From 661536677b66a81ffbe0cb7c745c1da1893d786e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 3 Dec 2013 14:12:26 +0100
Subject: [PATCH] Add Curve25519 to known groups

---
 include/polarssl/config.h |  4 ++++
 include/polarssl/ecp.h    |  8 +++++++-
 library/ecp_curves.c      | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index bdd40af15..0b76f0853 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -248,6 +248,10 @@
 #define POLARSSL_ECP_DP_BP256R1_ENABLED
 #define POLARSSL_ECP_DP_BP384R1_ENABLED
 #define POLARSSL_ECP_DP_BP512R1_ENABLED
+//#define POLARSSL_ECP_DP_M221_ENABLED  // Not implemented yet!
+#define POLARSSL_ECP_DP_M255_ENABLED
+//#define POLARSSL_ECP_DP_M383_ENABLED  // Not implemented yet!
+//#define POLARSSL_ECP_DP_M511_ENABLED  // Not implemented yet!
 
 /**
  * \def POLARSSL_ECP_NIST_OPTIM
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index c0f50791d..4391914b3 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -64,10 +64,16 @@ typedef enum
     POLARSSL_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
     POLARSSL_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
     POLARSSL_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    POLARSSL_ECP_DP_M221,           /*!< (not implemented yet)    */
+    POLARSSL_ECP_DP_M255,           /*!< Curve25519               */
+    POLARSSL_ECP_DP_M383,           /*!< (not implemented yet)    */
+    POLARSSL_ECP_DP_M511,           /*!< (not implemented yet)    */
 } ecp_group_id;
 
 /**
- * Number of supported curves (plus one for NONE)
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
  */
 #define POLARSSL_ECP_DP_MAX     9
 
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index d3b1b4de8..10a179f1d 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -341,11 +341,39 @@ static int ecp_mod_p521( mpi * );
                             G ## _gy, sizeof( G ## _gy ),   \
                             G ## _n,  sizeof( G ## _n  ) )
 
+/*
+ * Specialized function for creating the Curve25519 group
+ */
+static int ecp_use_curve25519( ecp_group *grp )
+{
+    int ret;
+
+    /* Actually ( A + 2 ) / 4 */
+    MPI_CHK( mpi_read_string( &grp->A, 16, "01DB42" ) );
+
+    /* P = 2^255 - 19 */
+    MPI_CHK( mpi_lset( &grp->P, 1 ) );
+    MPI_CHK( mpi_shift_l( &grp->P, 255 ) );
+    MPI_CHK( mpi_sub_int( &grp->P, &grp->P, 19 ) );
+    grp->pbits = mpi_msb( &grp->P );
+
+    /* Actually, the required msb for private keys */
+    grp->nbits = 254;
+
+cleanup:
+    if( ret != 0 )
+        ecp_group_free( grp );
+
+    return( ret );
+}
+
 /*
  * Set a group using well-known domain parameters
  */
 int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
 {
+    ecp_group_free( grp );
+
     grp->id = id;
 
     switch( id )
@@ -395,6 +423,11 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
             return( LOAD_GROUP( brainpoolP512r1 ) );
 #endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */
 
+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+        case POLARSSL_ECP_DP_M255:
+            return( ecp_use_curve25519( grp ) );
+#endif /* POLARSSL_ECP_DP_M255_ENABLED */
+
         default:
             ecp_group_free( grp );
             return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );