1 /* crypto/ec/ec_lib.c */
3 * Originally written by Bodo Moeller for the OpenSSL project.
5 /* ====================================================================
6 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * Binary polynomial ECC support in OpenSSL originally developed by
61 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
66 #include <openssl/err.h>
67 #include <openssl/opensslv.h>
71 /* functions for EC_GROUP objects */
73 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
78 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
81 if (meth->group_init == 0) {
82 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
86 ret = OPENSSL_zalloc(sizeof(*ret));
88 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
93 ret->order = BN_new();
94 if (ret->order == NULL)
96 ret->cofactor = BN_new();
97 if (ret->cofactor == NULL)
99 ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
100 ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
101 if (!meth->group_init(ret))
107 BN_free(ret->cofactor);
112 void EC_GROUP_free(EC_GROUP *group)
117 if (group->meth->group_finish != 0)
118 group->meth->group_finish(group);
120 EC_EX_DATA_free_all_data(&group->extra_data);
121 BN_MONT_CTX_free(group->mont_data);
122 EC_POINT_free(group->generator);
123 BN_free(group->order);
124 BN_free(group->cofactor);
125 OPENSSL_free(group->seed);
129 void EC_GROUP_clear_free(EC_GROUP *group)
134 if (group->meth->group_clear_finish != 0)
135 group->meth->group_clear_finish(group);
136 else if (group->meth->group_finish != 0)
137 group->meth->group_finish(group);
139 EC_EX_DATA_clear_free_all_data(&group->extra_data);
141 BN_MONT_CTX_free(group->mont_data);
143 EC_POINT_clear_free(group->generator);
144 BN_clear_free(group->order);
145 BN_clear_free(group->cofactor);
146 OPENSSL_clear_free(group->seed, group->seed_len);
147 OPENSSL_clear_free(group, sizeof(*group));
150 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
154 if (dest->meth->group_copy == 0) {
155 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
158 if (dest->meth != src->meth) {
159 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
165 EC_EX_DATA_free_all_data(&dest->extra_data);
167 for (d = src->extra_data; d != NULL; d = d->next) {
168 void *t = d->dup_func(d->data);
172 if (!EC_EX_DATA_set_data
173 (&dest->extra_data, t, d->dup_func, d->free_func,
178 if (src->mont_data != NULL) {
179 if (dest->mont_data == NULL) {
180 dest->mont_data = BN_MONT_CTX_new();
181 if (dest->mont_data == NULL)
184 if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
187 /* src->generator == NULL */
188 BN_MONT_CTX_free(dest->mont_data);
189 dest->mont_data = NULL;
192 if (src->generator != NULL) {
193 if (dest->generator == NULL) {
194 dest->generator = EC_POINT_new(dest);
195 if (dest->generator == NULL)
198 if (!EC_POINT_copy(dest->generator, src->generator))
201 /* src->generator == NULL */
202 EC_POINT_clear_free(dest->generator);
203 dest->generator = NULL;
206 if (!BN_copy(dest->order, src->order))
208 if (!BN_copy(dest->cofactor, src->cofactor))
211 dest->curve_name = src->curve_name;
212 dest->asn1_flag = src->asn1_flag;
213 dest->asn1_form = src->asn1_form;
216 OPENSSL_free(dest->seed);
217 dest->seed = OPENSSL_malloc(src->seed_len);
218 if (dest->seed == NULL)
220 if (!memcpy(dest->seed, src->seed, src->seed_len))
222 dest->seed_len = src->seed_len;
224 OPENSSL_free(dest->seed);
229 return dest->meth->group_copy(dest, src);
232 EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
240 if ((t = EC_GROUP_new(a->meth)) == NULL)
242 if (!EC_GROUP_copy(t, a))
255 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
260 int EC_METHOD_get_field_type(const EC_METHOD *meth)
262 return meth->field_type;
265 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
266 const BIGNUM *order, const BIGNUM *cofactor)
268 if (generator == NULL) {
269 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
273 if (group->generator == NULL) {
274 group->generator = EC_POINT_new(group);
275 if (group->generator == NULL)
278 if (!EC_POINT_copy(group->generator, generator))
282 if (!BN_copy(group->order, order))
285 BN_zero(group->order);
287 if (cofactor != NULL) {
288 if (!BN_copy(group->cofactor, cofactor))
291 BN_zero(group->cofactor);
294 * We ignore the return value because some groups have an order with
295 * factors of two, which makes the Montgomery setup fail.
296 * |group->mont_data| will be NULL in this case.
298 ec_precompute_mont_data(group);
303 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
305 return group->generator;
308 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
310 return group->mont_data;
313 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
315 if (!BN_copy(order, group->order))
318 return !BN_is_zero(order);
321 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
324 if (!BN_copy(cofactor, group->cofactor))
327 return !BN_is_zero(group->cofactor);
330 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
332 group->curve_name = nid;
335 int EC_GROUP_get_curve_name(const EC_GROUP *group)
337 return group->curve_name;
340 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
342 group->asn1_flag = flag;
345 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
347 return group->asn1_flag;
350 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
351 point_conversion_form_t form)
353 group->asn1_form = form;
356 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
359 return group->asn1_form;
362 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
364 OPENSSL_free(group->seed);
371 if ((group->seed = OPENSSL_malloc(len)) == NULL)
373 memcpy(group->seed, p, len);
374 group->seed_len = len;
379 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
384 size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
386 return group->seed_len;
389 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
390 const BIGNUM *b, BN_CTX *ctx)
392 if (group->meth->group_set_curve == 0) {
393 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
396 return group->meth->group_set_curve(group, p, a, b, ctx);
399 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
400 BIGNUM *b, BN_CTX *ctx)
402 if (group->meth->group_get_curve == 0) {
403 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
406 return group->meth->group_get_curve(group, p, a, b, ctx);
409 #ifndef OPENSSL_NO_EC2M
410 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
411 const BIGNUM *b, BN_CTX *ctx)
413 if (group->meth->group_set_curve == 0) {
414 ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
415 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
418 return group->meth->group_set_curve(group, p, a, b, ctx);
421 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
422 BIGNUM *b, BN_CTX *ctx)
424 if (group->meth->group_get_curve == 0) {
425 ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
426 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
429 return group->meth->group_get_curve(group, p, a, b, ctx);
433 int EC_GROUP_get_degree(const EC_GROUP *group)
435 if (group->meth->group_get_degree == 0) {
436 ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
439 return group->meth->group_get_degree(group);
442 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
444 if (group->meth->group_check_discriminant == 0) {
445 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
446 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
449 return group->meth->group_check_discriminant(group, ctx);
452 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
455 BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
456 BN_CTX *ctx_new = NULL;
458 /* compare the field types */
459 if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
460 EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
462 /* compare the curve name (if present in both) */
463 if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
464 EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
468 ctx_new = ctx = BN_CTX_new();
473 a1 = BN_CTX_get(ctx);
474 a2 = BN_CTX_get(ctx);
475 a3 = BN_CTX_get(ctx);
476 b1 = BN_CTX_get(ctx);
477 b2 = BN_CTX_get(ctx);
478 b3 = BN_CTX_get(ctx);
481 BN_CTX_free(ctx_new);
486 * XXX This approach assumes that the external representation of curves
487 * over the same field type is the same.
489 if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
490 !b->meth->group_get_curve(b, b1, b2, b3, ctx))
493 if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
496 /* XXX EC_POINT_cmp() assumes that the methods are equal */
497 if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
498 EC_GROUP_get0_generator(b), ctx))
502 /* compare the order and cofactor */
503 if (!EC_GROUP_get_order(a, a1, ctx) ||
504 !EC_GROUP_get_order(b, b1, ctx) ||
505 !EC_GROUP_get_cofactor(a, a2, ctx) ||
506 !EC_GROUP_get_cofactor(b, b2, ctx)) {
508 BN_CTX_free(ctx_new);
511 if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
516 BN_CTX_free(ctx_new);
521 /* this has 'package' visibility */
522 int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
523 void *(*dup_func) (void *),
524 void (*free_func) (void *),
525 void (*clear_free_func) (void *))
532 for (d = *ex_data; d != NULL; d = d->next) {
533 if (d->dup_func == dup_func && d->free_func == free_func
534 && d->clear_free_func == clear_free_func) {
535 ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
541 /* no explicit entry needed */
544 d = OPENSSL_malloc(sizeof(*d));
549 d->dup_func = dup_func;
550 d->free_func = free_func;
551 d->clear_free_func = clear_free_func;
559 /* this has 'package' visibility */
560 void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
561 void *(*dup_func) (void *),
562 void (*free_func) (void *),
563 void (*clear_free_func) (void *))
565 const EC_EXTRA_DATA *d;
567 for (d = ex_data; d != NULL; d = d->next) {
568 if (d->dup_func == dup_func && d->free_func == free_func
569 && d->clear_free_func == clear_free_func)
576 /* this has 'package' visibility */
577 void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
578 void *(*dup_func) (void *),
579 void (*free_func) (void *),
580 void (*clear_free_func) (void *))
587 for (p = ex_data; *p != NULL; p = &((*p)->next)) {
588 if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
589 && (*p)->clear_free_func == clear_free_func) {
590 EC_EXTRA_DATA *next = (*p)->next;
592 (*p)->free_func((*p)->data);
601 /* this has 'package' visibility */
602 void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
603 void *(*dup_func) (void *),
604 void (*free_func) (void *),
605 void (*clear_free_func) (void *))
612 for (p = ex_data; *p != NULL; p = &((*p)->next)) {
613 if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
614 && (*p)->clear_free_func == clear_free_func) {
615 EC_EXTRA_DATA *next = (*p)->next;
617 (*p)->clear_free_func((*p)->data);
626 /* this has 'package' visibility */
627 void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
636 EC_EXTRA_DATA *next = d->next;
638 d->free_func(d->data);
646 /* this has 'package' visibility */
647 void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
656 EC_EXTRA_DATA *next = d->next;
658 d->clear_free_func(d->data);
666 /* functions for EC_POINT objects */
668 EC_POINT *EC_POINT_new(const EC_GROUP *group)
673 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
676 if (group->meth->point_init == 0) {
677 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
681 ret = OPENSSL_malloc(sizeof(*ret));
683 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
687 ret->meth = group->meth;
689 if (!ret->meth->point_init(ret)) {
697 void EC_POINT_free(EC_POINT *point)
702 if (point->meth->point_finish != 0)
703 point->meth->point_finish(point);
707 void EC_POINT_clear_free(EC_POINT *point)
712 if (point->meth->point_clear_finish != 0)
713 point->meth->point_clear_finish(point);
714 else if (point->meth->point_finish != 0)
715 point->meth->point_finish(point);
716 OPENSSL_clear_free(point, sizeof(*point));
719 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
721 if (dest->meth->point_copy == 0) {
722 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
725 if (dest->meth != src->meth) {
726 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
731 return dest->meth->point_copy(dest, src);
734 EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
742 t = EC_POINT_new(group);
745 r = EC_POINT_copy(t, a);
753 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
758 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
760 if (group->meth->point_set_to_infinity == 0) {
761 ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
762 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
765 if (group->meth != point->meth) {
766 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
769 return group->meth->point_set_to_infinity(group, point);
772 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
773 EC_POINT *point, const BIGNUM *x,
774 const BIGNUM *y, const BIGNUM *z,
777 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
778 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
779 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
782 if (group->meth != point->meth) {
783 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
784 EC_R_INCOMPATIBLE_OBJECTS);
787 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
791 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
792 const EC_POINT *point, BIGNUM *x,
793 BIGNUM *y, BIGNUM *z,
796 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
797 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
798 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
801 if (group->meth != point->meth) {
802 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
803 EC_R_INCOMPATIBLE_OBJECTS);
806 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
810 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
811 EC_POINT *point, const BIGNUM *x,
812 const BIGNUM *y, BN_CTX *ctx)
814 if (group->meth->point_set_affine_coordinates == 0) {
815 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
816 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
819 if (group->meth != point->meth) {
820 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
821 EC_R_INCOMPATIBLE_OBJECTS);
824 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
827 #ifndef OPENSSL_NO_EC2M
828 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
829 EC_POINT *point, const BIGNUM *x,
830 const BIGNUM *y, BN_CTX *ctx)
832 if (group->meth->point_set_affine_coordinates == 0) {
833 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
834 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
837 if (group->meth != point->meth) {
838 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
839 EC_R_INCOMPATIBLE_OBJECTS);
842 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
846 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
847 const EC_POINT *point, BIGNUM *x,
848 BIGNUM *y, BN_CTX *ctx)
850 if (group->meth->point_get_affine_coordinates == 0) {
851 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
852 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
855 if (group->meth != point->meth) {
856 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
857 EC_R_INCOMPATIBLE_OBJECTS);
860 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
863 #ifndef OPENSSL_NO_EC2M
864 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
865 const EC_POINT *point, BIGNUM *x,
866 BIGNUM *y, BN_CTX *ctx)
868 if (group->meth->point_get_affine_coordinates == 0) {
869 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
870 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
873 if (group->meth != point->meth) {
874 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
875 EC_R_INCOMPATIBLE_OBJECTS);
878 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
882 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
883 const EC_POINT *b, BN_CTX *ctx)
885 if (group->meth->add == 0) {
886 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
889 if ((group->meth != r->meth) || (r->meth != a->meth)
890 || (a->meth != b->meth)) {
891 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
894 return group->meth->add(group, r, a, b, ctx);
897 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
900 if (group->meth->dbl == 0) {
901 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
904 if ((group->meth != r->meth) || (r->meth != a->meth)) {
905 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
908 return group->meth->dbl(group, r, a, ctx);
911 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
913 if (group->meth->invert == 0) {
914 ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
917 if (group->meth != a->meth) {
918 ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
921 return group->meth->invert(group, a, ctx);
924 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
926 if (group->meth->is_at_infinity == 0) {
927 ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
928 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
931 if (group->meth != point->meth) {
932 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
935 return group->meth->is_at_infinity(group, point);
939 * Check whether an EC_POINT is on the curve or not. Note that the return
940 * value for this function should NOT be treated as a boolean. Return values:
941 * 1: The point is on the curve
942 * 0: The point is not on the curve
943 * -1: An error occurred
945 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
948 if (group->meth->is_on_curve == 0) {
949 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
952 if (group->meth != point->meth) {
953 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
956 return group->meth->is_on_curve(group, point, ctx);
959 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
962 if (group->meth->point_cmp == 0) {
963 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
966 if ((group->meth != a->meth) || (a->meth != b->meth)) {
967 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
970 return group->meth->point_cmp(group, a, b, ctx);
973 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
975 if (group->meth->make_affine == 0) {
976 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
979 if (group->meth != point->meth) {
980 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
983 return group->meth->make_affine(group, point, ctx);
986 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
987 EC_POINT *points[], BN_CTX *ctx)
991 if (group->meth->points_make_affine == 0) {
992 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
995 for (i = 0; i < num; i++) {
996 if (group->meth != points[i]->meth) {
997 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
1001 return group->meth->points_make_affine(group, num, points, ctx);
1005 * Functions for point multiplication. If group->meth->mul is 0, we use the
1006 * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
1010 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
1011 size_t num, const EC_POINT *points[],
1012 const BIGNUM *scalars[], BN_CTX *ctx)
1014 if (group->meth->mul == 0)
1016 return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
1018 return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
1021 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
1022 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
1024 /* just a convenient interface to EC_POINTs_mul() */
1026 const EC_POINT *points[1];
1027 const BIGNUM *scalars[1];
1030 scalars[0] = p_scalar;
1032 return EC_POINTs_mul(group, r, g_scalar,
1034 && p_scalar != NULL), points, scalars, ctx);
1037 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
1039 if (group->meth->mul == 0)
1041 return ec_wNAF_precompute_mult(group, ctx);
1043 if (group->meth->precompute_mult != 0)
1044 return group->meth->precompute_mult(group, ctx);
1046 return 1; /* nothing to do, so report success */
1049 int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
1051 if (group->meth->mul == 0)
1053 return ec_wNAF_have_precompute_mult(group);
1055 if (group->meth->have_precompute_mult != 0)
1056 return group->meth->have_precompute_mult(group);
1058 return 0; /* cannot tell whether precomputation has
1063 * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
1064 * returns one on success. On error it returns zero.
1066 int ec_precompute_mont_data(EC_GROUP *group)
1068 BN_CTX *ctx = BN_CTX_new();
1071 BN_MONT_CTX_free(group->mont_data);
1072 group->mont_data = NULL;
1077 group->mont_data = BN_MONT_CTX_new();
1078 if (group->mont_data == NULL)
1081 if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
1082 BN_MONT_CTX_free(group->mont_data);
1083 group->mont_data = NULL;
projects / openssl.git / blob