]>
Commit | Line | Data |
---|---|---|
65e81670 | 1 | /* crypto/ec/ec_lib.c */ |
35b73a1f BM |
2 | /* |
3 | * Originally written by Bodo Moeller for the OpenSSL project. | |
4 | */ | |
65e81670 | 5 | /* ==================================================================== |
37c660ff | 6 | * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. |
65e81670 BM |
7 | * |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * openssl-core@openssl.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
7793f30e BM |
58 | /* ==================================================================== |
59 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | |
60 | * Binary polynomial ECC support in OpenSSL originally developed by | |
61 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | |
62 | */ | |
65e81670 | 63 | |
73e45b2d | 64 | |
84b08eee | 65 | |
c4b36ff4 BM |
66 | #include <string.h> |
67 | ||
0657bf9c | 68 | #include <openssl/err.h> |
bb62a8b0 | 69 | #include <openssl/opensslv.h> |
0657bf9c | 70 | |
65e81670 | 71 | #include "ec_lcl.h" |
0657bf9c | 72 | |
b597aab8 | 73 | const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; |
bb62a8b0 | 74 | |
0657bf9c BM |
75 | |
76 | /* functions for EC_GROUP objects */ | |
77 | ||
78 | EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) | |
79 | { | |
80 | EC_GROUP *ret; | |
81 | ||
82 | if (meth == NULL) | |
83 | { | |
739a543e | 84 | ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL); |
0657bf9c BM |
85 | return NULL; |
86 | } | |
87 | if (meth->group_init == 0) | |
88 | { | |
89 | ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
90 | return NULL; | |
91 | } | |
92 | ||
93 | ret = OPENSSL_malloc(sizeof *ret); | |
94 | if (ret == NULL) | |
95 | { | |
96 | ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); | |
97 | return NULL; | |
98 | } | |
99 | ||
100 | ret->meth = meth; | |
df9cc153 BM |
101 | |
102 | ret->extra_data = NULL; | |
f54be179 | 103 | ret->mont_data = NULL; |
945e15a2 | 104 | |
b6db386f | 105 | ret->generator = NULL; |
5784a521 MC |
106 | ret->order = BN_new(); |
107 | ret->cofactor = NULL; | |
108 | if(!ret->order) goto err; | |
109 | ret->cofactor = BN_new(); | |
110 | if(!ret->cofactor) goto err; | |
b6db386f | 111 | |
254ef80d BM |
112 | ret->curve_name = 0; |
113 | ret->asn1_flag = 0; | |
5f3d6f70 | 114 | ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; |
458c2917 BM |
115 | |
116 | ret->seed = NULL; | |
117 | ret->seed_len = 0; | |
945e15a2 | 118 | |
5784a521 | 119 | if (!meth->group_init(ret)) goto err; |
0657bf9c BM |
120 | |
121 | return ret; | |
5784a521 MC |
122 | err: |
123 | if(ret->order) BN_free(ret->order); | |
124 | if(ret->cofactor) BN_free(ret->cofactor); | |
125 | OPENSSL_free(ret); | |
126 | return NULL; | |
0657bf9c BM |
127 | } |
128 | ||
129 | ||
0657bf9c BM |
130 | void EC_GROUP_free(EC_GROUP *group) |
131 | { | |
7711de24 BM |
132 | if (!group) return; |
133 | ||
0657bf9c BM |
134 | if (group->meth->group_finish != 0) |
135 | group->meth->group_finish(group); | |
df9cc153 | 136 | |
9dd84053 | 137 | EC_EX_DATA_free_all_data(&group->extra_data); |
df9cc153 | 138 | |
f54be179 AP |
139 | if (group->mont_data) |
140 | BN_MONT_CTX_free(group->mont_data); | |
141 | ||
b6db386f BM |
142 | if (group->generator != NULL) |
143 | EC_POINT_free(group->generator); | |
5784a521 MC |
144 | BN_free(group->order); |
145 | BN_free(group->cofactor); | |
b6db386f | 146 | |
458c2917 BM |
147 | if (group->seed) |
148 | OPENSSL_free(group->seed); | |
149 | ||
0657bf9c BM |
150 | OPENSSL_free(group); |
151 | } | |
152 | ||
153 | ||
154 | void EC_GROUP_clear_free(EC_GROUP *group) | |
155 | { | |
7711de24 BM |
156 | if (!group) return; |
157 | ||
0657bf9c BM |
158 | if (group->meth->group_clear_finish != 0) |
159 | group->meth->group_clear_finish(group); | |
bbab9b61 | 160 | else if (group->meth->group_finish != 0) |
0657bf9c | 161 | group->meth->group_finish(group); |
df9cc153 | 162 | |
9dd84053 | 163 | EC_EX_DATA_clear_free_all_data(&group->extra_data); |
df9cc153 | 164 | |
f54be179 AP |
165 | if (group->mont_data) |
166 | BN_MONT_CTX_free(group->mont_data); | |
167 | ||
b6db386f BM |
168 | if (group->generator != NULL) |
169 | EC_POINT_clear_free(group->generator); | |
5784a521 MC |
170 | BN_clear_free(group->order); |
171 | BN_clear_free(group->cofactor); | |
b6db386f | 172 | |
458c2917 BM |
173 | if (group->seed) |
174 | { | |
4579924b | 175 | OPENSSL_cleanse(group->seed, group->seed_len); |
458c2917 BM |
176 | OPENSSL_free(group->seed); |
177 | } | |
178 | ||
4579924b | 179 | OPENSSL_cleanse(group, sizeof *group); |
0657bf9c BM |
180 | OPENSSL_free(group); |
181 | } | |
182 | ||
183 | ||
184 | int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) | |
185 | { | |
ba729265 BM |
186 | EC_EXTRA_DATA *d; |
187 | ||
0657bf9c BM |
188 | if (dest->meth->group_copy == 0) |
189 | { | |
190 | ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
191 | return 0; | |
192 | } | |
193 | if (dest->meth != src->meth) | |
194 | { | |
195 | ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); | |
196 | return 0; | |
197 | } | |
1d5bd6cf BM |
198 | if (dest == src) |
199 | return 1; | |
0657bf9c | 200 | |
9dd84053 | 201 | EC_EX_DATA_free_all_data(&dest->extra_data); |
df9cc153 | 202 | |
ba729265 BM |
203 | for (d = src->extra_data; d != NULL; d = d->next) |
204 | { | |
205 | void *t = d->dup_func(d->data); | |
206 | ||
207 | if (t == NULL) | |
208 | return 0; | |
9dd84053 | 209 | if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) |
ba729265 | 210 | return 0; |
df9cc153 BM |
211 | } |
212 | ||
f54be179 AP |
213 | if (src->mont_data != NULL) |
214 | { | |
215 | if (dest->mont_data == NULL) | |
216 | { | |
217 | dest->mont_data = BN_MONT_CTX_new(); | |
218 | if (dest->mont_data == NULL) return 0; | |
219 | } | |
220 | if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data)) return 0; | |
221 | } | |
222 | else | |
223 | { | |
224 | /* src->generator == NULL */ | |
225 | if (dest->mont_data != NULL) | |
226 | { | |
227 | BN_MONT_CTX_free(dest->mont_data); | |
228 | dest->mont_data = NULL; | |
229 | } | |
230 | } | |
231 | ||
b6db386f BM |
232 | if (src->generator != NULL) |
233 | { | |
234 | if (dest->generator == NULL) | |
235 | { | |
236 | dest->generator = EC_POINT_new(dest); | |
237 | if (dest->generator == NULL) return 0; | |
238 | } | |
239 | if (!EC_POINT_copy(dest->generator, src->generator)) return 0; | |
240 | } | |
241 | else | |
242 | { | |
243 | /* src->generator == NULL */ | |
244 | if (dest->generator != NULL) | |
245 | { | |
246 | EC_POINT_clear_free(dest->generator); | |
247 | dest->generator = NULL; | |
248 | } | |
249 | } | |
250 | ||
5784a521 MC |
251 | if (!BN_copy(dest->order, src->order)) return 0; |
252 | if (!BN_copy(dest->cofactor, src->cofactor)) return 0; | |
b6db386f | 253 | |
254ef80d BM |
254 | dest->curve_name = src->curve_name; |
255 | dest->asn1_flag = src->asn1_flag; | |
256 | dest->asn1_form = src->asn1_form; | |
458c2917 BM |
257 | |
258 | if (src->seed) | |
259 | { | |
260 | if (dest->seed) | |
261 | OPENSSL_free(dest->seed); | |
262 | dest->seed = OPENSSL_malloc(src->seed_len); | |
263 | if (dest->seed == NULL) | |
264 | return 0; | |
265 | if (!memcpy(dest->seed, src->seed, src->seed_len)) | |
266 | return 0; | |
267 | dest->seed_len = src->seed_len; | |
268 | } | |
269 | else | |
270 | { | |
271 | if (dest->seed) | |
272 | OPENSSL_free(dest->seed); | |
273 | dest->seed = NULL; | |
274 | dest->seed_len = 0; | |
275 | } | |
276 | ||
b6db386f | 277 | |
0657bf9c BM |
278 | return dest->meth->group_copy(dest, src); |
279 | } | |
280 | ||
281 | ||
7793f30e BM |
282 | EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) |
283 | { | |
284 | EC_GROUP *t = NULL; | |
285 | int ok = 0; | |
286 | ||
287 | if (a == NULL) return NULL; | |
288 | ||
289 | if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); | |
290 | if (!EC_GROUP_copy(t, a)) goto err; | |
291 | ||
292 | ok = 1; | |
293 | ||
294 | err: | |
295 | if (!ok) | |
296 | { | |
297 | if (t) EC_GROUP_free(t); | |
298 | return NULL; | |
299 | } | |
300 | else return t; | |
301 | } | |
302 | ||
303 | ||
48fe4d62 BM |
304 | const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) |
305 | { | |
306 | return group->meth; | |
307 | } | |
308 | ||
309 | ||
458c2917 BM |
310 | int EC_METHOD_get_field_type(const EC_METHOD *meth) |
311 | { | |
312 | return meth->field_type; | |
313 | } | |
314 | ||
315 | ||
b6db386f | 316 | int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) |
bb62a8b0 | 317 | { |
b6db386f | 318 | if (generator == NULL) |
bb62a8b0 | 319 | { |
b6db386f BM |
320 | ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); |
321 | return 0 ; | |
bb62a8b0 | 322 | } |
b6db386f BM |
323 | |
324 | if (group->generator == NULL) | |
325 | { | |
326 | group->generator = EC_POINT_new(group); | |
327 | if (group->generator == NULL) return 0; | |
328 | } | |
329 | if (!EC_POINT_copy(group->generator, generator)) return 0; | |
330 | ||
331 | if (order != NULL) | |
5784a521 | 332 | { if (!BN_copy(group->order, order)) return 0; } |
b6db386f | 333 | else |
5784a521 | 334 | BN_zero(group->order); |
b6db386f BM |
335 | |
336 | if (cofactor != NULL) | |
5784a521 | 337 | { if (!BN_copy(group->cofactor, cofactor)) return 0; } |
b6db386f | 338 | else |
5784a521 | 339 | BN_zero(group->cofactor); |
b6db386f | 340 | |
f54be179 AP |
341 | /* We ignore the return value because some groups have an order with |
342 | * factors of two, which makes the Montgomery setup fail. | |
343 | * |group->mont_data| will be NULL in this case. */ | |
344 | ec_precompute_mont_data(group); | |
345 | ||
b6db386f | 346 | return 1; |
bb62a8b0 BM |
347 | } |
348 | ||
349 | ||
9dd84053 | 350 | const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) |
bb62a8b0 | 351 | { |
b6db386f | 352 | return group->generator; |
bb62a8b0 BM |
353 | } |
354 | ||
f54be179 AP |
355 | BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group) |
356 | { | |
357 | return group->mont_data; | |
358 | } | |
bb62a8b0 | 359 | |
b6db386f | 360 | int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) |
0657bf9c | 361 | { |
5784a521 | 362 | if (!BN_copy(order, group->order)) |
0657bf9c | 363 | return 0; |
b6db386f BM |
364 | |
365 | return !BN_is_zero(order); | |
0657bf9c BM |
366 | } |
367 | ||
368 | ||
b6db386f | 369 | int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) |
48fe4d62 | 370 | { |
5784a521 | 371 | if (!BN_copy(cofactor, group->cofactor)) |
48fe4d62 | 372 | return 0; |
b6db386f | 373 | |
5784a521 | 374 | return !BN_is_zero(group->cofactor); |
48fe4d62 BM |
375 | } |
376 | ||
377 | ||
7dc17a6c | 378 | void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) |
b6db386f | 379 | { |
254ef80d | 380 | group->curve_name = nid; |
b6db386f BM |
381 | } |
382 | ||
383 | ||
7dc17a6c | 384 | int EC_GROUP_get_curve_name(const EC_GROUP *group) |
b6db386f | 385 | { |
254ef80d | 386 | return group->curve_name; |
b6db386f BM |
387 | } |
388 | ||
389 | ||
458c2917 BM |
390 | void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) |
391 | { | |
392 | group->asn1_flag = flag; | |
393 | } | |
394 | ||
395 | ||
396 | int EC_GROUP_get_asn1_flag(const EC_GROUP *group) | |
397 | { | |
398 | return group->asn1_flag; | |
399 | } | |
400 | ||
401 | ||
254ef80d BM |
402 | void EC_GROUP_set_point_conversion_form(EC_GROUP *group, |
403 | point_conversion_form_t form) | |
404 | { | |
405 | group->asn1_form = form; | |
406 | } | |
407 | ||
408 | ||
409 | point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) | |
410 | { | |
411 | return group->asn1_form; | |
412 | } | |
413 | ||
414 | ||
5f3d6f70 BM |
415 | size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) |
416 | { | |
417 | if (group->seed) | |
418 | { | |
419 | OPENSSL_free(group->seed); | |
420 | group->seed = NULL; | |
421 | group->seed_len = 0; | |
422 | } | |
423 | ||
424 | if (!len || !p) | |
425 | return 1; | |
426 | ||
427 | if ((group->seed = OPENSSL_malloc(len)) == NULL) | |
428 | return 0; | |
429 | memcpy(group->seed, p, len); | |
430 | group->seed_len = len; | |
431 | ||
432 | return len; | |
433 | } | |
434 | ||
435 | ||
436 | unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) | |
437 | { | |
438 | return group->seed; | |
439 | } | |
440 | ||
441 | ||
442 | size_t EC_GROUP_get_seed_len(const EC_GROUP *group) | |
443 | { | |
444 | return group->seed_len; | |
445 | } | |
446 | ||
447 | ||
b6db386f | 448 | int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
48fe4d62 | 449 | { |
7793f30e | 450 | if (group->meth->group_set_curve == 0) |
48fe4d62 | 451 | { |
b6db386f | 452 | ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
48fe4d62 BM |
453 | return 0; |
454 | } | |
7793f30e | 455 | return group->meth->group_set_curve(group, p, a, b, ctx); |
48fe4d62 BM |
456 | } |
457 | ||
458 | ||
b6db386f | 459 | int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) |
48fe4d62 | 460 | { |
7793f30e | 461 | if (group->meth->group_get_curve == 0) |
48fe4d62 | 462 | { |
b6db386f | 463 | ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
48fe4d62 BM |
464 | return 0; |
465 | } | |
7793f30e BM |
466 | return group->meth->group_get_curve(group, p, a, b, ctx); |
467 | } | |
468 | ||
b3310161 | 469 | #ifndef OPENSSL_NO_EC2M |
7793f30e BM |
470 | int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
471 | { | |
472 | if (group->meth->group_set_curve == 0) | |
473 | { | |
474 | ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
475 | return 0; | |
476 | } | |
477 | return group->meth->group_set_curve(group, p, a, b, ctx); | |
478 | } | |
479 | ||
480 | ||
481 | int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) | |
482 | { | |
483 | if (group->meth->group_get_curve == 0) | |
484 | { | |
485 | ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
486 | return 0; | |
487 | } | |
488 | return group->meth->group_get_curve(group, p, a, b, ctx); | |
489 | } | |
b3310161 | 490 | #endif |
7793f30e BM |
491 | |
492 | int EC_GROUP_get_degree(const EC_GROUP *group) | |
493 | { | |
494 | if (group->meth->group_get_degree == 0) | |
495 | { | |
496 | ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
497 | return 0; | |
498 | } | |
499 | return group->meth->group_get_degree(group); | |
48fe4d62 BM |
500 | } |
501 | ||
502 | ||
17d6bb81 | 503 | int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) |
af28dd6c | 504 | { |
17d6bb81 | 505 | if (group->meth->group_check_discriminant == 0) |
af28dd6c | 506 | { |
17d6bb81 | 507 | ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
af28dd6c BM |
508 | return 0; |
509 | } | |
17d6bb81 | 510 | return group->meth->group_check_discriminant(group, ctx); |
af28dd6c BM |
511 | } |
512 | ||
513 | ||
ada0e717 BM |
514 | int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) |
515 | { | |
516 | int r = 0; | |
517 | BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; | |
518 | BN_CTX *ctx_new = NULL; | |
519 | ||
520 | /* compare the field types*/ | |
521 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != | |
522 | EC_METHOD_get_field_type(EC_GROUP_method_of(b))) | |
523 | return 1; | |
ca567a03 | 524 | /* compare the curve name (if present in both) */ |
7dc17a6c | 525 | if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && |
ca567a03 BM |
526 | EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) |
527 | return 1; | |
ada0e717 BM |
528 | |
529 | if (!ctx) | |
530 | ctx_new = ctx = BN_CTX_new(); | |
531 | if (!ctx) | |
532 | return -1; | |
533 | ||
534 | BN_CTX_start(ctx); | |
535 | a1 = BN_CTX_get(ctx); | |
536 | a2 = BN_CTX_get(ctx); | |
537 | a3 = BN_CTX_get(ctx); | |
538 | b1 = BN_CTX_get(ctx); | |
539 | b2 = BN_CTX_get(ctx); | |
540 | b3 = BN_CTX_get(ctx); | |
541 | if (!b3) | |
542 | { | |
543 | BN_CTX_end(ctx); | |
544 | if (ctx_new) | |
545 | BN_CTX_free(ctx); | |
546 | return -1; | |
547 | } | |
548 | ||
549 | /* XXX This approach assumes that the external representation | |
550 | * of curves over the same field type is the same. | |
551 | */ | |
552 | if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || | |
553 | !b->meth->group_get_curve(b, b1, b2, b3, ctx)) | |
554 | r = 1; | |
555 | ||
80c808b9 | 556 | if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) |
ada0e717 BM |
557 | r = 1; |
558 | ||
559 | /* XXX EC_POINT_cmp() assumes that the methods are equal */ | |
560 | if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), | |
561 | EC_GROUP_get0_generator(b), ctx)) | |
562 | r = 1; | |
563 | ||
564 | if (!r) | |
565 | { | |
566 | /* compare the order and cofactor */ | |
567 | if (!EC_GROUP_get_order(a, a1, ctx) || | |
568 | !EC_GROUP_get_order(b, b1, ctx) || | |
569 | !EC_GROUP_get_cofactor(a, a2, ctx) || | |
570 | !EC_GROUP_get_cofactor(b, b2, ctx)) | |
571 | { | |
572 | BN_CTX_end(ctx); | |
573 | if (ctx_new) | |
574 | BN_CTX_free(ctx); | |
575 | return -1; | |
576 | } | |
577 | if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) | |
578 | r = 1; | |
579 | } | |
580 | ||
581 | BN_CTX_end(ctx); | |
582 | if (ctx_new) | |
583 | BN_CTX_free(ctx); | |
584 | ||
585 | return r; | |
586 | } | |
587 | ||
588 | ||
df9cc153 | 589 | /* this has 'package' visibility */ |
9dd84053 | 590 | int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, |
ba729265 | 591 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
df9cc153 | 592 | { |
ba729265 BM |
593 | EC_EXTRA_DATA *d; |
594 | ||
9dd84053 | 595 | if (ex_data == NULL) |
df9cc153 | 596 | return 0; |
ba729265 | 597 | |
9dd84053 | 598 | for (d = *ex_data; d != NULL; d = d->next) |
ba729265 BM |
599 | { |
600 | if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) | |
601 | { | |
137023dd | 602 | ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); |
ba729265 BM |
603 | return 0; |
604 | } | |
df9cc153 BM |
605 | } |
606 | ||
ba729265 BM |
607 | if (data == NULL) |
608 | /* no explicit entry needed */ | |
609 | return 1; | |
610 | ||
611 | d = OPENSSL_malloc(sizeof *d); | |
612 | if (d == NULL) | |
613 | return 0; | |
614 | ||
615 | d->data = data; | |
616 | d->dup_func = dup_func; | |
617 | d->free_func = free_func; | |
618 | d->clear_free_func = clear_free_func; | |
619 | ||
9dd84053 NL |
620 | d->next = *ex_data; |
621 | *ex_data = d; | |
ba729265 | 622 | |
df9cc153 BM |
623 | return 1; |
624 | } | |
625 | ||
df9cc153 | 626 | /* this has 'package' visibility */ |
9dd84053 | 627 | void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, |
ba729265 | 628 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
df9cc153 | 629 | { |
9dd84053 | 630 | const EC_EXTRA_DATA *d; |
ba729265 | 631 | |
9dd84053 | 632 | for (d = ex_data; d != NULL; d = d->next) |
ba729265 BM |
633 | { |
634 | if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) | |
635 | return d->data; | |
df9cc153 | 636 | } |
ba729265 BM |
637 | |
638 | return NULL; | |
639 | } | |
df9cc153 | 640 | |
ba729265 | 641 | /* this has 'package' visibility */ |
9dd84053 | 642 | void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, |
ba729265 BM |
643 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
644 | { | |
645 | EC_EXTRA_DATA **p; | |
646 | ||
9dd84053 | 647 | if (ex_data == NULL) |
ba729265 BM |
648 | return; |
649 | ||
9dd84053 | 650 | for (p = ex_data; *p != NULL; p = &((*p)->next)) |
ba729265 BM |
651 | { |
652 | if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) | |
653 | { | |
654 | EC_EXTRA_DATA *next = (*p)->next; | |
655 | ||
656 | (*p)->free_func((*p)->data); | |
657 | OPENSSL_free(*p); | |
658 | ||
659 | *p = next; | |
660 | return; | |
661 | } | |
662 | } | |
df9cc153 BM |
663 | } |
664 | ||
ba729265 | 665 | /* this has 'package' visibility */ |
bbbd6710 | 666 | void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, |
ba729265 BM |
667 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
668 | { | |
669 | EC_EXTRA_DATA **p; | |
670 | ||
9dd84053 | 671 | if (ex_data == NULL) |
ba729265 BM |
672 | return; |
673 | ||
9dd84053 | 674 | for (p = ex_data; *p != NULL; p = &((*p)->next)) |
ba729265 BM |
675 | { |
676 | if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) | |
677 | { | |
678 | EC_EXTRA_DATA *next = (*p)->next; | |
679 | ||
680 | (*p)->clear_free_func((*p)->data); | |
681 | OPENSSL_free(*p); | |
682 | ||
683 | *p = next; | |
684 | return; | |
685 | } | |
686 | } | |
687 | } | |
df9cc153 BM |
688 | |
689 | /* this has 'package' visibility */ | |
9dd84053 | 690 | void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) |
df9cc153 | 691 | { |
ba729265 BM |
692 | EC_EXTRA_DATA *d; |
693 | ||
9dd84053 | 694 | if (ex_data == NULL) |
ba729265 BM |
695 | return; |
696 | ||
9dd84053 | 697 | d = *ex_data; |
ba729265 BM |
698 | while (d) |
699 | { | |
700 | EC_EXTRA_DATA *next = d->next; | |
701 | ||
702 | d->free_func(d->data); | |
703 | OPENSSL_free(d); | |
704 | ||
705 | d = next; | |
706 | } | |
9dd84053 | 707 | *ex_data = NULL; |
df9cc153 BM |
708 | } |
709 | ||
df9cc153 | 710 | /* this has 'package' visibility */ |
9dd84053 | 711 | void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) |
df9cc153 | 712 | { |
ba729265 BM |
713 | EC_EXTRA_DATA *d; |
714 | ||
9dd84053 | 715 | if (ex_data == NULL) |
ba729265 BM |
716 | return; |
717 | ||
9dd84053 | 718 | d = *ex_data; |
ba729265 BM |
719 | while (d) |
720 | { | |
721 | EC_EXTRA_DATA *next = d->next; | |
722 | ||
723 | d->clear_free_func(d->data); | |
724 | OPENSSL_free(d); | |
725 | ||
726 | d = next; | |
727 | } | |
9dd84053 | 728 | *ex_data = NULL; |
df9cc153 BM |
729 | } |
730 | ||
0657bf9c BM |
731 | |
732 | /* functions for EC_POINT objects */ | |
733 | ||
734 | EC_POINT *EC_POINT_new(const EC_GROUP *group) | |
735 | { | |
736 | EC_POINT *ret; | |
737 | ||
738 | if (group == NULL) | |
739 | { | |
740 | ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); | |
741 | return NULL; | |
742 | } | |
743 | if (group->meth->point_init == 0) | |
744 | { | |
745 | ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
746 | return NULL; | |
747 | } | |
748 | ||
749 | ret = OPENSSL_malloc(sizeof *ret); | |
750 | if (ret == NULL) | |
751 | { | |
752 | ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); | |
753 | return NULL; | |
754 | } | |
755 | ||
756 | ret->meth = group->meth; | |
757 | ||
758 | if (!ret->meth->point_init(ret)) | |
759 | { | |
760 | OPENSSL_free(ret); | |
761 | return NULL; | |
762 | } | |
763 | ||
764 | return ret; | |
765 | } | |
766 | ||
767 | ||
768 | void EC_POINT_free(EC_POINT *point) | |
769 | { | |
7711de24 BM |
770 | if (!point) return; |
771 | ||
0657bf9c BM |
772 | if (point->meth->point_finish != 0) |
773 | point->meth->point_finish(point); | |
774 | OPENSSL_free(point); | |
775 | } | |
776 | ||
777 | ||
778 | void EC_POINT_clear_free(EC_POINT *point) | |
779 | { | |
7711de24 BM |
780 | if (!point) return; |
781 | ||
0657bf9c BM |
782 | if (point->meth->point_clear_finish != 0) |
783 | point->meth->point_clear_finish(point); | |
67b6f1ca | 784 | else if (point->meth->point_finish != 0) |
0657bf9c | 785 | point->meth->point_finish(point); |
4579924b | 786 | OPENSSL_cleanse(point, sizeof *point); |
0657bf9c BM |
787 | OPENSSL_free(point); |
788 | } | |
789 | ||
790 | ||
791 | int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) | |
792 | { | |
793 | if (dest->meth->point_copy == 0) | |
794 | { | |
795 | ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
796 | return 0; | |
797 | } | |
798 | if (dest->meth != src->meth) | |
799 | { | |
800 | ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); | |
801 | return 0; | |
802 | } | |
91f29a38 BM |
803 | if (dest == src) |
804 | return 1; | |
0657bf9c BM |
805 | return dest->meth->point_copy(dest, src); |
806 | } | |
807 | ||
808 | ||
7793f30e BM |
809 | EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) |
810 | { | |
811 | EC_POINT *t; | |
812 | int r; | |
813 | ||
814 | if (a == NULL) return NULL; | |
815 | ||
816 | t = EC_POINT_new(group); | |
817 | if (t == NULL) return(NULL); | |
818 | r = EC_POINT_copy(t, a); | |
819 | if (!r) | |
820 | { | |
821 | EC_POINT_free(t); | |
822 | return NULL; | |
823 | } | |
824 | else return t; | |
825 | } | |
826 | ||
827 | ||
48fe4d62 BM |
828 | const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) |
829 | { | |
830 | return point->meth; | |
831 | } | |
832 | ||
833 | ||
226cc7de BM |
834 | int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) |
835 | { | |
836 | if (group->meth->point_set_to_infinity == 0) | |
837 | { | |
838 | ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
839 | return 0; | |
840 | } | |
841 | if (group->meth != point->meth) | |
842 | { | |
843 | ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); | |
844 | return 0; | |
845 | } | |
846 | return group->meth->point_set_to_infinity(group, point); | |
847 | } | |
848 | ||
849 | ||
1d5bd6cf BM |
850 | int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, |
851 | const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) | |
852 | { | |
35b73a1f | 853 | if (group->meth->point_set_Jprojective_coordinates_GFp == 0) |
1d5bd6cf BM |
854 | { |
855 | ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
856 | return 0; | |
857 | } | |
858 | if (group->meth != point->meth) | |
859 | { | |
860 | ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | |
861 | return 0; | |
862 | } | |
35b73a1f | 863 | return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); |
1d5bd6cf BM |
864 | } |
865 | ||
866 | ||
867 | int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, | |
868 | BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) | |
869 | { | |
35b73a1f | 870 | if (group->meth->point_get_Jprojective_coordinates_GFp == 0) |
1d5bd6cf BM |
871 | { |
872 | ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
873 | return 0; | |
874 | } | |
875 | if (group->meth != point->meth) | |
876 | { | |
877 | ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | |
878 | return 0; | |
879 | } | |
35b73a1f | 880 | return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); |
1d5bd6cf BM |
881 | } |
882 | ||
883 | ||
226cc7de BM |
884 | int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, |
885 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) | |
886 | { | |
7793f30e | 887 | if (group->meth->point_set_affine_coordinates == 0) |
226cc7de BM |
888 | { |
889 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
890 | return 0; | |
891 | } | |
892 | if (group->meth != point->meth) | |
893 | { | |
894 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); | |
895 | return 0; | |
896 | } | |
7793f30e | 897 | return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); |
226cc7de BM |
898 | } |
899 | ||
b3310161 | 900 | #ifndef OPENSSL_NO_EC2M |
35b73a1f BM |
901 | int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, |
902 | const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) | |
7793f30e | 903 | { |
35b73a1f | 904 | if (group->meth->point_set_affine_coordinates == 0) |
7793f30e | 905 | { |
35b73a1f | 906 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
7793f30e BM |
907 | return 0; |
908 | } | |
909 | if (group->meth != point->meth) | |
910 | { | |
35b73a1f | 911 | ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); |
7793f30e BM |
912 | return 0; |
913 | } | |
35b73a1f | 914 | return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); |
7793f30e | 915 | } |
b3310161 | 916 | #endif |
7793f30e | 917 | |
35b73a1f BM |
918 | int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, |
919 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) | |
7793f30e | 920 | { |
35b73a1f | 921 | if (group->meth->point_get_affine_coordinates == 0) |
7793f30e | 922 | { |
35b73a1f | 923 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
7793f30e BM |
924 | return 0; |
925 | } | |
926 | if (group->meth != point->meth) | |
927 | { | |
35b73a1f | 928 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); |
7793f30e BM |
929 | return 0; |
930 | } | |
35b73a1f | 931 | return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); |
7793f30e BM |
932 | } |
933 | ||
b3310161 | 934 | #ifndef OPENSSL_NO_EC2M |
35b73a1f BM |
935 | int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, |
936 | BIGNUM *x, BIGNUM *y, BN_CTX *ctx) | |
7793f30e | 937 | { |
35b73a1f | 938 | if (group->meth->point_get_affine_coordinates == 0) |
7793f30e | 939 | { |
35b73a1f | 940 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
7793f30e BM |
941 | return 0; |
942 | } | |
943 | if (group->meth != point->meth) | |
944 | { | |
35b73a1f | 945 | ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); |
7793f30e BM |
946 | return 0; |
947 | } | |
35b73a1f | 948 | return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); |
7793f30e | 949 | } |
b3310161 | 950 | #endif |
7793f30e | 951 | |
0657bf9c BM |
952 | int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) |
953 | { | |
954 | if (group->meth->add == 0) | |
955 | { | |
956 | ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
957 | return 0; | |
958 | } | |
959 | if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) | |
960 | { | |
961 | ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); | |
962 | return 0; | |
963 | } | |
964 | return group->meth->add(group, r, a, b, ctx); | |
965 | } | |
966 | ||
967 | ||
968 | int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |
969 | { | |
970 | if (group->meth->dbl == 0) | |
971 | { | |
972 | ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
973 | return 0; | |
974 | } | |
975 | if ((group->meth != r->meth) || (r->meth != a->meth)) | |
976 | { | |
977 | ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); | |
978 | return 0; | |
979 | } | |
980 | return group->meth->dbl(group, r, a, ctx); | |
981 | } | |
982 | ||
983 | ||
1d5bd6cf BM |
984 | int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) |
985 | { | |
cba11f57 | 986 | if (group->meth->invert == 0) |
1d5bd6cf | 987 | { |
aa4ce731 | 988 | ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
1d5bd6cf BM |
989 | return 0; |
990 | } | |
991 | if (group->meth != a->meth) | |
992 | { | |
aa4ce731 | 993 | ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); |
1d5bd6cf BM |
994 | return 0; |
995 | } | |
996 | return group->meth->invert(group, a, ctx); | |
997 | } | |
998 | ||
999 | ||
0657bf9c BM |
1000 | int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) |
1001 | { | |
1002 | if (group->meth->is_at_infinity == 0) | |
1003 | { | |
1004 | ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
1005 | return 0; | |
1006 | } | |
1007 | if (group->meth != point->meth) | |
1008 | { | |
1009 | ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); | |
1010 | return 0; | |
1011 | } | |
1012 | return group->meth->is_at_infinity(group, point); | |
1013 | } | |
1014 | ||
1015 | ||
1016 | int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |
1017 | { | |
1018 | if (group->meth->is_on_curve == 0) | |
1019 | { | |
1020 | ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
1021 | return 0; | |
1022 | } | |
1023 | if (group->meth != point->meth) | |
1024 | { | |
1025 | ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); | |
1026 | return 0; | |
1027 | } | |
1028 | return group->meth->is_on_curve(group, point, ctx); | |
1029 | } | |
1030 | ||
1031 | ||
1d5bd6cf BM |
1032 | int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) |
1033 | { | |
1034 | if (group->meth->point_cmp == 0) | |
1035 | { | |
1036 | ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
ca567a03 | 1037 | return -1; |
1d5bd6cf BM |
1038 | } |
1039 | if ((group->meth != a->meth) || (a->meth != b->meth)) | |
1040 | { | |
1041 | ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); | |
ca567a03 | 1042 | return -1; |
1d5bd6cf BM |
1043 | } |
1044 | return group->meth->point_cmp(group, a, b, ctx); | |
1045 | } | |
1046 | ||
1047 | ||
e869d4bd | 1048 | int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) |
0657bf9c BM |
1049 | { |
1050 | if (group->meth->make_affine == 0) | |
1051 | { | |
1052 | ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
1053 | return 0; | |
1054 | } | |
1055 | if (group->meth != point->meth) | |
1056 | { | |
1057 | ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); | |
1058 | return 0; | |
1059 | } | |
1060 | return group->meth->make_affine(group, point, ctx); | |
1061 | } | |
48fe4d62 BM |
1062 | |
1063 | ||
1064 | int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) | |
1065 | { | |
1066 | size_t i; | |
1067 | ||
1068 | if (group->meth->points_make_affine == 0) | |
1069 | { | |
1070 | ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
1071 | return 0; | |
1072 | } | |
1073 | for (i = 0; i < num; i++) | |
1074 | { | |
1075 | if (group->meth != points[i]->meth) | |
1076 | { | |
1077 | ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); | |
1078 | return 0; | |
1079 | } | |
1080 | } | |
1081 | return group->meth->points_make_affine(group, num, points, ctx); | |
1082 | } | |
37c660ff BM |
1083 | |
1084 | ||
1085 | /* Functions for point multiplication. | |
1086 | * | |
1087 | * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; | |
1088 | * otherwise we dispatch through methods. | |
1089 | */ | |
1090 | ||
1091 | int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |
1092 | size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) | |
1093 | { | |
1094 | if (group->meth->mul == 0) | |
1095 | /* use default */ | |
1096 | return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); | |
1097 | ||
1098 | return group->meth->mul(group, r, scalar, num, points, scalars, ctx); | |
1099 | } | |
1100 | ||
1101 | int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, | |
1102 | const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) | |
1103 | { | |
1104 | /* just a convenient interface to EC_POINTs_mul() */ | |
1105 | ||
1106 | const EC_POINT *points[1]; | |
1107 | const BIGNUM *scalars[1]; | |
1108 | ||
1109 | points[0] = point; | |
1110 | scalars[0] = p_scalar; | |
1111 | ||
1112 | return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); | |
1113 | } | |
1114 | ||
1115 | int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) | |
1116 | { | |
1117 | if (group->meth->mul == 0) | |
1118 | /* use default */ | |
1119 | return ec_wNAF_precompute_mult(group, ctx); | |
1120 | ||
1121 | if (group->meth->precompute_mult != 0) | |
1122 | return group->meth->precompute_mult(group, ctx); | |
1123 | else | |
1124 | return 1; /* nothing to do, so report success */ | |
1125 | } | |
1126 | ||
1127 | int EC_GROUP_have_precompute_mult(const EC_GROUP *group) | |
1128 | { | |
1129 | if (group->meth->mul == 0) | |
1130 | /* use default */ | |
1131 | return ec_wNAF_have_precompute_mult(group); | |
1132 | ||
1133 | if (group->meth->have_precompute_mult != 0) | |
1134 | return group->meth->have_precompute_mult(group); | |
1135 | else | |
1136 | return 0; /* cannot tell whether precomputation has been performed */ | |
1137 | } | |
f54be179 AP |
1138 | |
1139 | /* ec_precompute_mont_data sets |group->mont_data| from |group->order| and | |
1140 | * returns one on success. On error it returns zero. */ | |
1141 | int ec_precompute_mont_data(EC_GROUP *group) | |
1142 | { | |
1143 | BN_CTX *ctx = BN_CTX_new(); | |
1144 | int ret = 0; | |
1145 | ||
1146 | if (group->mont_data) | |
1147 | { | |
1148 | BN_MONT_CTX_free(group->mont_data); | |
1149 | group->mont_data = NULL; | |
1150 | } | |
1151 | ||
1152 | if (ctx == NULL) | |
1153 | goto err; | |
1154 | ||
1155 | group->mont_data = BN_MONT_CTX_new(); | |
1156 | if (!group->mont_data) | |
1157 | goto err; | |
1158 | ||
5784a521 | 1159 | if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) |
f54be179 AP |
1160 | { |
1161 | BN_MONT_CTX_free(group->mont_data); | |
1162 | group->mont_data = NULL; | |
1163 | goto err; | |
1164 | } | |
1165 | ||
1166 | ret = 1; | |
1167 | ||
1168 | err: | |
1169 | ||
1170 | if (ctx) | |
1171 | BN_CTX_free(ctx); | |
1172 | return ret; | |
1173 | } |