ecp_invasive.h 3.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. /**
  2. * \file ecp_invasive.h
  3. *
  4. * \brief ECP module: interfaces for invasive testing only.
  5. *
  6. * The interfaces in this file are intended for testing purposes only.
  7. * They SHOULD NOT be made available in library integrations except when
  8. * building the library for testing.
  9. */
  10. /*
  11. * Copyright The Mbed TLS Contributors
  12. * SPDX-License-Identifier: Apache-2.0
  13. *
  14. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  15. * not use this file except in compliance with the License.
  16. * You may obtain a copy of the License at
  17. *
  18. * http://www.apache.org/licenses/LICENSE-2.0
  19. *
  20. * Unless required by applicable law or agreed to in writing, software
  21. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  22. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  23. * See the License for the specific language governing permissions and
  24. * limitations under the License.
  25. */
  26. #ifndef MBEDTLS_ECP_INVASIVE_H
  27. #define MBEDTLS_ECP_INVASIVE_H
  28. #include "common.h"
  29. #include "mbedtls/bignum.h"
  30. #include "mbedtls/ecp.h"
  31. #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
  32. #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
  33. defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
  34. defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
  35. /* Preconditions:
  36. * - bits is a multiple of 64 or is 224
  37. * - c is -1 or -2
  38. * - 0 <= N < 2^bits
  39. * - N has room for bits plus one limb
  40. *
  41. * Behavior:
  42. * Set N to c * 2^bits + old_value_of_N.
  43. */
  44. void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
  45. #endif
  46. #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
  47. /** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
  48. *
  49. * This function implements key generation for the set of secret keys
  50. * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value
  51. * has the lower bits masked but is not necessarily canonical.
  52. *
  53. * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
  54. * - [RFC7748] https://tools.ietf.org/html/rfc7748
  55. *
  56. * \p high_bit The position of the high-order bit of the key to generate.
  57. * This is the bit-size of the key minus 1:
  58. * 254 for Curve25519 or 447 for Curve448.
  59. * \param d The randomly generated key. This is a number of size
  60. * exactly \p n_bits + 1 bits, with the least significant bits
  61. * masked as specified in [Curve25519] and in [RFC7748] §5.
  62. * \param f_rng The RNG function.
  63. * \param p_rng The RNG context to be passed to \p f_rng.
  64. *
  65. * \return \c 0 on success.
  66. * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
  67. */
  68. int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
  69. mbedtls_mpi *d,
  70. int (*f_rng)(void *, unsigned char *, size_t),
  71. void *p_rng );
  72. #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
  73. #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */
  74. #endif /* MBEDTLS_ECP_INVASIVE_H */