203 lines
4.4 KiB
Plaintext
203 lines
4.4 KiB
Plaintext
.TH EC 2
|
|
.SH NAME
|
|
secp256r1,
|
|
secp256k1,
|
|
secp384r1,
|
|
ecdominit,
|
|
ecdomfree,
|
|
ecassign,
|
|
ecadd,
|
|
ecmul,
|
|
strtoec,
|
|
ecgen,
|
|
ecverify,
|
|
ecpubverify,
|
|
ecdsasign,
|
|
ecdsaverify,
|
|
ecencodepub,
|
|
ecdecodepub,
|
|
ecpubfree,
|
|
X509toECpub,
|
|
X509ecdsaverify,
|
|
X509ecdsaverifydigest \- elliptic curve cryptography
|
|
.SH SYNOPSIS
|
|
.B #include <u.h>
|
|
.br
|
|
.B #include <libc.h>
|
|
.br
|
|
.B #include <mp.h>
|
|
.br
|
|
.B #include <libsec.h>
|
|
.PP
|
|
.B
|
|
void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
|
|
.PP
|
|
.B
|
|
void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
|
|
.PP
|
|
.B
|
|
void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h)
|
|
.PP
|
|
.B
|
|
void ecdominit(ECdomain *dom, void (*init)(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h))
|
|
.PP
|
|
.B
|
|
void ecdomfree(ECdomain *dom)
|
|
.PP
|
|
.B
|
|
void ecassign(ECdomain *dom, ECpoint *old, ECpoint *new)
|
|
.PP
|
|
.B
|
|
void ecadd(ECdomain *dom, ECpoint *a, ECpoint *b, ECpoint *s)
|
|
.PP
|
|
.B
|
|
void ecmul(ECdomain *dom, ECpoint *a, mpint *k, ECpoint *s)
|
|
.PP
|
|
.B
|
|
ECpoint* strtoec(ECdomain *dom, char *s, char **rptr, ECpoint *p)
|
|
.PP
|
|
.B
|
|
ECpriv* ecgen(ECdomain *dom, ECpriv *p)
|
|
.PP
|
|
.B
|
|
int ecverify(ECdomain *dom, ECpoint *p)
|
|
.PP
|
|
.B
|
|
int ecpubverify(ECdomain *dom, ECpub *p)
|
|
.PP
|
|
.B
|
|
void ecdsasign(ECdomain *dom, ECpriv *priv, uchar *dig, int dlen, mpint *r, mpint *s)
|
|
.PP
|
|
.B
|
|
int ecdsaverify(ECdomain *dom, ECpub *pub, uchar *dig, int dlen, mpint *r, mpint *s)
|
|
.PP
|
|
.B
|
|
int ecencodepub(ECdomain *dom, ECpub *pub, uchar *data, int len)
|
|
.PP
|
|
.B
|
|
ECpub* ecdecodepub(ECdomain *dom, uchar *data, int len)
|
|
.PP
|
|
.B
|
|
void ecpubfree(ECpub *p);
|
|
.PP
|
|
.B
|
|
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
|
|
.PP
|
|
.B
|
|
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)
|
|
.PP
|
|
.B
|
|
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
|
|
.DT
|
|
.SH DESCRIPTION
|
|
These functions implement elliptic curve cryptography.
|
|
An elliptic curve together with cryptographic parameters are specified using an
|
|
.B ECdomain
|
|
struct.
|
|
Points on the curve are represented by
|
|
.B ECpoint
|
|
structs.
|
|
.PP
|
|
.B ecdominit
|
|
initializes a
|
|
.B ECdomain
|
|
struct and calls the
|
|
.B init
|
|
function such as
|
|
.B secp256r1
|
|
which fills in the parameters of the curve.
|
|
.PP
|
|
.B ecdomfree
|
|
frees the parameters of the curve and zeros the struct. It does
|
|
not free the memory of the struct itself.
|
|
.PP
|
|
.BR ecassign ", " ecadd " and " ecmul
|
|
are analogous to their counterparts in
|
|
.IR mp (2).
|
|
.PP
|
|
.B strtoec
|
|
converts a hex string representing an octet string as specified in
|
|
.I Standards for Efficient Cryptography (SEC) 1
|
|
to an
|
|
.B ECpoint
|
|
struct. Both uncompressed and compressed formats are supported.
|
|
If
|
|
.B rptr
|
|
is not
|
|
.BR nil ,
|
|
it is used to return the position in the string where the parser stopped.
|
|
If
|
|
.BR p " is " nil
|
|
space is allocated automatically, else the given struct is used.
|
|
.PP
|
|
.B ecverify
|
|
and
|
|
.B ecpubverify
|
|
verify that the given point or public key, respectively, is valid.
|
|
.PP
|
|
.B ecgen
|
|
generates a keypair and returns a pointer to it.
|
|
If
|
|
.BR p " is " nil
|
|
space is allocated automatically, else the given struct is used.
|
|
.PP
|
|
.B ecdsasign
|
|
and
|
|
.B ecdsaverify
|
|
create or verify, respectively, a signature using the ECDSA scheme specified in
|
|
.I SEC 1.
|
|
It is absolutely vital that
|
|
.B dig
|
|
is a cryptographic hash to the message.
|
|
.B ecdsasign
|
|
writes the signature to
|
|
.BR r " and " s
|
|
which are assumed to be allocated properly.
|
|
.PP
|
|
.B ecencodepub
|
|
and
|
|
.B ecdecodepub
|
|
handle encoding and decoding of public keys in uncompressed format.
|
|
Note that
|
|
.B ecdecodepub
|
|
also verifies that the public key is valid in the specified domain.
|
|
.PP
|
|
.B ecpubfree
|
|
frees a
|
|
.B ECpub
|
|
structure and its associated members.
|
|
.PP
|
|
Given a binary X.509 cert, the function
|
|
.B X509toECpub
|
|
initializes domain parameters and returns the ECDSA public key. if
|
|
.I name
|
|
is not
|
|
.BR nil ,
|
|
the CN part of the Distinguished Name of the certificate's Subject is returned.
|
|
.B X509ecdsaverify
|
|
and
|
|
.B X509ecdsaverifydigest
|
|
are analogs to the routines described by
|
|
.IR rsa (2).
|
|
.SH RETURN VALUE
|
|
.B *verify
|
|
functions return
|
|
.B 1
|
|
for a positive result.
|
|
Functions returning pointers may return
|
|
.B nil
|
|
in case of error
|
|
.I (e.g.
|
|
failing
|
|
.IR malloc (2)).
|
|
.SH SOURCE
|
|
.B /sys/src/libsec/port/ecc.c
|
|
.SH SEE ALSO
|
|
.IR rsa (2)
|
|
.br
|
|
.I
|
|
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography
|
|
- Certicom Research, 2009
|
|
.SH HISTORY
|
|
This implementation of elliptic curve cryptography first appeared in 9front (June, 2012).
|