]>
Commit | Line | Data |
---|---|---|
65e81670 | 1 | /* crypto/ec/ec_lcl.h */ |
35b73a1f BM |
2 | /* |
3 | * Originally written by Bodo Moeller for the OpenSSL project. | |
4 | */ | |
65e81670 | 5 | /* ==================================================================== |
04daec86 | 6 | * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. |
65e81670 BM |
7 | * |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * openssl-core@openssl.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
7793f30e BM |
58 | /* ==================================================================== |
59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | |
60 | * | |
61 | * Portions of the attached software ("Contribution") are developed by | |
62 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | |
63 | * | |
64 | * The Contribution is licensed pursuant to the OpenSSL open source | |
65 | * license provided above. | |
66 | * | |
7793f30e BM |
67 | * The elliptic curve binary polynomial software is originally written by |
68 | * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. | |
69 | * | |
70 | */ | |
38e3c581 | 71 | |
3a12ce01 BM |
72 | |
73 | #include <stdlib.h> | |
74 | ||
458c2917 | 75 | #include <openssl/obj_mac.h> |
38e3c581 | 76 | #include <openssl/ec.h> |
0f814687 | 77 | #include <openssl/bn.h> |
3a12ce01 | 78 | |
7f24b1c3 AP |
79 | #if defined(__SUNPRO_C) |
80 | # if __SUNPRO_C >= 0x520 | |
81 | # pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) | |
82 | # endif | |
83 | #endif | |
3a12ce01 | 84 | |
84b08eee DSH |
85 | /* Use default functions for poin2oct, oct2point and compressed coordinates */ |
86 | #define EC_FLAGS_DEFAULT_OCT 0x1 | |
87 | ||
3a12ce01 BM |
88 | /* Structure details are not part of the exported interface, |
89 | * so all this may change in future versions. */ | |
90 | ||
91 | struct ec_method_st { | |
84b08eee DSH |
92 | /* Various method flags */ |
93 | int flags; | |
458c2917 | 94 | /* used by EC_METHOD_get_field_type: */ |
012c86ab | 95 | int field_type; /* a NID */ |
458c2917 | 96 | |
bb62a8b0 | 97 | /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ |
3a12ce01 | 98 | int (*group_init)(EC_GROUP *); |
3a12ce01 | 99 | void (*group_finish)(EC_GROUP *); |
0657bf9c | 100 | void (*group_clear_finish)(EC_GROUP *); |
7d7db13e | 101 | int (*group_copy)(EC_GROUP *, const EC_GROUP *); |
3a12ce01 | 102 | |
7793f30e BM |
103 | /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ |
104 | /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ | |
105 | int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | |
106 | int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | |
107 | ||
108 | /* used by EC_GROUP_get_degree: */ | |
109 | int (*group_get_degree)(const EC_GROUP *); | |
bb62a8b0 | 110 | |
af28dd6c | 111 | /* used by EC_GROUP_check: */ |
17d6bb81 | 112 | int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); |
af28dd6c | 113 | |
1d5bd6cf | 114 | /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ |
3a12ce01 BM |
115 | int (*point_init)(EC_POINT *); |
116 | void (*point_finish)(EC_POINT *); | |
0657bf9c | 117 | void (*point_clear_finish)(EC_POINT *); |
7d7db13e | 118 | int (*point_copy)(EC_POINT *, const EC_POINT *); |
3a12ce01 | 119 | |
1d97c843 TH |
120 | /*- |
121 | * used by EC_POINT_set_to_infinity, | |
35b73a1f BM |
122 | * EC_POINT_set_Jprojective_coordinates_GFp, |
123 | * EC_POINT_get_Jprojective_coordinates_GFp, | |
124 | * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, | |
125 | * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, | |
126 | * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: | |
1d5bd6cf | 127 | */ |
226cc7de | 128 | int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); |
35b73a1f | 129 | int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, |
1d5bd6cf | 130 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); |
35b73a1f | 131 | int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, |
1d5bd6cf | 132 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); |
7793f30e | 133 | int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, |
226cc7de | 134 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); |
7793f30e | 135 | int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, |
226cc7de | 136 | BIGNUM *x, BIGNUM *y, BN_CTX *); |
7793f30e | 137 | int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, |
1d5bd6cf | 138 | const BIGNUM *x, int y_bit, BN_CTX *); |
3a12ce01 | 139 | |
d8c79c7f | 140 | /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ |
5b438e9b | 141 | size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, |
7d7db13e BM |
142 | unsigned char *buf, size_t len, BN_CTX *); |
143 | int (*oct2point)(const EC_GROUP *, EC_POINT *, | |
144 | const unsigned char *buf, size_t len, BN_CTX *); | |
145 | ||
1d5bd6cf | 146 | /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ |
7d7db13e BM |
147 | int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); |
148 | int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); | |
1d5bd6cf | 149 | int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); |
3a12ce01 | 150 | |
1d5bd6cf | 151 | /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ |
5b438e9b BM |
152 | int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); |
153 | int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); | |
1d5bd6cf BM |
154 | int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); |
155 | ||
48fe4d62 | 156 | /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ |
e869d4bd | 157 | int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); |
48fe4d62 | 158 | int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); |
fb171e53 | 159 | |
37c660ff BM |
160 | /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult |
161 | * (default implementations are used if the 'mul' pointer is 0): */ | |
162 | int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |
163 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
164 | int (*precompute_mult)(EC_GROUP *group, BN_CTX *); | |
165 | int (*have_precompute_mult)(const EC_GROUP *group); | |
166 | ||
3a12ce01 BM |
167 | |
168 | /* internal functions */ | |
169 | ||
7793f30e | 170 | /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that |
3a12ce01 | 171 | * the same implementations of point operations can be used with different |
d8c79c7f | 172 | * optimized implementations of expensive field operations: */ |
60428dbf | 173 | int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
7d7db13e | 174 | int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
7793f30e | 175 | int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
7d7db13e BM |
176 | |
177 | int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ | |
178 | int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ | |
48fe4d62 | 179 | int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); |
3a12ce01 BM |
180 | } /* EC_METHOD */; |
181 | ||
ba729265 BM |
182 | typedef struct ec_extra_data_st { |
183 | struct ec_extra_data_st *next; | |
184 | void *data; | |
185 | void *(*dup_func)(void *); | |
186 | void (*free_func)(void *); | |
187 | void (*clear_free_func)(void *); | |
188 | } EC_EXTRA_DATA; /* used in EC_GROUP */ | |
3a12ce01 BM |
189 | |
190 | struct ec_group_st { | |
0657bf9c | 191 | const EC_METHOD *meth; |
3a12ce01 | 192 | |
b6db386f | 193 | EC_POINT *generator; /* optional */ |
5784a521 | 194 | BIGNUM *order, *cofactor; |
b6db386f | 195 | |
254ef80d | 196 | int curve_name;/* optional NID for named curve */ |
458c2917 | 197 | int asn1_flag; /* flag to control the asn1 encoding */ |
254ef80d | 198 | point_conversion_form_t asn1_form; |
b6db386f | 199 | |
5f3d6f70 BM |
200 | unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ |
201 | size_t seed_len; | |
202 | ||
ba729265 | 203 | EC_EXTRA_DATA *extra_data; /* linked list */ |
df9cc153 | 204 | |
b6db386f BM |
205 | /* The following members are handled by the method functions, |
206 | * even if they appear generic */ | |
0657bf9c | 207 | |
dbd87ffc MC |
208 | /* Field specification. |
209 | * For curves over GF(p), this is the modulus; | |
210 | * for curves over GF(2^m), this is the | |
211 | * irreducible polynomial defining the field. | |
212 | */ | |
213 | BIGNUM *field; | |
214 | ||
215 | /* Field specification for curves over GF(2^m). | |
216 | * The irreducible f(t) is then of the form: | |
217 | * t^poly[0] + t^poly[1] + ... + t^poly[k] | |
218 | * where m = poly[0] > poly[1] > ... > poly[k] = 0. | |
219 | * The array is terminated with poly[k+1]=-1. | |
220 | * All elliptic curve irreducibles have at most 5 | |
221 | * non-zero terms. | |
222 | */ | |
223 | int poly[6]; | |
224 | ||
225 | /* Curve coefficients. | |
226 | * (Here the assumption is that BIGNUMs can be used | |
227 | * or abused for all kinds of fields, not just GF(p).) | |
228 | * For characteristic > 3, the curve is defined | |
229 | * by a Weierstrass equation of the form | |
230 | * y^2 = x^3 + a*x + b. | |
231 | * For characteristic 2, the curve is defined by | |
232 | * an equation of the form | |
233 | * y^2 + x*y = x^3 + a*x^2 + b. | |
234 | */ | |
235 | BIGNUM *a, *b; | |
236 | ||
237 | /* enable optimized point arithmetics for special case */ | |
238 | int a_is_minus3; | |
239 | ||
240 | /* method-specific (e.g., Montgomery structure) */ | |
241 | void *field_data1; | |
242 | ||
243 | /* method-specific */ | |
244 | void *field_data2; | |
245 | ||
246 | /* method-specific */ | |
247 | int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); | |
248 | ||
249 | /* data for ECDSA inverse */ | |
250 | BN_MONT_CTX *mont_data; | |
3a12ce01 BM |
251 | } /* EC_GROUP */; |
252 | ||
9dd84053 NL |
253 | struct ec_key_st { |
254 | int version; | |
3a12ce01 | 255 | |
9dd84053 NL |
256 | EC_GROUP *group; |
257 | ||
258 | EC_POINT *pub_key; | |
259 | BIGNUM *priv_key; | |
260 | ||
261 | unsigned int enc_flag; | |
262 | point_conversion_form_t conv_form; | |
263 | ||
264 | int references; | |
cac4fb58 | 265 | int flags; |
9dd84053 NL |
266 | |
267 | EC_EXTRA_DATA *method_data; | |
268 | } /* EC_KEY */; | |
269 | ||
270 | /* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only | |
df9cc153 BM |
271 | * (with visibility limited to 'package' level for now). |
272 | * We use the function pointers as index for retrieval; this obviates | |
273 | * global ex_data-style index tables. | |
ba729265 | 274 | */ |
9dd84053 | 275 | int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, |
ba729265 | 276 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
9dd84053 | 277 | void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, |
ba729265 | 278 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
9dd84053 | 279 | void EC_EX_DATA_free_data(EC_EXTRA_DATA **, |
ba729265 | 280 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
9dd84053 | 281 | void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, |
ba729265 | 282 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); |
9dd84053 NL |
283 | void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); |
284 | void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); | |
df9cc153 BM |
285 | |
286 | ||
287 | ||
3a12ce01 | 288 | struct ec_point_st { |
0657bf9c BM |
289 | const EC_METHOD *meth; |
290 | ||
291 | /* All members except 'meth' are handled by the method functions, | |
292 | * even if they appear generic */ | |
3a12ce01 | 293 | |
5784a521 MC |
294 | BIGNUM *X; |
295 | BIGNUM *Y; | |
296 | BIGNUM *Z; /* Jacobian projective coordinates: | |
fb171e53 BM |
297 | * (X, Y, Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ |
298 | int Z_is_one; /* enable optimized point arithmetics for special case */ | |
3a12ce01 | 299 | } /* EC_POINT */; |
58fc6229 BM |
300 | |
301 | ||
302 | ||
37c660ff | 303 | /* method functions in ec_mult.c |
24893ca9 | 304 | * (ec_lib.c uses these as defaults if group->method->mul is 0) */ |
7793f30e BM |
305 | int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
306 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
307 | int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); | |
37c660ff BM |
308 | int ec_wNAF_have_precompute_mult(const EC_GROUP *group); |
309 | ||
7793f30e | 310 | |
58fc6229 BM |
311 | /* method functions in ecp_smpl.c */ |
312 | int ec_GFp_simple_group_init(EC_GROUP *); | |
58fc6229 BM |
313 | void ec_GFp_simple_group_finish(EC_GROUP *); |
314 | void ec_GFp_simple_group_clear_finish(EC_GROUP *); | |
315 | int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); | |
35b73a1f BM |
316 | int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
317 | int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | |
7793f30e | 318 | int ec_GFp_simple_group_get_degree(const EC_GROUP *); |
17d6bb81 | 319 | int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); |
58fc6229 BM |
320 | int ec_GFp_simple_point_init(EC_POINT *); |
321 | void ec_GFp_simple_point_finish(EC_POINT *); | |
322 | void ec_GFp_simple_point_clear_finish(EC_POINT *); | |
323 | int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); | |
226cc7de | 324 | int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); |
1d5bd6cf BM |
325 | int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, |
326 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); | |
327 | int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, | |
328 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); | |
35b73a1f | 329 | int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, |
226cc7de | 330 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); |
35b73a1f | 331 | int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, |
226cc7de | 332 | BIGNUM *x, BIGNUM *y, BN_CTX *); |
35b73a1f | 333 | int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, |
1d5bd6cf | 334 | const BIGNUM *x, int y_bit, BN_CTX *); |
58fc6229 BM |
335 | size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, |
336 | unsigned char *buf, size_t len, BN_CTX *); | |
337 | int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, | |
338 | const unsigned char *buf, size_t len, BN_CTX *); | |
339 | int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | |
340 | int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); | |
1d5bd6cf | 341 | int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); |
58fc6229 BM |
342 | int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); |
343 | int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); | |
1d5bd6cf | 344 | int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); |
e869d4bd | 345 | int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); |
48fe4d62 | 346 | int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); |
60428dbf | 347 | int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
58fc6229 BM |
348 | int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
349 | ||
350 | ||
351 | /* method functions in ecp_mont.c */ | |
f1f25544 | 352 | int ec_GFp_mont_group_init(EC_GROUP *); |
35b73a1f | 353 | int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
2e0db076 BM |
354 | void ec_GFp_mont_group_finish(EC_GROUP *); |
355 | void ec_GFp_mont_group_clear_finish(EC_GROUP *); | |
60428dbf BM |
356 | int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); |
357 | int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | |
58fc6229 BM |
358 | int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
359 | int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | |
360 | int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | |
48fe4d62 | 361 | int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); |
58fc6229 BM |
362 | |
363 | ||
58fc6229 | 364 | /* method functions in ecp_nist.c */ |
e2c9c91b | 365 | int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); |
35b73a1f | 366 | int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
60428dbf | 367 | int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
58fc6229 | 368 | int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); |
7793f30e BM |
369 | |
370 | ||
371 | /* method functions in ec2_smpl.c */ | |
372 | int ec_GF2m_simple_group_init(EC_GROUP *); | |
373 | void ec_GF2m_simple_group_finish(EC_GROUP *); | |
374 | void ec_GF2m_simple_group_clear_finish(EC_GROUP *); | |
375 | int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); | |
35b73a1f BM |
376 | int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); |
377 | int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); | |
7793f30e BM |
378 | int ec_GF2m_simple_group_get_degree(const EC_GROUP *); |
379 | int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); | |
380 | int ec_GF2m_simple_point_init(EC_POINT *); | |
381 | void ec_GF2m_simple_point_finish(EC_POINT *); | |
382 | void ec_GF2m_simple_point_clear_finish(EC_POINT *); | |
383 | int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); | |
384 | int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); | |
35b73a1f | 385 | int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, |
7793f30e | 386 | const BIGNUM *x, const BIGNUM *y, BN_CTX *); |
35b73a1f | 387 | int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, |
7793f30e | 388 | BIGNUM *x, BIGNUM *y, BN_CTX *); |
35b73a1f | 389 | int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, |
7793f30e BM |
390 | const BIGNUM *x, int y_bit, BN_CTX *); |
391 | size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, | |
392 | unsigned char *buf, size_t len, BN_CTX *); | |
393 | int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, | |
394 | const unsigned char *buf, size_t len, BN_CTX *); | |
395 | int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | |
396 | int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); | |
397 | int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); | |
398 | int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); | |
399 | int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); | |
400 | int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); | |
401 | int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); | |
402 | int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); | |
403 | int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | |
404 | int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); | |
405 | int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); | |
406 | ||
407 | ||
408 | /* method functions in ec2_mult.c */ | |
15994b03 | 409 | int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
7793f30e | 410 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); |
15994b03 | 411 | int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); |
37c660ff | 412 | int ec_GF2m_have_precompute_mult(const EC_GROUP *group); |
04daec86 | 413 | |
3e00b4c9 BM |
414 | /* method functions in ec2_mult.c */ |
415 | int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |
416 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
417 | int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); | |
418 | int ec_GF2m_have_precompute_mult(const EC_GROUP *group); | |
419 | ||
8e323164 | 420 | #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
04daec86 BM |
421 | /* method functions in ecp_nistp224.c */ |
422 | int ec_GFp_nistp224_group_init(EC_GROUP *group); | |
3e00b4c9 BM |
423 | int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); |
424 | int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); | |
425 | int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
426 | int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); | |
04daec86 BM |
427 | int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); |
428 | int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); | |
3e00b4c9 BM |
429 | |
430 | /* method functions in ecp_nistp256.c */ | |
431 | int ec_GFp_nistp256_group_init(EC_GROUP *group); | |
432 | int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); | |
433 | int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); | |
434 | int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
435 | int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); | |
436 | int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); | |
437 | int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); | |
438 | ||
439 | /* method functions in ecp_nistp521.c */ | |
440 | int ec_GFp_nistp521_group_init(EC_GROUP *group); | |
441 | int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); | |
442 | int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); | |
443 | int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); | |
444 | int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); | |
445 | int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); | |
446 | int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); | |
447 | ||
448 | /* utility functions in ecp_nistputil.c */ | |
449 | void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, | |
450 | size_t felem_size, void *tmp_felems, | |
451 | void (*felem_one)(void *out), | |
452 | int (*felem_is_zero)(const void *in), | |
453 | void (*felem_assign)(void *out, const void *in), | |
454 | void (*felem_square)(void *out, const void *in), | |
455 | void (*felem_mul)(void *out, const void *in1, const void *in2), | |
456 | void (*felem_inv)(void *out, const void *in), | |
457 | void (*felem_contract)(void *out, const void *in)); | |
458 | void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); | |
04daec86 | 459 | #endif |
f54be179 AP |
460 | int ec_precompute_mont_data(EC_GROUP *); |
461 | ||
462 | #ifdef ECP_NISTZ256_ASM | |
463 | /** Returns GFp methods using montgomery multiplication, with x86-64 optimized | |
464 | * P256. See http://eprint.iacr.org/2013/816. | |
465 | * \return EC_METHOD object | |
466 | */ | |
467 | const EC_METHOD *EC_GFp_nistz256_method(void); | |
468 | #endif |