MFC: r359486

[FreeBSD/FreeBSD.git] / secure / lib / libcrypto / man / man3 / EC_GROUP_new.3

.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "EC_GROUP_NEW 3"
.TH EC_GROUP_NEW 3 "2020-03-31" "1.1.1f" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ec.h>
\&
\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
\& void EC_GROUP_free(EC_GROUP *group);
\& void EC_GROUP_clear_free(EC_GROUP *group);
\&
\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
\&                                  const BIGNUM *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
\&                                   const BIGNUM *b, BN_CTX *ctx);
\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
\&
\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
\&                        const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
\&                        BN_CTX *ctx);
\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
\&                            const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
\&                            BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
\&                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
\&                             BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
\&
\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params)
\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params)
\&
\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Within the library there are two forms of elliptic curve that are of interest.
The first form is those defined over the prime field Fp. The elements of Fp are
the integers 0 to p\-1, where p is a prime number. This gives us a revised
elliptic curve equation as follows:
.PP
y^2 mod p = x^3 +ax + b mod p
.PP
The second form is those defined over a binary field F2^m where the elements of
the field are integers of length at most m bits. For this form the elliptic
curve equation is modified to:
.PP
y^2 + xy = x^3 + ax^2 + b (where b != 0)
.PP
Operations in a binary field are performed relative to an \fBirreducible
polynomial\fR. All such curves with OpenSSL use a trinomial or a pentanomial for
this parameter.
.PP
A new curve can be constructed by calling \fBEC_GROUP_new()\fR, using the
implementation provided by \fBmeth\fR (see \fBEC_GFp_simple_method\fR\|(3)). It is then
necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters.
\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the specified
\&\fBparams\fR and \fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the
specific \s-1PK\s0 \fBparams\fR.
.PP
\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve
over Fp \fBp\fR is the prime for the field. For a curve over F2^m \fBp\fR represents
the irreducible polynomial \- each bit represents a term in the polynomial.
Therefore there will either be three or five bits set dependent on whether the
polynomial is a trinomial or a pentanomial.
In either case, \fBa\fR and \fBb\fR represents the coefficients a and b from the
relevant equation introduced above.
.PP
\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters.
.PP
\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for
\&\fBEC_GROUP_set_curve()\fR. They are defined for backwards compatibility only and
should not be used.
.PP
\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for
\&\fBEC_GROUP_get_curve()\fR. They are defined for backwards compatibility only and
should not be used.
.PP
The functions \fBEC_GROUP_new_curve_GFp()\fR and \fBEC_GROUP_new_curve_GF2m()\fR are
shortcuts for calling \fBEC_GROUP_new()\fR and then the \fBEC_GROUP_set_curve()\fR function.
An appropriate default implementation method will be used.
.PP
Whilst the library can be used to create any curve using the functions described
above, there are also a number of predefined curves that are available. In order
to obtain a list of all of the predefined curves, call the function
\&\fBEC_get_builtin_curves()\fR. The parameter \fBr\fR should be an array of
EC_builtin_curve structures of size \fBnitems\fR. The function will populate the
\&\fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than
the total number of curves available, then the first \fBnitems\fR curves will be
returned. Otherwise the total number of curves will be provided. The return
value is the total number of curves available (whether that number has been
populated in \fBr\fR or not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will
do nothing other than return the total number of curves available.
The EC_builtin_curve structure is defined as follows:
.PP
.Vb 4
\& typedef struct {
\&        int nid;
\&        const char *comment;
\&        } EC_builtin_curve;
.Ve
.PP
Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human
readable comment string describing the curve.
.PP
In order to construct a builtin curve use the function
\&\fBEC_GROUP_new_by_curve_name()\fR and provide the \fBnid\fR of the curve to
be constructed.
.PP
\&\fBEC_GROUP_free()\fR frees the memory associated with the \s-1EC_GROUP.\s0
If \fBgroup\fR is \s-1NULL\s0 nothing is done.
.PP
\&\fBEC_GROUP_clear_free()\fR destroys any sensitive data held within the \s-1EC_GROUP\s0 and
then frees its memory. If \fBgroup\fR is \s-1NULL\s0 nothing is done.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All EC_GROUP_new* functions return a pointer to the newly constructed group, or
\&\s-1NULL\s0 on error.
.PP
\&\fBEC_get_builtin_curves()\fR returns the number of builtin curves that are available.
.PP
\&\fBEC_GROUP_set_curve_GFp()\fR, \fBEC_GROUP_get_curve_GFp()\fR, \fBEC_GROUP_set_curve_GF2m()\fR,
\&\fBEC_GROUP_get_curve_GF2m()\fR return 1 on success or 0 on error.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3),
\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3),
\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.