Add public function generating private keys

This will be useful for restartable ECDH and ECDSA. Currently they call mbedtls_ecp_gen_keypair(); one could make that one restartable, but that means adding its own sub-context, while ECDH and ECDSA (will) have their own contexts already, so switching to this saves one extra context.
2025-11-03 20:22:59 -05:00 · 2017-04-20 15:37:46 +02:00 · 2017-04-20 15:37:46 +02:00 · a7937f9967
commit a7937f9967
parent 1631d63d0c
2 changed files with 39 additions and 11 deletions
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -727,6 +727,22 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_po
 */
 int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );

+/**
+ * \brief           Generate a private key
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
+                     mbedtls_mpi *d,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
 /**
 * \brief           Generate a keypair with configurable base point
 *
--- a/library/ecp.c
+++ b/library/ecp.c
@ -2495,15 +2495,14 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *
 }

 /*
- * Generate a keypair with configurable base point
+ * Generate a private key
 */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
+int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
+                     mbedtls_mpi *d,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
    size_t n_size = ( grp->nbits + 7 ) / 8;

 #if defined(ECP_MONTGOMERY)
@ -2528,8 +2527,8 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
    }
-    else
 #endif /* ECP_MONTGOMERY */
+
 #if defined(ECP_SHORTWEIERSTRASS)
    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
    {
@ -2565,15 +2564,28 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
               mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
    }
-    else
 #endif /* ECP_SHORTWEIERSTRASS */
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );

 cleanup:
-    if( ret != 0 )
-        return( ret );
+    return( ret );
+}

-    return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+/*
+ * Generate a keypair with configurable base point
+ */
+int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
+                     const mbedtls_ecp_point *G,
+                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+
+cleanup:
+    return( ret );
 }

 /*