Gitiles
Code Review Sign In
192.168.1.100 / R306 / 824eb0c6ade808c4501e62fbcf0025f4e694cd11 / . / ap / lib / libwolfssl / install / include / wolfssl / wolfcrypt / ecc.h
blob: a0de8df6b0e7c3f29cef1a1b0dee5269ef65cf1b [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame^]1/* ecc.h
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/*!
23 \file wolfssl/wolfcrypt/ecc.h
24*/
25
26
27#ifndef WOLF_CRYPT_ECC_H
28#define WOLF_CRYPT_ECC_H
29
30#include <wolfssl/wolfcrypt/types.h>
31
32#ifdef HAVE_ECC
33
34#if defined(HAVE_FIPS) && \
35 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
36 #include <wolfssl/wolfcrypt/fips.h>
37#endif /* HAVE_FIPS_VERSION >= 2 */
38
39#include <wolfssl/wolfcrypt/integer.h>
40#include <wolfssl/wolfcrypt/random.h>
41
42#ifdef HAVE_X963_KDF
43 #include <wolfssl/wolfcrypt/hash.h>
44#endif
45
46#ifdef WOLFSSL_ASYNC_CRYPT
47 #include <wolfssl/wolfcrypt/async.h>
48 #ifdef WOLFSSL_CERT_GEN
49 #include <wolfssl/wolfcrypt/asn.h>
50 #endif
51#endif
52
53#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
54 #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
55#endif /* WOLFSSL_ATECC508A */
56
57#if defined(WOLFSSL_CRYPTOCELL)
58 #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
59#endif
60
61#ifdef WOLFSSL_SILABS_SE_ACCEL
62 #include <wolfssl/wolfcrypt/port/silabs/silabs_ecc.h>
63#endif
64
65#ifdef WOLFSSL_HAVE_SP_ECC
66 #include <wolfssl/wolfcrypt/sp_int.h>
67#endif
68
69
70#ifdef __cplusplus
71 extern "C" {
72#endif
73
74
75/* Enable curve B parameter if needed */
76#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
77 #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */
78 #define USE_ECC_B_PARAM
79 #endif
80#endif
81
82
83/* Use this as the key->idx if a custom ecc_set is used for key->dp */
84#define ECC_CUSTOM_IDX (-1)
85
86
87/* Determine max ECC bits based on enabled curves */
88#if defined(WOLFCRYPT_HAVE_SAKKE)
89 #define MAX_ECC_BITS 1024
90#elif defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
91 #define MAX_ECC_BITS 521
92#elif defined(HAVE_ECC512)
93 #define MAX_ECC_BITS 512
94#elif defined(HAVE_ECC384)
95 #define MAX_ECC_BITS 384
96#elif defined(HAVE_ECC320)
97 #define MAX_ECC_BITS 320
98#elif !defined(NO_ECC256)
99 #define MAX_ECC_BITS 256
100#elif defined(HAVE_ECC239)
101 #define MAX_ECC_BITS 239
102#elif defined(HAVE_ECC224)
103 #define MAX_ECC_BITS 224
104#elif defined(HAVE_ECC192)
105 #define MAX_ECC_BITS 192
106#elif defined(HAVE_ECC160)
107 #define MAX_ECC_BITS 160
108#elif defined(HAVE_ECC128)
109 #define MAX_ECC_BITS 128
110#elif defined(HAVE_ECC112)
111 #define MAX_ECC_BITS 112
112#endif
113
114/* calculate max ECC bytes */
115#if ((MAX_ECC_BITS * 2) % 8) == 0
116 #define MAX_ECC_BYTES (MAX_ECC_BITS / 8)
117#else
118 /* add byte if not aligned */
119 #define MAX_ECC_BYTES ((MAX_ECC_BITS / 8) + 1)
120#endif
121
122#ifndef ECC_MAX_PAD_SZ
123 /* ECC maximum padding size (when MSB is set extra byte required for R and S) */
124 #define ECC_MAX_PAD_SZ 2
125#endif
126
127enum {
128 ECC_PUBLICKEY = 1,
129 ECC_PRIVATEKEY = 2,
130 ECC_PRIVATEKEY_ONLY = 3,
131 ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */
132 SIG_HEADER_SZ = 7, /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */
133 ECC_BUFSIZE = 257, /* for exported keys temp buffer */
134 ECC_MINSIZE = ECC_MIN_KEY_SZ/8, /* MIN Private Key size */
135#ifdef WOLFCRYPT_HAVE_SAKKE
136 ECC_MAXSIZE = 128, /* MAX Private Key size */
137 ECC_MAXSIZE_GEN = 128, /* MAX Buffer size required when generating ECC keys*/
138#else
139 ECC_MAXSIZE = 66, /* MAX Private Key size */
140 ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/
141#endif
142 ECC_MAX_OID_LEN = 16,
143 ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
144
145 /* max crypto hardware size */
146#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
147 ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
148 ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
149#elif defined(PLUTON_CRYPTO_ECC)
150 ECC_MAX_CRYPTO_HW_SIZE = 32,
151#elif defined(WOLFSSL_SILABS_SE_ACCEL)
152 ECC_MAX_CRYPTO_HW_SIZE = 32,
153#elif defined(WOLFSSL_CRYPTOCELL)
154 #ifndef CRYPTOCELL_KEY_SIZE
155 CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE,
156 #endif
157 ECC_MAX_CRYPTO_HW_SIZE = CRYPTOCELL_KEY_SIZE,
158#endif
159
160 /* point compression type */
161 ECC_POINT_COMP_EVEN = 0x02,
162 ECC_POINT_COMP_ODD = 0x03,
163 ECC_POINT_UNCOMP = 0x04,
164
165 /* Shamir's dual add constants */
166 SHAMIR_PRECOMP_SZ = 16,
167
168#ifdef WOLF_CRYPTO_CB
169 ECC_MAX_ID_LEN = 32,
170 ECC_MAX_LABEL_LEN = 32,
171#endif
172};
173
174/* Curve Types */
175typedef enum ecc_curve_id {
176 ECC_CURVE_INVALID = -1,
177 ECC_CURVE_DEF = 0, /* NIST or SECP */
178
179 /* NIST Prime Curves */
180 ECC_SECP192R1,
181 ECC_PRIME192V2,
182 ECC_PRIME192V3,
183 ECC_PRIME239V1,
184 ECC_PRIME239V2,
185 ECC_PRIME239V3,
186 ECC_SECP256R1,
187
188 /* SECP Curves */
189 ECC_SECP112R1,
190 ECC_SECP112R2,
191 ECC_SECP128R1,
192 ECC_SECP128R2,
193 ECC_SECP160R1,
194 ECC_SECP160R2,
195 ECC_SECP224R1,
196 ECC_SECP384R1,
197 ECC_SECP521R1,
198
199 /* Koblitz */
200 ECC_SECP160K1,
201 ECC_SECP192K1,
202 ECC_SECP224K1,
203 ECC_SECP256K1,
204
205 /* Brainpool Curves */
206 ECC_BRAINPOOLP160R1,
207 ECC_BRAINPOOLP192R1,
208 ECC_BRAINPOOLP224R1,
209 ECC_BRAINPOOLP256R1,
210 ECC_BRAINPOOLP320R1,
211 ECC_BRAINPOOLP384R1,
212 ECC_BRAINPOOLP512R1,
213
214 /* Twisted Edwards Curves */
215#ifdef HAVE_CURVE25519
216 ECC_X25519,
217#endif
218#ifdef HAVE_CURVE448
219 ECC_X448,
220#endif
221
222#ifdef WOLFCRYPT_HAVE_SAKKE
223 ECC_SAKKE_1,
224#endif
225
226#ifdef WOLFSSL_CUSTOM_CURVES
227 ECC_CURVE_CUSTOM,
228#endif
229 ECC_CURVE_MAX
230} ecc_curve_id;
231
232#ifdef HAVE_OID_ENCODING
233typedef word16 ecc_oid_t;
234#else
235typedef byte ecc_oid_t;
236 /* OID encoded with ASN scheme:
237 first element = (oid[0] * 40) + oid[1]
238 if any element > 127 then MSB 0x80 indicates additional byte */
239#endif
240
241
242#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API)
243 /* MSC does something different with the pointers to the arrays than GCC,
244 * and it causes the FIPS checksum to fail. In the case of windows builds,
245 * store everything as arrays instead of pointers to strings. */
246
247 #define WOLFSSL_ECC_CURVE_STATIC
248#endif
249
250/* ECC set type defined a GF(p) curve */
251#ifndef WOLFSSL_ECC_CURVE_STATIC
252typedef struct ecc_set_type {
253 int size; /* The size of the curve in octets */
254 int id; /* id of this curve */
255 const char* name; /* name of this curve */
256 const char* prime; /* prime that defines the field, curve is in (hex) */
257 const char* Af; /* fields A param (hex) */
258 const char* Bf; /* fields B param (hex) */
259 const char* order; /* order of the curve (hex) */
260 const char* Gx; /* x coordinate of the base point on curve (hex) */
261 const char* Gy; /* y coordinate of the base point on curve (hex) */
262 const ecc_oid_t* oid;
263 word32 oidSz;
264 word32 oidSum; /* sum of encoded OID bytes */
265 int cofactor;
266} ecc_set_type;
267#else
268#define MAX_ECC_NAME 16
269#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1)
270 /* The values are stored as text strings. */
271
272typedef struct ecc_set_type {
273 int size; /* The size of the curve in octets */
274 int id; /* id of this curve */
275 const char name[MAX_ECC_NAME]; /* name of this curve */
276 const char prime[MAX_ECC_STRING]; /* prime that defines the field, curve is in (hex) */
277 const char Af[MAX_ECC_STRING]; /* fields A param (hex) */
278 const char Bf[MAX_ECC_STRING]; /* fields B param (hex) */
279 const char order[MAX_ECC_STRING]; /* order of the curve (hex) */
280 const char Gx[MAX_ECC_STRING]; /* x coordinate of the base point on curve (hex) */
281 const char Gy[MAX_ECC_STRING]; /* y coordinate of the base point on curve (hex) */
282 const ecc_oid_t oid[10];
283 word32 oidSz;
284 word32 oidSum; /* sum of encoded OID bytes */
285 int cofactor;
286} ecc_set_type;
287#endif
288
289
290#ifdef ALT_ECC_SIZE
291
292/* Note on ALT_ECC_SIZE:
293 * The fast math code uses an array of a fixed size to store the big integers.
294 * By default, the array is big enough for RSA keys. There is a size,
295 * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
296 * but not RSA. Some people want fast math sized for both RSA and ECC, where
297 * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
298 * ecc_point structure that uses an alternate fp_int that has a shorter array
299 * of fp_digits.
300 *
301 * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
302 * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
303 * of the point are pointers that are set to each of a three item array of
304 * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
305 * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and
306 * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well,
307 * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and
308 * fp_copy() use the size parameter. An int needs to be initialized before
309 * using it instead of just fp_zeroing it, the init will call zero. The
310 * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but
311 * can be set to change the number of bits used in the alternate FP_INT.
312 *
313 * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
314 */
315
316#ifndef USE_FAST_MATH
317 #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
318#endif
319#ifdef WOLFSSL_NO_MALLOC
320 #error ALT_ECC_SIZE cannot be used with no malloc (WOLFSSL_NO_MALLOC)
321#endif
322
323/* determine max bits required for ECC math */
324#ifndef FP_MAX_BITS_ECC
325 /* max bits rounded up by 8 then doubled */
326 /* (ROUND8(MAX_ECC_BITS) * 2) */
327 #define FP_MAX_BITS_ECC (2 * \
328 ((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
329
330 /* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
331 ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
332#endif
333
334/* verify alignment */
335#if FP_MAX_BITS_ECC % CHAR_BIT
336 #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
337#endif
338
339/* determine buffer size */
340/* Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). */
341#define FP_SIZE_ECC ((FP_MAX_BITS_ECC/DIGIT_BIT) + 1)
342
343
344/* This needs to match the size of the fp_int struct, except the
345 * fp_digit array will be shorter. */
346typedef struct alt_fp_int {
347 int used, sign, size;
348 mp_digit dp[FP_SIZE_ECC];
349} alt_fp_int;
350#endif /* ALT_ECC_SIZE */
351
352#ifndef WC_ECCKEY_TYPE_DEFINED
353 typedef struct ecc_key ecc_key;
354 #define WC_ECCKEY_TYPE_DEFINED
355#endif
356
357
358/* A point on an ECC curve, stored in Jacobian format such that (x,y,z) =>
359 (x/z^2, y/z^3, 1) when interpreted as affine */
360typedef struct {
361#ifndef ALT_ECC_SIZE
362 mp_int x[1]; /* The x coordinate */
363 mp_int y[1]; /* The y coordinate */
364 mp_int z[1]; /* The z coordinate */
365#else
366 mp_int* x; /* The x coordinate */
367 mp_int* y; /* The y coordinate */
368 mp_int* z; /* The z coordinate */
369 alt_fp_int xyz[3];
370#endif
371#ifdef WOLFSSL_SMALL_STACK_CACHE
372 ecc_key* key;
373#endif
374} ecc_point;
375
376/* ECC Flags */
377enum {
378 WC_ECC_FLAG_NONE = 0x00,
379#ifdef HAVE_ECC_CDH
380 WC_ECC_FLAG_COFACTOR = 0x01,
381#endif
382 WC_ECC_FLAG_DEC_SIGN = 0x02,
383};
384
385/* ECC non-blocking */
386#ifdef WC_ECC_NONBLOCK
387 typedef struct ecc_nb_ctx {
388 #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)
389 sp_ecc_ctx_t sp_ctx;
390 #else
391 /* build configuration not supported */
392 #error ECC non-blocking only supports SP (--enable-sp=nonblock)
393 #endif
394 } ecc_nb_ctx_t;
395#endif /* WC_ECC_NONBLOCK */
396
397
398/* An ECC Key */
399struct ecc_key {
400 int type; /* Public or Private */
401 int idx; /* Index into the ecc_sets[] for the parameters of
402 this curve if -1, this key is using user supplied
403 curve in dp */
404 int state;
405 word32 flags;
406 const ecc_set_type* dp; /* domain parameters, either points to NIST
407 curves (idx >= 0) or user supplied */
408#ifdef WOLFSSL_CUSTOM_CURVES
409 int deallocSet;
410#endif
411 void* heap; /* heap hint */
412 ecc_point pubkey; /* public key */
413 mp_int k; /* private key */
414
415#ifdef WOLFSSL_QNX_CAAM
416 word32 blackKey; /* address of key encrypted and in secure memory */
417 word32 securePubKey; /* address of public key in secure memory */
418 int partNum; /* partition number*/
419#endif
420#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
421 int slot; /* Key Slot Number (-1 unknown) */
422 byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
423#endif
424#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB)
425 int devId;
426#endif
427#ifdef WOLFSSL_SILABS_SE_ACCEL
428 sl_se_command_context_t cmd_ctx;
429 sl_se_key_descriptor_t key;
430 /* Used for SiLabs "plaintext" with public X, public Y, and
431 * private D concatenated. These are respectively at offset `0`,
432 * offset `keysize`, and offset `2 * keysize`.
433 */
434 byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE];
435#endif
436
437#ifdef WOLFSSL_ASYNC_CRYPT
438 mp_int* r; /* sign/verify temps */
439 mp_int* s;
440 WC_ASYNC_DEV asyncDev;
441 #ifdef HAVE_CAVIUM_V
442 mp_int* e; /* Sign, Verify and Shared Secret */
443 mp_int* signK;
444 #endif
445 #ifdef WOLFSSL_CERT_GEN
446 CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
447 #endif
448#endif /* WOLFSSL_ASYNC_CRYPT */
449#ifdef WOLF_CRYPTO_CB
450 byte id[ECC_MAX_ID_LEN];
451 int idLen;
452 char label[ECC_MAX_LABEL_LEN];
453 int labelLen;
454#endif
455#if defined(WOLFSSL_CRYPTOCELL)
456 ecc_context_t ctx;
457#endif
458
459#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \
460 defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
461 mp_int *sign_k;
462#endif
463#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K)
464 byte deterministic:1;
465#endif
466
467#ifdef WOLFSSL_SMALL_STACK_CACHE
468 mp_int* t1;
469 mp_int* t2;
470#ifdef ALT_ECC_SIZE
471 mp_int* x;
472 mp_int* y;
473 mp_int* z;
474#endif
475#endif
476
477#ifdef WOLFSSL_DSP
478 remote_handle64 handle;
479#endif
480#ifdef ECC_TIMING_RESISTANT
481 WC_RNG* rng;
482#endif
483#ifdef WC_ECC_NONBLOCK
484 ecc_nb_ctx_t* nb_ctx;
485#endif
486};
487
488
489WOLFSSL_ABI WOLFSSL_API ecc_key* wc_ecc_key_new(void*);
490WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key*);
491
492
493/* ECC predefined curve sets */
494extern const ecc_set_type ecc_sets[];
495extern const size_t ecc_sets_count;
496
497WOLFSSL_API
498const char* wc_ecc_get_name(int curve_id);
499
500#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
501
502#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
503 #define ECC_API WOLFSSL_API
504#else
505 #define ECC_API WOLFSSL_LOCAL
506#endif
507
508ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
509 ecc_point* B, mp_int* kB,
510 ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
511
512ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
513ECC_API int ecc_map_ex(ecc_point*, mp_int*, mp_digit, int ct);
514ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
515 mp_int* a, mp_int* modulus, mp_digit mp);
516ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
517 mp_int* modulus, mp_digit mp);
518
519WOLFSSL_LOCAL
520int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R,
521 mp_int* a, mp_int* modulus, mp_digit mp, int* infinity);
522WOLFSSL_LOCAL
523int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a,
524 mp_int* modulus, mp_digit mp);
525
526#endif
527
528WOLFSSL_API
529int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
530WOLFSSL_ABI WOLFSSL_API
531int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
532WOLFSSL_API
533int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
534 int flags);
535WOLFSSL_API
536int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
537WOLFSSL_API
538int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
539WOLFSSL_API
540int wc_ecc_check_key(ecc_key* key);
541WOLFSSL_API
542int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
543WOLFSSL_API
544int wc_ecc_get_generator(ecc_point* ecp, int curve_idx);
545
546#ifdef HAVE_ECC_DHE
547WOLFSSL_API
548int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
549 word32* outlen);
550WOLFSSL_LOCAL
551int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
552 byte* out, word32 *outlen);
553WOLFSSL_API
554int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
555 byte* out, word32 *outlen);
556
557#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
558 defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
559#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret
560#else
561#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
562#endif
563
564#endif /* HAVE_ECC_DHE */
565
566#ifdef HAVE_ECC_SIGN
567WOLFSSL_ABI WOLFSSL_API
568int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
569 WC_RNG* rng, ecc_key* key);
570WOLFSSL_API
571int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
572 ecc_key* key, mp_int *r, mp_int *s);
573#ifdef WOLFSSL_ECDSA_DETERMINISTIC_K
574WOLFSSL_API
575int wc_ecc_set_deterministic(ecc_key* key, byte flag);
576WOLFSSL_API
577int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz,
578 enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order,
579 void* heap);
580#endif
581#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP)
582WOLFSSL_API
583int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key);
584#endif
585#endif /* HAVE_ECC_SIGN */
586
587#ifdef HAVE_ECC_VERIFY
588WOLFSSL_API
589int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
590 word32 hashlen, int* stat, ecc_key* key);
591WOLFSSL_API
592int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
593 word32 hashlen, int* stat, ecc_key* key);
594#endif /* HAVE_ECC_VERIFY */
595
596WOLFSSL_API
597int wc_ecc_init(ecc_key* key);
598WOLFSSL_ABI WOLFSSL_API
599int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
600#ifdef WOLF_CRYPTO_CB
601WOLFSSL_API
602int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
603 int devId);
604WOLFSSL_API
605int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId);
606#endif
607#ifdef WOLFSSL_CUSTOM_CURVES
608WOLFSSL_LOCAL
609void wc_ecc_free_curve(const ecc_set_type* curve, void* heap);
610#endif
611WOLFSSL_ABI WOLFSSL_API
612int wc_ecc_free(ecc_key* key);
613WOLFSSL_API
614int wc_ecc_set_flags(ecc_key* key, word32 flags);
615WOLFSSL_API
616void wc_ecc_fp_free(void);
617WOLFSSL_LOCAL
618void wc_ecc_fp_init(void);
619#ifdef ECC_TIMING_RESISTANT
620WOLFSSL_API
621int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
622#endif
623
624WOLFSSL_API
625int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
626
627WOLFSSL_API
628int wc_ecc_is_valid_idx(int n);
629WOLFSSL_API
630int wc_ecc_get_curve_idx(int curve_id);
631WOLFSSL_API
632int wc_ecc_get_curve_id(int curve_idx);
633#define wc_ecc_get_curve_name_from_id wc_ecc_get_name
634WOLFSSL_API
635int wc_ecc_get_curve_size_from_id(int curve_id);
636
637WOLFSSL_API
638int wc_ecc_get_curve_idx_from_name(const char* curveName);
639WOLFSSL_API
640int wc_ecc_get_curve_size_from_name(const char* curveName);
641WOLFSSL_API
642int wc_ecc_get_curve_id_from_name(const char* curveName);
643WOLFSSL_API
644int wc_ecc_get_curve_id_from_params(int fieldSize,
645 const byte* prime, word32 primeSz, const byte* Af, word32 AfSz,
646 const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
647 const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
648WOLFSSL_API
649int wc_ecc_get_curve_id_from_dp_params(const ecc_set_type* dp);
650
651WOLFSSL_API
652int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len);
653
654WOLFSSL_API const ecc_set_type* wc_ecc_get_curve_params(int curve_idx);
655
656WOLFSSL_API
657ecc_point* wc_ecc_new_point(void);
658WOLFSSL_API
659ecc_point* wc_ecc_new_point_h(void* h);
660WOLFSSL_API
661void wc_ecc_del_point(ecc_point* p);
662WOLFSSL_API
663void wc_ecc_del_point_h(ecc_point* p, void* h);
664WOLFSSL_API
665void wc_ecc_forcezero_point(ecc_point* p);
666WOLFSSL_API
667int wc_ecc_copy_point(const ecc_point* p, ecc_point *r);
668WOLFSSL_API
669int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
670WOLFSSL_API
671int wc_ecc_point_is_at_infinity(ecc_point *p);
672WOLFSSL_API
673int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx);
674
675#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
676WOLFSSL_API
677int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R,
678 mp_int* a, mp_int* modulus, int map);
679WOLFSSL_LOCAL
680int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R,
681 mp_int* a, mp_int* modulus, int map, void* heap);
682WOLFSSL_LOCAL
683int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
684 mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
685 void* heap);
686#endif /* !WOLFSSL_ATECC508A */
687
688
689#ifdef HAVE_ECC_KEY_EXPORT
690/* ASN key helpers */
691WOLFSSL_API
692int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
693WOLFSSL_API
694int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
695 /* extended functionality with compressed option */
696#endif /* HAVE_ECC_KEY_EXPORT */
697
698#ifdef HAVE_ECC_KEY_IMPORT
699WOLFSSL_ABI WOLFSSL_API
700int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
701WOLFSSL_API
702int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
703 int curve_id);
704WOLFSSL_API
705int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
706 word32 pubSz, ecc_key* key);
707WOLFSSL_API
708int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
709 const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
710WOLFSSL_API
711int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
712WOLFSSL_API
713int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz,
714 byte* out, word32* outlen);
715WOLFSSL_API
716int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
717 byte* s, word32* sLen);
718WOLFSSL_API
719int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
720 const char* d, const char* curveName);
721WOLFSSL_API
722int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
723 const char* d, int curve_id);
724WOLFSSL_API
725int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy,
726 byte* d, int curve_id);
727#endif /* HAVE_ECC_KEY_IMPORT */
728
729#ifdef HAVE_ECC_KEY_EXPORT
730WOLFSSL_API
731int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
732 byte* qy, word32* qyLen, byte* d, word32* dLen,
733 int encType);
734WOLFSSL_API
735int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
736WOLFSSL_API
737int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
738 byte* qy, word32* qyLen);
739WOLFSSL_API
740int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
741 byte* qy, word32* qyLen, byte* d, word32* dLen);
742#endif /* HAVE_ECC_KEY_EXPORT */
743
744#ifdef HAVE_ECC_KEY_EXPORT
745WOLFSSL_API
746int wc_ecc_export_point_der_ex(const int curve_idx, ecc_point* point, byte* out,
747 word32* outLen, int compressed);
748WOLFSSL_API
749int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
750 byte* out, word32* outLen);
751WOLFSSL_LOCAL
752int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point,
753 byte* out, word32* outLen);
754#endif /* HAVE_ECC_KEY_EXPORT */
755
756
757#ifdef HAVE_ECC_KEY_IMPORT
758WOLFSSL_API
759int wc_ecc_import_point_der_ex(const byte* in, word32 inLen,
760 const int curve_idx, ecc_point* point,
761 int shortKeySize);
762WOLFSSL_API
763int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx,
764 ecc_point* point);
765#endif /* HAVE_ECC_KEY_IMPORT */
766
767/* size helper */
768WOLFSSL_API
769int wc_ecc_size(ecc_key* key);
770WOLFSSL_API
771int wc_ecc_sig_size_calc(int sz);
772WOLFSSL_API
773int wc_ecc_sig_size(const ecc_key* key);
774
775WOLFSSL_API
776int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
777
778#ifdef WOLFSSL_CUSTOM_CURVES
779 WOLFSSL_API
780 int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
781#endif
782
783#ifdef HAVE_ECC_ENCRYPT
784/* ecc encrypt */
785
786enum ecEncAlgo {
787 ecAES_128_CBC = 1, /* default */
788 ecAES_256_CBC = 2
789};
790
791enum ecKdfAlgo {
792 ecHKDF_SHA256 = 1, /* default */
793 ecHKDF_SHA1 = 2
794};
795
796enum ecMacAlgo {
797 ecHMAC_SHA256 = 1, /* default */
798 ecHMAC_SHA1 = 2
799};
800
801enum {
802 KEY_SIZE_128 = 16,
803 KEY_SIZE_256 = 32,
804 IV_SIZE_64 = 8,
805 IV_SIZE_128 = 16,
806 EXCHANGE_SALT_SZ = 16,
807 EXCHANGE_INFO_SZ = 23
808};
809
810enum ecFlags {
811 REQ_RESP_CLIENT = 1,
812 REQ_RESP_SERVER = 2
813};
814
815
816typedef struct ecEncCtx ecEncCtx;
817
818WOLFSSL_API
819ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
820WOLFSSL_API
821ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
822WOLFSSL_API
823void wc_ecc_ctx_free(ecEncCtx*);
824WOLFSSL_API
825int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
826
827WOLFSSL_API
828const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
829WOLFSSL_API
830int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
831WOLFSSL_API
832int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
833
834WOLFSSL_API
835int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
836 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
837WOLFSSL_API
838int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
839 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
840
841#endif /* HAVE_ECC_ENCRYPT */
842
843#ifdef HAVE_X963_KDF
844WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret,
845 word32 secretSz, const byte* sinfo, word32 sinfoSz,
846 byte* out, word32 outSz);
847#endif
848
849#ifdef ECC_CACHE_CURVE
850WOLFSSL_API int wc_ecc_curve_cache_init(void);
851WOLFSSL_API void wc_ecc_curve_cache_free(void);
852#endif
853
854WOLFSSL_API
855int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order);
856
857#ifdef WOLFSSL_DSP
858WOLFSSL_API
859int wc_ecc_set_handle(ecc_key* key, remote_handle64 handle);
860WOLFSSL_LOCAL
861int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashLen, mp_int* pX,
862 mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap);
863#endif
864
865#ifdef WC_ECC_NONBLOCK
866 WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx);
867#endif
868
869#ifdef __cplusplus
870 } /* extern "C" */
871#endif
872
873#endif /* HAVE_ECC */
874#endif /* WOLF_CRYPT_ECC_H */