PolarSSL v1.3.3
ecp.h
Go to the documentation of this file.
1 
27 #ifndef POLARSSL_ECP_H
28 #define POLARSSL_ECP_H
29 
30 #include "bignum.h"
31 
32 /*
33  * ECP error codes
34  */
35 #define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80
36 #define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
37 #define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
38 #define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00
39 #define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80
40 #define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00
41 #define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46 
56 typedef enum
57 {
71 } ecp_group_id;
72 
78 #define POLARSSL_ECP_DP_MAX 9
79 
83 typedef struct
84 {
86  uint16_t tls_id;
87  uint16_t size;
88  const char *name;
90 
100 typedef struct
101 {
102  mpi X;
103  mpi Y;
104  mpi Z;
105 }
106 ecp_point;
107 
129 typedef struct
130 {
132  mpi P;
133  mpi A;
134  mpi B;
136  mpi N;
137  size_t pbits;
138  size_t nbits;
139  unsigned int h;
140  int (*modp)(mpi *);
141  int (*t_pre)(ecp_point *, void *);
142  int (*t_post)(ecp_point *, void *);
143  void *t_data;
145  size_t T_size;
146 }
147 ecp_group;
148 
156 typedef struct
157 {
159  mpi d;
161 }
163 
164 #if !defined(POLARSSL_CONFIG_OPTIONS)
165 
168 #define POLARSSL_ECP_MAX_BITS 521
169 #endif
170 
171 #define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 )
172 #define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
173 
174 #if !defined(POLARSSL_CONFIG_OPTIONS)
175 /*
176  * Maximum "window" size used for point multiplication.
177  * Default: 6.
178  * Minimum value: 2. Maximum value: 7.
179  *
180  * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
181  * points used for point multiplication. This value is directly tied to EC
182  * peak memory usage, so decreasing it by one should roughly cut memory usage
183  * by two (if large curves are in use).
184  *
185  * Reduction in size may reduce speed, but larger curves are impacted first.
186  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
187  * w-size: 6 5 4 3 2
188  * 521 145 141 135 120 97
189  * 384 214 209 198 177 146
190  * 256 320 320 303 262 226
191  * 224 475 475 453 398 342
192  * 192 640 640 633 587 476
193  */
194 #define POLARSSL_ECP_WINDOW_SIZE 6
196 /*
197  * Trade memory for speed on fixed-point multiplication.
198  *
199  * This speeds up repeated multiplication of the generator (that is, the
200  * multiplication in ECDSA signatures, and half of the multiplications in
201  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
202  *
203  * The cost is increasing EC peak memory usage by a factor roughly 2.
204  *
205  * Change this value to 0 to reduce peak memory usage.
206  */
207 #define POLARSSL_ECP_FIXED_POINT_OPTIM 1
208 #endif
209 
210 /*
211  * Point formats, from RFC 4492's enum ECPointFormat
212  */
213 #define POLARSSL_ECP_PF_UNCOMPRESSED 0
214 #define POLARSSL_ECP_PF_COMPRESSED 1
216 /*
217  * Some other constants from RFC 4492
218  */
219 #define POLARSSL_ECP_TLS_NAMED_CURVE 3
226 const ecp_curve_info *ecp_curve_list( void );
227 
236 
244 const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
245 
253 const ecp_curve_info *ecp_curve_info_from_name( const char *name );
254 
258 void ecp_point_init( ecp_point *pt );
259 
263 void ecp_group_init( ecp_group *grp );
264 
268 void ecp_keypair_init( ecp_keypair *key );
269 
273 void ecp_point_free( ecp_point *pt );
274 
278 void ecp_group_free( ecp_group *grp );
279 
283 void ecp_keypair_free( ecp_keypair *key );
284 
294 int ecp_copy( ecp_point *P, const ecp_point *Q );
295 
305 int ecp_group_copy( ecp_group *dst, const ecp_group *src );
306 
315 int ecp_set_zero( ecp_point *pt );
316 
324 int ecp_is_zero( ecp_point *pt );
325 
336 int ecp_point_read_string( ecp_point *P, int radix,
337  const char *x, const char *y );
338 
353 int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
354  int format, size_t *olen,
355  unsigned char *buf, size_t buflen );
356 
373 int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
374  const unsigned char *buf, size_t ilen );
375 
388 int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
389  const unsigned char **buf, size_t len );
390 
405 int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
406  int format, size_t *olen,
407  unsigned char *buf, size_t blen );
408 
424 int ecp_group_read_string( ecp_group *grp, int radix,
425  const char *p, const char *b,
426  const char *gx, const char *gy, const char *n);
427 
441 int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
442 
454 int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len );
455 
467 int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
468  unsigned char *buf, size_t blen );
469 
484 int ecp_add( const ecp_group *grp, ecp_point *R,
485  const ecp_point *P, const ecp_point *Q );
486 
501 int ecp_sub( const ecp_group *grp, ecp_point *R,
502  const ecp_point *P, const ecp_point *Q );
503 
530 int ecp_mul( ecp_group *grp, ecp_point *R,
531  const mpi *m, const ecp_point *P,
532  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
533 
555 int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
556 
570 int ecp_check_privkey( const ecp_group *grp, const mpi *d );
571 
588 int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
589  int (*f_rng)(void *, unsigned char *, size_t),
590  void *p_rng );
591 
603 int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
604  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
605 
611 int ecp_self_test( int verbose );
612 
613 #ifdef __cplusplus
614 }
615 #endif
616 
617 #endif
size_t pbits
Definition: ecp.h:137
int ecp_sub(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Subtraction: R = P - Q.
int ecp_check_privkey(const ecp_group *grp, const mpi *d)
Check that an mpi is a valid private key for this curve.
void ecp_keypair_init(ecp_keypair *key)
Initialize a key pair (as an invalid one)
int ecp_group_copy(ecp_group *dst, const ecp_group *src)
Copy the contents of a group object.
void * t_data
Definition: ecp.h:143
ecp_group_id grp_id
Definition: ecp.h:85
const char * name
Definition: ecp.h:88
int ecp_self_test(int verbose)
Checkup routine.
mpi P
Definition: ecp.h:132
ecp_group grp
Definition: ecp.h:158
ECP group structure.
Definition: ecp.h:129
unsigned int h
Definition: ecp.h:139
ECP key pair structure.
Definition: ecp.h:156
mpi d
Definition: ecp.h:159
MPI structure.
Definition: bignum.h:177
int ecp_mul(ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Multiplication by an integer: R = m * P (Not thread-safe to use same group in multiple threads) ...
int ecp_point_read_binary(const ecp_group *grp, ecp_point *P, const unsigned char *buf, size_t ilen)
Import a point from unsigned binary data.
mpi X
Definition: ecp.h:102
Multi-precision integer library.
int ecp_gen_key(ecp_group_id grp_id, ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
ecp_point G
Definition: ecp.h:135
ecp_group_id id
Definition: ecp.h:131
ECP point structure (jacobian coordinates)
Definition: ecp.h:100
size_t T_size
Definition: ecp.h:145
int ecp_is_zero(ecp_point *pt)
Tell if a point is zero.
void ecp_point_init(ecp_point *pt)
Initialize a point (as zero)
mpi B
Definition: ecp.h:134
mpi N
Definition: ecp.h:136
const ecp_curve_info * ecp_curve_info_from_grp_id(ecp_group_id grp_id)
Get curve information from an internal group identifier.
int ecp_point_read_string(ecp_point *P, int radix, const char *x, const char *y)
Import a non-zero point from two ASCII strings.
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
Curve information for use by other modules.
Definition: ecp.h:83
int ecp_tls_write_point(const ecp_group *grp, const ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
Export a point as a TLS ECPoint record.
int ecp_gen_keypair(ecp_group *grp, mpi *d, ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Generate a keypair.
uint16_t size
Definition: ecp.h:87
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int ecp_copy(ecp_point *P, const ecp_point *Q)
Copy the contents of point Q into P.
mpi A
Definition: ecp.h:133
int ecp_tls_write_group(const ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
Write the TLS ECParameters record for a group.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:56
int ecp_point_write_binary(const ecp_group *grp, const ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
Export a point into unsigned binary data.
void ecp_group_init(ecp_group *grp)
Initialize a group (to something meaningless)
size_t nbits
Definition: ecp.h:138
mpi Y
Definition: ecp.h:103
int ecp_tls_read_group(ecp_group *grp, const unsigned char **buf, size_t len)
Set a group from a TLS ECParameters record.
ecp_point Q
Definition: ecp.h:160
mpi Z
Definition: ecp.h:104
uint16_t tls_id
Definition: ecp.h:86
int ecp_check_pubkey(const ecp_group *grp, const ecp_point *pt)
Check that a point is a valid public key on this curve.
const ecp_curve_info * ecp_curve_info_from_tls_id(uint16_t tls_id)
Get curve information from a TLS NamedCurve value.
const ecp_curve_info * ecp_curve_info_from_name(const char *name)
Get curve information from a human-readable name.
int ecp_add(const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q)
Addition: R = P + Q.
int ecp_set_zero(ecp_point *pt)
Set a point to zero.
ecp_point * T
Definition: ecp.h:144
void ecp_keypair_free(ecp_keypair *key)
Free the components of a key pair.
int ecp_tls_read_point(const ecp_group *grp, ecp_point *pt, const unsigned char **buf, size_t len)
Import a point from a TLS ECPoint record.
int ecp_group_read_string(ecp_group *grp, int radix, const char *p, const char *b, const char *gx, const char *gy, const char *n)
Import an ECP group from null-terminated ASCII strings.
void ecp_point_free(ecp_point *pt)
Free the components of a point.