2 * Originally written by Bodo Moeller for the OpenSSL project.
4 /* ====================================================================
5 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * openssl-core@openssl.org.
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
33 * 6. Redistributions of any form whatsoever must retain the following
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
57 /* ====================================================================
58 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
59 * Binary polynomial ECC support in OpenSSL originally developed by
60 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
65 #include <openssl/err.h>
66 #include <openssl/opensslv.h>
70 /* functions for EC_GROUP objects */
72 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
77 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
80 if (meth->group_init == 0) {
81 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
85 ret = OPENSSL_zalloc(sizeof(*ret));
87 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
92 if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
93 ret->order = BN_new();
94 if (ret->order == NULL)
96 ret->cofactor = BN_new();
97 if (ret->cofactor == NULL)
100 ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
101 ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
102 if (!meth->group_init(ret))
108 BN_free(ret->cofactor);
113 void EC_pre_comp_free(EC_GROUP *group)
115 switch (group->pre_comp_type) {
118 #ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
120 EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
123 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
125 EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
128 EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
131 EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
135 EC_ec_pre_comp_free(group->pre_comp.ec);
138 group->pre_comp.ec = NULL;
141 void EC_GROUP_free(EC_GROUP *group)
146 if (group->meth->group_finish != 0)
147 group->meth->group_finish(group);
149 EC_pre_comp_free(group);
150 BN_MONT_CTX_free(group->mont_data);
151 EC_POINT_free(group->generator);
152 BN_free(group->order);
153 BN_free(group->cofactor);
154 OPENSSL_free(group->seed);
158 void EC_GROUP_clear_free(EC_GROUP *group)
163 if (group->meth->group_clear_finish != 0)
164 group->meth->group_clear_finish(group);
165 else if (group->meth->group_finish != 0)
166 group->meth->group_finish(group);
168 EC_pre_comp_free(group);
169 BN_MONT_CTX_free(group->mont_data);
170 EC_POINT_clear_free(group->generator);
171 BN_clear_free(group->order);
172 BN_clear_free(group->cofactor);
173 OPENSSL_clear_free(group->seed, group->seed_len);
174 OPENSSL_clear_free(group, sizeof(*group));
177 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
179 if (dest->meth->group_copy == 0) {
180 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
183 if (dest->meth != src->meth) {
184 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
190 /* Copy precomputed */
191 dest->pre_comp_type = src->pre_comp_type;
192 switch (src->pre_comp_type) {
194 dest->pre_comp.ec = NULL;
196 #ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
198 dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
201 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
203 dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
206 dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
209 dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
213 dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
217 if (src->mont_data != NULL) {
218 if (dest->mont_data == NULL) {
219 dest->mont_data = BN_MONT_CTX_new();
220 if (dest->mont_data == NULL)
223 if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
226 /* src->generator == NULL */
227 BN_MONT_CTX_free(dest->mont_data);
228 dest->mont_data = NULL;
231 if (src->generator != NULL) {
232 if (dest->generator == NULL) {
233 dest->generator = EC_POINT_new(dest);
234 if (dest->generator == NULL)
237 if (!EC_POINT_copy(dest->generator, src->generator))
240 /* src->generator == NULL */
241 EC_POINT_clear_free(dest->generator);
242 dest->generator = NULL;
245 if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
246 if (!BN_copy(dest->order, src->order))
248 if (!BN_copy(dest->cofactor, src->cofactor))
252 dest->curve_name = src->curve_name;
253 dest->asn1_flag = src->asn1_flag;
254 dest->asn1_form = src->asn1_form;
257 OPENSSL_free(dest->seed);
258 dest->seed = OPENSSL_malloc(src->seed_len);
259 if (dest->seed == NULL)
261 if (!memcpy(dest->seed, src->seed, src->seed_len))
263 dest->seed_len = src->seed_len;
265 OPENSSL_free(dest->seed);
270 return dest->meth->group_copy(dest, src);
273 EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
281 if ((t = EC_GROUP_new(a->meth)) == NULL)
283 if (!EC_GROUP_copy(t, a))
296 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
301 int EC_METHOD_get_field_type(const EC_METHOD *meth)
303 return meth->field_type;
306 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
307 const BIGNUM *order, const BIGNUM *cofactor)
309 if (generator == NULL) {
310 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
314 if (group->generator == NULL) {
315 group->generator = EC_POINT_new(group);
316 if (group->generator == NULL)
319 if (!EC_POINT_copy(group->generator, generator))
323 if (!BN_copy(group->order, order))
326 BN_zero(group->order);
328 if (cofactor != NULL) {
329 if (!BN_copy(group->cofactor, cofactor))
332 BN_zero(group->cofactor);
336 * Some groups have an order with
337 * factors of two, which makes the Montgomery setup fail.
338 * |group->mont_data| will be NULL in this case.
340 if (BN_is_odd(group->order)) {
341 return ec_precompute_mont_data(group);
344 BN_MONT_CTX_free(group->mont_data);
345 group->mont_data = NULL;
349 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
351 return group->generator;
354 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
356 return group->mont_data;
359 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
361 if (group->order == NULL)
363 if (!BN_copy(order, group->order))
366 return !BN_is_zero(order);
369 const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
374 int EC_GROUP_order_bits(const EC_GROUP *group)
376 if (group->meth->group_order_bits == NULL) {
377 ECerr(EC_F_EC_GROUP_ORDER_BITS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
380 return group->meth->group_order_bits(group);
383 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
387 if (group->cofactor == NULL)
389 if (!BN_copy(cofactor, group->cofactor))
392 return !BN_is_zero(group->cofactor);
395 const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
397 return group->cofactor;
400 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
402 group->curve_name = nid;
405 int EC_GROUP_get_curve_name(const EC_GROUP *group)
407 return group->curve_name;
410 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
412 group->asn1_flag = flag;
415 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
417 return group->asn1_flag;
420 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
421 point_conversion_form_t form)
423 group->asn1_form = form;
426 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
429 return group->asn1_form;
432 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
434 OPENSSL_free(group->seed);
441 if ((group->seed = OPENSSL_malloc(len)) == NULL)
443 memcpy(group->seed, p, len);
444 group->seed_len = len;
449 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
454 size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
456 return group->seed_len;
459 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
460 const BIGNUM *b, BN_CTX *ctx)
462 if (group->meth->group_set_curve == 0) {
463 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 return group->meth->group_set_curve(group, p, a, b, ctx);
469 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
470 BIGNUM *b, BN_CTX *ctx)
472 if (group->meth->group_get_curve == 0) {
473 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
476 return group->meth->group_get_curve(group, p, a, b, ctx);
479 #ifndef OPENSSL_NO_EC2M
480 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
481 const BIGNUM *b, BN_CTX *ctx)
483 if (group->meth->group_set_curve == 0) {
484 ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
485 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
488 return group->meth->group_set_curve(group, p, a, b, ctx);
491 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
492 BIGNUM *b, BN_CTX *ctx)
494 if (group->meth->group_get_curve == 0) {
495 ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
496 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
499 return group->meth->group_get_curve(group, p, a, b, ctx);
503 int EC_GROUP_get_degree(const EC_GROUP *group)
505 if (group->meth->group_get_degree == 0) {
506 ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
509 return group->meth->group_get_degree(group);
512 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
514 if (group->meth->group_check_discriminant == 0) {
515 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
516 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
519 return group->meth->group_check_discriminant(group, ctx);
522 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
525 BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
526 BN_CTX *ctx_new = NULL;
528 /* compare the field types */
529 if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
530 EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
532 /* compare the curve name (if present in both) */
533 if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
534 EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
536 if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
540 ctx_new = ctx = BN_CTX_new();
545 a1 = BN_CTX_get(ctx);
546 a2 = BN_CTX_get(ctx);
547 a3 = BN_CTX_get(ctx);
548 b1 = BN_CTX_get(ctx);
549 b2 = BN_CTX_get(ctx);
550 b3 = BN_CTX_get(ctx);
553 BN_CTX_free(ctx_new);
558 * XXX This approach assumes that the external representation of curves
559 * over the same field type is the same.
561 if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
562 !b->meth->group_get_curve(b, b1, b2, b3, ctx))
565 if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
568 /* XXX EC_POINT_cmp() assumes that the methods are equal */
569 if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
570 EC_GROUP_get0_generator(b), ctx))
574 const BIGNUM *ao, *bo, *ac, *bc;
575 /* compare the order and cofactor */
576 ao = EC_GROUP_get0_order(a);
577 bo = EC_GROUP_get0_order(b);
578 ac = EC_GROUP_get0_cofactor(a);
579 bc = EC_GROUP_get0_cofactor(b);
580 if (ao == NULL || bo == NULL) {
582 BN_CTX_free(ctx_new);
585 if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
590 BN_CTX_free(ctx_new);
595 /* functions for EC_POINT objects */
597 EC_POINT *EC_POINT_new(const EC_GROUP *group)
602 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
605 if (group->meth->point_init == 0) {
606 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
610 ret = OPENSSL_zalloc(sizeof(*ret));
612 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
616 ret->meth = group->meth;
618 if (!ret->meth->point_init(ret)) {
626 void EC_POINT_free(EC_POINT *point)
631 if (point->meth->point_finish != 0)
632 point->meth->point_finish(point);
636 void EC_POINT_clear_free(EC_POINT *point)
641 if (point->meth->point_clear_finish != 0)
642 point->meth->point_clear_finish(point);
643 else if (point->meth->point_finish != 0)
644 point->meth->point_finish(point);
645 OPENSSL_clear_free(point, sizeof(*point));
648 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
650 if (dest->meth->point_copy == 0) {
651 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
654 if (dest->meth != src->meth) {
655 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
660 return dest->meth->point_copy(dest, src);
663 EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
671 t = EC_POINT_new(group);
674 r = EC_POINT_copy(t, a);
682 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
687 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
689 if (group->meth->point_set_to_infinity == 0) {
690 ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
691 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
694 if (group->meth != point->meth) {
695 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
698 return group->meth->point_set_to_infinity(group, point);
701 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
702 EC_POINT *point, const BIGNUM *x,
703 const BIGNUM *y, const BIGNUM *z,
706 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
707 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
708 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
711 if (group->meth != point->meth) {
712 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
713 EC_R_INCOMPATIBLE_OBJECTS);
716 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
720 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
721 const EC_POINT *point, BIGNUM *x,
722 BIGNUM *y, BIGNUM *z,
725 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
726 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
727 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
730 if (group->meth != point->meth) {
731 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
732 EC_R_INCOMPATIBLE_OBJECTS);
735 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
739 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
740 EC_POINT *point, const BIGNUM *x,
741 const BIGNUM *y, BN_CTX *ctx)
743 if (group->meth->point_set_affine_coordinates == 0) {
744 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
745 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
748 if (group->meth != point->meth) {
749 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
750 EC_R_INCOMPATIBLE_OBJECTS);
753 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
756 #ifndef OPENSSL_NO_EC2M
757 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
758 EC_POINT *point, const BIGNUM *x,
759 const BIGNUM *y, BN_CTX *ctx)
761 if (group->meth->point_set_affine_coordinates == 0) {
762 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
763 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
766 if (group->meth != point->meth) {
767 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
768 EC_R_INCOMPATIBLE_OBJECTS);
771 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
775 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
776 const EC_POINT *point, BIGNUM *x,
777 BIGNUM *y, BN_CTX *ctx)
779 if (group->meth->point_get_affine_coordinates == 0) {
780 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
781 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
784 if (group->meth != point->meth) {
785 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
786 EC_R_INCOMPATIBLE_OBJECTS);
789 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
792 #ifndef OPENSSL_NO_EC2M
793 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
794 const EC_POINT *point, BIGNUM *x,
795 BIGNUM *y, BN_CTX *ctx)
797 if (group->meth->point_get_affine_coordinates == 0) {
798 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
799 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
802 if (group->meth != point->meth) {
803 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
804 EC_R_INCOMPATIBLE_OBJECTS);
807 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
811 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
812 const EC_POINT *b, BN_CTX *ctx)
814 if (group->meth->add == 0) {
815 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
818 if ((group->meth != r->meth) || (r->meth != a->meth)
819 || (a->meth != b->meth)) {
820 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
823 return group->meth->add(group, r, a, b, ctx);
826 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
829 if (group->meth->dbl == 0) {
830 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
833 if ((group->meth != r->meth) || (r->meth != a->meth)) {
834 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
837 return group->meth->dbl(group, r, a, ctx);
840 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
842 if (group->meth->invert == 0) {
843 ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
846 if (group->meth != a->meth) {
847 ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
850 return group->meth->invert(group, a, ctx);
853 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
855 if (group->meth->is_at_infinity == 0) {
856 ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
857 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
860 if (group->meth != point->meth) {
861 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
864 return group->meth->is_at_infinity(group, point);
868 * Check whether an EC_POINT is on the curve or not. Note that the return
869 * value for this function should NOT be treated as a boolean. Return values:
870 * 1: The point is on the curve
871 * 0: The point is not on the curve
872 * -1: An error occurred
874 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
877 if (group->meth->is_on_curve == 0) {
878 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
881 if (group->meth != point->meth) {
882 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
885 return group->meth->is_on_curve(group, point, ctx);
888 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
891 if (group->meth->point_cmp == 0) {
892 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
895 if ((group->meth != a->meth) || (a->meth != b->meth)) {
896 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
899 return group->meth->point_cmp(group, a, b, ctx);
902 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
904 if (group->meth->make_affine == 0) {
905 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
908 if (group->meth != point->meth) {
909 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
912 return group->meth->make_affine(group, point, ctx);
915 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
916 EC_POINT *points[], BN_CTX *ctx)
920 if (group->meth->points_make_affine == 0) {
921 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
924 for (i = 0; i < num; i++) {
925 if (group->meth != points[i]->meth) {
926 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
930 return group->meth->points_make_affine(group, num, points, ctx);
934 * Functions for point multiplication. If group->meth->mul is 0, we use the
935 * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
939 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
940 size_t num, const EC_POINT *points[],
941 const BIGNUM *scalars[], BN_CTX *ctx)
943 if (group->meth->mul == 0)
945 return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
947 return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
950 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
951 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
953 /* just a convenient interface to EC_POINTs_mul() */
955 const EC_POINT *points[1];
956 const BIGNUM *scalars[1];
959 scalars[0] = p_scalar;
961 return EC_POINTs_mul(group, r, g_scalar,
963 && p_scalar != NULL), points, scalars, ctx);
966 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
968 if (group->meth->mul == 0)
970 return ec_wNAF_precompute_mult(group, ctx);
972 if (group->meth->precompute_mult != 0)
973 return group->meth->precompute_mult(group, ctx);
975 return 1; /* nothing to do, so report success */
978 int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
980 if (group->meth->mul == 0)
982 return ec_wNAF_have_precompute_mult(group);
984 if (group->meth->have_precompute_mult != 0)
985 return group->meth->have_precompute_mult(group);
987 return 0; /* cannot tell whether precomputation has
992 * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
993 * returns one on success. On error it returns zero.
995 int ec_precompute_mont_data(EC_GROUP *group)
997 BN_CTX *ctx = BN_CTX_new();
1000 BN_MONT_CTX_free(group->mont_data);
1001 group->mont_data = NULL;
1006 group->mont_data = BN_MONT_CTX_new();
1007 if (group->mont_data == NULL)
1010 if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
1011 BN_MONT_CTX_free(group->mont_data);
1012 group->mont_data = NULL;
1024 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
1026 return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
1029 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
1031 return CRYPTO_get_ex_data(&key->ex_data, idx);
1034 int ec_group_simple_order_bits(const EC_GROUP *group)
1036 if (group->order == NULL)
1038 return BN_num_bits(group->order);
projects / openssl.git / blob