mbed TLS  Version 2.6.1
SSL/TLS Library for the Embedded Space
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
mbedtls_ecp_group Struct Reference

ECP group structure. More...

Data Fields

mbedtls_ecp_group_id id
 
mbedtls_mpi P
 
mbedtls_mpi A
 
mbedtls_mpi B
 
mbedtls_ecp_point G
 
mbedtls_mpi N
 
size_t pbits
 
size_t nbits
 
unsigned int h
 
int(* modp )(mbedtls_mpi *)
 
int(* t_pre )(mbedtls_ecp_point *, void *)
 
int(* t_post )(mbedtls_ecp_point *, void *)
 
void * t_data
 
mbedtls_ecp_pointT
 
size_t T_size
 

Description

ECP group structure.

We consider two types of curves equations:

  1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
  2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) In both cases, a generator G for a prime-order subgroup is fixed. In the short weierstrass, this subgroup is actually the whole curve, and its cardinal is denoted by N.

In the case of Short Weierstrass curves, our code requires that N is an odd prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)

In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is the quantity actually used in the formulas. Also, nbits is not the size of N but the required size for private keys.

If modp is NULL, reduction modulo P is done using a generic algorithm. Otherwise, it must point to a function that takes an mbedtls_mpi in the range 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more than pbits, so that the integer may be efficiently brought in the 0..P-1 range by a few additions or substractions. It must return 0 on success and non-zero on failure.

Field Documentation

  1. A in the equation, or 2. (A + 2) / 4
  1. B in the equation, or 2. unused

generator of the (sub)group used

unsigned int h

internal: 1 if the constants are static

internal group identifier

int(* modp)(mbedtls_mpi *)

function for fast reduction mod P

  1. the order of G, or 2. unused
size_t nbits

number of bits in 1. P, or 2. private keys

prime modulus of the base field

size_t pbits

number of bits in P

pre-computed points for ecp_mul_comb()

void* t_data

unused

int(* t_post)(mbedtls_ecp_point *, void *)

unused

int(* t_pre)(mbedtls_ecp_point *, void *)

unused

size_t T_size

number for pre-computed points