Implementation:Duckdb Duckdb Mbedtls ECP
| Knowledge Sources | |
|---|---|
| Domains | Cryptography, Third_Party |
| Last Updated | 2026-02-07 12:00 GMT |
Overview
The mbedTLS ECP module provides an API for Elliptic Curves over prime fields GF(P), supporting both Short Weierstrass and Montgomery curve types for use in ECDSA, ECDH, and other elliptic-curve cryptographic protocols.
Description
This module implements elliptic curve point arithmetic and group operations as defined by SEC1 (Standards for Efficient Cryptography) and RFC-4492. Two families of curves are supported:
- Short Weierstrass curves (
y^2 = x^3 + Ax + B mod P): SECP192R1, SECP224R1, SECP256R1, SECP384R1, SECP521R1, Brainpool (BP256R1, BP384R1, BP512R1), and Koblitz curves (SECP192K1, SECP224K1, SECP256K1) - Montgomery curves (
y^2 = x^3 + Ax^2 + x mod P): Curve25519, Curve448
The mbedtls_ecp_group_id enumeration identifies 13 supported curves (plus MBEDTLS_ECP_DP_NONE), with MBEDTLS_ECP_DP_MAX set to 14.
Key data structures:
mbedtls_ecp_point: A point in Jacobian coordinates with threembedtls_mpifields (X, Y, Z). Z=0 represents the point at infinity; Z=1 gives standard affine coordinates.mbedtls_ecp_group: Complete group parameters including the prime modulus P, curve coefficients A and B (for Short Weierstrass;(A+2)/4for Montgomery), generator point G, group order N, and bit sizespbitsandnbits. An optionalmodpfunction pointer enables optimized modular reduction for specific curves.mbedtls_ecp_curve_info: Public metadata with group ID, TLS NamedCurve identifier, bit size, and human-readable name.mbedtls_ecp_curve_type: Enum distinguishingMBEDTLS_ECP_TYPE_SHORT_WEIERSTRASSandMBEDTLS_ECP_TYPE_MONTGOMERY.
The module enforces that the group order N is an odd prime (required by mbedtls_ecp_mul()) and supports restartable operations via MBEDTLS_ECP_RESTARTABLE for non-blocking execution in constrained environments.
Usage
DuckDB uses the ECP module for:
- TLS key exchange: ECDHE (Ephemeral Elliptic Curve Diffie-Hellman) key exchange during TLS handshakes in the
httpfsextension, commonly using SECP256R1 or Curve25519 - ECDSA signature verification: Verifying elliptic curve digital signatures on X.509 certificates encountered during HTTPS connections
- Key parsing: Deserializing EC public and private keys from DER/PEM-encoded certificate and key data
Code Reference
Source Location
- Repository: Duckdb_Duckdb
- Files:
- third_party/mbedtls/include/mbedtls/ecp.h -- Elliptic curve API header (1528 lines)
Signature
// Curve information
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(
mbedtls_ecp_group_id grp_id);
const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(
uint16_t tls_id);
// Point lifecycle
void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
// Group lifecycle
void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
int mbedtls_ecp_group_load(mbedtls_ecp_group *grp,
mbedtls_ecp_group_id id);
// Point operations
int mbedtls_ecp_copy(mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q);
int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q);
// Scalar multiplication: R = m * P
int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
Import
#include "mbedtls/ecp.h"
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| grp | mbedtls_ecp_group * |
Yes | Elliptic curve group parameters |
| grp_id | mbedtls_ecp_group_id |
For load | Curve identifier (e.g., MBEDTLS_ECP_DP_SECP256R1)
|
| P | const mbedtls_ecp_point * |
For mul | Input point on the curve |
| m | const mbedtls_mpi * |
For mul | Scalar multiplier |
| f_rng | function pointer | For mul | Random number generator for blinding (side-channel protection) |
| tls_id | uint16_t |
For TLS lookup | TLS NamedCurve identifier |
Outputs
| Name | Type | Description |
|---|---|---|
| return value | int |
0 on success; error codes include MBEDTLS_ERR_ECP_BAD_INPUT_DATA (-0x4F80), MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL (-0x4F00), MBEDTLS_ERR_ECP_INVALID_KEY (-0x4C80), MBEDTLS_ERR_ECP_VERIFY_FAILED (-0x4E00)
|
| R | mbedtls_ecp_point * |
Result point from scalar multiplication |
| curve_info | const mbedtls_ecp_curve_info * |
Curve metadata (from lookup functions) |
Usage Examples
// Load a curve group and perform scalar multiplication
mbedtls_ecp_group grp;
mbedtls_ecp_point R, G;
mbedtls_mpi k;
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point_init(&R);
mbedtls_ecp_point_init(&G);
mbedtls_mpi_init(&k);
// Load NIST P-256 curve parameters
int ret = mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP256R1);
if (ret != 0) { /* handle error */ }
// Copy the generator point
mbedtls_ecp_copy(&G, &grp.G);
// Set scalar k and compute R = k * G
mbedtls_mpi_read_string(&k, 16, "ABCDEF0123456789");
ret = mbedtls_ecp_mul(&grp, &R, &k, &G, my_rng_func, my_rng_ctx);
if (ret != 0) { /* handle error */ }
mbedtls_mpi_free(&k);
mbedtls_ecp_point_free(&R);
mbedtls_ecp_point_free(&G);
mbedtls_ecp_group_free(&grp);
Related Pages
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment