Add Curve25519 to known groups

66153667 · Manuel Pégourié-Gonnard · 3afa07f0 · 66153667 · 66153667 · 66153667
Commit 66153667 authored Dec 03, 2013 by Manuel Pégourié-Gonnard
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 1 deletion

include/polarssl/config.h include/polarssl/config.h +4 -0

include/polarssl/ecp.h include/polarssl/ecp.h +7 -1

library/ecp_curves.c library/ecp_curves.c +33 -0

No files found.
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -248,6 +248,10 @@
 #define POLARSSL_ECP_DP_BP256R1_ENABLED
 #define POLARSSL_ECP_DP_BP384R1_ENABLED
 #define POLARSSL_ECP_DP_BP512R1_ENABLED
+//#define POLARSSL_ECP_DP_M221_ENABLED  // Not implemented yet!
+#define POLARSSL_ECP_DP_M255_ENABLED
+//#define POLARSSL_ECP_DP_M383_ENABLED  // Not implemented yet!
+//#define POLARSSL_ECP_DP_M511_ENABLED  // Not implemented yet!

 /**
 * \def POLARSSL_ECP_NIST_OPTIM

--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -64,10 +64,16 @@ typedef enum
    POLARSSL_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
    POLARSSL_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
    POLARSSL_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    POLARSSL_ECP_DP_M221,           /*!< (not implemented yet)    */
+    POLARSSL_ECP_DP_M255,           /*!< Curve25519               */
+    POLARSSL_ECP_DP_M383,           /*!< (not implemented yet)    */
+    POLARSSL_ECP_DP_M511,           /*!< (not implemented yet)    */
 } ecp_group_id;

 /**
- * Number of supported curves (plus one for NONE)
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
 */
 #define POLARSSL_ECP_DP_MAX     9


--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -341,11 +341,39 @@ static int ecp_mod_p521( mpi * );
                            G ## _gy, sizeof( G ## _gy ),   \
                            G ## _n,  sizeof( G ## _n  ) )

+/*
+ * Specialized function for creating the Curve25519 group
+ */
+static int ecp_use_curve25519( ecp_group *grp )
+{
+    int ret;
+
+    /* Actually ( A + 2 ) / 4 */
+    MPI_CHK( mpi_read_string( &grp->A, 16, "01DB42" ) );
+
+    /* P = 2^255 - 19 */
+    MPI_CHK( mpi_lset( &grp->P, 1 ) );
+    MPI_CHK( mpi_shift_l( &grp->P, 255 ) );
+    MPI_CHK( mpi_sub_int( &grp->P, &grp->P, 19 ) );
+    grp->pbits = mpi_msb( &grp->P );
+
+    /* Actually, the required msb for private keys */
+    grp->nbits = 254;
+
+cleanup:
+    if( ret != 0 )
+        ecp_group_free( grp );
+
+    return( ret );
+}
+
 /*
 * Set a group using well-known domain parameters
 */
 int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
 {
+    ecp_group_free( grp );
+
    grp->id = id;

    switch( id )
@@ -395,6 +423,11 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
            return( LOAD_GROUP( brainpoolP512r1 ) );
 #endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */

+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+        case POLARSSL_ECP_DP_M255:
+            return( ecp_use_curve25519( grp ) );
+#endif /* POLARSSL_ECP_DP_M255_ENABLED */
+
        default:
            ecp_group_free( grp );
            return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );