![]() |
mbed TLS
Version 2.6.0
SSL/TLS Library for the Embedded Space
|
ECP group structure. More...
Data Fields | |
mbedtls_ecp_group_id | id |
mbedtls_mpi | P |
mbedtls_mpi | A |
mbedtls_mpi | B |
mbedtls_ecp_point | G |
mbedtls_mpi | N |
size_t | pbits |
size_t | nbits |
unsigned int | h |
int(* | modp )(mbedtls_mpi *) |
int(* | t_pre )(mbedtls_ecp_point *, void *) |
int(* | t_post )(mbedtls_ecp_point *, void *) |
void * | t_data |
mbedtls_ecp_point * | T |
size_t | T_size |
ECP group structure.
We consider two types of curves equations:
In the case of Short Weierstrass curves, our code requires that N is an odd prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is the quantity actually used in the formulas. Also, nbits is not the size of N but the required size for private keys.
If modp is NULL, reduction modulo P is done using a generic algorithm. Otherwise, it must point to a function that takes an mbedtls_mpi in the range 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more than pbits, so that the integer may be efficiently brought in the 0..P-1 range by a few additions or substractions. It must return 0 on success and non-zero on failure.
generator of the (sub)group used
unsigned int h |
internal: 1 if the constants are static
internal group identifier
int(* modp)(mbedtls_mpi *) |
function for fast reduction mod P
size_t nbits |
number of bits in 1. P, or 2. private keys
prime modulus of the base field
size_t pbits |
number of bits in P
pre-computed points for ecp_mul_comb()
void* t_data |
unused
int(* t_post)(mbedtls_ecp_point *, void *) |
unused
int(* t_pre)(mbedtls_ecp_point *, void *) |
unused
size_t T_size |
number for pre-computed points