#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>

Functions
bool	ecdh_p256_compute_shared_secret (uint8_t privkey, const uint8_t peer_pubkey, uint8_t *shared_out)
	Computes ECDH shared secret on P-256 using local private key and peer public key.
bool	ecdh_p256_generate_keypair (uint8_t privkey_out, uint8_t pubkey_out)
bool	ecdh_p256_derive_pubkey (const uint8_t privkey, uint8_t pubkey_out)
void	ecdh_secure_clear (void *ptr, size_t size)
	Securely clears sensitive memory using platform zeroize.

Function Documentation

◆ ecdh_p256_compute_shared_secret()

bool ecdh_p256_compute_shared_secret	(	uint8_t *	privkey,
		const uint8_t *	peer_pubkey,
		uint8_t *	shared_out )

Computes ECDH shared secret on P-256 using local private key and peer public key.

ECDH P-256 Implementation for OpenPGP PSO:DECIPHER

SECURITY NOTE: The TROPIC01 secure element does NOT support native ECDH operations. This module provides software-based ECDH using MbedTLS with the private key temporarily loaded from encrypted R-Memory storage.

See docs/GPG_ECDH_SECURITY.md for security analysis and trade-offs. Compute ECDH shared secret using P-256 curve

Parameters

privkey	32-byte private key scalar (will be cleared on return)
peer_pubkey	65-byte peer public key (04 \|\| X \|\| Y uncompressed format)
shared_out	32-byte output buffer for shared secret

Returns: true on success, false on error

SECURITY: The private key buffer is zeroed after use regardless of success/failure. Uses MbedTLS constant-time ECC implementation.

Parameters

privkey	In/out private key buffer (cleared on completion/failure).
peer_pubkey	Peer uncompressed public key (0x04 \|\| X \|\| Y).
shared_out	Output 32-byte shared secret (X coordinate).

Returns: true if shared secret derivation succeeded.

Definition at line 63 of file ecdh.cpp.

References ecdh_secure_clear(), ECP_POINT_X, ECP_POINT_Y, ECP_POINT_Z, and hw_random().

Referenced by cmd_pso_decipher().

◆ ecdh_p256_derive_pubkey()

bool ecdh_p256_derive_pubkey	(	const uint8_t *	privkey,
		uint8_t *	pubkey_out )

Derive public key from private key

Parameters

privkey	32-byte private key
pubkey_out	65-byte output for public key (04 \|\| X \|\| Y)

Returns: true on success

Definition at line 214 of file ecdh.cpp.

References ECP_POINT_X, ECP_POINT_Y, and hw_random().

Referenced by read_public_key().

◆ ecdh_p256_generate_keypair()

bool ecdh_p256_generate_keypair	(	uint8_t *	privkey_out,
		uint8_t *	pubkey_out )

Generate ephemeral P-256 key pair for ECDH

Parameters

privkey_out	32-byte output for private key
pubkey_out	65-byte output for public key (04 \|\| X \|\| Y)

Returns: true on success

Definition at line 153 of file ecdh.cpp.

References ecdh_secure_clear(), ECP_POINT_X, ECP_POINT_Y, and hw_random().

Referenced by generate_dec_key(), and gpg_generate_key().

◆ ecdh_secure_clear()

void ecdh_secure_clear	(	void *	ptr,
		size_t	size )

Securely clears sensitive memory using platform zeroize.

Securely clear sensitive memory Uses volatile writes to prevent compiler optimization

Parameters

ptr	Pointer to memory
size	Number of bytes to clear
ptr	Memory region start.
size	Number of bytes to clear.

Definition at line 52 of file ecdh.cpp.

Referenced by ecdh_p256_compute_shared_secret(), and ecdh_p256_generate_keypair().

Functions

Function Documentation

◆ ecdh_p256_compute_shared_secret()

◆ ecdh_p256_derive_pubkey()

◆ ecdh_p256_generate_keypair()

◆ ecdh_secure_clear()