ecp.h

Go to the documentation of this file.

#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H

#include "bignum.h"

/*
 * ECP error codes
 */
#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 
#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 
#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 
#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 
#if !defined(MBEDTLS_ECP_ALT)
/*
 * default mbed TLS elliptic curve arithmetic implementation
 *
 * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
 * alternative implementation for the whole module and it will replace this
 * one.)
 */

#ifdef __cplusplus
extern "C" {
#endif

typedef enum
{
 MBEDTLS_ECP_DP_NONE = 0,
 MBEDTLS_ECP_DP_SECP192R1, 
 MBEDTLS_ECP_DP_SECP224R1, 
 MBEDTLS_ECP_DP_SECP256R1, 
 MBEDTLS_ECP_DP_SECP384R1, 
 MBEDTLS_ECP_DP_SECP521R1, 
 MBEDTLS_ECP_DP_BP256R1, 
 MBEDTLS_ECP_DP_BP384R1, 
 MBEDTLS_ECP_DP_BP512R1, 
 MBEDTLS_ECP_DP_CURVE25519, 
 MBEDTLS_ECP_DP_SECP192K1, 
 MBEDTLS_ECP_DP_SECP224K1, 
 MBEDTLS_ECP_DP_SECP256K1 
} mbedtls_ecp_group_id;

#define MBEDTLS_ECP_DP_MAX 12

typedef struct
{
 mbedtls_ecp_group_id grp_id; 
 uint16_t tls_id; 
 uint16_t bit_size; 
 const char *name; 
} mbedtls_ecp_curve_info;

typedef struct
{
 mbedtls_mpi X; 
 mbedtls_mpi Y; 
 mbedtls_mpi Z; 
}
mbedtls_ecp_point;

typedef struct
{
 mbedtls_ecp_group_id id; 
 mbedtls_mpi P; 
 mbedtls_mpi A; 
 mbedtls_mpi B; 
 mbedtls_ecp_point G; 
 mbedtls_mpi N; 
 size_t pbits; 
 size_t nbits; 
 unsigned int h; 
 int (*modp)(mbedtls_mpi *); 
 int (*t_pre)(mbedtls_ecp_point *, void *); 
 int (*t_post)(mbedtls_ecp_point *, void *); 
 void *t_data; 
 mbedtls_ecp_point *T; 
 size_t T_size; 
}
mbedtls_ecp_group;

typedef struct
{
 mbedtls_ecp_group grp; 
 mbedtls_mpi d; 
 mbedtls_ecp_point Q; 
}
mbedtls_ecp_keypair;

#if !defined(MBEDTLS_ECP_MAX_BITS)

#define MBEDTLS_ECP_MAX_BITS 521 
#endif

#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
 * Maximum "window" size used for point multiplication.
 * Default: 6.
 * Minimum value: 2. Maximum value: 7.
 *
 * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
 * points used for point multiplication. This value is directly tied to EC
 * peak memory usage, so decreasing it by one should roughly cut memory usage
 * by two (if large curves are in use).
 *
 * Reduction in size may reduce speed, but larger curves are impacted first.
 * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
 * w-size: 6 5 4 3 2
 * 521 145 141 135 120 97
 * 384 214 209 198 177 146
 * 256 320 320 303 262 226

 * 224 475 475 453 398 342
 * 192 640 640 633 587 476
 */
#define MBEDTLS_ECP_WINDOW_SIZE 6 
#endif /* MBEDTLS_ECP_WINDOW_SIZE */

#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
/*
 * Trade memory for speed on fixed-point multiplication.
 *
 * This speeds up repeated multiplication of the generator (that is, the
 * multiplication in ECDSA signatures, and half of the multiplications in
 * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
 *
 * The cost is increasing EC peak memory usage by a factor roughly 2.
 *
 * Change this value to 0 to reduce peak memory usage.
 */
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

/* \} name SECTION: Module settings */

/*
 * Point formats, from RFC 4492's enum ECPointFormat
 */
#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 
#define MBEDTLS_ECP_PF_COMPRESSED 1 
/*
 * Some other constants from RFC 4492
 */
#define MBEDTLS_ECP_TLS_NAMED_CURVE 3 
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );

const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );

const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );

const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );

const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );

void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );

void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );

void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );

void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );

void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );

void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );

int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );

int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );

int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );

int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );

int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
 const mbedtls_ecp_point *Q );

int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
 const char *x, const char *y );

int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
 int format, size_t *olen,
 unsigned char *buf, size_t buflen );

int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
 const unsigned char *buf, size_t ilen );

int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
 const unsigned char **buf, size_t len );

int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
 int format, size_t *olen,
 unsigned char *buf, size_t blen );

int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );

int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );

int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
 unsigned char *buf, size_t blen );

int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
 const mbedtls_mpi *m, const mbedtls_ecp_point *P,
 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
 const mbedtls_mpi *m, const mbedtls_ecp_point *P,
 const mbedtls_mpi *n, const mbedtls_ecp_point *Q );

int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );

int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );

int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
 const mbedtls_ecp_point *G,
 mbedtls_mpi *d, mbedtls_ecp_point *Q,
 int (*f_rng)(void *, unsigned char *, size_t),
 void *p_rng );

int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
 int (*f_rng)(void *, unsigned char *, size_t),
 void *p_rng );

int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );

#if defined(MBEDTLS_SELF_TEST)

int mbedtls_ecp_self_test( int verbose );

#endif /* MBEDTLS_SELF_TEST */

#ifdef __cplusplus
}
#endif

#else /* MBEDTLS_ECP_ALT */
#include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */

#endif /* ecp.h */