Added a nbits member to ecp_group

include/polarssl/ecp.h

@@ -52,18 +52,17 @@ ecp_point;
 /**
  * \brief           ECP group structure
  *
- * The curves we consider are defined by y^2 = x^3 - 3x + b mod p,
+ * The curves we consider are defined by y^2 = x^3 - 3x + B mod P,
- * and a generator for a large subgroup is fixed.
+ * and a generator for a large subgroup of order N is fixed.
  *
- * If modp is NULL, pbits will not be used, and reduction modulo P is
+ * pbits and nbits must be the size of P and N in bits.
- * done using a generic algorithm.
  *
- * If modp is not NULL, pbits must be the size of P in bits and modp
+ * If modp is NULL, reduction modulo P is done using a generic
- * must be a function that takes an mpi in the range 0..2^(2*pbits) and
+ * algorithm. Otherwise, it must point to a function that takes an mpi
- * transforms it in-place in an integer of little more than pbits, so
+ * in the range 0..2^(2*pbits) and transforms it in-place in an integer
- * that the integer may be efficiently brought in the 0..P range by a
+ * of little more than pbits, so that the integer may be efficiently
- * few additions or substractions. It must return 0 on success and a
+ * brought in the 0..P range by a few additions or substractions. It
- * POLARSSL_ERR_ECP_XXX error on failure.
+ * must return 0 on success and a POLARSSL_ERR_ECP_XXX error on failure.
  */
 typedef struct
 {
@@ -71,8 +70,9 @@ typedef struct
     mpi B;              /*!<  constant term in the equation     */
     ecp_point G;        /*!<  generator of the subgroup used    */
     mpi N;              /*!<  the order of G                    */
+    size_t pbits;       /*!<  number of bits in P               */
+    size_t nbits;       /*!<  number of bits in N               */
     int (*modp)(mpi *); /*!<  function for fast reduction mod P */
-    unsigned pbits;     /*!<  number of bits in P               */
 }
 ecp_group;
 
@@ -158,6 +158,8 @@ int ecp_point_read_string( ecp_point *P, int radix,
  * \param n         The generator's order
  *
  * \return          0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ *
+ * \note            Sets all fields except modp.
  */
 int ecp_group_read_string( ecp_group *grp, int radix,
                            const char *p, const char *b,

library/ecp.c

@@ -64,8 +64,10 @@ void ecp_group_init( ecp_group *grp )
     ecp_point_init( &grp->G );
     mpi_init( &grp->N );
 
-    grp->modp = NULL;
     grp->pbits = 0;
+    grp->nbits = 0;
+
+    grp->modp = NULL;
 }
 
 /*
@@ -155,12 +157,16 @@ int ecp_group_read_string( ecp_group *grp, int radix,
     MPI_CHK( ecp_point_read_string( &grp->G, radix, gx, gy ) );
     MPI_CHK( mpi_read_string( &grp->N, radix, n ) );
 
+    grp->pbits = mpi_msb( &grp->P );
+    grp->nbits = mpi_msb( &grp->N );
+
 cleanup:
     return( ret );
 }
 
 /*
- * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi
+ * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi.
+ * See the documentation of struct ecp_group.
  */
 static int ecp_modp( mpi *N, const ecp_group *grp )
 {
@@ -394,7 +400,6 @@ int ecp_use_known_dp( ecp_group *grp, size_t index )
     {
         case POLARSSL_ECP_DP_SECP192R1:
             grp->modp = ecp_mod_p192;
-            grp->pbits = 192;
             return( ecp_group_read_string( grp, 16,
                         SECP192R1_P, SECP192R1_B,
                         SECP192R1_GX, SECP192R1_GY, SECP192R1_N ) );
@@ -416,7 +421,6 @@ int ecp_use_known_dp( ecp_group *grp, size_t index )
 
         case POLARSSL_ECP_DP_SECP521R1:
             grp->modp = ecp_mod_p521;
-            grp->pbits = 521;
             return( ecp_group_read_string( grp, 16,
                         SECP521R1_P, SECP521R1_B,
                         SECP521R1_GX, SECP521R1_GY, SECP521R1_N ) );