Lines Matching refs:grp
253 int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_budget() argument
260 if (grp->pbits >= 512) { in mbedtls_ecp_check_budget()
262 } else if (grp->pbits >= 384) { in mbedtls_ecp_check_budget()
491 mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) in mbedtls_ecp_get_type() argument
493 if (grp->G.X.p == NULL) { in mbedtls_ecp_get_type()
497 if (grp->G.Y.p == NULL) { in mbedtls_ecp_get_type()
517 void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) in mbedtls_ecp_group_init() argument
519 grp->id = MBEDTLS_ECP_DP_NONE; in mbedtls_ecp_group_init()
520 mbedtls_mpi_init(&grp->P); in mbedtls_ecp_group_init()
521 mbedtls_mpi_init(&grp->A); in mbedtls_ecp_group_init()
522 mbedtls_mpi_init(&grp->B); in mbedtls_ecp_group_init()
523 mbedtls_ecp_point_init(&grp->G); in mbedtls_ecp_group_init()
524 mbedtls_mpi_init(&grp->N); in mbedtls_ecp_group_init()
525 grp->pbits = 0; in mbedtls_ecp_group_init()
526 grp->nbits = 0; in mbedtls_ecp_group_init()
527 grp->h = 0; in mbedtls_ecp_group_init()
528 grp->modp = NULL; in mbedtls_ecp_group_init()
529 grp->t_pre = NULL; in mbedtls_ecp_group_init()
530 grp->t_post = NULL; in mbedtls_ecp_group_init()
531 grp->t_data = NULL; in mbedtls_ecp_group_init()
532 grp->T = NULL; in mbedtls_ecp_group_init()
533 grp->T_size = 0; in mbedtls_ecp_group_init()
541 mbedtls_ecp_group_init(&key->grp); in mbedtls_ecp_keypair_init()
563 static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp) in ecp_group_is_static_comb_table() argument
566 return grp->T != NULL && grp->T_size == 0; in ecp_group_is_static_comb_table()
568 (void) grp; in ecp_group_is_static_comb_table()
576 void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) in mbedtls_ecp_group_free() argument
580 if (grp == NULL) { in mbedtls_ecp_group_free()
584 if (grp->h != 1) { in mbedtls_ecp_group_free()
585 mbedtls_mpi_free(&grp->A); in mbedtls_ecp_group_free()
586 mbedtls_mpi_free(&grp->B); in mbedtls_ecp_group_free()
587 mbedtls_ecp_point_free(&grp->G); in mbedtls_ecp_group_free()
590 if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { in mbedtls_ecp_group_free()
591 for (i = 0; i < grp->T_size; i++) { in mbedtls_ecp_group_free()
592 mbedtls_ecp_point_free(&grp->T[i]); in mbedtls_ecp_group_free()
594 mbedtls_free(grp->T); in mbedtls_ecp_group_free()
597 mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); in mbedtls_ecp_group_free()
609 mbedtls_ecp_group_free(&key->grp); in mbedtls_ecp_keypair_free()
691 int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_write_binary() argument
703 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_write_binary()
707 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_write_binary()
717 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_write_binary()
760 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
769 int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_read_binary() argument
779 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_read_binary()
782 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_read_binary()
790 if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_point_read_binary()
799 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_read_binary()
826 return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, in mbedtls_ecp_point_read_binary()
844 int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_point() argument
868 return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len); in mbedtls_ecp_tls_read_point()
877 int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, in mbedtls_ecp_tls_write_point() argument
894 if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, in mbedtls_ecp_tls_write_point()
911 int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_group() argument
920 return mbedtls_ecp_group_load(grp, grp_id); in mbedtls_ecp_tls_read_group()
927 int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, in mbedtls_ecp_tls_read_group_id() argument
957 *grp = curve_info->grp_id; in mbedtls_ecp_tls_read_group_id()
965 int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, in mbedtls_ecp_tls_write_group() argument
969 if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) { in mbedtls_ecp_tls_write_group()
1000 static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) in ecp_modp() argument
1004 if (grp->modp == NULL) { in ecp_modp()
1005 return mbedtls_mpi_mod_mpi(N, N, &grp->P); in ecp_modp()
1010 mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { in ecp_modp()
1014 MBEDTLS_MPI_CHK(grp->modp(N)); in ecp_modp()
1018 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); in ecp_modp()
1021 while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { in ecp_modp()
1023 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); in ecp_modp()
1052 MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \
1056 static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_mod() argument
1075 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \
1085 static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_mod() argument
1104 while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \
1105 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P))
1107 static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_add_mod() argument
1119 static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_int_mod() argument
1132 static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_int_mod() argument
1146 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
1152 static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_shift_l_mod() argument
1172 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B))
1175 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B))
1178 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B))
1181 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A))
1184 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c))
1187 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P))
1193 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count))
1206 MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng))
1214 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \
1236 static int ecp_sw_rhs(const mbedtls_ecp_group *grp, in ecp_sw_rhs() argument
1246 if (grp->A.p == NULL) { in ecp_sw_rhs()
1249 MPI_ECP_ADD(rhs, rhs, &grp->A); in ecp_sw_rhs()
1253 MPI_ECP_ADD(rhs, rhs, &grp->B); in ecp_sw_rhs()
1262 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, in mbedtls_ecp_sw_derive_y() argument
1276 if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 || in mbedtls_ecp_sw_derive_y()
1277 mbedtls_mpi_get_bit(&grp->P, 1) != 1) { in mbedtls_ecp_sw_derive_y()
1286 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X)); in mbedtls_ecp_sw_derive_y()
1290 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1)); in mbedtls_ecp_sw_derive_y()
1293 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL)); in mbedtls_ecp_sw_derive_y()
1301 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y)); in mbedtls_ecp_sw_derive_y()
1322 static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) in ecp_normalize_jac() argument
1329 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac()
1330 return mbedtls_internal_ecp_normalize_jac(grp, pt); in ecp_normalize_jac()
1368 static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, in ecp_normalize_jac_many() argument
1372 return ecp_normalize_jac(grp, *T); in ecp_normalize_jac_many()
1376 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac_many()
1377 return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); in ecp_normalize_jac_many()
1441 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); in ecp_normalize_jac_many()
1442 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); in ecp_normalize_jac_many()
1465 static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, in ecp_safe_invert_jac() argument
1494 static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_double_jac() argument
1503 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_jac()
1504 return mbedtls_internal_ecp_double_jac(grp, R, P); in ecp_double_jac()
1514 if (grp->A.p == NULL) { in ecp_double_jac()
1527 if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) { in ecp_double_jac()
1531 MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A); in ecp_double_jac()
1591 static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_add_mixed() argument
1600 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_add_mixed()
1601 return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); in ecp_add_mixed()
1649 ret = ecp_double_jac(grp, R, P, tmp); in ecp_add_mixed()
1689 static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in ecp_randomize_jac() argument
1693 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_jac()
1694 return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); in ecp_randomize_jac()
1857 static int ecp_precompute_comb(const mbedtls_ecp_group *grp, in ecp_precompute_comb() argument
1924 MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp)); in ecp_precompute_comb()
1948 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
1966 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp)); in ecp_precompute_comb()
1988 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
2020 static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_select_comb() argument
2037 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); in ecp_select_comb()
2051 static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb_core() argument
2086 MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); in ecp_mul_comb_core()
2088 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); in ecp_mul_comb_core()
2096 MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp)); in ecp_mul_comb_core()
2097 MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); in ecp_mul_comb_core()
2098 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp)); in ecp_mul_comb_core()
2129 static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, in ecp_comb_recode_scalar() argument
2143 if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { in ecp_comb_recode_scalar()
2152 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); in ecp_comb_recode_scalar()
2172 static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, in ecp_mul_comb_after_precomp() argument
2198 MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, in ecp_mul_comb_after_precomp()
2200 MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, in ecp_mul_comb_after_precomp()
2202 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); in ecp_mul_comb_after_precomp()
2224 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); in ecp_mul_comb_after_precomp()
2227 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); in ecp_mul_comb_after_precomp()
2242 static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, in ecp_pick_window_size() argument
2252 w = grp->nbits >= 384 ? 5 : 4; in ecp_pick_window_size()
2273 if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) { in ecp_pick_window_size()
2277 if (w >= grp->nbits) { in ecp_pick_window_size()
2297 static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb() argument
2313 p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 && in ecp_mul_comb()
2314 MPI_ECP_CMP(&P->X, &grp->G.X) == 0); in ecp_mul_comb()
2320 w = ecp_pick_window_size(grp, p_eq_g); in ecp_mul_comb()
2322 d = (grp->nbits + w - 1) / w; in ecp_mul_comb()
2325 if (p_eq_g && grp->T != NULL) { in ecp_mul_comb()
2327 T = grp->T; in ecp_mul_comb()
2359 MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); in ecp_mul_comb()
2364 grp->T = T; in ecp_mul_comb()
2365 grp->T_size = T_size; in ecp_mul_comb()
2370 MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, in ecp_mul_comb()
2377 if (T == grp->T) { in ecp_mul_comb()
2431 static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) in ecp_normalize_mxz() argument
2434 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_mxz()
2435 return mbedtls_internal_ecp_normalize_mxz(grp, P); in ecp_normalize_mxz()
2460 static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, in ecp_randomize_mxz() argument
2464 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_mxz()
2465 return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); in ecp_randomize_mxz()
2507 static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, in ecp_double_add_mxz() argument
2514 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_add_mxz()
2515 return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); in ecp_double_add_mxz()
2534 MPI_ECP_MUL(&R->Z, &grp->A, &T[0]); /* A * (Pp^2 - Pm^2) */ in ecp_double_add_mxz()
2553 static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_mxz() argument
2585 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); in ecp_mul_mxz()
2588 i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ in ecp_mul_mxz()
2600 MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp)); in ecp_mul_mxz()
2616 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); in ecp_mul_mxz()
2617 MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); in ecp_mul_mxz()
2634 static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_restartable_internal() argument
2654 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in ecp_mul_restartable_internal()
2655 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in ecp_mul_restartable_internal()
2669 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); in ecp_mul_restartable_internal()
2670 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in ecp_mul_restartable_internal()
2675 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in ecp_mul_restartable_internal()
2676 MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); in ecp_mul_restartable_internal()
2680 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in ecp_mul_restartable_internal()
2681 MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); in ecp_mul_restartable_internal()
2689 mbedtls_internal_ecp_free(grp); in ecp_mul_restartable_internal()
2705 int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul_restartable() argument
2714 return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx); in mbedtls_ecp_mul_restartable()
2720 int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul() argument
2724 return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); in mbedtls_ecp_mul()
2732 static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_sw() argument
2740 mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || in ecp_check_pubkey_sw()
2741 mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { in ecp_check_pubkey_sw()
2752 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); in ecp_check_pubkey_sw()
2771 static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, in mbedtls_ecp_mul_shortcuts() argument
2782 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2785 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2788 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2792 MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, in mbedtls_ecp_mul_shortcuts()
2807 mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd_restartable() argument
2820 if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_muladd_restartable()
2848 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2856 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2859 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in mbedtls_ecp_muladd_restartable()
2860 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in mbedtls_ecp_muladd_restartable()
2872 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp)); in mbedtls_ecp_muladd_restartable()
2881 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); in mbedtls_ecp_muladd_restartable()
2895 mbedtls_internal_ecp_free(grp); in mbedtls_ecp_muladd_restartable()
2910 int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd() argument
2914 return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); in mbedtls_ecp_muladd()
3009 static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_mx() argument
3014 if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { in ecp_check_pubkey_mx()
3025 return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); in ecp_check_pubkey_mx()
3032 int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_pubkey() argument
3041 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_pubkey()
3042 return ecp_check_pubkey_mx(grp, pt); in mbedtls_ecp_check_pubkey()
3046 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_pubkey()
3047 return ecp_check_pubkey_sw(grp, pt); in mbedtls_ecp_check_pubkey()
3056 int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_privkey() argument
3060 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_privkey()
3064 mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */ in mbedtls_ecp_check_privkey()
3069 if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { in mbedtls_ecp_check_privkey()
3077 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_privkey()
3080 mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { in mbedtls_ecp_check_privkey()
3142 int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_gen_privkey() argument
3148 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_gen_privkey()
3149 return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3154 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_gen_privkey()
3155 return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3165 int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair_base() argument
3172 MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3173 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3182 int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair() argument
3187 return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); in mbedtls_ecp_gen_keypair()
3197 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_gen_key()
3201 return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); in mbedtls_ecp_gen_key()
3214 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_read_key()
3221 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_read_key()
3269 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_read_key()
3272 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); in mbedtls_ecp_read_key()
3294 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_write_key()
3295 if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_write_key()
3300 } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) { in mbedtls_ecp_write_key()
3309 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_write_key()
3329 mbedtls_ecp_group grp; in mbedtls_ecp_check_pub_priv() local
3330 if (pub->grp.id == MBEDTLS_ECP_DP_NONE || in mbedtls_ecp_check_pub_priv()
3331 pub->grp.id != prv->grp.id || in mbedtls_ecp_check_pub_priv()
3339 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_check_pub_priv()
3342 mbedtls_ecp_group_copy(&grp, &prv->grp); in mbedtls_ecp_check_pub_priv()
3345 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng)); in mbedtls_ecp_check_pub_priv()
3356 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_check_pub_priv()
3364 int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, in mbedtls_ecp_export() argument
3369 if ((ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { in mbedtls_ecp_export()
3410 static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, in self_test_adjust_exponent() argument
3414 switch (grp->id) { in self_test_adjust_exponent()
3423 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); in self_test_adjust_exponent()
3427 mbedtls_mpi_set_bit(m, grp->nbits - 1, in self_test_adjust_exponent()
3434 (void) grp; in self_test_adjust_exponent()
3445 mbedtls_ecp_group *grp, in self_test_point() argument
3460 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3461 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3472 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3473 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3500 mbedtls_ecp_group grp; in mbedtls_ecp_self_test() local
3533 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_self_test()
3541 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); in mbedtls_ecp_self_test()
3543 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); in mbedtls_ecp_self_test()
3551 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL)); in mbedtls_ecp_self_test()
3553 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3565 &grp, &R, &m, &P, in mbedtls_ecp_self_test()
3572 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()
3581 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); in mbedtls_ecp_self_test()
3583 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); in mbedtls_ecp_self_test()
3588 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3602 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()