Updated so that private keys are always the correct length.
Specifically, the private key for secp160r1 is now required to be
21 bytes. Added some comments about buffer sizes.
diff --git a/curve-specific.inc b/curve-specific.inc
index 07676e1..9d8cd7f 100644
--- a/curve-specific.inc
+++ b/curve-specific.inc
@@ -17,8 +17,6 @@
#define num_words_secp256r1 32
#define num_words_secp256k1 32
-#define num_n_words_secp160r1 21
-
#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) \
0x##a, 0x##b, 0x##c, 0x##d, 0x##e, 0x##f, 0x##g, 0x##h
#define BYTES_TO_WORDS_4(a, b, c, d) 0x##a, 0x##b, 0x##c, 0x##d
@@ -31,8 +29,6 @@
#define num_words_secp256r1 8
#define num_words_secp256k1 8
-#define num_n_words_secp160r1 6
-
#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##d##c##b##a, 0x##h##g##f##e
#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a
@@ -44,13 +40,13 @@
#define num_words_secp256r1 4
#define num_words_secp256k1 4
-#define num_n_words_secp160r1 3
-
#define BYTES_TO_WORDS_8(a, b, c, d, e, f, g, h) 0x##h##g##f##e##d##c##b##a##ull
#define BYTES_TO_WORDS_4(a, b, c, d) 0x##d##c##b##a##ull
#endif /* uECC_WORD_SIZE */
+#if uECC_SUPPORTS_secp160r1 || uECC_SUPPORTS_secp192r1 || \
+ uECC_SUPPORTS_secp224r1 || uECC_SUPPORTS_secp256r1
static void double_jacobian_default(uECC_word_t * X1,
uECC_word_t * Y1,
uECC_word_t * Z1,
@@ -98,7 +94,21 @@
uECC_vli_set(Y1, t4, num_words);
}
+/* Computes result = x^3 + ax + b. result must not overlap x. */
+static void x_side_default(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) {
+ uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */
+ wordcount_t num_words = curve->num_words;
+
+ uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */
+ uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */
+ uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */
+ uECC_vli_modAdd(result, result, curve->b, curve->p, num_words); /* r = x^3 - 3x + b */
+}
+#endif /* uECC_SUPPORTS_secp... */
+
#if uECC_SUPPORT_COMPRESSED_POINT
+#if uECC_SUPPORTS_secp160r1 || uECC_SUPPORTS_secp192r1 || \
+ uECC_SUPPORTS_secp256r1 || uECC_SUPPORTS_secp256k1
/* Compute a = sqrt(a) (mod curve_p). */
static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) {
bitcount_t i;
@@ -117,18 +127,8 @@
}
uECC_vli_set(a, l_result, num_words);
}
-#endif
-
-/* Computes result = x^3 + ax + b. result must not overlap x. */
-static void x_side_default(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) {
- uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */
- wordcount_t num_words = curve->num_words;
-
- uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */
- uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */
- uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */
- uECC_vli_modAdd(result, result, curve->b, curve->p, num_words); /* r = x^3 - 3x + b */
-}
+#endif /* uECC_SUPPORTS_secp... */
+#endif /* uECC_SUPPORT_COMPRESSED_POINT */
#if uECC_SUPPORTS_secp160r1
@@ -138,8 +138,8 @@
static const struct uECC_Curve_t curve_secp160r1 = {
num_words_secp160r1,
- num_n_words_secp160r1,
num_bytes_secp160r1,
+ 161, /* num_n_bits */
{ BYTES_TO_WORDS_8(FF, FF, FF, 7F, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_4(FF, FF, FF, FF) },
@@ -283,8 +283,8 @@
static const struct uECC_Curve_t curve_secp192r1 = {
num_words_secp192r1,
- num_words_secp192r1,
num_bytes_secp192r1,
+ 192, /* num_n_bits */
{ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FE, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF) },
@@ -382,7 +382,7 @@
uECC_vli_set(result, product, num_words_secp192r1);
uECC_vli_set(tmp, &product[3], num_words_secp192r1);
- carry = uECC_vli_add(result, result, tmp, num_words_secp192r1);
+ carry = (int)uECC_vli_add(result, result, tmp, num_words_secp192r1);
tmp[0] = 0;
tmp[1] = product[3];
@@ -413,8 +413,8 @@
static const struct uECC_Curve_t curve_secp224r1 = {
num_words_secp224r1,
- num_words_secp224r1,
num_bytes_secp224r1,
+ 224, /* num_n_bits */
{ BYTES_TO_WORDS_8(01, 00, 00, 00, 00, 00, 00, 00),
BYTES_TO_WORDS_8(00, 00, 00, 00, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
@@ -735,8 +735,8 @@
static const struct uECC_Curve_t curve_secp256r1 = {
num_words_secp256r1,
- num_words_secp256r1,
num_bytes_secp256r1,
+ 256, /* num_n_bits */
{ BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, 00, 00, 00, 00),
BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00),
@@ -990,7 +990,7 @@
tmp[1] = product[5] & 0xffffffff00000000ull;
tmp[2] = product[6];
tmp[3] = product[7];
- carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1);
+ carry = (int)uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1);
carry += uECC_vli_add(result, result, tmp, num_words_secp256r1);
/* s2 */
@@ -1070,8 +1070,8 @@
static const struct uECC_Curve_t curve_secp256k1 = {
num_words_secp256k1,
- num_words_secp256k1,
num_bytes_secp256k1,
+ 256, /* num_n_bits */
{ BYTES_TO_WORDS_8(2F, FC, FF, FF, FE, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
BYTES_TO_WORDS_8(FF, FF, FF, FF, FF, FF, FF, FF),
diff --git a/uECC.c b/uECC.c
index 70b8ce4..8ee63d0 100644
--- a/uECC.c
+++ b/uECC.c
@@ -39,10 +39,13 @@
#define uECC_MAX_WORDS ((uECC_MAX_BYTES + 7) / 8)
#endif /* uECC_WORD_SIZE */
+#define BITS_TO_WORDS(num_bits) ((num_bits + ((uECC_WORD_SIZE * 8) - 1)) / (uECC_WORD_SIZE * 8))
+#define BITS_TO_BYTES(num_bits) ((num_bits + 7) / 8)
+
struct uECC_Curve_t {
wordcount_t num_words;
- wordcount_t num_n_words;
wordcount_t num_bytes;
+ bitcount_t num_n_bits;
uECC_word_t p[uECC_MAX_WORDS];
uECC_word_t n[uECC_MAX_WORDS];
uECC_word_t G[uECC_MAX_WORDS * 2];
@@ -769,11 +772,11 @@
uECC_word_t *k0,
uECC_word_t *k1,
uECC_Curve curve) {
- wordcount_t num_n_words = curve->num_n_words;
- bitcount_t num_bits = uECC_vli_numBits(curve->n, num_n_words);
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) ||
- (num_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) &&
- uECC_vli_testBit(k0, num_bits));
+ (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) &&
+ uECC_vli_testBit(k0, num_n_bits));
uECC_vli_add(k1, k0, curve->n, num_n_words);
return carry;
}
@@ -791,7 +794,7 @@
return 0;
}
- if (uECC_vli_cmp(curve->n, private, curve->num_n_words) != 1) {
+ if (uECC_vli_cmp(curve->n, private, BITS_TO_WORDS(curve->num_n_bits)) != 1) {
return 0;
}
@@ -799,9 +802,7 @@
attack to learn the number of leading zeros. */
carry = regularize_k(private, tmp1, tmp2, curve);
- EccPoint_mult(result, curve->G, p2[!carry], 0,
- uECC_vli_numBits(curve->n, curve->num_n_words) + 1,
- curve);
+ EccPoint_mult(result, curve->G, p2[!carry], 0, curve->num_n_bits + 1, curve);
if (EccPoint_isZero(result, curve)) {
return 0;
@@ -811,60 +812,46 @@
#if uECC_WORD_SIZE == 1
-uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes, const uint8_t *native, uECC_Curve curve) {
+uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes,
+ int num_bytes,
+ const uint8_t *native,
+ uECC_Curve curve) {
wordcount_t i;
- wordcount_t num_words = curve->num_words;
- for (i = 0; i < num_words; ++i) {
- dest[i] = src[(num_words - 1) - i];
+ for (i = 0; i < num_bytes; ++i) {
+ bytes[i] = native[(num_bytes - 1) - i];
}
}
-uECC_VLI_API void uECC_vli_bytesToNative(uint8_t *native, const uint8_t *bytes, uECC_Curve curve) {
- uECC_vli_nativeToBytes(dest, src, curve);
-}
-
-#elif uECC_WORD_SIZE == 4
-
-uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes, const uint32_t *native, uECC_Curve curve) {
- wordcount_t i;
- wordcount_t num_words = curve->num_words;
- for (i = 0; i < num_words; ++i) {
- uint8_t *digit = bytes + 4 * (num_words - 1 - i);
- digit[0] = native[i] >> 24;
- digit[1] = native[i] >> 16;
- digit[2] = native[i] >> 8;
- digit[3] = native[i];
- }
-}
-
-uECC_VLI_API void uECC_vli_bytesToNative(uint32_t *native, const uint8_t *bytes, uECC_Curve curve) {
- wordcount_t i;
- wordcount_t num_words = curve->num_words;
- for (i = 0; i < num_words; ++i) {
- const uint8_t *digit = bytes + 4 * (num_words - 1 - i);
- native[i] = ((uint32_t)digit[0] << 24) | ((uint32_t)digit[1] << 16) |
- ((uint32_t)digit[2] << 8) | (uint32_t)digit[3];
- }
+uECC_VLI_API void uECC_vli_bytesToNative(uint8_t *native,
+ const uint8_t *bytes,
+ int num_bytes,
+ uECC_Curve curve) {
+ uECC_vli_nativeToBytes(native, num_bytes, bytes, curve);
}
#else
-uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes, const uint64_t *native, uECC_Curve curve) {
+uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes,
+ int num_bytes,
+ const uECC_word_t *native,
+ uECC_Curve curve) {
wordcount_t i;
- wordcount_t num_bytes = curve->num_bytes;
for (i = 0; i < num_bytes; ++i) {
unsigned b = num_bytes - 1 - i;
- bytes[i] = native[b / 8] >> (8 * (b % 8));
+ bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE));
}
}
-uECC_VLI_API void uECC_vli_bytesToNative(uint64_t *native, const uint8_t *bytes, uECC_Curve curve) {
+uECC_VLI_API void uECC_vli_bytesToNative(uECC_word_t *native,
+ const uint8_t *bytes,
+ int num_bytes,
+ uECC_Curve curve) {
wordcount_t i;
- wordcount_t num_bytes = curve->num_bytes;
- uECC_vli_clear(native, curve->num_words);
+ uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE);
for (i = 0; i < num_bytes; ++i) {
unsigned b = num_bytes - 1 - i;
- native[b / 8] |= (uint64_t)bytes[i] << (8 * (b % 8));
+ native[b / uECC_WORD_SIZE] |=
+ (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE));
}
}
@@ -892,18 +879,16 @@
uECC_word_t public[uECC_MAX_WORDS * 2];
uECC_word_t tries;
- /* Zero out correctly (to compare to curve->n) for secp160r1. */
- private[curve->num_n_words - 1] = 0;
-
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
- if (!generate_random_int(private, curve->num_words, curve->num_bytes * 8)) {
+ if (!generate_random_int(private, BITS_TO_WORDS(curve->num_n_bits), curve->num_n_bits)) {
return 0;
}
if (EccPoint_compute_public_key(public, private, curve)) {
- uECC_vli_nativeToBytes(private_key, private, curve);
- uECC_vli_nativeToBytes(public_key, public, curve);
- uECC_vli_nativeToBytes(public_key + curve->num_bytes, public + curve->num_words, curve);
+ uECC_vli_nativeToBytes(private_key, BITS_TO_BYTES(curve->num_n_bits), private, curve);
+ uECC_vli_nativeToBytes(public_key, curve->num_bytes, public, curve);
+ uECC_vli_nativeToBytes(
+ public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words, curve);
return 1;
}
}
@@ -923,12 +908,10 @@
uECC_word_t carry;
wordcount_t num_words = curve->num_words;
- /* Zero out correctly (for addition with curve->n) for secp160r1. */
- private[curve->num_n_words - 1] = 0;
-
- uECC_vli_bytesToNative(private, private_key, curve);
- uECC_vli_bytesToNative(public, public_key, curve);
- uECC_vli_bytesToNative(public + num_words, public_key + curve->num_bytes, curve);
+ uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits), curve);
+ uECC_vli_bytesToNative(public, public_key, curve->num_bytes, curve);
+ uECC_vli_bytesToNative(
+ public + num_words, public_key + curve->num_bytes, curve->num_bytes, curve);
/* Regularize the bitcount for the private key so that attackers cannot use a side channel
attack to learn the number of leading zeros. */
@@ -950,10 +933,8 @@
}
}
- EccPoint_mult(public, public, p2[!carry], initial_Z,
- uECC_vli_numBits(curve->n, curve->num_n_words) + 1,
- curve);
- uECC_vli_nativeToBytes(secret, public, curve);
+ EccPoint_mult(public, public, p2[!carry], initial_Z, curve->num_n_bits + 1, curve);
+ uECC_vli_nativeToBytes(secret, curve->num_bytes, public, curve);
return !EccPoint_isZero(public, curve);
}
@@ -969,7 +950,7 @@
void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) {
uECC_word_t point[uECC_MAX_WORDS * 2];
uECC_word_t *y = point + curve->num_words;
- uECC_vli_bytesToNative(point, compressed + 1, curve);
+ uECC_vli_bytesToNative(point, compressed + 1, curve->num_bytes, curve);
curve->x_side(y, point, curve);
curve->mod_sqrt(y, curve);
@@ -977,8 +958,8 @@
uECC_vli_sub(y, curve->p, y, curve->num_words);
}
- uECC_vli_nativeToBytes(public_key, point, curve);
- uECC_vli_nativeToBytes(public_key + curve->num_bytes, y, curve);
+ uECC_vli_nativeToBytes(public_key, curve->num_bytes, point, curve);
+ uECC_vli_nativeToBytes(public_key + curve->num_bytes, curve->num_bytes, y, curve);
}
#endif /* uECC_SUPPORT_COMPRESSED_POINT */
@@ -1002,14 +983,15 @@
curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */
/* Make sure that y^2 == x^3 + ax + b */
- return (uECC_vli_equal(tmp1, tmp2, num_words));
+ return (int)(uECC_vli_equal(tmp1, tmp2, num_words));
}
int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) {
uECC_word_t public[uECC_MAX_WORDS * 2];
- uECC_vli_bytesToNative(public, public_key, curve);
- uECC_vli_bytesToNative(public + curve->num_words, public_key + curve->num_bytes, curve);
+ uECC_vli_bytesToNative(public, public_key, curve->num_bytes, curve);
+ uECC_vli_bytesToNative(
+ public + curve->num_words, public_key + curve->num_bytes, curve->num_bytes, curve);
return uECC_valid_point(public, curve);
}
@@ -1017,14 +999,15 @@
uECC_word_t private[uECC_MAX_WORDS];
uECC_word_t public[uECC_MAX_WORDS * 2];
- uECC_vli_bytesToNative(private, private_key, curve);
+ uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits), curve);
if (!EccPoint_compute_public_key(public, private, curve)) {
return 0;
}
- uECC_vli_nativeToBytes(public_key, public, curve);
- uECC_vli_nativeToBytes(public_key + curve->num_bytes, public + curve->num_words, curve);
+ uECC_vli_nativeToBytes(public_key, curve->num_bytes, public, curve);
+ uECC_vli_nativeToBytes(
+ public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words, curve);
return 1;
}
@@ -1042,8 +1025,8 @@
uECC_word_t p[uECC_MAX_WORDS * 2];
uECC_word_t carry;
wordcount_t num_words = curve->num_words;
- wordcount_t num_n_words = curve->num_n_words;
- bitcount_t num_n_bits = uECC_vli_numBits(curve->n, num_n_words);
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
/* Make sure 0 < k < curve_n */
if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) {
@@ -1081,21 +1064,20 @@
uECC_vli_modInv(k, k, curve->n, num_n_words); /* k = 1 / k' */
uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k = 1 / k */
- uECC_vli_nativeToBytes(signature, p, curve); /* store r */
+ uECC_vli_nativeToBytes(signature, curve->num_bytes, p, curve); /* store r */
- tmp[num_n_words - 1] = 0;
- uECC_vli_bytesToNative(tmp, private_key, curve); /* tmp = d */
+ uECC_vli_bytesToNative(tmp, private_key, BITS_TO_BYTES(curve->num_n_bits), curve); /* tmp = d */
s[num_n_words - 1] = 0;
uECC_vli_set(s, p, num_words);
uECC_vli_modMult(s, tmp, s, curve->n, num_n_words); /* s = r*d */
- uECC_vli_bytesToNative(tmp, message_hash, curve);
+ uECC_vli_bytesToNative(tmp, message_hash, curve->num_bytes, curve);
uECC_vli_modAdd(s, tmp, s, curve->n, num_n_words); /* s = e + r*d */
uECC_vli_modMult(s, s, k, curve->n, num_n_words); /* s = (e + r*d) / k */
if (uECC_vli_numBits(s, num_n_words) > (bitcount_t)curve->num_bytes * 8) {
return 0;
}
- uECC_vli_nativeToBytes(signature + curve->num_bytes, s, curve);
+ uECC_vli_nativeToBytes(signature + curve->num_bytes, curve->num_bytes, s, curve);
return 1;
}
@@ -1105,10 +1087,11 @@
uECC_Curve curve) {
uECC_word_t k[uECC_MAX_WORDS];
uECC_word_t tries;
- bitcount_t num_n_bits = uECC_vli_numBits(curve->n, curve->num_n_words);
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
- if (!generate_random_int(k, curve->num_n_words, num_n_bits)) {
+ if (!generate_random_int(k, num_n_words, num_n_bits)) {
return 0;
}
@@ -1176,8 +1159,8 @@
uint8_t *K = hash_context->tmp;
uint8_t *V = K + hash_context->result_size;
wordcount_t num_bytes = curve->num_bytes;
- wordcount_t num_n_words = curve->num_n_words;
- bitcount_t num_n_bits = uECC_vli_numBits(curve->n, num_n_words);
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
uECC_word_t tries;
unsigned i;
for (i = 0; i < hash_context->result_size; ++i) {
@@ -1263,16 +1246,17 @@
bitcount_t i;
uECC_word_t r[uECC_MAX_WORDS], s[uECC_MAX_WORDS];
wordcount_t num_words = curve->num_words;
- wordcount_t num_n_words = curve->num_n_words;
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
rx[num_n_words - 1] = 0;
r[num_n_words - 1] = 0;
s[num_n_words - 1] = 0;
- uECC_vli_bytesToNative(public, public_key, curve);
- uECC_vli_bytesToNative(public + num_words, public_key + curve->num_bytes, curve);
- uECC_vli_bytesToNative(r, signature, curve);
- uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve);
+ uECC_vli_bytesToNative(public, public_key, curve->num_bytes, curve);
+ uECC_vli_bytesToNative(
+ public + num_words, public_key + curve->num_bytes, curve->num_bytes, curve);
+ uECC_vli_bytesToNative(r, signature, curve->num_bytes, curve);
+ uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes, curve);
/* r, s must not be 0. */
if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) {
@@ -1288,7 +1272,7 @@
/* Calculate u1 and u2. */
uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */
u1[num_n_words - 1] = 0;
- uECC_vli_bytesToNative(u1, hash, curve);
+ uECC_vli_bytesToNative(u1, hash, curve->num_bytes, curve);
uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); /* u1 = e/s */
uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */
@@ -1342,7 +1326,7 @@
}
/* Accept only if v == r. */
- return (uECC_vli_equal(rx, r, num_words));
+ return (int)(uECC_vli_equal(rx, r, num_words));
}
#if uECC_ENABLE_VLI_API
@@ -1356,7 +1340,11 @@
}
unsigned uECC_curve_num_n_words(uECC_Curve curve) {
- return curve->num_n_words;
+ return BITS_TO_WORDS(curve->num_n_bits);
+}
+
+unsigned uECC_curve_num_n_bits(uECC_Curve curve) {
+ return curve->num_n_bits;
}
const uECC_word_t *uECC_curve_p(uECC_Curve curve) {
@@ -1398,14 +1386,12 @@
uECC_word_t *p2[2] = {tmp1, tmp2};
uECC_word_t carry = regularize_k(scalar, tmp1, tmp2, curve);
- EccPoint_mult(result, point, p2[!carry], 0,
- uECC_vli_numBits(curve->n, curve->num_n_words) + 1,
- curve);
+ EccPoint_mult(result, point, p2[!carry], 0, curve->num_n_bits + 1, curve);
}
int uECC_generate_random_int(uECC_word_t *random, uECC_Curve curve) {
- wordcount_t num_n_words = curve->num_n_words;
- bitcount_t num_n_bits = uECC_vli_numBits(curve->n, num_n_words);
+ wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
+ bitcount_t num_n_bits = curve->num_n_bits;
uECC_word_t tries;
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
diff --git a/uECC.h b/uECC.h
index 443d28b..06c6cdd 100644
--- a/uECC.h
+++ b/uECC.h
@@ -113,8 +113,15 @@
Create a public/private key pair.
Outputs:
- public_key - Will be filled in with the public key.
- private_key - Will be filled in with the private key.
+ public_key - Will be filled in with the public key. Must be at least 2 * the curve size
+ (in bytes) long. For example, if the curve is secp256r1, public_key must be 64
+ bytes long.
+ private_key - Will be filled in with the private key. Must be as long as the curve order; this
+ is typically the same as the curve size, except for secp160r1. For example, if the
+ curve is secp256r1, private_key must be 32 bytes long.
+
+ For secp160r1, private_key must be 21 bytes long! Note that the first byte will
+ almost always be 0 (there is about a 1 in 2^80 chance of it being non-zero).
Returns 1 if the key pair was generated successfully, 0 if an error occurred.
*/
@@ -130,7 +137,8 @@
private_key - Your private key.
Outputs:
- secret - Will be filled in with the shared secret value.
+ secret - Will be filled in with the shared secret value. Must be the same size as the
+ curve size; for example, if the curve is secp256r1, secret must be 32 bytes long.
Returns 1 if the shared secret was generated successfully, 0 if an error occurred.
*/
@@ -147,7 +155,9 @@
public_key - The public key to compress.
Outputs:
- compressed - Will be filled in with the compressed public key.
+ compressed - Will be filled in with the compressed public key. Must be at least
+ (curve size + 1) bytes long; for example, if the curve is secp256r1,
+ compressed must be 33 bytes long.
*/
void uECC_compress(const uint8_t *public_key, uint8_t *compressed, uECC_Curve curve);
@@ -201,7 +211,8 @@
message_hash - The hash of the message to sign.
Outputs:
- signature - Will be filled in with the signature value.
+ signature - Will be filled in with the signature value. Must be at least 2 * curve size long.
+ For example, if the curve is secp256r1, signature must be 64 bytes long.
Returns 1 if the signature generated successfully, 0 if an error occurred.
*/
diff --git a/uECC_vli.h b/uECC_vli.h
index e445888..21df281 100644
--- a/uECC_vli.h
+++ b/uECC_vli.h
@@ -59,11 +59,13 @@
const uECC_word_t *right,
wordcount_t num_words);
+/* Computes result = left * right. Result must be 2 * num_words long. */
void uECC_vli_mult(uECC_word_t *result,
const uECC_word_t *left,
const uECC_word_t *right,
wordcount_t num_words);
+/* Computes result = left^2. Result must be 2 * num_words long. */
void uECC_vli_square(uECC_word_t *result, const uECC_word_t *left, wordcount_t num_words);
/* Computes result = (left + right) % mod.
@@ -128,12 +130,15 @@
void uECC_vli_mod_sqrt(uECC_word_t *a, uECC_Curve curve);
#endif
-void uECC_vli_nativeToBytes(uint8_t *bytes, const uECC_word_t *native, uECC_Curve curve);
-void uECC_vli_bytesToNative(uECC_word_t *native, const uint8_t *bytes, uECC_Curve curve);
+/* Converts an integer in uECC native format to big-endian bytes. */
+void uECC_vli_nativeToBytes(uint8_t *bytes, int num_bytes, const uECC_word_t *native, uECC_Curve curve);
+/* Converts big-endian bytes to an integer in uECC native format. */
+void uECC_vli_bytesToNative(uECC_word_t *native, const uint8_t *bytes, int num_bytes, uECC_Curve curve);
unsigned uECC_curve_num_words(uECC_Curve curve);
unsigned uECC_curve_num_bits(uECC_Curve curve);
unsigned uECC_curve_num_n_words(uECC_Curve curve);
+unsigned uECC_curve_num_n_bits(uECC_Curve curve);
const uECC_word_t *uECC_curve_p(uECC_Curve curve);
const uECC_word_t *uECC_curve_n(uECC_Curve curve);
