Lines Matching refs:grp
272 int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, in mbedtls_ecp_check_budget() argument
276 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_check_budget()
282 if( grp->pbits >= 512 ) in mbedtls_ecp_check_budget()
284 else if( grp->pbits >= 384 ) in mbedtls_ecp_check_budget()
500 mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ) in mbedtls_ecp_get_type() argument
502 if( grp->G.X.p == NULL ) in mbedtls_ecp_get_type()
505 if( grp->G.Y.p == NULL ) in mbedtls_ecp_get_type()
526 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) in mbedtls_ecp_group_init() argument
528 ECP_VALIDATE( grp != NULL ); in mbedtls_ecp_group_init()
530 grp->id = MBEDTLS_ECP_DP_NONE; in mbedtls_ecp_group_init()
531 mbedtls_mpi_init( &grp->P ); in mbedtls_ecp_group_init()
532 mbedtls_mpi_init( &grp->A ); in mbedtls_ecp_group_init()
533 mbedtls_mpi_init( &grp->B ); in mbedtls_ecp_group_init()
534 mbedtls_ecp_point_init( &grp->G ); in mbedtls_ecp_group_init()
535 mbedtls_mpi_init( &grp->N ); in mbedtls_ecp_group_init()
536 grp->pbits = 0; in mbedtls_ecp_group_init()
537 grp->nbits = 0; in mbedtls_ecp_group_init()
538 grp->h = 0; in mbedtls_ecp_group_init()
539 grp->modp = NULL; in mbedtls_ecp_group_init()
540 grp->t_pre = NULL; in mbedtls_ecp_group_init()
541 grp->t_post = NULL; in mbedtls_ecp_group_init()
542 grp->t_data = NULL; in mbedtls_ecp_group_init()
543 grp->T = NULL; in mbedtls_ecp_group_init()
544 grp->T_size = 0; in mbedtls_ecp_group_init()
554 mbedtls_ecp_group_init( &key->grp ); in mbedtls_ecp_keypair_init()
575 static int ecp_group_is_static_comb_table( const mbedtls_ecp_group *grp ) { in ecp_group_is_static_comb_table() argument
577 return grp->T != NULL && grp->T_size == 0; in ecp_group_is_static_comb_table()
579 (void) grp; in ecp_group_is_static_comb_table()
587 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) in mbedtls_ecp_group_free() argument
591 if( grp == NULL ) in mbedtls_ecp_group_free()
594 if( grp->h != 1 ) in mbedtls_ecp_group_free()
596 mbedtls_mpi_free( &grp->P ); in mbedtls_ecp_group_free()
597 mbedtls_mpi_free( &grp->A ); in mbedtls_ecp_group_free()
598 mbedtls_mpi_free( &grp->B ); in mbedtls_ecp_group_free()
599 mbedtls_ecp_point_free( &grp->G ); in mbedtls_ecp_group_free()
600 mbedtls_mpi_free( &grp->N ); in mbedtls_ecp_group_free()
603 if( !ecp_group_is_static_comb_table(grp) && grp->T != NULL ) in mbedtls_ecp_group_free()
605 for( i = 0; i < grp->T_size; i++ ) in mbedtls_ecp_group_free()
606 mbedtls_ecp_point_free( &grp->T[i] ); in mbedtls_ecp_group_free()
607 mbedtls_free( grp->T ); in mbedtls_ecp_group_free()
610 mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); in mbedtls_ecp_group_free()
621 mbedtls_ecp_group_free( &key->grp ); in mbedtls_ecp_keypair_free()
721 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, in mbedtls_ecp_point_write_binary() argument
728 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_point_write_binary()
735 plen = mbedtls_mpi_size( &grp->P ); in mbedtls_ecp_point_write_binary()
739 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_point_write_binary()
749 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_point_write_binary()
796 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, in mbedtls_ecp_point_read_binary() argument
802 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_point_read_binary()
809 plen = mbedtls_mpi_size( &grp->P ); in mbedtls_ecp_point_read_binary()
812 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_point_read_binary()
820 if( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) in mbedtls_ecp_point_read_binary()
828 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_point_read_binary()
861 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_point() argument
867 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_tls_read_point()
888 return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); in mbedtls_ecp_tls_read_point()
897 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, in mbedtls_ecp_tls_write_point() argument
902 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_tls_write_point()
915 if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, in mbedtls_ecp_tls_write_point()
931 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_group() argument
936 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_tls_read_group()
943 return( mbedtls_ecp_group_load( grp, grp_id ) ); in mbedtls_ecp_tls_read_group()
950 int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, in mbedtls_ecp_tls_read_group_id() argument
955 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_tls_read_group_id()
981 *grp = curve_info->grp_id; in mbedtls_ecp_tls_read_group_id()
989 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, in mbedtls_ecp_tls_write_group() argument
993 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_tls_write_group()
997 if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) in mbedtls_ecp_tls_write_group()
1026 static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) in ecp_modp() argument
1030 if( grp->modp == NULL ) in ecp_modp()
1031 return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); in ecp_modp()
1035 mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) in ecp_modp()
1040 MBEDTLS_MPI_CHK( grp->modp( N ) ); in ecp_modp()
1044 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); in ecp_modp()
1046 while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) in ecp_modp()
1048 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); in ecp_modp()
1076 MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \
1080 static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_mod() argument
1098 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
1107 static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_mod() argument
1126 while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \
1127 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
1129 static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp, in mbedtls_mpi_add_mod() argument
1145 static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, in mbedtls_mpi_shift_l_mod() argument
1170 static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) in ecp_normalize_jac() argument
1176 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_normalize_jac()
1177 return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); in ecp_normalize_jac()
1190 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); in ecp_normalize_jac()
1191 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); in ecp_normalize_jac()
1192 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) ); in ecp_normalize_jac()
1197 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) ); in ecp_normalize_jac()
1198 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) ); in ecp_normalize_jac()
1224 static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, in ecp_normalize_jac_many() argument
1228 return( ecp_normalize_jac( grp, *T ) ); in ecp_normalize_jac_many()
1231 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_normalize_jac_many()
1232 return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); in ecp_normalize_jac_many()
1256 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) ); in ecp_normalize_jac_many()
1262 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); in ecp_normalize_jac_many()
1275 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) ); in ecp_normalize_jac_many()
1276 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) ); in ecp_normalize_jac_many()
1282 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); in ecp_normalize_jac_many()
1283 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) ); in ecp_normalize_jac_many()
1284 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) ); in ecp_normalize_jac_many()
1285 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) ); in ecp_normalize_jac_many()
1293 MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); in ecp_normalize_jac_many()
1294 MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); in ecp_normalize_jac_many()
1316 static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, in ecp_safe_invert_jac() argument
1327 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); in ecp_safe_invert_jac()
1351 static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_double_jac() argument
1359 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_double_jac()
1360 return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); in ecp_double_jac()
1372 if( grp->A.p == NULL ) in ecp_double_jac()
1375 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); in ecp_double_jac()
1376 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) ); in ecp_double_jac()
1377 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) ); in ecp_double_jac()
1378 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) ); in ecp_double_jac()
1384 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) ); in ecp_double_jac()
1388 if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) in ecp_double_jac()
1391 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); in ecp_double_jac()
1392 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) ); in ecp_double_jac()
1393 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) ); in ecp_double_jac()
1394 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) ); in ecp_double_jac()
1399 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) ); in ecp_double_jac()
1400 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) ); in ecp_double_jac()
1401 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) ); in ecp_double_jac()
1402 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) ); in ecp_double_jac()
1405 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) ); in ecp_double_jac()
1406 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); in ecp_double_jac()
1409 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) ); in ecp_double_jac()
1410 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); in ecp_double_jac()
1411 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); in ecp_double_jac()
1414 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) ); in ecp_double_jac()
1415 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) ); in ecp_double_jac()
1416 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) ); in ecp_double_jac()
1419 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) ); in ecp_double_jac()
1420 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); in ecp_double_jac()
1451 static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_add_mixed() argument
1459 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_add_mixed()
1460 return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); in ecp_add_mixed()
1487 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) ); in ecp_add_mixed()
1488 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) ); in ecp_add_mixed()
1489 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) ); in ecp_add_mixed()
1490 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) ); in ecp_add_mixed()
1491 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) ); in ecp_add_mixed()
1492 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) ); in ecp_add_mixed()
1499 ret = ecp_double_jac( grp, R, P ); in ecp_add_mixed()
1509 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) ); in ecp_add_mixed()
1510 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) ); in ecp_add_mixed()
1511 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) ); in ecp_add_mixed()
1512 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) ); in ecp_add_mixed()
1514 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) ); in ecp_add_mixed()
1515 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) ); in ecp_add_mixed()
1516 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) ); in ecp_add_mixed()
1517 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) ); in ecp_add_mixed()
1518 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) ); in ecp_add_mixed()
1519 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) ); in ecp_add_mixed()
1520 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) ); in ecp_add_mixed()
1521 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) ); in ecp_add_mixed()
1543 static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in ecp_randomize_jac() argument
1547 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_randomize_jac()
1548 return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); in ecp_randomize_jac()
1560 MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) ); in ecp_randomize_jac()
1563 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) ); in ecp_randomize_jac()
1566 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) ); in ecp_randomize_jac()
1567 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) ); in ecp_randomize_jac()
1570 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) ); in ecp_randomize_jac()
1571 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) ); in ecp_randomize_jac()
1706 static int ecp_precompute_comb( const mbedtls_ecp_group *grp, in ecp_precompute_comb() argument
1767 MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); in ecp_precompute_comb()
1786 MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); in ecp_precompute_comb()
1804 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); in ecp_precompute_comb()
1823 MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); in ecp_precompute_comb()
1843 static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_select_comb() argument
1861 MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); in ecp_select_comb()
1873 static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb_core() argument
1909 MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); in ecp_mul_comb_core()
1912 MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); in ecp_mul_comb_core()
1920 MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); in ecp_mul_comb_core()
1921 MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); in ecp_mul_comb_core()
1922 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); in ecp_mul_comb_core()
1953 static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, in ecp_comb_recode_scalar() argument
1967 if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) in ecp_comb_recode_scalar()
1975 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); in ecp_comb_recode_scalar()
1995 static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, in ecp_mul_comb_after_precomp() argument
2021 MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, in ecp_mul_comb_after_precomp()
2023 MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, in ecp_mul_comb_after_precomp()
2025 MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); in ecp_mul_comb_after_precomp()
2046 MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); in ecp_mul_comb_after_precomp()
2048 MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); in ecp_mul_comb_after_precomp()
2062 static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, in ecp_pick_window_size() argument
2072 w = grp->nbits >= 384 ? 5 : 4; in ecp_pick_window_size()
2092 if( (!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE ) in ecp_pick_window_size()
2095 if( w >= grp->nbits ) in ecp_pick_window_size()
2114 static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb() argument
2130 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && in ecp_mul_comb()
2131 mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); in ecp_mul_comb()
2137 w = ecp_pick_window_size( grp, p_eq_g ); in ecp_mul_comb()
2139 d = ( grp->nbits + w - 1 ) / w; in ecp_mul_comb()
2142 if( p_eq_g && grp->T != NULL ) in ecp_mul_comb()
2145 T = grp->T; in ecp_mul_comb()
2181 MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); in ecp_mul_comb()
2187 grp->T = T; in ecp_mul_comb()
2188 grp->T_size = T_size; in ecp_mul_comb()
2193 MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, in ecp_mul_comb()
2200 if( T == grp->T ) in ecp_mul_comb()
2250 static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) in ecp_normalize_mxz() argument
2253 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_normalize_mxz()
2254 return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); in ecp_normalize_mxz()
2261 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); in ecp_normalize_mxz()
2262 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) ); in ecp_normalize_mxz()
2278 static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, in ecp_randomize_mxz() argument
2282 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_randomize_mxz()
2283 return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) ); in ecp_randomize_mxz()
2294 MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) ); in ecp_randomize_mxz()
2296 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) ); in ecp_randomize_mxz()
2297 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) ); in ecp_randomize_mxz()
2323 static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, in ecp_double_add_mxz() argument
2329 if( mbedtls_internal_ecp_grp_capable( grp ) ) in ecp_double_add_mxz()
2330 return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); in ecp_double_add_mxz()
2343 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) ); in ecp_double_add_mxz()
2344 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) ); in ecp_double_add_mxz()
2345 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) ); in ecp_double_add_mxz()
2346 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) ); in ecp_double_add_mxz()
2347 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) ); in ecp_double_add_mxz()
2348 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) ); in ecp_double_add_mxz()
2349 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) ); in ecp_double_add_mxz()
2350 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) ); in ecp_double_add_mxz()
2351 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) ); in ecp_double_add_mxz()
2352 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) ); in ecp_double_add_mxz()
2353 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) ); in ecp_double_add_mxz()
2354 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) ); in ecp_double_add_mxz()
2355 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) ); in ecp_double_add_mxz()
2356 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) ); in ecp_double_add_mxz()
2357 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) ); in ecp_double_add_mxz()
2358 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) ); in ecp_double_add_mxz()
2359 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) ); in ecp_double_add_mxz()
2360 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) ); in ecp_double_add_mxz()
2375 static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_mxz() argument
2403 MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); in ecp_mul_mxz()
2419 MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); in ecp_mul_mxz()
2435 MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); in ecp_mul_mxz()
2436 MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); in ecp_mul_mxz()
2452 static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_restartable_internal() argument
2471 if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) in ecp_mul_restartable_internal()
2472 MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); in ecp_mul_restartable_internal()
2484 MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); in ecp_mul_restartable_internal()
2485 MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); in ecp_mul_restartable_internal()
2490 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in ecp_mul_restartable_internal()
2491 MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); in ecp_mul_restartable_internal()
2494 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in ecp_mul_restartable_internal()
2495 MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); in ecp_mul_restartable_internal()
2502 mbedtls_internal_ecp_free( grp ); in ecp_mul_restartable_internal()
2516 int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul_restartable() argument
2521 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_mul_restartable()
2529 return( ecp_mul_restartable_internal( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); in mbedtls_ecp_mul_restartable()
2535 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul() argument
2539 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_mul()
2543 return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); in mbedtls_ecp_mul()
2551 static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) in ecp_check_pubkey_sw() argument
2559 mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || in ecp_check_pubkey_sw()
2560 mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) in ecp_check_pubkey_sw()
2569 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) ); in ecp_check_pubkey_sw()
2570 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) ); in ecp_check_pubkey_sw()
2573 if( grp->A.p == NULL ) in ecp_check_pubkey_sw()
2579 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) ); in ecp_check_pubkey_sw()
2582 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) ); in ecp_check_pubkey_sw()
2583 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) ); in ecp_check_pubkey_sw()
2601 static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, in mbedtls_ecp_mul_shortcuts() argument
2621 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); in mbedtls_ecp_mul_shortcuts()
2625 MBEDTLS_MPI_CHK( ecp_mul_restartable_internal( grp, R, m, P, in mbedtls_ecp_mul_shortcuts()
2638 mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd_restartable() argument
2650 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_muladd_restartable()
2657 if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_muladd_restartable()
2681 MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); in mbedtls_ecp_muladd_restartable()
2688 MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); in mbedtls_ecp_muladd_restartable()
2691 if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) in mbedtls_ecp_muladd_restartable()
2692 MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); in mbedtls_ecp_muladd_restartable()
2702 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); in mbedtls_ecp_muladd_restartable()
2710 MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); in mbedtls_ecp_muladd_restartable()
2720 mbedtls_internal_ecp_free( grp ); in mbedtls_ecp_muladd_restartable()
2734 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd() argument
2738 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_muladd()
2744 return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); in mbedtls_ecp_muladd()
2843 static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) in ecp_check_pubkey_mx() argument
2848 if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) in ecp_check_pubkey_mx()
2857 return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) ); in ecp_check_pubkey_mx()
2864 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, in mbedtls_ecp_check_pubkey() argument
2867 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_check_pubkey()
2875 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_check_pubkey()
2876 return( ecp_check_pubkey_mx( grp, pt ) ); in mbedtls_ecp_check_pubkey()
2879 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_check_pubkey()
2880 return( ecp_check_pubkey_sw( grp, pt ) ); in mbedtls_ecp_check_pubkey()
2888 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, in mbedtls_ecp_check_privkey() argument
2891 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_check_privkey()
2895 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_check_privkey()
2900 mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ in mbedtls_ecp_check_privkey()
2904 if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) in mbedtls_ecp_check_privkey()
2911 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_check_privkey()
2915 mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) in mbedtls_ecp_check_privkey()
2978 int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, in mbedtls_ecp_gen_privkey() argument
2983 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_gen_privkey()
2988 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_gen_privkey()
2989 return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) ); in mbedtls_ecp_gen_privkey()
2993 if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_gen_privkey()
2994 return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) ); in mbedtls_ecp_gen_privkey()
3003 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair_base() argument
3010 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_gen_keypair_base()
3016 MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); in mbedtls_ecp_gen_keypair_base()
3017 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); in mbedtls_ecp_gen_keypair_base()
3026 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair() argument
3031 ECP_VALIDATE_RET( grp != NULL ); in mbedtls_ecp_gen_keypair()
3036 return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); in mbedtls_ecp_gen_keypair()
3049 if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) in mbedtls_ecp_gen_key()
3052 return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); in mbedtls_ecp_gen_key()
3068 if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) in mbedtls_ecp_read_key()
3074 if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_read_key()
3124 if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_read_key()
3128 MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) ); in mbedtls_ecp_read_key()
3152 if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_write_key()
3154 if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 ) in mbedtls_ecp_write_key()
3160 else if( key->grp.id == MBEDTLS_ECP_DP_CURVE448 ) in mbedtls_ecp_write_key()
3169 if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_write_key()
3190 mbedtls_ecp_group grp; in mbedtls_ecp_check_pub_priv() local
3194 if( pub->grp.id == MBEDTLS_ECP_DP_NONE || in mbedtls_ecp_check_pub_priv()
3195 pub->grp.id != prv->grp.id || in mbedtls_ecp_check_pub_priv()
3204 mbedtls_ecp_group_init( &grp ); in mbedtls_ecp_check_pub_priv()
3207 mbedtls_ecp_group_copy( &grp, &prv->grp ); in mbedtls_ecp_check_pub_priv()
3210 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng ) ); in mbedtls_ecp_check_pub_priv()
3222 mbedtls_ecp_group_free( &grp ); in mbedtls_ecp_check_pub_priv()
3254 static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, in self_test_adjust_exponent() argument
3258 switch( grp->id ) in self_test_adjust_exponent()
3268 MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) ); in self_test_adjust_exponent()
3272 mbedtls_mpi_set_bit( m, grp->nbits - 1, in self_test_adjust_exponent()
3279 (void) grp; in self_test_adjust_exponent()
3290 mbedtls_ecp_group *grp, in self_test_point() argument
3305 MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); in self_test_point()
3306 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) ); in self_test_point()
3318 MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); in self_test_point()
3319 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) ); in self_test_point()
3347 mbedtls_ecp_group grp; in mbedtls_ecp_self_test() local
3380 mbedtls_ecp_group_init( &grp ); in mbedtls_ecp_self_test()
3388 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) ); in mbedtls_ecp_self_test()
3390 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) ); in mbedtls_ecp_self_test()
3397 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, self_test_rng, NULL ) ); in mbedtls_ecp_self_test()
3399 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3409 &grp, &R, &m, &P, in mbedtls_ecp_self_test()
3415 mbedtls_ecp_group_free( &grp ); in mbedtls_ecp_self_test()
3423 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) ); in mbedtls_ecp_self_test()
3425 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) ); in mbedtls_ecp_self_test()
3430 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3442 mbedtls_ecp_group_free( &grp ); in mbedtls_ecp_self_test()