EC(2)                                                       EC(2)

          secp256r1, secp256k1, secp384r1, ecdominit, ecdomfree,
          ecassign, ecadd, ecmul, strtoec, ecgen, ecverify,
          ecpubverify, ecdsasign, ecdsaverify, ecencodepub,
          ecdecodepub, ecpubfree, X509toECpub, X509ecdsaverify,
          X509ecdsaverifydigest - elliptic curve cryptography

          #include <u.h>
          #include <libc.h>
          #include <mp.h>
          #include <libsec.h>

          void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
          *y, mpint *n, mpint *h)

          void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
          *y, mpint *n, mpint *h)

          void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
          *y, mpint *n, mpint *h)

          void ecdominit(ECdomain *dom, void (*init)(mpint *p, mpint
          *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h))

          void ecdomfree(ECdomain *dom)

          void ecassign(ECdomain *dom, ECpoint *old, ECpoint *new)

          void ecadd(ECdomain *dom, ECpoint *a, ECpoint *b, ECpoint

          void ecmul(ECdomain *dom, ECpoint *a, mpint *k, ECpoint *s)

          ECpoint*  strtoec(ECdomain *dom, char *s, char **rptr,
          ECpoint *p)

          ECpriv*   ecgen(ECdomain *dom, ECpriv *p)

          int  ecverify(ECdomain *dom, ECpoint *p)

          int  ecpubverify(ECdomain *dom, ECpub *p)

          void ecdsasign(ECdomain *dom, ECpriv *priv, uchar *dig, int
          dlen, mpint *r, mpint *s)

          int  ecdsaverify(ECdomain *dom, ECpub *pub, uchar *dig, int
          dlen, mpint *r, mpint *s)

          int  ecencodepub(ECdomain *dom, ECpub *pub, uchar *data, int

     Page 1                       Plan 9             (printed 7/23/24)

     EC(2)                                                       EC(2)


          ECpub*    ecdecodepub(ECdomain *dom, uchar *data, int len)

          void ecpubfree(ECpub *p);

          ECpub*    X509toECpub(uchar *cert, int ncert, char *name,
          int nname, ECdomain *dom)

          char*     X509ecdsaverify(uchar *cert, int ncert, ECdomain
          *dom, ECpub *pub)

          char*     X509ecdsaverifydigest(uchar *sig, int siglen,
          uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)

          These functions implement elliptic curve cryptography.  An
          elliptic curve together with cryptographic parameters are
          specified using an ECdomain struct.  Points on the curve are
          represented by ECpoint structs.

          ecdominit initializes a ECdomain struct and calls the init
          function such as secp256r1 which fills in the parameters of
          the curve.

          ecdomfree frees the parameters of the curve and zeros the
          struct. It does not free the memory of the struct itself.

          ecassign, ecadd and ecmul are analogous to their counter-
          parts in mp(2).

          strtoec converts a hex string representing an octet string
          as specified in Standards for Efficient Cryptography (SEC) 1
          to an ECpoint struct. Both uncompressed and compressed for-
          mats are supported.  If rptr is not nil, it is used to
          return the position in the string where the parser stopped.
          If p is nil space is allocated automatically, else the given
          struct is used.

          ecverify and ecpubverify verify that the given point or pub-
          lic key, respectively, is valid.

          ecgen generates a keypair and returns a pointer to it.  If p
          is nil space is allocated automatically, else the given
          struct is used.

          ecdsasign and ecdsaverify create or verify, respectively, a
          signature using the ECDSA scheme specified in SEC 1. It is
          absolutely vital that dig is a cryptographic hash to the
          message.  ecdsasign writes the signature to r and s which
          are assumed to be allocated properly.

     Page 2                       Plan 9             (printed 7/23/24)

     EC(2)                                                       EC(2)

          ecencodepub and ecdecodepub handle encoding and decoding of
          public keys in uncompressed format.  Note that ecdecodepub
          also verifies that the public key is valid in the specified

          ecpubfree frees a ECpub structure and its associated mem-

          Given a binary X.509 cert, the function X509toECpub initial-
          izes domain parameters and returns the ECDSA public key. if
          name is not nil, the CN part of the Distinguished Name of
          the certificate's Subject is returned.  X509ecdsaverify and
          X509ecdsaverifydigest are analogs to the routines described
          by rsa(2).

          *verify functions return 1 for a positive result.  Functions
          returning pointers may return nil in case of error (e.g.
          failing malloc(2)).


          Standards for Efficient Cryptography (SEC) 1: Elliptic Curve
          Cryptography - Certicom Research, 2009

          This implementation of elliptic curve cryptography first
          appeared in 9front (June, 2012).

     Page 3                       Plan 9             (printed 7/23/24)