secp256r1, secp256k1, secp384r1, ecdominit, ecdomfree, ecassign, ecadd, ecmul, strtoec, ecgen, ecverify, ecpubverify, ecdsasign, ecdsaverify, ecencodepub, ecdecodepub, ecpubfree, X509toECpub, X509ecdsaverify, X509ecdsaverifydigest – elliptic curve cryptography

#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>

void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)

void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)

void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)

void ecdominit(ECdomain *dom, void (*init)(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h))

void ecdomfree(ECdomain *dom)

void ecassign(ECdomain *dom, ECpoint *old, ECpoint *new)

void ecadd(ECdomain *dom, ECpoint *a, ECpoint *b, ECpoint *s)

void ecmul(ECdomain *dom, ECpoint *a, mpint *k, ECpoint *s)

ECpoint*    strtoec(ECdomain *dom, char *s, char **rptr, ECpoint *p)

ECpriv*     ecgen(ECdomain *dom, ECpriv *p)

int    ecverify(ECdomain *dom, ECpoint *p)

int    ecpubverify(ECdomain *dom, ECpub *p)

void ecdsasign(ECdomain *dom, ECpriv *priv, uchar *dig, int dlen, mpint *r, mpint *s)

int    ecdsaverify(ECdomain *dom, ECpub *pub, uchar *dig, int dlen, mpint *r, mpint *s)

int    ecencodepub(ECdomain *dom, ECpub *pub, uchar *data, int len)

ECpub*      ecdecodepub(ECdomain *dom, uchar *data, int len)

void ecpubfree(ECpub *p);

ECpub*      X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)

char*       X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)

char*       X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)

These functions implement elliptic curve cryptography. An elliptic curve together with cryptographic parameters are specified using an ECdomain struct. Points on the curve are represented by ECpoint structs.

ecdominit initializes a ECdomain struct and calls the init function such as secp256r1 which fills in the parameters of the curve.

ecdomfree frees the parameters of the curve and zeros the struct. It does not free the memory of the struct itself.

ecassign, ecadd and ecmul are analogous to their counterparts in mp(2).

strtoec converts a hex string representing an octet string as specified in Standards for Efficient Cryptography (SEC) 1 to an ECpoint struct. Both uncompressed and compressed formats are supported. If rptr is not nil, it is used to return the position in the string where the parser stopped. If p is nil space is allocated automatically, else the given struct is used.

ecverify and ecpubverify verify that the given point or public key, respectively, is valid.

ecgen generates a keypair and returns a pointer to it. If p is nil space is allocated automatically, else the given struct is used.

ecdsasign and ecdsaverify create or verify, respectively, a signature using the ECDSA scheme specified in SEC 1. It is absolutely vital that dig is a cryptographic hash to the message. ecdsasign writes the signature to r and s which are assumed to be allocated properly.

ecencodepub and ecdecodepub handle encoding and decoding of public keys in uncompressed format. Note that ecdecodepub also verifies that the public key is valid in the specified domain.

ecpubfree frees a ECpub structure and its associated members.

Given a binary X.509 cert, the function X509toECpub initializes domain parameters and returns the ECDSA public key. if name is not nil, the CN part of the Distinguished Name of the certificate's Subject is returned. X509ecdsaverify and X509ecdsaverifydigest are analogs to the routines described by rsa(2).

*verify functions return 1 for a positive result. Functions returning pointers may return nil in case of error (e.g. failing malloc(2)).


Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography – Certicom Research, 2009

This implementation of elliptic curve cryptography first appeared in 9front (June, 2012).