ReactOS  0.4.15-dev-509-g96a357b
ecp.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  *
10  * This file is provided under the Apache License 2.0, or the
11  * GNU General Public License v2.0 or later.
12  *
13  * **********
14  * Apache License 2.0:
15  *
16  * Licensed under the Apache License, Version 2.0 (the "License"); you may
17  * not use this file except in compliance with the License.
18  * You may obtain a copy of the License at
19  *
20  * http://www.apache.org/licenses/LICENSE-2.0
21  *
22  * Unless required by applicable law or agreed to in writing, software
23  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25  * See the License for the specific language governing permissions and
26  * limitations under the License.
27  *
28  * **********
29  *
30  * **********
31  * GNU General Public License v2.0 or later:
32  *
33  * This program is free software; you can redistribute it and/or modify
34  * it under the terms of the GNU General Public License as published by
35  * the Free Software Foundation; either version 2 of the License, or
36  * (at your option) any later version.
37  *
38  * This program is distributed in the hope that it will be useful,
39  * but WITHOUT ANY WARRANTY; without even the implied warranty of
40  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41  * GNU General Public License for more details.
42  *
43  * You should have received a copy of the GNU General Public License along
44  * with this program; if not, write to the Free Software Foundation, Inc.,
45  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46  *
47  * **********
48  *
49  * This file is part of mbed TLS (https://tls.mbed.org)
50  */
51 #ifndef MBEDTLS_ECP_H
52 #define MBEDTLS_ECP_H
53 
54 #if !defined(MBEDTLS_CONFIG_FILE)
55 #include "config.h"
56 #else
57 #include MBEDTLS_CONFIG_FILE
58 #endif
59 
60 #include "bignum.h"
61 
62 /*
63  * ECP error codes
64  */
65 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
66 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
67 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
68 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
69 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
70 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
71 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
72 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
73 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80
75 #if !defined(MBEDTLS_ECP_ALT)
76 /*
77  * default mbed TLS elliptic curve arithmetic implementation
78  *
79  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
80  * alternative implementation for the whole module and it will replace this
81  * one.)
82  */
83 
84 #ifdef __cplusplus
85 extern "C" {
86 #endif
87 
97 typedef enum
98 {
99  MBEDTLS_ECP_DP_NONE = 0,
100  MBEDTLS_ECP_DP_SECP192R1,
101  MBEDTLS_ECP_DP_SECP224R1,
102  MBEDTLS_ECP_DP_SECP256R1,
103  MBEDTLS_ECP_DP_SECP384R1,
104  MBEDTLS_ECP_DP_SECP521R1,
105  MBEDTLS_ECP_DP_BP256R1,
106  MBEDTLS_ECP_DP_BP384R1,
107  MBEDTLS_ECP_DP_BP512R1,
108  MBEDTLS_ECP_DP_CURVE25519,
109  MBEDTLS_ECP_DP_SECP192K1,
110  MBEDTLS_ECP_DP_SECP224K1,
111  MBEDTLS_ECP_DP_SECP256K1,
112 } mbedtls_ecp_group_id;
113 
119 #define MBEDTLS_ECP_DP_MAX 12
120 
124 typedef struct
125 {
126  mbedtls_ecp_group_id grp_id;
127  uint16_t tls_id;
128  uint16_t bit_size;
129  const char *name;
130 } mbedtls_ecp_curve_info;
131 
141 typedef struct
142 {
143  mbedtls_mpi X;
144  mbedtls_mpi Y;
145  mbedtls_mpi Z;
146 }
147 mbedtls_ecp_point;
148 
173 typedef struct
174 {
175  mbedtls_ecp_group_id id;
176  mbedtls_mpi P;
177  mbedtls_mpi A;
178  mbedtls_mpi B;
179  mbedtls_ecp_point G;
180  mbedtls_mpi N;
181  size_t pbits;
182  size_t nbits;
183  unsigned int h;
184  int (*modp)(mbedtls_mpi *);
185  int (*t_pre)(mbedtls_ecp_point *, void *);
186  int (*t_post)(mbedtls_ecp_point *, void *);
187  void *t_data;
188  mbedtls_ecp_point *T;
189  size_t T_size;
190 }
191 mbedtls_ecp_group;
192 
200 typedef struct
201 {
202  mbedtls_ecp_group grp;
203  mbedtls_mpi d;
204  mbedtls_ecp_point Q;
205 }
206 mbedtls_ecp_keypair;
207 
216 #if !defined(MBEDTLS_ECP_MAX_BITS)
217 
220 #define MBEDTLS_ECP_MAX_BITS 521
221 #endif
222 
223 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
224 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
225 
226 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
227 /*
228  * Maximum "window" size used for point multiplication.
229  * Default: 6.
230  * Minimum value: 2. Maximum value: 7.
231  *
232  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
233  * points used for point multiplication. This value is directly tied to EC
234  * peak memory usage, so decreasing it by one should roughly cut memory usage
235  * by two (if large curves are in use).
236  *
237  * Reduction in size may reduce speed, but larger curves are impacted first.
238  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
239  * w-size: 6 5 4 3 2
240  * 521 145 141 135 120 97
241  * 384 214 209 198 177 146
242  * 256 320 320 303 262 226
243 
244  * 224 475 475 453 398 342
245  * 192 640 640 633 587 476
246  */
247 #define MBEDTLS_ECP_WINDOW_SIZE 6
248 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
249 
250 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
251 /*
252  * Trade memory for speed on fixed-point multiplication.
253  *
254  * This speeds up repeated multiplication of the generator (that is, the
255  * multiplication in ECDSA signatures, and half of the multiplications in
256  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
257  *
258  * The cost is increasing EC peak memory usage by a factor roughly 2.
259  *
260  * Change this value to 0 to reduce peak memory usage.
261  */
262 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
263 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
264 
265 /* \} name SECTION: Module settings */
266 
267 /*
268  * Point formats, from RFC 4492's enum ECPointFormat
269  */
270 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0
271 #define MBEDTLS_ECP_PF_COMPRESSED 1
273 /*
274  * Some other constants from RFC 4492
275  */
276 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3
284 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
285 
293 const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
294 
302 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
303 
311 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
312 
320 const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
321 
325 void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
326 
330 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
331 
335 void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
336 
340 void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
341 
345 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
346 
350 void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
351 
361 int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
362 
372 int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
373 
382 int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
383 
391 int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
392 
405 int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
406  const mbedtls_ecp_point *Q );
407 
418 int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
419  const char *x, const char *y );
420 
435 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
436  int format, size_t *olen,
437  unsigned char *buf, size_t buflen );
438 
457 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
458  const unsigned char *buf, size_t ilen );
459 
474 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
475  const unsigned char **buf, size_t len );
476 
491 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
492  int format, size_t *olen,
493  unsigned char *buf, size_t blen );
494 
508 int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
509 
523 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
524 
536 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
537  unsigned char *buf, size_t blen );
538 
568 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
569  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
570  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
571 
592 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
593  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
594  const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
595 
617 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
618 
632 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
633 
645 int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
646  mbedtls_mpi *d,
647  int (*f_rng)(void *, unsigned char *, size_t),
648  void *p_rng );
649 
667 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
668  const mbedtls_ecp_point *G,
669  mbedtls_mpi *d, mbedtls_ecp_point *Q,
670  int (*f_rng)(void *, unsigned char *, size_t),
671  void *p_rng );
672 
689 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
690  int (*f_rng)(void *, unsigned char *, size_t),
691  void *p_rng );
692 
704 int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
705  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
706 
717 int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
718 
719 #if defined(MBEDTLS_SELF_TEST)
720 
726 int mbedtls_ecp_self_test( int verbose );
727 
728 #endif /* MBEDTLS_SELF_TEST */
729 
730 #ifdef __cplusplus
731 }
732 #endif
733 
734 #else /* MBEDTLS_ECP_ALT */
735 #include "ecp_alt.h"
736 #endif /* MBEDTLS_ECP_ALT */
737 
738 #endif /* ecp.h */
mbedtls_ecp_curve_info::tls_id
uint16_t tls_id
Definition: ecp.h:127
G
#define G(r, i, a, b, c, d)
Definition: blake2b-ref.c:117
mbedtls_ecp_is_zero
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
Tell if a point is zero.
mbedtls_ecp_group::N
mbedtls_mpi N
Definition: ecp.h:180
R
#define R(b, x)
Definition: sha2.c:134
mbedtls_ecp_point::Z
mbedtls_mpi Z
Definition: ecp.h:145
mbedtls_ecp_muladd
int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
Multiplication and addition of two points by integers: R = m * P + n * Q (Not thread-safe to use same...
mbedtls_ecp_check_pub_priv
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
Check a public-private key pair.
mbedtls_ecp_point_read_binary
int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
pt
#define pt(x, y)
Definition: drawing.c:79
mbedtls_ecp_point::Y
mbedtls_mpi Y
Definition: ecp.h:144
mbedtls_ecp_keypair::grp
mbedtls_ecp_group grp
Definition: ecp.h:202
mbedtls_ecp_keypair
ECP key pair structure.
Definition: ecp.h:200
n
GLdouble n
Definition: glext.h:7729
mbedtls_ecp_set_zero
int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
Set a point to zero.
x
GLint GLint GLint GLint GLint x
Definition: gl.h:1548
mbedtls_ecp_copy
int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
Copy the contents of point Q into P.
mbedtls_ecp_grp_id_list
const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void)
Get the list of supported curves in order of preferrence (grp_id only)
mbedtls_ecp_group_copy
int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
Copy the contents of a group object.
uint16_t
unsigned short int uint16_t
Definition: acefiex.h:54
mbedtls_ecp_group::nbits
size_t nbits
Definition: ecp.h:182
mbedtls_ecp_gen_keypair
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
m
const GLfloat * m
Definition: glext.h:10848
format
GLint GLint GLsizei GLsizei GLsizei GLint GLenum format
Definition: gl.h:1546
mbedtls_ecp_point_free
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
Free the components of a point.
mbedtls_ecp_gen_privkey
int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, mbedtls_mpi *d, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a private key.
mbedtls_ecp_keypair_init
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
Initialize a key pair (as an invalid one)
verbose
#define verbose
Definition: rosglue.h:36
mbedtls_ecp_group::pbits
size_t pbits
Definition: ecp.h:181
mbedtls_ecp_point::X
mbedtls_mpi X
Definition: ecp.h:143
mbedtls_ecp_curve_info
Definition: ecp.h:124
bignum.h
Multi-precision integer library.
mbedtls_ecp_gen_key
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
mbedtls_ecp_group
ECP group structure.
Definition: ecp.h:173
mbedtls_ecp_check_privkey
int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, const mbedtls_mpi *d)
Check that an mbedtls_mpi is a valid private key for this curve.
mbedtls_ecp_group::id
mbedtls_ecp_group_id id
Definition: ecp.h:175
mbedtls_ecp_curve_info_from_grp_id
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
Get curve information from an internal group identifier.
mbedtls_ecp_tls_write_group
int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
mbedtls_ecp_group_free
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
Free the components of an ECP group.
mbedtls_ecp_mul
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads)
mbedtls_ecp_check_pubkey
int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
Check that a point is a valid public key on this curve.
mbedtls_ecp_group::A
mbedtls_mpi A
Definition: ecp.h:177
mbedtls_ecp_group::P
mbedtls_mpi P
Definition: ecp.h:176
mbedtls_ecp_keypair_free
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
Free the components of a key pair.
d
#define d
Definition: ke_i.h:81
mbedtls_ecp_tls_read_group
int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
mbedtls_ecp_keypair::Q
mbedtls_ecp_point Q
Definition: ecp.h:204
mbedtls_ecp_group::t_data
void * t_data
Definition: ecp.h:187
mbedtls_ecp_point_init
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
Initialize a point (as zero)
mbedtls_ecp_group_id
mbedtls_ecp_group_id
Definition: ecp.h:97
mbedtls_ecp_point_read_string
int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
mbedtls_ecp_point_write_binary
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
Export a point into unsigned binary data.
len
GLenum GLsizei len
Definition: glext.h:6722
mbedtls_ecp_curve_info_from_tls_id
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
Get curve information from a TLS NamedCurve value.
mbedtls_ecp_tls_read_point
int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
src
GLenum src
Definition: glext.h:6340
mbedtls_ecp_curve_info::grp_id
mbedtls_ecp_group_id grp_id
Definition: ecp.h:126
mbedtls_ecp_gen_keypair_base
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair with configurable base point.
P
#define P(row, col)
mbedtls_ecp_keypair::d
mbedtls_mpi d
Definition: ecp.h:203
mbedtls_ecp_group::h
unsigned int h
Definition: ecp.h:183
mbedtls_ecp_point_cmp
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
Compare two points.
mbedtls_ecp_tls_write_point
int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
mbedtls_ecp_group::T_size
size_t T_size
Definition: ecp.h:189
mbedtls_ecp_group::T
mbedtls_ecp_point * T
Definition: ecp.h:188
mbedtls_ecp_group::G
mbedtls_ecp_point G
Definition: ecp.h:179
mbedtls_mpi
MPI structure.
Definition: bignum.h:207
dst
GLenum GLenum dst
Definition: glext.h:6340
y
GLint GLint GLint GLint GLint GLint y
Definition: gl.h:1548
mbedtls_ecp_point
ECP point structure (jacobian coordinates)
Definition: ecp.h:141
name
Definition: name.c:38
mbedtls_ecp_curve_info_from_name
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name(const char *name)
Get curve information from a human-readable name.
mbedtls_ecp_curve_info::name
const char * name
Definition: ecp.h:129
mbedtls_ecp_group_load
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
Set a group using well-known domain parameters.
mbedtls_ecp_curve_info::bit_size
uint16_t bit_size
Definition: ecp.h:128
mbedtls_ecp_group::B
mbedtls_mpi B
Definition: ecp.h:178
key
Definition: path.c:41
mbedtls_ecp_group_init
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
Initialize a group (to something meaningless)
int
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31