#[repr(C)]pub struct mbedtls_ecp_group {Show 15 fields
pub id: u32,
pub P: mbedtls_mpi,
pub A: mbedtls_mpi,
pub B: mbedtls_mpi,
pub G: mbedtls_ecp_point,
pub N: mbedtls_mpi,
pub pbits: usize,
pub nbits: usize,
pub private_h: u32,
pub private_modp: Option<unsafe extern "C" fn(_: *mut mbedtls_mpi) -> i32>,
pub private_t_pre: Option<unsafe extern "C" fn(_: *mut mbedtls_ecp_point, _: *mut c_void) -> i32>,
pub private_t_post: Option<unsafe extern "C" fn(_: *mut mbedtls_ecp_point, _: *mut c_void) -> i32>,
pub private_t_data: *mut c_void,
pub private_T: *mut mbedtls_ecp_point,
pub private_T_size: usize,
}
Expand description
\brief The ECP group structure.
We consider two types of curve equations:
- Short Weierstrass:
y^2 = x^3 + A x + B mod P
(SEC1 + RFC-4492) - Montgomery:
y^2 = x^3 + A x^2 + x mod P
(Curve25519, Curve448)
For Short Weierstrass, this subgroup is the whole curve, and its cardinality is denoted by \p N. Our code requires that \p N is an odd prime as mbedtls_ecp_mul() requires an odd number, and mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
The default implementation only initializes \p A without setting it to the
authentic value for curves with A = -3
(SECP256R1, etc), in which
case you need to load \p A by yourself when using domain parameters directly,
for example:
\code
mbedtls_mpi_init(&A);
mbedtls_ecp_group_init(&grp);
CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
} else {
CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
}
do_something_with_a(&A);
cleanup: mbedtls_mpi_free(&A); mbedtls_ecp_group_free(&grp); \endcode
For Montgomery curves, we do not store \p A, but (A + 2) / 4
,
which is the quantity used in the formulas. Additionally, \p nbits is
not the size of \p N but the required size for private keys.
If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
range of 0..2^(2*pbits)-1
, and transforms it in-place to an integer
which is congruent mod \p P to the given MPI, and is close enough to \p pbits
in size, so that it may be efficiently brought in the 0..P-1 range by a few
additions or subtractions. Therefore, it is only an approximative modular
reduction. It must return 0 on success and non-zero on failure.
\note Alternative implementations of the ECP module must obey the following constraints. * Group IDs must be distinct: if two group structures have the same ID, then they must be identical. * The fields \c id, \c P, \c A, \c B, \c G, \c N, \c pbits and \c nbits must have the same type and semantics as in the built-in implementation. They must be available for reading, but direct modification of these fields does not need to be supported. They do not need to be at the same offset in the structure.
Fields§
§id: u32
< An internal group identifier.
P: mbedtls_mpi
< The prime modulus of the base field.
A: mbedtls_mpi
< For Short Weierstrass: \p A in the equation. Note that
\p A is not set to the authentic value in some cases.
Refer to detailed description of ::mbedtls_ecp_group if
using domain parameters in the structure.
For Montgomery curves: (A + 2) / 4
.
B: mbedtls_mpi
< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused.
G: mbedtls_ecp_point
< The generator of the subgroup used.
N: mbedtls_mpi
< The order of \p G.
pbits: usize
< The number of bits in \p P.
nbits: usize
< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys.
private_h: u32
§private_modp: Option<unsafe extern "C" fn(_: *mut mbedtls_mpi) -> i32>
§private_t_pre: Option<unsafe extern "C" fn(_: *mut mbedtls_ecp_point, _: *mut c_void) -> i32>
§private_t_post: Option<unsafe extern "C" fn(_: *mut mbedtls_ecp_point, _: *mut c_void) -> i32>
§private_t_data: *mut c_void
§private_T: *mut mbedtls_ecp_point
§private_T_size: usize
Trait Implementations§
Source§impl Clone for mbedtls_ecp_group
impl Clone for mbedtls_ecp_group
Source§fn clone(&self) -> mbedtls_ecp_group
fn clone(&self) -> mbedtls_ecp_group
1.0.0§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl Debug for mbedtls_ecp_group
impl Debug for mbedtls_ecp_group
Source§impl Default for mbedtls_ecp_group
impl Default for mbedtls_ecp_group
Source§fn default() -> mbedtls_ecp_group
fn default() -> mbedtls_ecp_group
impl Copy for mbedtls_ecp_group
Auto Trait Implementations§
impl Freeze for mbedtls_ecp_group
impl RefUnwindSafe for mbedtls_ecp_group
impl !Send for mbedtls_ecp_group
impl !Sync for mbedtls_ecp_group
impl Unpin for mbedtls_ecp_group
impl UnwindSafe for mbedtls_ecp_group
Blanket Implementations§
§impl<T> Any for Twhere
T: 'static + ?Sized,
impl<T> Any for Twhere
T: 'static + ?Sized,
§impl<T> Borrow<T> for Twhere
T: ?Sized,
impl<T> Borrow<T> for Twhere
T: ?Sized,
§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
§unsafe fn clone_to_uninit(&self, dst: *mut u8)
unsafe fn clone_to_uninit(&self, dst: *mut u8)
clone_to_uninit
)