ecc.h 55 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696
  1. /*!
  2. \ingroup ECC
  3. \brief This function generates a new ecc_key and stores it in key.
  4. \return 0 Returned on success.
  5. \return ECC_BAD_ARG_E Returned if rng or key evaluate to NULL
  6. \return BAD_FUNC_ARG Returned if the specified key size is not in the
  7. correct range of supported keys
  8. \return MEMORY_E Returned if there is an error allocating memory while
  9. computing the ecc key
  10. \return MP_INIT_E may be returned if there is an error while computing
  11. the ecc key
  12. \return MP_READ_E may be returned if there is an error while computing
  13. the ecc key
  14. \return MP_CMP_E may be returned if there is an error while computing the
  15. ecc key
  16. \return MP_INVMOD_E may be returned if there is an error while computing
  17. the ecc key
  18. \return MP_EXPTMOD_E may be returned if there is an error while computing
  19. the ecc key
  20. \return MP_MOD_E may be returned if there is an error while computing the
  21. ecc key
  22. \return MP_MUL_E may be returned if there is an error while computing the
  23. ecc key
  24. \return MP_ADD_E may be returned if there is an error while computing the
  25. ecc key
  26. \return MP_MULMOD_E may be returned if there is an error while computing
  27. the ecc key
  28. \return MP_TO_E may be returned if there is an error while computing the
  29. ecc key
  30. \return MP_MEM may be returned if there is an error while computing the
  31. ecc key
  32. \param rng pointer to an initialized RNG object with which to generate
  33. the key
  34. \param keysize desired length for the ecc_key
  35. \param key pointer to the ecc_key for which to generate a key
  36. _Example_
  37. \code
  38. ecc_key key;
  39. wc_ecc_init(&key);
  40. WC_WC_RNG rng;
  41. wc_InitRng(&rng);
  42. wc_ecc_make_key(&rng, 32, &key); // initialize 32 byte ecc key
  43. \endcode
  44. \sa wc_ecc_init
  45. \sa wc_ecc_shared_secret
  46. */
  47. WOLFSSL_API
  48. int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
  49. /*!
  50. \ingroup ECC
  51. \brief Perform sanity checks on ecc key validity.
  52. \return MP_OKAY Success, key is OK.
  53. \return BAD_FUNC_ARG Returns if key is NULL.
  54. \return ECC_INF_E Returns if wc_ecc_point_is_at_infinity returns 1.
  55. \param key Pointer to key to check.
  56. _Example_
  57. \code
  58. ecc_key key;
  59. WC_WC_RNG rng;
  60. int check_result;
  61. wc_ecc_init(&key);
  62. wc_InitRng(&rng);
  63. wc_ecc_make_key(&rng, 32, &key);
  64. check_result = wc_ecc_check_key(&key);
  65. if (check_result == MP_OKAY)
  66. {
  67. // key check succeeded
  68. }
  69. else
  70. {
  71. // key check failed
  72. }
  73. \endcode
  74. \sa wc_ecc_point_is_at_infinity
  75. */
  76. WOLFSSL_API
  77. int wc_ecc_check_key(ecc_key* key);
  78. /*!
  79. \ingroup ECC
  80. \brief This function generates a new secret key using a local private key
  81. and a received public key. It stores this shared secret key in the buffer
  82. out and updates outlen to hold the number of bytes written to the output
  83. buffer.
  84. \return 0 Returned upon successfully generating a shared secret key
  85. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  86. NULL
  87. \return ECC_BAD_ARG_E Returned if the type of the private key given as
  88. argument, private_key, is not ECC_PRIVATEKEY, or if the public and private
  89. key types (given by ecc->dp) are not equivalent
  90. \return MEMORY_E Returned if there is an error generating a new ecc point
  91. \return BUFFER_E Returned if the generated shared secret key is too long
  92. to store in the provided buffer
  93. \return MP_INIT_E may be returned if there is an error while computing the
  94. shared key
  95. \return MP_READ_E may be returned if there is an error while computing the
  96. shared key
  97. \return MP_CMP_E may be returned if there is an error while computing the
  98. shared key
  99. \return MP_INVMOD_E may be returned if there is an error while computing
  100. the shared key
  101. \return MP_EXPTMOD_E may be returned if there is an error while computing
  102. the shared key
  103. \return MP_MOD_E may be returned if there is an error while computing the
  104. shared key
  105. \return MP_MUL_E may be returned if there is an error while computing the
  106. shared key
  107. \return MP_ADD_E may be returned if there is an error while computing the
  108. shared key
  109. \return MP_MULMOD_E may be returned if there is an error while computing
  110. the shared key
  111. \return MP_TO_E may be returned if there is an error while computing the
  112. shared key
  113. \return MP_MEM may be returned if there is an error while computing the
  114. shared key
  115. \param private_key pointer to the ecc_key structure containing the local
  116. private key
  117. \param public_key pointer to the ecc_key structure containing the received
  118. public key
  119. \param out pointer to an output buffer in which to store the generated
  120. shared secret key
  121. \param outlen pointer to the word32 object containing the length of the
  122. output buffer. Will be overwritten with the length written to the output
  123. buffer upon successfully generating a shared secret key
  124. _Example_
  125. \code
  126. ecc_key priv, pub;
  127. WC_WC_RNG rng;
  128. byte secret[1024]; // can hold 1024 byte shared secret key
  129. word32 secretSz = sizeof(secret);
  130. int ret;
  131. wc_InitRng(&rng); // initialize rng
  132. wc_ecc_init(&priv); // initialize key
  133. wc_ecc_make_key(&rng, 32, &priv); // make public/private key pair
  134. // receive public key, and initialise into pub
  135. ret = wc_ecc_shared_secret(&priv, &pub, secret, &secretSz);
  136. // generate secret key
  137. if ( ret != 0 ) {
  138. // error generating shared secret key
  139. }
  140. \endcode
  141. \sa wc_ecc_init
  142. \sa wc_ecc_make_key
  143. */
  144. WOLFSSL_API
  145. int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
  146. word32* outlen);
  147. /*!
  148. \ingroup ECC
  149. \brief Create an ECC shared secret between private key and public point.
  150. \return MP_OKAY Indicates success.
  151. \return BAD_FUNC_ARG Error returned when any arguments are null.
  152. \return ECC_BAD_ARG_E Error returned if private_key->type is not
  153. ECC_PRIVATEKEY or private_key->idx fails to validate.
  154. \return BUFFER_E Error when outlen is too small.
  155. \return MEMORY_E Error to create a new point.
  156. \return MP_VAL possible when an initialization failure occurs.
  157. \return MP_MEM possible when an initialization failure occurs.
  158. \param private_key The private ECC key.
  159. \param point The point to use (public key).
  160. \param out Output destination of the shared secret. Conforms to
  161. EC-DH from ANSI X9.63.
  162. \param outlen Input the max size and output the resulting size of
  163. the shared secret.
  164. _Example_
  165. \code
  166. ecc_key key;
  167. ecc_point* point;
  168. byte shared_secret[];
  169. int secret_size;
  170. int result;
  171. point = wc_ecc_new_point();
  172. result = wc_ecc_shared_secret_ex(&key, point,
  173. &shared_secret, &secret_size);
  174. if (result != MP_OKAY)
  175. {
  176. // Handle error
  177. }
  178. \endcode
  179. \sa wc_ecc_verify_hash_ex
  180. */
  181. WOLFSSL_API
  182. int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
  183. byte* out, word32 *outlen);
  184. /*!
  185. \ingroup ECC
  186. \brief This function signs a message digest using an ecc_key object to
  187. guarantee authenticity.
  188. \return 0 Returned upon successfully generating a signature for the
  189. message digest
  190. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  191. NULL, or if the output buffer is too small to store the generated signature
  192. \return ECC_BAD_ARG_E Returned if the input key is not a private key, or
  193. if the ECC OID is invalid
  194. \return RNG_FAILURE_E Returned if the rng cannot successfully generate a
  195. satisfactory key
  196. \return MP_INIT_E may be returned if there is an error while computing
  197. the message signature
  198. \return MP_READ_E may be returned if there is an error while computing
  199. the message signature
  200. \return MP_CMP_E may be returned if there is an error while computing the
  201. message signature
  202. \return MP_INVMOD_E may be returned if there is an error while computing
  203. the message signature
  204. \return MP_EXPTMOD_E may be returned if there is an error while computing
  205. the message signature
  206. \return MP_MOD_E may be returned if there is an error while computing the
  207. message signature
  208. \return MP_MUL_E may be returned if there is an error while computing the
  209. message signature
  210. \return MP_ADD_E may be returned if there is an error while computing the
  211. message signature
  212. \return MP_MULMOD_E may be returned if there is an error while computing
  213. the message signature
  214. \return MP_TO_E may be returned if there is an error while computing the
  215. message signature
  216. \return MP_MEM may be returned if there is an error while computing the
  217. message signature
  218. \param in pointer to the buffer containing the message hash to sign
  219. \param inlen length of the message hash to sign
  220. \param out buffer in which to store the generated signature
  221. \param outlen max length of the output buffer. Will store the bytes
  222. written to out upon successfully generating a message signature
  223. \param key pointer to a private ECC key with which to generate the
  224. signature
  225. _Example_
  226. \code
  227. ecc_key key;
  228. WC_WC_RNG rng;
  229. int ret, sigSz;
  230. byte sig[512]; // will hold generated signature
  231. sigSz = sizeof(sig);
  232. byte digest[] = { // initialize with message hash };
  233. wc_InitRng(&rng); // initialize rng
  234. wc_ecc_init(&key); // initialize key
  235. wc_ecc_make_key(&rng, 32, &key); // make public/private key pair
  236. ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &sigSz, &key);
  237. if ( ret != 0 ) {
  238. // error generating message signature
  239. }
  240. \endcode
  241. \sa wc_ecc_verify_hash
  242. */
  243. WOLFSSL_API
  244. int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
  245. WC_RNG* rng, ecc_key* key);
  246. /*!
  247. \ingroup ECC
  248. \brief Sign a message digest.
  249. \return MP_OKAY Returned upon successfully generating a signature for the
  250. message digest
  251. \return ECC_BAD_ARG_E Returned if the input key is not a private key, or
  252. if the ECC IDX is invalid, or if any of the input parameters evaluate to
  253. NULL, or if the output buffer is too small to store the generated signature
  254. \return RNG_FAILURE_E Returned if the rng cannot successfully generate a
  255. satisfactory key
  256. \return MP_INIT_E may be returned if there is an error while computing the
  257. message signature
  258. \return MP_READ_E may be returned if there is an error while computing the
  259. message signature
  260. \return MP_CMP_E may be returned if there is an error while computing the
  261. message signature
  262. \return MP_INVMOD_E may be returned if there is an error while computing
  263. the message signature
  264. \return MP_EXPTMOD_E may be returned if there is an error while computing
  265. the message signature
  266. \return MP_MOD_E may be returned if there is an error while computing the
  267. message signature
  268. \return MP_MUL_E may be returned if there is an error while computing the
  269. message signature
  270. \return MP_ADD_E may be returned if there is an error while computing the
  271. message signature
  272. \return MP_MULMOD_E may be returned if there is an error while computing
  273. the message signature
  274. \return MP_TO_E may be returned if there is an error while computing the
  275. message signature
  276. \return MP_MEM may be returned if there is an error while computing the
  277. message signature
  278. \param in The message digest to sign.
  279. \param inlen The length of the digest.
  280. \param rng Pointer to WC_RNG struct.
  281. \param key A private ECC key.
  282. \param r The destination for r component of the signature.
  283. \param s The destination for s component of the signature.
  284. _Example_
  285. \code
  286. ecc_key key;
  287. WC_WC_WC_RNG rng;
  288. int ret, sigSz;
  289. mp_int r; // destination for r component of signature.
  290. mp_int s; // destination for s component of signature.
  291. byte sig[512]; // will hold generated signature
  292. sigSz = sizeof(sig);
  293. byte digest[] = { initialize with message hash };
  294. wc_InitRng(&rng); // initialize rng
  295. wc_ecc_init(&key); // initialize key
  296. wc_ecc_make_key(&rng, 32, &key); // make public/private key pair
  297. ret = wc_ecc_sign_hash_ex(digest, sizeof(digest), &rng, &key, &r, &s);
  298. if ( ret != MP_OKAY ) {
  299. // error generating message signature
  300. }
  301. \endcode
  302. \sa wc_ecc_verify_hash_ex
  303. */
  304. WOLFSSL_API
  305. int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
  306. ecc_key* key, mp_int *r, mp_int *s);
  307. /*!
  308. \ingroup ECC
  309. \brief This function verifies the ECC signature of a hash to ensure
  310. authenticity. It returns the answer through stat, with 1 corresponding
  311. to a valid signature, and 0 corresponding to an invalid signature.
  312. \return 0 Returned upon successfully performing the signature
  313. verification. Note: This does not mean that the signature is verified.
  314. The authenticity information is stored instead in stat
  315. \return BAD_FUNC_ARG Returned any of the input parameters evaluate to NULL
  316. \return MEMORY_E Returned if there is an error allocating memory
  317. \return MP_INIT_E may be returned if there is an error while computing
  318. the message signature
  319. \return MP_READ_E may be returned if there is an error while computing
  320. the message signature
  321. \return MP_CMP_E may be returned if there is an error while computing
  322. the message signature
  323. \return MP_INVMOD_E may be returned if there is an error while computing
  324. the message signature
  325. \return MP_EXPTMOD_E may be returned if there is an error while
  326. computing the message signature
  327. \return MP_MOD_E may be returned if there is an error while computing
  328. the message signature
  329. \return MP_MUL_E may be returned if there is an error while computing
  330. the message signature
  331. \return MP_ADD_E may be returned if there is an error while computing
  332. the message signature
  333. \return MP_MULMOD_E may be returned if there is an error while computing
  334. the message signature
  335. \return MP_TO_E may be returned if there is an error while computing the
  336. message signature
  337. \return MP_MEM may be returned if there is an error while computing the
  338. message signature
  339. \param sig pointer to the buffer containing the signature to verify
  340. \param siglen length of the signature to verify
  341. \param hash pointer to the buffer containing the hash of the message
  342. verified
  343. \param hashlen length of the hash of the message verified
  344. \param stat pointer to the result of the verification. 1 indicates the
  345. message was successfully verified
  346. \param key pointer to a public ECC key with which to verify the signature
  347. _Example_
  348. \code
  349. ecc_key key;
  350. int ret, verified = 0;
  351. byte sig[1024] { initialize with received signature };
  352. byte digest[] = { initialize with message hash };
  353. // initialize key with received public key
  354. ret = wc_ecc_verify_hash(sig, sizeof(sig), digest,sizeof(digest),
  355. &verified, &key);
  356. if ( ret != 0 ) {
  357. // error performing verification
  358. } else if ( verified == 0 ) {
  359. // the signature is invalid
  360. }
  361. \endcode
  362. \sa wc_ecc_sign_hash
  363. \sa wc_ecc_verify_hash_ex
  364. */
  365. WOLFSSL_API
  366. int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
  367. word32 hashlen, int* stat, ecc_key* key);
  368. /*!
  369. \ingroup ECC
  370. \brief Verify an ECC signature. Result is written to stat.
  371. 1 is valid, 0 is invalid.
  372. Note: Do not use the return value to test for valid. Only use stat.
  373. \return MP_OKAY If successful (even if the signature is not valid)
  374. \return ECC_BAD_ARG_E Returns if arguments are null or if
  375. key-idx is invalid.
  376. \return MEMORY_E Error allocating ints or points.
  377. \param r The signature R component to verify
  378. \param s The signature S component to verify
  379. \param hash The hash (message digest) that was signed
  380. \param hashlen The length of the hash (octets)
  381. \param stat Result of signature, 1==valid, 0==invalid
  382. \param key The corresponding public ECC key
  383. _Example_
  384. \code
  385. mp_int r;
  386. mp_int s;
  387. int stat;
  388. byte hash[] = { Some hash }
  389. ecc_key key;
  390. if(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &stat, &key) == MP_OKAY)
  391. {
  392. // Check stat
  393. }
  394. \endcode
  395. \sa wc_ecc_verify_hash
  396. */
  397. WOLFSSL_API
  398. int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
  399. word32 hashlen, int* stat, ecc_key* key);
  400. /*!
  401. \ingroup ECC
  402. \brief This function initializes an ecc_key object for future
  403. use with message verification or key negotiation.
  404. \return 0 Returned upon successfully initializing the ecc_key object
  405. \return MEMORY_E Returned if there is an error allocating memory
  406. \param key pointer to the ecc_key object to initialize
  407. _Example_
  408. \code
  409. ecc_key key;
  410. wc_ecc_init(&key);
  411. \endcode
  412. \sa wc_ecc_make_key
  413. \sa wc_ecc_free
  414. */
  415. WOLFSSL_API
  416. int wc_ecc_init(ecc_key* key);
  417. /*!
  418. \ingroup ECC
  419. \brief This function frees an ecc_key object after it has been used.
  420. \return int integer returned indicating wolfSSL error or success status.
  421. \param key pointer to the ecc_key object to free
  422. _Example_
  423. \code
  424. // initialize key and perform secure exchanges
  425. ...
  426. wc_ecc_free(&key);
  427. \endcode
  428. \sa wc_ecc_init
  429. */
  430. WOLFSSL_API
  431. int wc_ecc_free(ecc_key* key);
  432. /*!
  433. \ingroup ECC
  434. \brief This function frees the fixed-point cache, which can be used
  435. with ecc to speed up computation times. To use this functionality,
  436. FP_ECC (fixed-point ecc), should be defined.
  437. \return none No returns.
  438. \param none No parameters.
  439. _Example_
  440. \code
  441. ecc_key key;
  442. // initialize key and perform secure exchanges
  443. ...
  444. wc_ecc_fp_free();
  445. \endcode
  446. \sa wc_ecc_free
  447. */
  448. WOLFSSL_API
  449. void wc_ecc_fp_free(void);
  450. /*!
  451. \ingroup ECC
  452. \brief Checks if an ECC idx is valid.
  453. \return 1 Return if valid.
  454. \return 0 Return if not valid.
  455. \param n The idx number to check.
  456. _Example_
  457. \code
  458. ecc_key key;
  459. WC_WC_RNG rng;
  460. int is_valid;
  461. wc_ecc_init(&key);
  462. wc_InitRng(&rng);
  463. wc_ecc_make_key(&rng, 32, &key);
  464. is_valid = wc_ecc_is_valid_idx(key.idx);
  465. if (is_valid == 1)
  466. {
  467. // idx is valid
  468. }
  469. else if (is_valid == 0)
  470. {
  471. // idx is not valid
  472. }
  473. \endcode
  474. \sa none
  475. */
  476. WOLFSSL_API
  477. int wc_ecc_is_valid_idx(int n);
  478. /*!
  479. \ingroup ECC
  480. \brief Allocate a new ECC point.
  481. \return p A newly allocated point.
  482. \return NULL Returns NULL on error.
  483. \param none No parameters.
  484. _Example_
  485. \code
  486. ecc_point* point;
  487. point = wc_ecc_new_point();
  488. if (point == NULL)
  489. {
  490. // Handle point creation error
  491. }
  492. // Do stuff with point
  493. \endcode
  494. \sa wc_ecc_del_point
  495. \sa wc_ecc_cmp_point
  496. \sa wc_ecc_copy_point
  497. */
  498. WOLFSSL_API
  499. ecc_point* wc_ecc_new_point(void);
  500. /*!
  501. \ingroup ECC
  502. \brief Free an ECC point from memory.
  503. \return none No returns.
  504. \param p The point to free.
  505. _Example_
  506. \code
  507. ecc_point* point;
  508. point = wc_ecc_new_point();
  509. if (point == NULL)
  510. {
  511. // Handle point creation error
  512. }
  513. // Do stuff with point
  514. wc_ecc_del_point(point);
  515. \endcode
  516. \sa wc_ecc_new_point
  517. \sa wc_ecc_cmp_point
  518. \sa wc_ecc_copy_point
  519. */
  520. WOLFSSL_API
  521. void wc_ecc_del_point(ecc_point* p);
  522. /*!
  523. \ingroup ECC
  524. \brief Copy the value of one point to another one.
  525. \return ECC_BAD_ARG_E Error thrown when p or r is null.
  526. \return MP_OKAY Point copied successfully
  527. \return ret Error from internal functions. Can be...
  528. \param p The point to copy.
  529. \param r The created point.
  530. _Example_
  531. \code
  532. ecc_point* point;
  533. ecc_point* copied_point;
  534. int copy_return;
  535. point = wc_ecc_new_point();
  536. copy_return = wc_ecc_copy_point(point, copied_point);
  537. if (copy_return != MP_OKAY)
  538. {
  539. // Handle error
  540. }
  541. \endcode
  542. \sa wc_ecc_new_point
  543. \sa wc_ecc_cmp_point
  544. \sa wc_ecc_del_point
  545. */
  546. WOLFSSL_API
  547. int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
  548. /*!
  549. \ingroup ECC
  550. \brief Compare the value of a point with another one.
  551. \return BAD_FUNC_ARG One or both arguments are NULL.
  552. \return MP_EQ The points are equal.
  553. \return ret Either MP_LT or MP_GT and signifies that the
  554. points are not equal.
  555. \param a First point to compare.
  556. \param b Second point to compare.
  557. _Example_
  558. \code
  559. ecc_point* point;
  560. ecc_point* point_to_compare;
  561. int cmp_result;
  562. point = wc_ecc_new_point();
  563. point_to_compare = wc_ecc_new_point();
  564. cmp_result = wc_ecc_cmp_point(point, point_to_compare);
  565. if (cmp_result == BAD_FUNC_ARG)
  566. {
  567. // arguments are invalid
  568. }
  569. else if (cmp_result == MP_EQ)
  570. {
  571. // Points are equal
  572. }
  573. else
  574. {
  575. // Points are not equal
  576. }
  577. \endcode
  578. \sa wc_ecc_new_point
  579. \sa wc_ecc_del_point
  580. \sa wc_ecc_copy_point
  581. */
  582. WOLFSSL_API
  583. int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
  584. /*!
  585. \ingroup ECC
  586. \brief Checks if a point is at infinity. Returns 1 if point is
  587. at infinity, 0 if not, < 0 on error
  588. \return 1 p is at infinity.
  589. \return 0 p is not at infinity.
  590. \return <0 Error.
  591. \param p The point to check.
  592. _Example_
  593. \code
  594. ecc_point* point;
  595. int is_infinity;
  596. point = wc_ecc_new_point();
  597. is_infinity = wc_ecc_point_is_at_infinity(point);
  598. if (is_infinity < 0)
  599. {
  600. // Handle error
  601. }
  602. else if (is_infinity == 0)
  603. {
  604. // Point is not at infinity
  605. }
  606. else if (is_infinity == 1)
  607. {
  608. // Point is at infinity
  609. }
  610. \endcode
  611. \sa wc_ecc_new_point
  612. \sa wc_ecc_del_point
  613. \sa wc_ecc_cmp_point
  614. \sa wc_ecc_copy_point
  615. */
  616. WOLFSSL_API
  617. int wc_ecc_point_is_at_infinity(ecc_point *p);
  618. /*!
  619. \ingroup ECC
  620. \brief Perform ECC Fixed Point multiplication.
  621. \return MP_OKAY Returns on successful operation.
  622. \return MP_INIT_E Returned if there is an error initializing an integer
  623. for use with the multiple precision integer (mp_int) library.
  624. \param k The multiplicand.
  625. \param G Base point to multiply.
  626. \param R Destination of product.
  627. \param modulus The modulus for the curve.
  628. \param map If non-zero maps the point back to affine coordinates,
  629. otherwise it's left in jacobian-montgomery form.
  630. _Example_
  631. \code
  632. ecc_point* base;
  633. ecc_point* destination;
  634. // Initialize points
  635. base = wc_ecc_new_point();
  636. destination = wc_ecc_new_point();
  637. // Setup other arguments
  638. mp_int multiplicand;
  639. mp_int modulus;
  640. int map;
  641. \endcode
  642. \sa none
  643. */
  644. WOLFSSL_API
  645. int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
  646. mp_int* a, mp_int* modulus, int map);
  647. /*!
  648. \ingroup ECC
  649. \brief This function exports the ECC key from the ecc_key structure,
  650. storing the result in out. The key will be stored in ANSI X9.63 format.
  651. It stores the bytes written to the output buffer in outLen.
  652. \return 0 Returned on successfully exporting the ecc_key
  653. \return LENGTH_ONLY_E Returned if the output buffer evaluates to NULL,
  654. but the other two input parameters are valid. Indicates that the function
  655. is only returning the length required to store the key
  656. \return ECC_BAD_ARG_E Returned if any of the input parameters are NULL,
  657. or the key is unsupported (has an invalid index)
  658. \return BUFFER_E Returned if the output buffer is too small to store the
  659. ecc key. If the output buffer is too small, the size needed will be
  660. returned in outLen
  661. \return MEMORY_E Returned if there is an error allocating memory with
  662. XMALLOC
  663. \return MP_INIT_E may be returned if there is an error processing the
  664. ecc_key
  665. \return MP_READ_E may be returned if there is an error processing the
  666. ecc_key
  667. \return MP_CMP_E may be returned if there is an error processing the
  668. ecc_key
  669. \return MP_INVMOD_E may be returned if there is an error processing the
  670. ecc_key
  671. \return MP_EXPTMOD_E may be returned if there is an error processing the
  672. ecc_key
  673. \return MP_MOD_E may be returned if there is an error processing the
  674. ecc_key
  675. \return MP_MUL_E may be returned if there is an error processing the
  676. ecc_key
  677. \return MP_ADD_E may be returned if there is an error processing the
  678. ecc_key
  679. \return MP_MULMOD_E may be returned if there is an error processing the
  680. ecc_key
  681. \return MP_TO_E may be returned if there is an error processing the ecc_key
  682. \return MP_MEM may be returned if there is an error processing the ecc_key
  683. \param key pointer to the ecc_key object to export
  684. \param out pointer to the buffer in which to store the ANSI X9.63
  685. formatted key
  686. \param outLen size of the output buffer. On successfully storing the
  687. key, will hold the bytes written to the output buffer
  688. _Example_
  689. \code
  690. int ret;
  691. byte buff[1024];
  692. word32 buffSz = sizeof(buff);
  693. ecc_key key;
  694. // initialize key, make key
  695. ret = wc_ecc_export_x963(&key, buff, &buffSz);
  696. if ( ret != 0) {
  697. // error exporting key
  698. }
  699. \endcode
  700. \sa wc_ecc_export_x963_ex
  701. \sa wc_ecc_import_x963
  702. */
  703. WOLFSSL_API
  704. int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
  705. /*!
  706. \ingroup ECC
  707. \brief This function exports the ECC key from the ecc_key structure,
  708. storing the result in out. The key will be stored in ANSI X9.63 format.
  709. It stores the bytes written to the output buffer in outLen. This function
  710. allows the additional option of compressing the certificate through the
  711. compressed parameter. When this parameter is true, the key will be stored
  712. in ANSI X9.63 compressed format.
  713. \return 0 Returned on successfully exporting the ecc_key
  714. \return NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at
  715. compile time, but the key was requested in compressed format
  716. \return LENGTH_ONLY_E Returned if the output buffer evaluates to NULL, but
  717. the other two input parameters are valid. Indicates that the function is
  718. only returning the length required to store the key
  719. \return ECC_BAD_ARG_E Returned if any of the input parameters are NULL, or
  720. the key is unsupported (has an invalid index)
  721. \return BUFFER_E Returned if the output buffer is too small to store the
  722. ecc key. If the output buffer is too small, the size needed will be
  723. returned in outLen
  724. \return MEMORY_E Returned if there is an error allocating memory with
  725. XMALLOC
  726. \return MP_INIT_E may be returned if there is an error processing the
  727. ecc_key
  728. \return MP_READ_E may be returned if there is an error processing the
  729. ecc_key
  730. \return MP_CMP_E may be returned if there is an error processing the
  731. ecc_key
  732. \return MP_INVMOD_E may be returned if there is an error processing the
  733. ecc_key
  734. \return MP_EXPTMOD_E may be returned if there is an error processing
  735. the ecc_key
  736. \return MP_MOD_E may be returned if there is an error processing the
  737. ecc_key
  738. \return MP_MUL_E may be returned if there is an error processing the
  739. ecc_key
  740. \return MP_ADD_E may be returned if there is an error processing the
  741. ecc_key
  742. \return MP_MULMOD_E may be returned if there is an error processing
  743. the ecc_key
  744. \return MP_TO_E may be returned if there is an error processing the ecc_key
  745. \return MP_MEM may be returned if there is an error processing the ecc_key
  746. \param key pointer to the ecc_key object to export
  747. \param out pointer to the buffer in which to store the ANSI X9.63
  748. formatted key
  749. \param outLen size of the output buffer. On successfully storing the
  750. key, will hold the bytes written to the output buffer
  751. \param compressed indicator of whether to store the key in compressed
  752. format. 1==compressed, 0==uncompressed
  753. _Example_
  754. \code
  755. int ret;
  756. byte buff[1024];
  757. word32 buffSz = sizeof(buff);
  758. ecc_key key;
  759. // initialize key, make key
  760. ret = wc_ecc_export_x963_ex(&key, buff, &buffSz, 1);
  761. if ( ret != 0) {
  762. // error exporting key
  763. }
  764. \endcode
  765. \sa wc_ecc_export_x963
  766. \sa wc_ecc_import_x963
  767. */
  768. WOLFSSL_API
  769. int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
  770. /*!
  771. \ingroup ECC
  772. \brief This function imports a public ECC key from a buffer containing the
  773. key stored in ANSI X9.63 format. This function will handle both compressed
  774. and uncompressed keys, as long as compressed keys are enabled at compile
  775. time through the HAVE_COMP_KEY option.
  776. \return 0 Returned on successfully importing the ecc_key
  777. \return NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at
  778. compile time, but the key is stored in compressed format
  779. \return ECC_BAD_ARG_E Returned if in or key evaluate to NULL, or the
  780. inLen is even (according to the x9.63 standard, the key must be odd)
  781. \return MEMORY_E Returned if there is an error allocating memory
  782. \return ASN_PARSE_E Returned if there is an error parsing the ECC key;
  783. may indicate that the ECC key is not stored in valid ANSI X9.63 format
  784. \return IS_POINT_E Returned if the public key exported is not a point
  785. on the ECC curve
  786. \return MP_INIT_E may be returned if there is an error processing the
  787. ecc_key
  788. \return MP_READ_E may be returned if there is an error processing the
  789. ecc_key
  790. \return MP_CMP_E may be returned if there is an error processing the
  791. ecc_key
  792. \return MP_INVMOD_E may be returned if there is an error processing the
  793. ecc_key
  794. \return MP_EXPTMOD_E may be returned if there is an error processing the
  795. ecc_key
  796. \return MP_MOD_E may be returned if there is an error processing the
  797. ecc_key
  798. \return MP_MUL_E may be returned if there is an error processing the
  799. ecc_key
  800. \return MP_ADD_E may be returned if there is an error processing the
  801. ecc_key
  802. \return MP_MULMOD_E may be returned if there is an error processing the
  803. ecc_key
  804. \return MP_TO_E may be returned if there is an error processing the ecc_key
  805. \return MP_MEM may be returned if there is an error processing the ecc_key
  806. \param in pointer to the buffer containing the ANSI x9.63 formatted ECC key
  807. \param inLen length of the input buffer
  808. \param key pointer to the ecc_key object in which to store the imported key
  809. _Example_
  810. \code
  811. int ret;
  812. byte buff[] = { initialize with ANSI X9.63 formatted key };
  813. ecc_key pubKey;
  814. wc_ecc_init_key(&pubKey);
  815. ret = wc_ecc_import_x963(buff, sizeof(buff), &pubKey);
  816. if ( ret != 0) {
  817. // error importing key
  818. }
  819. \endcode
  820. \sa wc_ecc_export_x963
  821. \sa wc_ecc_import_private_key
  822. */
  823. WOLFSSL_API
  824. int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
  825. /*!
  826. \ingroup ECC
  827. \brief This function imports a public/private ECC key pair from a buffer
  828. containing the raw private key, and a second buffer containing the ANSI
  829. X9.63 formatted public key. This function will handle both compressed and
  830. uncompressed keys, as long as compressed keys are enabled at compile time
  831. through the HAVE_COMP_KEY option.
  832. \return 0 Returned on successfully importing the ecc_key
  833. NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at compile
  834. time, but the key is stored in compressed format
  835. \return ECC_BAD_ARG_E Returned if in or key evaluate to NULL, or the
  836. inLen is even (according to the x9.63 standard, the key must be odd)
  837. \return MEMORY_E Returned if there is an error allocating memory
  838. \return ASN_PARSE_E Returned if there is an error parsing the ECC key;
  839. may indicate that the ECC key is not stored in valid ANSI X9.63 format
  840. \return IS_POINT_E Returned if the public key exported is not a point
  841. on the ECC curve
  842. \return MP_INIT_E may be returned if there is an error processing the
  843. ecc_key
  844. \return MP_READ_E may be returned if there is an error processing the
  845. ecc_key
  846. \return MP_CMP_E may be returned if there is an error processing the
  847. ecc_key
  848. \return MP_INVMOD_E may be returned if there is an error processing
  849. the ecc_key
  850. \return MP_EXPTMOD_E may be returned if there is an error processing
  851. the ecc_key
  852. \return MP_MOD_E may be returned if there is an error processing the
  853. ecc_key
  854. \return MP_MUL_E may be returned if there is an error processing the
  855. ecc_key
  856. \return MP_ADD_E may be returned if there is an error processing the
  857. ecc_key
  858. \return MP_MULMOD_E may be returned if there is an error processing
  859. the ecc_key
  860. \return MP_TO_E may be returned if there is an error processing the ecc_key
  861. \return MP_MEM may be returned if there is an error processing the ecc_key
  862. \param priv pointer to the buffer containing the raw private key
  863. \param privSz size of the private key buffer
  864. \param pub pointer to the buffer containing the ANSI x9.63 formatted ECC
  865. public key
  866. \param pubSz length of the public key input buffer
  867. \param key pointer to the ecc_key object in which to store the imported
  868. private/public key pair
  869. _Example_
  870. \code
  871. int ret;
  872. byte pub[] = { initialize with ANSI X9.63 formatted key };
  873. byte priv[] = { initialize with the raw private key };
  874. ecc_key key;
  875. wc_ecc_init_key(&key);
  876. ret = wc_ecc_import_private_key(priv, sizeof(priv), pub, sizeof(pub),
  877. &key);
  878. if ( ret != 0) {
  879. // error importing key
  880. }
  881. \endcode
  882. \sa wc_ecc_export_x963
  883. \sa wc_ecc_import_private_key
  884. */
  885. WOLFSSL_API
  886. int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
  887. word32 pubSz, ecc_key* key);
  888. /*!
  889. \ingroup ECC
  890. \brief This function converts the R and S portions of an ECC signature
  891. into a DER-encoded ECDSA signature. This function also stores the length
  892. written to the output buffer, out, in outlen.
  893. \return 0 Returned on successfully converting the signature
  894. \return ECC_BAD_ARG_E Returned if any of the input parameters evaluate
  895. to NULL, or if the input buffer is not large enough to hold the
  896. DER-encoded ECDSA signature
  897. \return MP_INIT_E may be returned if there is an error processing
  898. the ecc_key
  899. \return MP_READ_E may be returned if there is an error processing
  900. the ecc_key
  901. \return MP_CMP_E may be returned if there is an error processing
  902. the ecc_key
  903. \return MP_INVMOD_E may be returned if there is an error processing
  904. the ecc_key
  905. \return MP_EXPTMOD_E may be returned if there is an error processing
  906. the ecc_key
  907. \return MP_MOD_E may be returned if there is an error processing the
  908. ecc_key
  909. \return MP_MUL_E may be returned if there is an error processing the
  910. ecc_key
  911. \return MP_ADD_E may be returned if there is an error processing the
  912. ecc_key
  913. \return MP_MULMOD_E may be returned if there is an error processing
  914. the ecc_key
  915. \return MP_TO_E may be returned if there is an error processing the ecc_key
  916. \return MP_MEM may be returned if there is an error processing the ecc_key
  917. \param r pointer to the buffer containing the R portion of the signature
  918. as a string
  919. \param s pointer to the buffer containing the S portion of the signature
  920. as a string
  921. \param out pointer to the buffer in which to store the DER-encoded ECDSA
  922. signature
  923. \param outlen length of the output buffer available. Will store the bytes
  924. written to the buffer after successfully converting the signature to
  925. ECDSA format
  926. _Example_
  927. \code
  928. int ret;
  929. ecc_key key;
  930. // initialize key, generate R and S
  931. char r[] = { initialize with R };
  932. char s[] = { initialize with S };
  933. byte sig[wc_ecc_sig_size(key)];
  934. // signature size will be 2 * ECC key size + ~10 bytes for ASN.1 overhead
  935. word32 sigSz = sizeof(sig);
  936. ret = wc_ecc_rs_to_sig(r, s, sig, &sigSz);
  937. if ( ret != 0) {
  938. // error converting parameters to signature
  939. }
  940. \endcode
  941. \sa wc_ecc_sign_hash
  942. \sa wc_ecc_sig_size
  943. */
  944. WOLFSSL_API
  945. int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
  946. /*!
  947. \ingroup ECC
  948. \brief This function fills an ecc_key structure with the raw components
  949. of an ECC signature.
  950. \return 0 Returned upon successfully importing into the ecc_key structure
  951. \return ECC_BAD_ARG_E Returned if any of the input values evaluate to NULL
  952. \return MEMORY_E Returned if there is an error initializing space to
  953. store the parameters of the ecc_key
  954. \return ASN_PARSE_E Returned if the input curveName is not defined
  955. in ecc_sets
  956. \return MP_INIT_E may be returned if there is an error processing the
  957. input parameters
  958. \return MP_READ_E may be returned if there is an error processing the
  959. input parameters
  960. \return MP_CMP_E may be returned if there is an error processing the
  961. input parameters
  962. \return MP_INVMOD_E may be returned if there is an error processing the
  963. input parameters
  964. \return MP_EXPTMOD_E may be returned if there is an error processing the
  965. input parameters
  966. \return MP_MOD_E may be returned if there is an error processing the
  967. input parameters
  968. \return MP_MUL_E may be returned if there is an error processing the
  969. input parameters
  970. \return MP_ADD_E may be returned if there is an error processing the
  971. input parameters
  972. \return MP_MULMOD_E may be returned if there is an error processing
  973. the input parameters
  974. \return MP_TO_E may be returned if there is an error processing the
  975. input parameters
  976. \return MP_MEM may be returned if there is an error processing the
  977. input parameters
  978. \param key pointer to an ecc_key structure to fill
  979. \param qx pointer to a buffer containing the x component of the base
  980. point as an ASCII hex string
  981. \param qy pointer to a buffer containing the y component of the base
  982. point as an ASCII hex string
  983. \param d pointer to a buffer containing the private key as an ASCII
  984. hex string
  985. \param curveName pointer to a string containing the ECC curve name,
  986. as found in ecc_sets
  987. _Example_
  988. \code
  989. int ret;
  990. ecc_key key;
  991. wc_ecc_init(&key);
  992. char qx[] = { initialize with x component of base point };
  993. char qy[] = { initialize with y component of base point };
  994. char d[] = { initialize with private key };
  995. ret = wc_ecc_import_raw(&key,qx, qy, d, "ECC-256");
  996. if ( ret != 0) {
  997. // error initializing key with given inputs
  998. }
  999. \endcode
  1000. \sa wc_ecc_import_private_key
  1001. */
  1002. WOLFSSL_API
  1003. int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
  1004. const char* d, const char* curveName);
  1005. /*!
  1006. \ingroup ECC
  1007. \brief This function exports only the private key from an ecc_key
  1008. structure. It stores the private key in the buffer out, and sets
  1009. the bytes written to this buffer in outLen.
  1010. \return 0 Returned upon successfully exporting the private key
  1011. \return ECC_BAD_ARG_E Returned if any of the input values evaluate to NULL
  1012. \return MEMORY_E Returned if there is an error initializing space
  1013. to store the parameters of the ecc_key
  1014. \return ASN_PARSE_E Returned if the input curveName is not defined
  1015. in ecc_sets
  1016. \return MP_INIT_E may be returned if there is an error processing
  1017. the input parameters
  1018. \return MP_READ_E may be returned if there is an error processing the
  1019. input parameters
  1020. \return MP_CMP_E may be returned if there is an error processing the
  1021. input parameters
  1022. \return MP_INVMOD_E may be returned if there is an error processing
  1023. the input parameters
  1024. \return MP_EXPTMOD_E may be returned if there is an error processing
  1025. the input parameters
  1026. \return MP_MOD_E may be returned if there is an error processing the
  1027. input parameters
  1028. \return MP_MUL_E may be returned if there is an error processing the
  1029. input parameters
  1030. \return MP_ADD_E may be returned if there is an error processing the
  1031. input parameters
  1032. \return MP_MULMOD_E may be returned if there is an error processing
  1033. the input parameters
  1034. \return MP_TO_E may be returned if there is an error processing the
  1035. input parameters
  1036. \return MP_MEM may be returned if there is an error processing the
  1037. input parameters
  1038. \param key pointer to an ecc_key structure from which to export the
  1039. private key
  1040. \param out pointer to the buffer in which to store the private key
  1041. \param outLen pointer to a word32 object with the size available in
  1042. out. Set with the number of bytes written to out after successfully
  1043. exporting the private key
  1044. _Example_
  1045. \code
  1046. int ret;
  1047. ecc_key key;
  1048. // initialize key, make key
  1049. char priv[ECC_KEY_SIZE];
  1050. word32 privSz = sizeof(priv);
  1051. ret = wc_ecc_export_private_only(&key, priv, &privSz);
  1052. if ( ret != 0) {
  1053. // error exporting private key
  1054. }
  1055. \endcode
  1056. \sa wc_ecc_import_private_key
  1057. */
  1058. WOLFSSL_API
  1059. int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
  1060. /*!
  1061. \ingroup ECC
  1062. \brief Export point to der.
  1063. \return 0 Returned on success.
  1064. \return ECC_BAD_ARG_E Returns if curve_idx is less than 0 or
  1065. invalid. Also returns when
  1066. \return LENGTH_ONLY_E outLen is set but nothing else.
  1067. \return BUFFER_E Returns if outLen is less than 1 + 2 * the curve size.
  1068. \return MEMORY_E Returns if there is a problem allocating memory.
  1069. \param curve_idx Index of the curve used from ecc_sets.
  1070. \param point Point to export to der.
  1071. \param out Destination for the output.
  1072. \param outLen Maxsize allowed for output, destination for
  1073. final size of output
  1074. _Example_
  1075. \code
  1076. int curve_idx;
  1077. ecc_point* point;
  1078. byte out[];
  1079. word32 outLen;
  1080. wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  1081. \endcode
  1082. \sa wc_ecc_import_point_der
  1083. */
  1084. WOLFSSL_API
  1085. int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
  1086. byte* out, word32* outLen);
  1087. /*!
  1088. \ingroup ECC
  1089. \brief Import point from der format.
  1090. \return ECC_BAD_ARG_E Returns if any arguments are null or if
  1091. inLen is even.
  1092. \return MEMORY_E Returns if there is an error initializing
  1093. \return NOT_COMPILED_IN Returned if HAVE_COMP_KEY is not true
  1094. and in is a compressed cert
  1095. \return MP_OKAY Successful operation.
  1096. \param in der buffer to import point from.
  1097. \param inLen Length of der buffer.
  1098. \param curve_idx Index of curve.
  1099. \param point Destination for point.
  1100. _Example_
  1101. \code
  1102. byte in[];
  1103. word32 inLen;
  1104. int curve_idx;
  1105. ecc_point* point;
  1106. wc_ecc_import_point_der(in, inLen, curve_idx, point);
  1107. \endcode
  1108. \sa wc_ecc_export_point_der
  1109. */
  1110. WOLFSSL_API
  1111. int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
  1112. ecc_point* point);
  1113. /*!
  1114. \ingroup ECC
  1115. \brief This function returns the key size of an ecc_key
  1116. structure in octets.
  1117. \return Given a valid key, returns the key size in octets
  1118. \return 0 Returned if the given key is NULL
  1119. \param key pointer to an ecc_key structure for which to get the key size
  1120. _Example_
  1121. \code
  1122. int keySz;
  1123. ecc_key key;
  1124. // initialize key, make key
  1125. keySz = wc_ecc_size(&key);
  1126. if ( keySz == 0) {
  1127. // error determining key size
  1128. }
  1129. \endcode
  1130. \sa wc_ecc_make_key
  1131. */
  1132. WOLFSSL_API
  1133. int wc_ecc_size(ecc_key* key);
  1134. /*!
  1135. \ingroup ECC
  1136. \brief This function returns the worst case size for an ECC signature,
  1137. given by: (keySz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ.
  1138. The actual signature size can be computed with wc_ecc_sign_hash.
  1139. \return returns the maximum signature
  1140. size, in octets
  1141. \param key size
  1142. _Example_
  1143. \code
  1144. int sigSz = wc_ecc_sig_size_calc(32);
  1145. if ( sigSz == 0) {
  1146. // error determining sig size
  1147. }
  1148. \endcode
  1149. \sa wc_ecc_sign_hash
  1150. \sa wc_ecc_sig_size
  1151. */
  1152. WOLFSSL_API
  1153. int wc_ecc_sig_size_calc(int sz);
  1154. /*!
  1155. \ingroup ECC
  1156. \brief This function returns the worst case size for an ECC signature,
  1157. given by: (keySz * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ.
  1158. The actual signature size can be computed with wc_ecc_sign_hash.
  1159. \return Success Given a valid key, returns the maximum signature
  1160. size, in octets
  1161. \return 0 Returned if the given key is NULL
  1162. \param key pointer to an ecc_key structure for which to get the
  1163. signature size
  1164. _Example_
  1165. \code
  1166. int sigSz;
  1167. ecc_key key;
  1168. // initialize key, make key
  1169. sigSz = wc_ecc_sig_size(&key);
  1170. if ( sigSz == 0) {
  1171. // error determining sig size
  1172. }
  1173. \endcode
  1174. \sa wc_ecc_sign_hash
  1175. \sa wc_ecc_sig_size_calc
  1176. */
  1177. WOLFSSL_API
  1178. int wc_ecc_sig_size(ecc_key* key);
  1179. /*!
  1180. \ingroup ECC
  1181. \brief This function allocates and initializes space for a new ECC
  1182. context object to allow secure message exchange with ECC.
  1183. \return Success On successfully generating a new ecEncCtx object,
  1184. returns a pointer to that object
  1185. \return NULL Returned if the function fails to generate a new
  1186. ecEncCtx object
  1187. \param flags indicate whether this is a server or client context
  1188. Options are: REQ_RESP_CLIENT, and REQ_RESP_SERVER
  1189. \param rng pointer to a RNG object with which to generate a salt
  1190. _Example_
  1191. \code
  1192. ecEncCtx* ctx;
  1193. WC_WC_RNG rng;
  1194. wc_InitRng(&rng);
  1195. ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  1196. if(ctx == NULL) {
  1197. // error generating new ecEncCtx object
  1198. }
  1199. \endcode
  1200. \sa wc_ecc_encrypt
  1201. \sa wc_ecc_decrypt
  1202. */
  1203. WOLFSSL_API
  1204. ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
  1205. /*!
  1206. \ingroup ECC
  1207. \brief This function frees the ecEncCtx object used for encrypting
  1208. and decrypting messages.
  1209. \return none Returns.
  1210. \param ctx pointer to the ecEncCtx object to free
  1211. _Example_
  1212. \code
  1213. ecEncCtx* ctx;
  1214. WC_WC_RNG rng;
  1215. wc_InitRng(&rng);
  1216. ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  1217. // do secure communication
  1218. ...
  1219. wc_ecc_ctx_free(&ctx);
  1220. \endcode
  1221. \sa wc_ecc_ctx_new
  1222. */
  1223. WOLFSSL_API
  1224. void wc_ecc_ctx_free(ecEncCtx*);
  1225. /*!
  1226. \ingroup ECC
  1227. \brief This function resets an ecEncCtx structure to avoid having
  1228. to free and allocate a new context object.
  1229. \return 0 Returned if the ecEncCtx structure is successfully reset
  1230. \return BAD_FUNC_ARG Returned if either rng or ctx is NULL
  1231. \return RNG_FAILURE_E Returned if there is an error generating a
  1232. new salt for the ECC object
  1233. \param ctx pointer to the ecEncCtx object to reset
  1234. \param rng pointer to an RNG object with which to generate a new salt
  1235. _Example_
  1236. \code
  1237. ecEncCtx* ctx;
  1238. WC_WC_RNG rng;
  1239. wc_InitRng(&rng);
  1240. ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  1241. // do secure communication
  1242. ...
  1243. wc_ecc_ctx_reset(&ctx, &rng);
  1244. // do more secure communication
  1245. \endcode
  1246. \sa wc_ecc_ctx_new
  1247. */
  1248. WOLFSSL_API
  1249. int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*); /* reset for use again w/o alloc/free */
  1250. /*!
  1251. \ingroup ECC
  1252. \brief This function returns the salt of an ecEncCtx object. This
  1253. function should only be called when the ecEncCtx's state is
  1254. ecSRV_INIT or ecCLI_INIT.
  1255. \return Success On success, returns the ecEncCtx salt
  1256. \return NULL Returned if the ecEncCtx object is NULL, or the ecEncCtx's
  1257. state is not ecSRV_INIT or ecCLI_INIT. In the latter two cases, this
  1258. function also sets the ecEncCtx's state to ecSRV_BAD_STATE or
  1259. ecCLI_BAD_STATE, respectively
  1260. \param ctx pointer to the ecEncCtx object from which to get the salt
  1261. _Example_
  1262. \code
  1263. ecEncCtx* ctx;
  1264. WC_WC_RNG rng;
  1265. const byte* salt;
  1266. wc_InitRng(&rng);
  1267. ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  1268. salt = wc_ecc_ctx_get_own_salt(&ctx);
  1269. if(salt == NULL) {
  1270. // error getting salt
  1271. }
  1272. \endcode
  1273. \sa wc_ecc_ctx_new
  1274. \sa wc_ecc_ctx_set_peer_salt
  1275. */
  1276. WOLFSSL_API
  1277. const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
  1278. /*!
  1279. \ingroup ECC
  1280. \brief This function sets the peer salt of an ecEncCtx object.
  1281. \return 0 Returned upon successfully setting the peer salt for the
  1282. ecEncCtx object.
  1283. \return BAD_FUNC_ARG Returned if the given ecEncCtx object is NULL
  1284. or has an invalid protocol, or if the given salt is NULL
  1285. \return BAD_ENC_STATE_E Returned if the ecEncCtx's state is
  1286. ecSRV_SALT_GET or ecCLI_SALT_GET. In the latter two cases, this
  1287. function also sets the ecEncCtx's state to ecSRV_BAD_STATE or
  1288. ecCLI_BAD_STATE, respectively
  1289. \param ctx pointer to the ecEncCtx for which to set the salt
  1290. \param salt pointer to the peer's salt
  1291. _Example_
  1292. \code
  1293. ecEncCtx* cliCtx, srvCtx;
  1294. WC_WC_RNG rng;
  1295. const byte* cliSalt, srvSalt;
  1296. int ret;
  1297. wc_InitRng(&rng);
  1298. cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  1299. srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
  1300. cliSalt = wc_ecc_ctx_get_own_salt(&cliCtx);
  1301. srvSalt = wc_ecc_ctx_get_own_salt(&srvCtx);
  1302. ret = wc_ecc_ctx_set_peer_salt(&cliCtx, srvSalt);
  1303. \endcode
  1304. \sa wc_ecc_ctx_get_own_salt
  1305. */
  1306. WOLFSSL_API
  1307. int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
  1308. /*!
  1309. \ingroup ECC
  1310. \brief This function can optionally be called before or after
  1311. wc_ecc_ctx_set_peer_salt. It sets optional information for
  1312. an ecEncCtx object.
  1313. \return 0 Returned upon successfully setting the information
  1314. for the ecEncCtx object.
  1315. \return BAD_FUNC_ARG Returned if the given ecEncCtx object is
  1316. NULL, the input info is NULL or it's size is invalid
  1317. \param ctx pointer to the ecEncCtx for which to set the info
  1318. \param info pointer to a buffer containing the info to set
  1319. \param sz size of the info buffer
  1320. _Example_
  1321. \code
  1322. ecEncCtx* ctx;
  1323. byte info[] = { initialize with information };
  1324. // initialize ctx, get salt,
  1325. if(wc_ecc_ctx_set_info(&ctx, info, sizeof(info))) {
  1326. // error setting info
  1327. }
  1328. \endcode
  1329. \sa wc_ecc_ctx_new
  1330. */
  1331. WOLFSSL_API
  1332. int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
  1333. /*!
  1334. \ingroup ECC
  1335. \brief This function encrypts the given input message from msg
  1336. to out. This function takes an optional ctx object as parameter.
  1337. When supplied, encryption proceeds based on the ecEncCtx's
  1338. encAlgo, kdfAlgo, and macAlgo. If ctx is not supplied, processing
  1339. completes with the default algorithms, ecAES_128_CBC,
  1340. ecHKDF_SHA256 and ecHMAC_SHA256. This function requires that
  1341. the messages are padded according to the encryption type specified by ctx.
  1342. \return 0 Returned upon successfully encrypting the input message
  1343. \return BAD_FUNC_ARG Returned if privKey, pubKey, msg, msgSz, out,
  1344. or outSz are NULL, or the ctx object specifies an unsupported
  1345. encryption type
  1346. \return BAD_ENC_STATE_E Returned if the ctx object given is in a
  1347. state that is not appropriate for encryption
  1348. \return BUFFER_E Returned if the supplied output buffer is too
  1349. small to store the encrypted ciphertext
  1350. \return MEMORY_E Returned if there is an error allocating memory
  1351. for the shared secret key
  1352. \param privKey pointer to the ecc_key object containing the
  1353. private key to use for encryption
  1354. \param pubKey pointer to the ecc_key object containing the public
  1355. key of the peer with whom one wishes to communicate
  1356. \param msg pointer to the buffer holding the message to encrypt
  1357. \param msgSz size of the buffer to encrypt
  1358. \param out pointer to the buffer in which to store the encrypted
  1359. ciphertext
  1360. \param outSz pointer to a word32 object containing the available
  1361. size in the out buffer. Upon successfully encrypting the message,
  1362. holds the number of bytes written to the output buffer
  1363. \param ctx Optional: pointer to an ecEncCtx object specifying different
  1364. encryption algorithms to use
  1365. _Example_
  1366. \code
  1367. byte msg[] = { initialize with msg to encrypt. Ensure padded to block size };
  1368. byte out[sizeof(msg)];
  1369. word32 outSz = sizeof(out);
  1370. int ret;
  1371. ecc_key cli, serv;
  1372. // initialize cli with private key
  1373. // initialize serv with received public key
  1374. ecEncCtx* cliCtx, servCtx;
  1375. // initialize cliCtx and servCtx
  1376. // exchange salts
  1377. ret = wc_ecc_encrypt(&cli, &serv, msg, sizeof(msg), out, &outSz, cliCtx);
  1378. if(ret != 0) {
  1379. // error encrypting message
  1380. }
  1381. \endcode
  1382. \sa wc_ecc_decrypt
  1383. */
  1384. WOLFSSL_API
  1385. int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
  1386. word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
  1387. /*!
  1388. \ingroup ECC
  1389. \brief This function decrypts the ciphertext from msg to out. This
  1390. function takes an optional ctx object as parameter. When supplied,
  1391. encryption proceeds based on the ecEncCtx's encAlgo, kdfAlgo, and
  1392. macAlgo. If ctx is not supplied, processing completes with the
  1393. default algorithms, ecAES_128_CBC, ecHKDF_SHA256 and ecHMAC_SHA256.
  1394. This function requires that the messages are padded according to
  1395. the encryption type specified by ctx.
  1396. \return 0 Returned upon successfully decrypting the input message
  1397. \return BAD_FUNC_ARG Returned if privKey, pubKey, msg, msgSz, out,
  1398. or outSz are NULL, or the ctx object specifies an unsupported
  1399. encryption type
  1400. \return BAD_ENC_STATE_E Returned if the ctx object given is in
  1401. a state that is not appropriate for decryption
  1402. \return BUFFER_E Returned if the supplied output buffer is too
  1403. small to store the decrypted plaintext
  1404. \return MEMORY_E Returned if there is an error allocating memory
  1405. for the shared secret key
  1406. \param privKey pointer to the ecc_key object containing the private
  1407. key to use for decryption
  1408. \param pubKey pointer to the ecc_key object containing the public
  1409. key of the peer with whom one wishes to communicate
  1410. \param msg pointer to the buffer holding the ciphertext to decrypt
  1411. \param msgSz size of the buffer to decrypt
  1412. \param out pointer to the buffer in which to store the decrypted plaintext
  1413. \param outSz pointer to a word32 object containing the available
  1414. size in the out buffer. Upon successfully decrypting the
  1415. ciphertext, holds the number of bytes written to the output buffer
  1416. \param ctx Optional: pointer to an ecEncCtx object specifying
  1417. different decryption algorithms to use
  1418. _Example_
  1419. \code
  1420. byte cipher[] = { initialize with
  1421. ciphertext to decrypt. Ensure padded to block size };
  1422. byte plain[sizeof(cipher)];
  1423. word32 plainSz = sizeof(plain);
  1424. int ret;
  1425. ecc_key cli, serv;
  1426. // initialize cli with private key
  1427. // initialize serv with received public key
  1428. ecEncCtx* cliCtx, servCtx;
  1429. // initialize cliCtx and servCtx
  1430. // exchange salts
  1431. ret = wc_ecc_decrypt(&cli, &serv, cipher, sizeof(cipher),
  1432. plain, &plainSz, cliCtx);
  1433. if(ret != 0) {
  1434. // error decrypting message
  1435. }
  1436. \endcode
  1437. \sa Wc_ecc_encrypt
  1438. */
  1439. WOLFSSL_API
  1440. int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
  1441. word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);