mbed TLS v2.9.0
ecp.h
Go to the documentation of this file.
1 
17 /*
18  * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
19  * SPDX-License-Identifier: Apache-2.0
20  *
21  * Licensed under the Apache License, Version 2.0 (the "License"); you may
22  * not use this file except in compliance with the License.
23  * You may obtain a copy of the License at
24  *
25  * http://www.apache.org/licenses/LICENSE-2.0
26  *
27  * Unless required by applicable law or agreed to in writing, software
28  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
29  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
30  * See the License for the specific language governing permissions and
31  * limitations under the License.
32  *
33  * This file is part of Mbed TLS (https://tls.mbed.org)
34  */
35 
36 #ifndef MBEDTLS_ECP_H
37 #define MBEDTLS_ECP_H
38 
39 #include "bignum.h"
40 
41 /*
42  * ECP error codes
43  */
44 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
45 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
46 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
47 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
48 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
49 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
50 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
51 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
52 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80
54 #ifdef __cplusplus
55 extern "C" {
56 #endif
57 
67 typedef enum
68 {
84 
90 #define MBEDTLS_ECP_DP_MAX 12
91 
95 typedef struct
96 {
98  uint16_t tls_id;
99  uint16_t bit_size;
100  const char *name;
102 
114 typedef struct
115 {
119 }
121 
122 #if !defined(MBEDTLS_ECP_ALT)
123 /*
124  * default mbed TLS elliptic curve arithmetic implementation
125  *
126  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
127  * alternative implementation for the whole module and it will replace this
128  * one.)
129  */
130 
159 typedef struct
160 {
169  size_t pbits;
170  size_t nbits;
173  unsigned int h;
174  int (*modp)(mbedtls_mpi *);
176  int (*t_pre)(mbedtls_ecp_point *, void *);
177  int (*t_post)(mbedtls_ecp_point *, void *);
178  void *t_data;
180  size_t T_size;
181 }
183 
192 #if !defined(MBEDTLS_ECP_MAX_BITS)
193 
196 #define MBEDTLS_ECP_MAX_BITS 521
197 #endif
198 
199 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
200 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
201 
202 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
203 /*
204  * Maximum "window" size used for point multiplication.
205  * Default: 6.
206  * Minimum value: 2. Maximum value: 7.
207  *
208  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
209  * points used for point multiplication. This value is directly tied to EC
210  * peak memory usage, so decreasing it by one should roughly cut memory usage
211  * by two (if large curves are in use).
212  *
213  * Reduction in size may reduce speed, but larger curves are impacted first.
214  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
215  * w-size: 6 5 4 3 2
216  * 521 145 141 135 120 97
217  * 384 214 209 198 177 146
218  * 256 320 320 303 262 226
219  * 224 475 475 453 398 342
220  * 192 640 640 633 587 476
221  */
222 #define MBEDTLS_ECP_WINDOW_SIZE 6
223 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
224 
225 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
226 /*
227  * Trade memory for speed on fixed-point multiplication.
228  *
229  * This speeds up repeated multiplication of the generator (that is, the
230  * multiplication in ECDSA signatures, and half of the multiplications in
231  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
232  *
233  * The cost is increasing EC peak memory usage by a factor roughly 2.
234  *
235  * Change this value to 0 to reduce peak memory usage.
236  */
237 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
238 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
239 
240 /* \} name SECTION: Module settings */
241 
242 #else /* MBEDTLS_ECP_ALT */
243 #include "ecp_alt.h"
244 #endif /* MBEDTLS_ECP_ALT */
245 
254 typedef struct
255 {
259 }
261 
262 /*
263  * Point formats, from RFC 4492's enum ECPointFormat
264  */
265 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0
266 #define MBEDTLS_ECP_PF_COMPRESSED 1
268 /*
269  * Some other constants from RFC 4492
270  */
271 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3
280 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
281 
291 
302 
313 
324 
331 
342 
349 
356 
362 
368 
380 
392 
402 
412 
426  const mbedtls_ecp_point *Q );
427 
441  const char *x, const char *y );
442 
458  int format, size_t *olen,
459  unsigned char *buf, size_t buflen );
460 
481  const unsigned char *buf, size_t ilen );
482 
499  const unsigned char **buf, size_t len );
500 
517  int format, size_t *olen,
518  unsigned char *buf, size_t blen );
519 
537 
552 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
553 
565 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
566  unsigned char *buf, size_t blen );
567 
597  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
598  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
599 
623  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
624  const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
625 
650 
666 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
667 
689  const mbedtls_ecp_point *G,
691  int (*f_rng)(void *, unsigned char *, size_t),
692  void *p_rng );
693 
713  int (*f_rng)(void *, unsigned char *, size_t),
714  void *p_rng );
715 
729  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
730 
747 
748 #if defined(MBEDTLS_SELF_TEST)
749 
756 int mbedtls_ecp_self_test( int verbose );
757 
758 #endif /* MBEDTLS_SELF_TEST */
759 
760 #ifdef __cplusplus
761 }
762 #endif
763 
764 #endif /* ecp.h */
uint16_t tls_id
Definition: ecp.h:98
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
This function checks if a point is zero.
mbedtls_mpi N
Definition: ecp.h:168
mbedtls_mpi Z
Definition: ecp.h:118
int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
This function performs multiplication and addition of two points by integers: R = m * P + n * Q...
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
This function checks that the keypair objects pub and prv have the same group and the same public poi...
int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen)
This function imports a point from unsigned binary data.
mbedtls_mpi Y
Definition: ecp.h:117
mbedtls_ecp_group grp
Definition: ecp.h:256
The ECP key-pair structure.
Definition: ecp.h:254
int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
This function sets a point to zero.
int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
This function copies the contents of point Q into point P.
const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void)
This function retrieves the list of internal group identifiers of all supported curves in the order o...
int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
This function copies the contents of group src into group dst.
size_t nbits
Definition: ecp.h:170
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates an ECP keypair.
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
This function frees the components of a point.
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
This function initializes a key pair as an invalid one.
size_t pbits
Definition: ecp.h:169
mbedtls_mpi X
Definition: ecp.h:116
Multi-precision integer library.
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates an ECP key.
The ECP group structure.
Definition: ecp.h:159
int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, const mbedtls_mpi *d)
This function checks that an mbedtls_mpi is a valid private key for this curve.
mbedtls_ecp_group_id id
Definition: ecp.h:161
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
This function retrieves curve information from an internal group identifier.
int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
This function writes the TLS ECParameters record for a group.
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
This function frees the components of an ECP group.
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function performs multiplication of a point by an integer: R = m * P.
int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
This function checks that a point is a valid public key on this curve.
mbedtls_mpi A
Definition: ecp.h:163
mbedtls_mpi P
Definition: ecp.h:162
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
This function frees the components of a key pair.
int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len)
This function sets a group from a TLS ECParameters record.
mbedtls_ecp_point Q
Definition: ecp.h:258
void * t_data
Definition: ecp.h:178
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
This function initializes a point as zero.
mbedtls_ecp_group_id
Definition: ecp.h:67
int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, const char *x, const char *y)
This function imports a non-zero point from two ASCII strings.
int mbedtls_ecp_self_test(int verbose)
The ECP checkup routine.
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
This function exports a point into unsigned binary data.
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
This function retrieves curve information from a TLS NamedCurve value.
int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len)
This function imports a point from a TLS ECPoint record.
mbedtls_ecp_group_id grp_id
Definition: ecp.h:97
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates a keypair with a configurable base point.
mbedtls_mpi d
Definition: ecp.h:257
unsigned int h
Definition: ecp.h:173
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
This function compares two points.
int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
This function exports a point as a TLS ECPoint record.
size_t T_size
Definition: ecp.h:180
mbedtls_ecp_point * T
Definition: ecp.h:179
mbedtls_ecp_point G
Definition: ecp.h:167
MPI structure.
Definition: bignum.h:180
The ECP point structure, in Jacobian coordinates.
Definition: ecp.h:114
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name(const char *name)
This function retrieves curve information from a human-readable name.
const char * name
Definition: ecp.h:100
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
This function sets a group using standardized domain parameters.
uint16_t bit_size
Definition: ecp.h:99
mbedtls_mpi B
Definition: ecp.h:165
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
This function initializes an ECP group context without loading any domain parameters.