751 145 /* Brainpool Curves */
wolfSSL 11:cee25a834751 146 ECC_BRAINPOOLP160R1,
wolfSSL 11:cee25a834751 147 ECC_BRAINPOOLP192R1,
wolfSSL 11:cee25a834751 148 ECC_BRAINPOOLP224R1,
wolfSSL 11:cee25a834751 149 ECC_BRAINPOOLP256R1,
wolfSSL 11:cee25a834751 150 ECC_BRAINPOOLP320R1,
wolfSSL 11:cee25a834751 151 ECC_BRAINPOOLP384R1,
wolfSSL 11:cee25a834751 152 ECC_BRAINPOOLP512R1,
wolfSSL 11:cee25a834751 153 } ecc_curve_id;
wolfSSL 11:cee25a834751 154
wolfSSL 11:cee25a834751 155 #ifdef HAVE_OID_ENCODING
wolfSSL 11:cee25a834751 156 typedef word16 ecc_oid_t;
wolfSSL 11:cee25a834751 157 #else
wolfSSL 11:cee25a834751 158 typedef byte ecc_oid_t;
wolfSSL 11:cee25a834751 159 /* OID encoded with ASN scheme:
wolfSSL 11:cee25a834751 160 first element = (oid[0] * 40) + oid[1]
wolfSSL 11:cee25a834751 161 if any element > 127 then MSB 0x80 indicates additional byte */
wolfSSL 11:cee25a834751 162 #endif
wolfSSL 11:cee25a834751 163
wolfSSL 11:cee25a834751 164 /* ECC set type defined a GF(p) curve */
wolfSSL 11:cee25a834751 165 typedef struct ecc_set_type {
wolfSSL 11:cee25a834751 166 int size; /* The size of the curve in octets */
wolfSSL 11:cee25a834751 167 int id; /* id of this curve */
wolfSSL 11:cee25a834751 168 const char* name; /* name of this curve */
wolfSSL 11:cee25a834751 169 const char* prime; /* prime that defines the field, curve is in (hex) */
wolfSSL 11:cee25a834751 170 const char* Af; /* fields A param (hex) */
wolfSSL 11:cee25a834751 171 const char* Bf; /* fields B param (hex) */
wolfSSL 11:cee25a834751 172 const char* order; /* order of the curve (hex) */
wolfSSL 11:cee25a834751 173 const char* Gx; /* x coordinate of the base point on curve (hex) */
wolfSSL 11:cee25a834751 174 const char* Gy; /* y coordinate of the base point on curve (hex) */
wolfSSL 11:cee25a834751 175 const ecc_oid_t* oid;
wolfSSL 11:cee25a834751 176 word32 oidSz;
wolfSSL 11:cee25a834751 177 word32 oidSum; /* sum of encoded OID bytes */
wolfSSL 11:cee25a834751 178 int cofactor;
wolfSSL 11:cee25a834751 179 } ecc_set_type;
wolfSSL 11:cee25a834751 180
wolfSSL 11:cee25a834751 181
wolfSSL 11:cee25a834751 182 #ifdef ALT_ECC_SIZE
wolfSSL 11:cee25a834751 183
wolfSSL 11:cee25a834751 184 /* Note on ALT_ECC_SIZE:
wolfSSL 11:cee25a834751 185 * The fast math code uses an array of a fixed size to store the big integers.
wolfSSL 11:cee25a834751 186 * By default, the array is big enough for RSA keys. There is a size,
wolfSSL 11:cee25a834751 187 * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
wolfSSL 11:cee25a834751 188 * but not RSA. Some people want fast math sized for both RSA and ECC, where
wolfSSL 11:cee25a834751 189 * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
wolfSSL 11:cee25a834751 190 * ecc_point structure that uses an alternate fp_int that has a shorter array
wolfSSL 11:cee25a834751 191 * of fp_digits.
wolfSSL 11:cee25a834751 192 *
wolfSSL 11:cee25a834751 193 * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
wolfSSL 11:cee25a834751 194 * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
wolfSSL 11:cee25a834751 195 * of the point are pointers that are set to each of a three item array of
wolfSSL 11:cee25a834751 196 * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
wolfSSL 11:cee25a834751 197 * structure, the alt_fp_int will only have 528 bits. A size value was added
wolfSSL 11:cee25a834751 198 * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
wolfSSL 11:cee25a834751 199 * functions fp_zero() and fp_copy() use the size parameter. An int needs to
wolfSSL 11:cee25a834751 200 * be initialized before using it instead of just fp_zeroing it, the init will
wolfSSL 11:cee25a834751 201 * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
wolfSSL 11:cee25a834751 202 * number of bits used in the alternate FP_INT.
wolfSSL 11:cee25a834751 203 *
wolfSSL 11:cee25a834751 204 * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
wolfSSL 11:cee25a834751 205 */
wolfSSL 11:cee25a834751 206
wolfSSL 11:cee25a834751 207 #ifndef USE_FAST_MATH
wolfSSL 11:cee25a834751 208 #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
wolfSSL 11:cee25a834751 209 #endif
wolfSSL 11:cee25a834751 210
wolfSSL 11:cee25a834751 211 /* determine max bits required for ECC math */
wolfSSL 11:cee25a834751 212 #ifndef FP_MAX_BITS_ECC
wolfSSL 11:cee25a834751 213 /* check alignment */
wolfSSL 11:cee25a834751 214 #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
wolfSSL 11:cee25a834751 215 /* max bits is double */
wolfSSL 11:cee25a834751 216 #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2)
wolfSSL 11:cee25a834751 217 #else
wolfSSL 11:cee25a834751 218 /* max bits is doubled, plus one digit of fudge */
wolfSSL 11:cee25a834751 219 #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT)
wolfSSL 11:cee25a834751 220 #endif
wolfSSL 11:cee25a834751 221 #else
wolfSSL 11:cee25a834751 222 /* verify alignment */
wolfSSL 11:cee25a834751 223 #if FP_MAX_BITS_ECC % CHAR_BIT
wolfSSL 11:cee25a834751 224 #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
wolfSSL 11:cee25a834751 225 #endif
wolfSSL 11:cee25a834751 226 #endif
wolfSSL 11:cee25a834751 227
wolfSSL 11:cee25a834751 228 /* determine buffer size */
wolfSSL 11:cee25a834751 229 #define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT)
wolfSSL 11:cee25a834751 230
wolfSSL 11:cee25a834751 231
wolfSSL 11:cee25a834751 232 /* This needs to match the size of the fp_int struct, except the
wolfSSL 11:cee25a834751 233 * fp_digit array will be shorter. */
wolfSSL 11:cee25a834751 234 typedef struct alt_fp_int {
wolfSSL 11:cee25a834751 235 int used, sign, size;
wolfSSL 11:cee25a834751 236 fp_digit dp[FP_SIZE_ECC];
wolfSSL 11:cee25a834751 237 } alt_fp_int;
wolfSSL 11:cee25a834751 238 #endif /* ALT_ECC_SIZE */
wolfSSL 11:cee25a834751 239
wolfSSL 11:cee25a834751 240
wolfSSL 11:cee25a834751 241 /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
wolfSSL 11:cee25a834751 242 (x/z^2, y/z^3, 1) when interpreted as affine */
wolfSSL 11:cee25a834751 243 typedef struct {
wolfSSL 11:cee25a834751 244 #ifndef ALT_ECC_SIZE
wolfSSL 11:cee25a834751 245 mp_int x[1]; /* The x coordinate */
wolfSSL 11:cee25a834751 246 mp_int y[1]; /* The y coordinate */
wolfSSL 11:cee25a834751 247 mp_int z[1]; /* The z coordinate */
wolfSSL 11:cee25a834751 248 #else
wolfSSL 11:cee25a834751 249 mp_int* x; /* The x coordinate */
wolfSSL 11:cee25a834751 250 mp_int* y; /* The y coordinate */
wolfSSL 11:cee25a834751 251 mp_int* z; /* The z coordinate */
wolfSSL 11:cee25a834751 252 alt_fp_int xyz[3];
wolfSSL 11:cee25a834751 253 #endif
wolfSSL 11:cee25a834751 254 } ecc_point;
wolfSSL 11:cee25a834751 255
wolfSSL 11:cee25a834751 256 /* ECC Flags */
wolfSSL 11:cee25a834751 257 enum {
wolfSSL 11:cee25a834751 258 WC_ECC_FLAG_NONE = 0x00,
wolfSSL 11:cee25a834751 259 #ifdef HAVE_ECC_CDH
wolfSSL 11:cee25a834751 260 WC_ECC_FLAG_COFACTOR = 0x01,
wolfSSL 11:cee25a834751 261 #endif
wolfSSL 11:cee25a834751 262 };
wolfSSL 11:cee25a834751 263
wolfSSL 11:cee25a834751 264 /* An ECC Key */
wolfSSL 11:cee25a834751 265 struct ecc_key {
wolfSSL 11:cee25a834751 266 int type; /* Public or Private */
wolfSSL 11:cee25a834751 267 int idx; /* Index into the ecc_sets[] for the parameters of
wolfSSL 11:cee25a834751 268 this curve if -1, this key is using user supplied
wolfSSL 11:cee25a834751 269 curve in dp */
wolfSSL 11:cee25a834751 270 int state;
wolfSSL 11:cee25a834751 271 word32 flags;
wolfSSL 11:cee25a834751 272 const ecc_set_type* dp; /* domain parameters, either points to NIST
wolfSSL 11:cee25a834751 273 curves (idx >= 0) or user supplied */
wolfSSL 11:cee25a834751 274 void* heap; /* heap hint */
wolfSSL 11:cee25a834751 275 #ifdef WOLFSSL_ATECC508A
wolfSSL 11:cee25a834751 276 int slot; /* Key Slot Number (-1 unknown) */
wolfSSL 11:cee25a834751 277 byte pubkey[PUB_KEY_SIZE];
wolfSSL 11:cee25a834751 278 #else
wolfSSL 11:cee25a834751 279 ecc_point pubkey; /* public key */
wolfSSL 11:cee25a834751 280 mp_int k; /* private key */
wolfSSL 11:cee25a834751 281 #endif
wolfSSL 11:cee25a834751 282 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 283 mp_int* r; /* sign/verify temps */
wolfSSL 11:cee25a834751 284 mp_int* s;
wolfSSL 11:cee25a834751 285 WC_ASYNC_DEV asyncDev;
wolfSSL 11:cee25a834751 286 #ifdef WOLFSSL_CERT_GEN
wolfSSL 11:cee25a834751 287 CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
wolfSSL 11:cee25a834751 288 #endif
wolfSSL 11:cee25a834751 289 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 290 };
wolfSSL 11:cee25a834751 291
wolfSSL 11:cee25a834751 292 #ifndef WC_ECCKEY_TYPE_DEFINED
wolfSSL 11:cee25a834751 293 typedef struct ecc_key ecc_key;
wolfSSL 11:cee25a834751 294 #define WC_ECCKEY_TYPE_DEFINED
wolfSSL 11:cee25a834751 295 #endif
wolfSSL 11:cee25a834751 296
wolfSSL 11:cee25a834751 297
wolfSSL 11:cee25a834751 298 /* ECC predefined curve sets */
wolfSSL 11:cee25a834751 299 extern const ecc_set_type ecc_sets[];
wolfSSL 11:cee25a834751 300
wolfSSL 11:cee25a834751 301 WOLFSSL_API
wolfSSL 11:cee25a834751 302 const char* wc_ecc_get_name(int curve_id);
wolfSSL 11:cee25a834751 303
wolfSSL 11:cee25a834751 304 #ifndef WOLFSSL_ATECC508A
wolfSSL 11:cee25a834751 305
wolfSSL 11:cee25a834751 306 #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
wolfSSL 11:cee25a834751 307 #define ECC_API WOLFSSL_API
wolfSSL 11:cee25a834751 308 #else
wolfSSL 11:cee25a834751 309 #define ECC_API WOLFSSL_LOCAL
wolfSSL 11:cee25a834751 310 #endif
wolfSSL 11:cee25a834751 311
wolfSSL 11:cee25a834751 312 ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
wolfSSL 11:cee25a834751 313 ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
wolfSSL 11:cee25a834751 314 mp_int* a, mp_int* modulus, mp_digit mp);
wolfSSL 11:cee25a834751 315 ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
wolfSSL 11:cee25a834751 316 mp_int* modulus, mp_digit mp);
wolfSSL 11:cee25a834751 317
wolfSSL 11:cee25a834751 318 #endif
wolfSSL 11:cee25a834751 319
wolfSSL 11:cee25a834751 320 WOLFSSL_API
wolfSSL 11:cee25a834751 321 int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
wolfSSL 11:cee25a834751 322 WOLFSSL_API
wolfSSL 11:cee25a834751 323 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
wolfSSL 11:cee25a834751 324 int curve_id);
wolfSSL 11:cee25a834751 325 WOLFSSL_API
wolfSSL 11:cee25a834751 326 int wc_ecc_check_key(ecc_key* key);
wolfSSL 11:cee25a834751 327 WOLFSSL_API
wolfSSL 11:cee25a834751 328 int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
wolfSSL 11:cee25a834751 329
wolfSSL 11:cee25a834751 330 #ifdef HAVE_ECC_DHE
wolfSSL 11:cee25a834751 331 WOLFSSL_API
wolfSSL 11:cee25a834751 332 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
wolfSSL 11:cee25a834751 333 word32* outlen);
wolfSSL 11:cee25a834751 334 WOLFSSL_LOCAL
wolfSSL 11:cee25a834751 335 int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
wolfSSL 11:cee25a834751 336 byte* out, word32 *outlen);
wolfSSL 11:cee25a834751 337 WOLFSSL_API
wolfSSL 11:cee25a834751 338 int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
wolfSSL 11:cee25a834751 339 byte* out, word32 *outlen);
wolfSSL 11:cee25a834751 340 #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
wolfSSL 11:cee25a834751 341 #endif /* HAVE_ECC_DHE */
wolfSSL 11:cee25a834751 342
wolfSSL 11:cee25a834751 343 #ifdef HAVE_ECC_SIGN
wolfSSL 11:cee25a834751 344 WOLFSSL_API
wolfSSL 11:cee25a834751 345 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
wolfSSL 11:cee25a834751 346 WC_RNG* rng, ecc_key* key);
wolfSSL 11:cee25a834751 347 WOLFSSL_API
wolfSSL 11:cee25a834751 348 int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
wolfSSL 11:cee25a834751 349 ecc_key* key, mp_int *r, mp_int *s);
wolfSSL 11:cee25a834751 350 #endif /* HAVE_ECC_SIGN */
wolfSSL 11:cee25a834751 351
wolfSSL 11:cee25a834751 352 #ifdef HAVE_ECC_VERIFY
wolfSSL 11:cee25a834751 353 WOLFSSL_API
wolfSSL 11:cee25a834751 354 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
wolfSSL 11:cee25a834751 355 word32 hashlen, int* stat, ecc_key* key);
wolfSSL 11:cee25a834751 356 WOLFSSL_API
wolfSSL 11:cee25a834751 357 int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
wolfSSL 11:cee25a834751 358 word32 hashlen, int* stat, ecc_key* key);
wolfSSL 11:cee25a834751 359 #endif /* HAVE_ECC_VERIFY */
wolfSSL 11:cee25a834751 360
wolfSSL 11:cee25a834751 361 WOLFSSL_API
wolfSSL 11:cee25a834751 362 int wc_ecc_init(ecc_key* key);
wolfSSL 11:cee25a834751 363 WOLFSSL_API
wolfSSL 11:cee25a834751 364 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
wolfSSL 11:cee25a834751 365 WOLFSSL_API
wolfSSL 11:cee25a834751 366 void wc_ecc_free(ecc_key* key);
wolfSSL 11:cee25a834751 367 WOLFSSL_API
wolfSSL 11:cee25a834751 368 int wc_ecc_set_flags(ecc_key* key, word32 flags);
wolfSSL 11:cee25a834751 369 WOLFSSL_API
wolfSSL 11:cee25a834751 370 void wc_ecc_fp_free(void);
wolfSSL 11:cee25a834751 371
wolfSSL 11:cee25a834751 372 WOLFSSL_API
wolfSSL 11:cee25a834751 373 int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
wolfSSL 11:cee25a834751 374
wolfSSL 11:cee25a834751 375 WOLFSSL_API
wolfSSL 11:cee25a834751 376 int wc_ecc_is_valid_idx(int n);
wolfSSL 11:cee25a834751 377 WOLFSSL_API
wolfSSL 11:cee25a834751 378 int wc_ecc_get_curve_idx(int curve_id);
wolfSSL 11:cee25a834751 379 WOLFSSL_API
wolfSSL 11:cee25a834751 380 int wc_ecc_get_curve_id(int curve_idx);
wolfSSL 11:cee25a834751 381 #define wc_ecc_get_curve_name_from_id wc_ecc_get_name
wolfSSL 11:cee25a834751 382 WOLFSSL_API
wolfSSL 11:cee25a834751 383 int wc_ecc_get_curve_size_from_id(int curve_id);
wolfSSL 11:cee25a834751 384
wolfSSL 11:cee25a834751 385 WOLFSSL_API
wolfSSL 11:cee25a834751 386 int wc_ecc_get_curve_idx_from_name(const char* curveName);
wolfSSL 11:cee25a834751 387 WOLFSSL_API
wolfSSL 11:cee25a834751 388 int wc_ecc_get_curve_size_from_name(const char* curveName);
wolfSSL 11:cee25a834751 389 WOLFSSL_API
wolfSSL 11:cee25a834751 390 int wc_ecc_get_curve_id_from_name(const char* curveName);
wolfSSL 11:cee25a834751 391 WOLFSSL_API
wolfSSL 11:cee25a834751 392 int wc_ecc_get_curve_id_from_params(int fieldSize,
wolfSSL 11:cee25a834751 393 const byte* prime, word32 primeSz, const byte* Af, word32 AfSz,
wolfSSL 11:cee25a834751 394 const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
wolfSSL 11:cee25a834751 395 const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
wolfSSL 11:cee25a834751 396
wolfSSL 11:cee25a834751 397 #ifndef WOLFSSL_ATECC508A
wolfSSL 11:cee25a834751 398
wolfSSL 11:cee25a834751 399 WOLFSSL_API
wolfSSL 11:cee25a834751 400 ecc_point* wc_ecc_new_point(void);
wolfSSL 11:cee25a834751 401 WOLFSSL_API
wolfSSL 11:cee25a834751 402 ecc_point* wc_ecc_new_point_h(void* h);
wolfSSL 11:cee25a834751 403 WOLFSSL_API
wolfSSL 11:cee25a834751 404 void wc_ecc_del_point(ecc_point* p);
wolfSSL 11:cee25a834751 405 WOLFSSL_API
wolfSSL 11:cee25a834751 406 void wc_ecc_del_point_h(ecc_point* p, void* h);
wolfSSL 11:cee25a834751 407 WOLFSSL_API
wolfSSL 11:cee25a834751 408 int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
wolfSSL 11:cee25a834751 409 WOLFSSL_API
wolfSSL 11:cee25a834751 410 int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
wolfSSL 11:cee25a834751 411 WOLFSSL_API
wolfSSL 11:cee25a834751 412 int wc_ecc_point_is_at_infinity(ecc_point *p);
wolfSSL 11:cee25a834751 413 WOLFSSL_API
wolfSSL 11:cee25a834751 414 int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
wolfSSL 11:cee25a834751 415 mp_int* a, mp_int* modulus, int map);
wolfSSL 11:cee25a834751 416 WOLFSSL_LOCAL
wolfSSL 11:cee25a834751 417 int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
wolfSSL 11:cee25a834751 418 mp_int* a, mp_int* modulus, int map, void* heap);
wolfSSL 11:cee25a834751 419 #endif /* !WOLFSSL_ATECC508A */
wolfSSL 11:cee25a834751 420
wolfSSL 11:cee25a834751 421
wolfSSL 11:cee25a834751 422 #ifdef HAVE_ECC_KEY_EXPORT
wolfSSL 11:cee25a834751 423 /* ASN key helpers */
wolfSSL 11:cee25a834751 424 WOLFSSL_API
wolfSSL 11:cee25a834751 425 int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
wolfSSL 11:cee25a834751 426 WOLFSSL_API
wolfSSL 11:cee25a834751 427 int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
wolfSSL 11:cee25a834751 428 /* extended functionality with compressed option */
wolfSSL 11:cee25a834751 429 #endif /* HAVE_ECC_KEY_EXPORT */
wolfSSL 11:cee25a834751 430
wolfSSL 11:cee25a834751 431 #ifdef HAVE_ECC_KEY_IMPORT
wolfSSL 11:cee25a834751 432 WOLFSSL_API
wolfSSL 11:cee25a834751 433 int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
wolfSSL 11:cee25a834751 434 WOLFSSL_API
wolfSSL 11:cee25a834751 435 int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
wolfSSL 11:cee25a834751 436 int curve_id);
wolfSSL 11:cee25a834751 437 WOLFSSL_API
wolfSSL 11:cee25a834751 438 int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
wolfSSL 11:cee25a834751 439 word32 pubSz, ecc_key* key);
wolfSSL 11:cee25a834751 440 WOLFSSL_API
wolfSSL 11:cee25a834751 441 int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
wolfSSL 11:cee25a834751 442 const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
wolfSSL 11:cee25a834751 443 WOLFSSL_API
wolfSSL 11:cee25a834751 444 int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
wolfSSL 11:cee25a834751 445 WOLFSSL_API
wolfSSL 11:cee25a834751 446 int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
wolfSSL 11:cee25a834751 447 byte* s, word32* sLen);
wolfSSL 11:cee25a834751 448 WOLFSSL_API
wolfSSL 11:cee25a834751 449 int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
wolfSSL 11:cee25a834751 450 const char* d, const char* curveName);
wolfSSL 11:cee25a834751 451 WOLFSSL_API
wolfSSL 11:cee25a834751 452 int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
wolfSSL 11:cee25a834751 453 const char* d, int curve_id);
wolfSSL 11:cee25a834751 454 #endif /* HAVE_ECC_KEY_IMPORT */
wolfSSL 11:cee25a834751 455
wolfSSL 11:cee25a834751 456 #ifdef HAVE_ECC_KEY_EXPORT
wolfSSL 11:cee25a834751 457 WOLFSSL_API
wolfSSL 11:cee25a834751 458 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
wolfSSL 11:cee25a834751 459 WOLFSSL_API
wolfSSL 11:cee25a834751 460 int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
wolfSSL 11:cee25a834751 461 byte* qy, word32* qyLen);
wolfSSL 11:cee25a834751 462 WOLFSSL_API
wolfSSL 11:cee25a834751 463 int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
wolfSSL 11:cee25a834751 464 byte* qy, word32* qyLen, byte* d, word32* dLen);
wolfSSL 11:cee25a834751 465 #endif /* HAVE_ECC_KEY_EXPORT */
wolfSSL 11:cee25a834751 466
wolfSSL 11:cee25a834751 467 #ifdef HAVE_ECC_KEY_EXPORT
wolfSSL 11:cee25a834751 468
wolfSSL 11:cee25a834751 469 WOLFSSL_API
wolfSSL 11:cee25a834751 470 int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
wolfSSL 11:cee25a834751 471 byte* out, word32* outLen);
wolfSSL 11:cee25a834751 472 #endif /* HAVE_ECC_KEY_EXPORT */
wolfSSL 11:cee25a834751 473
wolfSSL 11:cee25a834751 474
wolfSSL 11:cee25a834751 475 #ifdef HAVE_ECC_KEY_IMPORT
wolfSSL 11:cee25a834751 476 WOLFSSL_API
wolfSSL 11:cee25a834751 477 int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
wolfSSL 11:cee25a834751 478 ecc_point* point);
wolfSSL 11:cee25a834751 479 #endif /* HAVE_ECC_KEY_IMPORT */
wolfSSL 11:cee25a834751 480
wolfSSL 11:cee25a834751 481 /* size helper */
wolfSSL 11:cee25a834751 482 WOLFSSL_API
wolfSSL 11:cee25a834751 483 int wc_ecc_size(ecc_key* key);
wolfSSL 11:cee25a834751 484 WOLFSSL_API
wolfSSL 11:cee25a834751 485 int wc_ecc_sig_size(ecc_key* key);
wolfSSL 11:cee25a834751 486
wolfSSL 11:cee25a834751 487 WOLFSSL_API
wolfSSL 11:cee25a834751 488 int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
wolfSSL 11:cee25a834751 489
wolfSSL 11:cee25a834751 490 #ifdef WOLFSSL_CUSTOM_CURVES
wolfSSL 11:cee25a834751 491 WOLFSSL_API
wolfSSL 11:cee25a834751 492 int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
wolfSSL 11:cee25a834751 493 #endif
wolfSSL 11:cee25a834751 494
wolfSSL 11:cee25a834751 495 #ifdef HAVE_ECC_ENCRYPT
wolfSSL 11:cee25a834751 496 /* ecc encrypt */
wolfSSL 11:cee25a834751 497
wolfSSL 11:cee25a834751 498 enum ecEncAlgo {
wolfSSL 11:cee25a834751 499 ecAES_128_CBC = 1, /* default */
wolfSSL 11:cee25a834751 500 ecAES_256_CBC = 2
wolfSSL 11:cee25a834751 501 };
wolfSSL 11:cee25a834751 502
wolfSSL 11:cee25a834751 503 enum ecKdfAlgo {
wolfSSL 11:cee25a834751 504 ecHKDF_SHA256 = 1, /* default */
wolfSSL 11:cee25a834751 505 ecHKDF_SHA1 = 2
wolfSSL 11:cee25a834751 506 };
wolfSSL 11:cee25a834751 507
wolfSSL 11:cee25a834751 508 enum ecMacAlgo {
wolfSSL 11:cee25a834751 509 ecHMAC_SHA256 = 1, /* default */
wolfSSL 11:cee25a834751 510 ecHMAC_SHA1 = 2
wolfSSL 11:cee25a834751 511 };
wolfSSL 11:cee25a834751 512
wolfSSL 11:cee25a834751 513 enum {
wolfSSL 11:cee25a834751 514 KEY_SIZE_128 = 16,
wolfSSL 11:cee25a834751 515 KEY_SIZE_256 = 32,
wolfSSL 11:cee25a834751 516 IV_SIZE_64 = 8,
wolfSSL 11:cee25a834751 517 IV_SIZE_128 = 16,
wolfSSL 11:cee25a834751 518 EXCHANGE_SALT_SZ = 16,
wolfSSL 11:cee25a834751 519 EXCHANGE_INFO_SZ = 23
wolfSSL 11:cee25a834751 520 };
wolfSSL 11:cee25a834751 521
wolfSSL 11:cee25a834751 522 enum ecFlags {
wolfSSL 11:cee25a834751 523 REQ_RESP_CLIENT = 1,
wolfSSL 11:cee25a834751 524 REQ_RESP_SERVER = 2
wolfSSL 11:cee25a834751 525 };
wolfSSL 11:cee25a834751 526
wolfSSL 11:cee25a834751 527
wolfSSL 11:cee25a834751 528 typedef struct ecEncCtx ecEncCtx;
wolfSSL 11:cee25a834751 529
wolfSSL 11:cee25a834751 530 WOLFSSL_API
wolfSSL 11:cee25a834751 531 ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
wolfSSL 11:cee25a834751 532 WOLFSSL_API
wolfSSL 11:cee25a834751 533 ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
wolfSSL 11:cee25a834751 534 WOLFSSL_API
wolfSSL 11:cee25a834751 535 void wc_ecc_ctx_free(ecEncCtx*);
wolfSSL 11:cee25a834751 536 WOLFSSL_API
wolfSSL 11:cee25a834751 537 int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
wolfSSL 11:cee25a834751 538
wolfSSL 11:cee25a834751 539 WOLFSSL_API
wolfSSL 11:cee25a834751 540 const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
wolfSSL 11:cee25a834751 541 WOLFSSL_API
wolfSSL 11:cee25a834751 542 int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
wolfSSL 11:cee25a834751 543 WOLFSSL_API
wolfSSL 11:cee25a834751 544 int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
wolfSSL 11:cee25a834751 545
wolfSSL 11:cee25a834751 546 WOLFSSL_API
wolfSSL 11:cee25a834751 547 int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 11:cee25a834751 548 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 11:cee25a834751 549 WOLFSSL_API
wolfSSL 11:cee25a834751 550 int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
wolfSSL 11:cee25a834751 551 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
wolfSSL 11:cee25a834751 552
wolfSSL 11:cee25a834751 553 #endif /* HAVE_ECC_ENCRYPT */
wolfSSL 11:cee25a834751 554
wolfSSL 11:cee25a834751 555 #ifdef HAVE_X963_KDF
wolfSSL 11:cee25a834751 556 WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret,
wolfSSL 11:cee25a834751 557 word32 secretSz, const byte* sinfo, word32 sinfoSz,
wolfSSL 11:cee25a834751 558 byte* out, word32 outSz);
wolfSSL 11:cee25a834751 559 #endif
wolfSSL 11:cee25a834751 560
wolfSSL 11:cee25a834751 561 #ifdef ECC_CACHE_CURVE
wolfSSL 11:cee25a834751 562 WOLFSSL_API int wc_ecc_curve_cache_init(void);
wolfSSL 11:cee25a834751 563 WOLFSSL_API void wc_ecc_curve_cache_free(void);
wolfSSL 11:cee25a834751 564 #endif
wolfSSL 11:cee25a834751 565
wolfSSL 11:cee25a834751 566
wolfSSL 11:cee25a834751 567 #ifdef __cplusplus
wolfSSL 11:cee25a834751 568 } /* extern "C" */
wolfSSL 11:cee25a834751 569 #endif
wolfSSL 11:cee25a834751 570
wolfSSL 11:cee25a834751 571 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 572 #endif /* WOLF_CRYPT_ECC_H */
wolfSSL 11:cee25a834751 573