Lines Matching refs:grp
56 * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) )
246 int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
253 if (grp->pbits >= 512) {
255 } else if (grp->pbits >= 384) {
486 mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp)
488 if (grp->G.X.p == NULL) {
492 if (grp->G.Y.p == NULL) {
512 void mbedtls_ecp_group_init(mbedtls_ecp_group *grp)
514 grp->id = MBEDTLS_ECP_DP_NONE;
515 mbedtls_mpi_init(&grp->P);
516 mbedtls_mpi_init(&grp->A);
517 mbedtls_mpi_init(&grp->B);
518 mbedtls_ecp_point_init(&grp->G);
519 mbedtls_mpi_init(&grp->N);
520 grp->pbits = 0;
521 grp->nbits = 0;
522 grp->h = 0;
523 grp->modp = NULL;
524 grp->t_pre = NULL;
525 grp->t_post = NULL;
526 grp->t_data = NULL;
527 grp->T = NULL;
528 grp->T_size = 0;
536 mbedtls_ecp_group_init(&key->grp);
556 * Check that the comb table (grp->T) is static initialized.
558 static int ecp_group_is_static_comb_table(const mbedtls_ecp_group *grp)
561 return grp->T != NULL && grp->T_size == 0;
563 (void) grp;
571 void mbedtls_ecp_group_free(mbedtls_ecp_group *grp)
575 if (grp == NULL) {
579 if (grp->h != 1) {
580 mbedtls_mpi_free(&grp->A);
581 mbedtls_mpi_free(&grp->B);
582 mbedtls_ecp_point_free(&grp->G);
585 mbedtls_mpi_free(&grp->N);
586 mbedtls_mpi_free(&grp->P);
590 if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) {
591 for (i = 0; i < grp->T_size; i++) {
592 mbedtls_ecp_point_free(&grp->T[i]);
594 mbedtls_free(grp->T);
597 mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group));
609 mbedtls_ecp_group_free(&key->grp);
691 int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
703 plen = mbedtls_mpi_size(&grp->P);
707 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
717 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
760 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
769 int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
779 plen = mbedtls_mpi_size(&grp->P);
782 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
790 if (grp->id == MBEDTLS_ECP_DP_CURVE25519) {
799 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
826 return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y,
844 int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
868 return mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len);
877 int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
894 if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format,
911 int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
920 return mbedtls_ecp_group_load(grp, grp_id);
927 int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
956 *grp = curve_info->grp_id;
964 int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen,
968 if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) {
999 static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp)
1003 if (grp->modp == NULL) {
1004 return mbedtls_mpi_mod_mpi(N, N, &grp->P);
1009 mbedtls_mpi_bitlen(N) > 2 * grp->pbits) {
1013 MBEDTLS_MPI_CHK(grp->modp(N));
1017 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P));
1020 while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) {
1022 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P));
1051 MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \
1055 static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp,
1074 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \
1078 static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp,
1096 while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \
1097 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P))
1099 static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp,
1112 static inline int mbedtls_mpi_mul_int_mod(const mbedtls_ecp_group *grp,
1126 static inline int mbedtls_mpi_sub_int_mod(const mbedtls_ecp_group *grp,
1140 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c))
1143 static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp,
1161 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B))
1164 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B))
1167 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B))
1170 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A))
1173 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c))
1176 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P))
1182 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count))
1195 MBEDTLS_MPI_CHK(mbedtls_mpi_random((X), 2, &grp->P, f_rng, p_rng))
1198 * Needs grp and a temporary MPI tmp to be defined. */
1203 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \
1225 static int ecp_sw_rhs(const mbedtls_ecp_group *grp,
1235 if (mbedtls_ecp_group_a_is_minus_3(grp)) {
1238 MPI_ECP_ADD(rhs, rhs, &grp->A);
1242 MPI_ECP_ADD(rhs, rhs, &grp->B);
1251 static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp,
1265 if (mbedtls_mpi_get_bit(&grp->P, 0) != 1 ||
1266 mbedtls_mpi_get_bit(&grp->P, 1) != 1) {
1275 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, Y, X));
1279 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&exp, &grp->P, 1));
1282 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(Y, Y /*y^2*/, &exp, &grp->P, NULL));
1290 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(Y, &grp->P, Y));
1314 static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt)
1321 if (mbedtls_internal_ecp_grp_capable(grp)) {
1322 return mbedtls_internal_ecp_normalize_jac(grp, pt);
1360 static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp,
1364 return ecp_normalize_jac(grp, *T);
1368 if (mbedtls_internal_ecp_grp_capable(grp)) {
1369 return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size);
1433 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n));
1434 MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n));
1457 static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp,
1486 static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
1495 if (mbedtls_internal_ecp_grp_capable(grp)) {
1496 return mbedtls_internal_ecp_double_jac(grp, R, P);
1506 if (mbedtls_ecp_group_a_is_minus_3(grp)) {
1519 if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) {
1523 MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A);
1583 static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
1592 if (mbedtls_internal_ecp_grp_capable(grp)) {
1593 return mbedtls_internal_ecp_add_mixed(grp, R, P, Q);
1641 ret = ecp_double_jac(grp, R, P, tmp);
1681 static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
1685 if (mbedtls_internal_ecp_grp_capable(grp)) {
1686 return mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng);
1849 static int ecp_precompute_comb(const mbedtls_ecp_group *grp,
1916 MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp));
1940 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
1958 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp));
1980 MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j));
2012 static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2029 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7));
2043 static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2078 MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i]));
2080 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng));
2088 MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp));
2089 MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i]));
2090 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp));
2121 static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp,
2135 if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) {
2144 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m));
2164 static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp,
2190 MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w,
2192 MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d,
2194 MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick));
2216 MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng));
2219 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR));
2234 static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp,
2244 w = grp->nbits >= 384 ? 5 : 4;
2265 if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) {
2269 if (w >= grp->nbits) {
2289 static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2305 p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 &&
2306 MPI_ECP_CMP(&P->X, &grp->G.X) == 0);
2312 w = ecp_pick_window_size(grp, p_eq_g);
2314 d = (grp->nbits + w - 1) / w;
2317 if (p_eq_g && grp->T != NULL) {
2319 T = grp->T;
2351 MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx));
2356 grp->T = T;
2357 grp->T_size = T_size;
2362 MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m,
2369 if (T == grp->T) {
2423 static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P)
2426 if (mbedtls_internal_ecp_grp_capable(grp)) {
2427 return mbedtls_internal_ecp_normalize_mxz(grp, P);
2452 static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
2456 if (mbedtls_internal_ecp_grp_capable(grp)) {
2457 return mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng);
2499 static int ecp_double_add_mxz(const mbedtls_ecp_group *grp,
2506 if (mbedtls_internal_ecp_grp_capable(grp)) {
2507 return mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d);
2526 MPI_ECP_MUL(&R->Z, &grp->A, &T[0]); /* A * (Pp^2 - Pm^2) */
2545 static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2577 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng));
2580 i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
2592 MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX, tmp));
2608 MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng));
2609 MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R));
2626 static int ecp_mul_restartable_internal(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2646 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
2647 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
2661 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m));
2662 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
2667 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
2668 MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng));
2672 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
2673 MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx));
2681 mbedtls_internal_ecp_free(grp);
2697 int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2706 return ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx);
2712 int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2716 return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL);
2725 static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
2733 mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 ||
2734 mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) {
2745 MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X));
2765 static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp,
2776 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
2779 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
2782 MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P));
2786 MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P,
2801 mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2814 if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
2842 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx));
2850 MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx));
2853 if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) {
2854 MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp));
2866 MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp));
2875 MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR));
2889 mbedtls_internal_ecp_free(grp);
2904 int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
2908 return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL);
3004 static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt)
3009 if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) {
3020 return ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id);
3027 int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
3036 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3037 return ecp_check_pubkey_mx(grp, pt);
3041 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3042 return ecp_check_pubkey_sw(grp, pt);
3051 int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
3055 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3059 mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */
3064 if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) {
3072 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3075 mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
3137 int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
3143 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3144 return mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng);
3149 if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3150 return mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng);
3161 int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
3168 MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
3169 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng));
3178 int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
3183 return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng);
3193 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
3197 return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
3207 if (key->grp.id == MBEDTLS_ECP_DP_NONE) {
3209 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
3212 } else if (key->grp.id != grp_id) {
3230 if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) {
3237 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3284 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3290 MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
3312 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3313 if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) {
3318 } else if (key->grp.id == MBEDTLS_ECP_DP_CURVE448) {
3327 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3341 size_t len = (key->grp.nbits + 7) / 8;
3355 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
3361 if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
3377 return mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
3392 mbedtls_ecp_group grp;
3393 if (pub->grp.id == MBEDTLS_ECP_DP_NONE ||
3394 pub->grp.id != prv->grp.id ||
3402 mbedtls_ecp_group_init(&grp);
3405 mbedtls_ecp_group_copy(&grp, &prv->grp);
3408 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng));
3419 mbedtls_ecp_group_free(&grp);
3428 return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G,
3436 return key->grp.id;
3442 int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
3447 if (grp != NULL && (ret = mbedtls_ecp_group_copy(grp, &key->grp)) != 0) {
3489 static int self_test_adjust_exponent(const mbedtls_ecp_group *grp,
3493 switch (grp->id) {
3502 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1));
3506 mbedtls_mpi_set_bit(m, grp->nbits - 1,
3513 (void) grp;
3524 mbedtls_ecp_group *grp,
3539 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
3540 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL));
3551 MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m));
3552 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL));
3581 mbedtls_ecp_group grp;
3614 mbedtls_ecp_group_init(&grp);
3622 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1));
3624 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id));
3632 MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL));
3634 &grp, &R, &m, &grp.G,
3646 &grp, &R, &m, &P,
3653 mbedtls_ecp_group_free(&grp);
3662 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519));
3664 MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448));
3669 &grp, &R, &m, &grp.G,
3683 mbedtls_ecp_group_free(&grp);