# mbedtls_ecp_group Struct Reference

ECP group structure.

We consider two types of curves equations:

1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
2. Montgomery, y^2 = x^3 + A x^2 + x mod P (Curve25519 + draft) In both cases, a generator G for a prime-order subgroup is fixed. In the short weierstrass, this subgroup is actually the whole curve, and its cardinal is denoted by N.

In the case of Short Weierstrass curves, our code requires that N is an odd prime. (Use odd in `mbedtls_ecp_mul()` and prime in `mbedtls_ecdsa_sign()` for blinding.)

In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is the quantity actually used in the formulas. Also, nbits is not the size of N but the required size for private keys.

If modp is NULL, reduction modulo P is done using a generic algorithm. Otherwise, it must point to a function that takes an mbedtls_mpi in the range 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more than pbits, so that the integer may be efficiently brought in the 0..P-1 range by a few additions or substractions. It must return 0 on success and non-zero on failure.

Definition at line `158` of file `ecp.h`.

`#include <ecp.h>`

## Data Fields

`mbedtls_ecp_group_id` id

mbedtls_mpi P

mbedtls_mpi A

mbedtls_mpi B

mbedtls_ecp_point G

mbedtls_mpi N

size_t pbits

size_t nbits

unsigned int h

int(* modp )(mbedtls_mpi *)

int(* t_pre )(mbedtls_ecp_point *, void *)

int(* t_post )(mbedtls_ecp_point *, void *)

void * t_data

mbedtls_ecp_pointT

size_t T_size

## Field Documentation

 mbedtls_mpi mbedtls_ecp_group::A
1. A in the equation, or 2. (A + 2) / 4

Definition at line `162` of file `ecp.h`.

 mbedtls_mpi mbedtls_ecp_group::B
1. B in the equation, or 2. unused

Definition at line `163` of file `ecp.h`.

 mbedtls_ecp_point mbedtls_ecp_group::G

generator of the (sub)group used

Definition at line `164` of file `ecp.h`.

 unsigned int mbedtls_ecp_group::h

internal: 1 if the constants are static

Definition at line `168` of file `ecp.h`.

 `mbedtls_ecp_group_id` mbedtls_ecp_group::id

internal group identifier

Definition at line `160` of file `ecp.h`.

 int(* mbedtls_ecp_group::modp) (mbedtls_mpi *)

function for fast reduction mod P

Definition at line `169` of file `ecp.h`.

 mbedtls_mpi mbedtls_ecp_group::N
1. the order of G, or 2. unused

Definition at line `165` of file `ecp.h`.

 size_t mbedtls_ecp_group::nbits

number of bits in 1. P, or 2. private keys

Definition at line `167` of file `ecp.h`.

 mbedtls_mpi mbedtls_ecp_group::P

prime modulus of the base field

Definition at line `161` of file `ecp.h`.

 size_t mbedtls_ecp_group::pbits

number of bits in P

Definition at line `166` of file `ecp.h`.

 mbedtls_ecp_point* mbedtls_ecp_group::T

pre-computed points for ecp_mul_comb()

Definition at line `173` of file `ecp.h`.

 void* mbedtls_ecp_group::t_data

unused

Definition at line `172` of file `ecp.h`.

 int(* mbedtls_ecp_group::t_post) (mbedtls_ecp_point *, void *)

unused

Definition at line `171` of file `ecp.h`.

 int(* mbedtls_ecp_group::t_pre) (mbedtls_ecp_point *, void *)

unused

Definition at line `170` of file `ecp.h`.

 size_t mbedtls_ecp_group::T_size

number for pre-computed points

Definition at line `174` of file `ecp.h`.

The documentation for this struct was generated from the following file:
• `ecp.h`