[thirdparty/openssl.git] / crypto / ec / curve448 / point_448.h

/*
 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2015-2016 Cryptography Research, Inc.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 *
 * Originally written by Mike Hamburg
 */

#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H
# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H

# include "curve448utils.h"
# include "field.h"

/* Comb config: number of combs, n, t, s. */
#define COMBS_N 5
#define COMBS_T 5
#define COMBS_S 18

/* Projective Niels coordinates */
typedef struct {
    gf a, b, c;
} niels_s, niels_t[1];
typedef struct {
    niels_t n;
    gf z;
} pniels_t[1];

/* Precomputed base */
struct curve448_precomputed_s {
    niels_t table[COMBS_N << (COMBS_T - 1)];
};

# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)

/* The number of bits in a scalar */
# define C448_SCALAR_BITS 446

/* Number of bytes in a serialized scalar. */
# define C448_SCALAR_BYTES 56

/* X448 encoding ratio. */
# define X448_ENCODE_RATIO 2

/* Number of bytes in an x448 public key */
# define X448_PUBLIC_BYTES 56

/* Number of bytes in an x448 private key */
# define X448_PRIVATE_BYTES 56

/* Twisted Edwards extended homogeneous coordinates */
typedef struct curve448_point_s {
    gf x, y, z, t;
} curve448_point_t[1];

/* Precomputed table based on a point.  Can be trivial implementation. */
struct curve448_precomputed_s;

/* Precomputed table based on a point.  Can be trivial implementation. */
typedef struct curve448_precomputed_s curve448_precomputed_s;

/* Scalar is stored packed, because we don't need the speed. */
typedef struct curve448_scalar_s {
    c448_word_t limb[C448_SCALAR_LIMBS];
} curve448_scalar_t[1];

/* A scalar equal to 1. */
extern const curve448_scalar_t ossl_curve448_scalar_one;

/* A scalar equal to 0. */
extern const curve448_scalar_t ossl_curve448_scalar_zero;

/* The identity point on the curve. */
extern const curve448_point_t ossl_curve448_point_identity;

/* Precomputed table for the base point on the curve. */
extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base;
extern const niels_t *ossl_curve448_wnaf_base;

/*
 * Read a scalar from wire format or from bytes.
 *
 * ser (in): Serialized form of a scalar.
 * out (out): Deserialized form.
 *
 * Returns:
 * C448_SUCCESS: The scalar was correctly encoded.
 * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
 * modulo that modulus.
 */
c448_error_t
ossl_curve448_scalar_decode(curve448_scalar_t out,
                            const unsigned char ser[C448_SCALAR_BYTES]);

/*
 * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
 *
 * ser (in): Serialized form of a scalar.
 * ser_len (in): Length of serialized form.
 * out (out): Deserialized form.
 */
void
ossl_curve448_scalar_decode_long(curve448_scalar_t out,
                                 const unsigned char *ser, size_t ser_len);

/*
 * Serialize a scalar to wire format.
 *
 * ser (out): Serialized form of a scalar.
 * s (in): Deserialized scalar.
 */
void
ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
                            const curve448_scalar_t s);

/*
 * Add two scalars. |a|, |b| and |out| may alias each other.
 *
 * a (in): One scalar.
 * b (in): Another scalar.
 * out (out): a+b.
 */
void
ossl_curve448_scalar_add(curve448_scalar_t out,
                         const curve448_scalar_t a, const curve448_scalar_t b);

/*
 * Subtract two scalars.  |a|, |b| and |out| may alias each other.
 * a (in): One scalar.
 * b (in): Another scalar.
 * out (out): a-b.
 */
void
ossl_curve448_scalar_sub(curve448_scalar_t out,
                         const curve448_scalar_t a, const curve448_scalar_t b);

/*
 * Multiply two scalars. |a|, |b| and |out| may alias each other.
 *
 * a (in): One scalar.
 * b (in): Another scalar.
 * out (out): a*b.
 */
void
ossl_curve448_scalar_mul(curve448_scalar_t out,
                         const curve448_scalar_t a, const curve448_scalar_t b);

/*
* Halve a scalar.  |a| and |out| may alias each other.
*
* a (in): A scalar.
* out (out): a/2.
*/
void
ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);

/*
 * Copy a scalar.  The scalars may alias each other, in which case this
 * function does nothing.
 *
 * a (in): A scalar.
 * out (out): Will become a copy of a.
 */
static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
                                             const curve448_scalar_t a)
{
    *out = *a;
}

/*
 * Copy a point.  The input and output may alias, in which case this function
 * does nothing.
 *
 * a (out): A copy of the point.
 * b (in): Any point.
 */
static ossl_inline void curve448_point_copy(curve448_point_t a,
                                            const curve448_point_t b)
{
    *a = *b;
}

/*
 * Test whether two points are equal.  If yes, return C448_TRUE, else return
 * C448_FALSE.
 *
 * a (in): A point.
 * b (in): Another point.
 *
 * Returns:
 * C448_TRUE: The points are equal.
 * C448_FALSE: The points are not equal.
 */
__owur c448_bool_t
ossl_curve448_point_eq(const curve448_point_t a,
                       const curve448_point_t b);

/*
 * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
 * faster.
 *
 * two_a (out): The sum a+a.
 * a (in): A point.
 */
void
ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a);

/*
 * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
 * (non-Decaf) encoding.
 *
 * out (out): The scaled point base*scalar
 * base (in): The point to be scaled.
 * scalar (in): The scalar to multiply by.
 *
 * Returns:
 * C448_SUCCESS: The scalarmul succeeded.
 * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
 * small subgroup.
 */
__owur c448_error_t
ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES],
              const uint8_t base[X448_PUBLIC_BYTES],
              const uint8_t scalar[X448_PRIVATE_BYTES]);

/*
 * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
 *
 * This function is mainly used internally, but is exported in case
 * it will be useful.
 *
 * The ratio is necessary because the internal representation doesn't
 * track the cofactor information, so on output we must clear the cofactor.
 * This would multiply by the cofactor, but in fact internally points are always
 * even, so it multiplies by half the cofactor instead.
 *
 * As it happens, this aligns with the base point definitions; that is,
 * if you pass the Decaf/Ristretto base point to this function, the result
 * will be X448_ENCODE_RATIO times the X448
 * base point.
 *
 * out (out): The scaled and encoded point.
 * p (in): The point to be scaled and encoded.
 */
void
ossl_curve448_point_mul_by_ratio_and_encode_like_x448(
                                        uint8_t out[X448_PUBLIC_BYTES],
                                        const curve448_point_t p);

/*
 * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
 * (non-Decaf) encoding.
 *
 * out (out): The scaled point base*scalar
 * scalar (in): The scalar to multiply by.
 */
void
ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
                            const uint8_t scalar[X448_PRIVATE_BYTES]);

/*
 * Multiply a precomputed base point by a scalar: out = scalar*base.
 *
 * scaled (out): The scaled point base*scalar
 * base (in): The point to be scaled.
 * scalar (in): The scalar to multiply by.
 */
void
ossl_curve448_precomputed_scalarmul(curve448_point_t scaled,
                                    const curve448_precomputed_s * base,
                                    const curve448_scalar_t scalar);

/*
 * Multiply two base points by two scalars:
 * combo = scalar1*curve448_point_base + scalar2*base2.
 *
 * Otherwise equivalent to curve448_point_double_scalarmul, but may be
 * faster at the expense of being variable time.
 *
 * combo (out): The linear combination scalar1*base + scalar2*base2.
 * scalar1 (in): A first scalar to multiply by.
 * base2 (in): A second point to be scaled.
 * scalar2 (in) A second scalar to multiply by.
 *
 * Warning: This function takes variable time, and may leak the scalars used.
 * It is designed for signature verification.
 */
void
ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
                                               const curve448_scalar_t scalar1,
                                               const curve448_point_t base2,
                                               const curve448_scalar_t scalar2);

/*
 * Test that a point is valid, for debugging purposes.
 *
 * to_test (in): The point to test.
 *
 * Returns:
 * C448_TRUE The point is valid.
 * C448_FALSE The point is invalid.
 */
__owur c448_bool_t
ossl_curve448_point_valid(const curve448_point_t to_test);

/* Overwrite scalar with zeros. */
void ossl_curve448_scalar_destroy(curve448_scalar_t scalar);

/* Overwrite point with zeros. */
void ossl_curve448_point_destroy(curve448_point_t point);

#endif                          /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */
Commit	Line	Data
1308e022	1	/*
3c2bdd7d	2	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
1308e022	3	* Copyright 2015-2016 Cryptography Research, Inc.
7324473f	4	*
a7f182b7	5	* Licensed under the Apache License 2.0 (the "License"). You may not use
1308e022 MC	6	* this file except in compliance with the License. You can obtain a copy
	7	* in the file LICENSE in the source distribution or at
	8	* https://www.openssl.org/source/license.html
7324473f	9	*
1308e022	10	* Originally written by Mike Hamburg
7324473f MC	11	*/
7324473f MC	12
ae4186b0 DMSP	13	#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H
ae4186b0 DMSP	14	# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H
7324473f	15
205fd638 MC	16	# include "curve448utils.h"
205fd638 MC	17	# include "field.h"
7324473f	18
9fd3c858 MC	19	/* Comb config: number of combs, n, t, s. */
	20	#define COMBS_N 5
	21	#define COMBS_T 5
	22	#define COMBS_S 18
	23
	24	/* Projective Niels coordinates */
	25	typedef struct {
	26	gf a, b, c;
	27	} niels_s, niels_t[1];
	28	typedef struct {
	29	niels_t n;
	30	gf z;
2abe3cad	31	} pniels_t[1];
9fd3c858 MC	32
	33	/* Precomputed base */
	34	struct curve448_precomputed_s {
	35	niels_t table[COMBS_N << (COMBS_T - 1)];
	36	};
7324473f	37
db90b274	38	# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)
7324473f	39
8d55f844	40	/* The number of bits in a scalar */
db90b274	41	# define C448_SCALAR_BITS 446
7324473f	42
8d55f844	43	/* Number of bytes in a serialized scalar. */
db90b274	44	# define C448_SCALAR_BYTES 56
7324473f	45
8d55f844	46	/* X448 encoding ratio. */
db90b274	47	# define X448_ENCODE_RATIO 2
7324473f	48
8d55f844	49	/* Number of bytes in an x448 public key */
db90b274	50	# define X448_PUBLIC_BYTES 56
7324473f	51
8d55f844	52	/* Number of bytes in an x448 private key */
db90b274	53	# define X448_PRIVATE_BYTES 56
7324473f	54
8d55f844	55	/* Twisted Edwards extended homogeneous coordinates */
e7772577	56	typedef struct curve448_point_s {
35b7c85a	57	gf x, y, z, t;
e7772577	58	} curve448_point_t[1];
7324473f	59
8d55f844	60	/* Precomputed table based on a point. Can be trivial implementation. */
e7772577	61	struct curve448_precomputed_s;
7324473f	62
8d55f844	63	/* Precomputed table based on a point. Can be trivial implementation. */
205fd638	64	typedef struct curve448_precomputed_s curve448_precomputed_s;
7324473f	65
8d55f844	66	/* Scalar is stored packed, because we don't need the speed. */
e7772577	67	typedef struct curve448_scalar_s {
db90b274	68	c448_word_t limb[C448_SCALAR_LIMBS];
e7772577	69	} curve448_scalar_t[1];
7324473f	70
8d55f844	71	/* A scalar equal to 1. */
054d43ff	72	extern const curve448_scalar_t ossl_curve448_scalar_one;
7324473f	73
8d55f844	74	/* A scalar equal to 0. */
054d43ff	75	extern const curve448_scalar_t ossl_curve448_scalar_zero;
7324473f	76
8d55f844	77	/* The identity point on the curve. */
054d43ff	78	extern const curve448_point_t ossl_curve448_point_identity;
7324473f	79
8d55f844	80	/* Precomputed table for the base point on the curve. */
054d43ff SL	81	extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base;
054d43ff SL	82	extern const niels_t *ossl_curve448_wnaf_base;
7324473f	83
8d55f844 MC	84	/*
8d55f844 MC	85	* Read a scalar from wire format or from bytes.
7324473f	86	*
8d55f844 MC	87	* ser (in): Serialized form of a scalar.
8d55f844 MC	88	* out (out): Deserialized form.
7324473f	89	*
8d55f844	90	* Returns:
aeeef83c MC	91	* C448_SUCCESS: The scalar was correctly encoded.
aeeef83c MC	92	* C448_FAILURE: The scalar was greater than the modulus, and has been reduced
8d55f844	93	* modulo that modulus.
7324473f	94	*/
054d43ff SL	95	c448_error_t
	96	ossl_curve448_scalar_decode(curve448_scalar_t out,
	97	const unsigned char ser[C448_SCALAR_BYTES]);
8d55f844 MC	98
	99	/*
	100	* Read a scalar from wire format or from bytes. Reduces mod scalar prime.
7324473f	101	*
8d55f844 MC	102	* ser (in): Serialized form of a scalar.
	103	* ser_len (in): Length of serialized form.
	104	* out (out): Deserialized form.
7324473f	105	*/
054d43ff SL	106	void
054d43ff SL	107	ossl_curve448_scalar_decode_long(curve448_scalar_t out,
205fd638 MC	108	const unsigned char *ser, size_t ser_len);
205fd638 MC	109
8d55f844 MC	110	/*
8d55f844 MC	111	* Serialize a scalar to wire format.
7324473f	112	*
8d55f844 MC	113	* ser (out): Serialized form of a scalar.
8d55f844 MC	114	* s (in): Deserialized scalar.
7324473f	115	*/
054d43ff SL	116	void
054d43ff SL	117	ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
205fd638 MC	118	const curve448_scalar_t s);
205fd638 MC	119
8d55f844	120	/*
53ef3252	121	* Add two scalars. \|a\|, \|b\| and \|out\| may alias each other.
df443918	122	*
8d55f844 MC	123	* a (in): One scalar.
	124	* b (in): Another scalar.
	125	* out (out): a+b.
7324473f	126	*/
054d43ff SL	127	void
054d43ff SL	128	ossl_curve448_scalar_add(curve448_scalar_t out,
205fd638	129	const curve448_scalar_t a, const curve448_scalar_t b);
7324473f	130
8d55f844	131	/*
53ef3252	132	* Subtract two scalars. \|a\|, \|b\| and \|out\| may alias each other.
8d55f844 MC	133	* a (in): One scalar.
	134	* b (in): Another scalar.
	135	* out (out): a-b.
205fd638	136	*/
054d43ff SL	137	void
054d43ff SL	138	ossl_curve448_scalar_sub(curve448_scalar_t out,
205fd638	139	const curve448_scalar_t a, const curve448_scalar_t b);
7324473f	140
8d55f844	141	/*
53ef3252	142	* Multiply two scalars. \|a\|, \|b\| and \|out\| may alias each other.
df443918	143	*
8d55f844 MC	144	* a (in): One scalar.
	145	* b (in): Another scalar.
	146	* out (out): a*b.
205fd638	147	*/
054d43ff SL	148	void
054d43ff SL	149	ossl_curve448_scalar_mul(curve448_scalar_t out,
205fd638 MC	150	const curve448_scalar_t a, const curve448_scalar_t b);
205fd638 MC	151
8d55f844	152	/*
53ef3252	153	* Halve a scalar. \|a\| and \|out\| may alias each other.
df443918	154	*
8d55f844 MC	155	* a (in): A scalar.
8d55f844 MC	156	* out (out): a/2.
7324473f	157	*/
054d43ff SL	158	void
054d43ff SL	159	ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
7324473f	160
8d55f844	161	/*
a4e6dd81	162	* Copy a scalar. The scalars may alias each other, in which case this
8d55f844	163	* function does nothing.
df443918	164	*
8d55f844 MC	165	* a (in): A scalar.
8d55f844 MC	166	* out (out): Will become a copy of a.
7324473f	167	*/
205fd638 MC	168	static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
	169	const curve448_scalar_t a)
	170	{
7324473f MC	171	out = a;
	172	}
	173
8d55f844 MC	174	/*
	175	* Copy a point. The input and output may alias, in which case this function
	176	* does nothing.
7324473f	177	*
8d55f844 MC	178	* a (out): A copy of the point.
8d55f844 MC	179	* b (in): Any point.
7324473f	180	*/
205fd638 MC	181	static ossl_inline void curve448_point_copy(curve448_point_t a,
	182	const curve448_point_t b)
	183	{
	184	a = b;
7324473f MC	185	}
7324473f MC	186
8d55f844	187	/*
aeeef83c MC	188	* Test whether two points are equal. If yes, return C448_TRUE, else return
aeeef83c MC	189	* C448_FALSE.
7324473f	190	*
8d55f844 MC	191	* a (in): A point.
8d55f844 MC	192	* b (in): Another point.
df443918	193	*
8d55f844	194	* Returns:
aeeef83c MC	195	* C448_TRUE: The points are equal.
aeeef83c MC	196	* C448_FALSE: The points are not equal.
7324473f	197	*/
054d43ff SL	198	__owur c448_bool_t
	199	ossl_curve448_point_eq(const curve448_point_t a,
	200	const curve448_point_t b);
7324473f	201
8d55f844 MC	202	/*
	203	* Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
	204	* faster.
7324473f	205	*
8d55f844 MC	206	* two_a (out): The sum a+a.
8d55f844 MC	207	* a (in): A point.
7324473f	208	*/
054d43ff SL	209	void
054d43ff SL	210	ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
7324473f	211
8d55f844 MC	212	/*
8d55f844 MC	213	* RFC 7748 Diffie-Hellman scalarmul. This function uses a different
7324473f MC	214	* (non-Decaf) encoding.
7324473f MC	215	*
8d55f844 MC	216	* out (out): The scaled point base*scalar
	217	* base (in): The point to be scaled.
	218	* scalar (in): The scalar to multiply by.
7324473f	219	*
8d55f844	220	* Returns:
aeeef83c MC	221	* C448_SUCCESS: The scalarmul succeeded.
aeeef83c MC	222	* C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
8d55f844	223	* small subgroup.
7324473f	224	*/
054d43ff SL	225	__owur c448_error_t
	226	ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES],
	227	const uint8_t base[X448_PUBLIC_BYTES],
	228	const uint8_t scalar[X448_PRIVATE_BYTES]);
7324473f	229
8d55f844	230	/*
db90b274	231	* Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
7324473f MC	232	*
	233	* This function is mainly used internally, but is exported in case
	234	* it will be useful.
	235	*
	236	* The ratio is necessary because the internal representation doesn't
	237	* track the cofactor information, so on output we must clear the cofactor.
aeeef83c MC	238	* This would multiply by the cofactor, but in fact internally points are always
aeeef83c MC	239	* even, so it multiplies by half the cofactor instead.
7324473f MC	240	*
	241	* As it happens, this aligns with the base point definitions; that is,
	242	* if you pass the Decaf/Ristretto base point to this function, the result
db90b274	243	* will be X448_ENCODE_RATIO times the X448
7324473f MC	244	* base point.
7324473f MC	245	*
8d55f844 MC	246	* out (out): The scaled and encoded point.
8d55f844 MC	247	* p (in): The point to be scaled and encoded.
7324473f	248	*/
054d43ff SL	249	void
054d43ff SL	250	ossl_curve448_point_mul_by_ratio_and_encode_like_x448(
db90b274	251	uint8_t out[X448_PUBLIC_BYTES],
8d55f844	252	const curve448_point_t p);
7324473f	253
8d55f844 MC	254	/*
	255	* RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different
	256	* (non-Decaf) encoding.
df443918	257	*
8d55f844 MC	258	* out (out): The scaled point base*scalar
8d55f844 MC	259	* scalar (in): The scalar to multiply by.
7324473f	260	*/
054d43ff SL	261	void
054d43ff SL	262	ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
db90b274	263	const uint8_t scalar[X448_PRIVATE_BYTES]);
8d55f844 MC	264
	265	/*
	266	* Multiply a precomputed base point by a scalar: out = scalar*base.
7324473f	267	*
8d55f844 MC	268	* scaled (out): The scaled point base*scalar
	269	* base (in): The point to be scaled.
	270	* scalar (in): The scalar to multiply by.
7324473f	271	*/
054d43ff SL	272	void
054d43ff SL	273	ossl_curve448_precomputed_scalarmul(curve448_point_t scaled,
205fd638 MC	274	const curve448_precomputed_s * base,
205fd638 MC	275	const curve448_scalar_t scalar);
7324473f	276
8d55f844 MC	277	/*
	278	* Multiply two base points by two scalars:
	279	* combo = scalar1curve448_point_base + scalar2base2.
7324473f	280	*
e7772577	281	* Otherwise equivalent to curve448_point_double_scalarmul, but may be
7324473f MC	282	* faster at the expense of being variable time.
7324473f MC	283	*
8d55f844 MC	284	* combo (out): The linear combination scalar1base + scalar2base2.
	285	* scalar1 (in): A first scalar to multiply by.
	286	* base2 (in): A second point to be scaled.
	287	* scalar2 (in) A second scalar to multiply by.
7324473f	288	*
df443918	289	* Warning: This function takes variable time, and may leak the scalars used.
8d55f844	290	* It is designed for signature verification.
7324473f	291	*/
054d43ff SL	292	void
054d43ff SL	293	ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
205fd638 MC	294	const curve448_scalar_t scalar1,
	295	const curve448_point_t base2,
	296	const curve448_scalar_t scalar2);
7324473f	297
8d55f844 MC	298	/*
8d55f844 MC	299	* Test that a point is valid, for debugging purposes.
7324473f	300	*
8d55f844 MC	301	* to_test (in): The point to test.
	302	*
	303	* Returns:
aeeef83c MC	304	* C448_TRUE The point is valid.
aeeef83c MC	305	* C448_FALSE The point is invalid.
7324473f	306	*/
054d43ff SL	307	__owur c448_bool_t
054d43ff SL	308	ossl_curve448_point_valid(const curve448_point_t to_test);
7324473f	309
8d55f844	310	/* Overwrite scalar with zeros. */
054d43ff	311	void ossl_curve448_scalar_destroy(curve448_scalar_t scalar);
7324473f	312
8d55f844	313	/* Overwrite point with zeros. */
054d43ff	314	void ossl_curve448_point_destroy(curve448_point_t point);
7324473f	315
ae4186b0	316	#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */