Lines Matching full:grp
258 static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp ) in ecp_get_type() argument
260 if( grp->G.X.p == NULL ) in ecp_get_type()
263 if( grp->G.Y.p == NULL ) in ecp_get_type()
285 void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) in mbedtls_ecp_group_init() argument
287 if( grp == NULL ) in mbedtls_ecp_group_init()
290 memset( grp, 0, sizeof( mbedtls_ecp_group ) ); in mbedtls_ecp_group_init()
301 mbedtls_ecp_group_init( &key->grp ); in mbedtls_ecp_keypair_init()
322 void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) in mbedtls_ecp_group_free() argument
326 if( grp == NULL ) in mbedtls_ecp_group_free()
329 if( grp->h != 1 ) in mbedtls_ecp_group_free()
331 mbedtls_mpi_free( &grp->P ); in mbedtls_ecp_group_free()
332 mbedtls_mpi_free( &grp->A ); in mbedtls_ecp_group_free()
333 mbedtls_mpi_free( &grp->B ); in mbedtls_ecp_group_free()
334 mbedtls_ecp_point_free( &grp->G ); in mbedtls_ecp_group_free()
335 mbedtls_mpi_free( &grp->N ); in mbedtls_ecp_group_free()
338 if( grp->T != NULL ) in mbedtls_ecp_group_free()
340 for( i = 0; i < grp->T_size; i++ ) in mbedtls_ecp_group_free()
341 mbedtls_ecp_point_free( &grp->T[i] ); in mbedtls_ecp_group_free()
342 mbedtls_free( grp->T ); in mbedtls_ecp_group_free()
345 mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) ); in mbedtls_ecp_group_free()
356 mbedtls_ecp_group_free( &key->grp ); in mbedtls_ecp_keypair_free()
442 int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, in mbedtls_ecp_point_write_binary() argument
467 plen = mbedtls_mpi_size( &grp->P ); in mbedtls_ecp_point_write_binary()
498 int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in mbedtls_ecp_point_read_binary() argument
515 plen = mbedtls_mpi_size( &grp->P ); in mbedtls_ecp_point_read_binary()
537 int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in mbedtls_ecp_tls_read_point() argument
559 return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ); in mbedtls_ecp_tls_read_point()
568 int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, in mbedtls_ecp_tls_write_point() argument
580 if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, in mbedtls_ecp_tls_write_point()
596 int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) in mbedtls_ecp_tls_read_group() argument
623 return mbedtls_ecp_group_load( grp, curve_info->grp_id ); in mbedtls_ecp_tls_read_group()
629 int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, in mbedtls_ecp_tls_write_group() argument
634 if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) in mbedtls_ecp_tls_write_group()
664 static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) in ecp_modp() argument
668 if( grp->modp == NULL ) in ecp_modp()
669 return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); in ecp_modp()
673 mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) in ecp_modp()
678 MBEDTLS_MPI_CHK( grp->modp( N ) ); in ecp_modp()
682 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); in ecp_modp()
684 while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) in ecp_modp()
686 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); in ecp_modp()
711 #define MOD_MUL( N ) do { MBEDTLS_MPI_CHK( ecp_modp( &N, grp ) ); INC_MUL_COUNT } \
720 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &N, &N, &grp->P ) )
728 while( mbedtls_mpi_cmp_mpi( &N, &grp->P ) >= 0 ) \
729 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &N, &N, &grp->P ) )
744 static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) in ecp_normalize_jac() argument
757 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); in ecp_normalize_jac()
790 static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, in ecp_normalize_jac_many() argument
798 return( ecp_normalize_jac( grp, *T ) ); in ecp_normalize_jac_many()
818 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[t_len-1], &grp->P ) ); in ecp_normalize_jac_many()
849 MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); in ecp_normalize_jac_many()
850 MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); in ecp_normalize_jac_many()
871 static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, in ecp_safe_invert_jac() argument
882 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); in ecp_safe_invert_jac()
906 static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_double_jac() argument
919 if( grp->A.p == NULL ) in ecp_double_jac()
935 if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) in ecp_double_jac()
940 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S ); in ecp_double_jac()
997 static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_add_mixed() argument
1037 ret = ecp_double_jac( grp, R, P ); in ecp_add_mixed()
1079 static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in ecp_randomize_jac() argument
1084 size_t p_size = ( grp->pbits + 7 ) / 8; in ecp_randomize_jac()
1094 while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) in ecp_randomize_jac()
1192 static int ecp_precompute_comb( const mbedtls_ecp_group *grp, in ecp_precompute_comb() argument
1213 MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); in ecp_precompute_comb()
1218 MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) ); in ecp_precompute_comb()
1230 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); in ecp_precompute_comb()
1235 MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) ); in ecp_precompute_comb()
1244 static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_select_comb() argument
1262 MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); in ecp_select_comb()
1274 static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb_core() argument
1288 MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) ); in ecp_mul_comb_core()
1291 MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); in ecp_mul_comb_core()
1295 MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); in ecp_mul_comb_core()
1296 MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) ); in ecp_mul_comb_core()
1297 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); in ecp_mul_comb_core()
1310 static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb() argument
1326 if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) in ecp_mul_comb()
1334 w = grp->nbits >= 384 ? 5 : 4; in ecp_mul_comb()
1342 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && in ecp_mul_comb()
1343 mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); in ecp_mul_comb()
1356 if( w >= grp->nbits ) in ecp_mul_comb()
1361 d = ( grp->nbits + w - 1 ) / w; in ecp_mul_comb()
1365 * use grp->T if already initialized, or initialize it. in ecp_mul_comb()
1367 T = p_eq_g ? grp->T : NULL; in ecp_mul_comb()
1378 MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) ); in ecp_mul_comb()
1382 grp->T = T; in ecp_mul_comb()
1383 grp->T_size = pre_len; in ecp_mul_comb()
1393 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); in ecp_mul_comb()
1400 MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) ); in ecp_mul_comb()
1405 MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) ); in ecp_mul_comb()
1406 MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); in ecp_mul_comb()
1441 static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) in ecp_normalize_mxz() argument
1445 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); in ecp_normalize_mxz()
1461 static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, in ecp_randomize_mxz() argument
1466 size_t p_size = ( grp->pbits + 7 ) / 8; in ecp_randomize_mxz()
1476 while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) in ecp_randomize_mxz()
1508 static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, in ecp_double_add_mxz() argument
1535 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E ) ); MOD_MUL( R->Z ); in ecp_double_add_mxz()
1551 static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_mxz() argument
1578 MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); in ecp_mul_mxz()
1594 MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); in ecp_mul_mxz()
1599 MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); in ecp_mul_mxz()
1612 int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul() argument
1622 if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || in mbedtls_ecp_mul()
1623 ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) in mbedtls_ecp_mul()
1627 if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_mul()
1628 return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); in mbedtls_ecp_mul()
1631 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_mul()
1632 return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng ) ); in mbedtls_ecp_mul()
1642 static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) in ecp_check_pubkey_sw() argument
1650 mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || in ecp_check_pubkey_sw()
1651 mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) in ecp_check_pubkey_sw()
1664 if( grp->A.p == NULL ) in ecp_check_pubkey_sw()
1670 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->A ) ); MOD_ADD( RHS ); in ecp_check_pubkey_sw()
1674 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS ); in ecp_check_pubkey_sw()
1691 static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, in mbedtls_ecp_mul_shortcuts() argument
1706 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); in mbedtls_ecp_mul_shortcuts()
1710 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); in mbedtls_ecp_mul_shortcuts()
1721 int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd() argument
1728 if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_muladd()
1733 MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) ); in mbedtls_ecp_muladd()
1734 MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); in mbedtls_ecp_muladd()
1736 MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) ); in mbedtls_ecp_muladd()
1737 MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); in mbedtls_ecp_muladd()
1750 static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) in ecp_check_pubkey_mx() argument
1753 if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) in ecp_check_pubkey_mx()
1763 int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) in mbedtls_ecp_check_pubkey() argument
1770 if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_check_pubkey()
1771 return( ecp_check_pubkey_mx( grp, pt ) ); in mbedtls_ecp_check_pubkey()
1774 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_check_pubkey()
1775 return( ecp_check_pubkey_sw( grp, pt ) ); in mbedtls_ecp_check_pubkey()
1783 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d ) in mbedtls_ecp_check_privkey() argument
1786 if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_check_privkey()
1792 mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ in mbedtls_ecp_check_privkey()
1799 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_check_privkey()
1803 mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) in mbedtls_ecp_check_privkey()
1816 int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair_base() argument
1823 size_t n_size = ( grp->nbits + 7 ) / 8; in mbedtls_ecp_gen_keypair_base()
1826 if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) in mbedtls_ecp_gen_keypair_base()
1837 if( b > grp->nbits ) in mbedtls_ecp_gen_keypair_base()
1838 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) ); in mbedtls_ecp_gen_keypair_base()
1840 MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); in mbedtls_ecp_gen_keypair_base()
1850 if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) in mbedtls_ecp_gen_keypair_base()
1867 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); in mbedtls_ecp_gen_keypair_base()
1882 mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ); in mbedtls_ecp_gen_keypair_base()
1892 return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); in mbedtls_ecp_gen_keypair_base()
1898 int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair() argument
1903 return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); in mbedtls_ecp_gen_keypair()
1914 if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) in mbedtls_ecp_gen_key()
1917 return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); in mbedtls_ecp_gen_key()
1927 mbedtls_ecp_group grp; in mbedtls_ecp_check_pub_priv() local
1929 if( pub->grp.id == MBEDTLS_ECP_DP_NONE || in mbedtls_ecp_check_pub_priv()
1930 pub->grp.id != prv->grp.id || in mbedtls_ecp_check_pub_priv()
1939 mbedtls_ecp_group_init( &grp ); in mbedtls_ecp_check_pub_priv()
1942 mbedtls_ecp_group_copy( &grp, &prv->grp ); in mbedtls_ecp_check_pub_priv()
1945 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); in mbedtls_ecp_check_pub_priv()
1957 mbedtls_ecp_group_free( &grp ); in mbedtls_ecp_check_pub_priv()
1972 mbedtls_ecp_group grp; in mbedtls_ecp_self_test() local
1988 mbedtls_ecp_group_init( &grp ); in mbedtls_ecp_self_test()
1995 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) ); in mbedtls_ecp_self_test()
1997 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) ); in mbedtls_ecp_self_test()
2005 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); in mbedtls_ecp_self_test()
2011 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) ); in mbedtls_ecp_self_test()
2023 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) ); in mbedtls_ecp_self_test()
2048 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) ); in mbedtls_ecp_self_test()
2060 MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) ); in mbedtls_ecp_self_test()
2082 mbedtls_ecp_group_free( &grp ); in mbedtls_ecp_self_test()