1 /* crypto/ec/ec_lib.c */
3 * Originally written by Bodo Moeller for the OpenSSL project.
5 /* ====================================================================
6 * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * Binary polynomial ECC support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
66 #include <openssl/err.h>
67 #include <openssl/opensslv.h>
71 const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
73 /* functions for EC_GROUP objects */
75 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
80 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
83 if (meth->group_init == 0) {
84 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
88 ret = OPENSSL_malloc(sizeof(*ret));
90 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
96 ret->extra_data = NULL;
97 ret->mont_data = NULL;
99 ret->generator = NULL;
100 BN_init(&ret->order);
101 BN_init(&ret->cofactor);
104 ret->asn1_flag = ~EC_GROUP_ASN1_FLAG_MASK;
105 ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
110 if (!meth->group_init(ret)) {
118 void EC_GROUP_free(EC_GROUP *group)
123 if (group->meth->group_finish != 0)
124 group->meth->group_finish(group);
126 EC_EX_DATA_free_all_data(&group->extra_data);
128 if (EC_GROUP_VERSION(group) && group->mont_data)
129 BN_MONT_CTX_free(group->mont_data);
131 if (group->generator != NULL)
132 EC_POINT_free(group->generator);
133 BN_free(&group->order);
134 BN_free(&group->cofactor);
137 OPENSSL_free(group->seed);
142 void EC_GROUP_clear_free(EC_GROUP *group)
147 if (group->meth->group_clear_finish != 0)
148 group->meth->group_clear_finish(group);
149 else if (group->meth->group_finish != 0)
150 group->meth->group_finish(group);
152 EC_EX_DATA_clear_free_all_data(&group->extra_data);
154 if (EC_GROUP_VERSION(group) && group->mont_data)
155 BN_MONT_CTX_free(group->mont_data);
157 if (group->generator != NULL)
158 EC_POINT_clear_free(group->generator);
159 BN_clear_free(&group->order);
160 BN_clear_free(&group->cofactor);
163 OPENSSL_cleanse(group->seed, group->seed_len);
164 OPENSSL_free(group->seed);
167 OPENSSL_cleanse(group, sizeof(*group));
171 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
175 if (dest->meth->group_copy == 0) {
176 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
179 if (dest->meth != src->meth) {
180 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
186 EC_EX_DATA_free_all_data(&dest->extra_data);
188 for (d = src->extra_data; d != NULL; d = d->next) {
189 void *t = d->dup_func(d->data);
193 if (!EC_EX_DATA_set_data
194 (&dest->extra_data, t, d->dup_func, d->free_func,
199 if (EC_GROUP_VERSION(src) && src->mont_data != NULL) {
200 if (dest->mont_data == NULL) {
201 dest->mont_data = BN_MONT_CTX_new();
202 if (dest->mont_data == NULL)
205 if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
208 /* src->generator == NULL */
209 if (EC_GROUP_VERSION(dest) && dest->mont_data != NULL) {
210 BN_MONT_CTX_free(dest->mont_data);
211 dest->mont_data = NULL;
215 if (src->generator != NULL) {
216 if (dest->generator == NULL) {
217 dest->generator = EC_POINT_new(dest);
218 if (dest->generator == NULL)
221 if (!EC_POINT_copy(dest->generator, src->generator))
224 /* src->generator == NULL */
225 if (dest->generator != NULL) {
226 EC_POINT_clear_free(dest->generator);
227 dest->generator = NULL;
231 if (!BN_copy(&dest->order, &src->order))
233 if (!BN_copy(&dest->cofactor, &src->cofactor))
236 dest->curve_name = src->curve_name;
237 dest->asn1_flag = src->asn1_flag;
238 dest->asn1_form = src->asn1_form;
242 OPENSSL_free(dest->seed);
243 dest->seed = OPENSSL_malloc(src->seed_len);
244 if (dest->seed == NULL)
246 if (!memcpy(dest->seed, src->seed, src->seed_len))
248 dest->seed_len = src->seed_len;
251 OPENSSL_free(dest->seed);
256 return dest->meth->group_copy(dest, src);
259 EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
267 if ((t = EC_GROUP_new(a->meth)) == NULL)
269 if (!EC_GROUP_copy(t, a))
283 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
288 int EC_METHOD_get_field_type(const EC_METHOD *meth)
290 return meth->field_type;
293 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
294 const BIGNUM *order, const BIGNUM *cofactor)
296 if (generator == NULL) {
297 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
301 if (group->generator == NULL) {
302 group->generator = EC_POINT_new(group);
303 if (group->generator == NULL)
306 if (!EC_POINT_copy(group->generator, generator))
310 if (!BN_copy(&group->order, order))
313 BN_zero(&group->order);
315 if (cofactor != NULL) {
316 if (!BN_copy(&group->cofactor, cofactor))
319 BN_zero(&group->cofactor);
322 * Some groups have an order with
323 * factors of two, which makes the Montgomery setup fail.
324 * |group->mont_data| will be NULL in this case.
326 if (BN_is_odd(&group->order)) {
327 return ec_precompute_mont_data(group);
330 BN_MONT_CTX_free(group->mont_data);
331 group->mont_data = NULL;
335 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
337 return group->generator;
340 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
342 return EC_GROUP_VERSION(group) ? group->mont_data : NULL;
345 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
347 if (!BN_copy(order, &group->order))
350 return !BN_is_zero(order);
353 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
356 if (!BN_copy(cofactor, &group->cofactor))
359 return !BN_is_zero(&group->cofactor);
362 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
364 group->curve_name = nid;
367 int EC_GROUP_get_curve_name(const EC_GROUP *group)
369 return group->curve_name;
372 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
374 group->asn1_flag &= ~EC_GROUP_ASN1_FLAG_MASK;
375 group->asn1_flag |= flag & EC_GROUP_ASN1_FLAG_MASK;
378 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
380 return group->asn1_flag & EC_GROUP_ASN1_FLAG_MASK;
383 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
384 point_conversion_form_t form)
386 group->asn1_form = form;
389 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
392 return group->asn1_form;
395 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
398 OPENSSL_free(group->seed);
406 if ((group->seed = OPENSSL_malloc(len)) == NULL)
408 memcpy(group->seed, p, len);
409 group->seed_len = len;
414 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
419 size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
421 return group->seed_len;
424 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
425 const BIGNUM *b, BN_CTX *ctx)
427 if (group->meth->group_set_curve == 0) {
428 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
431 return group->meth->group_set_curve(group, p, a, b, ctx);
434 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
435 BIGNUM *b, BN_CTX *ctx)
437 if (group->meth->group_get_curve == 0) {
438 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
441 return group->meth->group_get_curve(group, p, a, b, ctx);
444 #ifndef OPENSSL_NO_EC2M
445 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
446 const BIGNUM *b, BN_CTX *ctx)
448 if (group->meth->group_set_curve == 0) {
449 ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
450 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
453 return group->meth->group_set_curve(group, p, a, b, ctx);
456 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
457 BIGNUM *b, BN_CTX *ctx)
459 if (group->meth->group_get_curve == 0) {
460 ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
461 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
464 return group->meth->group_get_curve(group, p, a, b, ctx);
468 int EC_GROUP_get_degree(const EC_GROUP *group)
470 if (group->meth->group_get_degree == 0) {
471 ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
474 return group->meth->group_get_degree(group);
477 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
479 if (group->meth->group_check_discriminant == 0) {
480 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
481 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
484 return group->meth->group_check_discriminant(group, ctx);
487 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
490 BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
491 BN_CTX *ctx_new = NULL;
493 /* compare the field types */
494 if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
495 EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
497 /* compare the curve name (if present in both) */
498 if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
499 EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
503 ctx_new = ctx = BN_CTX_new();
508 a1 = BN_CTX_get(ctx);
509 a2 = BN_CTX_get(ctx);
510 a3 = BN_CTX_get(ctx);
511 b1 = BN_CTX_get(ctx);
512 b2 = BN_CTX_get(ctx);
513 b3 = BN_CTX_get(ctx);
522 * XXX This approach assumes that the external representation of curves
523 * over the same field type is the same.
525 if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
526 !b->meth->group_get_curve(b, b1, b2, b3, ctx))
529 if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
532 /* XXX EC_POINT_cmp() assumes that the methods are equal */
533 if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
534 EC_GROUP_get0_generator(b), ctx))
538 /* compare the order and cofactor */
539 if (!EC_GROUP_get_order(a, a1, ctx) ||
540 !EC_GROUP_get_order(b, b1, ctx) ||
541 !EC_GROUP_get_cofactor(a, a2, ctx) ||
542 !EC_GROUP_get_cofactor(b, b2, ctx)) {
548 if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
559 /* this has 'package' visibility */
560 int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
561 void *(*dup_func) (void *),
562 void (*free_func) (void *),
563 void (*clear_free_func) (void *))
570 for (d = *ex_data; d != NULL; d = d->next) {
571 if (d->dup_func == dup_func && d->free_func == free_func
572 && d->clear_free_func == clear_free_func) {
573 ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
579 /* no explicit entry needed */
582 d = OPENSSL_malloc(sizeof(*d));
587 d->dup_func = dup_func;
588 d->free_func = free_func;
589 d->clear_free_func = clear_free_func;
597 /* this has 'package' visibility */
598 void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
599 void *(*dup_func) (void *),
600 void (*free_func) (void *),
601 void (*clear_free_func) (void *))
603 const EC_EXTRA_DATA *d;
605 for (d = ex_data; d != NULL; d = d->next) {
606 if (d->dup_func == dup_func && d->free_func == free_func
607 && d->clear_free_func == clear_free_func)
614 /* this has 'package' visibility */
615 void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
616 void *(*dup_func) (void *),
617 void (*free_func) (void *),
618 void (*clear_free_func) (void *))
625 for (p = ex_data; *p != NULL; p = &((*p)->next)) {
626 if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
627 && (*p)->clear_free_func == clear_free_func) {
628 EC_EXTRA_DATA *next = (*p)->next;
630 (*p)->free_func((*p)->data);
639 /* this has 'package' visibility */
640 void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
641 void *(*dup_func) (void *),
642 void (*free_func) (void *),
643 void (*clear_free_func) (void *))
650 for (p = ex_data; *p != NULL; p = &((*p)->next)) {
651 if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
652 && (*p)->clear_free_func == clear_free_func) {
653 EC_EXTRA_DATA *next = (*p)->next;
655 (*p)->clear_free_func((*p)->data);
664 /* this has 'package' visibility */
665 void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
674 EC_EXTRA_DATA *next = d->next;
676 d->free_func(d->data);
684 /* this has 'package' visibility */
685 void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
694 EC_EXTRA_DATA *next = d->next;
696 d->clear_free_func(d->data);
704 /* functions for EC_POINT objects */
706 EC_POINT *EC_POINT_new(const EC_GROUP *group)
711 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
714 if (group->meth->point_init == 0) {
715 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
719 ret = OPENSSL_malloc(sizeof(*ret));
721 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
725 ret->meth = group->meth;
727 if (!ret->meth->point_init(ret)) {
735 void EC_POINT_free(EC_POINT *point)
740 if (point->meth->point_finish != 0)
741 point->meth->point_finish(point);
745 void EC_POINT_clear_free(EC_POINT *point)
750 if (point->meth->point_clear_finish != 0)
751 point->meth->point_clear_finish(point);
752 else if (point->meth->point_finish != 0)
753 point->meth->point_finish(point);
754 OPENSSL_cleanse(point, sizeof(*point));
758 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
760 if (dest->meth->point_copy == 0) {
761 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
764 if (dest->meth != src->meth) {
765 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
770 return dest->meth->point_copy(dest, src);
773 EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
781 t = EC_POINT_new(group);
784 r = EC_POINT_copy(t, a);
792 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
797 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
799 if (group->meth->point_set_to_infinity == 0) {
800 ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
801 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
804 if (group->meth != point->meth) {
805 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
808 return group->meth->point_set_to_infinity(group, point);
811 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
812 EC_POINT *point, const BIGNUM *x,
813 const BIGNUM *y, const BIGNUM *z,
816 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
817 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
818 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
821 if (group->meth != point->meth) {
822 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
823 EC_R_INCOMPATIBLE_OBJECTS);
826 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
830 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
831 const EC_POINT *point, BIGNUM *x,
832 BIGNUM *y, BIGNUM *z,
835 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
836 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
837 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
840 if (group->meth != point->meth) {
841 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
842 EC_R_INCOMPATIBLE_OBJECTS);
845 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
849 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
850 EC_POINT *point, const BIGNUM *x,
851 const BIGNUM *y, BN_CTX *ctx)
853 if (group->meth->point_set_affine_coordinates == 0) {
854 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
855 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
858 if (group->meth != point->meth) {
859 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
860 EC_R_INCOMPATIBLE_OBJECTS);
863 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
866 #ifndef OPENSSL_NO_EC2M
867 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
868 EC_POINT *point, const BIGNUM *x,
869 const BIGNUM *y, BN_CTX *ctx)
871 if (group->meth->point_set_affine_coordinates == 0) {
872 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
873 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
876 if (group->meth != point->meth) {
877 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
878 EC_R_INCOMPATIBLE_OBJECTS);
881 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
885 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
886 const EC_POINT *point, BIGNUM *x,
887 BIGNUM *y, BN_CTX *ctx)
889 if (group->meth->point_get_affine_coordinates == 0) {
890 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
891 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
894 if (group->meth != point->meth) {
895 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
896 EC_R_INCOMPATIBLE_OBJECTS);
899 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
902 #ifndef OPENSSL_NO_EC2M
903 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
904 const EC_POINT *point, BIGNUM *x,
905 BIGNUM *y, BN_CTX *ctx)
907 if (group->meth->point_get_affine_coordinates == 0) {
908 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
909 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
912 if (group->meth != point->meth) {
913 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
914 EC_R_INCOMPATIBLE_OBJECTS);
917 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
921 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
922 const EC_POINT *b, BN_CTX *ctx)
924 if (group->meth->add == 0) {
925 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
928 if ((group->meth != r->meth) || (r->meth != a->meth)
929 || (a->meth != b->meth)) {
930 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
933 return group->meth->add(group, r, a, b, ctx);
936 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
939 if (group->meth->dbl == 0) {
940 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
943 if ((group->meth != r->meth) || (r->meth != a->meth)) {
944 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
947 return group->meth->dbl(group, r, a, ctx);
950 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
952 if (group->meth->invert == 0) {
953 ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
956 if (group->meth != a->meth) {
957 ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
960 return group->meth->invert(group, a, ctx);
963 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
965 if (group->meth->is_at_infinity == 0) {
966 ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
967 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
970 if (group->meth != point->meth) {
971 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
974 return group->meth->is_at_infinity(group, point);
978 * Check whether an EC_POINT is on the curve or not. Note that the return
979 * value for this function should NOT be treated as a boolean. Return values:
980 * 1: The point is on the curve
981 * 0: The point is not on the curve
982 * -1: An error occurred
984 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
987 if (group->meth->is_on_curve == 0) {
988 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
991 if (group->meth != point->meth) {
992 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
995 return group->meth->is_on_curve(group, point, ctx);
998 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
1001 if (group->meth->point_cmp == 0) {
1002 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1005 if ((group->meth != a->meth) || (a->meth != b->meth)) {
1006 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
1009 return group->meth->point_cmp(group, a, b, ctx);
1012 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1014 if (group->meth->make_affine == 0) {
1015 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1018 if (group->meth != point->meth) {
1019 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
1022 return group->meth->make_affine(group, point, ctx);
1025 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
1026 EC_POINT *points[], BN_CTX *ctx)
1030 if (group->meth->points_make_affine == 0) {
1031 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1034 for (i = 0; i < num; i++) {
1035 if (group->meth != points[i]->meth) {
1036 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
1040 return group->meth->points_make_affine(group, num, points, ctx);
1044 * Functions for point multiplication. If group->meth->mul is 0, we use the
1045 * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
1049 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
1050 size_t num, const EC_POINT *points[],
1051 const BIGNUM *scalars[], BN_CTX *ctx)
1053 if (group->meth->mul == 0)
1055 return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
1057 return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
1060 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
1061 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
1063 /* just a convenient interface to EC_POINTs_mul() */
1065 const EC_POINT *points[1];
1066 const BIGNUM *scalars[1];
1069 scalars[0] = p_scalar;
1071 return EC_POINTs_mul(group, r, g_scalar,
1073 && p_scalar != NULL), points, scalars, ctx);
1076 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
1078 if (group->meth->mul == 0)
1080 return ec_wNAF_precompute_mult(group, ctx);
1082 if (group->meth->precompute_mult != 0)
1083 return group->meth->precompute_mult(group, ctx);
1085 return 1; /* nothing to do, so report success */
1088 int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
1090 if (group->meth->mul == 0)
1092 return ec_wNAF_have_precompute_mult(group);
1094 if (group->meth->have_precompute_mult != 0)
1095 return group->meth->have_precompute_mult(group);
1097 return 0; /* cannot tell whether precomputation has
1102 * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
1103 * returns one on success. On error it returns zero.
1105 int ec_precompute_mont_data(EC_GROUP *group)
1107 BN_CTX *ctx = BN_CTX_new();
1110 if (!EC_GROUP_VERSION(group))
1113 if (group->mont_data) {
1114 BN_MONT_CTX_free(group->mont_data);
1115 group->mont_data = NULL;
1121 group->mont_data = BN_MONT_CTX_new();
1122 if (!group->mont_data)
1125 if (!BN_MONT_CTX_set(group->mont_data, &group->order, ctx)) {
1126 BN_MONT_CTX_free(group->mont_data);
1127 group->mont_data = NULL;
projects / FreeBSD / FreeBSD.git / blob