Lines Matching refs:grp
246 int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_budget() argument
253 if (grp->pbits >= 512) { in mbedtls_ecp_check_budget()
255 } else if (grp->pbits >= 384) { in mbedtls_ecp_check_budget()
490 mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) in mbedtls_ecp_get_type() argument
492 if (grp->G.X.p == NULL) { in mbedtls_ecp_get_type()
496 if (grp->G.Y.p == NULL) { in mbedtls_ecp_get_type()
516 void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) in mbedtls_ecp_group_init() argument
518 grp->id = MBEDTLS_ECP_DP_NONE; in mbedtls_ecp_group_init()
519 mbedtls_mpi_init(&grp->P); in mbedtls_ecp_group_init()
520 mbedtls_mpi_init(&grp->A); in mbedtls_ecp_group_init()
521 mbedtls_mpi_init(&grp->B); in mbedtls_ecp_group_init()
522 mbedtls_ecp_point_init(&grp->G); in mbedtls_ecp_group_init()
523 mbedtls_mpi_init(&grp->N); in mbedtls_ecp_group_init()
524 grp->pbits = 0; in mbedtls_ecp_group_init()
525 grp->nbits = 0; in mbedtls_ecp_group_init()
526 grp->h = 0; in mbedtls_ecp_group_init()
527 grp->modp = NULL; in mbedtls_ecp_group_init()
528 grp->t_pre = NULL; in mbedtls_ecp_group_init()
529 grp->t_post = NULL; in mbedtls_ecp_group_init()
530 grp->t_data = NULL; in mbedtls_ecp_group_init()
531 grp->T = NULL; in mbedtls_ecp_group_init()
532 grp->T_size = 0; in mbedtls_ecp_group_init()
540 mbedtls_ecp_group_init(&key->grp); in mbedtls_ecp_keypair_init()
562 static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp) in ecp_group_is_static_comb_table() argument
565 return grp->T != NULL && grp->T_size == 0; in ecp_group_is_static_comb_table()
567 (void) grp; in ecp_group_is_static_comb_table()
575 void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) in mbedtls_ecp_group_free() argument
579 if (grp == NULL) { in mbedtls_ecp_group_free()
583 if (grp->h != 1) { in mbedtls_ecp_group_free()
584 mbedtls_mpi_free(&grp->A); in mbedtls_ecp_group_free()
585 mbedtls_mpi_free(&grp->B); in mbedtls_ecp_group_free()
586 mbedtls_ecp_point_free(&grp->G); in mbedtls_ecp_group_free()
589 mbedtls_mpi_free(&grp->N); in mbedtls_ecp_group_free()
590 mbedtls_mpi_free(&grp->P); in mbedtls_ecp_group_free()
594 if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { in mbedtls_ecp_group_free()
595 for (i = 0; i < grp->T_size; i++) { in mbedtls_ecp_group_free()
596 mbedtls_ecp_point_free(&grp->T[i]); in mbedtls_ecp_group_free()
598 mbedtls_free(grp->T); in mbedtls_ecp_group_free()
601 mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); in mbedtls_ecp_group_free()
613 mbedtls_ecp_group_free(&key->grp); in mbedtls_ecp_keypair_free()
695 int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_write_binary() argument
707 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_write_binary()
711 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_write_binary()
721 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_write_binary()
764 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
773 int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_read_binary() argument
783 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_read_binary()
786 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_read_binary()
794 if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_point_read_binary()
803 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_read_binary()
830 return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, in mbedtls_ecp_point_read_binary()
848 int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_point() argument
872 return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len); in mbedtls_ecp_tls_read_point()
881 int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, in mbedtls_ecp_tls_write_point() argument
898 if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, in mbedtls_ecp_tls_write_point()
915 int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_group() argument
924 return mbedtls_ecp_group_load(grp, grp_id); in mbedtls_ecp_tls_read_group()
931 int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, in mbedtls_ecp_tls_read_group_id() argument
960 *grp = curve_info->grp_id; in mbedtls_ecp_tls_read_group_id()
968 int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, in mbedtls_ecp_tls_write_group() argument
972 if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) { in mbedtls_ecp_tls_write_group()
1003 static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) in ecp_modp() argument
1007 if (grp->modp == NULL) { in ecp_modp()
1008 return mbedtls_mpi_mod_mpi(N, N, &grp->P); in ecp_modp()
1013 mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { in ecp_modp()
1017 MBEDTLS_MPI_CHK(grp->modp(N)); in ecp_modp()
1021 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); in ecp_modp()
1024 while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { in ecp_modp()
1026 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); in ecp_modp()
1055 MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \
1059 static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_mod() argument
1078 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \
1082 static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_mod() argument
1100 while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \
1101 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P))
1103 static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_add_mod() argument
1116 static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_int_mod() argument
1130 static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_int_mod() argument
1144 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
1147 static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_shift_l_mod() argument
1165 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B))
1168 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B))
1171 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B))
1174 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A))
1177 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c))
1180 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P))
1186 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count))
1199 MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng))
1207 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \
1229 static int ecp_sw_rhs(const mbedtls_ecp_group *grp, in ecp_sw_rhs() argument
1239 if (mbedtls_ecp_group_a_is_minus_3(grp)) { in ecp_sw_rhs()
1242 MPI_ECP_ADD(rhs, rhs, &grp->A); in ecp_sw_rhs()
1246 MPI_ECP_ADD(rhs, rhs, &grp->B); in ecp_sw_rhs()
1255 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, in mbedtls_ecp_sw_derive_y() argument
1269 if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 || in mbedtls_ecp_sw_derive_y()
1270 mbedtls_mpi_get_bit(&grp->P, 1) != 1) { in mbedtls_ecp_sw_derive_y()
1279 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X)); in mbedtls_ecp_sw_derive_y()
1283 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1)); in mbedtls_ecp_sw_derive_y()
1286 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL)); in mbedtls_ecp_sw_derive_y()
1294 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y)); in mbedtls_ecp_sw_derive_y()
1318 static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) in ecp_normalize_jac() argument
1325 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac()
1326 return mbedtls_internal_ecp_normalize_jac(grp, pt); in ecp_normalize_jac()
1364 static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, in ecp_normalize_jac_many() argument
1368 return ecp_normalize_jac(grp, *T); in ecp_normalize_jac_many()
1372 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac_many()
1373 return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); in ecp_normalize_jac_many()
1437 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); in ecp_normalize_jac_many()
1438 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); in ecp_normalize_jac_many()
1461 static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, in ecp_safe_invert_jac() argument
1490 static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_double_jac() argument
1499 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_jac()
1500 return mbedtls_internal_ecp_double_jac(grp, R, P); in ecp_double_jac()
1510 if (mbedtls_ecp_group_a_is_minus_3(grp)) { in ecp_double_jac()
1523 if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) { in ecp_double_jac()
1527 MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A); in ecp_double_jac()
1587 static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_add_mixed() argument
1596 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_add_mixed()
1597 return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); in ecp_add_mixed()
1645 ret = ecp_double_jac(grp, R, P, tmp); in ecp_add_mixed()
1685 static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in ecp_randomize_jac() argument
1689 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_jac()
1690 return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); in ecp_randomize_jac()
1853 static int ecp_precompute_comb(const mbedtls_ecp_group *grp, in ecp_precompute_comb() argument
1920 MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp)); in ecp_precompute_comb()
1944 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
1962 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp)); in ecp_precompute_comb()
1984 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
2016 static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_select_comb() argument
2033 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); in ecp_select_comb()
2047 static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb_core() argument
2082 MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); in ecp_mul_comb_core()
2084 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); in ecp_mul_comb_core()
2092 MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp)); in ecp_mul_comb_core()
2093 MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); in ecp_mul_comb_core()
2094 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp)); in ecp_mul_comb_core()
2125 static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, in ecp_comb_recode_scalar() argument
2139 if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { in ecp_comb_recode_scalar()
2148 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); in ecp_comb_recode_scalar()
2168 static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, in ecp_mul_comb_after_precomp() argument
2194 MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, in ecp_mul_comb_after_precomp()
2196 MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, in ecp_mul_comb_after_precomp()
2198 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); in ecp_mul_comb_after_precomp()
2220 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); in ecp_mul_comb_after_precomp()
2223 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); in ecp_mul_comb_after_precomp()
2238 static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, in ecp_pick_window_size() argument
2248 w = grp->nbits >= 384 ? 5 : 4; in ecp_pick_window_size()
2269 if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) { in ecp_pick_window_size()
2273 if (w >= grp->nbits) { in ecp_pick_window_size()
2293 static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb() argument
2309 p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 && in ecp_mul_comb()
2310 MPI_ECP_CMP(&P->X, &grp->G.X) == 0); in ecp_mul_comb()
2316 w = ecp_pick_window_size(grp, p_eq_g); in ecp_mul_comb()
2318 d = (grp->nbits + w - 1) / w; in ecp_mul_comb()
2321 if (p_eq_g && grp->T != NULL) { in ecp_mul_comb()
2323 T = grp->T; in ecp_mul_comb()
2355 MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); in ecp_mul_comb()
2360 grp->T = T; in ecp_mul_comb()
2361 grp->T_size = T_size; in ecp_mul_comb()
2366 MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, in ecp_mul_comb()
2373 if (T == grp->T) { in ecp_mul_comb()
2427 static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) in ecp_normalize_mxz() argument
2430 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_mxz()
2431 return mbedtls_internal_ecp_normalize_mxz(grp, P); in ecp_normalize_mxz()
2456 static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, in ecp_randomize_mxz() argument
2460 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_mxz()
2461 return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); in ecp_randomize_mxz()
2503 static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, in ecp_double_add_mxz() argument
2510 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_add_mxz()
2511 return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); in ecp_double_add_mxz()
2530 MPI_ECP_MUL(&R->Z, &grp->A, &T[0]); /* A * (Pp^2 - Pm^2) */ in ecp_double_add_mxz()
2549 static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_mxz() argument
2581 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); in ecp_mul_mxz()
2584 i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ in ecp_mul_mxz()
2596 MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp)); in ecp_mul_mxz()
2612 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); in ecp_mul_mxz()
2613 MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); in ecp_mul_mxz()
2630 static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_restartable_internal() argument
2650 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in ecp_mul_restartable_internal()
2651 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in ecp_mul_restartable_internal()
2665 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); in ecp_mul_restartable_internal()
2666 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in ecp_mul_restartable_internal()
2671 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in ecp_mul_restartable_internal()
2672 MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); in ecp_mul_restartable_internal()
2676 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in ecp_mul_restartable_internal()
2677 MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); in ecp_mul_restartable_internal()
2685 mbedtls_internal_ecp_free(grp); in ecp_mul_restartable_internal()
2701 int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul_restartable() argument
2710 return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx); in mbedtls_ecp_mul_restartable()
2716 int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul() argument
2720 return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); in mbedtls_ecp_mul()
2729 static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_sw() argument
2737 mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || in ecp_check_pubkey_sw()
2738 mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { in ecp_check_pubkey_sw()
2749 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); in ecp_check_pubkey_sw()
2769 static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, in mbedtls_ecp_mul_shortcuts() argument
2780 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2783 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2786 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2790 MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, in mbedtls_ecp_mul_shortcuts()
2805 mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd_restartable() argument
2818 if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_muladd_restartable()
2846 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2854 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2857 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in mbedtls_ecp_muladd_restartable()
2858 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in mbedtls_ecp_muladd_restartable()
2870 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp)); in mbedtls_ecp_muladd_restartable()
2879 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); in mbedtls_ecp_muladd_restartable()
2893 mbedtls_internal_ecp_free(grp); in mbedtls_ecp_muladd_restartable()
2908 int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd() argument
2912 return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); in mbedtls_ecp_muladd()
3008 static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_mx() argument
3013 if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { in ecp_check_pubkey_mx()
3024 return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); in ecp_check_pubkey_mx()
3031 int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_pubkey() argument
3040 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_pubkey()
3041 return ecp_check_pubkey_mx(grp, pt); in mbedtls_ecp_check_pubkey()
3045 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_pubkey()
3046 return ecp_check_pubkey_sw(grp, pt); in mbedtls_ecp_check_pubkey()
3055 int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_privkey() argument
3059 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_privkey()
3063 mbedtls_mpi_bitlen(d) != grp->nbits + 1) { /* mbedtls_mpi_bitlen is one-based! */ in mbedtls_ecp_check_privkey()
3068 if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { in mbedtls_ecp_check_privkey()
3076 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_privkey()
3079 mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { in mbedtls_ecp_check_privkey()
3141 int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_gen_privkey() argument
3147 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_gen_privkey()
3148 return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3153 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_gen_privkey()
3154 return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3165 int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair_base() argument
3172 MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3173 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3182 int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair() argument
3187 return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); in mbedtls_ecp_gen_keypair()
3197 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_gen_key()
3201 return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); in mbedtls_ecp_gen_key()
3211 if (key->grp.id == MBEDTLS_ECP_DP_NONE) { in mbedtls_ecp_set_public_key()
3213 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_set_public_key()
3216 } else if (key->grp.id != grp_id) { in mbedtls_ecp_set_public_key()
3234 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_read_key()
3241 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_read_key()
3288 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_read_key()
3294 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); in mbedtls_ecp_read_key()
3316 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_write_key()
3317 if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_write_key()
3322 } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) { in mbedtls_ecp_write_key()
3331 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_write_key()
3345 size_t len = (key->grp.nbits + 7) / 8; in mbedtls_ecp_write_key_ext()
3359 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_write_key_ext()
3365 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_write_key_ext()
3381 return mbedtls_ecp_point_write_binary(&key->grp, &key->Q, in mbedtls_ecp_write_public_key()
3396 mbedtls_ecp_group grp; in mbedtls_ecp_check_pub_priv() local
3397 if (pub->grp.id == MBEDTLS_ECP_DP_NONE || in mbedtls_ecp_check_pub_priv()
3398 pub->grp.id != prv->grp.id || in mbedtls_ecp_check_pub_priv()
3406 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_check_pub_priv()
3409 mbedtls_ecp_group_copy(&grp, &prv->grp); in mbedtls_ecp_check_pub_priv()
3412 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng)); in mbedtls_ecp_check_pub_priv()
3423 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_check_pub_priv()
3432 return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, in mbedtls_ecp_keypair_calc_public()
3440 return key->grp.id; in mbedtls_ecp_keypair_get_group_id()
3446 int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, in mbedtls_ecp_export() argument
3451 if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { in mbedtls_ecp_export()
3493 static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, in self_test_adjust_exponent() argument
3497 switch (grp->id) { in self_test_adjust_exponent()
3506 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); in self_test_adjust_exponent()
3510 mbedtls_mpi_set_bit(m, grp->nbits - 1, in self_test_adjust_exponent()
3517 (void) grp; in self_test_adjust_exponent()
3528 mbedtls_ecp_group *grp, in self_test_point() argument
3543 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3544 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3555 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3556 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3585 mbedtls_ecp_group grp; in mbedtls_ecp_self_test() local
3618 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_self_test()
3626 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); in mbedtls_ecp_self_test()
3628 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); in mbedtls_ecp_self_test()
3636 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL)); in mbedtls_ecp_self_test()
3638 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3650 &grp, &R, &m, &P, in mbedtls_ecp_self_test()
3657 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()
3666 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); in mbedtls_ecp_self_test()
3668 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); in mbedtls_ecp_self_test()
3673 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3687 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()