HAL_ECP_ALT ¶

MBEDTLS IMPLEMENTATION HAL ECP ALT FUNCTIONS ¶

group MBEDTLS_IMPLEMENTATION_HAL_ECP_ALT_FUNCTIONS

Public API functions for HAL ECP alternate implementation.

Defines

ECP_RS_ENTER ( SUB ) ¶

ECP_RS_LEAVE ( SUB ) ¶

ECP_NB_CURVES ¶

Enums

Values:

enumerator ECP_RSM_INIT ¶

enumerator ECP_RSM_PRE_DBL ¶

enumerator ECP_RSM_PRE_NORM_DBL ¶

enumerator ECP_RSM_PRE_ADD ¶

enumerator ECP_RSM_PRE_NORM_ADD ¶

enumerator ECP_RSM_COMB_CORE ¶

enumerator ECP_RSM_FINAL_NORM ¶

Functions

void mbedtls_ecp_set_max_ops ( unsigned max_ops ) ¶

int mbedtls_ecp_restart_is_enabled ( void ) ¶

void mbedtls_ecp_restart_init ( mbedtls_ecp_restart_ctx * ctx ) ¶

void mbedtls_ecp_restart_free ( mbedtls_ecp_restart_ctx * ctx ) ¶

int mbedtls_ecp_check_budget ( const mbedtls_ecp_group * grp , mbedtls_ecp_restart_ctx * rs_ctx , unsigned ops ) ¶

const mbedtls_ecp_curve_info * mbedtls_ecp_curve_list ( void ) ¶

const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list ( void ) ¶

const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id ( mbedtls_ecp_group_id grp_id ) ¶

const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id ( uint16_t tls_id ) ¶

const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name ( const char * name ) ¶

mbedtls_ecp_curve_type mbedtls_ecp_get_type ( const mbedtls_ecp_group * grp ) ¶

void mbedtls_ecp_point_init ( mbedtls_ecp_point * pt ) ¶

void mbedtls_ecp_group_init ( mbedtls_ecp_group * grp ) ¶

void mbedtls_ecp_keypair_init ( mbedtls_ecp_keypair * key ) ¶

void mbedtls_ecp_point_free ( mbedtls_ecp_point * pt ) ¶

void mbedtls_ecp_group_free ( mbedtls_ecp_group * grp ) ¶

void mbedtls_ecp_keypair_free ( mbedtls_ecp_keypair * key ) ¶

int mbedtls_ecp_copy ( mbedtls_ecp_point * P , const mbedtls_ecp_point * Q ) ¶

int mbedtls_ecp_group_copy ( mbedtls_ecp_group * dst , const mbedtls_ecp_group * src ) ¶

int mbedtls_ecp_set_zero ( mbedtls_ecp_point * pt ) ¶

int mbedtls_ecp_is_zero ( mbedtls_ecp_point * pt ) ¶

int mbedtls_ecp_point_cmp ( const mbedtls_ecp_point * P , const mbedtls_ecp_point * Q ) ¶

int mbedtls_ecp_point_read_string ( mbedtls_ecp_point * P , int radix , const char * x , const char * y ) ¶

int mbedtls_ecp_point_write_binary ( const mbedtls_ecp_group * grp , const mbedtls_ecp_point * P , int format , size_t * olen , unsigned char * buf , size_t buflen ) ¶

int mbedtls_ecp_point_read_binary ( const mbedtls_ecp_group * grp , mbedtls_ecp_point * pt , const unsigned char * buf , size_t ilen ) ¶

int mbedtls_ecp_tls_read_point ( const mbedtls_ecp_group * grp , mbedtls_ecp_point * pt , const unsigned char * * buf , size_t buf_len ) ¶

int mbedtls_ecp_tls_write_point ( const mbedtls_ecp_group * grp , const mbedtls_ecp_point * pt , int format , size_t * olen , unsigned char * buf , size_t blen ) ¶

int mbedtls_ecp_tls_read_group ( mbedtls_ecp_group * grp , const unsigned char * * buf , size_t len ) ¶

int mbedtls_ecp_tls_read_group_id ( mbedtls_ecp_group_id * grp , const unsigned char * * buf , size_t len ) ¶

int mbedtls_ecp_tls_write_group ( const mbedtls_ecp_group * grp , size_t * olen , unsigned char * buf , size_t blen ) ¶

int mbedtls_ecp_mul_restartable ( mbedtls_ecp_group * grp , mbedtls_ecp_point * R , const mbedtls_mpi * m , const mbedtls_ecp_point * P , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng , mbedtls_ecp_restart_ctx * rs_ctx ) ¶

int mbedtls_ecp_mul ( mbedtls_ecp_group * grp , mbedtls_ecp_point * R , const mbedtls_mpi * m , const mbedtls_ecp_point * P , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

int mbedtls_ecp_check_pubkey ( const mbedtls_ecp_group * grp , const mbedtls_ecp_point * pt ) ¶

int mbedtls_ecp_check_privkey ( const mbedtls_ecp_group * grp , const mbedtls_mpi * d ) ¶

int mbedtls_ecp_gen_privkey ( const mbedtls_ecp_group * grp , mbedtls_mpi * d , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

int mbedtls_ecp_gen_keypair_base ( mbedtls_ecp_group * grp , const mbedtls_ecp_point * G , mbedtls_mpi * d , mbedtls_ecp_point * Q , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

int mbedtls_ecp_gen_keypair ( mbedtls_ecp_group * grp , mbedtls_mpi * d , mbedtls_ecp_point * Q , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

int mbedtls_ecp_gen_key ( mbedtls_ecp_group_id grp_id , mbedtls_ecp_keypair * key , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

int mbedtls_ecp_read_key ( mbedtls_ecp_group_id grp_id , mbedtls_ecp_keypair * key , const unsigned char * buf , size_t buflen ) ¶

int mbedtls_ecp_write_key_ext ( const mbedtls_ecp_keypair * key , size_t * olen , unsigned char * buf , size_t buflen ) ¶

int mbedtls_ecp_write_public_key ( const mbedtls_ecp_keypair * key , int format , size_t * olen , unsigned char * buf , size_t buflen ) ¶

int mbedtls_ecp_check_pub_priv ( const mbedtls_ecp_keypair * pub , const mbedtls_ecp_keypair * prv , int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ) ¶

Variables

mbedtls_ecp_point R ¶

size_t i ¶

mbedtls_ecp_point * T ¶

unsigned char T_size ¶

enum mbedtls_ecp_restart_mul STATE ¶

static const mbedtls_ecp_curve_info ecp_supported_curves [ ] ¶

static mbedtls_ecp_group_id ecp_supported_grp_id [ ECP_NB_CURVES ] ¶

struct mbedtls_ecp_restart_mul ¶

MBEDTLS IMPLEMENTATION HAL ECP TYPES ¶

group MBEDTLS_IMPLEMENTATION_HAL_ECP_TYPES

This file provides an API for Elliptic Curves over GF(P) (ECP) based on STM32 PKA hardware crypto accelerator.

The use of ECP in cryptography and TLS is defined in Standards for Efficient Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) .

RFC-2409: The Internet Key Exchange (IKE) defines ECP group types.

The ECP group structure.

We consider two types of curve equations:

Short Weierstrass: y^2 = x^3 + A x + B mod P (SEC1 + RFC-4492)
Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, Curve448)

In both cases, the generator ( G) for a prime-order subgroup is fixed.

For Short Weierstrass, this subgroup is the whole curve, and its cardinality is denoted by N. Our code requires that N is an odd prime as mbedtls_ecp_mul() requires an odd number, and mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.

For Montgomery curves, we do not store A, but (A + 2) / 4, which is the quantity used in the formulas. Additionally, nbits is not the size of N but the required size for private keys.

If modp is NULL, reduction modulo P is done using a generic algorithm. Otherwise, modp must point to a function that takes an mbedtls_mpi in the range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is congruent mod P to the given MPI, and is close enough to pbits in size, so that it might be efficiently brought in the 0..P-1 range by a few additions or subtractions. Therefore, it is only an approximative modular reduction. It must return 0 on success and non-zero on failure.

STMicroelectronics edition

ECP context structure definitions for mbedTLS HAL.

Note

Alternative implementations must keep the group IDs distinct. If two group structures have the same ID, then they must be identical.

struct mbedtls_ecp_group ¶

#include <hal_ecp_alt.h>

Public Members

mbedtls_ecp_group_id id ¶: An internal group identifier.

mbedtls_mpi P ¶: The prime modulus of the base field.

mbedtls_mpi A ¶: For Short Weierstrass: A in the equation. For Montgomery curves: (A + 2) / 4.

mbedtls_mpi B ¶: For Short Weierstrass: B in the equation. For Montgomery curves: unused.

mbedtls_ecp_point G ¶: The generator of the subgroup used.

mbedtls_mpi N ¶: The order of G.

size_t pbits ¶: The number of bits in P.

size_t nbits ¶: For Short Weierstrass: The number of bits in P. For Montgomery curves: the number of bits in the private keys.

int ( * modp ) ( mbedtls_mpi * ) ¶: The function for fast pseudo-reduction mod P (see above).

int ( * t_pre ) ( mbedtls_ecp_point * , void * ) ¶: Unused.

int ( * t_post ) ( mbedtls_ecp_point * , void * ) ¶: Unused.

void * t_data ¶: Unused.

mbedtls_ecp_point * T ¶: Pre-computed points for ecp_mul_comb().

size_t T_size ¶: The number of pre-computed points. Below, for Short Weierstrass: curve coefs in ST HW expected format. For Montogomery curves: unused

uint32_t st_modulus_size ¶: Number of bytes in prime modulus

uint32_t st_order_size ¶: Number of bytes in prime order

uint8_t * st_p ¶: Prime modulus p

uint32_t st_a_sign ¶: Sign of A coef

uint8_t * st_a_abs ¶: abs(A) coef

uint8_t * st_b ¶: B coef

uint8_t * st_gx ¶: Gx basepoint

uint8_t * st_gy ¶: Gy basepoint

uint8_t * st_n ¶: Prime Order n