mbed TLS v2.9.0
Data Structures | Macros | Enumerations | Functions
ecp.h File Reference

This file provides an API for Elliptic Curves over GF(P) (ECP). More...

#include "bignum.h"
Include dependency graph for ecp.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  mbedtls_ecp_curve_info
 
struct  mbedtls_ecp_point
 The ECP point structure, in Jacobian coordinates. More...
 
struct  mbedtls_ecp_group
 The ECP group structure. More...
 
struct  mbedtls_ecp_keypair
 The ECP key-pair structure. More...
 

Macros

#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA   -0x4F80
 
#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL   -0x4F00
 
#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE   -0x4E80
 
#define MBEDTLS_ERR_ECP_VERIFY_FAILED   -0x4E00
 
#define MBEDTLS_ERR_ECP_ALLOC_FAILED   -0x4D80
 
#define MBEDTLS_ERR_ECP_RANDOM_FAILED   -0x4D00
 
#define MBEDTLS_ERR_ECP_INVALID_KEY   -0x4C80
 
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH   -0x4C00
 
#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED   -0x4B80
 
#define MBEDTLS_ECP_DP_MAX   12
 
#define MBEDTLS_ECP_PF_UNCOMPRESSED   0
 
#define MBEDTLS_ECP_PF_COMPRESSED   1
 
#define MBEDTLS_ECP_TLS_NAMED_CURVE   3
 
SECTION: Module settings

The configuration options you can set for this module are in this section. Either change them in config.h, or define them using the compiler command line.

#define MBEDTLS_ECP_MAX_BITS   521
 
#define MBEDTLS_ECP_MAX_BYTES   ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
 
#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
 
#define MBEDTLS_ECP_WINDOW_SIZE   6
 
#define MBEDTLS_ECP_FIXED_POINT_OPTIM   1
 

Enumerations

enum  mbedtls_ecp_group_id {
  MBEDTLS_ECP_DP_NONE = 0, MBEDTLS_ECP_DP_SECP192R1, MBEDTLS_ECP_DP_SECP224R1, MBEDTLS_ECP_DP_SECP256R1,
  MBEDTLS_ECP_DP_SECP384R1, MBEDTLS_ECP_DP_SECP521R1, MBEDTLS_ECP_DP_BP256R1, MBEDTLS_ECP_DP_BP384R1,
  MBEDTLS_ECP_DP_BP512R1, MBEDTLS_ECP_DP_CURVE25519, MBEDTLS_ECP_DP_SECP192K1, MBEDTLS_ECP_DP_SECP224K1,
  MBEDTLS_ECP_DP_SECP256K1, MBEDTLS_ECP_DP_CURVE448
}
 

Functions

const mbedtls_ecp_curve_infombedtls_ecp_curve_list (void)
 This function retrieves the information defined in mbedtls_ecp_curve_info() for all supported curves in order of preference. More...
 
const mbedtls_ecp_group_idmbedtls_ecp_grp_id_list (void)
 This function retrieves the list of internal group identifiers of all supported curves in the order of preference. More...
 
const mbedtls_ecp_curve_infombedtls_ecp_curve_info_from_grp_id (mbedtls_ecp_group_id grp_id)
 This function retrieves curve information from an internal group identifier. More...
 
const mbedtls_ecp_curve_infombedtls_ecp_curve_info_from_tls_id (uint16_t tls_id)
 This function retrieves curve information from a TLS NamedCurve value. More...
 
const mbedtls_ecp_curve_infombedtls_ecp_curve_info_from_name (const char *name)
 This function retrieves curve information from a human-readable name. More...
 
void mbedtls_ecp_point_init (mbedtls_ecp_point *pt)
 This function initializes a point as zero. More...
 
void mbedtls_ecp_group_init (mbedtls_ecp_group *grp)
 This function initializes an ECP group context without loading any domain parameters. More...
 
void mbedtls_ecp_keypair_init (mbedtls_ecp_keypair *key)
 This function initializes a key pair as an invalid one. More...
 
void mbedtls_ecp_point_free (mbedtls_ecp_point *pt)
 This function frees the components of a point. More...
 
void mbedtls_ecp_group_free (mbedtls_ecp_group *grp)
 This function frees the components of an ECP group. More...
 
void mbedtls_ecp_keypair_free (mbedtls_ecp_keypair *key)
 This function frees the components of a key pair. More...
 
int mbedtls_ecp_copy (mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
 This function copies the contents of point Q into point P. More...
 
int mbedtls_ecp_group_copy (mbedtls_ecp_group *dst, const mbedtls_ecp_group *src)
 This function copies the contents of group src into group dst. More...
 
int mbedtls_ecp_set_zero (mbedtls_ecp_point *pt)
 This function sets a point to zero. More...
 
int mbedtls_ecp_is_zero (mbedtls_ecp_point *pt)
 This function checks if a point is zero. More...
 
int mbedtls_ecp_point_cmp (const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q)
 This function compares two points. More...
 
int mbedtls_ecp_point_read_string (mbedtls_ecp_point *P, int radix, const char *x, const char *y)
 This function imports a non-zero point from two ASCII strings. More...
 
int mbedtls_ecp_point_write_binary (const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
 This function exports a point into unsigned binary data. More...
 
int mbedtls_ecp_point_read_binary (const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, const unsigned char *buf, size_t ilen)
 This function imports a point from unsigned binary data. More...
 
int mbedtls_ecp_tls_read_point (const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, const unsigned char **buf, size_t len)
 This function imports a point from a TLS ECPoint record. More...
 
int mbedtls_ecp_tls_write_point (const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen)
 This function exports a point as a TLS ECPoint record. More...
 
int mbedtls_ecp_group_load (mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
 This function sets a group using standardized domain parameters. More...
 
int mbedtls_ecp_tls_read_group (mbedtls_ecp_group *grp, const unsigned char **buf, size_t len)
 This function sets a group from a TLS ECParameters record. More...
 
int mbedtls_ecp_tls_write_group (const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen)
 This function writes the TLS ECParameters record for a group. More...
 
int mbedtls_ecp_mul (mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function performs multiplication of a point by an integer: R = m * P. More...
 
int mbedtls_ecp_muladd (mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *n, const mbedtls_ecp_point *Q)
 This function performs multiplication and addition of two points by integers: R = m * P + n * Q. More...
 
int mbedtls_ecp_check_pubkey (const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
 This function checks that a point is a valid public key on this curve. More...
 
int mbedtls_ecp_check_privkey (const mbedtls_ecp_group *grp, const mbedtls_mpi *d)
 This function checks that an mbedtls_mpi is a valid private key for this curve. More...
 
int mbedtls_ecp_gen_keypair_base (mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function generates a keypair with a configurable base point. More...
 
int mbedtls_ecp_gen_keypair (mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function generates an ECP keypair. More...
 
int mbedtls_ecp_gen_key (mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 This function generates an ECP key. More...
 
int mbedtls_ecp_check_pub_priv (const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv)
 This function checks that the keypair objects pub and prv have the same group and the same public point, and that the private key in prv is consistent with the public key. More...
 
int mbedtls_ecp_self_test (int verbose)
 The ECP checkup routine. More...
 

Detailed Description

This file provides an API for Elliptic Curves over GF(P) (ECP).

The use of ECP in cryptography and TLS is defined in Standards for Efficient Cryptography Group (SECG): SEC1 Elliptic Curve Cryptography and RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).

RFC-2409: The Internet Key Exchange (IKE) defines ECP group types.

Definition in file ecp.h.

Macro Definition Documentation

§ MBEDTLS_ECP_DP_MAX

#define MBEDTLS_ECP_DP_MAX   12

The number of supported curves, plus one for MBEDTLS_ECP_DP_NONE.

Note
Montgomery curves are currently excluded.

Definition at line 90 of file ecp.h.

§ MBEDTLS_ECP_FIXED_POINT_OPTIM

#define MBEDTLS_ECP_FIXED_POINT_OPTIM   1

Enable fixed-point speed-up.

Definition at line 237 of file ecp.h.

§ MBEDTLS_ECP_MAX_BITS

#define MBEDTLS_ECP_MAX_BITS   521

The maximum size of the groups, that is, of N and P.The maximum size of groups, in bits.

Definition at line 196 of file ecp.h.

§ MBEDTLS_ECP_MAX_BYTES

#define MBEDTLS_ECP_MAX_BYTES   ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )

Definition at line 199 of file ecp.h.

§ MBEDTLS_ECP_MAX_PT_LEN

#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

Definition at line 200 of file ecp.h.

§ MBEDTLS_ECP_PF_COMPRESSED

#define MBEDTLS_ECP_PF_COMPRESSED   1

Compressed point format.

Definition at line 266 of file ecp.h.

§ MBEDTLS_ECP_PF_UNCOMPRESSED

#define MBEDTLS_ECP_PF_UNCOMPRESSED   0

Uncompressed point format.

Definition at line 265 of file ecp.h.

§ MBEDTLS_ECP_TLS_NAMED_CURVE

#define MBEDTLS_ECP_TLS_NAMED_CURVE   3

The named_curve of ECCurveType.

Definition at line 271 of file ecp.h.

§ MBEDTLS_ECP_WINDOW_SIZE

#define MBEDTLS_ECP_WINDOW_SIZE   6

The maximum window size used.

Definition at line 222 of file ecp.h.

§ MBEDTLS_ERR_ECP_ALLOC_FAILED

#define MBEDTLS_ERR_ECP_ALLOC_FAILED   -0x4D80

Memory allocation failed.

Definition at line 48 of file ecp.h.

§ MBEDTLS_ERR_ECP_BAD_INPUT_DATA

#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA   -0x4F80

Bad input parameters to function.

Definition at line 44 of file ecp.h.

§ MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL

#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL   -0x4F00

The buffer is too small to write to.

Definition at line 45 of file ecp.h.

§ MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE   -0x4E80

The requested feature is not available, for example, the requested curve is not supported.

Definition at line 46 of file ecp.h.

§ MBEDTLS_ERR_ECP_HW_ACCEL_FAILED

#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED   -0x4B80

The ECP hardware accelerator failed.

Definition at line 52 of file ecp.h.

§ MBEDTLS_ERR_ECP_INVALID_KEY

#define MBEDTLS_ERR_ECP_INVALID_KEY   -0x4C80

Invalid private or public key.

Definition at line 50 of file ecp.h.

§ MBEDTLS_ERR_ECP_RANDOM_FAILED

#define MBEDTLS_ERR_ECP_RANDOM_FAILED   -0x4D00

Generation of random value, such as ephemeral key, failed.

Definition at line 49 of file ecp.h.

§ MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH

#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH   -0x4C00

The buffer contains a valid signature followed by more data.

Definition at line 51 of file ecp.h.

§ MBEDTLS_ERR_ECP_VERIFY_FAILED

#define MBEDTLS_ERR_ECP_VERIFY_FAILED   -0x4E00

The signature is not valid.

Definition at line 47 of file ecp.h.

Enumeration Type Documentation

§ mbedtls_ecp_group_id

Domain-parameter identifiers: curve, subgroup, and generator.

Note
Only curves over prime fields are supported.
Warning
This library does not support validation of arbitrary domain parameters. Therefore, only standardized domain parameters from trusted sources should be used. See mbedtls_ecp_group_load().
Enumerator
MBEDTLS_ECP_DP_NONE 

Curve not defined.

MBEDTLS_ECP_DP_SECP192R1 

Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP224R1 

Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP256R1 

Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP384R1 

Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_SECP521R1 

Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.

MBEDTLS_ECP_DP_BP256R1 

Domain parameters for 256-bit Brainpool curve.

MBEDTLS_ECP_DP_BP384R1 

Domain parameters for 384-bit Brainpool curve.

MBEDTLS_ECP_DP_BP512R1 

Domain parameters for 512-bit Brainpool curve.

MBEDTLS_ECP_DP_CURVE25519 

Domain parameters for Curve25519.

MBEDTLS_ECP_DP_SECP192K1 

Domain parameters for 192-bit "Koblitz" curve.

MBEDTLS_ECP_DP_SECP224K1 

Domain parameters for 224-bit "Koblitz" curve.

MBEDTLS_ECP_DP_SECP256K1 

Domain parameters for 256-bit "Koblitz" curve.

MBEDTLS_ECP_DP_CURVE448 

Domain parameters for Curve448.

Definition at line 67 of file ecp.h.

Function Documentation

§ mbedtls_ecp_check_privkey()

int mbedtls_ecp_check_privkey ( const mbedtls_ecp_group grp,
const mbedtls_mpi d 
)

This function checks that an mbedtls_mpi is a valid private key for this curve.

Note
This function uses bare components rather than an mbedtls_ecp_keypair structure to ease use with other structures, such as mbedtls_ecdh_context or mbedtls_ecdsa_context.
Parameters
grpThe group used.
dThe integer to check.
Returns
0 if the point is a valid private key.
MBEDTLS_ERR_ECP_INVALID_KEY on failure.

§ mbedtls_ecp_check_pub_priv()

int mbedtls_ecp_check_pub_priv ( const mbedtls_ecp_keypair pub,
const mbedtls_ecp_keypair prv 
)

This function checks that the keypair objects pub and prv have the same group and the same public point, and that the private key in prv is consistent with the public key.

Parameters
pubThe keypair structure holding the public key. If it contains a private key, that part is ignored.
prvThe keypair structure holding the full keypair.
Returns
0 on success, meaning that the keys are valid and match.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
An MBEDTLS_ERR_ECP_XXX or an MBEDTLS_ERR_MPI_XXX error code on calculation failure.

§ mbedtls_ecp_check_pubkey()

int mbedtls_ecp_check_pubkey ( const mbedtls_ecp_group grp,
const mbedtls_ecp_point pt 
)

This function checks that a point is a valid public key on this curve.

It only checks that the point is non-zero, has valid coordinates and lies on the curve. It does not verify that it is indeed a multiple of G. This additional check is computationally more expensive, is not required by standards, and should not be necessary if the group used has a small cofactor. In particular, it is useless for the NIST groups which all have a cofactor of 1.

Note
This function uses bare components rather than an mbedtls_ecp_keypair structure, to ease use with other structures, such as mbedtls_ecdh_context or mbedtls_ecdsa_context.
Parameters
grpThe curve the point should lie on.
ptThe point to check.
Returns
0 if the point is a valid public key.
MBEDTLS_ERR_ECP_INVALID_KEY on failure.

§ mbedtls_ecp_copy()

int mbedtls_ecp_copy ( mbedtls_ecp_point P,
const mbedtls_ecp_point Q 
)

This function copies the contents of point Q into point P.

Parameters
PThe destination point.
QThe source point.
Returns
0 on success.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.

§ mbedtls_ecp_curve_info_from_grp_id()

const mbedtls_ecp_curve_info* mbedtls_ecp_curve_info_from_grp_id ( mbedtls_ecp_group_id  grp_id)

This function retrieves curve information from an internal group identifier.

Parameters
grp_idAn MBEDTLS_ECP_DP_XXX value.
Returns
The associated curve information on success.
NULL on failure.

§ mbedtls_ecp_curve_info_from_name()

const mbedtls_ecp_curve_info* mbedtls_ecp_curve_info_from_name ( const char *  name)

This function retrieves curve information from a human-readable name.

Parameters
nameThe human-readable name.
Returns
The associated curve information on success.
NULL on failure.

§ mbedtls_ecp_curve_info_from_tls_id()

const mbedtls_ecp_curve_info* mbedtls_ecp_curve_info_from_tls_id ( uint16_t  tls_id)

This function retrieves curve information from a TLS NamedCurve value.

Parameters
tls_idAn MBEDTLS_ECP_DP_XXX value.
Returns
The associated curve information on success.
NULL on failure.

§ mbedtls_ecp_curve_list()

const mbedtls_ecp_curve_info* mbedtls_ecp_curve_list ( void  )

This function retrieves the information defined in mbedtls_ecp_curve_info() for all supported curves in order of preference.

Returns
A statically allocated array. The last entry is 0.

§ mbedtls_ecp_gen_key()

int mbedtls_ecp_gen_key ( mbedtls_ecp_group_id  grp_id,
mbedtls_ecp_keypair key,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function generates an ECP key.

Parameters
grp_idThe ECP group identifier.
keyThe destination key.
f_rngThe RNG function.
p_rngThe RNG context.
Returns
0 on success.
An MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code on failure.

§ mbedtls_ecp_gen_keypair()

int mbedtls_ecp_gen_keypair ( mbedtls_ecp_group grp,
mbedtls_mpi d,
mbedtls_ecp_point Q,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function generates an ECP keypair.

Note
This function uses bare components rather than an mbedtls_ecp_keypair structure to ease use with other structures, such as mbedtls_ecdh_context or mbedtls_ecdsa_context.
Parameters
grpThe ECP group.
dThe destination MPI (secret part).
QThe destination point (public part).
f_rngThe RNG function.
p_rngThe RNG context.
Returns
0 on success.
An MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code on failure.

§ mbedtls_ecp_gen_keypair_base()

int mbedtls_ecp_gen_keypair_base ( mbedtls_ecp_group grp,
const mbedtls_ecp_point G,
mbedtls_mpi d,
mbedtls_ecp_point Q,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function generates a keypair with a configurable base point.

Note
This function uses bare components rather than an mbedtls_ecp_keypair structure to ease use with other structures, such as mbedtls_ecdh_context or mbedtls_ecdsa_context.
Parameters
grpThe ECP group.
GThe chosen base point.
dThe destination MPI (secret part).
QThe destination point (public part).
f_rngThe RNG function.
p_rngThe RNG context.
Returns
0 on success.
An MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code on failure.

§ mbedtls_ecp_group_copy()

int mbedtls_ecp_group_copy ( mbedtls_ecp_group dst,
const mbedtls_ecp_group src 
)

This function copies the contents of group src into group dst.

Parameters
dstThe destination group.
srcThe source group.
Returns
0 on success.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.

§ mbedtls_ecp_group_free()

void mbedtls_ecp_group_free ( mbedtls_ecp_group grp)

This function frees the components of an ECP group.

Parameters
grpThe group to free.

§ mbedtls_ecp_group_init()

void mbedtls_ecp_group_init ( mbedtls_ecp_group grp)

This function initializes an ECP group context without loading any domain parameters.

Note
After this function is called, domain parameters for various ECP groups can be loaded through the mbedtls_ecp_load() or mbedtls_ecp_tls_read_group() functions.

§ mbedtls_ecp_group_load()

int mbedtls_ecp_group_load ( mbedtls_ecp_group grp,
mbedtls_ecp_group_id  id 
)

This function sets a group using standardized domain parameters.

Note
The index should be a value of the NamedCurve enum, as defined in RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), usually in the form of an MBEDTLS_ECP_DP_XXX macro.
Parameters
grpThe destination group.
idThe identifier of the domain parameter set to load.
Returns
0 on success,
An MBEDTLS_ERR_MPI_XXX error code on initialization failure.
MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups.

§ mbedtls_ecp_grp_id_list()

const mbedtls_ecp_group_id* mbedtls_ecp_grp_id_list ( void  )

This function retrieves the list of internal group identifiers of all supported curves in the order of preference.

Returns
A statically allocated array, terminated with MBEDTLS_ECP_DP_NONE.

§ mbedtls_ecp_is_zero()

int mbedtls_ecp_is_zero ( mbedtls_ecp_point pt)

This function checks if a point is zero.

Parameters
ptThe point to test.
Returns
1 if the point is zero.
0 if the point is non-zero.

§ mbedtls_ecp_keypair_free()

void mbedtls_ecp_keypair_free ( mbedtls_ecp_keypair key)

This function frees the components of a key pair.

Parameters
keyThe key pair to free.

§ mbedtls_ecp_keypair_init()

void mbedtls_ecp_keypair_init ( mbedtls_ecp_keypair key)

This function initializes a key pair as an invalid one.

Parameters
keyThe key pair to initialize.

§ mbedtls_ecp_mul()

int mbedtls_ecp_mul ( mbedtls_ecp_group grp,
mbedtls_ecp_point R,
const mbedtls_mpi m,
const mbedtls_ecp_point P,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

This function performs multiplication of a point by an integer: R = m * P.

It is not thread-safe to use same group in multiple threads.

Note
To prevent timing attacks, this function executes the exact same sequence of base-field operations for any valid m. It avoids any if-branch or array index depending on the value of m.
If f_rng is not NULL, it is used to randomize intermediate results to prevent potential timing attacks targeting these results. We recommend always providing a non-NULL f_rng. The overhead is negligible.
Parameters
grpThe ECP group.
RThe destination point.
mThe integer by which to multiply.
PThe point to multiply.
f_rngThe RNG function.
p_rngThe RNG context.
Returns
0 on success.
MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid private key, or P is not a valid public key.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.

§ mbedtls_ecp_muladd()

int mbedtls_ecp_muladd ( mbedtls_ecp_group grp,
mbedtls_ecp_point R,
const mbedtls_mpi m,
const mbedtls_ecp_point P,
const mbedtls_mpi n,
const mbedtls_ecp_point Q 
)

This function performs multiplication and addition of two points by integers: R = m * P + n * Q.

It is not thread-safe to use same group in multiple threads.

Note
In contrast to mbedtls_ecp_mul(), this function does not guarantee a constant execution flow and timing.
Parameters
grpThe ECP group.
RThe destination point.
mThe integer by which to multiply P.
PThe point to multiply by m.
nThe integer by which to multiply Q.
QThe point to be multiplied by n.
Returns
0 on success.
MBEDTLS_ERR_ECP_INVALID_KEY if m or n are not valid private keys, or P or Q are not valid public keys.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.

§ mbedtls_ecp_point_cmp()

int mbedtls_ecp_point_cmp ( const mbedtls_ecp_point P,
const mbedtls_ecp_point Q 
)

This function compares two points.

Note
This assumes that the points are normalized. Otherwise, they may compare as "not equal" even if they are.
Parameters
PThe first point to compare.
QThe second point to compare.
Returns
0 if the points are equal.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.

§ mbedtls_ecp_point_free()

void mbedtls_ecp_point_free ( mbedtls_ecp_point pt)

This function frees the components of a point.

Parameters
ptThe point to free.

§ mbedtls_ecp_point_init()

void mbedtls_ecp_point_init ( mbedtls_ecp_point pt)

This function initializes a point as zero.

Parameters
ptThe point to initialize.

§ mbedtls_ecp_point_read_binary()

int mbedtls_ecp_point_read_binary ( const mbedtls_ecp_group grp,
mbedtls_ecp_point P,
const unsigned char *  buf,
size_t  ilen 
)

This function imports a point from unsigned binary data.

Note
This function does not check that the point actually belongs to the given group, see mbedtls_ecp_check_pubkey() for that.
Parameters
grpThe group to which the point should belong.
PThe point to import.
bufThe input buffer.
ilenThe length of the input.
Returns
0 on success.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format is not implemented.

§ mbedtls_ecp_point_read_string()

int mbedtls_ecp_point_read_string ( mbedtls_ecp_point P,
int  radix,
const char *  x,
const char *  y 
)

This function imports a non-zero point from two ASCII strings.

Parameters
PThe destination point.
radixThe numeric base of the input.
xThe first affine coordinate, as a null-terminated string.
yThe second affine coordinate, as a null-terminated string.
Returns
0 on success.
An MBEDTLS_ERR_MPI_XXX error code on failure.

§ mbedtls_ecp_point_write_binary()

int mbedtls_ecp_point_write_binary ( const mbedtls_ecp_group grp,
const mbedtls_ecp_point P,
int  format,
size_t *  olen,
unsigned char *  buf,
size_t  buflen 
)

This function exports a point into unsigned binary data.

Parameters
grpThe group to which the point should belong.
PThe point to export.
formatThe point format. Should be an MBEDTLS_ECP_PF_XXX macro.
olenThe length of the output.
bufThe output buffer.
buflenThe length of the output buffer.
Returns
0 on success.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.

§ mbedtls_ecp_self_test()

int mbedtls_ecp_self_test ( int  verbose)

The ECP checkup routine.

Returns
0 on success.
1 on failure.

§ mbedtls_ecp_set_zero()

int mbedtls_ecp_set_zero ( mbedtls_ecp_point pt)

This function sets a point to zero.

Parameters
ptThe point to set.
Returns
0 on success.
MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.

§ mbedtls_ecp_tls_read_group()

int mbedtls_ecp_tls_read_group ( mbedtls_ecp_group grp,
const unsigned char **  buf,
size_t  len 
)

This function sets a group from a TLS ECParameters record.

Note
buf is updated to point right after the ECParameters record on exit.
Parameters
grpThe destination group.
bufThe address of the pointer to the start of the input buffer.
lenThe length of the buffer.
Returns
0 on success.
An MBEDTLS_ERR_MPI_XXX error code on initialization failure.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.

§ mbedtls_ecp_tls_read_point()

int mbedtls_ecp_tls_read_point ( const mbedtls_ecp_group grp,
mbedtls_ecp_point pt,
const unsigned char **  buf,
size_t  len 
)

This function imports a point from a TLS ECPoint record.

Note
On function return, buf is updated to point to immediately after the ECPoint record.
Parameters
grpThe ECP group used.
ptThe destination point.
bufThe address of the pointer to the start of the input buffer.
lenThe length of the buffer.
Returns
0 on success.
An MBEDTLS_ERR_MPI_XXX error code on initialization failure.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.

§ mbedtls_ecp_tls_write_group()

int mbedtls_ecp_tls_write_group ( const mbedtls_ecp_group grp,
size_t *  olen,
unsigned char *  buf,
size_t  blen 
)

This function writes the TLS ECParameters record for a group.

Parameters
grpThe ECP group used.
olenThe number of Bytes written.
bufThe buffer to write to.
blenThe length of the buffer.
Returns
0 on success.
MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.

§ mbedtls_ecp_tls_write_point()

int mbedtls_ecp_tls_write_point ( const mbedtls_ecp_group grp,
const mbedtls_ecp_point pt,
int  format,
size_t *  olen,
unsigned char *  buf,
size_t  blen 
)

This function exports a point as a TLS ECPoint record.

Parameters
grpThe ECP group used.
ptThe point format to export to. The point format is an MBEDTLS_ECP_PF_XXX constant.
formatThe export format.
olenThe length of the data written.
bufThe buffer to write to.
blenThe length of the buffer.
Returns
0 on success.
MBEDTLS_ERR_ECP_BAD_INPUT_DATA or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL on failure.