Lines Matching refs:grp
246 int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_budget() argument
253 if (grp->pbits >= 512) { in mbedtls_ecp_check_budget()
255 } else if (grp->pbits >= 384) { in mbedtls_ecp_check_budget()
486 mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) in mbedtls_ecp_get_type() argument
488 if (grp->G.X.p == NULL) { in mbedtls_ecp_get_type()
492 if (grp->G.Y.p == NULL) { in mbedtls_ecp_get_type()
512 void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) in mbedtls_ecp_group_init() argument
514 grp->id = MBEDTLS_ECP_DP_NONE; in mbedtls_ecp_group_init()
515 mbedtls_mpi_init(&grp->P); in mbedtls_ecp_group_init()
516 mbedtls_mpi_init(&grp->A); in mbedtls_ecp_group_init()
517 mbedtls_mpi_init(&grp->B); in mbedtls_ecp_group_init()
518 mbedtls_ecp_point_init(&grp->G); in mbedtls_ecp_group_init()
519 mbedtls_mpi_init(&grp->N); in mbedtls_ecp_group_init()
520 grp->pbits = 0; in mbedtls_ecp_group_init()
521 grp->nbits = 0; in mbedtls_ecp_group_init()
522 grp->h = 0; in mbedtls_ecp_group_init()
523 grp->modp = NULL; in mbedtls_ecp_group_init()
524 grp->t_pre = NULL; in mbedtls_ecp_group_init()
525 grp->t_post = NULL; in mbedtls_ecp_group_init()
526 grp->t_data = NULL; in mbedtls_ecp_group_init()
527 grp->T = NULL; in mbedtls_ecp_group_init()
528 grp->T_size = 0; in mbedtls_ecp_group_init()
536 mbedtls_ecp_group_init(&key->grp); in mbedtls_ecp_keypair_init()
558 static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp) in ecp_group_is_static_comb_table() argument
561 return grp->T != NULL && grp->T_size == 0; in ecp_group_is_static_comb_table()
563 (void) grp; in ecp_group_is_static_comb_table()
571 void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) in mbedtls_ecp_group_free() argument
575 if (grp == NULL) { in mbedtls_ecp_group_free()
579 if (grp->h != 1) { in mbedtls_ecp_group_free()
580 mbedtls_mpi_free(&grp->A); in mbedtls_ecp_group_free()
581 mbedtls_mpi_free(&grp->B); in mbedtls_ecp_group_free()
582 mbedtls_ecp_point_free(&grp->G); in mbedtls_ecp_group_free()
585 mbedtls_mpi_free(&grp->N); in mbedtls_ecp_group_free()
586 mbedtls_mpi_free(&grp->P); in mbedtls_ecp_group_free()
590 if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { in mbedtls_ecp_group_free()
591 for (i = 0; i < grp->T_size; i++) { in mbedtls_ecp_group_free()
592 mbedtls_ecp_point_free(&grp->T[i]); in mbedtls_ecp_group_free()
594 mbedtls_free(grp->T); in mbedtls_ecp_group_free()
597 mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); in mbedtls_ecp_group_free()
609 mbedtls_ecp_group_free(&key->grp); in mbedtls_ecp_keypair_free()
691 int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_write_binary() argument
703 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_write_binary()
707 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_write_binary()
717 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_write_binary()
760 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
769 int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, in mbedtls_ecp_point_read_binary() argument
779 plen = mbedtls_mpi_size(&grp->P); in mbedtls_ecp_point_read_binary()
782 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_point_read_binary()
790 if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_point_read_binary()
799 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_point_read_binary()
826 return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, in mbedtls_ecp_point_read_binary()
844 int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_point() argument
868 return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len); in mbedtls_ecp_tls_read_point()
877 int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, in mbedtls_ecp_tls_write_point() argument
894 if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, in mbedtls_ecp_tls_write_point()
911 int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, in mbedtls_ecp_tls_read_group() argument
920 return mbedtls_ecp_group_load(grp, grp_id); in mbedtls_ecp_tls_read_group()
927 int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, in mbedtls_ecp_tls_read_group_id() argument
956 *grp = curve_info->grp_id; in mbedtls_ecp_tls_read_group_id()
964 int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, in mbedtls_ecp_tls_write_group() argument
968 if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) { in mbedtls_ecp_tls_write_group()
999 static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) in ecp_modp() argument
1003 if (grp->modp == NULL) { in ecp_modp()
1004 return mbedtls_mpi_mod_mpi(N, N, &grp->P); in ecp_modp()
1009 mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { in ecp_modp()
1013 MBEDTLS_MPI_CHK(grp->modp(N)); in ecp_modp()
1017 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); in ecp_modp()
1020 while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { in ecp_modp()
1022 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); in ecp_modp()
1051 MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \
1055 static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_mod() argument
1074 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \
1078 static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_mod() argument
1096 while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \
1097 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P))
1099 static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_add_mod() argument
1112 static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_mul_int_mod() argument
1126 static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_sub_int_mod() argument
1140 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
1143 static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, in mbedtls_mpi_shift_l_mod() argument
1161 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B))
1164 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B))
1167 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B))
1170 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A))
1173 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c))
1176 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P))
1182 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count))
1195 MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng))
1203 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \
1225 static int ecp_sw_rhs(const mbedtls_ecp_group *grp, in ecp_sw_rhs() argument
1235 if (mbedtls_ecp_group_a_is_minus_3(grp)) { in ecp_sw_rhs()
1238 MPI_ECP_ADD(rhs, rhs, &grp->A); in ecp_sw_rhs()
1242 MPI_ECP_ADD(rhs, rhs, &grp->B); in ecp_sw_rhs()
1251 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, in mbedtls_ecp_sw_derive_y() argument
1265 if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 || in mbedtls_ecp_sw_derive_y()
1266 mbedtls_mpi_get_bit(&grp->P, 1) != 1) { in mbedtls_ecp_sw_derive_y()
1275 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X)); in mbedtls_ecp_sw_derive_y()
1279 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1)); in mbedtls_ecp_sw_derive_y()
1282 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL)); in mbedtls_ecp_sw_derive_y()
1290 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y)); in mbedtls_ecp_sw_derive_y()
1314 static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) in ecp_normalize_jac() argument
1321 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac()
1322 return mbedtls_internal_ecp_normalize_jac(grp, pt); in ecp_normalize_jac()
1360 static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, in ecp_normalize_jac_many() argument
1364 return ecp_normalize_jac(grp, *T); in ecp_normalize_jac_many()
1368 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_jac_many()
1369 return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); in ecp_normalize_jac_many()
1433 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); in ecp_normalize_jac_many()
1434 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); in ecp_normalize_jac_many()
1457 static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, in ecp_safe_invert_jac() argument
1486 static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_double_jac() argument
1495 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_jac()
1496 return mbedtls_internal_ecp_double_jac(grp, R, P); in ecp_double_jac()
1506 if (mbedtls_ecp_group_a_is_minus_3(grp)) { in ecp_double_jac()
1519 if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) { in ecp_double_jac()
1523 MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A); in ecp_double_jac()
1583 static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_add_mixed() argument
1592 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_add_mixed()
1593 return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); in ecp_add_mixed()
1641 ret = ecp_double_jac(grp, R, P, tmp); in ecp_add_mixed()
1681 static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, in ecp_randomize_jac() argument
1685 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_jac()
1686 return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng); in ecp_randomize_jac()
1849 static int ecp_precompute_comb(const mbedtls_ecp_group *grp, in ecp_precompute_comb() argument
1916 MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp)); in ecp_precompute_comb()
1940 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
1958 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp)); in ecp_precompute_comb()
1980 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); in ecp_precompute_comb()
2012 static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_select_comb() argument
2029 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); in ecp_select_comb()
2043 static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb_core() argument
2078 MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); in ecp_mul_comb_core()
2080 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); in ecp_mul_comb_core()
2088 MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp)); in ecp_mul_comb_core()
2089 MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); in ecp_mul_comb_core()
2090 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp)); in ecp_mul_comb_core()
2121 static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, in ecp_comb_recode_scalar() argument
2135 if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { in ecp_comb_recode_scalar()
2144 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); in ecp_comb_recode_scalar()
2164 static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, in ecp_mul_comb_after_precomp() argument
2190 MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, in ecp_mul_comb_after_precomp()
2192 MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, in ecp_mul_comb_after_precomp()
2194 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); in ecp_mul_comb_after_precomp()
2216 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); in ecp_mul_comb_after_precomp()
2219 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); in ecp_mul_comb_after_precomp()
2234 static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, in ecp_pick_window_size() argument
2244 w = grp->nbits >= 384 ? 5 : 4; in ecp_pick_window_size()
2265 if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) { in ecp_pick_window_size()
2269 if (w >= grp->nbits) { in ecp_pick_window_size()
2289 static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_comb() argument
2305 p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 && in ecp_mul_comb()
2306 MPI_ECP_CMP(&P->X, &grp->G.X) == 0); in ecp_mul_comb()
2312 w = ecp_pick_window_size(grp, p_eq_g); in ecp_mul_comb()
2314 d = (grp->nbits + w - 1) / w; in ecp_mul_comb()
2317 if (p_eq_g && grp->T != NULL) { in ecp_mul_comb()
2319 T = grp->T; in ecp_mul_comb()
2351 MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); in ecp_mul_comb()
2356 grp->T = T; in ecp_mul_comb()
2357 grp->T_size = T_size; in ecp_mul_comb()
2362 MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, in ecp_mul_comb()
2369 if (T == grp->T) { in ecp_mul_comb()
2423 static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) in ecp_normalize_mxz() argument
2426 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_normalize_mxz()
2427 return mbedtls_internal_ecp_normalize_mxz(grp, P); in ecp_normalize_mxz()
2452 static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, in ecp_randomize_mxz() argument
2456 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_randomize_mxz()
2457 return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); in ecp_randomize_mxz()
2499 static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, in ecp_double_add_mxz() argument
2506 if (mbedtls_internal_ecp_grp_capable(grp)) { in ecp_double_add_mxz()
2507 return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d); in ecp_double_add_mxz()
2526 MPI_ECP_MUL(&R->Z, &grp->A, &T[0]); /* A * (Pp^2 - Pm^2) */ in ecp_double_add_mxz()
2545 static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_mxz() argument
2577 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); in ecp_mul_mxz()
2580 i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */ in ecp_mul_mxz()
2592 MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp)); in ecp_mul_mxz()
2608 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); in ecp_mul_mxz()
2609 MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); in ecp_mul_mxz()
2626 static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in ecp_mul_restartable_internal() argument
2646 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in ecp_mul_restartable_internal()
2647 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in ecp_mul_restartable_internal()
2661 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); in ecp_mul_restartable_internal()
2662 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in ecp_mul_restartable_internal()
2667 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in ecp_mul_restartable_internal()
2668 MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); in ecp_mul_restartable_internal()
2672 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in ecp_mul_restartable_internal()
2673 MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); in ecp_mul_restartable_internal()
2681 mbedtls_internal_ecp_free(grp); in ecp_mul_restartable_internal()
2697 int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul_restartable() argument
2706 return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx); in mbedtls_ecp_mul_restartable()
2712 int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_mul() argument
2716 return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); in mbedtls_ecp_mul()
2725 static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_sw() argument
2733 mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || in ecp_check_pubkey_sw()
2734 mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { in ecp_check_pubkey_sw()
2745 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); in ecp_check_pubkey_sw()
2765 static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, in mbedtls_ecp_mul_shortcuts() argument
2776 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2779 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2782 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); in mbedtls_ecp_mul_shortcuts()
2786 MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, in mbedtls_ecp_mul_shortcuts()
2801 mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd_restartable() argument
2814 if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_muladd_restartable()
2842 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2850 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); in mbedtls_ecp_muladd_restartable()
2853 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { in mbedtls_ecp_muladd_restartable()
2854 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); in mbedtls_ecp_muladd_restartable()
2866 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp)); in mbedtls_ecp_muladd_restartable()
2875 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); in mbedtls_ecp_muladd_restartable()
2889 mbedtls_internal_ecp_free(grp); in mbedtls_ecp_muladd_restartable()
2904 int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, in mbedtls_ecp_muladd() argument
2908 return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); in mbedtls_ecp_muladd()
3004 static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) in ecp_check_pubkey_mx() argument
3009 if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) { in ecp_check_pubkey_mx()
3020 return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id); in ecp_check_pubkey_mx()
3027 int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_pubkey() argument
3036 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_pubkey()
3037 return ecp_check_pubkey_mx(grp, pt); in mbedtls_ecp_check_pubkey()
3041 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_pubkey()
3042 return ecp_check_pubkey_sw(grp, pt); in mbedtls_ecp_check_pubkey()
3051 int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_check_privkey() argument
3055 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_check_privkey()
3059 mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */ in mbedtls_ecp_check_privkey()
3064 if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { in mbedtls_ecp_check_privkey()
3072 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_check_privkey()
3075 mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { in mbedtls_ecp_check_privkey()
3137 int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, in mbedtls_ecp_gen_privkey() argument
3143 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_gen_privkey()
3144 return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3149 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_gen_privkey()
3150 return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng); in mbedtls_ecp_gen_privkey()
3161 int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair_base() argument
3168 MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3169 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); in mbedtls_ecp_gen_keypair_base()
3178 int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, in mbedtls_ecp_gen_keypair() argument
3183 return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); in mbedtls_ecp_gen_keypair()
3193 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_gen_key()
3197 return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); in mbedtls_ecp_gen_key()
3207 if (key->grp.id == MBEDTLS_ECP_DP_NONE) { in mbedtls_ecp_set_public_key()
3209 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_set_public_key()
3212 } else if (key->grp.id != grp_id) { in mbedtls_ecp_set_public_key()
3230 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) { in mbedtls_ecp_read_key()
3237 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_read_key()
3284 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_read_key()
3290 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); in mbedtls_ecp_read_key()
3312 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_write_key()
3313 if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { in mbedtls_ecp_write_key()
3318 } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) { in mbedtls_ecp_write_key()
3327 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_write_key()
3341 size_t len = (key->grp.nbits + 7) / 8; in mbedtls_ecp_write_key_ext()
3355 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { in mbedtls_ecp_write_key_ext()
3361 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { in mbedtls_ecp_write_key_ext()
3377 return mbedtls_ecp_point_write_binary(&key->grp, &key->Q, in mbedtls_ecp_write_public_key()
3392 mbedtls_ecp_group grp; in mbedtls_ecp_check_pub_priv() local
3393 if (pub->grp.id == MBEDTLS_ECP_DP_NONE || in mbedtls_ecp_check_pub_priv()
3394 pub->grp.id != prv->grp.id || in mbedtls_ecp_check_pub_priv()
3402 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_check_pub_priv()
3405 mbedtls_ecp_group_copy(&grp, &prv->grp); in mbedtls_ecp_check_pub_priv()
3408 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng)); in mbedtls_ecp_check_pub_priv()
3419 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_check_pub_priv()
3428 return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, in mbedtls_ecp_keypair_calc_public()
3436 return key->grp.id; in mbedtls_ecp_keypair_get_group_id()
3442 int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, in mbedtls_ecp_export() argument
3447 if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) { in mbedtls_ecp_export()
3489 static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, in self_test_adjust_exponent() argument
3493 switch (grp->id) { in self_test_adjust_exponent()
3502 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); in self_test_adjust_exponent()
3506 mbedtls_mpi_set_bit(m, grp->nbits - 1, in self_test_adjust_exponent()
3513 (void) grp; in self_test_adjust_exponent()
3524 mbedtls_ecp_group *grp, in self_test_point() argument
3539 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3540 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3551 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); in self_test_point()
3552 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); in self_test_point()
3581 mbedtls_ecp_group grp; in mbedtls_ecp_self_test() local
3614 mbedtls_ecp_group_init(&grp); in mbedtls_ecp_self_test()
3622 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); in mbedtls_ecp_self_test()
3624 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); in mbedtls_ecp_self_test()
3632 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL)); in mbedtls_ecp_self_test()
3634 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3646 &grp, &R, &m, &P, in mbedtls_ecp_self_test()
3653 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()
3662 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); in mbedtls_ecp_self_test()
3664 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); in mbedtls_ecp_self_test()
3669 &grp, &R, &m, &grp.G, in mbedtls_ecp_self_test()
3683 mbedtls_ecp_group_free(&grp); in mbedtls_ecp_self_test()