mbed TLS v2.16.6
ecp.h
Go to the documentation of this file.
1 
17 /*
18  * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
19  * SPDX-License-Identifier: GPL-2.0
20  *
21  * This program is free software; you can redistribute it and/or modify
22  * it under the terms of the GNU General Public License as published by
23  * the Free Software Foundation; either version 2 of the License, or
24  * (at your option) any later version.
25  *
26  * This program is distributed in the hope that it will be useful,
27  * but WITHOUT ANY WARRANTY; without even the implied warranty of
28  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29  * GNU General Public License for more details.
30  *
31  * You should have received a copy of the GNU General Public License along
32  * with this program; if not, write to the Free Software Foundation, Inc.,
33  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34  *
35  * This file is part of Mbed TLS (https://tls.mbed.org)
36  */
37 
38 #ifndef MBEDTLS_ECP_H
39 #define MBEDTLS_ECP_H
40 
41 #if !defined(MBEDTLS_CONFIG_FILE)
42 #include "config.h"
43 #else
44 #include MBEDTLS_CONFIG_FILE
45 #endif
46 
47 #include "bignum.h"
48 
49 /*
50  * ECP error codes
51  */
52 #define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
53 #define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
54 #define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
55 #define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
56 #define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
57 #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
58 #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
59 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
61 /* MBEDTLS_ERR_ECP_HW_ACCEL_FAILED is deprecated and should not be used. */
62 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80
64 #define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
66 #ifdef __cplusplus
67 extern "C" {
68 #endif
69 
79 typedef enum
80 {
96 
102 #define MBEDTLS_ECP_DP_MAX 12
103 
108 {
110  uint16_t tls_id;
111  uint16_t bit_size;
112  const char *name;
114 
126 typedef struct mbedtls_ecp_point
127 {
131 }
133 
134 #if !defined(MBEDTLS_ECP_ALT)
135 /*
136  * default mbed TLS elliptic curve arithmetic implementation
137  *
138  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
139  * alternative implementation for the whole module and it will replace this
140  * one.)
141  */
142 
175 typedef struct mbedtls_ecp_group
176 {
185  size_t pbits;
186  size_t nbits;
189  unsigned int h;
190  int (*modp)(mbedtls_mpi *);
192  int (*t_pre)(mbedtls_ecp_point *, void *);
193  int (*t_post)(mbedtls_ecp_point *, void *);
194  void *t_data;
196  size_t T_size;
197 }
199 
208 #if !defined(MBEDTLS_ECP_MAX_BITS)
209 
212 #define MBEDTLS_ECP_MAX_BITS 521
213 #endif
214 
215 #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
216 #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
217 
218 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
219 /*
220  * Maximum "window" size used for point multiplication.
221  * Default: 6.
222  * Minimum value: 2. Maximum value: 7.
223  *
224  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
225  * points used for point multiplication. This value is directly tied to EC
226  * peak memory usage, so decreasing it by one should roughly cut memory usage
227  * by two (if large curves are in use).
228  *
229  * Reduction in size may reduce speed, but larger curves are impacted first.
230  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
231  * w-size: 6 5 4 3 2
232  * 521 145 141 135 120 97
233  * 384 214 209 198 177 146
234  * 256 320 320 303 262 226
235  * 224 475 475 453 398 342
236  * 192 640 640 633 587 476
237  */
238 #define MBEDTLS_ECP_WINDOW_SIZE 6
239 #endif /* MBEDTLS_ECP_WINDOW_SIZE */
240 
241 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
242 /*
243  * Trade memory for speed on fixed-point multiplication.
244  *
245  * This speeds up repeated multiplication of the generator (that is, the
246  * multiplication in ECDSA signatures, and half of the multiplications in
247  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
248  *
249  * The cost is increasing EC peak memory usage by a factor roughly 2.
250  *
251  * Change this value to 0 to reduce peak memory usage.
252  */
253 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
254 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
255 
256 /* \} name SECTION: Module settings */
257 
258 #else /* MBEDTLS_ECP_ALT */
259 #include "ecp_alt.h"
260 #endif /* MBEDTLS_ECP_ALT */
261 
262 #if defined(MBEDTLS_ECP_RESTARTABLE)
263 
269 typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
270 
276 typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
277 
281 typedef struct
282 {
283  unsigned ops_done;
284  unsigned depth;
285  mbedtls_ecp_restart_mul_ctx *rsm;
286  mbedtls_ecp_restart_muladd_ctx *ma;
288 
289 /*
290  * Operation counts for restartable functions
291  */
292 #define MBEDTLS_ECP_OPS_CHK 3
293 #define MBEDTLS_ECP_OPS_DBL 8
294 #define MBEDTLS_ECP_OPS_ADD 11
295 #define MBEDTLS_ECP_OPS_INV 120
308 int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
309  mbedtls_ecp_restart_ctx *rs_ctx,
310  unsigned ops );
311 
312 /* Utility macro for checking and updating ops budget */
313 #define MBEDTLS_ECP_BUDGET( ops ) \
314  MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
315  (unsigned) (ops) ) );
316 
317 #else /* MBEDTLS_ECP_RESTARTABLE */
318 
319 #define MBEDTLS_ECP_BUDGET( ops ) /* no-op; for compatibility */
320 
321 /* We want to declare restartable versions of existing functions anyway */
323 
324 #endif /* MBEDTLS_ECP_RESTARTABLE */
325 
334 typedef struct mbedtls_ecp_keypair
335 {
339 }
341 
342 /*
343  * Point formats, from RFC 4492's enum ECPointFormat
344  */
345 #define MBEDTLS_ECP_PF_UNCOMPRESSED 0
346 #define MBEDTLS_ECP_PF_COMPRESSED 1
348 /*
349  * Some other constants from RFC 4492
350  */
351 #define MBEDTLS_ECP_TLS_NAMED_CURVE 3
353 #if defined(MBEDTLS_ECP_RESTARTABLE)
354 
411 void mbedtls_ecp_set_max_ops( unsigned max_ops );
412 
419 int mbedtls_ecp_restart_is_enabled( void );
420 #endif /* MBEDTLS_ECP_RESTARTABLE */
421 
430 
440 
451 
462 
473 
480 
491 
498 
505 
514 
523 
524 #if defined(MBEDTLS_ECP_RESTARTABLE)
525 
531 void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
532 
540 void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
541 #endif /* MBEDTLS_ECP_RESTARTABLE */
542 
555 
568  const mbedtls_ecp_group *src );
569 
580 
591 
605  const mbedtls_ecp_point *Q );
606 
620  const char *x, const char *y );
621 
643  int format, size_t *olen,
644  unsigned char *buf, size_t buflen );
645 
670  const unsigned char *buf, size_t ilen );
671 
691  mbedtls_ecp_point *pt,
692  const unsigned char **buf, size_t len );
693 
717  const mbedtls_ecp_point *pt,
718  int format, size_t *olen,
719  unsigned char *buf, size_t blen );
720 
739 
758  const unsigned char **buf, size_t len );
759 
779  const unsigned char **buf,
780  size_t len );
800  size_t *olen,
801  unsigned char *buf, size_t blen );
802 
837  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
838  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
839 
871  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
872  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
873  mbedtls_ecp_restart_ctx *rs_ctx );
874 
905  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
906  const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
907 
944  const mbedtls_mpi *m, const mbedtls_ecp_point *P,
945  const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
946  mbedtls_ecp_restart_ctx *rs_ctx );
947 
976  const mbedtls_ecp_point *pt );
977 
998  const mbedtls_mpi *d );
999 
1016  mbedtls_mpi *d,
1017  int (*f_rng)(void *, unsigned char *, size_t),
1018  void *p_rng );
1019 
1048  const mbedtls_ecp_point *G,
1050  int (*f_rng)(void *, unsigned char *, size_t),
1051  void *p_rng );
1052 
1077  mbedtls_ecp_point *Q,
1078  int (*f_rng)(void *, unsigned char *, size_t),
1079  void *p_rng );
1080 
1095  int (*f_rng)(void *, unsigned char *, size_t),
1096  void *p_rng );
1097 
1116  const mbedtls_ecp_keypair *prv );
1117 
1118 #if defined(MBEDTLS_SELF_TEST)
1119 
1126 int mbedtls_ecp_self_test( int verbose );
1127 
1128 #endif /* MBEDTLS_SELF_TEST */
1129 
1130 #ifdef __cplusplus
1131 }
1132 #endif
1133 
1134 #endif /* ecp.h */
uint16_t tls_id
Definition: ecp.h:110
int(* modp)(mbedtls_mpi *)
Definition: ecp.h:190
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt)
This function checks if a point is the point at infinity.
mbedtls_mpi N
Definition: ecp.h:184
int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx)
This function performs multiplication of a point by an integer: R = m * P in a restartable way...
mbedtls_mpi Z
Definition: ecp.h:130
int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
This function performs multiplication and addition of two points by integers: R = m * P + n * Q...
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
This function checks that the keypair objects pub and prv have the same group and the same public poi...
int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen)
This function imports a point from unsigned binary data.
mbedtls_mpi Y
Definition: ecp.h:129
int mbedtls_ecp_muladd_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx)
This function performs multiplication and addition of two points by integers: R = m * P + n * Q in a ...
mbedtls_ecp_group grp
Definition: ecp.h:336
int(* t_post)(mbedtls_ecp_point *, void *)
Definition: ecp.h:193
struct mbedtls_ecp_curve_info mbedtls_ecp_curve_info
The ECP key-pair structure.
Definition: ecp.h:334
int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt)
This function sets a point to the point at infinity.
int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
This function copies the contents of point Q into point P.
const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void)
This function retrieves the list of internal group identifiers of all supported curves in the order o...
int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
This function copies the contents of group src into group dst.
Configuration options (set of defines)
int(* t_pre)(mbedtls_ecp_point *, void *)
Definition: ecp.h:192
size_t nbits
Definition: ecp.h:186
struct mbedtls_ecp_group mbedtls_ecp_group
The ECP group structure.
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates an ECP keypair.
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt)
This function frees the components of a point.
int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, mbedtls_mpi *d, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates a private key.
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
This function initializes a key pair as an invalid one.
size_t pbits
Definition: ecp.h:185
mbedtls_mpi X
Definition: ecp.h:128
Multi-precision integer library.
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates an ECP key.
The ECP group structure.
Definition: ecp.h:175
int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, const mbedtls_mpi *d)
This function checks that an mbedtls_mpi is a valid private key for this curve.
mbedtls_ecp_group_id id
Definition: ecp.h:177
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id)
This function retrieves curve information from an internal group identifier.
int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
This function exports an elliptic curve as a TLS ECParameters record as defined in RFC 4492...
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
This function frees the components of an ECP group.
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function performs a scalar multiplication of a point by an integer: R = m * P.
int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
This function checks that a point is a valid public key on this curve.
mbedtls_mpi A
Definition: ecp.h:179
mbedtls_mpi P
Definition: ecp.h:178
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
This function frees the components of a key pair.
struct mbedtls_ecp_keypair mbedtls_ecp_keypair
The ECP key-pair structure.
int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len)
This function sets up an ECP group context from a TLS ECParameters record as defined in RFC 4492...
void mbedtls_ecp_restart_ctx
Definition: ecp.h:322
mbedtls_ecp_point Q
Definition: ecp.h:338
void * t_data
Definition: ecp.h:194
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt)
This function initializes a point as zero.
mbedtls_ecp_group_id
Definition: ecp.h:79
int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, const char *x, const char *y)
This function imports a non-zero point from two ASCII strings.
int mbedtls_ecp_self_test(int verbose)
The ECP checkup routine.
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
This function exports a point into unsigned binary data.
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id)
This function retrieves curve information from a TLS NamedCurve value.
int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len)
This function imports a point from a TLS ECPoint record.
mbedtls_ecp_group_id grp_id
Definition: ecp.h:109
int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, const unsigned char **buf, size_t len)
This function extracts an elliptic curve group ID from a TLS ECParameters record as defined in RFC 44...
int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function generates a keypair with a configurable base point.
mbedtls_mpi d
Definition: ecp.h:337
unsigned int h
Definition: ecp.h:189
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
This function compares two points.
int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
This function exports a point as a TLS ECPoint record defined in RFC 4492, Section 5...
size_t T_size
Definition: ecp.h:196
mbedtls_ecp_point * T
Definition: ecp.h:195
mbedtls_ecp_point G
Definition: ecp.h:183
MPI structure.
Definition: bignum.h:187
struct mbedtls_ecp_point mbedtls_ecp_point
The ECP point structure, in Jacobian coordinates.
The ECP point structure, in Jacobian coordinates.
Definition: ecp.h:126
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name(const char *name)
This function retrieves curve information from a human-readable name.
const mbedtls_ecp_curve_info * mbedtls_ecp_curve_list(void)
This function retrieves the information defined in mbedtls_ecp_curve_info() for all supported curves ...
const char * name
Definition: ecp.h:112
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
This function sets up an ECP group context from a standardized set of domain parameters.
uint16_t bit_size
Definition: ecp.h:111
mbedtls_mpi B
Definition: ecp.h:181
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
This function initializes an ECP group context without loading any domain parameters.