1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
.TH EC 2
.SH NAME
secp256r1,
secp256k1,
secp384r1,
ecdominit,
ecdomfree,
ecassign,
ecadd,
ecmul,
strtoec,
ecgen,
ecverify,
ecpubverify,
ecdsasign,
ecdsaverify,
ecencodepub,
ecdecodepub,
ecpubfree,
X509toECpub,
X509ecdsaverify,
X509ecdsaverifydigest \- elliptic curve cryptography
.SH SYNOPSIS
.B #include <u.h>
.br
.B #include <libc.h>
.br
.B #include <mp.h>
.br
.B #include <libsec.h>
.PP
.B
void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
.PP
.B
void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
.PP
.B
void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
.PP
.B
void ecdominit(ECdomain *dom, void (*init)(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h))
.PP
.B
void ecdomfree(ECdomain *dom)
.PP
.B
void ecassign(ECdomain *dom, ECpoint *old, ECpoint *new)
.PP
.B
void ecadd(ECdomain *dom, ECpoint *a, ECpoint *b, ECpoint *s)
.PP
.B
void ecmul(ECdomain *dom, ECpoint *a, mpint *k, ECpoint *s)
.PP
.B
ECpoint* strtoec(ECdomain *dom, char *s, char **rptr, ECpoint *p)
.PP
.B
ECpriv* ecgen(ECdomain *dom, ECpriv *p)
.PP
.B
int ecverify(ECdomain *dom, ECpoint *p)
.PP
.B
int ecpubverify(ECdomain *dom, ECpub *p)
.PP
.B
void ecdsasign(ECdomain *dom, ECpriv *priv, uchar *dig, int dlen, mpint *r, mpint *s)
.PP
.B
int ecdsaverify(ECdomain *dom, ECpub *pub, uchar *dig, int dlen, mpint *r, mpint *s)
.PP
.B
int ecencodepub(ECdomain *dom, ECpub *pub, uchar *data, int len)
.PP
.B
ECpub* ecdecodepub(ECdomain *dom, uchar *data, int len)
.PP
.B
void ecpubfree(ECpub *p);
.PP
.B
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
.PP
.B
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)
.PP
.B
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
.DT
.SH DESCRIPTION
These functions implement elliptic curve cryptography.
An elliptic curve together with cryptographic parameters are specified using an
.B ECdomain
struct.
Points on the curve are represented by
.B ECpoint
structs.
.PP
.B ecdominit
initializes a
.B ECdomain
struct and calls the
.B init
function such as
.B secp256r1
which fills in the parameters of the curve.
.PP
.B ecdomfree
frees the parameters of the curve and zeros the struct. It does
not free the memory of the struct itself.
.PP
.BR ecassign ", " ecadd " and " ecmul
are analogous to their counterparts in
.IR mp (2).
.PP
.B strtoec
converts a hex string representing an octet string as specified in
.I Standards for Efficient Cryptography (SEC) 1
to an
.B ECpoint
struct. Both uncompressed and compressed formats are supported.
If
.B rptr
is not
.BR nil ,
it is used to return the position in the string where the parser stopped.
If
.BR p " is " nil
space is allocated automatically, else the given struct is used.
.PP
.B ecverify
and
.B ecpubverify
verify that the given point or public key, respectively, is valid.
.PP
.B ecgen
generates a keypair and returns a pointer to it.
If
.BR p " is " nil
space is allocated automatically, else the given struct is used.
.PP
.B ecdsasign
and
.B ecdsaverify
create or verify, respectively, a signature using the ECDSA scheme specified in
.I SEC 1.
It is absolutely vital that
.B dig
is a cryptographic hash to the message.
.B ecdsasign
writes the signature to
.BR r " and " s
which are assumed to be allocated properly.
.PP
.B ecencodepub
and
.B ecdecodepub
handle encoding and decoding of public keys in uncompressed format.
Note that
.B ecdecodepub
also verifies that the public key is valid in the specified domain.
.PP
.B ecpubfree
frees a
.B ECpub
structure and its associated members.
.PP
Given a binary X.509 cert, the function
.B X509toECpub
initializes domain parameters and returns the ECDSA public key. if
.I name
is not
.BR nil ,
the CN part of the Distinguished Name of the certificate's Subject is returned.
.B X509ecdsaverify
and
.B X509ecdsaverifydigest
are analogs to the routines described by
.IR rsa (2).
.SH RETURN VALUE
.B *verify
functions return
.B 1
for a positive result.
Functions returning pointers may return
.B nil
in case of error
.I (e.g.
failing
.IR malloc (2)).
.SH SOURCE
.B /sys/src/libsec/port/ecc.c
.SH SEE ALSO
.IR rsa (2)
.br
.I
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography
- Certicom Research, 2009
.SH HISTORY
This implementation of elliptic curve cryptography first appeared in 9front (June, 2012).
|
