/src/wolfssl-sp-math-all-8bit/wolfcrypt/src/curve448.c
Line | Count | Source |
1 | | /* curve448.c |
2 | | * |
3 | | * Copyright (C) 2006-2026 wolfSSL Inc. |
4 | | * |
5 | | * This file is part of wolfSSL. |
6 | | * |
7 | | * wolfSSL is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * wolfSSL is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
20 | | */ |
21 | | |
22 | | /* Implemented to: RFC 7748 */ |
23 | | |
24 | | /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. |
25 | | * Reworked for curve448 by Sean Parkinson. |
26 | | */ |
27 | | |
28 | | /* |
29 | | * Curve448 Build Options: |
30 | | * |
31 | | * HAVE_CURVE448: Enable Curve448 support default: off |
32 | | * HAVE_CURVE448_SHARED_SECRET: Enable Curve448 shared secret default: on |
33 | | * (when HAVE_CURVE448 is enabled) |
34 | | * HAVE_CURVE448_KEY_EXPORT: Enable Curve448 key export default: on |
35 | | * HAVE_CURVE448_KEY_IMPORT: Enable Curve448 key import default: on |
36 | | * WOLFSSL_ECDHX_SHARED_NOT_ZERO: Check ECDH shared secret != 0 default: off |
37 | | */ |
38 | | |
39 | | #include <wolfssl/wolfcrypt/libwolfssl_sources.h> |
40 | | |
41 | | #ifdef HAVE_CURVE448 |
42 | | |
43 | | #include <wolfssl/wolfcrypt/curve448.h> |
44 | | #ifdef NO_INLINE |
45 | | #include <wolfssl/wolfcrypt/misc.h> |
46 | | #else |
47 | | #define WOLFSSL_MISC_INCLUDED |
48 | | #include <wolfcrypt/src/misc.c> |
49 | | #endif |
50 | | |
51 | | int wc_curve448_make_pub(int public_size, byte* pub, int private_size, |
52 | | const byte* priv) |
53 | 1.19k | { |
54 | 1.19k | int ret; |
55 | 1.19k | unsigned char basepoint[CURVE448_KEY_SIZE] = {5}; |
56 | | |
57 | 1.19k | if ((pub == NULL) || (priv == NULL)) { |
58 | 0 | return ECC_BAD_ARG_E; |
59 | 0 | } |
60 | 1.19k | if ((public_size != CURVE448_PUB_KEY_SIZE) || |
61 | 1.19k | (private_size != CURVE448_KEY_SIZE)) { |
62 | 0 | return ECC_BAD_ARG_E; |
63 | 0 | } |
64 | | |
65 | 1.19k | fe448_init(); |
66 | | |
67 | | /* compute public key */ |
68 | 1.19k | ret = curve448(pub, priv, basepoint); |
69 | | |
70 | 1.19k | return ret; |
71 | 1.19k | } |
72 | | |
73 | | |
74 | | /* Make a new curve448 private/public key. |
75 | | * |
76 | | * rng [in] Random number generator. |
77 | | * keysize [in] Size of the key to generate. |
78 | | * key [in] Curve448 key object. |
79 | | * returns BAD_FUNC_ARG when rng or key are NULL, |
80 | | * ECC_BAD_ARG_E when keysize is not CURVE448_KEY_SIZE, |
81 | | * 0 otherwise. |
82 | | */ |
83 | | int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key) |
84 | 1.36k | { |
85 | 1.36k | int ret = 0; |
86 | | |
87 | 1.36k | if ((key == NULL) || (rng == NULL)) { |
88 | 0 | ret = BAD_FUNC_ARG; |
89 | 0 | } |
90 | | |
91 | | /* currently only a key size of 56 bytes is used */ |
92 | 1.36k | if ((ret == 0) && (keysize != CURVE448_KEY_SIZE)) { |
93 | 0 | ret = ECC_BAD_ARG_E; |
94 | 0 | } |
95 | | |
96 | 1.36k | if (ret == 0) { |
97 | | /* random number for private key */ |
98 | 1.36k | ret = wc_RNG_GenerateBlock(rng, key->k, (word32)keysize); |
99 | 1.36k | } |
100 | 1.36k | if (ret == 0) { |
101 | 1.19k | key->privSet = 1; |
102 | | |
103 | | /* clamp private */ |
104 | 1.19k | key->k[0] &= 0xfc; |
105 | 1.19k | key->k[CURVE448_KEY_SIZE-1] |= 0x80; |
106 | | |
107 | | /* compute public */ |
108 | 1.19k | ret = wc_curve448_make_pub((int)sizeof(key->p), key->p, |
109 | 1.19k | (int)sizeof(key->k), key->k); |
110 | 1.19k | if (ret == 0) { |
111 | 1.19k | key->pubSet = 1; |
112 | 1.19k | } |
113 | 0 | else { |
114 | 0 | ForceZero(key->k, sizeof(key->k)); |
115 | 0 | XMEMSET(key->p, 0, sizeof(key->p)); |
116 | 0 | } |
117 | 1.19k | } |
118 | | |
119 | 1.36k | return ret; |
120 | 1.36k | } |
121 | | |
122 | | #ifdef HAVE_CURVE448_SHARED_SECRET |
123 | | |
124 | | /* Calculate the shared secret from the private key and peer's public key. |
125 | | * Calculation over curve448. |
126 | | * Secret encoded big-endian. |
127 | | * |
128 | | * private_key [in] Curve448 private key. |
129 | | * public_key [in] Curve448 public key. |
130 | | * out [in] Array to hold shared secret. |
131 | | * outLen [in/out] On in, the number of bytes in array. |
132 | | * On out, the number bytes put into array. |
133 | | * returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than |
134 | | * CURVE448_KEY_SIZE, |
135 | | * 0 otherwise. |
136 | | */ |
137 | | int wc_curve448_shared_secret(curve448_key* private_key, |
138 | | curve448_key* public_key, |
139 | | byte* out, word32* outLen) |
140 | 0 | { |
141 | 0 | return wc_curve448_shared_secret_ex(private_key, public_key, out, outLen, |
142 | 0 | EC448_BIG_ENDIAN); |
143 | 0 | } |
144 | | |
145 | | /* Calculate the shared secret from the private key and peer's public key. |
146 | | * Calculation over curve448. |
147 | | * |
148 | | * private_key [in] Curve448 private key. |
149 | | * public_key [in] Curve448 public key. |
150 | | * out [in] Array to hold shared secret. |
151 | | * outLen [in/out] On in, the number of bytes in array. |
152 | | * On out, the number bytes put into array. |
153 | | * endian [in] Endianness to use when encoding number in array. |
154 | | * returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than |
155 | | * CURVE448_PUB_KEY_SIZE, |
156 | | * 0 otherwise. |
157 | | */ |
158 | | int wc_curve448_shared_secret_ex(curve448_key* private_key, |
159 | | curve448_key* public_key, |
160 | | byte* out, word32* outLen, int endian) |
161 | 53 | { |
162 | 53 | unsigned char o[CURVE448_PUB_KEY_SIZE]; |
163 | 53 | int ret = 0; |
164 | 53 | int i; |
165 | | |
166 | | /* sanity check */ |
167 | 53 | if ((private_key == NULL) || (public_key == NULL) || (out == NULL) || |
168 | 53 | (outLen == NULL) || (*outLen < CURVE448_PUB_KEY_SIZE)) { |
169 | 0 | ret = BAD_FUNC_ARG; |
170 | 0 | } |
171 | | /* make sure we have a populated private and public key */ |
172 | 53 | if (ret == 0 && (!private_key->privSet || !public_key->pubSet)) { |
173 | 0 | ret = ECC_BAD_ARG_E; |
174 | 0 | } |
175 | | |
176 | 53 | if (ret == 0) { |
177 | 53 | ret = curve448(o, private_key->k, public_key->p); |
178 | 53 | } |
179 | | #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO |
180 | | if (ret == 0) { |
181 | | byte t = 0; |
182 | | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
183 | | t |= o[i]; |
184 | | } |
185 | | if (t == 0) { |
186 | | ret = ECC_OUT_OF_RANGE_E; |
187 | | } |
188 | | } |
189 | | #endif |
190 | 53 | if (ret == 0) { |
191 | 53 | if (endian == EC448_BIG_ENDIAN) { |
192 | | /* put shared secret key in Big Endian format */ |
193 | 0 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
194 | 0 | out[i] = o[CURVE448_PUB_KEY_SIZE - i -1]; |
195 | 0 | } |
196 | 0 | } |
197 | 53 | else { |
198 | | /* put shared secret key in Little Endian format */ |
199 | 53 | XMEMCPY(out, o, CURVE448_PUB_KEY_SIZE); |
200 | 53 | } |
201 | | |
202 | 53 | *outLen = CURVE448_PUB_KEY_SIZE; |
203 | 53 | } |
204 | | |
205 | 53 | ForceZero(o, CURVE448_PUB_KEY_SIZE); |
206 | | |
207 | 53 | return ret; |
208 | 53 | } |
209 | | |
210 | | #endif /* HAVE_CURVE448_SHARED_SECRET */ |
211 | | |
212 | | #ifdef HAVE_CURVE448_KEY_EXPORT |
213 | | |
214 | | /* Export the curve448 public key. |
215 | | * Public key encoded big-endian. |
216 | | * |
217 | | * key [in] Curve448 public key. |
218 | | * out [in] Array to hold public key. |
219 | | * outLen [in/out] On in, the number of bytes in array. |
220 | | * On out, the number bytes put into array. |
221 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
222 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE, |
223 | | * 0 otherwise. |
224 | | */ |
225 | | int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen) |
226 | 1 | { |
227 | 1 | return wc_curve448_export_public_ex(key, out, outLen, EC448_BIG_ENDIAN); |
228 | 1 | } |
229 | | |
230 | | /* Export the curve448 public key. |
231 | | * |
232 | | * key [in] Curve448 public key. |
233 | | * out [in] Array to hold public key. |
234 | | * outLen [in/out] On in, the number of bytes in array. |
235 | | * On out, the number bytes put into array. |
236 | | * endian [in] Endianness to use when encoding number in array. |
237 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
238 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE, |
239 | | * 0 otherwise. |
240 | | */ |
241 | | int wc_curve448_export_public_ex(curve448_key* key, byte* out, word32* outLen, |
242 | | int endian) |
243 | 962 | { |
244 | 962 | int ret = 0; |
245 | | |
246 | 962 | if ((key == NULL) || (out == NULL) || (outLen == NULL)) { |
247 | 105 | ret = BAD_FUNC_ARG; |
248 | 105 | } |
249 | | |
250 | | /* check and set outgoing key size */ |
251 | 962 | if ((ret == 0) && (*outLen < CURVE448_PUB_KEY_SIZE)) { |
252 | 21 | *outLen = CURVE448_PUB_KEY_SIZE; |
253 | 21 | ret = ECC_BAD_ARG_E; |
254 | 21 | } |
255 | 962 | if (ret == 0) { |
256 | | /* calculate public if missing */ |
257 | 836 | if (!key->pubSet) { |
258 | 0 | ret = wc_curve448_make_pub((int)sizeof(key->p), key->p, |
259 | 0 | (int)sizeof(key->k), key->k); |
260 | 0 | key->pubSet = (ret == 0); |
261 | 0 | } |
262 | 836 | } |
263 | 962 | if (ret == 0) { |
264 | 836 | *outLen = CURVE448_PUB_KEY_SIZE; |
265 | 836 | if (endian == EC448_BIG_ENDIAN) { |
266 | 1 | int i; |
267 | | /* read keys in Big Endian format */ |
268 | 57 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
269 | 56 | out[i] = key->p[CURVE448_PUB_KEY_SIZE - i - 1]; |
270 | 56 | } |
271 | 1 | } |
272 | 835 | else { |
273 | 835 | XMEMCPY(out, key->p, CURVE448_PUB_KEY_SIZE); |
274 | 835 | } |
275 | 836 | } |
276 | | |
277 | 962 | return ret; |
278 | 962 | } |
279 | | |
280 | | #endif /* HAVE_CURVE448_KEY_EXPORT */ |
281 | | |
282 | | #ifdef HAVE_CURVE448_KEY_IMPORT |
283 | | |
284 | | /* Import a curve448 public key from a byte array. |
285 | | * Public key encoded in big-endian. |
286 | | * |
287 | | * in [in] Array holding public key. |
288 | | * inLen [in] Number of bytes of data in array. |
289 | | * key [in] Curve448 public key. |
290 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
291 | | * ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE, |
292 | | * 0 otherwise. |
293 | | */ |
294 | | int wc_curve448_import_public(const byte* in, word32 inLen, curve448_key* key) |
295 | 20 | { |
296 | 20 | return wc_curve448_import_public_ex(in, inLen, key, EC448_BIG_ENDIAN); |
297 | 20 | } |
298 | | |
299 | | /* Import a curve448 public key from a byte array. |
300 | | * |
301 | | * in [in] Array holding public key. |
302 | | * inLen [in] Number of bytes of data in array. |
303 | | * key [in] Curve448 public key. |
304 | | * endian [in] Endianness of encoded number in byte array. |
305 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
306 | | * ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE, |
307 | | * 0 otherwise. |
308 | | */ |
309 | | int wc_curve448_import_public_ex(const byte* in, word32 inLen, |
310 | | curve448_key* key, int endian) |
311 | 128 | { |
312 | 128 | int ret = 0; |
313 | | |
314 | | /* sanity check */ |
315 | 128 | if ((key == NULL) || (in == NULL)) { |
316 | 1 | ret = BAD_FUNC_ARG; |
317 | 1 | } |
318 | | |
319 | | /* check size of incoming keys */ |
320 | 128 | if ((ret == 0) && (inLen != CURVE448_PUB_KEY_SIZE)) { |
321 | 19 | ret = ECC_BAD_ARG_E; |
322 | 19 | } |
323 | | |
324 | 128 | if (ret == 0) { |
325 | 108 | if (endian == EC448_BIG_ENDIAN) { |
326 | 1 | int i; |
327 | | /* read keys in Big Endian format */ |
328 | 57 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
329 | 56 | key->p[i] = in[CURVE448_PUB_KEY_SIZE - i - 1]; |
330 | 56 | } |
331 | 1 | } |
332 | 107 | else |
333 | 107 | XMEMCPY(key->p, in, inLen); |
334 | 108 | key->pubSet = 1; |
335 | 108 | } |
336 | | |
337 | 128 | return ret; |
338 | 128 | } |
339 | | |
340 | | /* Check the public key value (big or little endian) |
341 | | * |
342 | | * pub [in] Public key bytes. |
343 | | * pubSz [in] Size of public key in bytes. |
344 | | * endian [in] Public key bytes passed in as big-endian or little-endian. |
345 | | * returns BAD_FUNC_ARGS when pub is NULL, |
346 | | * ECC_BAD_ARG_E when key length is not 56 bytes, public key value is |
347 | | * zero or one; |
348 | | * BUFFER_E when size of public key is zero; |
349 | | * 0 otherwise. |
350 | | */ |
351 | | int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian) |
352 | 915 | { |
353 | 915 | int ret = 0; |
354 | | |
355 | 915 | if (pub == NULL) { |
356 | 0 | ret = BAD_FUNC_ARG; |
357 | 0 | } |
358 | | |
359 | | /* Check for empty key data */ |
360 | 915 | if ((ret == 0) && (pubSz == 0)) { |
361 | 5 | ret = BUFFER_E; |
362 | 5 | } |
363 | | |
364 | | /* Check key length */ |
365 | 915 | if ((ret == 0) && (pubSz != CURVE448_PUB_KEY_SIZE)) { |
366 | 83 | ret = ECC_BAD_ARG_E; |
367 | 83 | } |
368 | | |
369 | 915 | if (ret == 0) { |
370 | 827 | word32 i; |
371 | | |
372 | 827 | if (endian == EC448_LITTLE_ENDIAN) { |
373 | | /* Check for value of zero or one */ |
374 | 1.49k | for (i = CURVE448_PUB_KEY_SIZE - 1; i > 0; i--) { |
375 | 1.47k | if (pub[i] != 0) { |
376 | 194 | break; |
377 | 194 | } |
378 | 1.47k | } |
379 | 213 | if ((i == 0) && (pub[0] == 0 || pub[0] == 1)) { |
380 | 7 | return ECC_BAD_ARG_E; |
381 | 7 | } |
382 | | /* Check for order-1 or higher */ |
383 | 2.59k | for (i = CURVE448_PUB_KEY_SIZE - 1; i > 28; i--) { |
384 | 2.52k | if (pub[i] != 0xff) { |
385 | 129 | break; |
386 | 129 | } |
387 | 2.52k | } |
388 | 206 | if ((i == 28) && (pub[i] == 0xff)) { |
389 | 6 | return ECC_BAD_ARG_E; |
390 | 6 | } |
391 | 200 | if ((i == 28) && (pub[i] == 0xfe)) { |
392 | 445 | for (--i; i > 0; i--) { |
393 | 435 | if (pub[i] != 0xff) { |
394 | 26 | break; |
395 | 26 | } |
396 | 435 | } |
397 | 36 | if ((i == 0) && (pub[i] >= 0xfe)) { |
398 | 3 | return ECC_BAD_ARG_E; |
399 | 3 | } |
400 | 36 | } |
401 | 200 | } |
402 | 614 | else { |
403 | | /* Check for value of zero or one */ |
404 | 1.22k | for (i = 0; i < CURVE448_PUB_KEY_SIZE-1; i++) { |
405 | 1.22k | if (pub[i] != 0) { |
406 | 608 | break; |
407 | 608 | } |
408 | 1.22k | } |
409 | 614 | if ((i == CURVE448_PUB_KEY_SIZE - 1) && |
410 | 6 | (pub[i] == 0 || pub[i] == 1)) { |
411 | 2 | ret = ECC_BAD_ARG_E; |
412 | 2 | } |
413 | | /* Check for order-1 or higher */ |
414 | 1.67k | for (i = 0; i < 27; i++) { |
415 | 1.64k | if (pub[i] != 0xff) { |
416 | 582 | break; |
417 | 582 | } |
418 | 1.64k | } |
419 | 614 | if ((i == 27) && (pub[i] == 0xff)) { |
420 | 2 | return ECC_BAD_ARG_E; |
421 | 2 | } |
422 | 612 | if ((i == 27) && (pub[i] == 0xfe)) { |
423 | 411 | for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i++) { |
424 | 400 | if (pub[i] != 0xff) { |
425 | 9 | break; |
426 | 9 | } |
427 | 400 | } |
428 | 20 | if ((i == CURVE448_PUB_KEY_SIZE - 1) && (pub[i] >= 0xfe)) { |
429 | 1 | return ECC_BAD_ARG_E; |
430 | 1 | } |
431 | 20 | } |
432 | 612 | } |
433 | 827 | } |
434 | | |
435 | 896 | return ret; |
436 | 915 | } |
437 | | |
438 | | #endif /* HAVE_CURVE448_KEY_IMPORT */ |
439 | | |
440 | | |
441 | | #ifdef HAVE_CURVE448_KEY_EXPORT |
442 | | |
443 | | /* Export the curve448 private key raw form. |
444 | | * Private key encoded big-endian. |
445 | | * |
446 | | * key [in] Curve448 private key. |
447 | | * out [in] Array to hold private key. |
448 | | * outLen [in/out] On in, the number of bytes in array. |
449 | | * On out, the number bytes put into array. |
450 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
451 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE, |
452 | | * 0 otherwise. |
453 | | */ |
454 | | int wc_curve448_export_private_raw(curve448_key* key, byte* out, word32* outLen) |
455 | 0 | { |
456 | 0 | return wc_curve448_export_private_raw_ex(key, out, outLen, |
457 | 0 | EC448_BIG_ENDIAN); |
458 | 0 | } |
459 | | |
460 | | /* Export the curve448 private key raw form. |
461 | | * |
462 | | * key [in] Curve448 private key. |
463 | | * out [in] Array to hold private key. |
464 | | * outLen [in/out] On in, the number of bytes in array. |
465 | | * On out, the number bytes put into array. |
466 | | * endian [in] Endianness to use when encoding number in array. |
467 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
468 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE, |
469 | | * 0 otherwise. |
470 | | */ |
471 | | int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, |
472 | | word32* outLen, int endian) |
473 | 519 | { |
474 | 519 | int ret = 0; |
475 | | |
476 | | /* sanity check */ |
477 | 519 | if ((key == NULL) || (out == NULL) || (outLen == NULL)) { |
478 | 152 | ret = BAD_FUNC_ARG; |
479 | 152 | } |
480 | | |
481 | | /* check size of outgoing buffer */ |
482 | 519 | if ((ret == 0) && (*outLen < CURVE448_KEY_SIZE)) { |
483 | 28 | *outLen = CURVE448_KEY_SIZE; |
484 | 28 | ret = ECC_BAD_ARG_E; |
485 | 28 | } |
486 | 519 | if (ret == 0) { |
487 | 339 | *outLen = CURVE448_KEY_SIZE; |
488 | | |
489 | 339 | if (endian == EC448_BIG_ENDIAN) { |
490 | 0 | int i; |
491 | | /* put the key in Big Endian format */ |
492 | 0 | for (i = 0; i < CURVE448_KEY_SIZE; i++) { |
493 | 0 | out[i] = key->k[CURVE448_KEY_SIZE - i - 1]; |
494 | 0 | } |
495 | 0 | } |
496 | 339 | else { |
497 | 339 | XMEMCPY(out, key->k, CURVE448_KEY_SIZE); |
498 | 339 | } |
499 | 339 | } |
500 | | |
501 | 519 | return ret; |
502 | 519 | } |
503 | | |
504 | | /* Export the curve448 private and public keys in raw form. |
505 | | * Private and public key encoded big-endian. |
506 | | * |
507 | | * key [in] Curve448 private key. |
508 | | * priv [in] Array to hold private key. |
509 | | * privSz [in/out] On in, the number of bytes in private key array. |
510 | | * On out, the number bytes put into private key array. |
511 | | * pub [in] Array to hold public key. |
512 | | * pubSz [in/out] On in, the number of bytes in public key array. |
513 | | * On out, the number bytes put into public key array. |
514 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
515 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
516 | | * less than CURVE448_PUB_KEY_SIZE, |
517 | | * 0 otherwise. |
518 | | */ |
519 | | int wc_curve448_export_key_raw(curve448_key* key, byte* priv, word32 *privSz, |
520 | | byte* pub, word32 *pubSz) |
521 | 0 | { |
522 | 0 | return wc_curve448_export_key_raw_ex(key, priv, privSz, pub, pubSz, |
523 | 0 | EC448_BIG_ENDIAN); |
524 | 0 | } |
525 | | |
526 | | /* Export the curve448 private and public keys in raw form. |
527 | | * |
528 | | * key [in] Curve448 private key. |
529 | | * priv [in] Array to hold private key. |
530 | | * privSz [in/out] On in, the number of bytes in private key array. |
531 | | * On out, the number bytes put into private key array. |
532 | | * pub [in] Array to hold public key. |
533 | | * pubSz [in/out] On in, the number of bytes in public key array. |
534 | | * On out, the number bytes put into public key array. |
535 | | * endian [in] Endianness to use when encoding number in array. |
536 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
537 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
538 | | * less than CURVE448_PUB_KEY_SIZE, |
539 | | * 0 otherwise. |
540 | | */ |
541 | | int wc_curve448_export_key_raw_ex(curve448_key* key, byte* priv, word32 *privSz, |
542 | | byte* pub, word32 *pubSz, int endian) |
543 | 0 | { |
544 | 0 | int ret; |
545 | | |
546 | | /* export private part */ |
547 | 0 | ret = wc_curve448_export_private_raw_ex(key, priv, privSz, endian); |
548 | 0 | if (ret == 0) { |
549 | | /* export public part */ |
550 | 0 | ret = wc_curve448_export_public_ex(key, pub, pubSz, endian); |
551 | 0 | } |
552 | |
|
553 | 0 | return ret; |
554 | 0 | } |
555 | | |
556 | | #endif /* HAVE_CURVE448_KEY_EXPORT */ |
557 | | |
558 | | #ifdef HAVE_CURVE448_KEY_IMPORT |
559 | | |
560 | | /* Import curve448 private and public keys from a byte arrays. |
561 | | * Private and public keys encoded in big-endian. |
562 | | * |
563 | | * piv [in] Array holding private key. |
564 | | * privSz [in] Number of bytes of data in private key array. |
565 | | * pub [in] Array holding public key. |
566 | | * pubSz [in] Number of bytes of data in public key array. |
567 | | * key [in] Curve448 private/public key. |
568 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
569 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
570 | | * less than CURVE448_PUB_KEY_SIZE, |
571 | | * 0 otherwise. |
572 | | */ |
573 | | int wc_curve448_import_private_raw(const byte* priv, word32 privSz, |
574 | | const byte* pub, word32 pubSz, |
575 | | curve448_key* key) |
576 | 21 | { |
577 | 21 | return wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, key, |
578 | 21 | EC448_BIG_ENDIAN); |
579 | 21 | } |
580 | | |
581 | | /* Import curve448 private and public keys from a byte arrays. |
582 | | * |
583 | | * piv [in] Array holding private key. |
584 | | * privSz [in] Number of bytes of data in private key array. |
585 | | * pub [in] Array holding public key. |
586 | | * pubSz [in] Number of bytes of data in public key array. |
587 | | * key [in] Curve448 private/public key. |
588 | | * endian [in] Endianness of encoded numbers in byte arrays. |
589 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
590 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
591 | | * less than CURVE448_PUB_KEY_SIZE, |
592 | | * 0 otherwise. |
593 | | */ |
594 | | int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz, |
595 | | const byte* pub, word32 pubSz, |
596 | | curve448_key* key, int endian) |
597 | 21 | { |
598 | 21 | int ret; |
599 | | |
600 | | /* import private part */ |
601 | 21 | ret = wc_curve448_import_private_ex(priv, privSz, key, endian); |
602 | 21 | if (ret == 0) { |
603 | | /* import public part */ |
604 | 1 | return wc_curve448_import_public_ex(pub, pubSz, key, endian); |
605 | 1 | } |
606 | | |
607 | 20 | return ret; |
608 | 21 | } |
609 | | |
610 | | /* Import curve448 private key from a byte array. |
611 | | * Private key encoded in big-endian. |
612 | | * |
613 | | * piv [in] Array holding private key. |
614 | | * privSz [in] Number of bytes of data in private key array. |
615 | | * key [in] Curve448 private/public key. |
616 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
617 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE, |
618 | | * 0 otherwise. |
619 | | */ |
620 | | int wc_curve448_import_private(const byte* priv, word32 privSz, |
621 | | curve448_key* key) |
622 | 0 | { |
623 | 0 | return wc_curve448_import_private_ex(priv, privSz, key, EC448_BIG_ENDIAN); |
624 | 0 | } |
625 | | |
626 | | /* Import curve448 private key from a byte array. |
627 | | * |
628 | | * piv [in] Array holding private key. |
629 | | * privSz [in] Number of bytes of data in private key array. |
630 | | * key [in] Curve448 private/public key. |
631 | | * endian [in] Endianness of encoded number in byte array. |
632 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
633 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE, |
634 | | * 0 otherwise. |
635 | | */ |
636 | | int wc_curve448_import_private_ex(const byte* priv, word32 privSz, |
637 | | curve448_key* key, int endian) |
638 | 21 | { |
639 | 21 | int ret = 0; |
640 | | |
641 | | /* sanity check */ |
642 | 21 | if ((key == NULL) || (priv == NULL)) { |
643 | 0 | ret = BAD_FUNC_ARG; |
644 | 0 | } |
645 | | |
646 | | /* check size of incoming keys */ |
647 | 21 | if ((ret == 0) && ((int)privSz != CURVE448_KEY_SIZE)) { |
648 | 20 | ret = ECC_BAD_ARG_E; |
649 | 20 | } |
650 | | |
651 | 21 | if (ret == 0) { |
652 | 1 | if (endian == EC448_BIG_ENDIAN) { |
653 | 1 | int i; |
654 | | /* read the key in Big Endian format */ |
655 | 57 | for (i = 0; i < CURVE448_KEY_SIZE; i++) { |
656 | 56 | key->k[i] = priv[CURVE448_KEY_SIZE - i - 1]; |
657 | 56 | } |
658 | 1 | } |
659 | 0 | else { |
660 | 0 | XMEMCPY(key->k, priv, CURVE448_KEY_SIZE); |
661 | 0 | } |
662 | | |
663 | | /* Clamp the key */ |
664 | 1 | key->k[0] &= 0xfc; |
665 | 1 | key->k[CURVE448_KEY_SIZE-1] |= 0x80; |
666 | | |
667 | 1 | key->privSet = 1; |
668 | 1 | } |
669 | | |
670 | 21 | return ret; |
671 | 21 | } |
672 | | |
673 | | #endif /* HAVE_CURVE448_KEY_IMPORT */ |
674 | | |
675 | | |
676 | | /* Initialize the curve448 key. |
677 | | * |
678 | | * key [in] Curve448 key object. |
679 | | * returns BAD_FUNC_ARG when key is NULL, |
680 | | * 0 otherwise. |
681 | | */ |
682 | | int wc_curve448_init(curve448_key* key) |
683 | 1.53k | { |
684 | 1.53k | int ret = 0; |
685 | | |
686 | 1.53k | if (key == NULL) { |
687 | 0 | ret = BAD_FUNC_ARG; |
688 | 0 | } |
689 | | |
690 | 1.53k | if (ret == 0) { |
691 | 1.53k | XMEMSET(key, 0, sizeof(*key)); |
692 | | |
693 | 1.53k | fe448_init(); |
694 | | |
695 | | #ifdef WOLFSSL_CHECK_MEM_ZERO |
696 | | wc_MemZero_Add("wc_curve448_init key->k", &key->k, CURVE448_KEY_SIZE); |
697 | | #endif |
698 | 1.53k | } |
699 | | |
700 | 1.53k | return ret; |
701 | 1.53k | } |
702 | | |
703 | | |
704 | | /* Clears the curve448 key data. |
705 | | * |
706 | | * key [in] Curve448 key object. |
707 | | */ |
708 | | void wc_curve448_free(curve448_key* key) |
709 | 1.59k | { |
710 | 1.59k | if (key != NULL) { |
711 | 1.53k | ForceZero(key->k, sizeof(key->k)); |
712 | 1.53k | XMEMSET(key->p, 0, sizeof(key->p)); |
713 | 1.53k | key->pubSet = 0; |
714 | 1.53k | key->privSet = 0; |
715 | | #ifdef WOLFSSL_CHECK_MEM_ZERO |
716 | | wc_MemZero_Check(key, sizeof(curve448_key)); |
717 | | #endif |
718 | 1.53k | } |
719 | 1.59k | } |
720 | | |
721 | | |
722 | | /* Get the curve448 key's size. |
723 | | * |
724 | | * key [in] Curve448 key object. |
725 | | * returns 0 if key is NULL, |
726 | | * CURVE448_KEY_SIZE otherwise. |
727 | | */ |
728 | | int wc_curve448_size(curve448_key* key) |
729 | 0 | { |
730 | 0 | int ret = 0; |
731 | |
|
732 | 0 | if (key != NULL) { |
733 | 0 | ret = CURVE448_KEY_SIZE; |
734 | 0 | } |
735 | |
|
736 | 0 | return ret; |
737 | 0 | } |
738 | | |
739 | | #endif /* HAVE_CURVE448 */ |
740 | | |