/src/wolfssl-normal-math/wolfcrypt/src/curve448.c
Line | Count | Source |
1 | | /* curve448.c |
2 | | * |
3 | | * Copyright (C) 2006-2026 wolfSSL Inc. |
4 | | * |
5 | | * This file is part of wolfSSL. |
6 | | * |
7 | | * wolfSSL is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * wolfSSL is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
20 | | */ |
21 | | |
22 | | /* Implemented to: RFC 7748 */ |
23 | | |
24 | | /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. |
25 | | * Reworked for curve448 by Sean Parkinson. |
26 | | */ |
27 | | |
28 | | /* |
29 | | * Curve448 Build Options: |
30 | | * |
31 | | * HAVE_CURVE448: Enable Curve448 support default: off |
32 | | * HAVE_CURVE448_SHARED_SECRET: Enable Curve448 shared secret default: on |
33 | | * (when HAVE_CURVE448 is enabled) |
34 | | * HAVE_CURVE448_KEY_EXPORT: Enable Curve448 key export default: on |
35 | | * HAVE_CURVE448_KEY_IMPORT: Enable Curve448 key import default: on |
36 | | * WOLFSSL_ECDHX_SHARED_NOT_ZERO: Check ECDH shared secret != 0 default: off |
37 | | */ |
38 | | |
39 | | #include <wolfssl/wolfcrypt/libwolfssl_sources.h> |
40 | | |
41 | | #ifdef HAVE_CURVE448 |
42 | | |
43 | | #include <wolfssl/wolfcrypt/curve448.h> |
44 | | #ifdef NO_INLINE |
45 | | #include <wolfssl/wolfcrypt/misc.h> |
46 | | #else |
47 | | #define WOLFSSL_MISC_INCLUDED |
48 | | #include <wolfcrypt/src/misc.c> |
49 | | #endif |
50 | | |
51 | | int wc_curve448_make_pub(int public_size, byte* pub, int private_size, |
52 | | const byte* priv) |
53 | 224 | { |
54 | 224 | int ret; |
55 | 224 | unsigned char basepoint[CURVE448_KEY_SIZE] = {5}; |
56 | | |
57 | 224 | if ((pub == NULL) || (priv == NULL)) { |
58 | 0 | return ECC_BAD_ARG_E; |
59 | 0 | } |
60 | 224 | if ((public_size != CURVE448_PUB_KEY_SIZE) || |
61 | 224 | (private_size != CURVE448_KEY_SIZE)) { |
62 | 0 | return ECC_BAD_ARG_E; |
63 | 0 | } |
64 | | |
65 | 224 | fe448_init(); |
66 | | |
67 | | /* compute public key */ |
68 | 224 | ret = curve448(pub, priv, basepoint); |
69 | | |
70 | 224 | return ret; |
71 | 224 | } |
72 | | |
73 | | |
74 | | /* Make a new curve448 private/public key. |
75 | | * |
76 | | * rng [in] Random number generator. |
77 | | * keysize [in] Size of the key to generate. |
78 | | * key [in] Curve448 key object. |
79 | | * returns BAD_FUNC_ARG when rng or key are NULL, |
80 | | * ECC_BAD_ARG_E when keysize is not CURVE448_KEY_SIZE, |
81 | | * 0 otherwise. |
82 | | */ |
83 | | int wc_curve448_make_key(WC_RNG* rng, int keysize, curve448_key* key) |
84 | 245 | { |
85 | 245 | int ret = 0; |
86 | | |
87 | 245 | if ((key == NULL) || (rng == NULL)) { |
88 | 0 | ret = BAD_FUNC_ARG; |
89 | 0 | } |
90 | | |
91 | | /* currently only a key size of 56 bytes is used */ |
92 | 245 | if ((ret == 0) && (keysize != CURVE448_KEY_SIZE)) { |
93 | 0 | ret = ECC_BAD_ARG_E; |
94 | 0 | } |
95 | | |
96 | 245 | if (ret == 0) { |
97 | | /* random number for private key */ |
98 | 245 | ret = wc_RNG_GenerateBlock(rng, key->k, (word32)keysize); |
99 | 245 | } |
100 | 245 | if (ret == 0) { |
101 | 224 | key->privSet = 1; |
102 | | |
103 | | /* clamp private */ |
104 | 224 | key->k[0] &= 0xfc; |
105 | 224 | key->k[CURVE448_KEY_SIZE-1] |= 0x80; |
106 | | |
107 | | /* compute public */ |
108 | 224 | ret = wc_curve448_make_pub((int)sizeof(key->p), key->p, |
109 | 224 | (int)sizeof(key->k), key->k); |
110 | 224 | if (ret == 0) { |
111 | 224 | key->pubSet = 1; |
112 | 224 | } |
113 | 0 | else { |
114 | 0 | ForceZero(key->k, sizeof(key->k)); |
115 | 0 | XMEMSET(key->p, 0, sizeof(key->p)); |
116 | 0 | } |
117 | 224 | } |
118 | | |
119 | 245 | return ret; |
120 | 245 | } |
121 | | |
122 | | #ifdef HAVE_CURVE448_SHARED_SECRET |
123 | | |
124 | | /* Calculate the shared secret from the private key and peer's public key. |
125 | | * Calculation over curve448. |
126 | | * Secret encoded big-endian. |
127 | | * |
128 | | * private_key [in] Curve448 private key. |
129 | | * public_key [in] Curve448 public key. |
130 | | * out [in] Array to hold shared secret. |
131 | | * outLen [in/out] On in, the number of bytes in array. |
132 | | * On out, the number bytes put into array. |
133 | | * returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than |
134 | | * CURVE448_KEY_SIZE, |
135 | | * 0 otherwise. |
136 | | */ |
137 | | int wc_curve448_shared_secret(curve448_key* private_key, |
138 | | curve448_key* public_key, |
139 | | byte* out, word32* outLen) |
140 | 0 | { |
141 | 0 | return wc_curve448_shared_secret_ex(private_key, public_key, out, outLen, |
142 | 0 | EC448_BIG_ENDIAN); |
143 | 0 | } |
144 | | |
145 | | /* Calculate the shared secret from the private key and peer's public key. |
146 | | * Calculation over curve448. |
147 | | * |
148 | | * private_key [in] Curve448 private key. |
149 | | * public_key [in] Curve448 public key. |
150 | | * out [in] Array to hold shared secret. |
151 | | * outLen [in/out] On in, the number of bytes in array. |
152 | | * On out, the number bytes put into array. |
153 | | * endian [in] Endianness to use when encoding number in array. |
154 | | * returns BAD_FUNC_ARG when a parameter is NULL or outLen is less than |
155 | | * CURVE448_PUB_KEY_SIZE, |
156 | | * 0 otherwise. |
157 | | */ |
158 | | int wc_curve448_shared_secret_ex(curve448_key* private_key, |
159 | | curve448_key* public_key, |
160 | | byte* out, word32* outLen, int endian) |
161 | 42 | { |
162 | 42 | unsigned char o[CURVE448_PUB_KEY_SIZE]; |
163 | 42 | int ret = 0; |
164 | 42 | int i; |
165 | | |
166 | | /* sanity check */ |
167 | 42 | if ((private_key == NULL) || (public_key == NULL) || (out == NULL) || |
168 | 42 | (outLen == NULL) || (*outLen < CURVE448_PUB_KEY_SIZE)) { |
169 | 0 | ret = BAD_FUNC_ARG; |
170 | 0 | } |
171 | | /* make sure we have a populated private and public key */ |
172 | 42 | if (ret == 0 && (!private_key->privSet || !public_key->pubSet)) { |
173 | 0 | ret = ECC_BAD_ARG_E; |
174 | 0 | } |
175 | | |
176 | 42 | if (ret == 0) { |
177 | 42 | ret = curve448(o, private_key->k, public_key->p); |
178 | 42 | } |
179 | | #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO |
180 | | if (ret == 0) { |
181 | | byte t = 0; |
182 | | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
183 | | t |= o[i]; |
184 | | } |
185 | | if (t == 0) { |
186 | | ret = ECC_OUT_OF_RANGE_E; |
187 | | } |
188 | | } |
189 | | #endif |
190 | 42 | if (ret == 0) { |
191 | 42 | if (endian == EC448_BIG_ENDIAN) { |
192 | | /* put shared secret key in Big Endian format */ |
193 | 0 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
194 | 0 | out[i] = o[CURVE448_PUB_KEY_SIZE - i -1]; |
195 | 0 | } |
196 | 0 | } |
197 | 42 | else { |
198 | | /* put shared secret key in Little Endian format */ |
199 | 42 | XMEMCPY(out, o, CURVE448_PUB_KEY_SIZE); |
200 | 42 | } |
201 | | |
202 | 42 | *outLen = CURVE448_PUB_KEY_SIZE; |
203 | 42 | } |
204 | | |
205 | 42 | ForceZero(o, CURVE448_PUB_KEY_SIZE); |
206 | | |
207 | 42 | return ret; |
208 | 42 | } |
209 | | |
210 | | #endif /* HAVE_CURVE448_SHARED_SECRET */ |
211 | | |
212 | | #ifdef HAVE_CURVE448_KEY_EXPORT |
213 | | |
214 | | /* Export the curve448 public key. |
215 | | * Public key encoded big-endian. |
216 | | * |
217 | | * key [in] Curve448 public key. |
218 | | * out [in] Array to hold public key. |
219 | | * outLen [in/out] On in, the number of bytes in array. |
220 | | * On out, the number bytes put into array. |
221 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
222 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE, |
223 | | * 0 otherwise. |
224 | | */ |
225 | | int wc_curve448_export_public(curve448_key* key, byte* out, word32* outLen) |
226 | 1 | { |
227 | 1 | return wc_curve448_export_public_ex(key, out, outLen, EC448_BIG_ENDIAN); |
228 | 1 | } |
229 | | |
230 | | /* Export the curve448 public key. |
231 | | * |
232 | | * key [in] Curve448 public key. |
233 | | * out [in] Array to hold public key. |
234 | | * outLen [in/out] On in, the number of bytes in array. |
235 | | * On out, the number bytes put into array. |
236 | | * endian [in] Endianness to use when encoding number in array. |
237 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
238 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_PUB_KEY_SIZE, |
239 | | * 0 otherwise. |
240 | | */ |
241 | | int wc_curve448_export_public_ex(curve448_key* key, byte* out, word32* outLen, |
242 | | int endian) |
243 | 184 | { |
244 | 184 | int ret = 0; |
245 | | |
246 | 184 | if ((key == NULL) || (out == NULL) || (outLen == NULL)) { |
247 | 6 | ret = BAD_FUNC_ARG; |
248 | 6 | } |
249 | | |
250 | | /* check and set outgoing key size */ |
251 | 184 | if ((ret == 0) && (*outLen < CURVE448_PUB_KEY_SIZE)) { |
252 | 7 | *outLen = CURVE448_PUB_KEY_SIZE; |
253 | 7 | ret = ECC_BAD_ARG_E; |
254 | 7 | } |
255 | 184 | if (ret == 0) { |
256 | | /* calculate public if missing */ |
257 | 171 | if (!key->pubSet) { |
258 | 0 | ret = wc_curve448_make_pub((int)sizeof(key->p), key->p, |
259 | 0 | (int)sizeof(key->k), key->k); |
260 | 0 | key->pubSet = (ret == 0); |
261 | 0 | } |
262 | 171 | } |
263 | 184 | if (ret == 0) { |
264 | 171 | *outLen = CURVE448_PUB_KEY_SIZE; |
265 | 171 | if (endian == EC448_BIG_ENDIAN) { |
266 | 1 | int i; |
267 | | /* read keys in Big Endian format */ |
268 | 57 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
269 | 56 | out[i] = key->p[CURVE448_PUB_KEY_SIZE - i - 1]; |
270 | 56 | } |
271 | 1 | } |
272 | 170 | else { |
273 | 170 | XMEMCPY(out, key->p, CURVE448_PUB_KEY_SIZE); |
274 | 170 | } |
275 | 171 | } |
276 | | |
277 | 184 | return ret; |
278 | 184 | } |
279 | | |
280 | | #endif /* HAVE_CURVE448_KEY_EXPORT */ |
281 | | |
282 | | #ifdef HAVE_CURVE448_KEY_IMPORT |
283 | | |
284 | | /* Import a curve448 public key from a byte array. |
285 | | * Public key encoded in big-endian. |
286 | | * |
287 | | * in [in] Array holding public key. |
288 | | * inLen [in] Number of bytes of data in array. |
289 | | * key [in] Curve448 public key. |
290 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
291 | | * ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE, |
292 | | * 0 otherwise. |
293 | | */ |
294 | | int wc_curve448_import_public(const byte* in, word32 inLen, curve448_key* key) |
295 | 26 | { |
296 | 26 | return wc_curve448_import_public_ex(in, inLen, key, EC448_BIG_ENDIAN); |
297 | 26 | } |
298 | | |
299 | | /* Import a curve448 public key from a byte array. |
300 | | * |
301 | | * in [in] Array holding public key. |
302 | | * inLen [in] Number of bytes of data in array. |
303 | | * key [in] Curve448 public key. |
304 | | * endian [in] Endianness of encoded number in byte array. |
305 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
306 | | * ECC_BAD_ARG_E when inLen is less than CURVE448_PUB_KEY_SIZE, |
307 | | * 0 otherwise. |
308 | | */ |
309 | | int wc_curve448_import_public_ex(const byte* in, word32 inLen, |
310 | | curve448_key* key, int endian) |
311 | 88 | { |
312 | 88 | int ret = 0; |
313 | | |
314 | | /* sanity check */ |
315 | 88 | if ((key == NULL) || (in == NULL)) { |
316 | 1 | ret = BAD_FUNC_ARG; |
317 | 1 | } |
318 | | |
319 | | /* check size of incoming keys */ |
320 | 88 | if ((ret == 0) && (inLen != CURVE448_PUB_KEY_SIZE)) { |
321 | 25 | ret = ECC_BAD_ARG_E; |
322 | 25 | } |
323 | | |
324 | 88 | if (ret == 0) { |
325 | 62 | if (endian == EC448_BIG_ENDIAN) { |
326 | 1 | int i; |
327 | | /* read keys in Big Endian format */ |
328 | 57 | for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { |
329 | 56 | key->p[i] = in[CURVE448_PUB_KEY_SIZE - i - 1]; |
330 | 56 | } |
331 | 1 | } |
332 | 61 | else |
333 | 61 | XMEMCPY(key->p, in, inLen); |
334 | 62 | key->pubSet = 1; |
335 | 62 | } |
336 | | |
337 | 88 | return ret; |
338 | 88 | } |
339 | | |
340 | | /* Check the public key value (big or little endian) |
341 | | * |
342 | | * pub [in] Public key bytes. |
343 | | * pubSz [in] Size of public key in bytes. |
344 | | * endian [in] Public key bytes passed in as big-endian or little-endian. |
345 | | * returns BAD_FUNC_ARGS when pub is NULL, |
346 | | * ECC_BAD_ARG_E when key length is not 56 bytes, public key value is |
347 | | * zero or one; |
348 | | * BUFFER_E when size of public key is zero; |
349 | | * 0 otherwise. |
350 | | */ |
351 | | int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian) |
352 | 433 | { |
353 | 433 | int ret = 0; |
354 | | |
355 | 433 | if (pub == NULL) { |
356 | 0 | ret = BAD_FUNC_ARG; |
357 | 0 | } |
358 | | |
359 | | /* Check for empty key data */ |
360 | 433 | if ((ret == 0) && (pubSz == 0)) { |
361 | 4 | ret = BUFFER_E; |
362 | 4 | } |
363 | | |
364 | | /* Check key length */ |
365 | 433 | if ((ret == 0) && (pubSz != CURVE448_PUB_KEY_SIZE)) { |
366 | 60 | ret = ECC_BAD_ARG_E; |
367 | 60 | } |
368 | | |
369 | 433 | if (ret == 0) { |
370 | 369 | word32 i; |
371 | | |
372 | 369 | if (endian == EC448_LITTLE_ENDIAN) { |
373 | | /* Check for value of zero or one */ |
374 | 1.30k | for (i = CURVE448_PUB_KEY_SIZE - 1; i > 0; i--) { |
375 | 1.28k | if (pub[i] != 0) { |
376 | 157 | break; |
377 | 157 | } |
378 | 1.28k | } |
379 | 174 | if ((i == 0) && (pub[0] == 0 || pub[0] == 1)) { |
380 | 6 | return ECC_BAD_ARG_E; |
381 | 6 | } |
382 | | /* Check for order-1 or higher */ |
383 | 2.00k | for (i = CURVE448_PUB_KEY_SIZE - 1; i > 28; i--) { |
384 | 1.94k | if (pub[i] != 0xff) { |
385 | 108 | break; |
386 | 108 | } |
387 | 1.94k | } |
388 | 168 | if ((i == 28) && (pub[i] == 0xff)) { |
389 | 4 | return ECC_BAD_ARG_E; |
390 | 4 | } |
391 | 164 | if ((i == 28) && (pub[i] == 0xfe)) { |
392 | 441 | for (--i; i > 0; i--) { |
393 | 430 | if (pub[i] != 0xff) { |
394 | 22 | break; |
395 | 22 | } |
396 | 430 | } |
397 | 33 | if ((i == 0) && (pub[i] >= 0xfe)) { |
398 | 2 | return ECC_BAD_ARG_E; |
399 | 2 | } |
400 | 33 | } |
401 | 164 | } |
402 | 195 | else { |
403 | | /* Check for value of zero or one */ |
404 | 625 | for (i = 0; i < CURVE448_PUB_KEY_SIZE-1; i++) { |
405 | 622 | if (pub[i] != 0) { |
406 | 192 | break; |
407 | 192 | } |
408 | 622 | } |
409 | 195 | if ((i == CURVE448_PUB_KEY_SIZE - 1) && |
410 | 3 | (pub[i] == 0 || pub[i] == 1)) { |
411 | 2 | ret = ECC_BAD_ARG_E; |
412 | 2 | } |
413 | | /* Check for order-1 or higher */ |
414 | 1.46k | for (i = 0; i < 27; i++) { |
415 | 1.42k | if (pub[i] != 0xff) { |
416 | 156 | break; |
417 | 156 | } |
418 | 1.42k | } |
419 | 195 | if ((i == 27) && (pub[i] == 0xff)) { |
420 | 1 | return ECC_BAD_ARG_E; |
421 | 1 | } |
422 | 194 | if ((i == 27) && (pub[i] == 0xfe)) { |
423 | 361 | for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i++) { |
424 | 352 | if (pub[i] != 0xff) { |
425 | 16 | break; |
426 | 16 | } |
427 | 352 | } |
428 | 25 | if ((i == CURVE448_PUB_KEY_SIZE - 1) && (pub[i] >= 0xfe)) { |
429 | 1 | return ECC_BAD_ARG_E; |
430 | 1 | } |
431 | 25 | } |
432 | 194 | } |
433 | 369 | } |
434 | | |
435 | 419 | return ret; |
436 | 433 | } |
437 | | |
438 | | #endif /* HAVE_CURVE448_KEY_IMPORT */ |
439 | | |
440 | | |
441 | | #ifdef HAVE_CURVE448_KEY_EXPORT |
442 | | |
443 | | /* Export the curve448 private key raw form. |
444 | | * Private key encoded big-endian. |
445 | | * |
446 | | * key [in] Curve448 private key. |
447 | | * out [in] Array to hold private key. |
448 | | * outLen [in/out] On in, the number of bytes in array. |
449 | | * On out, the number bytes put into array. |
450 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
451 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE, |
452 | | * 0 otherwise. |
453 | | */ |
454 | | int wc_curve448_export_private_raw(curve448_key* key, byte* out, word32* outLen) |
455 | 0 | { |
456 | 0 | return wc_curve448_export_private_raw_ex(key, out, outLen, |
457 | 0 | EC448_BIG_ENDIAN); |
458 | 0 | } |
459 | | |
460 | | /* Export the curve448 private key raw form. |
461 | | * |
462 | | * key [in] Curve448 private key. |
463 | | * out [in] Array to hold private key. |
464 | | * outLen [in/out] On in, the number of bytes in array. |
465 | | * On out, the number bytes put into array. |
466 | | * endian [in] Endianness to use when encoding number in array. |
467 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
468 | | * ECC_BAD_ARG_E when outLen is less than CURVE448_KEY_SIZE, |
469 | | * 0 otherwise. |
470 | | */ |
471 | | int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, |
472 | | word32* outLen, int endian) |
473 | 90 | { |
474 | 90 | int ret = 0; |
475 | | |
476 | | /* sanity check */ |
477 | 90 | if ((key == NULL) || (out == NULL) || (outLen == NULL)) { |
478 | 28 | ret = BAD_FUNC_ARG; |
479 | 28 | } |
480 | | |
481 | 90 | if ((ret == 0) && (!key->privSet)) { |
482 | 0 | ret = ECC_BAD_ARG_E; |
483 | 0 | } |
484 | | |
485 | | /* check size of outgoing buffer */ |
486 | 90 | if ((ret == 0) && (*outLen < CURVE448_KEY_SIZE)) { |
487 | 1 | *outLen = CURVE448_KEY_SIZE; |
488 | 1 | ret = ECC_BAD_ARG_E; |
489 | 1 | } |
490 | 90 | if (ret == 0) { |
491 | 61 | *outLen = CURVE448_KEY_SIZE; |
492 | | |
493 | 61 | if (endian == EC448_BIG_ENDIAN) { |
494 | 0 | int i; |
495 | | /* put the key in Big Endian format */ |
496 | 0 | for (i = 0; i < CURVE448_KEY_SIZE; i++) { |
497 | 0 | out[i] = key->k[CURVE448_KEY_SIZE - i - 1]; |
498 | 0 | } |
499 | 0 | } |
500 | 61 | else { |
501 | 61 | XMEMCPY(out, key->k, CURVE448_KEY_SIZE); |
502 | 61 | } |
503 | 61 | } |
504 | | |
505 | 90 | return ret; |
506 | 90 | } |
507 | | |
508 | | /* Export the curve448 private and public keys in raw form. |
509 | | * Private and public key encoded big-endian. |
510 | | * |
511 | | * key [in] Curve448 private key. |
512 | | * priv [in] Array to hold private key. |
513 | | * privSz [in/out] On in, the number of bytes in private key array. |
514 | | * On out, the number bytes put into private key array. |
515 | | * pub [in] Array to hold public key. |
516 | | * pubSz [in/out] On in, the number of bytes in public key array. |
517 | | * On out, the number bytes put into public key array. |
518 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
519 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
520 | | * less than CURVE448_PUB_KEY_SIZE, |
521 | | * 0 otherwise. |
522 | | */ |
523 | | int wc_curve448_export_key_raw(curve448_key* key, byte* priv, word32 *privSz, |
524 | | byte* pub, word32 *pubSz) |
525 | 0 | { |
526 | 0 | return wc_curve448_export_key_raw_ex(key, priv, privSz, pub, pubSz, |
527 | 0 | EC448_BIG_ENDIAN); |
528 | 0 | } |
529 | | |
530 | | /* Export the curve448 private and public keys in raw form. |
531 | | * |
532 | | * key [in] Curve448 private key. |
533 | | * priv [in] Array to hold private key. |
534 | | * privSz [in/out] On in, the number of bytes in private key array. |
535 | | * On out, the number bytes put into private key array. |
536 | | * pub [in] Array to hold public key. |
537 | | * pubSz [in/out] On in, the number of bytes in public key array. |
538 | | * On out, the number bytes put into public key array. |
539 | | * endian [in] Endianness to use when encoding number in array. |
540 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
541 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
542 | | * less than CURVE448_PUB_KEY_SIZE, |
543 | | * 0 otherwise. |
544 | | */ |
545 | | int wc_curve448_export_key_raw_ex(curve448_key* key, byte* priv, word32 *privSz, |
546 | | byte* pub, word32 *pubSz, int endian) |
547 | 0 | { |
548 | 0 | int ret; |
549 | | |
550 | | /* export private part */ |
551 | 0 | ret = wc_curve448_export_private_raw_ex(key, priv, privSz, endian); |
552 | 0 | if (ret == 0) { |
553 | | /* export public part */ |
554 | 0 | ret = wc_curve448_export_public_ex(key, pub, pubSz, endian); |
555 | 0 | } |
556 | |
|
557 | 0 | return ret; |
558 | 0 | } |
559 | | |
560 | | #endif /* HAVE_CURVE448_KEY_EXPORT */ |
561 | | |
562 | | #ifdef HAVE_CURVE448_KEY_IMPORT |
563 | | |
564 | | /* Import curve448 private and public keys from a byte arrays. |
565 | | * Private and public keys encoded in big-endian. |
566 | | * |
567 | | * piv [in] Array holding private key. |
568 | | * privSz [in] Number of bytes of data in private key array. |
569 | | * pub [in] Array holding public key. |
570 | | * pubSz [in] Number of bytes of data in public key array. |
571 | | * key [in] Curve448 private/public key. |
572 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
573 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
574 | | * less than CURVE448_PUB_KEY_SIZE, |
575 | | * 0 otherwise. |
576 | | */ |
577 | | int wc_curve448_import_private_raw(const byte* priv, word32 privSz, |
578 | | const byte* pub, word32 pubSz, |
579 | | curve448_key* key) |
580 | 24 | { |
581 | 24 | return wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, key, |
582 | 24 | EC448_BIG_ENDIAN); |
583 | 24 | } |
584 | | |
585 | | /* Import curve448 private and public keys from a byte arrays. |
586 | | * |
587 | | * piv [in] Array holding private key. |
588 | | * privSz [in] Number of bytes of data in private key array. |
589 | | * pub [in] Array holding public key. |
590 | | * pubSz [in] Number of bytes of data in public key array. |
591 | | * key [in] Curve448 private/public key. |
592 | | * endian [in] Endianness of encoded numbers in byte arrays. |
593 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
594 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE or pubSz is |
595 | | * less than CURVE448_PUB_KEY_SIZE, |
596 | | * 0 otherwise. |
597 | | */ |
598 | | int wc_curve448_import_private_raw_ex(const byte* priv, word32 privSz, |
599 | | const byte* pub, word32 pubSz, |
600 | | curve448_key* key, int endian) |
601 | 24 | { |
602 | 24 | int ret; |
603 | | |
604 | | /* import private part */ |
605 | 24 | ret = wc_curve448_import_private_ex(priv, privSz, key, endian); |
606 | 24 | if (ret == 0) { |
607 | | /* import public part */ |
608 | 1 | return wc_curve448_import_public_ex(pub, pubSz, key, endian); |
609 | 1 | } |
610 | | |
611 | 23 | return ret; |
612 | 24 | } |
613 | | |
614 | | /* Import curve448 private key from a byte array. |
615 | | * Private key encoded in big-endian. |
616 | | * |
617 | | * piv [in] Array holding private key. |
618 | | * privSz [in] Number of bytes of data in private key array. |
619 | | * key [in] Curve448 private/public key. |
620 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
621 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE, |
622 | | * 0 otherwise. |
623 | | */ |
624 | | int wc_curve448_import_private(const byte* priv, word32 privSz, |
625 | | curve448_key* key) |
626 | 0 | { |
627 | 0 | return wc_curve448_import_private_ex(priv, privSz, key, EC448_BIG_ENDIAN); |
628 | 0 | } |
629 | | |
630 | | /* Import curve448 private key from a byte array. |
631 | | * |
632 | | * piv [in] Array holding private key. |
633 | | * privSz [in] Number of bytes of data in private key array. |
634 | | * key [in] Curve448 private/public key. |
635 | | * endian [in] Endianness of encoded number in byte array. |
636 | | * returns BAD_FUNC_ARG when a parameter is NULL, |
637 | | * ECC_BAD_ARG_E when privSz is less than CURVE448_KEY_SIZE, |
638 | | * 0 otherwise. |
639 | | */ |
640 | | int wc_curve448_import_private_ex(const byte* priv, word32 privSz, |
641 | | curve448_key* key, int endian) |
642 | 24 | { |
643 | 24 | int ret = 0; |
644 | | |
645 | | /* sanity check */ |
646 | 24 | if ((key == NULL) || (priv == NULL)) { |
647 | 0 | ret = BAD_FUNC_ARG; |
648 | 0 | } |
649 | | |
650 | | /* check size of incoming keys */ |
651 | 24 | if ((ret == 0) && ((int)privSz != CURVE448_KEY_SIZE)) { |
652 | 23 | ret = ECC_BAD_ARG_E; |
653 | 23 | } |
654 | | |
655 | 24 | if (ret == 0) { |
656 | 1 | if (endian == EC448_BIG_ENDIAN) { |
657 | 1 | int i; |
658 | | /* read the key in Big Endian format */ |
659 | 57 | for (i = 0; i < CURVE448_KEY_SIZE; i++) { |
660 | 56 | key->k[i] = priv[CURVE448_KEY_SIZE - i - 1]; |
661 | 56 | } |
662 | 1 | } |
663 | 0 | else { |
664 | 0 | XMEMCPY(key->k, priv, CURVE448_KEY_SIZE); |
665 | 0 | } |
666 | | |
667 | | /* Clamp the key */ |
668 | 1 | key->k[0] &= 0xfc; |
669 | 1 | key->k[CURVE448_KEY_SIZE-1] |= 0x80; |
670 | | |
671 | 1 | key->privSet = 1; |
672 | 1 | } |
673 | | |
674 | 24 | return ret; |
675 | 24 | } |
676 | | |
677 | | #endif /* HAVE_CURVE448_KEY_IMPORT */ |
678 | | |
679 | | |
680 | | /* Initialize the curve448 key. |
681 | | * |
682 | | * key [in] Curve448 key object. |
683 | | * returns BAD_FUNC_ARG when key is NULL, |
684 | | * 0 otherwise. |
685 | | */ |
686 | | int wc_curve448_init(curve448_key* key) |
687 | 376 | { |
688 | 376 | int ret = 0; |
689 | | |
690 | 376 | if (key == NULL) { |
691 | 0 | ret = BAD_FUNC_ARG; |
692 | 0 | } |
693 | | |
694 | 376 | if (ret == 0) { |
695 | 376 | XMEMSET(key, 0, sizeof(*key)); |
696 | | |
697 | 376 | fe448_init(); |
698 | | |
699 | | #ifdef WOLFSSL_CHECK_MEM_ZERO |
700 | | wc_MemZero_Add("wc_curve448_init key->k", &key->k, CURVE448_KEY_SIZE); |
701 | | #endif |
702 | 376 | } |
703 | | |
704 | 376 | return ret; |
705 | 376 | } |
706 | | |
707 | | |
708 | | /* Clears the curve448 key data. |
709 | | * |
710 | | * key [in] Curve448 key object. |
711 | | */ |
712 | | void wc_curve448_free(curve448_key* key) |
713 | 387 | { |
714 | 387 | if (key != NULL) { |
715 | 376 | ForceZero(key->k, sizeof(key->k)); |
716 | 376 | XMEMSET(key->p, 0, sizeof(key->p)); |
717 | 376 | key->pubSet = 0; |
718 | 376 | key->privSet = 0; |
719 | | #ifdef WOLFSSL_CHECK_MEM_ZERO |
720 | | wc_MemZero_Check(key, sizeof(curve448_key)); |
721 | | #endif |
722 | 376 | } |
723 | 387 | } |
724 | | |
725 | | |
726 | | /* Get the curve448 key's size. |
727 | | * |
728 | | * key [in] Curve448 key object. |
729 | | * returns 0 if key is NULL, |
730 | | * CURVE448_KEY_SIZE otherwise. |
731 | | */ |
732 | | int wc_curve448_size(curve448_key* key) |
733 | 0 | { |
734 | 0 | int ret = 0; |
735 | |
|
736 | 0 | if (key != NULL) { |
737 | 0 | ret = CURVE448_KEY_SIZE; |
738 | 0 | } |
739 | |
|
740 | 0 | return ret; |
741 | 0 | } |
742 | | |
743 | | #endif /* HAVE_CURVE448 */ |
744 | | |