1 /******************************************************************************
2  *
3  *  Copyright 2006-2015 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains simple pairing algorithms using Elliptic Curve
22  *Cryptography for private public key
23  *
24  ******************************************************************************/
25 
26 #pragma once
27 
28 #include "security/ecc/multprecision.h"
29 
30 namespace bluetooth {
31 namespace security {
32 namespace ecc {
33 
34 struct Point {
35   uint32_t x[KEY_LENGTH_DWORDS_P256];
36   uint32_t y[KEY_LENGTH_DWORDS_P256];
37   uint32_t z[KEY_LENGTH_DWORDS_P256];
38 };
39 
40 struct elliptic_curve_t {
41   // curve's coefficients
42   uint32_t a[KEY_LENGTH_DWORDS_P256];
43   uint32_t b[KEY_LENGTH_DWORDS_P256];
44 
45   // prime modulus
46   uint32_t p[KEY_LENGTH_DWORDS_P256];
47 
48   // Omega, p = 2^m -omega
49   uint32_t omega[KEY_LENGTH_DWORDS_P256];
50 
51   // base point, a point on E of order r
52   Point G;
53 };
54 
55 // P-256 elliptic curve, as per BT Spec 5.1 Vol 2, Part H 7.6
56 static constexpr elliptic_curve_t curve_p256{
57     .a = {0},
58     .b = {0x27d2604b, 0x3bce3c3e, 0xcc53b0f6, 0x651d06b0, 0x769886bc, 0xb3ebbd55, 0xaa3a93e7, 0x5ac635d8},
59     .p = {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x0, 0x0, 0x0, 0x00000001, 0xFFFFFFFF},
60     .omega = {0},
61 
62     .G = {.x = {0xd898c296, 0xf4a13945, 0x2deb33a0, 0x77037d81, 0x63a440f2, 0xf8bce6e5, 0xe12c4247, 0x6b17d1f2},
63           .y = {0x37bf51f5, 0xcbb64068, 0x6b315ece, 0x2bce3357, 0x7c0f9e16, 0x8ee7eb4a, 0xfe1a7f9b, 0x4fe342e2},
64           .z = {0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000}},
65 };
66 
67 /* This function checks that point is on the elliptic curve*/
68 bool ECC_ValidatePoint(const Point& point);
69 
70 void ECC_PointMult_Bin_NAF(Point* q, const Point* p, uint32_t* n);
71 
72 #define ECC_PointMult(q, p, n) ECC_PointMult_Bin_NAF(q, p, n)
73 
74 }  // namespace ecc
75 }  // namespace security
76 }  // namespace bluetooth
77