Struct esp_idf_sys::mbedtls_ecp_group

#[repr(C)]
pub struct mbedtls_ecp_group {

    pub id: mbedtls_ecp_group_id,
    pub P: mbedtls_mpi,
    pub A: mbedtls_mpi,
    pub B: mbedtls_mpi,
    pub G: mbedtls_ecp_point,
    pub N: mbedtls_mpi,
    pub pbits: usize,
    pub nbits: usize,
    pub h: c_uint,
    pub modp: Option<unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> c_int>,
    pub t_pre: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>,
    pub t_post: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>,
    pub t_data: *mut c_void,
    pub T: *mut mbedtls_ecp_point,
    pub T_size: usize,
}

\brief The ECP group structure.

We consider two types of curve equations:

• Short Weierstrass: y^2 = x^3 + A x + B mod P (SEC1 + RFC-4492)
• Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, Curve448)

In both cases, the generator (\p G) for a prime-order subgroup is fixed.

For Short Weierstrass, this subgroup is the whole curve, and its cardinality is denoted by \p N. Our code requires that \p N is an odd prime as mbedtls_ecp_mul() requires an odd number, and mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.

For Montgomery curves, we do not store \p A, but (A + 2) / 4, which is the quantity used in the formulas. Additionally, \p nbits is not the size of \p N but the required size for private keys.

If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the range of 0..2^(2*pbits)-1, and transforms it in-place to an integer which is congruent mod \p P to the given MPI, and is close enough to \p pbits in size, so that it may be efficiently brought in the 0..P-1 range by a few additions or subtractions. Therefore, it is only an approximative modular reduction. It must return 0 on success and non-zero on failure.

\note Alternative implementations must keep the group IDs distinct. If two group structures have the same ID, then they must be identical.

Fields

id: mbedtls_ecp_group_id

< An internal group identifier.

P: mbedtls_mpi

< The prime modulus of the base field.

A: mbedtls_mpi

< For Short Weierstrass: \p A in the equation. For Montgomery curves: (A + 2) / 4.

B: mbedtls_mpi

< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused.

G: mbedtls_ecp_point

< The generator of the subgroup used.

N: mbedtls_mpi

< The order of \p G.

pbits: usize

< The number of bits in \p P.

nbits: usize

< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys.

h: c_uint

< \internal 1 if the constants are static.

modp: Option<unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> c_int>

< The function for fast pseudo-reduction mod \p P (see above).

t_pre: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>

< Unused.

t_post: Option<unsafe extern "C" fn(arg1: *mut mbedtls_ecp_point, arg2: *mut c_void) -> c_int>

< Unused.

t_data: *mut c_void

< Unused.

T: *mut mbedtls_ecp_point

< Pre-computed points for ecp_mul_comb().

T_size: usize

< The number of pre-computed points.

Trait Implementations

impl Clone for mbedtls_ecp_group

fn clone(&self) -> mbedtls_ecp_group

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for mbedtls_ecp_group

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for mbedtls_ecp_group

fn default() -> Self

Returns the “default value” for a type.

impl Copy for mbedtls_ecp_group