2 * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #include <openssl/err.h>
14 #include <openssl/opensslv.h>
18 /* functions for EC_GROUP objects */
20 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
25 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
28 if (meth->group_init == 0) {
29 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
33 ret = OPENSSL_zalloc(sizeof(*ret));
35 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
40 if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
41 ret->order = BN_new();
42 if (ret->order == NULL)
44 ret->cofactor = BN_new();
45 if (ret->cofactor == NULL)
48 ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
49 ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
50 if (!meth->group_init(ret))
56 BN_free(ret->cofactor);
61 void EC_pre_comp_free(EC_GROUP *group)
63 switch (group->pre_comp_type) {
67 #ifdef ECP_NISTZ256_ASM
68 EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
71 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
73 EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
76 EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
79 EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
88 EC_ec_pre_comp_free(group->pre_comp.ec);
91 group->pre_comp.ec = NULL;
94 void EC_GROUP_free(EC_GROUP *group)
99 if (group->meth->group_finish != 0)
100 group->meth->group_finish(group);
102 EC_pre_comp_free(group);
103 BN_MONT_CTX_free(group->mont_data);
104 EC_POINT_free(group->generator);
105 BN_free(group->order);
106 BN_free(group->cofactor);
107 OPENSSL_free(group->seed);
111 void EC_GROUP_clear_free(EC_GROUP *group)
116 if (group->meth->group_clear_finish != 0)
117 group->meth->group_clear_finish(group);
118 else if (group->meth->group_finish != 0)
119 group->meth->group_finish(group);
121 EC_pre_comp_free(group);
122 BN_MONT_CTX_free(group->mont_data);
123 EC_POINT_clear_free(group->generator);
124 BN_clear_free(group->order);
125 BN_clear_free(group->cofactor);
126 OPENSSL_clear_free(group->seed, group->seed_len);
127 OPENSSL_clear_free(group, sizeof(*group));
130 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
132 if (dest->meth->group_copy == 0) {
133 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
136 if (dest->meth != src->meth) {
137 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
143 /* Copy precomputed */
144 dest->pre_comp_type = src->pre_comp_type;
145 switch (src->pre_comp_type) {
147 dest->pre_comp.ec = NULL;
150 #ifdef ECP_NISTZ256_ASM
151 dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
154 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
156 dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
159 dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
162 dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
171 dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
175 if (src->mont_data != NULL) {
176 if (dest->mont_data == NULL) {
177 dest->mont_data = BN_MONT_CTX_new();
178 if (dest->mont_data == NULL)
181 if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
184 /* src->generator == NULL */
185 BN_MONT_CTX_free(dest->mont_data);
186 dest->mont_data = NULL;
189 if (src->generator != NULL) {
190 if (dest->generator == NULL) {
191 dest->generator = EC_POINT_new(dest);
192 if (dest->generator == NULL)
195 if (!EC_POINT_copy(dest->generator, src->generator))
198 /* src->generator == NULL */
199 EC_POINT_clear_free(dest->generator);
200 dest->generator = NULL;
203 if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
204 if (!BN_copy(dest->order, src->order))
206 if (!BN_copy(dest->cofactor, src->cofactor))
210 dest->curve_name = src->curve_name;
211 dest->asn1_flag = src->asn1_flag;
212 dest->asn1_form = src->asn1_form;
215 OPENSSL_free(dest->seed);
216 if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) {
217 ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);
220 if (!memcpy(dest->seed, src->seed, src->seed_len))
222 dest->seed_len = src->seed_len;
224 OPENSSL_free(dest->seed);
229 return dest->meth->group_copy(dest, src);
232 EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
240 if ((t = EC_GROUP_new(a->meth)) == NULL)
242 if (!EC_GROUP_copy(t, a))
255 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
260 int EC_METHOD_get_field_type(const EC_METHOD *meth)
262 return meth->field_type;
265 static int ec_precompute_mont_data(EC_GROUP *);
267 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
268 const BIGNUM *order, const BIGNUM *cofactor)
270 if (generator == NULL) {
271 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
275 if (group->generator == NULL) {
276 group->generator = EC_POINT_new(group);
277 if (group->generator == NULL)
280 if (!EC_POINT_copy(group->generator, generator))
284 if (!BN_copy(group->order, order))
287 BN_zero(group->order);
289 if (cofactor != NULL) {
290 if (!BN_copy(group->cofactor, cofactor))
293 BN_zero(group->cofactor);
296 * Some groups have an order with
297 * factors of two, which makes the Montgomery setup fail.
298 * |group->mont_data| will be NULL in this case.
300 if (BN_is_odd(group->order)) {
301 return ec_precompute_mont_data(group);
304 BN_MONT_CTX_free(group->mont_data);
305 group->mont_data = NULL;
309 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
311 return group->generator;
314 BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
316 return group->mont_data;
319 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
321 if (group->order == NULL)
323 if (!BN_copy(order, group->order))
326 return !BN_is_zero(order);
329 const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
334 int EC_GROUP_order_bits(const EC_GROUP *group)
336 return group->meth->group_order_bits(group);
339 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
343 if (group->cofactor == NULL)
345 if (!BN_copy(cofactor, group->cofactor))
348 return !BN_is_zero(group->cofactor);
351 const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
353 return group->cofactor;
356 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
358 group->curve_name = nid;
361 int EC_GROUP_get_curve_name(const EC_GROUP *group)
363 return group->curve_name;
366 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
368 group->asn1_flag = flag;
371 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
373 return group->asn1_flag;
376 void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
377 point_conversion_form_t form)
379 group->asn1_form = form;
382 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
385 return group->asn1_form;
388 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
390 OPENSSL_free(group->seed);
397 if ((group->seed = OPENSSL_malloc(len)) == NULL)
399 memcpy(group->seed, p, len);
400 group->seed_len = len;
405 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
410 size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
412 return group->seed_len;
415 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
416 const BIGNUM *b, BN_CTX *ctx)
418 if (group->meth->group_set_curve == 0) {
419 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
422 return group->meth->group_set_curve(group, p, a, b, ctx);
425 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
426 BIGNUM *b, BN_CTX *ctx)
428 if (group->meth->group_get_curve == 0) {
429 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
432 return group->meth->group_get_curve(group, p, a, b, ctx);
435 #ifndef OPENSSL_NO_EC2M
436 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
437 const BIGNUM *b, BN_CTX *ctx)
439 if (group->meth->group_set_curve == 0) {
440 ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
441 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
444 return group->meth->group_set_curve(group, p, a, b, ctx);
447 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
448 BIGNUM *b, BN_CTX *ctx)
450 if (group->meth->group_get_curve == 0) {
451 ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
452 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
455 return group->meth->group_get_curve(group, p, a, b, ctx);
459 int EC_GROUP_get_degree(const EC_GROUP *group)
461 if (group->meth->group_get_degree == 0) {
462 ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
465 return group->meth->group_get_degree(group);
468 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
470 if (group->meth->group_check_discriminant == 0) {
471 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
472 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
475 return group->meth->group_check_discriminant(group, ctx);
478 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
481 BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
482 BN_CTX *ctx_new = NULL;
484 /* compare the field types */
485 if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
486 EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
488 /* compare the curve name (if present in both) */
489 if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
490 EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
492 if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
496 ctx_new = ctx = BN_CTX_new();
501 a1 = BN_CTX_get(ctx);
502 a2 = BN_CTX_get(ctx);
503 a3 = BN_CTX_get(ctx);
504 b1 = BN_CTX_get(ctx);
505 b2 = BN_CTX_get(ctx);
506 b3 = BN_CTX_get(ctx);
509 BN_CTX_free(ctx_new);
514 * XXX This approach assumes that the external representation of curves
515 * over the same field type is the same.
517 if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
518 !b->meth->group_get_curve(b, b1, b2, b3, ctx))
521 if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
524 /* XXX EC_POINT_cmp() assumes that the methods are equal */
525 if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
526 EC_GROUP_get0_generator(b), ctx))
530 const BIGNUM *ao, *bo, *ac, *bc;
531 /* compare the order and cofactor */
532 ao = EC_GROUP_get0_order(a);
533 bo = EC_GROUP_get0_order(b);
534 ac = EC_GROUP_get0_cofactor(a);
535 bc = EC_GROUP_get0_cofactor(b);
536 if (ao == NULL || bo == NULL) {
538 BN_CTX_free(ctx_new);
541 if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
546 BN_CTX_free(ctx_new);
551 /* functions for EC_POINT objects */
553 EC_POINT *EC_POINT_new(const EC_GROUP *group)
558 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
561 if (group->meth->point_init == 0) {
562 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
566 ret = OPENSSL_zalloc(sizeof(*ret));
568 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
572 ret->meth = group->meth;
574 if (!ret->meth->point_init(ret)) {
582 void EC_POINT_free(EC_POINT *point)
587 if (point->meth->point_finish != 0)
588 point->meth->point_finish(point);
592 void EC_POINT_clear_free(EC_POINT *point)
597 if (point->meth->point_clear_finish != 0)
598 point->meth->point_clear_finish(point);
599 else if (point->meth->point_finish != 0)
600 point->meth->point_finish(point);
601 OPENSSL_clear_free(point, sizeof(*point));
604 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
606 if (dest->meth->point_copy == 0) {
607 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
610 if (dest->meth != src->meth) {
611 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
616 return dest->meth->point_copy(dest, src);
619 EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
627 t = EC_POINT_new(group);
630 r = EC_POINT_copy(t, a);
638 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
643 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
645 if (group->meth->point_set_to_infinity == 0) {
646 ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
647 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
650 if (group->meth != point->meth) {
651 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
654 return group->meth->point_set_to_infinity(group, point);
657 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
658 EC_POINT *point, const BIGNUM *x,
659 const BIGNUM *y, const BIGNUM *z,
662 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
663 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
664 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
667 if (group->meth != point->meth) {
668 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
669 EC_R_INCOMPATIBLE_OBJECTS);
672 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
676 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
677 const EC_POINT *point, BIGNUM *x,
678 BIGNUM *y, BIGNUM *z,
681 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
682 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
683 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
686 if (group->meth != point->meth) {
687 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
688 EC_R_INCOMPATIBLE_OBJECTS);
691 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
695 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
696 EC_POINT *point, const BIGNUM *x,
697 const BIGNUM *y, BN_CTX *ctx)
699 if (group->meth->point_set_affine_coordinates == 0) {
700 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
701 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
704 if (group->meth != point->meth) {
705 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
706 EC_R_INCOMPATIBLE_OBJECTS);
709 if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
712 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
713 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
714 EC_R_POINT_IS_NOT_ON_CURVE);
720 #ifndef OPENSSL_NO_EC2M
721 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
722 EC_POINT *point, const BIGNUM *x,
723 const BIGNUM *y, BN_CTX *ctx)
725 if (group->meth->point_set_affine_coordinates == 0) {
726 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
727 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
730 if (group->meth != point->meth) {
731 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
732 EC_R_INCOMPATIBLE_OBJECTS);
735 if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
738 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
739 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
740 EC_R_POINT_IS_NOT_ON_CURVE);
747 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
748 const EC_POINT *point, BIGNUM *x,
749 BIGNUM *y, BN_CTX *ctx)
751 if (group->meth->point_get_affine_coordinates == 0) {
752 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
753 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
756 if (group->meth != point->meth) {
757 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
758 EC_R_INCOMPATIBLE_OBJECTS);
761 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
764 #ifndef OPENSSL_NO_EC2M
765 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
766 const EC_POINT *point, BIGNUM *x,
767 BIGNUM *y, BN_CTX *ctx)
769 if (group->meth->point_get_affine_coordinates == 0) {
770 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
771 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
774 if (group->meth != point->meth) {
775 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
776 EC_R_INCOMPATIBLE_OBJECTS);
779 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
783 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
784 const EC_POINT *b, BN_CTX *ctx)
786 if (group->meth->add == 0) {
787 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
790 if ((group->meth != r->meth) || (r->meth != a->meth)
791 || (a->meth != b->meth)) {
792 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
795 return group->meth->add(group, r, a, b, ctx);
798 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
801 if (group->meth->dbl == 0) {
802 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
805 if ((group->meth != r->meth) || (r->meth != a->meth)) {
806 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
809 return group->meth->dbl(group, r, a, ctx);
812 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
814 if (group->meth->invert == 0) {
815 ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
818 if (group->meth != a->meth) {
819 ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
822 return group->meth->invert(group, a, ctx);
825 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
827 if (group->meth->is_at_infinity == 0) {
828 ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
829 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
832 if (group->meth != point->meth) {
833 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
836 return group->meth->is_at_infinity(group, point);
840 * Check whether an EC_POINT is on the curve or not. Note that the return
841 * value for this function should NOT be treated as a boolean. Return values:
842 * 1: The point is on the curve
843 * 0: The point is not on the curve
844 * -1: An error occurred
846 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
849 if (group->meth->is_on_curve == 0) {
850 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
853 if (group->meth != point->meth) {
854 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
857 return group->meth->is_on_curve(group, point, ctx);
860 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
863 if (group->meth->point_cmp == 0) {
864 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
867 if ((group->meth != a->meth) || (a->meth != b->meth)) {
868 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
871 return group->meth->point_cmp(group, a, b, ctx);
874 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
876 if (group->meth->make_affine == 0) {
877 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
880 if (group->meth != point->meth) {
881 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
884 return group->meth->make_affine(group, point, ctx);
887 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
888 EC_POINT *points[], BN_CTX *ctx)
892 if (group->meth->points_make_affine == 0) {
893 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
896 for (i = 0; i < num; i++) {
897 if (group->meth != points[i]->meth) {
898 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
902 return group->meth->points_make_affine(group, num, points, ctx);
906 * Functions for point multiplication. If group->meth->mul is 0, we use the
907 * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
911 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
912 size_t num, const EC_POINT *points[],
913 const BIGNUM *scalars[], BN_CTX *ctx)
915 if (group->meth->mul == 0)
917 return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
919 return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
922 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
923 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
925 /* just a convenient interface to EC_POINTs_mul() */
927 const EC_POINT *points[1];
928 const BIGNUM *scalars[1];
931 scalars[0] = p_scalar;
933 return EC_POINTs_mul(group, r, g_scalar,
935 && p_scalar != NULL), points, scalars, ctx);
938 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
940 if (group->meth->mul == 0)
942 return ec_wNAF_precompute_mult(group, ctx);
944 if (group->meth->precompute_mult != 0)
945 return group->meth->precompute_mult(group, ctx);
947 return 1; /* nothing to do, so report success */
950 int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
952 if (group->meth->mul == 0)
954 return ec_wNAF_have_precompute_mult(group);
956 if (group->meth->have_precompute_mult != 0)
957 return group->meth->have_precompute_mult(group);
959 return 0; /* cannot tell whether precomputation has
964 * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
965 * returns one on success. On error it returns zero.
967 static int ec_precompute_mont_data(EC_GROUP *group)
969 BN_CTX *ctx = BN_CTX_new();
972 BN_MONT_CTX_free(group->mont_data);
973 group->mont_data = NULL;
978 group->mont_data = BN_MONT_CTX_new();
979 if (group->mont_data == NULL)
982 if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
983 BN_MONT_CTX_free(group->mont_data);
984 group->mont_data = NULL;
996 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
998 return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
1001 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
1003 return CRYPTO_get_ex_data(&key->ex_data, idx);
1006 int ec_group_simple_order_bits(const EC_GROUP *group)
1008 if (group->order == NULL)
1010 return BN_num_bits(group->order);
1013 int EC_GROUP_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
1014 BIGNUM *x, BN_CTX *ctx)
1016 if (group->meth->field_inverse_mod_ord != NULL)
1017 return group->meth->field_inverse_mod_ord(group, res, x, ctx);
projects / openssl.git / blob