EC(2) EC(2)
NAME
secp256r1, secp256k1, secp384r1, ecdominit, ecdomfree,
ecassign, ecadd, ecmul, strtoec, ecgen, ecverify,
ecpubverify, ecdsasign, ecdsaverify, ecencodepub,
ecdecodepub, ecpubfree, X509toECpub, X509ecdsaverify,
X509ecdsaverifydigest - elliptic curve cryptography
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>
void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
*y, mpint *n, mpint *h)
void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
*y, mpint *n, mpint *h)
void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint
*y, mpint *n, mpint *h)
void ecdominit(ECdomain *dom, void (*init)(mpint *p, mpint
*a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h))
void ecdomfree(ECdomain *dom)
void ecassign(ECdomain *dom, ECpoint *old, ECpoint *new)
void ecadd(ECdomain *dom, ECpoint *a, ECpoint *b, ECpoint
*s)
void ecmul(ECdomain *dom, ECpoint *a, mpint *k, ECpoint *s)
ECpoint* strtoec(ECdomain *dom, char *s, char **rptr,
ECpoint *p)
ECpriv* ecgen(ECdomain *dom, ECpriv *p)
int ecverify(ECdomain *dom, ECpoint *p)
int ecpubverify(ECdomain *dom, ECpub *p)
void ecdsasign(ECdomain *dom, ECpriv *priv, uchar *dig, int
dlen, mpint *r, mpint *s)
int ecdsaverify(ECdomain *dom, ECpub *pub, uchar *dig, int
dlen, mpint *r, mpint *s)
int ecencodepub(ECdomain *dom, ECpub *pub, uchar *data, int
Page 1 Plan 9 (printed 11/17/25)
EC(2) EC(2)
len)
ECpub* ecdecodepub(ECdomain *dom, uchar *data, int len)
void ecpubfree(ECpub *p);
ECpub* X509toECpub(uchar *cert, int ncert, char *name,
int nname, ECdomain *dom)
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain
*dom, ECpub *pub)
char* X509ecdsaverifydigest(uchar *sig, int siglen,
uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
DESCRIPTION
These functions implement elliptic curve cryptography. An
elliptic curve together with cryptographic parameters are
specified using an ECdomain struct. Points on the curve are
represented by ECpoint structs.
ecdominit initializes a ECdomain struct and calls the init
function such as secp256r1 which fills in the parameters of
the curve.
ecdomfree frees the parameters of the curve and zeros the
struct. It does not free the memory of the struct itself.
ecassign, ecadd and ecmul are analogous to their counter-
parts in mp(2).
strtoec converts a hex string representing an octet string
as specified in Standards for Efficient Cryptography (SEC) 1
to an ECpoint struct. Both uncompressed and compressed for-
mats are supported. If rptr is not nil, it is used to
return the position in the string where the parser stopped.
If p is nil space is allocated automatically, else the given
struct is used.
ecverify and ecpubverify verify that the given point or pub-
lic key, respectively, is valid.
ecgen generates a keypair and returns a pointer to it. If p
is nil space is allocated automatically, else the given
struct is used.
ecdsasign and ecdsaverify create or verify, respectively, a
signature using the ECDSA scheme specified in SEC 1. It is
absolutely vital that dig is a cryptographic hash to the
message. ecdsasign writes the signature to r and s which
are assumed to be allocated properly.
Page 2 Plan 9 (printed 11/17/25)
EC(2) EC(2)
ecencodepub and ecdecodepub handle encoding and decoding of
public keys in uncompressed format. Note that ecdecodepub
also verifies that the public key is valid in the specified
domain.
ecpubfree frees a ECpub structure and its associated mem-
bers.
Given a binary X.509 cert, the function X509toECpub initial-
izes domain parameters and returns the ECDSA public key. if
name is not nil, the CN part of the Distinguished Name of
the certificate's Subject is returned. X509ecdsaverify and
X509ecdsaverifydigest are analogs to the routines described
by rsa(2).
RETURN VALUE
*verify functions return 1 for a positive result. Functions
returning pointers may return nil in case of error (e.g.
failing malloc(2)).
SOURCE
/sys/src/libsec/port/ecc.c
SEE ALSO
rsa(2)
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve
Cryptography - Certicom Research, 2009
HISTORY
This implementation of elliptic curve cryptography first
appeared in 9front (June, 2012).
Page 3 Plan 9 (printed 11/17/25)