|
VOID *EFIAPI | EcGroupInit (IN UINTN CryptoNid) |
|
BOOLEAN EFIAPI | EcGroupGetCurve (IN CONST VOID *EcGroup, OUT VOID *BnPrime, OUT VOID *BnA, OUT VOID *BnB, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcGroupGetOrder (IN VOID *EcGroup, OUT VOID *BnOrder) |
|
VOID EFIAPI | EcGroupFree (IN VOID *EcGroup) |
|
VOID *EFIAPI | EcPointInit (IN CONST VOID *EcGroup) |
|
VOID EFIAPI | EcPointDeInit (IN VOID *EcPoint, IN BOOLEAN Clear) |
|
BOOLEAN EFIAPI | EcPointGetAffineCoordinates (IN CONST VOID *EcGroup, IN CONST VOID *EcPoint, OUT VOID *BnX, OUT VOID *BnY, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointSetAffineCoordinates (IN CONST VOID *EcGroup, IN VOID *EcPoint, IN CONST VOID *BnX, IN CONST VOID *BnY, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointAdd (IN CONST VOID *EcGroup, OUT VOID *EcPointResult, IN CONST VOID *EcPointA, IN CONST VOID *EcPointB, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointMul (IN CONST VOID *EcGroup, OUT VOID *EcPointResult, IN CONST VOID *EcPoint, IN CONST VOID *BnPScalar, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointInvert (IN CONST VOID *EcGroup, IN OUT VOID *EcPoint, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointIsOnCurve (IN CONST VOID *EcGroup, IN CONST VOID *EcPoint, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointIsAtInfinity (IN CONST VOID *EcGroup, IN CONST VOID *EcPoint) |
|
BOOLEAN EFIAPI | EcPointEqual (IN CONST VOID *EcGroup, IN CONST VOID *EcPointA, IN CONST VOID *EcPointB, IN VOID *BnCtx) |
|
BOOLEAN EFIAPI | EcPointSetCompressedCoordinates (IN CONST VOID *EcGroup, IN VOID *EcPoint, IN CONST VOID *BnX, IN UINT8 YBit, IN VOID *BnCtx) |
|
VOID *EFIAPI | EcNewByNid (IN UINTN Nid) |
|
VOID EFIAPI | EcFree (IN VOID *EcContext) |
|
BOOLEAN EFIAPI | EcGenerateKey (IN OUT VOID *EcContext, OUT UINT8 *PublicKey, IN OUT UINTN *PublicKeySize) |
|
BOOLEAN EFIAPI | EcGetPubKey (IN OUT VOID *EcContext, OUT UINT8 *PublicKey, IN OUT UINTN *PublicKeySize) |
|
BOOLEAN EFIAPI | EcDhComputeKey (IN OUT VOID *EcContext, IN CONST UINT8 *PeerPublic, IN UINTN PeerPublicSize, IN CONST INT32 *CompressFlag, OUT UINT8 *Key, IN OUT UINTN *KeySize) |
|
BOOLEAN EFIAPI | EcDsaSign (IN VOID *EcContext, IN UINTN HashNid, IN CONST UINT8 *MessageHash, IN UINTN HashSize, OUT UINT8 *Signature, IN OUT UINTN *SigSize) |
|
BOOLEAN EFIAPI | EcDsaVerify (IN VOID *EcContext, IN UINTN HashNid, IN CONST UINT8 *MessageHash, IN UINTN HashSize, IN CONST UINT8 *Signature, IN UINTN SigSize) |
|
Elliptic Curve and ECDH API implementation based on MbedTLS
Copyright (c) 2023, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file CryptEcNull.c.
Computes exchanged common key. Given peer's public key (X, Y), this function computes the exchanged common key, based on its own context including value of curve parameter and random secret. X is the first half of PeerPublic with size being PeerPublicSize / 2, Y is the second half of PeerPublic with size being PeerPublicSize / 2. If EcContext is NULL, then return FALSE. If PeerPublic is NULL, then return FALSE. If PeerPublicSize is 0, then return FALSE. If Key is NULL, then return FALSE. If KeySize is not large enough, then return FALSE. For P-256, the PeerPublicSize is 64. First 32-byte is X, Second 32-byte is Y. For P-384, the PeerPublicSize is 96. First 48-byte is X, Second 48-byte is Y. For P-521, the PeerPublicSize is 132. First 66-byte is X, Second 66-byte is Y.
- Parameters
-
[in,out] | EcContext | Pointer to the EC context. |
[in] | PeerPublic | Pointer to the peer's public X,Y. |
[in] | PeerPublicSize | Size of peer's public X,Y in bytes. |
[in] | CompressFlag | Flag of PeerPublic is compressed or not. |
[out] | Key | Pointer to the buffer to receive generated key. |
[in,out] | KeySize | On input, the size of Key buffer in bytes. On output, the size of data returned in Key buffer in bytes. |
- Return values
-
TRUE | EC exchanged key generation succeeded. |
FALSE | EC exchanged key generation failed. |
FALSE | KeySize is not large enough. |
Definition at line 485 of file CryptEcNull.c.
Carries out the EC-DSA signature.
This function carries out the EC-DSA signature. If the Signature buffer is too small to hold the contents of signature, FALSE is returned and SigSize is set to the required buffer size to obtain the signature.
If EcContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512. If SigSize is large enough but Signature is NULL, then return FALSE.
For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S. For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S. For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.
- Parameters
-
[in] | EcContext | Pointer to EC context for signature generation. |
[in] | HashNid | hash NID |
[in] | MessageHash | Pointer to octet message hash to be signed. |
[in] | HashSize | Size of the message hash in bytes. |
[out] | Signature | Pointer to buffer to receive EC-DSA signature. |
[in,out] | SigSize | On input, the size of Signature buffer in bytes. On output, the size of data returned in Signature buffer in bytes. |
- Return values
-
TRUE | Signature successfully generated in EC-DSA. |
FALSE | Signature generation failed. |
FALSE | SigSize is too small. |
Definition at line 529 of file CryptEcNull.c.
Verifies the EC-DSA signature.
If EcContext is NULL, then return FALSE. If MessageHash is NULL, then return FALSE. If Signature is NULL, then return FALSE. If HashSize need match the HashNid. HashNid could be SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512.
For P-256, the SigSize is 64. First 32-byte is R, Second 32-byte is S. For P-384, the SigSize is 96. First 48-byte is R, Second 48-byte is S. For P-521, the SigSize is 132. First 66-byte is R, Second 66-byte is S.
- Parameters
-
[in] | EcContext | Pointer to EC context for signature verification. |
[in] | HashNid | hash NID |
[in] | MessageHash | Pointer to octet message hash to be checked. |
[in] | HashSize | Size of the message hash in bytes. |
[in] | Signature | Pointer to EC-DSA signature to be verified. |
[in] | SigSize | Size of signature in bytes. |
- Return values
-
TRUE | Valid signature encoded in EC-DSA. |
FALSE | Invalid signature or invalid EC context. |
Definition at line 567 of file CryptEcNull.c.
BOOLEAN EFIAPI EcGenerateKey |
( |
IN OUT VOID * |
EcContext, |
|
|
OUT UINT8 * |
PublicKey, |
|
|
IN OUT UINTN * |
PublicKeySize |
|
) |
| |
Generates EC key and returns EC public key (X, Y), Please note, this function uses pseudo random number generator. The caller must make sure RandomSeed() function was properly called before. The Ec context should be correctly initialized by EcNewByNid. This function generates random secret, and computes the public key (X, Y), which is returned via parameter Public, PublicSize. X is the first half of Public with size being PublicSize / 2, Y is the second half of Public with size being PublicSize / 2. EC context is updated accordingly. If the Public buffer is too small to hold the public X, Y, FALSE is returned and PublicSize is set to the required buffer size to obtain the public X, Y. For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is Y. If EcContext is NULL, then return FALSE. If PublicSize is NULL, then return FALSE. If PublicSize is large enough but Public is NULL, then return FALSE.
- Parameters
-
[in,out] | EcContext | Pointer to the EC context. |
[out] | PublicKey | Pointer to t buffer to receive generated public X,Y. |
[in,out] | PublicKeySize | On input, the size of Public buffer in bytes. On output, the size of data returned in Public buffer in bytes. |
- Return values
-
TRUE | EC public X,Y generation succeeded. |
FALSE | EC public X,Y generation failed. |
FALSE | PublicKeySize is not large enough. |
Definition at line 422 of file CryptEcNull.c.
BOOLEAN EFIAPI EcGetPubKey |
( |
IN OUT VOID * |
EcContext, |
|
|
OUT UINT8 * |
PublicKey, |
|
|
IN OUT UINTN * |
PublicKeySize |
|
) |
| |
Gets the public key component from the established EC context. The Ec context should be correctly initialized by EcNewByNid, and successfully generate key pair from EcGenerateKey(). For P-256, the PublicSize is 64. First 32-byte is X, Second 32-byte is Y. For P-384, the PublicSize is 96. First 48-byte is X, Second 48-byte is Y. For P-521, the PublicSize is 132. First 66-byte is X, Second 66-byte is Y.
- Parameters
-
[in,out] | EcContext | Pointer to EC context being set. |
[out] | PublicKey | Pointer to t buffer to receive generated public X,Y. |
[in,out] | PublicKeySize | On input, the size of Public buffer in bytes. On output, the size of data returned in Public buffer in bytes. |
- Return values
-
TRUE | EC key component was retrieved successfully. |
FALSE | Invalid EC key component. |
Definition at line 448 of file CryptEcNull.c.