third_party/NordicSemiconductor/libraries/crypto/ecp_alt.h - third_party/openthread - Git at Google

 /*
  *  Copyright (c) 2018, The OpenThread Authors.
  *  All rights reserved.
  *
  *  Redistribution and use in source and binary forms, with or without
  *  modification, are permitted provided that the following conditions are met:
  *  1. Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
  *  3. Neither the name of the copyright holder nor the
  *     names of its contributors may be used to endorse or promote products
  *     derived from this software without specific prior written permission.
  *
  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  *  POSSIBILITY OF SUCH DAMAGE.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  *  not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */

 #if defined(MBEDTLS_ECP_ALT)

 /*
  * default mbed TLS elliptic curve arithmetic implementation
  *
  * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
  * alternative implementation for the whole module and it will replace this
  * one.)
  */

 #ifdef __cplusplus
 extern "C" {
 #endif

 /**
  * \brief           ECP group structure
  *
  * We consider two types of curves equations:
  * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
  * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
  * In both cases, a generator G for a prime-order subgroup is fixed. In the
  * short weierstrass, this subgroup is actually the whole curve, and its
  * cardinal is denoted by N.
  *
  * In the case of Short Weierstrass curves, our code requires that N is an odd
  * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
  *
  * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
  * the quantity actually used in the formulas. Also, nbits is not the size of N
  * but the required size for private keys.
  *
  * If modp is NULL, reduction modulo P is done using a generic algorithm.
  * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
  * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
  * than pbits, so that the integer may be efficiently brought in the 0..P-1
  * range by a few additions or substractions. It must return 0 on success and
  * non-zero on failure.
  */
 typedef struct
 {
     mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
     mbedtls_mpi P;              /*!<  prime modulus of the base field               */
     mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
     mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
     mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
     mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
     size_t pbits;       /*!<  number of bits in P                           */
     size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
     unsigned int h;     /*!<  internal: 1 if the constants are static       */
     int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
     int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
     int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
     void *t_data;                       /*!< unused                         */
     mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
     size_t T_size;      /*!<  number for pre-computed points                */
 }
 mbedtls_ecp_group;

 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
  * Either change them in config.h or define them on the compiler command line.
  * \{
  */

 #if !defined(MBEDTLS_ECP_MAX_BITS)
 /**
  * Maximum size of the groups (that is, of N and P)
  */
 #define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
 #endif

 #define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
 #define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

 #if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
  * Default: 6.
  * Minimum value: 2. Maximum value: 7.
  *
  * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
  * points used for point multiplication. This value is directly tied to EC
  * peak memory usage, so decreasing it by one should roughly cut memory usage
  * by two (if large curves are in use).
  *
  * Reduction in size may reduce speed, but larger curves are impacted first.
  * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
  *      w-size:     6       5       4       3       2
  *      521       145     141     135     120      97
  *      384       214     209     198     177     146
  *      256       320     320     303     262     226

  *      224       475     475     453     398     342
  *      192       640     640     633     587     476
  */
 #define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
 #endif /* MBEDTLS_ECP_WINDOW_SIZE */

 #if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
 /*
  * Trade memory for speed on fixed-point multiplication.
  *
  * This speeds up repeated multiplication of the generator (that is, the
  * multiplication in ECDSA signatures, and half of the multiplications in
  * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
  *
  * The cost is increasing EC peak memory usage by a factor roughly 2.
  *
  * Change this value to 0 to reduce peak memory usage.
  */
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
 #endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

 /* \} name SECTION: Module settings */

 #ifdef __cplusplus
 }
 #endif

 #endif // MBEDTLS_ECP_ALT
	/*
	* Copyright (c) 2018, The OpenThread Authors.
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	* 3. Neither the name of the copyright holder nor the
	* names of its contributors may be used to endorse or promote products
	* derived from this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	* POSSIBILITY OF SUCH DAMAGE.
	*
	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
	* SPDX-License-Identifier: Apache-2.0
	*
	* Licensed under the Apache License, Version 2.0 (the "License"); you may
	* not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#if defined(MBEDTLS_ECP_ALT)

	/*
	* default mbed TLS elliptic curve arithmetic implementation
	*
	* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
	* alternative implementation for the whole module and it will replace this
	* one.)
	*/

	#ifdef __cplusplus
	extern "C" {
	#endif

	/**
	* \brief ECP group structure
	*
	* We consider two types of curves equations:
	* 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
	* 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft)
	* In both cases, a generator G for a prime-order subgroup is fixed. In the
	* short weierstrass, this subgroup is actually the whole curve, and its
	* cardinal is denoted by N.
	*
	* In the case of Short Weierstrass curves, our code requires that N is an odd
	* prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
	*
	* In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
	* the quantity actually used in the formulas. Also, nbits is not the size of N
	* but the required size for private keys.
	*
	* If modp is NULL, reduction modulo P is done using a generic algorithm.
	* Otherwise, it must point to a function that takes an mbedtls_mpi in the range
	* 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
	* than pbits, so that the integer may be efficiently brought in the 0..P-1
	* range by a few additions or substractions. It must return 0 on success and
	* non-zero on failure.
	*/
	typedef struct
	{
	mbedtls_ecp_group_id id; /!< internal group identifier /
	mbedtls_mpi P; /!< prime modulus of the base field /
	mbedtls_mpi A; /!< 1. A in the equation, or 2. (A + 2) / 4 /
	mbedtls_mpi B; /!< 1. B in the equation, or 2. unused /
	mbedtls_ecp_point G; /!< generator of the (sub)group used /
	mbedtls_mpi N; /!< 1. the order of G, or 2. unused /
	size_t pbits; /!< number of bits in P /
	size_t nbits; /!< number of bits in 1. P, or 2. private keys /
	unsigned int h; /!< internal: 1 if the constants are static /
	int (modp)(mbedtls_mpi ); /!< function for fast reduction mod P /
	int (t_pre)(mbedtls_ecp_point , void ); /!< unused */
	int (t_post)(mbedtls_ecp_point , void ); /!< unused */
	void t_data; /!< unused */
	mbedtls_ecp_point T; /!< pre-computed points for ecp_mul_comb() */
	size_t T_size; /!< number for pre-computed points /
	}
	mbedtls_ecp_group;

	/**
	* \name SECTION: Module settings
	*
	* The configuration options you can set for this module are in this section.
	* Either change them in config.h or define them on the compiler command line.
	* \{
	*/

	#if !defined(MBEDTLS_ECP_MAX_BITS)
	/**
	* Maximum size of the groups (that is, of N and P)
	*/
	#define MBEDTLS_ECP_MAX_BITS 521 /*< Maximum bit size of groups /
	#endif

	#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
	#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )

	#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
	/*
	* Maximum "window" size used for point multiplication.
	* Default: 6.
	* Minimum value: 2. Maximum value: 7.
	*
	* Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
	* points used for point multiplication. This value is directly tied to EC
	* peak memory usage, so decreasing it by one should roughly cut memory usage
	* by two (if large curves are in use).
	*
	* Reduction in size may reduce speed, but larger curves are impacted first.
	* Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
	* w-size: 6 5 4 3 2
	* 521 145 141 135 120 97
	* 384 214 209 198 177 146
	* 256 320 320 303 262 226

	* 224 475 475 453 398 342
	* 192 640 640 633 587 476
	*/
	#define MBEDTLS_ECP_WINDOW_SIZE 6 /*< Maximum window size used /
	#endif /* MBEDTLS_ECP_WINDOW_SIZE */

	#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
	/*
	* Trade memory for speed on fixed-point multiplication.
	*
	* This speeds up repeated multiplication of the generator (that is, the
	* multiplication in ECDSA signatures, and half of the multiplications in
	* ECDSA verification and ECDHE) by a factor roughly 3 to 4.
	*
	* The cost is increasing EC peak memory usage by a factor roughly 2.
	*
	* Change this value to 0 to reduce peak memory usage.
	*/
	#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /*< Enable fixed-point speed-up /
	#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */

	/* \} name SECTION: Module settings */

	#ifdef __cplusplus
	}
	#endif

	#endif // MBEDTLS_ECP_ALT