ox_ec.h

Back to the files list

Elliptic curve cryptography syscalls. More...

Data Structures
struct	cx_curve_weierstrass_s
	Weierstrass curve defined by y^3 = x^2 + a*x + b over GF(p). More...
struct	cx_curve_twisted_edwards_s
	Twisted Edwards curve defined by a*x^2 + y^2 = 1 + d*x2*y2 over GF(q). More...
struct	cx_curve_montgomery_s
	Montgomery curve defined by B*y^2= x^3 + A*x^2 + x over GF(q). More...
struct	cx_curve_domain_s
	Abstract type for elliptic curve domain. More...
struct	cx_ec_point_s
	Elliptic curve point. More...

Macros
#define	CX_MAX_DOMAIN_LENGTH   66
	Largest domain parameters length. More...
#define	HAVE_SECP256K1_CURVE
	Enables the Koblitz curve Secp256k1. More...
#define	HAVE_SECP256R1_CURVE
	Enables the verifiably random curve Secp256r1. More...
#define	HAVE_SECP384R1_CURVE
	Enables the verifiably random curve Secp384r1. More...
#define	HAVE_SECP521R1_CURVE
	Enables the verifiably random curve Secp521r1. More...
#define	HAVE_BRAINPOOL_P256R1_CURVE
	Enables the curve BrainpoolP256r1. More...
#define	HAVE_BRAINPOOL_P256T1_CURVE
	Enables the twisted curve BrainpoolP256t1. More...
#define	HAVE_BRAINPOOL_P320R1_CURVE
	Enables the curve BrainpoolP320r1. More...
#define	HAVE_BRAINPOOL_P320T1_CURVE
	Enables the twisted curve BrainpoolP320t1. More...
#define	HAVE_BRAINPOOL_P384R1_CURVE
	Enables the curve BrainpoolP384r1. More...
#define	HAVE_BRAINPOOL_P384T1_CURVE
	Enables the twisted curve BrainpoolP384t1. More...
#define	HAVE_BRAINPOOL_P512R1_CURVE
	Enables the curve BrainpoolP512r1. More...
#define	HAVE_BRAINPOOL_P512T1_CURVE
	Enables the twisted curve BrainpoolP512t1. More...
#define	HAVE_ED25519_CURVE
	Enables the twisted Edwards curve Ed25519. More...
#define	HAVE_ED448_CURVE
	Enables the twisted Edwards curve Ed448. More...
#define	HAVE_CV25519_CURVE
	Enables the Montgomery curve Curve25519. More...
#define	HAVE_CV448_CURVE
	Enables the Montgomery curve Curve448. More...
#define	HAVE_STARK256_CURVE
	Enables the Stark curve. More...
#define	CX_ECCINFO_PARITY_ODD   1
	Indicates the parity of a point coordinate. More...
#define	CX_ECCINFO_xGTn   2
#define	CX_CURVE_256K1   CX_CURVE_SECP256K1
	Allowed identifier for Secp256k1. More...
#define	CX_CURVE_256R1   CX_CURVE_SECP256R1
	Legacy identifier for Secp256r1. More...
#define	CX_CURVE_NISTP256   CX_CURVE_SECP256R1
	Legacy identifier for Secp256r1. More...
#define	CX_CURVE_NISTP384   CX_CURVE_SECP384R1
	Allowed identifier for Secp384r1. More...
#define	CX_CURVE_NISTP521   CX_CURVE_SECP521R1
	Allowed identifier for Secp521r1. More...
#define	CX_CURVE_RANGE(i, dom)
	Returns true if the curve identifier is in the specified range. More...
#define	CX_CURVE_IS_WEIERSTRASS(c)
	Returns true if the curve is a short Weierstrass curve. More...
#define	CX_CURVE_IS_TWISTED_EDWARDS(c)
	Returns true if the curve is a twisted Edwards curve. More...
#define	CX_CURVE_IS_MONTGOMERY(c)
	Returns true if the curve is a Montgomery curve. More...
#define	CX_CURVE_HEADER
	Curve domain parameters. More...

Typedefs
typedef enum cx_curve_e	cx_curve_t
	Convenience type. More...
typedef struct cx_curve_weierstrass_s	cx_curve_weierstrass_t
	Convenience type. More...
typedef struct cx_curve_twisted_edwards_s	cx_curve_twisted_edwards_t
	Convenience type. More...
typedef struct cx_curve_montgomery_s	cx_curve_montgomery_t
	Convenience type. More...
typedef struct cx_curve_domain_s	cx_curve_domain_t
	Convenience type. More...
typedef struct cx_ec_point_s	cx_ecpoint_t
	Convenience type. More...
typedef enum cx_curve_dom_param_s	cx_curve_dom_param_t

Enumerations
enum	cx_curve_e {   CX_CURVE_NONE, CX_CURVE_WEIERSTRASS_START = 0x20, CX_CURVE_SECP256K1 = 0x21, CX_CURVE_SECP256R1 = 0x22,   CX_CURVE_SECP384R1 = 0x23, CX_CURVE_SECP521R1 = 0x24, CX_CURVE_BrainPoolP256T1 = 0x31, CX_CURVE_BrainPoolP256R1 = 0x32,   CX_CURVE_BrainPoolP320T1 = 0x33, CX_CURVE_BrainPoolP320R1 = 0x34, CX_CURVE_BrainPoolP384T1 = 0x35, CX_CURVE_BrainPoolP384R1 = 0x36,   CX_CURVE_BrainPoolP512T1 = 0x37, CX_CURVE_BrainPoolP512R1 = 0x38, CX_CURVE_BLS12_381_G1 = 0x39, CX_CURVE_FRP256V1 = 0x41,   CX_CURVE_Stark256 = 0x51, CX_CURVE_WEIERSTRASS_END = 0x6F, CX_CURVE_TWISTED_EDWARDS_START = 0x70, CX_CURVE_Ed25519 = 0x71,   CX_CURVE_Ed448 = 0x72, CX_CURVE_TWISTED_EDWARDS_END = 0x7F, CX_CURVE_MONTGOMERY_START = 0x80, CX_CURVE_Curve25519 = 0x81,   CX_CURVE_Curve448 = 0x82, CX_CURVE_MONTGOMERY_END = 0x8F }
	List of supported elliptic curves. More...
enum	cx_curve_dom_param_s {   CX_CURVE_PARAM_NONE = 0, CX_CURVE_PARAM_A = 1, CX_CURVE_PARAM_B = 2, CX_CURVE_PARAM_Field = 3,   CX_CURVE_PARAM_Gx = 4, CX_CURVE_PARAM_Gy = 5, CX_CURVE_PARAM_Order = 6, CX_CURVE_PARAM_Cofactor = 7 }
	Identifiers of the domain parameters. More...

Functions
SYSCALL cx_err_t	cx_ecdomain_size (cx_curve_t curve, size_t *length)
	Gets the bit length of each parameter of the curve. More...
SYSCALL cx_err_t	cx_ecdomain_parameters_length (cx_curve_t cv, size_t *length)
	Gets the byte length of each parameter of the curve. More...
SYSCALL cx_err_t	cx_ecdomain_parameter (cx_curve_t cv, cx_curve_dom_param_t id, uint8_t *p, uint32_t p_len)
	Gets a specific parameter of the curve. More...
SYSCALL cx_err_t	cx_ecdomain_parameter_bn (cx_curve_t cv, cx_curve_dom_param_t id, cx_bn_t p)
	Stores a specific parameter of the curve as a BN. More...
SYSCALL cx_err_t	cx_ecdomain_generator (cx_curve_t cv, uint8_t *Gx, uint8_t *Gy, size_t len)
	Gets the generator of the curve. More...
SYSCALL cx_err_t	cx_ecdomain_generator_bn (cx_curve_t cv, cx_ecpoint_t *P)
	Gets the generator of the curve and stores it in the point structure. More...
SYSCALL cx_err_t	cx_ecpoint_alloc (cx_ecpoint_t *P, cx_curve_t cv)
	Allocates memory for a point on the curve. More...
SYSCALL cx_err_t	cx_ecpoint_destroy (cx_ecpoint_t *P)
	Destroys a point on the curve. More...
SYSCALL cx_err_t	cx_ecpoint_init (cx_ecpoint_t *P, const uint8_t *x, size_t x_len, const uint8_t *y, size_t y_len)
	Initializes a point on the curve. More...
SYSCALL cx_err_t	cx_ecpoint_init_bn (cx_ecpoint_t *P, const cx_bn_t x, const cx_bn_t y)
	Initializes a point on the curve with the BN indexes of the coordinates. More...
SYSCALL cx_err_t	cx_ecpoint_export (const cx_ecpoint_t *P, uint8_t *x, size_t x_len, uint8_t *y, size_t y_len)
	Exports a point. More...
SYSCALL cx_err_t	cx_ecpoint_export_bn (const cx_ecpoint_t *P, cx_bn_t *x, cx_bn_t *y)
	Exports a point using BN indexes of the coordinates. More...
SYSCALL cx_err_t	cx_ecpoint_compress (const cx_ecpoint_t *P, uint8_t *xy_compressed, size_t xy_compressed_len, uint32_t *sign)
	Computes the compressed form of a point. More...
SYSCALL cx_err_t	cx_ecpoint_decompress (cx_ecpoint_t *P, const uint8_t *xy_compressed, size_t xy_compressed_len, uint32_t sign)
	Computes the affine coordinates of a point given its compressed form. More...
SYSCALL cx_err_t	cx_ecpoint_add (cx_ecpoint_t *R, const cx_ecpoint_t *P, const cx_ecpoint_t *Q)
	Adds two points on a curve. More...
SYSCALL cx_err_t	cx_ecpoint_neg (cx_ecpoint_t *P)
	Computes the opposite of a point. More...
SYSCALL cx_err_t	cx_ecpoint_rnd_scalarmul (cx_ecpoint_t *P, const uint8_t *k, size_t k_len)
	Performs a secure scalar multiplication. More...
SYSCALL cx_err_t	cx_ecpoint_rnd_scalarmul_bn (cx_ecpoint_t *P, const cx_bn_t bn_k)
	Performs a secure scalar multiplication given the BN index of the scalar. More...
SYSCALL cx_err_t	cx_ecpoint_rnd_fixed_scalarmul (cx_ecpoint_t *P, const uint8_t *k, size_t k_len)
	Performs a secure scalar multiplication with a fixed scalar length. More...
SYSCALL cx_err_t	cx_ecpoint_scalarmul (cx_ecpoint_t *P, const uint8_t *k, size_t k_len)
	Performs a scalar multiplication. More...
SYSCALL cx_err_t	cx_ecpoint_scalarmul_bn (cx_ecpoint_t *P, const cx_bn_t bn_k)
	Performs a scalar multiplication given the BN index of the scalar. More...
SYSCALL cx_err_t	cx_ecpoint_double_scalarmul (cx_ecpoint_t *R, cx_ecpoint_t *P, cx_ecpoint_t *Q, const uint8_t *k, size_t k_len, const uint8_t *r, size_t r_len)
	Performs a double scalar multiplication. More...
SYSCALL cx_err_t	cx_ecpoint_double_scalarmul_bn (cx_ecpoint_t *R, cx_ecpoint_t *P, cx_ecpoint_t *Q, const cx_bn_t bn_k, const cx_bn_t bn_r)
	Performs a double scalar multiplication given the BN indexes of the scalars. More...
SYSCALL cx_err_t	cx_ecpoint_cmp (const cx_ecpoint_t *P, const cx_ecpoint_t *Q, bool *is_equal)
	Compares two points on the same curve. More...
SYSCALL cx_err_t	cx_ecpoint_is_on_curve (const cx_ecpoint_t *R, bool *is_on_curve)
	Checks whether a given point is on the curve. More...
SYSCALL cx_err_t	cx_ecpoint_is_at_infinity (const cx_ecpoint_t *R, bool *is_at_infinity)
	Checks whether a given point is the point at infinity. More...

Detailed Description

Elliptic curve cryptography syscalls.

This file contains elliptic curves definitions and functions.

Macro Definition Documentation

CX_CURVE_256K1

#define CX_CURVE_256K1   CX_CURVE_SECP256K1

Allowed identifier for Secp256k1.

CX_CURVE_256R1

#define CX_CURVE_256R1   CX_CURVE_SECP256R1

Legacy identifier for Secp256r1.

CX_CURVE_HEADER

#define CX_CURVE_HEADER

Value:

cx_curve_t curve; \

unsigned int bit_size; \

unsigned int length; \

const uint8_t *a; \

const uint8_t *b; \

const uint8_t *p; \

const uint8_t *Gx; \

const uint8_t *Gy; \

const uint8_t *n; \

const uint8_t *h; \

const uint8_t *Hn; \

const uint8_t *Hp; \

cx_curve_t

enum cx_curve_e cx_curve_t

Convenience type.

Definition: ox_ec.h:241

Curve domain parameters.

The parameters are common to cx_curve_weierstrass_s, cx_curve_twisted_edwards_s, and cx_curve_montgomery_s.

• curve: Curve identifier. See cx_curve_e
• bit_size: Curve size in bits
• length: Component lenth in bytes
• a: a coefficient of the curve equation
• b: b (Weierstrass or Montgomery) or d (twisted Edwards) coefficient of the curve equation
• p: Prime specifying the base field
• Gx: x-coordinate of the base point
• Gy: y-coordinate of the base point
• n: Curve order: order of the group generated by G
• h: Cofactor i.e. h = |E(GF(p))|/n
• Hn: Second Montgomery constant for the curve order
• Hp: Second Montgomery constant for the field characteristic p

CX_CURVE_IS_MONTGOMERY

#define CX_CURVE_IS_MONTGOMERY

(

c

)

Returns true if the curve is a Montgomery curve.

CX_CURVE_IS_TWISTED_EDWARDS

#define CX_CURVE_IS_TWISTED_EDWARDS

(

c

)

Returns true if the curve is a twisted Edwards curve.

CX_CURVE_IS_WEIERSTRASS

#define CX_CURVE_IS_WEIERSTRASS

(

c

)

Returns true if the curve is a short Weierstrass curve.

CX_CURVE_NISTP256

#define CX_CURVE_NISTP256   CX_CURVE_SECP256R1

Legacy identifier for Secp256r1.

CX_CURVE_NISTP384

#define CX_CURVE_NISTP384   CX_CURVE_SECP384R1

Allowed identifier for Secp384r1.

CX_CURVE_NISTP521

#define CX_CURVE_NISTP521   CX_CURVE_SECP521R1

Allowed identifier for Secp521r1.

CX_CURVE_RANGE

#define CX_CURVE_RANGE	(		i,
			dom
)

Returns true if the curve identifier is in the specified range.

CX_ECCINFO_PARITY_ODD

#define CX_ECCINFO_PARITY_ODD   1

Indicates the parity of a point coordinate.

CX_ECCINFO_xGTn

#define CX_ECCINFO_xGTn   2

CX_MAX_DOMAIN_LENGTH

#define CX_MAX_DOMAIN_LENGTH   66

Largest domain parameters length.

HAVE_BRAINPOOL_P256R1_CURVE

#define HAVE_BRAINPOOL_P256R1_CURVE

Enables the curve BrainpoolP256r1.

HAVE_BRAINPOOL_P256T1_CURVE

#define HAVE_BRAINPOOL_P256T1_CURVE

Enables the twisted curve BrainpoolP256t1.

HAVE_BRAINPOOL_P320R1_CURVE

#define HAVE_BRAINPOOL_P320R1_CURVE

Enables the curve BrainpoolP320r1.

HAVE_BRAINPOOL_P320T1_CURVE

#define HAVE_BRAINPOOL_P320T1_CURVE

Enables the twisted curve BrainpoolP320t1.

HAVE_BRAINPOOL_P384R1_CURVE

#define HAVE_BRAINPOOL_P384R1_CURVE

Enables the curve BrainpoolP384r1.

HAVE_BRAINPOOL_P384T1_CURVE

#define HAVE_BRAINPOOL_P384T1_CURVE

Enables the twisted curve BrainpoolP384t1.

HAVE_BRAINPOOL_P512R1_CURVE

#define HAVE_BRAINPOOL_P512R1_CURVE

Enables the curve BrainpoolP512r1.

HAVE_BRAINPOOL_P512T1_CURVE

#define HAVE_BRAINPOOL_P512T1_CURVE

Enables the twisted curve BrainpoolP512t1.

HAVE_CV25519_CURVE

#define HAVE_CV25519_CURVE

Enables the Montgomery curve Curve25519.

HAVE_CV448_CURVE

#define HAVE_CV448_CURVE

Enables the Montgomery curve Curve448.

HAVE_ED25519_CURVE

#define HAVE_ED25519_CURVE

Enables the twisted Edwards curve Ed25519.

HAVE_ED448_CURVE

#define HAVE_ED448_CURVE

Enables the twisted Edwards curve Ed448.

HAVE_SECP256K1_CURVE

#define HAVE_SECP256K1_CURVE

Enables the Koblitz curve Secp256k1.

HAVE_SECP256R1_CURVE

#define HAVE_SECP256R1_CURVE

Enables the verifiably random curve Secp256r1.

HAVE_SECP384R1_CURVE

#define HAVE_SECP384R1_CURVE

Enables the verifiably random curve Secp384r1.

HAVE_SECP521R1_CURVE

#define HAVE_SECP521R1_CURVE

Enables the verifiably random curve Secp521r1.

HAVE_STARK256_CURVE

#define HAVE_STARK256_CURVE

Enables the Stark curve.

Typedef Documentation

cx_curve_dom_param_t

typedef enum cx_curve_dom_param_s cx_curve_dom_param_t

cx_curve_domain_t

typedef struct cx_curve_domain_s cx_curve_domain_t

Convenience type.

See cx_curve_domain_s.

cx_curve_montgomery_t

typedef struct cx_curve_montgomery_s cx_curve_montgomery_t

Convenience type.

See cx_curve_montgomery_s.

cx_curve_t

typedef enum cx_curve_e cx_curve_t

Convenience type.

See cx_curve_e.

cx_curve_twisted_edwards_t

typedef struct cx_curve_twisted_edwards_s cx_curve_twisted_edwards_t

Convenience type.

See cx_curve_twisted_edwards_s.

cx_curve_weierstrass_t

typedef struct cx_curve_weierstrass_s cx_curve_weierstrass_t

Convenience type.

See cx_curve_weierstrass_s.

cx_ecpoint_t

typedef struct cx_ec_point_s cx_ecpoint_t

Convenience type.

See cx_ec_point_s.

Enumeration Type Documentation

cx_curve_dom_param_s

enum cx_curve_dom_param_s

Identifiers of the domain parameters.

Enumerator
CX_CURVE_PARAM_NONE	No parameter.
CX_CURVE_PARAM_A	First coefficient of the curve.
CX_CURVE_PARAM_B	Second coefficient of the curve.
CX_CURVE_PARAM_Field	Curve field.
CX_CURVE_PARAM_Gx	x-coordinate of the curve's generator
CX_CURVE_PARAM_Gy	y-coordinate of the curve's generator
CX_CURVE_PARAM_Order	Order of the generator.
CX_CURVE_PARAM_Cofactor	Cofactor.

cx_curve_e

enum cx_curve_e

List of supported elliptic curves.

Enumerator
CX_CURVE_NONE	Undefined curve.
CX_CURVE_WEIERSTRASS_START	Low limit (not included) of Weierstrass curve ID.
CX_CURVE_SECP256K1	Secp256k1.
CX_CURVE_SECP256R1	Secp256r1.
CX_CURVE_SECP384R1	Secp384r1.
CX_CURVE_SECP521R1	Secp521r1.
CX_CURVE_BrainPoolP256T1	BrainpoolP256t1.
CX_CURVE_BrainPoolP256R1	BrainpoolP256r1.
CX_CURVE_BrainPoolP320T1	BrainpoolP320t1.
CX_CURVE_BrainPoolP320R1	BrainpoolP320r1.
CX_CURVE_BrainPoolP384T1	BrainpoolP384t1.
CX_CURVE_BrainPoolP384R1	Brainpool384r1.
CX_CURVE_BrainPoolP512T1	BrainpoolP512t1.
CX_CURVE_BrainPoolP512R1	BrainpoolP512r1.
CX_CURVE_BLS12_381_G1	BLS12-381 G1.
CX_CURVE_FRP256V1	ANSSI FRP256.
CX_CURVE_Stark256	Stark.
CX_CURVE_WEIERSTRASS_END	High limit (not included) of Weierstrass curve ID.
CX_CURVE_TWISTED_EDWARDS_START	Low limit (not included) of Twisted Edwards curve ID.
CX_CURVE_Ed25519	Ed25519.
CX_CURVE_Ed448	Ed448.
CX_CURVE_TWISTED_EDWARDS_END	High limit (not included) of Twisted Edwards curve ID.
CX_CURVE_MONTGOMERY_START	Low limit (not included) of Montgomery curve ID.
CX_CURVE_Curve25519	Curve25519.
CX_CURVE_Curve448	Curve448.
CX_CURVE_MONTGOMERY_END	High limit (not included) of Montgomery curve ID.

Function Documentation

cx_ecdomain_generator()

SYSCALL cx_err_t cx_ecdomain_generator	(	cx_curve_t	cv,
		uint8_t *	Gx,
		uint8_t *	Gy,
		size_t	len
)

Gets the generator of the curve.

Parameters

[in]	cv	Curve identifier.
[out]	Gx	Buffer to store the x-coordinate of the generator.
[out]	Gy	Buffer to store the y-coordinate of the generator.
[in]	len	Byte length of each coordinate.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE
• CX_INVALID_PARAMETER

cx_ecdomain_generator_bn()

SYSCALL cx_err_t cx_ecdomain_generator_bn	(	cx_curve_t	cv,
		cx_ecpoint_t *	P
)

Gets the generator of the curve and stores it in the point structure.

Parameters

[in]	cv	Curve identifier.
[out]	P	Pointer to the structure where to store the generator.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_INVALID_PARAMETER_SIZE
• CX_EC_INVALID_POINT

cx_ecdomain_parameter()

SYSCALL cx_err_t cx_ecdomain_parameter	(	cx_curve_t	cv,
		cx_curve_dom_param_t	id,
		uint8_t *	p,
		uint32_t	p_len
)

Gets a specific parameter of the curve.

Parameters

[in]	cv	Curve identifier.
[in]	id	Parameter identifier.
[out]	p	Buffer where to store the parameter.
[in]	p_len	Length of the buffer.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE
• CX_INVALID_PARAMETER

cx_ecdomain_parameter_bn()

SYSCALL cx_err_t cx_ecdomain_parameter_bn	(	cx_curve_t	cv,
		cx_curve_dom_param_t	id,
		cx_bn_t	p
)

Stores a specific parameter of the curve as a BN.

Parameters

[in]	cv	Curve identifier.
[in]	id	Parameter identifier.
[out]	p	BN where to store the parameter.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_INVALID_PARAMETER_SIZE

cx_ecdomain_parameters_length()

SYSCALL cx_err_t cx_ecdomain_parameters_length	(	cx_curve_t	cv,
		size_t *	length
)

Gets the byte length of each parameter of the curve.

Parameters

[in]	cv	Curve identifier.
[out]	length	Byte length of each parameter.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE

cx_ecdomain_size()

SYSCALL cx_err_t cx_ecdomain_size	(	cx_curve_t	curve,
		size_t *	length
)

Gets the bit length of each parameter of the curve.

Parameters

[in]	curve	Curve identifier.
[out]	length	Bit length of each parameter.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE

cx_ecpoint_add()

SYSCALL cx_err_t cx_ecpoint_add	(	cx_ecpoint_t *	R,
		const cx_ecpoint_t *	P,
		const cx_ecpoint_t *	Q
)

Adds two points on a curve.

Each point should not be the point at infinity. If one of the point is the point at infinity then the function returns a CX_EC_INFINITE_POINT error.

Parameters

[out]	R	Pointer to the result point.
[in]	P	Pointer to the first point to add. The point must be on the curve.
[in]	Q	Pointer to the second point to add. The point must be on the curve.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INVALID_POINT
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_alloc()

SYSCALL cx_err_t cx_ecpoint_alloc	(	cx_ecpoint_t *	P,
		cx_curve_t	cv
)

Allocates memory for a point on the curve.

Parameters

[in]	P	Pointer to a point.
[in]	cv	Curve on which the point is defined.

Returns

Error code:

• CX_OK on success
• CX_EC_INVALID_CURVE
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_MEMORY_FULL

cx_ecpoint_cmp()

SYSCALL cx_err_t cx_ecpoint_cmp	(	const cx_ecpoint_t *	P,
		const cx_ecpoint_t *	Q,
		bool *	is_equal
)

Compares two points on the same curve.

Parameters

[in]	P	First point to compare.
[in]	Q	Second point to compare.
[out]	is_equal	Boolean which indicates whether the two points are equal or not: 1 if the points are equal 0 otherwise

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_compress()

SYSCALL cx_err_t cx_ecpoint_compress	(	const cx_ecpoint_t *	P,
		uint8_t *	xy_compressed,
		size_t	xy_compressed_len,
		uint32_t *	sign
)

Computes the compressed form of a point.

The compressed form depends on the curve type. For a Weierstrass or a Montgomery curve, the compressed form consists of the x-coordinate and a prefix. For a Twisted Edwards curve the compressed form consists of a y-coordinate and a prefix.

Parameters

[in]	P	Pointer to the point to be compressed.
[out]	xy_compressed	Buffer to hold the compressed coordinate.
[in]	xy_compressed_len	Length of the compressed coordinate in bytes. This should be equal to the length of one coordinate.
[out]	sign	Pointer to the sign of the hidden coordinate: correspond to the least significant bit of the y-coordinate for a Weierstrass or Montgomery curve and of the x-coordinate for a Twisted Edwards curve.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_decompress()

SYSCALL cx_err_t cx_ecpoint_decompress	(	cx_ecpoint_t *	P,
		const uint8_t *	xy_compressed,
		size_t	xy_compressed_len,
		uint32_t	sign
)

Computes the affine coordinates of a point given its compressed form.

Parameters

[out]	P	Pointer to the point.
[in]	xy_compressed	Pointer to the buffer holding the compressed coordinate.
[in]	xy_compressed_len	Length of the compressed coordinate in bytes. This should be equal to the length of one coordinate.
[in]	sign	Sign of the coordinate to recover.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_MEMORY_FULL
• CX_NO_RESIDUE

cx_ecpoint_destroy()

SYSCALL cx_err_t cx_ecpoint_destroy

(

cx_ecpoint_t *

P

)

Destroys a point on the curve.

Parameters

[in]

P

Pointer to the point to destroy. If the pointer is NULL, nothing is done.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_INTERNAL_ERROR

cx_ecpoint_double_scalarmul()

SYSCALL cx_err_t cx_ecpoint_double_scalarmul	(	cx_ecpoint_t *	R,
		cx_ecpoint_t *	P,
		cx_ecpoint_t *	Q,
		const uint8_t *	k,
		size_t	k_len,
		const uint8_t *	r,
		size_t	r_len
)

Performs a double scalar multiplication.

This implements the Straus-Shamir algorithm for computing R = [k]P + [r]Q. This should be used only for non-secret computations.

Parameters

[out]	R	Pointer to the result.
[in]	P	Pointer to the first point.
[in]	Q	Pointer to the second point.
[in]	k	Pointer to the first scalar.
[in]	k_len	Length of the first scalar.
[in]	r	Pointer to the second scalar.
[in]	r_len	Length of the second scalar.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_MEMORY_FULL
• CX_EC_INFINITE_POINT

cx_ecpoint_double_scalarmul_bn()

SYSCALL cx_err_t cx_ecpoint_double_scalarmul_bn	(	cx_ecpoint_t *	R,
		cx_ecpoint_t *	P,
		cx_ecpoint_t *	Q,
		const cx_bn_t	bn_k,
		const cx_bn_t	bn_r
)

Performs a double scalar multiplication given the BN indexes of the scalars.

This implements the Straus-Shamir algorithm for computing R = [k]P + [r]Q. This should be used only for non-secret computations.

Parameters

[out]	R	Pointer to the result.
[in]	P	Pointer to the first point.
[in]	Q	Pointer to the second point.
[in]	bn_k	BN index of the first scalar.
[in]	bn_r	BN index of the second scalar.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_MEMORY_FULL
• CX_EC_INFINITE_POINT

cx_ecpoint_export()

SYSCALL cx_err_t cx_ecpoint_export	(	const cx_ecpoint_t *	P,
		uint8_t *	x,
		size_t	x_len,
		uint8_t *	y,
		size_t	y_len
)

Exports a point.

Fills two distinct buffers with the x-coordinate and the y-coordinate of the point. If the point is not in affine representation, it will be normalized first.

Parameters

[in]	P	Pointer to the point to export.
[out]	x	Buffer for the x-coordinate.
[in]	x_len	Length of the x buffer.
[out]	y	Buffer for the y-coordinate.
[in]	y_len	Length of the y buffer.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_export_bn()

SYSCALL cx_err_t cx_ecpoint_export_bn	(	const cx_ecpoint_t *	P,
		cx_bn_t *	x,
		cx_bn_t *	y
)

Exports a point using BN indexes of the coordinates.

Parameters

[in]	P	Pointer to the point to export.
[out]	x	Pointer to the BN index of the x-coordinate.
[out]	y	Pointer to the BN index of the y-coordinate.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_init()

SYSCALL cx_err_t cx_ecpoint_init	(	cx_ecpoint_t *	P,
		const uint8_t *	x,
		size_t	x_len,
		const uint8_t *	y,
		size_t	y_len
)

Initializes a point on the curve.

Parameters

[in]	P	Pointer to the point to initialize.
[in]	x	x-coordinate of the point. This must belong to the curve field.
[in]	x_len	Length of the x-coordinate. This must be at most equal to the curve's domain number of bytes.
[in]	y	y-coordinate of the point. This must belong to the curve field.
[in]	y_len	Length of the y-coordinate. This must be at most equal to the curve's domain number of bytes.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE

cx_ecpoint_init_bn()

SYSCALL cx_err_t cx_ecpoint_init_bn	(	cx_ecpoint_t *	P,
		const cx_bn_t	x,
		const cx_bn_t	y
)

Initializes a point on the curve with the BN indexes of the coordinates.

Parameters

[in]	P	Pointer to the point to initialize.
[in]	x	BN index of the x-coordinate. The coordinate must belong to the base field.
[in]	y	BN index of the y-coordinate. The coordinate must belong to the base field.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE

cx_ecpoint_is_at_infinity()

SYSCALL cx_err_t cx_ecpoint_is_at_infinity	(	const cx_ecpoint_t *	R,
		bool *	is_at_infinity
)

Checks whether a given point is the point at infinity.

The point at infinity has a z-coordinate equal to 0.

Parameters

[in]	R	Pointer to the point to check.
[out]	is_at_infinity	Boolean which indicates whether the point is at infinity or not: 1 if the point is at infinity 0 otherwise

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE

cx_ecpoint_is_on_curve()

SYSCALL cx_err_t cx_ecpoint_is_on_curve	(	const cx_ecpoint_t *	R,
		bool *	is_on_curve
)

Checks whether a given point is on the curve.

Parameters

[in]	R	Pointer to the point to check.
[out]	is_on_curve	Boolean which indicates whether the point is on the curve or not: 1 if the point is on the curve 0 otherwise

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_neg()

SYSCALL cx_err_t cx_ecpoint_neg

(

cx_ecpoint_t *

P

)

Computes the opposite of a point.

The point should not be the point at infinity, otherwise the function returns a CX_EC_INFINITE_POINT error.

Parameters

[in,out]

P

Pointer to a point of the curve. This will hold the result.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_CURVE
• CX_EC_INVALID_POINT
• CX_MEMORY_FULL
• CX_EC_INFINITE_POINT

cx_ecpoint_rnd_fixed_scalarmul()

SYSCALL cx_err_t cx_ecpoint_rnd_fixed_scalarmul	(	cx_ecpoint_t *	P,
		const uint8_t *	k,
		size_t	k_len
)

Performs a secure scalar multiplication with a fixed scalar length.

Parameters

[in,out]	P	Pointer to a point on a curve. This will hold the result.
[in]	k	Pointer to the scalar. The scalar is an integer at least equal to 0 and at most equal to the order of the curve minus 1.
[in]	k_len	Length of the scalar. This should be equal to the domain length.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_rnd_scalarmul()

SYSCALL cx_err_t cx_ecpoint_rnd_scalarmul	(	cx_ecpoint_t *	P,
		const uint8_t *	k,
		size_t	k_len
)

Performs a secure scalar multiplication.

Parameters

[in,out]	P	Pointer to a point on a curve. This will hold the result.
[in]	k	Pointer to the scalar. The scalar is an integer at least equal to 0 and at most equal to the order of the curve minus 1.
[in]	k_len	Length of the scalar. This should be equal to the domain length.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_rnd_scalarmul_bn()

SYSCALL cx_err_t cx_ecpoint_rnd_scalarmul_bn	(	cx_ecpoint_t *	P,
		const cx_bn_t	bn_k
)

Performs a secure scalar multiplication given the BN index of the scalar.

Parameters

[in,out]	P	Pointer to a point on a curve. This will hold the result.
[in]	bn_k	BN index of the scalar. The scalar is an integer at least equal to 0 and at most equal to the order of the curve minus 1.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_scalarmul()

SYSCALL cx_err_t cx_ecpoint_scalarmul	(	cx_ecpoint_t *	P,
		const uint8_t *	k,
		size_t	k_len
)

Performs a scalar multiplication.

Warning

This should be called only for non critical purposes. It is recommended to use cx_ecpoint_rnd_scalarmul or cx_ecpoint_rnd_fixed_scalarmul rather than this function.

Parameters

[in,out]	P	Pointer to a point on a curve. This will hold the result.
[in]	k	Pointer to the scalar. The scalar is an integer at least equal to 0 and at most equal to the order of the curve minus 1.
[in]	k_len	Length of the scalar.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

cx_ecpoint_scalarmul_bn()

SYSCALL cx_err_t cx_ecpoint_scalarmul_bn	(	cx_ecpoint_t *	P,
		const cx_bn_t	bn_k
)

Performs a scalar multiplication given the BN index of the scalar.

Warning

This should be called only for non critical purposes. It is recommended to use cx_ecpoint_rnd_scalarmul_bn rather than this function.

Parameters

[in,out]	P	Pointer to a point on a curve. This will hold the result.
[in]	bn_k	BN index of the scalar. The scalar is an integer at least equal to 0 and at most equal to the order of the curve minus 1.

Returns

Error code:

• CX_OK on success
• CX_NOT_LOCKED
• CX_INVALID_PARAMETER
• CX_EC_INVALID_POINT
• CX_EC_INVALID_CURVE
• CX_EC_INFINITE_POINT
• CX_MEMORY_FULL

Back to the files list

---

Did you find this page helpful?

How would you improve this page for developers?

I am a developer.
Contributors will be chosen randomly to receive rewards. Check this box to send your email and participate.

Ledger collects your email address to send you rewards for your contribution to improve the Developer Portal documentation. Learn more about how we manage your data and your rights.

By providing your email address, you consent that Ledger may contact you for rewards delivery purposes. If you are part of the randomly selected contributors, we will send you an email to ask for your physical address and if necessary, ask you for additional information on the suggestion you made. Your information will only be available to Ledger and will be retained for no longer than 90 days. It may be transferred to non-European countries that ensure an adequate level of protection or under the standard contractual clauses adopted by the EU Commission.

Please note that you may withdraw your consent at any time, access your data and request their rectification or deletion. You may also request the limitation of the processing of your data. To exercise your rights or for any question on the processing of your data, please contact LEDGER’s Data Protection Officer here. If nevertheless you believe LEDGER did not adequately address your concerns and mishandled your data, you may lodge a complaint with the personal data protection authority of your country.