Struct esp_idf_sys::mbedtls_ecp_group

source ·
#[repr(C)]
pub struct mbedtls_ecp_group {
Show 15 fields pub id: mbedtls_ecp_group_id, pub P: mbedtls_mpi, pub A: mbedtls_mpi, pub B: mbedtls_mpi, pub G: mbedtls_ecp_point, pub N: mbedtls_mpi, pub pbits: usize, pub nbits: usize, pub private_h: c_uint, pub private_modp: Option<unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> c_int>, pub private_t_pre: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>, pub private_t_post: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>, pub private_t_data: *mut c_void, pub private_T: *mut mbedtls_ecp_point, pub private_T_size: usize,
}
Expand description

\brief The ECP group structure.

We consider two types of curve equations:

  • Short Weierstrass: y^2 = x^3 + A x + B mod P (SEC1 + RFC-4492)
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, Curve448)
In both cases, the generator (\p G) for a prime-order subgroup is fixed.

For Short Weierstrass, this subgroup is the whole curve, and its cardinality is denoted by \p N. Our code requires that \p N is an odd prime as mbedtls_ecp_mul() requires an odd number, and mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.

The default implementation only initializes \p A without setting it to the authentic value for curves with A = -3(SECP256R1, etc), in which case you need to load \p A by yourself when using domain parameters directly, for example: \code mbedtls_mpi_init(&A); mbedtls_ecp_group_init(&grp); CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id)); if (mbedtls_ecp_group_a_is_minus_3(&grp)) { CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3)); } else { CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A)); }

do_something_with_a(&A);

cleanup: mbedtls_mpi_free(&A); mbedtls_ecp_group_free(&grp); \endcode

For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is the quantity used in the formulas. Additionally, \p nbits is not the size of \p N but the required size for private keys.

If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is congruent mod \p P to the given MPI, and is close enough to \p pbits in size, so that it may be efficiently brought in the 0..P-1 range by a few additions or subtractions. Therefore, it is only an approximative modular reduction. It must return 0 on success and non-zero on failure.

\note Alternative implementations of the ECP module must obey the following constraints. * Group IDs must be distinct: if two group structures have the same ID, then they must be identical. * The fields \c id, \c P, \c A, \c B, \c G, \c N, \c pbits and \c nbits must have the same type and semantics as in the built-in implementation. They must be available for reading, but direct modification of these fields does not need to be supported. They do not need to be at the same offset in the structure.

Fields§

§id: mbedtls_ecp_group_id

< An internal group identifier.

§P: mbedtls_mpi

< The prime modulus of the base field.

§A: mbedtls_mpi

< For Short Weierstrass: \p A in the equation. Note that \p A is not set to the authentic value in some cases. Refer to detailed description of ::mbedtls_ecp_group if using domain parameters in the structure. For Montgomery curves: (A + 2) / 4.

§B: mbedtls_mpi

< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused.

§G: mbedtls_ecp_point

< The generator of the subgroup used.

§N: mbedtls_mpi

< The order of \p G.

§pbits: usize

< The number of bits in \p P.

§nbits: usize

< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys.

§private_h: c_uint

< \internal 1 if the constants are static.

§private_modp: Option<unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> c_int>

< The function for fast pseudo-reduction mod \p P (see above).

§private_t_pre: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>

< Unused.

§private_t_post: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>

< Unused.

§private_t_data: *mut c_void

< Unused.

§private_T: *mut mbedtls_ecp_point

< Pre-computed points for ecp_mul_comb().

§private_T_size: usize

< The number of dynamic allocated pre-computed points.

Trait Implementations§

source§

impl Clone for mbedtls_ecp_group

source§

fn clone(&self) -> mbedtls_ecp_group

Returns a copy of the value. Read more
1.0.0§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for mbedtls_ecp_group

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for mbedtls_ecp_group

source§

fn default() -> Self

Returns the “default value” for a type. Read more
source§

impl Copy for mbedtls_ecp_group

Auto Trait Implementations§

§

impl Freeze for mbedtls_ecp_group

§

impl RefUnwindSafe for mbedtls_ecp_group

§

impl !Send for mbedtls_ecp_group

§

impl !Sync for mbedtls_ecp_group

§

impl Unpin for mbedtls_ecp_group

§

impl UnwindSafe for mbedtls_ecp_group

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> CloneToUninit for T
where T: Copy,

§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
§

impl<T> CloneToUninit for T
where T: Clone,

§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.