/** | |
* \file ecp_alt.h | |
* | |
* \brief This file provides an API for Elliptic Curves over GF(P) (ECP). | |
* | |
* The use of ECP in cryptography and TLS is defined in | |
* <em>Standards for Efficient Cryptography Group (SECG): SEC1 | |
* Elliptic Curve Cryptography</em> and | |
* <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites | |
* for Transport Layer Security (TLS)</em>. | |
* | |
* <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP | |
* group types. | |
* | |
*/ | |
/* | |
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved | |
* SPDX-License-Identifier: Apache-2.0 | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); you may | |
* not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
* | |
* This file is part of Mbed TLS (https://tls.mbed.org) | |
*/ | |
#ifndef HOSTLIB_ECP_ALT_H_INCLUDED | |
#define HOSTLIB_ECP_ALT_H_INCLUDED | |
/* clang-format off */ | |
#ifdef __cplusplus | |
extern "C" { | |
#endif | |
#if defined(MBEDTLS_ECP_ALT) | |
#if SSS_HAVE_ALT_SSS | |
#include <fsl_sss_api.h> | |
#endif | |
#if SSS_HAVE_ALT_A71CH | |
#include "HLSETypes.h" | |
#endif | |
/* | |
* default mbed TLS elliptic curve arithmetic implementation | |
* | |
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an | |
* alternative implementation for the whole module and it will replace this | |
* one.) | |
*/ | |
/** | |
* \brief The ECP group structure. | |
* | |
* We consider two types of curve equations: | |
* <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code> | |
* (SEC1 + RFC-4492)</li> | |
* <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519, | |
* Curve448)</li></ul> | |
* In both cases, the generator (\p G) for a prime-order subgroup is fixed. | |
* | |
* For Short Weierstrass, this subgroup is the whole curve, and its | |
* cardinality is denoted by \p N. Our code requires that \p N is an | |
* odd prime as mbedtls_ecp_mul() requires an odd number, and | |
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. | |
* | |
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>, | |
* which is the quantity used in the formulas. Additionally, \p nbits is | |
* not the size of \p N but the required size for private keys. | |
* | |
* If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. | |
* Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the | |
* range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer | |
* which is congruent mod \p P to the given MPI, and is close enough to \p pbits | |
* in size, so that it may be efficiently brought in the 0..P-1 range by a few | |
* additions or subtractions. Therefore, it is only an approximative modular | |
* reduction. It must return 0 on success and non-zero on failure. | |
* | |
*/ | |
typedef struct | |
{ | |
mbedtls_ecp_group_id id; /*!< An internal group identifier. */ | |
mbedtls_mpi P; /*!< The prime modulus of the base field. */ | |
mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For | |
Montgomery curves: <code>(A + 2) / 4</code>. */ | |
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. | |
For Montgomery curves: unused. */ | |
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ | |
mbedtls_mpi N; /*!< The order of \p G. */ | |
size_t pbits; /*!< The number of bits in \p P.*/ | |
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. | |
For Montgomery curves: the number of bits in the | |
private keys. */ | |
unsigned int h; /*!< \internal 1 if the constants are static. */ | |
int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction | |
mod \p P (see above).*/ | |
int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ | |
int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ | |
void *t_data; /*!< Unused. */ | |
mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ | |
size_t T_size; /*!< The number of pre-computed points. */ | |
#if SSS_HAVE_ALT_A71CH | |
/** Reference to object mapped between HLSE Layer of A71CH Host library */ | |
HLSE_OBJECT_HANDLE hlse_handle; | |
#endif | |
#if SSS_HAVE_ALT_SSS | |
/** Reference to object mapped between SSS Layer */ | |
sss_object_t* pSSSObject; | |
sss_key_store_t* hostKs; | |
#endif | |
} | |
mbedtls_ecp_group; | |
/** | |
* \name SECTION: Module settings | |
* | |
* The configuration options you can set for this module are in this section. | |
* Either change them in config.h, or define them using the compiler command line. | |
* \{ | |
*/ | |
#if !defined(MBEDTLS_ECP_MAX_BITS) | |
/** | |
* The maximum size of the groups, that is, of \c N and \c P. | |
*/ | |
#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ | |
#endif | |
#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) | |
#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) | |
#if !defined(MBEDTLS_ECP_WINDOW_SIZE) | |
/* | |
* Maximum "window" size used for point multiplication. | |
* Default: 6. | |
* Minimum value: 2. Maximum value: 7. | |
* | |
* Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) | |
* points used for point multiplication. This value is directly tied to EC | |
* peak memory usage, so decreasing it by one should roughly cut memory usage | |
* by two (if large curves are in use). | |
* | |
* Reduction in size may reduce speed, but larger curves are impacted first. | |
* Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): | |
* w-size: 6 5 4 3 2 | |
* 521 145 141 135 120 97 | |
* 384 214 209 198 177 146 | |
* 256 320 320 303 262 226 | |
* 224 475 475 453 398 342 | |
* 192 640 640 633 587 476 | |
*/ | |
#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ | |
#endif /* MBEDTLS_ECP_WINDOW_SIZE */ | |
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) | |
/* | |
* Trade memory for speed on fixed-point multiplication. | |
* | |
* This speeds up repeated multiplication of the generator (that is, the | |
* multiplication in ECDSA signatures, and half of the multiplications in | |
* ECDSA verification and ECDHE) by a factor roughly 3 to 4. | |
* | |
* The cost is increasing EC peak memory usage by a factor roughly 2. | |
* | |
* Change this value to 0 to reduce peak memory usage. | |
*/ | |
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ | |
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ | |
/* \} name SECTION: Module settings */ | |
#endif /* MBEDTLS_ECP_ALT */ | |
#ifdef __cplusplus | |
} | |
#endif | |
/* clang-format on */ | |
#endif /* HOSTLIB_ECP_ALT_H_INCLUDED */ | |