hostlib/hostLib/mbedtls/inc/ecp_alt.h - a71ch-crypto-support - Git at Google

 /**
  * \file ecp_alt.h
  *
  * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
  *
  * The use of ECP in cryptography and TLS is defined in
  * <em>Standards for Efficient Cryptography Group (SECG): SEC1
  * Elliptic Curve Cryptography</em> and
  * <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
  * for Transport Layer Security (TLS)</em>.
  *
  * <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
  * group types.
  *
  */

 /*
  *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  *  not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  *  This file is part of Mbed TLS (https://tls.mbed.org)
  */


 #ifndef HOSTLIB_ECP_ALT_H_INCLUDED
 #define HOSTLIB_ECP_ALT_H_INCLUDED


 /* clang-format off */

 #ifdef __cplusplus
 extern "C" {
 #endif

 #if defined(MBEDTLS_ECP_ALT)

 #if SSS_HAVE_ALT_SSS
 #include <fsl_sss_api.h>
 #endif
 #if SSS_HAVE_ALT_A71CH
 #include "HLSETypes.h"
 #endif

 /*
  * default mbed TLS elliptic curve arithmetic implementation
  *
  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
  * alternative implementation for the whole module and it will replace this
  * one.)
  */

 /**
  * \brief           The ECP group structure.
  *
  * We consider two types of curve equations:
  * <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
  * (SEC1 + RFC-4492)</li>
  * <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
  * Curve448)</li></ul>
  * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
  *
  * For Short Weierstrass, this subgroup is the whole curve, and its
  * cardinality is denoted by \p N. Our code requires that \p N is an
  * odd prime as mbedtls_ecp_mul() requires an odd number, and
  * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
  *
  * For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
  * which is the quantity used in the formulas. Additionally, \p nbits is
  * not the size of \p N but the required size for private keys.
  *
  * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
  * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
  * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
  * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
  * in size, so that it may be efficiently brought in the 0..P-1 range by a few
  * additions or subtractions. Therefore, it is only an approximative modular
  * reduction. It must return 0 on success and non-zero on failure.
  *
  */
 typedef struct
 {
     mbedtls_ecp_group_id id;    /*!< An internal group identifier. */
     mbedtls_mpi P;              /*!< The prime modulus of the base field. */
     mbedtls_mpi A;              /*!< For Short Weierstrass: \p A in the equation. For
                                      Montgomery curves: <code>(A + 2) / 4</code>. */
     mbedtls_mpi B;              /*!< For Short Weierstrass: \p B in the equation.
                                      For Montgomery curves: unused. */
     mbedtls_ecp_point G;        /*!< The generator of the subgroup used. */
     mbedtls_mpi N;              /*!< The order of \p G. */
     size_t pbits;               /*!< The number of bits in \p P.*/
     size_t nbits;               /*!< For Short Weierstrass: The number of bits in \p P.
                                      For Montgomery curves: the number of bits in the
                                      private keys. */
     unsigned int h;             /*!< \internal 1 if the constants are static. */
     int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
                                      mod \p P (see above).*/
     int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< Unused. */
     int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
     void *t_data;               /*!< Unused. */
     mbedtls_ecp_point *T;       /*!< Pre-computed points for ecp_mul_comb(). */
     size_t T_size;              /*!< The number of pre-computed points. */

 #if SSS_HAVE_ALT_A71CH
     /** Reference to object mapped between HLSE Layer of A71CH Host library         */
     HLSE_OBJECT_HANDLE hlse_handle;
 #endif
 #if SSS_HAVE_ALT_SSS
     /** Reference to object mapped between SSS Layer        */
     sss_object_t* pSSSObject;
     sss_key_store_t* hostKs;
 #endif
 }
 mbedtls_ecp_group;

 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
  * Either change them in config.h, or define them using the compiler command line.
  * \{
  */

 #if !defined(MBEDTLS_ECP_MAX_BITS)
 /**
  * The maximum size of the groups, that is, of \c N and \c P.
  */
 #define MBEDTLS_ECP_MAX_BITS     521   /**< The maximum size of groups, in bits. */
 #endif

 #define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
 #define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
  * Default: 6.
  * Minimum value: 2. Maximum value: 7.
  *
  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
  * points used for point multiplication. This value is directly tied to EC
  * peak memory usage, so decreasing it by one should roughly cut memory usage
  * by two (if large curves are in use).
  *
  * Reduction in size may reduce speed, but larger curves are impacted first.
  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
  *      w-size:     6       5       4       3       2
  *      521       145     141     135     120      97
  *      384       214     209     198     177     146
  *      256       320     320     303     262     226
  *      224       475     475     453     398     342
  *      192       640     640     633     587     476
  */
 #define MBEDTLS_ECP_WINDOW_SIZE    6   /**< The maximum window size used. */
 #endif /* MBEDTLS_ECP_WINDOW_SIZE */

 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
 /*
  * Trade memory for speed on fixed-point multiplication.
  *
  * This speeds up repeated multiplication of the generator (that is, the
  * multiplication in ECDSA signatures, and half of the multiplications in
  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
  *
  * The cost is increasing EC peak memory usage by a factor roughly 2.
  *
  * Change this value to 0 to reduce peak memory usage.
  */
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

 /* \} name SECTION: Module settings */

 #endif /* MBEDTLS_ECP_ALT */

 #ifdef __cplusplus
 }
 #endif

 /* clang-format on */

 #endif /* HOSTLIB_ECP_ALT_H_INCLUDED */
	/**
	* \file ecp_alt.h
	*
	* \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
	*
	* The use of ECP in cryptography and TLS is defined in
	* <em>Standards for Efficient Cryptography Group (SECG): SEC1
	* Elliptic Curve Cryptography</em> and
	* <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
	* for Transport Layer Security (TLS)</em>.
	*
	* <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
	* group types.
	*
	*/

	/*
	* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
	* SPDX-License-Identifier: Apache-2.0
	*
	* Licensed under the Apache License, Version 2.0 (the "License"); you may
	* not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	* This file is part of Mbed TLS (https://tls.mbed.org)
	*/


	#ifndef HOSTLIB_ECP_ALT_H_INCLUDED
	#define HOSTLIB_ECP_ALT_H_INCLUDED


	/* clang-format off */

	#ifdef __cplusplus
	extern "C" {
	#endif

	#if defined(MBEDTLS_ECP_ALT)

	#if SSS_HAVE_ALT_SSS
	#include <fsl_sss_api.h>
	#endif
	#if SSS_HAVE_ALT_A71CH
	#include "HLSETypes.h"
	#endif

	/*
	* default mbed TLS elliptic curve arithmetic implementation
	*
	* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
	* alternative implementation for the whole module and it will replace this
	* one.)
	*/

	/**
	* \brief The ECP group structure.
	*
	* We consider two types of curve equations:
	* <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
	* (SEC1 + RFC-4492)</li>
	* <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
	* Curve448)</li></ul>
	* In both cases, the generator (\p G) for a prime-order subgroup is fixed.
	*
	* For Short Weierstrass, this subgroup is the whole curve, and its
	* cardinality is denoted by \p N. Our code requires that \p N is an
	* odd prime as mbedtls_ecp_mul() requires an odd number, and
	* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
	*
	* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
	* which is the quantity used in the formulas. Additionally, \p nbits is
	* not the size of \p N but the required size for private keys.
	*
	* If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
	* Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
	* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
	* which is congruent mod \p P to the given MPI, and is close enough to \p pbits
	* in size, so that it may be efficiently brought in the 0..P-1 range by a few
	* additions or subtractions. Therefore, it is only an approximative modular
	* reduction. It must return 0 on success and non-zero on failure.
	*
	*/
	typedef struct
	{
	mbedtls_ecp_group_id id; /!< An internal group identifier. /
	mbedtls_mpi P; /!< The prime modulus of the base field. /
	mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
	Montgomery curves: <code>(A + 2) / 4</code>. */
	mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
	For Montgomery curves: unused. */
	mbedtls_ecp_point G; /!< The generator of the subgroup used. /
	mbedtls_mpi N; /!< The order of \p G. /
	size_t pbits; /!< The number of bits in \p P./
	size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
	For Montgomery curves: the number of bits in the
	private keys. */
	unsigned int h; /!< \internal 1 if the constants are static. /
	int (modp)(mbedtls_mpi ); /*!< The function for fast pseudo-reduction
	mod \p P (see above).*/
	int (t_pre)(mbedtls_ecp_point , void ); /!< Unused. */
	int (t_post)(mbedtls_ecp_point , void ); /!< Unused. */
	void t_data; /!< Unused. */
	mbedtls_ecp_point T; /!< Pre-computed points for ecp_mul_comb(). */
	size_t T_size; /!< The number of pre-computed points. /

	#if SSS_HAVE_ALT_A71CH
	/** Reference to object mapped between HLSE Layer of A71CH Host library */
	HLSE_OBJECT_HANDLE hlse_handle;
	#endif
	#if SSS_HAVE_ALT_SSS
	/** Reference to object mapped between SSS Layer */
	sss_object_t* pSSSObject;
	sss_key_store_t* hostKs;
	#endif
	}
	mbedtls_ecp_group;

	/**
	* \name SECTION: Module settings
	*
	* The configuration options you can set for this module are in this section.
	* Either change them in config.h, or define them using the compiler command line.
	* \{
	*/

	#if !defined(MBEDTLS_ECP_MAX_BITS)
	/**
	* The maximum size of the groups, that is, of \c N and \c P.
	*/
	#define MBEDTLS_ECP_MAX_BITS 521 /*< The maximum size of groups, in bits. /
	#endif

	#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
	#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

	#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
	/*
	* Maximum "window" size used for point multiplication.
	* Default: 6.
	* Minimum value: 2. Maximum value: 7.
	*
	* Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
	* points used for point multiplication. This value is directly tied to EC
	* peak memory usage, so decreasing it by one should roughly cut memory usage
	* by two (if large curves are in use).
	*
	* Reduction in size may reduce speed, but larger curves are impacted first.
	* Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
	* w-size: 6 5 4 3 2
	* 521 145 141 135 120 97
	* 384 214 209 198 177 146
	* 256 320 320 303 262 226
	* 224 475 475 453 398 342
	* 192 640 640 633 587 476
	*/
	#define MBEDTLS_ECP_WINDOW_SIZE 6 /*< The maximum window size used. /
	#endif /* MBEDTLS_ECP_WINDOW_SIZE */

	#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
	/*
	* Trade memory for speed on fixed-point multiplication.
	*
	* This speeds up repeated multiplication of the generator (that is, the
	* multiplication in ECDSA signatures, and half of the multiplications in
	* ECDSA verification and ECDHE) by a factor roughly 3 to 4.
	*
	* The cost is increasing EC peak memory usage by a factor roughly 2.
	*
	* Change this value to 0 to reduce peak memory usage.
	*/
	#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /*< Enable fixed-point speed-up. /
	#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

	/* \} name SECTION: Module settings */

	#endif /* MBEDTLS_ECP_ALT */

	#ifdef __cplusplus
	}
	#endif

	/* clang-format on */

	#endif /* HOSTLIB_ECP_ALT_H_INCLUDED */