Elliptic Curves

Module Functionality
Provides elliptic curve cryptography—generation of public/private keypairs, the diffie-hellman key exchange protocol, and digital signature algorithm. The behavior of an elliptic curve over a finite field lends to a cryptosystem that is harder to crack than traditional public key encryption methods such as RSA.

Macros

CRYPTX_KEYLEN_EC_PRIVKEY

Defines the byte length of a private key used by this module.

CRYPTX_KEYLEN_EC_PUBKEY

Defines the byte length of a public key used by this module.

CRYPTX_KEYLEN_EC_SECRET

Defines the byte length of a secret generated by this module.

Response Codes

enum ec_error_t

Defines possible response codes from calls to the EC API.

Values:

enumerator EC_OK
enumerator EC_INVALID_ARG
enumerator EC_PRIVKEY_INVALID
enumerator EC_RPUBKEY_INVALID

Functions

ec_error_t cryptx_ec_keygen(uint8_t *privkey, uint8_t *pubkey)

Generates a pair of public/private keys over SECT233k1.

These keys are valid for ECDH and ECDSA.

Parameters

  • privkey – Pointer to EC private key buffer.

  • pubkey – Pointer to EC public key buffer.

Returns

A random 29-byte EC private key and associated public key.

Returns

A response code indicating the return status of this function.

ec_error_t cryptx_ec_secret(const uint8_t *privkey, const uint8_t *rpubkey, uint8_t *secret)

Computes a secret given a private key and remote public key using the elliptic curve variant of the diffie-hellman key exchange algorithm (ECDH).

Parameters

  • privkey – Pointer to local private key.

  • rpubkey – Pointer to remote public key.

  • secret – Pointer to buffer to write shared secret to.

Returns

An ECDH secret for use with a symmetric encryption algorithm.

Returns

A response code indicating the return status of this function. 

struct _ec_keys {
  uint8_t privkey[CRYPTX_KEYLEN_EC_PRIVKEY];
  uint8_t pubkey[CRYPTX_KEYLEN_EC_PUBKEY];
};

struct _ec_keys ec_keys;
uint8_t secret[CRYPTX_KEYLEN_EC_SECRET],
        rpubkey[CRYPTX_KEYLEN_EC_PUBKEY];

if(cryptx_ec_keygen(ec_keys.privkey, ec_keys.pubkey) != EC_OK) return;
network_send(ec_keys.pubkey, sizeof(ec_keys.pubkey));

// await remote public key
network_recv(rpubkey, NULL);

if(cryptx_ec_secret(ec_keys.privkey, rpubkey, secret) != EC_OK) return;
// secret should now be the same for both parties