]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/ec/ec_lcl.h
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Copyright consolidation 05/10
[thirdparty/openssl.git] / crypto / ec / ec_lcl.h
CommitLineData
35b73a1f 1/*
aa6bb135 2 * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
65e81670 3 *
aa6bb135
RS		 4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
65e81670 8 */
aa6bb135 9
7793f30e
BM		 10/* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12 *
0f113f3e 13 * Portions of the attached software ("Contribution") are developed by
7793f30e
BM		 14 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
15 *
16 * The Contribution is licensed pursuant to the OpenSSL open source
17 * license provided above.
18 *
0f113f3e 19 * The elliptic curve binary polynomial software is originally written by
7793f30e
BM		 20 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
21 *
22 */
38e3c581 23
3a12ce01
BM		 24#include <stdlib.h>
25
458c2917 26#include <openssl/obj_mac.h>
38e3c581 27#include <openssl/ec.h>
0f814687 28#include <openssl/bn.h>
3a12ce01 29
e519ecd8
RL		 30#include "e_os.h"
31
7f24b1c3
AP		 32#if defined(__SUNPRO_C)
33# if __SUNPRO_C >= 0x520
0f113f3e 34# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
7f24b1c3
AP		 35# endif
36#endif
3a12ce01 37
84b08eee 38/* Use default functions for poin2oct, oct2point and compressed coordinates */
0f113f3e 39#define EC_FLAGS_DEFAULT_OCT 0x1
84b08eee 40
474d84ec
DSH		 41/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */
42#define EC_FLAGS_CUSTOM_CURVE 0x2
43
4b0555ec
DSH		 44/* Curve does not support signing operations */
45#define EC_FLAGS_NO_SIGN 0x4
46
0f113f3e
MC		 47/*
48 * Structure details are not part of the exported interface, so all this may
49 * change in future versions.
50 */
3a12ce01
BM		 51
52struct ec_method_st {
0f113f3e
MC		 53 /* Various method flags */
54 int flags;
55 /* used by EC_METHOD_get_field_type: */
56 int field_type; /* a NID */
57 /*
58 * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
59 * EC_GROUP_copy:
60 */
61 int (*group_init) (EC_GROUP *);
62 void (*group_finish) (EC_GROUP *);
63 void (*group_clear_finish) (EC_GROUP *);
64 int (*group_copy) (EC_GROUP *, const EC_GROUP *);
65 /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
66 /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
67 int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
68 const BIGNUM *b, BN_CTX *);
69 int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
70 BN_CTX *);
71 /* used by EC_GROUP_get_degree: */
72 int (*group_get_degree) (const EC_GROUP *);
e5b2ea0a 73 int (*group_order_bits) (const EC_GROUP *);
0f113f3e
MC		 74 /* used by EC_GROUP_check: */
75 int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
76 /*
77 * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
78 * EC_POINT_copy:
79 */
80 int (*point_init) (EC_POINT *);
81 void (*point_finish) (EC_POINT *);
82 void (*point_clear_finish) (EC_POINT *);
83 int (*point_copy) (EC_POINT *, const EC_POINT *);
50e735f9
MC		 84 /*-
85 * used by EC_POINT_set_to_infinity,
86 * EC_POINT_set_Jprojective_coordinates_GFp,
87 * EC_POINT_get_Jprojective_coordinates_GFp,
88 * EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
89 * EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
90 * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
91 */
0f113f3e
MC		 92 int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
93 int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
94 EC_POINT *, const BIGNUM *x,
95 const BIGNUM *y,
96 const BIGNUM *z, BN_CTX *);
97 int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
98 const EC_POINT *, BIGNUM *x,
99 BIGNUM *y, BIGNUM *z,
100 BN_CTX *);
101 int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
102 const BIGNUM *x, const BIGNUM *y,
103 BN_CTX *);
104 int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
105 BIGNUM *x, BIGNUM *y, BN_CTX *);
106 int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
107 const BIGNUM *x, int y_bit,
108 BN_CTX *);
109 /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
110 size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
111 point_conversion_form_t form, unsigned char *buf,
112 size_t len, BN_CTX *);
113 int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
114 size_t len, BN_CTX *);
115 /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
116 int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
117 const EC_POINT *b, BN_CTX *);
118 int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
119 int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
120 /*
121 * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
122 */
123 int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
124 int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
125 int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
126 BN_CTX *);
127 /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
128 int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
129 int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
130 BN_CTX *);
131 /*
132 * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
133 * EC_POINT_have_precompute_mult (default implementations are used if the
134 * 'mul' pointer is 0):
135 */
136 int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
137 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
138 BN_CTX *);
139 int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
140 int (*have_precompute_mult) (const EC_GROUP *group);
141 /* internal functions */
142 /*
143 * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
144 * 'dbl' so that the same implementations of point operations can be used
145 * with different optimized implementations of expensive field
146 * operations:
147 */
148 int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
149 const BIGNUM *b, BN_CTX *);
150 int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
151 int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
152 const BIGNUM *b, BN_CTX *);
153 /* e.g. to Montgomery */
154 int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
155 BN_CTX *);
156 /* e.g. from Montgomery */
157 int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
158 BN_CTX *);
159 int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
474d84ec
DSH		 160 /* private key operations */
161 size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
162 int (*oct2priv)(EC_KEY *eckey, unsigned char *buf, size_t len);
163 int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
164 int (*keygen)(EC_KEY *eckey);
165 int (*keycheck)(const EC_KEY *eckey);
166 int (*keygenpub)(EC_KEY *eckey);
167 int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
168 void (*keyfinish)(EC_KEY *eckey);
169 /* custom ECDH operation */
e2285d87
DSH		 170 int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
171 const EC_POINT *pub_key, const EC_KEY *ecdh);
0f113f3e 172} /* EC_METHOD */ ;
3a12ce01 173
3aef36ff
RS		 174/*
175 * Types and functions to manipulate pre-computed values.
176 */
177typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP;
178typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP;
126d6864 179typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP;
3aef36ff
RS		 180typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP;
181typedef struct ec_pre_comp_st EC_PRE_COMP;
3a12ce01
BM		 182
183struct ec_group_st {
0f113f3e
MC		 184 const EC_METHOD *meth;
185 EC_POINT *generator; /* optional */
186 BIGNUM *order, *cofactor;
187 int curve_name; /* optional NID for named curve */
188 int asn1_flag; /* flag to control the asn1 encoding */
189 point_conversion_form_t asn1_form;
190 unsigned char *seed; /* optional seed for parameters (appears in
191 * ASN1) */
192 size_t seed_len;
0f113f3e
MC		 193 /*
194 * The following members are handled by the method functions, even if
195 * they appear generic
196 */
197 /*
198 * Field specification. For curves over GF(p), this is the modulus; for
199 * curves over GF(2^m), this is the irreducible polynomial defining the
200 * field.
201 */
202 BIGNUM *field;
203 /*
204 * Field specification for curves over GF(2^m). The irreducible f(t) is
205 * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
206 * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with
207 * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero
208 * terms.
209 */
210 int poly[6];
211 /*
212 * Curve coefficients. (Here the assumption is that BIGNUMs can be used
213 * or abused for all kinds of fields, not just GF(p).) For characteristic
214 * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
215 * x^3 + a*x + b. For characteristic 2, the curve is defined by an
216 * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
217 */
218 BIGNUM *a, *b;
219 /* enable optimized point arithmetics for special case */
220 int a_is_minus3;
221 /* method-specific (e.g., Montgomery structure) */
222 void *field_data1;
223 /* method-specific */
224 void *field_data2;
225 /* method-specific */
226 int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
227 BN_CTX *);
228 /* data for ECDSA inverse */
229 BN_MONT_CTX *mont_data;
3aef36ff
RS		 230
231 /* precomputed values for speed. */
232 enum {
233 pct_none,
234 pct_nistp224, pct_nistp256, pct_nistp521, pct_nistz256,
235 pct_ec } pre_comp_type;
236 union {
237 NISTP224_PRE_COMP *nistp224;
238 NISTP256_PRE_COMP *nistp256;
239 NISTP521_PRE_COMP *nistp521;
240 NISTZ256_PRE_COMP *nistz256;
241 EC_PRE_COMP *ec;
242 } pre_comp;
0f113f3e 243} /* EC_GROUP */ ;
3a12ce01 244
3aef36ff
RS		 245#define SETPRECOMP(g, type, pre) \
246 g->pre_comp_type = pct_##type, g->pre_comp.type = pre
247#define HAVEPRECOMP(g, type) \
248 g->pre_comp_type == pct_##type && g->pre_comp.type != NULL
249
9dd84053 250struct ec_key_st {
28572b57
DSH		 251 const EC_KEY_METHOD *meth;
252 ENGINE *engine;
0f113f3e
MC		 253 int version;
254 EC_GROUP *group;
255 EC_POINT *pub_key;
256 BIGNUM *priv_key;
3e8ee475
DSH		 257 /*
258 * Arbitrary extra data.
259 * For example in X25519 this contains the raw private key in a 32 byte
260 * buffer.
261 */
262 void *custom_data;
0f113f3e
MC		 263 unsigned int enc_flag;
264 point_conversion_form_t conv_form;
265 int references;
266 int flags;
3aef36ff 267 CRYPTO_EX_DATA ex_data;
9b398ef2 268 CRYPTO_RWLOCK *lock;
0f113f3e 269} /* EC_KEY */ ;
9dd84053 270
3a12ce01 271struct ec_point_st {
0f113f3e
MC		 272 const EC_METHOD *meth;
273 /*
274 * All members except 'meth' are handled by the method functions, even if
275 * they appear generic
276 */
277 BIGNUM *X;
278 BIGNUM *Y;
279 BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y,
280 * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
281 int Z_is_one; /* enable optimized point arithmetics for
282 * special case */
3e8ee475
DSH		 283 /*
284 * Arbitrary extra data.
285 * For example in X25519 this contains the public key in a 32 byte buffer.
286 */
287 void *custom_data;
0f113f3e 288} /* EC_POINT */ ;
58fc6229 289
3aef36ff
RS		 290NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
291NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
292NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
293NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *);
294NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
295EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *);
2c52ac9b
RS		 296
297void EC_pre_comp_free(EC_GROUP *group);
3aef36ff
RS		 298void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *);
299void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *);
300void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *);
301void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *);
302void EC_ec_pre_comp_free(EC_PRE_COMP *);
303
0f113f3e
MC		 304/*
305 * method functions in ec_mult.c (ec_lib.c uses these as defaults if
306 * group->method->mul is 0)
307 */
7793f30e 308int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
0f113f3e
MC		 309 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
310 BN_CTX *);
7793f30e 311int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
37c660ff
BM		 312int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
313
58fc6229
BM		 314/* method functions in ecp_smpl.c */
315int ec_GFp_simple_group_init(EC_GROUP *);
58fc6229
BM		 316void ec_GFp_simple_group_finish(EC_GROUP *);
317void ec_GFp_simple_group_clear_finish(EC_GROUP *);
318int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
0f113f3e
MC		 319int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
320 const BIGNUM *a, const BIGNUM *b, BN_CTX *);
321int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
322 BIGNUM *b, BN_CTX *);
7793f30e 323int ec_GFp_simple_group_get_degree(const EC_GROUP *);
17d6bb81 324int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
58fc6229
BM		 325int ec_GFp_simple_point_init(EC_POINT *);
326void ec_GFp_simple_point_finish(EC_POINT *);
327void ec_GFp_simple_point_clear_finish(EC_POINT *);
328int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
226cc7de 329int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
0f113f3e
MC		 330int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
331 EC_POINT *, const BIGNUM *x,
332 const BIGNUM *y,
333 const BIGNUM *z, BN_CTX *);
334int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
335 const EC_POINT *, BIGNUM *x,
336 BIGNUM *y, BIGNUM *z,
337 BN_CTX *);
35b73a1f 338int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 339 const BIGNUM *x,
340 const BIGNUM *y, BN_CTX *);
341int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
342 const EC_POINT *, BIGNUM *x,
343 BIGNUM *y, BN_CTX *);
35b73a1f 344int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 345 const BIGNUM *x, int y_bit,
346 BN_CTX *);
347size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
348 point_conversion_form_t form,
349 unsigned char *buf, size_t len, BN_CTX *);
58fc6229 350int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 351 const unsigned char *buf, size_t len, BN_CTX *);
352int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
353 const EC_POINT *b, BN_CTX *);
354int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
355 BN_CTX *);
1d5bd6cf 356int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
58fc6229
BM		 357int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
358int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
0f113f3e
MC		 359int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
360 BN_CTX *);
e869d4bd 361int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
0f113f3e
MC		 362int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
363 EC_POINT *[], BN_CTX *);
364int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
365 const BIGNUM *b, BN_CTX *);
366int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
367 BN_CTX *);
58fc6229
BM		 368
369/* method functions in ecp_mont.c */
f1f25544 370int ec_GFp_mont_group_init(EC_GROUP *);
0f113f3e
MC		 371int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
372 const BIGNUM *b, BN_CTX *);
2e0db076
BM		 373void ec_GFp_mont_group_finish(EC_GROUP *);
374void ec_GFp_mont_group_clear_finish(EC_GROUP *);
60428dbf 375int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
0f113f3e
MC		 376int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
377 const BIGNUM *b, BN_CTX *);
378int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
379 BN_CTX *);
380int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
381 BN_CTX *);
382int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
383 BN_CTX *);
48fe4d62 384int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
58fc6229 385
58fc6229 386/* method functions in ecp_nist.c */
e2c9c91b 387int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
0f113f3e
MC		 388int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
389 const BIGNUM *b, BN_CTX *);
390int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
391 const BIGNUM *b, BN_CTX *);
392int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
393 BN_CTX *);
7793f30e
BM		 394
395/* method functions in ec2_smpl.c */
396int ec_GF2m_simple_group_init(EC_GROUP *);
397void ec_GF2m_simple_group_finish(EC_GROUP *);
398void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
399int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
0f113f3e
MC		 400int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
401 const BIGNUM *a, const BIGNUM *b,
402 BN_CTX *);
403int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
404 BIGNUM *b, BN_CTX *);
7793f30e
BM		 405int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
406int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
407int ec_GF2m_simple_point_init(EC_POINT *);
408void ec_GF2m_simple_point_finish(EC_POINT *);
409void ec_GF2m_simple_point_clear_finish(EC_POINT *);
410int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
411int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
35b73a1f 412int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 413 const BIGNUM *x,
414 const BIGNUM *y, BN_CTX *);
415int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
416 const EC_POINT *, BIGNUM *x,
417 BIGNUM *y, BN_CTX *);
35b73a1f 418int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 419 const BIGNUM *x, int y_bit,
420 BN_CTX *);
421size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
422 point_conversion_form_t form,
423 unsigned char *buf, size_t len, BN_CTX *);
7793f30e 424int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
0f113f3e
MC		 425 const unsigned char *buf, size_t len, BN_CTX *);
426int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
427 const EC_POINT *b, BN_CTX *);
428int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
429 BN_CTX *);
7793f30e
BM		 430int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
431int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
432int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
0f113f3e
MC		 433int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
434 BN_CTX *);
7793f30e 435int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
0f113f3e
MC		 436int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
437 EC_POINT *[], BN_CTX *);
438int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
439 const BIGNUM *b, BN_CTX *);
440int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
441 BN_CTX *);
442int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
443 const BIGNUM *b, BN_CTX *);
7793f30e 444
3e00b4c9 445/* method functions in ec2_mult.c */
0f113f3e
MC		 446int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
447 const BIGNUM *scalar, size_t num,
448 const EC_POINT *points[], const BIGNUM *scalars[],
449 BN_CTX *);
3e00b4c9
BM		 450int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
451int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
452
8e323164 453#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
04daec86
BM		 454/* method functions in ecp_nistp224.c */
455int ec_GFp_nistp224_group_init(EC_GROUP *group);
0f113f3e
MC		 456int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
457 const BIGNUM *a, const BIGNUM *n,
458 BN_CTX *);
459int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
460 const EC_POINT *point,
461 BIGNUM *x, BIGNUM *y,
462 BN_CTX *ctx);
463int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r,
464 const BIGNUM *scalar, size_t num,
465 const EC_POINT *points[], const BIGNUM *scalars[],
466 BN_CTX *);
467int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
468 const BIGNUM *scalar, size_t num,
469 const EC_POINT *points[],
470 const BIGNUM *scalars[], BN_CTX *ctx);
04daec86
BM		 471int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
472int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
3e00b4c9
BM		 473
474/* method functions in ecp_nistp256.c */
475int ec_GFp_nistp256_group_init(EC_GROUP *group);
0f113f3e
MC		 476int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
477 const BIGNUM *a, const BIGNUM *n,
478 BN_CTX *);
479int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
480 const EC_POINT *point,
481 BIGNUM *x, BIGNUM *y,
482 BN_CTX *ctx);
483int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r,
484 const BIGNUM *scalar, size_t num,
485 const EC_POINT *points[], const BIGNUM *scalars[],
486 BN_CTX *);
487int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
488 const BIGNUM *scalar, size_t num,
489 const EC_POINT *points[],
490 const BIGNUM *scalars[], BN_CTX *ctx);
3e00b4c9
BM		 491int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
492int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
493
494/* method functions in ecp_nistp521.c */
495int ec_GFp_nistp521_group_init(EC_GROUP *group);
0f113f3e
MC		 496int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
497 const BIGNUM *a, const BIGNUM *n,
498 BN_CTX *);
499int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
500 const EC_POINT *point,
501 BIGNUM *x, BIGNUM *y,
502 BN_CTX *ctx);
503int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r,
504 const BIGNUM *scalar, size_t num,
505 const EC_POINT *points[], const BIGNUM *scalars[],
506 BN_CTX *);
507int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
508 const BIGNUM *scalar, size_t num,
509 const EC_POINT *points[],
510 const BIGNUM *scalars[], BN_CTX *ctx);
3e00b4c9
BM		 511int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
512int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
513
514/* utility functions in ecp_nistputil.c */
515void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
0f113f3e
MC		 516 size_t felem_size,
517 void *tmp_felems,
518 void (*felem_one) (void *out),
519 int (*felem_is_zero) (const void
520 *in),
521 void (*felem_assign) (void *out,
522 const void
523 *in),
524 void (*felem_square) (void *out,
525 const void
526 *in),
527 void (*felem_mul) (void *out,
528 const void
529 *in1,
530 const void
531 *in2),
532 void (*felem_inv) (void *out,
533 const void
534 *in),
535 void (*felem_contract) (void
536 *out,
537 const
538 void
539 *in));
540void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
541 unsigned char *digit, unsigned char in);
04daec86 542#endif
f54be179 543int ec_precompute_mont_data(EC_GROUP *);
77470e98 544int ec_group_simple_order_bits(const EC_GROUP *group);
f54be179
AP		 545
546#ifdef ECP_NISTZ256_ASM
547/** Returns GFp methods using montgomery multiplication, with x86-64 optimized
548 * P256. See http://eprint.iacr.org/2013/816.
549 * \return EC_METHOD object
550 */
551const EC_METHOD *EC_GFp_nistz256_method(void);
552#endif
28572b57 553
77470e98
DSH		 554size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
555 unsigned char *buf, size_t len);
556int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len);
557int ec_key_simple_generate_key(EC_KEY *eckey);
558int ec_key_simple_generate_public_key(EC_KEY *eckey);
559int ec_key_simple_check_key(const EC_KEY *eckey);
560
28572b57
DSH		 561/* EC_METHOD definitions */
562
563struct ec_key_method_st {
564 const char *name;
565 int32_t flags;
0d6ff6d3
DSH		 566 int (*init)(EC_KEY *key);
567 void (*finish)(EC_KEY *key);
ea0392b9 568 int (*copy)(EC_KEY *dest, const EC_KEY *src);
3475bc96
DSH		 569 int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
570 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
571 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
5a6a1029 572 int (*keygen)(EC_KEY *key);
e2285d87
DSH		 573 int (*compute_key)(unsigned char **pout, size_t *poutlen,
574 const EC_POINT *pub_key, const EC_KEY *ecdh);
a200a817
DSH		 575 int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
576 *sig, unsigned int *siglen, const BIGNUM *kinv,
577 const BIGNUM *r, EC_KEY *eckey);
c0efda00
DSH		 578 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
579 BIGNUM **rp);
580 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
581 const BIGNUM *in_kinv, const BIGNUM *in_r,
582 EC_KEY *eckey);
a200a817
DSH		 583
584 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
585 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
c0efda00
DSH		 586 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
587 const ECDSA_SIG *sig, EC_KEY *eckey);
28572b57
DSH		 588} /* EC_KEY_METHOD */ ;
589
590#define EC_KEY_METHOD_DYNAMIC 1
5a6a1029
DSH		 591
592int ossl_ec_key_gen(EC_KEY *eckey);
e2285d87
DSH		 593int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
594 const EC_POINT *pub_key, const EC_KEY *ecdh);
595int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
596 const EC_POINT *pub_key, const EC_KEY *ecdh);
714b2abb
DSH		 597
598struct ECDSA_SIG_st {
599 BIGNUM *r;
600 BIGNUM *s;
601};
c0efda00
DSH		 602
603int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
604 BIGNUM **rp);
a200a817
DSH		 605int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
606 unsigned char *sig, unsigned int *siglen,
607 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
c0efda00
DSH		 608ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
609 const BIGNUM *in_kinv, const BIGNUM *in_r,
610 EC_KEY *eckey);
a200a817
DSH		 611int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
612 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
c0efda00
DSH		 613int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
614 const ECDSA_SIG *sig, EC_KEY *eckey);
8dcfdbf5
DSH		 615
616const EC_METHOD *ec_x25519_meth(void);
617
618int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
619 const uint8_t peer_public_value[32]);
620void X25519_public_from_private(uint8_t out_public_value[32],
621 const uint8_t private_key[32]);
A mirror of the official openssl repository