2 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
15 # include <openssl/macros.h>
16 # ifndef OPENSSL_NO_DEPRECATED_3_0
20 # include <openssl/opensslconf.h>
22 # ifndef OPENSSL_NO_EC
23 # include <openssl/asn1.h>
24 # include <openssl/symhacks.h>
25 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
26 # include <openssl/bn.h>
28 # include <openssl/ecerr.h>
33 # ifndef OPENSSL_ECC_MAX_FIELD_BITS
34 # define OPENSSL_ECC_MAX_FIELD_BITS 661
37 /** Enum for the point conversion form as defined in X9.62 (ECDSA)
38 * for the encoding of a elliptic curve point (x,y) */
40 /** the point is encoded as z||x, where the octet z specifies
41 * which solution of the quadratic equation y is */
42 POINT_CONVERSION_COMPRESSED = 2,
43 /** the point is encoded as z||x||y, where z is the octet 0x04 */
44 POINT_CONVERSION_UNCOMPRESSED = 4,
45 /** the point is encoded as z||x||y, where the octet z specifies
46 * which solution of the quadratic equation y is */
47 POINT_CONVERSION_HYBRID = 6
48 } point_conversion_form_t;
50 # include <openssl/params.h>
51 # ifndef OPENSSL_NO_DEPRECATED_3_0
52 typedef struct ec_method_st EC_METHOD;
54 typedef struct ec_group_st EC_GROUP;
55 typedef struct ec_point_st EC_POINT;
56 typedef struct ecpk_parameters_st ECPKPARAMETERS;
57 typedef struct ec_parameters_st ECPARAMETERS;
59 /********************************************************************/
60 /* EC_METHODs for curves over GF(p) */
61 /********************************************************************/
63 /** Returns the basic GFp ec methods which provides the basis for the
65 * \return EC_METHOD object
67 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_simple_method(void))
69 /** Returns GFp methods using montgomery multiplication.
70 * \return EC_METHOD object
72 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_mont_method(void))
74 /** Returns GFp methods using optimized methods for NIST recommended curves
75 * \return EC_METHOD object
77 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nist_method(void))
79 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
80 /** Returns 64-bit optimized methods for nistp224
81 * \return EC_METHOD object
83 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp224_method(void))
85 /** Returns 64-bit optimized methods for nistp256
86 * \return EC_METHOD object
88 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp256_method(void))
90 /** Returns 64-bit optimized methods for nistp521
91 * \return EC_METHOD object
93 DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void))
96 # ifndef OPENSSL_NO_EC2M
97 /********************************************************************/
98 /* EC_METHOD for curves over GF(2^m) */
99 /********************************************************************/
101 /** Returns the basic GF2m ec method
102 * \return EC_METHOD object
104 DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void))
108 /********************************************************************/
109 /* EC_GROUP functions */
110 /********************************************************************/
113 * Creates a new EC_GROUP object
114 * \param meth EC_METHOD to use
115 * \return newly created EC_GROUP object or NULL in case of an error.
117 DEPRECATEDIN_3_0(EC_GROUP *EC_GROUP_new(const EC_METHOD *meth))
119 /** Frees a EC_GROUP object
120 * \param group EC_GROUP object to be freed.
122 void EC_GROUP_free(EC_GROUP *group);
124 /** Clears and frees a EC_GROUP object
125 * \param group EC_GROUP object to be cleared and freed.
127 DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group))
129 /** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
130 * \param dst destination EC_GROUP object
131 * \param src source EC_GROUP object
132 * \return 1 on success and 0 if an error occurred.
134 int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
136 /** Creates a new EC_GROUP object and copies the content
137 * form src to the newly created EC_KEY object
138 * \param src source EC_GROUP object
139 * \return newly created EC_GROUP object or NULL in case of an error.
141 EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
143 /** Returns the EC_METHOD of the EC_GROUP object.
144 * \param group EC_GROUP object
145 * \return EC_METHOD used in this EC_GROUP object.
147 DEPRECATEDIN_3_0(const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group))
149 /** Returns the field type of the EC_METHOD.
150 * \param meth EC_METHOD object
151 * \return NID of the underlying field type OID.
153 DEPRECATEDIN_3_0(int EC_METHOD_get_field_type(const EC_METHOD *meth))
155 /** Sets the generator and its order/cofactor of a EC_GROUP object.
156 * \param group EC_GROUP object
157 * \param generator EC_POINT object with the generator.
158 * \param order the order of the group generated by the generator.
159 * \param cofactor the index of the sub-group generated by the generator
160 * in the group of all points on the elliptic curve.
161 * \return 1 on success and 0 if an error occurred
163 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
164 const BIGNUM *order, const BIGNUM *cofactor);
166 /** Returns the generator of a EC_GROUP object.
167 * \param group EC_GROUP object
168 * \return the currently used generator (possibly NULL).
170 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
172 /** Returns the montgomery data for order(Generator)
173 * \param group EC_GROUP object
174 * \return the currently used montgomery data (possibly NULL).
176 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
178 /** Gets the order of a EC_GROUP
179 * \param group EC_GROUP object
180 * \param order BIGNUM to which the order is copied
182 * \return 1 on success and 0 if an error occurred
184 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
186 /** Gets the order of an EC_GROUP
187 * \param group EC_GROUP object
188 * \return the group order
190 const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
192 /** Gets the number of bits of the order of an EC_GROUP
193 * \param group EC_GROUP object
194 * \return number of bits of group order.
196 int EC_GROUP_order_bits(const EC_GROUP *group);
198 /** Gets the cofactor of a EC_GROUP
199 * \param group EC_GROUP object
200 * \param cofactor BIGNUM to which the cofactor is copied
202 * \return 1 on success and 0 if an error occurred
204 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
207 /** Gets the cofactor of an EC_GROUP
208 * \param group EC_GROUP object
209 * \return the group cofactor
211 const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
213 /** Sets the name of a EC_GROUP object
214 * \param group EC_GROUP object
215 * \param nid NID of the curve name OID
217 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
219 /** Returns the curve name of a EC_GROUP object
220 * \param group EC_GROUP object
221 * \return NID of the curve name OID or 0 if not set.
223 int EC_GROUP_get_curve_name(const EC_GROUP *group);
225 /** Gets the field of an EC_GROUP
226 * \param group EC_GROUP object
227 * \return the group field
229 const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group);
231 /** Returns the field type of the EC_GROUP.
232 * \param group EC_GROUP object
233 * \return NID of the underlying field type OID.
235 int EC_GROUP_get_field_type(const EC_GROUP *group);
237 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
238 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
240 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
241 point_conversion_form_t form);
242 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
244 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
245 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
246 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
248 /** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp)
249 * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
250 * \param group EC_GROUP object
251 * \param p BIGNUM with the prime number (GFp) or the polynomial
252 * defining the underlying field (GF2m)
253 * \param a BIGNUM with parameter a of the equation
254 * \param b BIGNUM with parameter b of the equation
255 * \param ctx BN_CTX object (optional)
256 * \return 1 on success and 0 if an error occurred
258 int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
259 const BIGNUM *b, BN_CTX *ctx);
261 /** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp)
262 * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
263 * \param group EC_GROUP object
264 * \param p BIGNUM with the prime number (GFp) or the polynomial
265 * defining the underlying field (GF2m)
266 * \param a BIGNUM for parameter a of the equation
267 * \param b BIGNUM for parameter b of the equation
268 * \param ctx BN_CTX object (optional)
269 * \return 1 on success and 0 if an error occurred
271 int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
274 /** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
275 * \param group EC_GROUP object
276 * \param p BIGNUM with the prime number (GFp) or the polynomial
277 * defining the underlying field (GF2m)
278 * \param a BIGNUM with parameter a of the equation
279 * \param b BIGNUM with parameter b of the equation
280 * \param ctx BN_CTX object (optional)
281 * \return 1 on success and 0 if an error occurred
283 DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
284 const BIGNUM *a, const BIGNUM *b,
287 /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
288 * \param group EC_GROUP object
289 * \param p BIGNUM with the prime number (GFp) or the polynomial
290 * defining the underlying field (GF2m)
291 * \param a BIGNUM for parameter a of the equation
292 * \param b BIGNUM for parameter b of the equation
293 * \param ctx BN_CTX object (optional)
294 * \return 1 on success and 0 if an error occurred
296 DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
297 BIGNUM *a, BIGNUM *b,
300 # ifndef OPENSSL_NO_EC2M
301 /** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
302 * \param group EC_GROUP object
303 * \param p BIGNUM with the prime number (GFp) or the polynomial
304 * defining the underlying field (GF2m)
305 * \param a BIGNUM with parameter a of the equation
306 * \param b BIGNUM with parameter b of the equation
307 * \param ctx BN_CTX object (optional)
308 * \return 1 on success and 0 if an error occurred
310 DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
311 const BIGNUM *a, const BIGNUM *b,
314 /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
315 * \param group EC_GROUP object
316 * \param p BIGNUM with the prime number (GFp) or the polynomial
317 * defining the underlying field (GF2m)
318 * \param a BIGNUM for parameter a of the equation
319 * \param b BIGNUM for parameter b of the equation
320 * \param ctx BN_CTX object (optional)
321 * \return 1 on success and 0 if an error occurred
323 DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
324 BIGNUM *a, BIGNUM *b,
327 /** Returns the number of bits needed to represent a field element
328 * \param group EC_GROUP object
329 * \return number of bits needed to represent a field element
331 int EC_GROUP_get_degree(const EC_GROUP *group);
333 /** Checks whether the parameter in the EC_GROUP define a valid ec group
334 * \param group EC_GROUP object
335 * \param ctx BN_CTX object (optional)
336 * \return 1 if group is a valid ec group and 0 otherwise
338 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
340 /** Checks whether the discriminant of the elliptic curve is zero or not
341 * \param group EC_GROUP object
342 * \param ctx BN_CTX object (optional)
343 * \return 1 if the discriminant is not zero and 0 otherwise
345 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
347 /** Compares two EC_GROUP objects
348 * \param a first EC_GROUP object
349 * \param b second EC_GROUP object
350 * \param ctx BN_CTX object (optional)
351 * \return 0 if the groups are equal, 1 if not, or -1 on error
353 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
356 * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after
357 * choosing an appropriate EC_METHOD
360 /** Creates a new EC_GROUP object with the specified parameters defined
361 * over GFp (defined by the equation y^2 = x^3 + a*x + b)
362 * \param p BIGNUM with the prime number
363 * \param a BIGNUM with the parameter a of the equation
364 * \param b BIGNUM with the parameter b of the equation
365 * \param ctx BN_CTX object (optional)
366 * \return newly created EC_GROUP object with the specified parameters
368 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
369 const BIGNUM *b, BN_CTX *ctx);
370 # ifndef OPENSSL_NO_EC2M
371 /** Creates a new EC_GROUP object with the specified parameters defined
372 * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
373 * \param p BIGNUM with the polynomial defining the underlying field
374 * \param a BIGNUM with the parameter a of the equation
375 * \param b BIGNUM with the parameter b of the equation
376 * \param ctx BN_CTX object (optional)
377 * \return newly created EC_GROUP object with the specified parameters
379 EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
380 const BIGNUM *b, BN_CTX *ctx);
384 * Creates a EC_GROUP object with a curve specified by parameters.
385 * The parameters may be explicit or a named curve,
386 * \param params A list of parameters describing the group.
387 * \param libctx The associated library context or NULL for the default
389 * \param propq A property query string
390 * \return newly created EC_GROUP object with specified parameters or NULL
391 * if an error occurred
393 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
394 OPENSSL_CTX *libctx, const char *propq);
397 * Creates a EC_GROUP object with a curve specified by a NID
398 * \param libctx The associated library context or NULL for the default
400 * \param propq A property query string
401 * \param nid NID of the OID of the curve name
402 * \return newly created EC_GROUP object with specified curve or NULL
403 * if an error occurred
405 EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx,
406 const char *propq, int nid);
409 * Creates a EC_GROUP object with a curve specified by a NID. Same as
410 * EC_GROUP_new_by_curve_name_with_libctx but the libctx and propq are always
412 * \param nid NID of the OID of the curve name
413 * \return newly created EC_GROUP object with specified curve or NULL
414 * if an error occurred
416 EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
418 /** Creates a new EC_GROUP object from an ECPARAMETERS object
419 * \param params pointer to the ECPARAMETERS object
420 * \return newly created EC_GROUP object with specified curve or NULL
421 * if an error occurred
423 EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
425 /** Creates an ECPARAMETERS object for the given EC_GROUP object.
426 * \param group pointer to the EC_GROUP object
427 * \param params pointer to an existing ECPARAMETERS object or NULL
428 * \return pointer to the new ECPARAMETERS object or NULL
429 * if an error occurred.
431 ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
432 ECPARAMETERS *params);
434 /** Creates a new EC_GROUP object from an ECPKPARAMETERS object
435 * \param params pointer to an existing ECPKPARAMETERS object, or NULL
436 * \return newly created EC_GROUP object with specified curve, or NULL
437 * if an error occurred
439 EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
441 /** Creates an ECPKPARAMETERS object for the given EC_GROUP object.
442 * \param group pointer to the EC_GROUP object
443 * \param params pointer to an existing ECPKPARAMETERS object or NULL
444 * \return pointer to the new ECPKPARAMETERS object or NULL
445 * if an error occurred.
447 ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
448 ECPKPARAMETERS *params);
450 /********************************************************************/
451 /* handling of internal curves */
452 /********************************************************************/
460 * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
461 * available curves or zero if a error occurred. In case r is not zero,
462 * nitems EC_builtin_curve structures are filled with the data of the first
463 * nitems internal groups
465 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
467 const char *EC_curve_nid2nist(int nid);
468 int EC_curve_nist2nid(const char *name);
469 int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
472 /********************************************************************/
473 /* EC_POINT functions */
474 /********************************************************************/
476 /** Creates a new EC_POINT object for the specified EC_GROUP
477 * \param group EC_GROUP the underlying EC_GROUP object
478 * \return newly created EC_POINT object or NULL if an error occurred
480 EC_POINT *EC_POINT_new(const EC_GROUP *group);
482 /** Frees a EC_POINT object
483 * \param point EC_POINT object to be freed
485 void EC_POINT_free(EC_POINT *point);
487 /** Clears and frees a EC_POINT object
488 * \param point EC_POINT object to be cleared and freed
490 void EC_POINT_clear_free(EC_POINT *point);
492 /** Copies EC_POINT object
493 * \param dst destination EC_POINT object
494 * \param src source EC_POINT object
495 * \return 1 on success and 0 if an error occurred
497 int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
499 /** Creates a new EC_POINT object and copies the content of the supplied
501 * \param src source EC_POINT object
502 * \param group underlying the EC_GROUP object
503 * \return newly created EC_POINT object or NULL if an error occurred
505 EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
507 /** Returns the EC_METHOD used in EC_POINT object
508 * \param point EC_POINT object
509 * \return the EC_METHOD used
511 DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point))
513 /** Sets a point to infinity (neutral element)
514 * \param group underlying EC_GROUP object
515 * \param point EC_POINT to set to infinity
516 * \return 1 on success and 0 if an error occurred
518 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
520 /** Sets the jacobian projective coordinates of a EC_POINT over GFp
521 * \param group underlying EC_GROUP object
522 * \param p EC_POINT object
523 * \param x BIGNUM with the x-coordinate
524 * \param y BIGNUM with the y-coordinate
525 * \param z BIGNUM with the z-coordinate
526 * \param ctx BN_CTX object (optional)
527 * \return 1 on success and 0 if an error occurred
529 DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
530 EC_POINT *p, const BIGNUM *x,
531 const BIGNUM *y, const BIGNUM *z,
534 /** Gets the jacobian projective coordinates of a EC_POINT over GFp
535 * \param group underlying EC_GROUP object
536 * \param p EC_POINT object
537 * \param x BIGNUM for the x-coordinate
538 * \param y BIGNUM for the y-coordinate
539 * \param z BIGNUM for the z-coordinate
540 * \param ctx BN_CTX object (optional)
541 * \return 1 on success and 0 if an error occurred
543 DEPRECATEDIN_3_0(int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
544 const EC_POINT *p, BIGNUM *x,
545 BIGNUM *y, BIGNUM *z,
548 /** Sets the affine coordinates of an EC_POINT
549 * \param group underlying EC_GROUP object
550 * \param p EC_POINT object
551 * \param x BIGNUM with the x-coordinate
552 * \param y BIGNUM with the y-coordinate
553 * \param ctx BN_CTX object (optional)
554 * \return 1 on success and 0 if an error occurred
556 int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
557 const BIGNUM *x, const BIGNUM *y,
560 /** Gets the affine coordinates of an EC_POINT.
561 * \param group underlying EC_GROUP object
562 * \param p EC_POINT object
563 * \param x BIGNUM for the x-coordinate
564 * \param y BIGNUM for the y-coordinate
565 * \param ctx BN_CTX object (optional)
566 * \return 1 on success and 0 if an error occurred
568 int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
569 BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
571 /** Sets the affine coordinates of an EC_POINT. A synonym of
572 * EC_POINT_set_affine_coordinates
573 * \param group underlying EC_GROUP object
574 * \param p EC_POINT object
575 * \param x BIGNUM with the x-coordinate
576 * \param y BIGNUM with the y-coordinate
577 * \param ctx BN_CTX object (optional)
578 * \return 1 on success and 0 if an error occurred
580 DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
586 /** Gets the affine coordinates of an EC_POINT. A synonym of
587 * EC_POINT_get_affine_coordinates
588 * \param group underlying EC_GROUP object
589 * \param p EC_POINT object
590 * \param x BIGNUM for the x-coordinate
591 * \param y BIGNUM for the y-coordinate
592 * \param ctx BN_CTX object (optional)
593 * \return 1 on success and 0 if an error occurred
595 DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
601 /** Sets the x9.62 compressed coordinates of a EC_POINT
602 * \param group underlying EC_GROUP object
603 * \param p EC_POINT object
604 * \param x BIGNUM with x-coordinate
605 * \param y_bit integer with the y-Bit (either 0 or 1)
606 * \param ctx BN_CTX object (optional)
607 * \return 1 on success and 0 if an error occurred
609 int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
610 const BIGNUM *x, int y_bit,
613 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
614 * EC_POINT_set_compressed_coordinates
615 * \param group underlying EC_GROUP object
616 * \param p EC_POINT object
617 * \param x BIGNUM with x-coordinate
618 * \param y_bit integer with the y-Bit (either 0 or 1)
619 * \param ctx BN_CTX object (optional)
620 * \return 1 on success and 0 if an error occurred
622 DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
627 # ifndef OPENSSL_NO_EC2M
628 /** Sets the affine coordinates of an EC_POINT. A synonym of
629 * EC_POINT_set_affine_coordinates
630 * \param group underlying EC_GROUP object
631 * \param p EC_POINT object
632 * \param x BIGNUM with the x-coordinate
633 * \param y BIGNUM with the y-coordinate
634 * \param ctx BN_CTX object (optional)
635 * \return 1 on success and 0 if an error occurred
637 DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
643 /** Gets the affine coordinates of an EC_POINT. A synonym of
644 * EC_POINT_get_affine_coordinates
645 * \param group underlying EC_GROUP object
646 * \param p EC_POINT object
647 * \param x BIGNUM for the x-coordinate
648 * \param y BIGNUM for the y-coordinate
649 * \param ctx BN_CTX object (optional)
650 * \return 1 on success and 0 if an error occurred
652 DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
658 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
659 * EC_POINT_set_compressed_coordinates
660 * \param group underlying EC_GROUP object
661 * \param p EC_POINT object
662 * \param x BIGNUM with x-coordinate
663 * \param y_bit integer with the y-Bit (either 0 or 1)
664 * \param ctx BN_CTX object (optional)
665 * \return 1 on success and 0 if an error occurred
667 DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
673 /** Encodes a EC_POINT object to a octet string
674 * \param group underlying EC_GROUP object
675 * \param p EC_POINT object
676 * \param form point conversion form
677 * \param buf memory buffer for the result. If NULL the function returns
678 * required buffer size.
679 * \param len length of the memory buffer
680 * \param ctx BN_CTX object (optional)
681 * \return the length of the encoded octet string or 0 if an error occurred
683 size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
684 point_conversion_form_t form,
685 unsigned char *buf, size_t len, BN_CTX *ctx);
687 /** Decodes a EC_POINT from a octet string
688 * \param group underlying EC_GROUP object
689 * \param p EC_POINT object
690 * \param buf memory buffer with the encoded ec point
691 * \param len length of the encoded ec point
692 * \param ctx BN_CTX object (optional)
693 * \return 1 on success and 0 if an error occurred
695 int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
696 const unsigned char *buf, size_t len, BN_CTX *ctx);
698 /** Encodes an EC_POINT object to an allocated octet string
699 * \param group underlying EC_GROUP object
700 * \param point EC_POINT object
701 * \param form point conversion form
702 * \param pbuf returns pointer to allocated buffer
703 * \param ctx BN_CTX object (optional)
704 * \return the length of the encoded octet string or 0 if an error occurred
706 size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
707 point_conversion_form_t form,
708 unsigned char **pbuf, BN_CTX *ctx);
710 /* other interfaces to point2oct/oct2point: */
711 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
712 point_conversion_form_t form, BIGNUM *, BN_CTX *);
713 EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
714 EC_POINT *, BN_CTX *);
715 char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
716 point_conversion_form_t form, BN_CTX *);
717 EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
718 EC_POINT *, BN_CTX *);
720 /********************************************************************/
721 /* functions for doing EC_POINT arithmetic */
722 /********************************************************************/
724 /** Computes the sum of two EC_POINT
725 * \param group underlying EC_GROUP object
726 * \param r EC_POINT object for the result (r = a + b)
727 * \param a EC_POINT object with the first summand
728 * \param b EC_POINT object with the second summand
729 * \param ctx BN_CTX object (optional)
730 * \return 1 on success and 0 if an error occurred
732 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
733 const EC_POINT *b, BN_CTX *ctx);
735 /** Computes the double of a EC_POINT
736 * \param group underlying EC_GROUP object
737 * \param r EC_POINT object for the result (r = 2 * a)
738 * \param a EC_POINT object
739 * \param ctx BN_CTX object (optional)
740 * \return 1 on success and 0 if an error occurred
742 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
745 /** Computes the inverse of a EC_POINT
746 * \param group underlying EC_GROUP object
747 * \param a EC_POINT object to be inverted (it's used for the result as well)
748 * \param ctx BN_CTX object (optional)
749 * \return 1 on success and 0 if an error occurred
751 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
753 /** Checks whether the point is the neutral element of the group
754 * \param group the underlying EC_GROUP object
755 * \param p EC_POINT object
756 * \return 1 if the point is the neutral element and 0 otherwise
758 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
760 /** Checks whether the point is on the curve
761 * \param group underlying EC_GROUP object
762 * \param point EC_POINT object to check
763 * \param ctx BN_CTX object (optional)
764 * \return 1 if the point is on the curve, 0 if not, or -1 on error
766 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
769 /** Compares two EC_POINTs
770 * \param group underlying EC_GROUP object
771 * \param a first EC_POINT object
772 * \param b second EC_POINT object
773 * \param ctx BN_CTX object (optional)
774 * \return 1 if the points are not equal, 0 if they are, or -1 on error
776 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
779 DEPRECATEDIN_3_0(int EC_POINT_make_affine(const EC_GROUP *group,
780 EC_POINT *point, BN_CTX *ctx))
781 DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
782 EC_POINT *points[], BN_CTX *ctx))
784 /** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
785 * \param group underlying EC_GROUP object
786 * \param r EC_POINT object for the result
787 * \param n BIGNUM with the multiplier for the group generator (optional)
788 * \param num number further summands
789 * \param p array of size num of EC_POINT objects
790 * \param m array of size num of BIGNUM objects
791 * \param ctx BN_CTX object (optional)
792 * \return 1 on success and 0 if an error occurred
794 DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
795 const BIGNUM *n, size_t num,
796 const EC_POINT *p[], const BIGNUM *m[],
799 /** Computes r = generator * n + q * m
800 * \param group underlying EC_GROUP object
801 * \param r EC_POINT object for the result
802 * \param n BIGNUM with the multiplier for the group generator (optional)
803 * \param q EC_POINT object with the first factor of the second summand
804 * \param m BIGNUM with the second factor of the second summand
805 * \param ctx BN_CTX object (optional)
806 * \return 1 on success and 0 if an error occurred
808 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
809 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
811 /** Stores multiples of generator for faster point multiplication
812 * \param group EC_GROUP object
813 * \param ctx BN_CTX object (optional)
814 * \return 1 on success and 0 if an error occurred
816 DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx))
818 /** Reports whether a precomputation has been done
819 * \param group EC_GROUP object
820 * \return 1 if a pre-computation has been done and 0 otherwise
822 DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group))
824 /********************************************************************/
826 /********************************************************************/
828 DECLARE_ASN1_ITEM(ECPKPARAMETERS)
829 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS)
830 DECLARE_ASN1_ITEM(ECPARAMETERS)
831 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
834 * EC_GROUP_get_basis_type() returns the NID of the basis type used to
835 * represent the field elements
837 int EC_GROUP_get_basis_type(const EC_GROUP *);
838 # ifndef OPENSSL_NO_EC2M
839 int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
840 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
841 unsigned int *k2, unsigned int *k3);
844 # define OPENSSL_EC_EXPLICIT_CURVE 0x000
845 # define OPENSSL_EC_NAMED_CURVE 0x001
847 EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
848 int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
850 # define d2i_ECPKParameters_bio(bp,x) \
851 ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x)
852 # define i2d_ECPKParameters_bio(bp,x) \
853 ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x)
854 # define d2i_ECPKParameters_fp(fp,x) \
855 (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \
856 (unsigned char **)(x))
857 # define i2d_ECPKParameters_fp(fp,x) \
858 ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x))
860 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
861 # ifndef OPENSSL_NO_STDIO
862 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
865 /********************************************************************/
866 /* EC_KEY functions */
867 /********************************************************************/
869 /* some values for the encoding_flag */
870 # define EC_PKEY_NO_PARAMETERS 0x001
871 # define EC_PKEY_NO_PUBKEY 0x002
873 /* some values for the flags field */
874 # define EC_FLAG_NON_FIPS_ALLOW 0x1
875 # define EC_FLAG_FIPS_CHECKED 0x2
876 # define EC_FLAG_COFACTOR_ECDH 0x1000
879 * Creates a new EC_KEY object.
880 * \param ctx The library context for to use for this EC_KEY. May be NULL in
881 * which case the default library context is used.
882 * \return EC_KEY object or NULL if an error occurred.
884 EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq);
887 * Creates a new EC_KEY object. Same as calling EC_KEY_new_with_libctx with a
888 * NULL library context
889 * \return EC_KEY object or NULL if an error occurred.
891 EC_KEY *EC_KEY_new(void);
893 int EC_KEY_get_flags(const EC_KEY *key);
895 void EC_KEY_set_flags(EC_KEY *key, int flags);
897 void EC_KEY_clear_flags(EC_KEY *key, int flags);
899 int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
902 * Creates a new EC_KEY object using a named curve as underlying
904 * \param ctx The library context for to use for this EC_KEY. May be NULL in
905 * which case the default library context is used.
906 * \param propq Any property query string
907 * \param nid NID of the named curve.
908 * \return EC_KEY object or NULL if an error occurred.
910 EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, const char *propq,
914 * Creates a new EC_KEY object using a named curve as underlying
915 * EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL
916 * library context and property query string.
917 * \param nid NID of the named curve.
918 * \return EC_KEY object or NULL if an error occurred.
920 EC_KEY *EC_KEY_new_by_curve_name(int nid);
923 /** Frees a EC_KEY object.
924 * \param key EC_KEY object to be freed.
926 void EC_KEY_free(EC_KEY *key);
928 /** Copies a EC_KEY object.
929 * \param dst destination EC_KEY object
930 * \param src src EC_KEY object
931 * \return dst or NULL if an error occurred.
933 EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
935 /** Creates a new EC_KEY object and copies the content from src to it.
936 * \param src the source EC_KEY object
937 * \return newly created EC_KEY object or NULL if an error occurred.
939 EC_KEY *EC_KEY_dup(const EC_KEY *src);
941 /** Increases the internal reference count of a EC_KEY object.
942 * \param key EC_KEY object
943 * \return 1 on success and 0 if an error occurred.
945 int EC_KEY_up_ref(EC_KEY *key);
947 /** Returns the ENGINE object of a EC_KEY object
948 * \param eckey EC_KEY object
949 * \return the ENGINE object (possibly NULL).
951 ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
953 /** Returns the EC_GROUP object of a EC_KEY object
954 * \param key EC_KEY object
955 * \return the EC_GROUP object (possibly NULL).
957 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
959 /** Sets the EC_GROUP of a EC_KEY object.
960 * \param key EC_KEY object
961 * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY
962 * object will use an own copy of the EC_GROUP).
963 * \return 1 on success and 0 if an error occurred.
965 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
967 /** Returns the private key of a EC_KEY object.
968 * \param key EC_KEY object
969 * \return a BIGNUM with the private key (possibly NULL).
971 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
973 /** Sets the private key of a EC_KEY object.
974 * \param key EC_KEY object
975 * \param prv BIGNUM with the private key (note: the EC_KEY object
976 * will use an own copy of the BIGNUM).
977 * \return 1 on success and 0 if an error occurred.
979 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
981 /** Returns the public key of a EC_KEY object.
982 * \param key the EC_KEY object
983 * \return a EC_POINT object with the public key (possibly NULL)
985 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
987 /** Sets the public key of a EC_KEY object.
988 * \param key EC_KEY object
989 * \param pub EC_POINT object with the public key (note: the EC_KEY object
990 * will use an own copy of the EC_POINT object).
991 * \return 1 on success and 0 if an error occurred.
993 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
995 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
996 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
997 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
998 void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
1000 # define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
1001 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
1002 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
1003 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
1005 /* wrapper functions for the underlying EC_GROUP object */
1006 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
1008 /** Creates a table of pre-computed multiples of the generator to
1009 * accelerate further EC_KEY operations.
1010 * \param key EC_KEY object
1011 * \param ctx BN_CTX object (optional)
1012 * \return 1 on success and 0 if an error occurred.
1014 DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx))
1016 /** Creates a new ec private (and optional a new public) key.
1017 * \param key EC_KEY object
1018 * \return 1 on success and 0 if an error occurred.
1020 int EC_KEY_generate_key(EC_KEY *key);
1022 /** Verifies that a private and/or public key is valid.
1023 * \param key the EC_KEY object
1024 * \return 1 on success and 0 otherwise.
1026 int EC_KEY_check_key(const EC_KEY *key);
1028 /** Indicates if an EC_KEY can be used for signing.
1029 * \param eckey the EC_KEY object
1030 * \return 1 if can can sign and 0 otherwise.
1032 int EC_KEY_can_sign(const EC_KEY *eckey);
1034 /** Sets a public key from affine coordinates performing
1035 * necessary NIST PKV tests.
1036 * \param key the EC_KEY object
1037 * \param x public key x coordinate
1038 * \param y public key y coordinate
1039 * \return 1 on success and 0 otherwise.
1041 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
1044 /** Encodes an EC_KEY public key to an allocated octet string
1045 * \param key key to encode
1046 * \param form point conversion form
1047 * \param pbuf returns pointer to allocated buffer
1048 * \param ctx BN_CTX object (optional)
1049 * \return the length of the encoded octet string or 0 if an error occurred
1051 size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
1052 unsigned char **pbuf, BN_CTX *ctx);
1054 /** Decodes a EC_KEY public key from a octet string
1055 * \param key key to decode
1056 * \param buf memory buffer with the encoded ec point
1057 * \param len length of the encoded ec point
1058 * \param ctx BN_CTX object (optional)
1059 * \return 1 on success and 0 if an error occurred
1062 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
1065 /** Decodes an EC_KEY private key from an octet string
1066 * \param key key to decode
1067 * \param buf memory buffer with the encoded private key
1068 * \param len length of the encoded key
1069 * \return 1 on success and 0 if an error occurred
1072 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
1074 /** Encodes a EC_KEY private key to an octet string
1075 * \param key key to encode
1076 * \param buf memory buffer for the result. If NULL the function returns
1077 * required buffer size.
1078 * \param len length of the memory buffer
1079 * \return the length of the encoded octet string or 0 if an error occurred
1082 size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
1084 /** Encodes an EC_KEY private key to an allocated octet string
1085 * \param eckey key to encode
1086 * \param pbuf returns pointer to allocated buffer
1087 * \return the length of the encoded octet string or 0 if an error occurred
1089 size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
1091 /********************************************************************/
1092 /* de- and encoding functions for SEC1 ECPrivateKey */
1093 /********************************************************************/
1095 /** Decodes a private key from a memory buffer.
1096 * \param key a pointer to a EC_KEY object which should be used (or NULL)
1097 * \param in pointer to memory with the DER encoded private key
1098 * \param len length of the DER encoded private key
1099 * \return the decoded private key or NULL if an error occurred.
1101 EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
1103 /** Encodes a private key object and stores the result in a buffer.
1104 * \param key the EC_KEY object to encode
1105 * \param out the buffer for the result (if NULL the function returns number
1107 * \return 1 on success and 0 if an error occurred.
1109 int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out);
1111 /********************************************************************/
1112 /* de- and encoding functions for EC parameters */
1113 /********************************************************************/
1115 /** Decodes ec parameter from a memory buffer.
1116 * \param key a pointer to a EC_KEY object which should be used (or NULL)
1117 * \param in pointer to memory with the DER encoded ec parameters
1118 * \param len length of the DER encoded ec parameters
1119 * \return a EC_KEY object with the decoded parameters or NULL if an error
1122 EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
1124 /** Encodes ec parameter and stores the result in a buffer.
1125 * \param key the EC_KEY object with ec parameters to encode
1126 * \param out the buffer for the result (if NULL the function returns number
1128 * \return 1 on success and 0 if an error occurred.
1130 int i2d_ECParameters(const EC_KEY *key, unsigned char **out);
1132 /********************************************************************/
1133 /* de- and encoding functions for EC public key */
1134 /* (octet string, not DER -- hence 'o2i' and 'i2o') */
1135 /********************************************************************/
1137 /** Decodes a ec public key from a octet string.
1138 * \param key a pointer to a EC_KEY object which should be used
1139 * \param in memory buffer with the encoded public key
1140 * \param len length of the encoded public key
1141 * \return EC_KEY object with decoded public key or NULL if an error
1144 EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
1146 /** Encodes a ec public key in an octet string.
1147 * \param key the EC_KEY object with the public key
1148 * \param out the buffer for the result (if NULL the function returns number
1150 * \return 1 on success and 0 if an error occurred
1152 int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
1154 /** Prints out the ec parameters on human readable form.
1155 * \param bp BIO object to which the information is printed
1156 * \param key EC_KEY object
1157 * \return 1 on success and 0 if an error occurred
1159 int ECParameters_print(BIO *bp, const EC_KEY *key);
1161 /** Prints out the contents of a EC_KEY object
1162 * \param bp BIO object to which the information is printed
1163 * \param key EC_KEY object
1164 * \param off line offset
1165 * \return 1 on success and 0 if an error occurred
1167 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
1169 # ifndef OPENSSL_NO_STDIO
1170 /** Prints out the ec parameters on human readable form.
1171 * \param fp file descriptor to which the information is printed
1172 * \param key EC_KEY object
1173 * \return 1 on success and 0 if an error occurred
1175 int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
1177 /** Prints out the contents of a EC_KEY object
1178 * \param fp file descriptor to which the information is printed
1179 * \param key EC_KEY object
1180 * \param off line offset
1181 * \return 1 on success and 0 if an error occurred
1183 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
1187 const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
1188 const EC_KEY_METHOD *EC_KEY_get_default_method(void);
1189 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
1190 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
1191 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
1192 EC_KEY *EC_KEY_new_method(ENGINE *engine);
1194 /** The old name for ecdh_KDF_X9_63
1195 * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
1196 * it is actually specified in ANSI X9.63.
1197 * This identifier is retained for backwards compatibility
1199 DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
1200 const unsigned char *Z, size_t Zlen,
1201 const unsigned char *sinfo, size_t sinfolen,
1204 DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen,
1205 const EC_POINT *pub_key,
1207 void *(*KDF)(const void *in, size_t inlen,
1208 void *out, size_t *outlen)))
1210 typedef struct ECDSA_SIG_st ECDSA_SIG;
1212 /** Allocates and initialize a ECDSA_SIG structure
1213 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
1215 ECDSA_SIG *ECDSA_SIG_new(void);
1217 /** frees a ECDSA_SIG structure
1218 * \param sig pointer to the ECDSA_SIG structure
1220 void ECDSA_SIG_free(ECDSA_SIG *sig);
1222 /** i2d_ECDSA_SIG encodes content of ECDSA_SIG (note: this function modifies *pp
1223 * (*pp += length of the DER encoded signature)).
1224 * \param sig pointer to the ECDSA_SIG object
1225 * \param pp pointer to a unsigned char pointer for the output or NULL
1226 * \return the length of the DER encoded ECDSA_SIG object or a negative value
1229 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ECDSA_SIG, ECDSA_SIG)
1231 /** d2i_ECDSA_SIG decodes an ECDSA signature (note: this function modifies *pp
1233 * \param sig pointer to ECDSA_SIG pointer (may be NULL)
1234 * \param pp memory buffer with the DER encoded signature
1235 * \param len length of the buffer
1236 * \return pointer to the decoded ECDSA_SIG structure (or NULL)
1239 /** Accessor for r and s fields of ECDSA_SIG
1240 * \param sig pointer to ECDSA_SIG structure
1241 * \param pr pointer to BIGNUM pointer for r (may be NULL)
1242 * \param ps pointer to BIGNUM pointer for s (may be NULL)
1244 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
1246 /** Accessor for r field of ECDSA_SIG
1247 * \param sig pointer to ECDSA_SIG structure
1249 const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
1251 /** Accessor for s field of ECDSA_SIG
1252 * \param sig pointer to ECDSA_SIG structure
1254 const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
1256 /** Setter for r and s fields of ECDSA_SIG
1257 * \param sig pointer to ECDSA_SIG structure
1258 * \param r pointer to BIGNUM for r (may be NULL)
1259 * \param s pointer to BIGNUM for s (may be NULL)
1261 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
1263 /** Computes the ECDSA signature of the given hash value using
1264 * the supplied private key and returns the created signature.
1265 * \param dgst pointer to the hash value
1266 * \param dgst_len length of the hash value
1267 * \param eckey EC_KEY object containing a private EC key
1268 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
1270 DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
1271 int dgst_len, EC_KEY *eckey))
1273 /** Computes ECDSA signature of a given hash value using the supplied
1274 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
1275 * \param dgst pointer to the hash value to sign
1276 * \param dgstlen length of the hash value
1277 * \param kinv BIGNUM with a pre-computed inverse k (optional)
1278 * \param rp BIGNUM with a pre-computed rp value (optional),
1279 * see ECDSA_sign_setup
1280 * \param eckey EC_KEY object containing a private EC key
1281 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
1283 DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
1284 int dgstlen, const BIGNUM *kinv,
1285 const BIGNUM *rp, EC_KEY *eckey))
1287 /** Verifies that the supplied signature is a valid ECDSA
1288 * signature of the supplied hash value using the supplied public key.
1289 * \param dgst pointer to the hash value
1290 * \param dgst_len length of the hash value
1291 * \param sig ECDSA_SIG structure
1292 * \param eckey EC_KEY object containing a public EC key
1293 * \return 1 if the signature is valid, 0 if the signature is invalid
1296 DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
1297 const ECDSA_SIG *sig, EC_KEY *eckey))
1299 /** Precompute parts of the signing operation
1300 * \param eckey EC_KEY object containing a private EC key
1301 * \param ctx BN_CTX object (optional)
1302 * \param kinv BIGNUM pointer for the inverse of k
1303 * \param rp BIGNUM pointer for x coordinate of k * generator
1304 * \return 1 on success and 0 otherwise
1306 DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
1307 BIGNUM **kinv, BIGNUM **rp))
1309 /** Computes ECDSA signature of a given hash value using the supplied
1310 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
1311 * \param type this parameter is ignored
1312 * \param dgst pointer to the hash value to sign
1313 * \param dgstlen length of the hash value
1314 * \param sig memory for the DER encoded created signature
1315 * \param siglen pointer to the length of the returned signature
1316 * \param eckey EC_KEY object containing a private EC key
1317 * \return 1 on success and 0 otherwise
1319 DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst,
1320 int dgstlen, unsigned char *sig,
1321 unsigned int *siglen, EC_KEY *eckey))
1323 /** Computes ECDSA signature of a given hash value using the supplied
1324 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
1325 * \param type this parameter is ignored
1326 * \param dgst pointer to the hash value to sign
1327 * \param dgstlen length of the hash value
1328 * \param sig buffer to hold the DER encoded signature
1329 * \param siglen pointer to the length of the returned signature
1330 * \param kinv BIGNUM with a pre-computed inverse k (optional)
1331 * \param rp BIGNUM with a pre-computed rp value (optional),
1332 * see ECDSA_sign_setup
1333 * \param eckey EC_KEY object containing a private EC key
1334 * \return 1 on success and 0 otherwise
1336 DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst,
1337 int dgstlen, unsigned char *sig,
1338 unsigned int *siglen, const BIGNUM *kinv,
1339 const BIGNUM *rp, EC_KEY *eckey))
1341 /** Verifies that the given signature is valid ECDSA signature
1342 * of the supplied hash value using the specified public key.
1343 * \param type this parameter is ignored
1344 * \param dgst pointer to the hash value
1345 * \param dgstlen length of the hash value
1346 * \param sig pointer to the DER encoded signature
1347 * \param siglen length of the DER encoded signature
1348 * \param eckey EC_KEY object containing a public EC key
1349 * \return 1 if the signature is valid, 0 if the signature is invalid
1352 DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst,
1353 int dgstlen, const unsigned char *sig,
1354 int siglen, EC_KEY *eckey))
1356 /** Returns the maximum length of the DER encoded signature
1357 * \param eckey EC_KEY object
1358 * \return numbers of bytes required for the DER encoded signature
1360 DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey))
1362 /********************************************************************/
1363 /* EC_KEY_METHOD constructors, destructors, writers and accessors */
1364 /********************************************************************/
1366 DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth))
1367 DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth))
1368 DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init
1369 (EC_KEY_METHOD *meth,
1370 int (*init)(EC_KEY *key),
1371 void (*finish)(EC_KEY *key),
1372 int (*copy)(EC_KEY *dest, const EC_KEY *src),
1373 int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
1374 int (*set_private)(EC_KEY *key,
1375 const BIGNUM *priv_key),
1376 int (*set_public)(EC_KEY *key,
1377 const EC_POINT *pub_key)))
1379 DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
1380 int (*keygen)(EC_KEY *key)))
1382 DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key
1383 (EC_KEY_METHOD *meth,
1384 int (*ckey)(unsigned char **psec,
1386 const EC_POINT *pub_key,
1387 const EC_KEY *ecdh)))
1389 DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign
1390 (EC_KEY_METHOD *meth,
1391 int (*sign)(int type, const unsigned char *dgst,
1392 int dlen, unsigned char *sig,
1393 unsigned int *siglen,
1394 const BIGNUM *kinv, const BIGNUM *r,
1396 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
1397 BIGNUM **kinvp, BIGNUM **rp),
1398 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
1400 const BIGNUM *in_kinv,
1404 DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify
1405 (EC_KEY_METHOD *meth,
1406 int (*verify)(int type, const unsigned
1407 char *dgst, int dgst_len,
1408 const unsigned char *sigbuf,
1409 int sig_len, EC_KEY *eckey),
1410 int (*verify_sig)(const unsigned char *dgst,
1412 const ECDSA_SIG *sig,
1415 DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init
1416 (const EC_KEY_METHOD *meth,
1417 int (**pinit)(EC_KEY *key),
1418 void (**pfinish)(EC_KEY *key),
1419 int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
1420 int (**pset_group)(EC_KEY *key,
1421 const EC_GROUP *grp),
1422 int (**pset_private)(EC_KEY *key,
1423 const BIGNUM *priv_key),
1424 int (**pset_public)(EC_KEY *key,
1425 const EC_POINT *pub_key)))
1427 DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
1428 int (**pkeygen)(EC_KEY *key)))
1430 DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key
1431 (const EC_KEY_METHOD *meth,
1432 int (**pck)(unsigned char **psec,
1434 const EC_POINT *pub_key,
1435 const EC_KEY *ecdh)))
1437 DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign
1438 (const EC_KEY_METHOD *meth,
1439 int (**psign)(int type, const unsigned char *dgst,
1440 int dlen, unsigned char *sig,
1441 unsigned int *siglen,
1442 const BIGNUM *kinv, const BIGNUM *r,
1444 int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
1445 BIGNUM **kinvp, BIGNUM **rp),
1446 ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
1448 const BIGNUM *in_kinv,
1452 DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
1453 (const EC_KEY_METHOD *meth,
1454 int (**pverify)(int type, const unsigned
1455 char *dgst, int dgst_len,
1456 const unsigned char *sigbuf,
1457 int sig_len, EC_KEY *eckey),
1458 int (**pverify_sig)(const unsigned char *dgst,
1460 const ECDSA_SIG *sig,
1463 # define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
1464 d2i_ECParameters, x)
1466 # ifndef __cplusplus
1467 # if defined(__SUNPRO_C)
1468 # if __SUNPRO_C >= 0x520
1469 # pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
1474 int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
1475 int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
1476 int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
1477 int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
1479 int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
1480 int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
1482 int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
1483 int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
1485 int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
1486 int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
1488 int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm,
1490 int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
1492 # define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
1493 # define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2)
1494 # define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3)
1495 # define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4)
1496 # define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5)
1497 # define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6)
1498 # define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7)
1499 # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8)
1500 # define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9)
1501 # define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10)
1504 # define EVP_PKEY_ECDH_KDF_NONE 1
1505 # define EVP_PKEY_ECDH_KDF_X9_63 2
1506 /** The old name for EVP_PKEY_ECDH_KDF_X9_63
1507 * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
1508 * it is actually specified in ANSI X9.63.
1509 * This identifier is retained for backwards compatibility
1511 # define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63