]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/ec/ec_lcl.h
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright year
[thirdparty/openssl.git] / crypto / ec / ec_lcl.h
CommitLineData
65e81670 1/* crypto/ec/ec_lcl.h */
35b73a1f
BM		 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */
65e81670 5/* ====================================================================
8ea16720 6 * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
65e81670
BM		 7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
ae5c8664 13 * notice, this list of conditions and the following disclaimer.
65e81670
BM		 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
7793f30e
BM		 58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
ae5c8664 61 * Portions of the attached software ("Contribution") are developed by
7793f30e
BM		 62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
ae5c8664 67 * The elliptic curve binary polynomial software is originally written by
7793f30e
BM		 68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
38e3c581 71
3a12ce01
BM		 72#include <stdlib.h>
73
458c2917 74#include <openssl/obj_mac.h>
38e3c581 75#include <openssl/ec.h>
0f814687 76#include <openssl/bn.h>
3a12ce01 77
7f24b1c3
AP		 78#if defined(__SUNPRO_C)
79# if __SUNPRO_C >= 0x520
ae5c8664 80# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
7f24b1c3
AP		 81# endif
82#endif
3a12ce01 83
69e2ec63 84/* Use default functions for poin2oct, oct2point and compressed coordinates */
ae5c8664 85#define EC_FLAGS_DEFAULT_OCT 0x1
69e2ec63 86
ae5c8664
MC		 87/*
88 * Structure details are not part of the exported interface, so all this may
89 * change in future versions.
90 */
3a12ce01
BM		 91
92struct ec_method_st {
ae5c8664
MC		 93 /* Various method flags */
94 int flags;
95 /* used by EC_METHOD_get_field_type: */
96 int field_type; /* a NID */
97 /*
98 * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
99 * EC_GROUP_copy:
100 */
101 int (*group_init) (EC_GROUP *);
102 void (*group_finish) (EC_GROUP *);
103 void (*group_clear_finish) (EC_GROUP *);
104 int (*group_copy) (EC_GROUP *, const EC_GROUP *);
105 /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
106 /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
107 int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
108 const BIGNUM *b, BN_CTX *);
109 int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
110 BN_CTX *);
111 /* used by EC_GROUP_get_degree: */
112 int (*group_get_degree) (const EC_GROUP *);
113 /* used by EC_GROUP_check: */
114 int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
115 /*
116 * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
117 * EC_POINT_copy:
118 */
119 int (*point_init) (EC_POINT *);
120 void (*point_finish) (EC_POINT *);
121 void (*point_clear_finish) (EC_POINT *);
122 int (*point_copy) (EC_POINT *, const EC_POINT *);
83975c80
MC		 123 /*-
124 * used by EC_POINT_set_to_infinity,
125 * EC_POINT_set_Jprojective_coordinates_GFp,
126 * EC_POINT_get_Jprojective_coordinates_GFp,
127 * EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
128 * EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
129 * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
130 */
ae5c8664
MC		 131 int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
132 int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
133 EC_POINT *, const BIGNUM *x,
134 const BIGNUM *y,
135 const BIGNUM *z, BN_CTX *);
136 int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
137 const EC_POINT *, BIGNUM *x,
138 BIGNUM *y, BIGNUM *z,
139 BN_CTX *);
140 int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
141 const BIGNUM *x, const BIGNUM *y,
142 BN_CTX *);
143 int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
144 BIGNUM *x, BIGNUM *y, BN_CTX *);
145 int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
146 const BIGNUM *x, int y_bit,
147 BN_CTX *);
148 /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
149 size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
150 point_conversion_form_t form, unsigned char *buf,
151 size_t len, BN_CTX *);
152 int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
153 size_t len, BN_CTX *);
154 /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
155 int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
156 const EC_POINT *b, BN_CTX *);
157 int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
158 int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
159 /*
160 * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
161 */
162 int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
163 int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
164 int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
165 BN_CTX *);
166 /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
167 int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
168 int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
169 BN_CTX *);
170 /*
171 * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
172 * EC_POINT_have_precompute_mult (default implementations are used if the
173 * 'mul' pointer is 0):
174 */
175 int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
176 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
177 BN_CTX *);
178 int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
179 int (*have_precompute_mult) (const EC_GROUP *group);
180 /* internal functions */
181 /*
182 * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
183 * 'dbl' so that the same implementations of point operations can be used
184 * with different optimized implementations of expensive field
185 * operations:
186 */
187 int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
188 const BIGNUM *b, BN_CTX *);
189 int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
190 int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
191 const BIGNUM *b, BN_CTX *);
192 /* e.g. to Montgomery */
193 int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
194 BN_CTX *);
195 /* e.g. from Montgomery */
196 int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
197 BN_CTX *);
198 int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
199} /* EC_METHOD */ ;
3a12ce01 200
ba729265 201typedef struct ec_extra_data_st {
ae5c8664
MC		 202 struct ec_extra_data_st *next;
203 void *data;
204 void *(*dup_func) (void *);
205 void (*free_func) (void *);
206 void (*clear_free_func) (void *);
207} EC_EXTRA_DATA; /* used in EC_GROUP */
3a12ce01
BM		 208
209struct ec_group_st {
ae5c8664
MC		 210 const EC_METHOD *meth;
211 EC_POINT *generator; /* optional */
212 BIGNUM order, cofactor;
213 int curve_name; /* optional NID for named curve */
214 int asn1_flag; /* flag to control the asn1 encoding */
215 /*
216 * Kludge: upper bit of ans1_flag is used to denote structure
fff1da43 217 * version. If set, then last field is present. This is done
ae5c8664
MC		 218 * for interoperation with FIPS code.
219 */
27918b7c
AP		 220#define EC_GROUP_ASN1_FLAG_MASK 0x7fffffff
221#define EC_GROUP_VERSION(p) (p->asn1_flag&~EC_GROUP_ASN1_FLAG_MASK)
ae5c8664
MC		 222 point_conversion_form_t asn1_form;
223 unsigned char *seed; /* optional seed for parameters (appears in
224 * ASN1) */
225 size_t seed_len;
226 EC_EXTRA_DATA *extra_data; /* linked list */
227 /*
228 * The following members are handled by the method functions, even if
229 * they appear generic
230 */
231 /*
232 * Field specification. For curves over GF(p), this is the modulus; for
233 * curves over GF(2^m), this is the irreducible polynomial defining the
234 * field.
235 */
236 BIGNUM field;
237 /*
238 * Field specification for curves over GF(2^m). The irreducible f(t) is
239 * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
240 * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with
241 * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero
242 * terms.
243 */
244 int poly[6];
245 /*
246 * Curve coefficients. (Here the assumption is that BIGNUMs can be used
247 * or abused for all kinds of fields, not just GF(p).) For characteristic
248 * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
249 * x^3 + a*x + b. For characteristic 2, the curve is defined by an
250 * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
251 */
252 BIGNUM a, b;
253 /* enable optimized point arithmetics for special case */
254 int a_is_minus3;
255 /* method-specific (e.g., Montgomery structure) */
256 void *field_data1;
257 /* method-specific */
258 void *field_data2;
259 /* method-specific */
260 int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
261 BN_CTX *);
262 BN_MONT_CTX *mont_data; /* data for ECDSA inverse */
263} /* EC_GROUP */ ;
3a12ce01 264
9dd84053 265struct ec_key_st {
ae5c8664
MC		 266 int version;
267 EC_GROUP *group;
268 EC_POINT *pub_key;
269 BIGNUM *priv_key;
270 unsigned int enc_flag;
271 point_conversion_form_t conv_form;
272 int references;
273 int flags;
274 EC_EXTRA_DATA *method_data;
275} /* EC_KEY */ ;
9dd84053 276
ae5c8664
MC		 277/*
278 * Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs
279 * only (with visibility limited to 'package' level for now). We use the
280 * function pointers as index for retrieval; this obviates global
281 * ex_data-style index tables.
ba729265 282 */
9dd84053 283int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
ae5c8664
MC		 284 void *(*dup_func) (void *),
285 void (*free_func) (void *),
286 void (*clear_free_func) (void *));
287void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, void *(*dup_func) (void *),
288 void (*free_func) (void *),
289 void (*clear_free_func) (void *));
290void EC_EX_DATA_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
291 void (*free_func) (void *),
292 void (*clear_free_func) (void *));
293void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
294 void (*free_func) (void *),
295 void (*clear_free_func) (void *));
9dd84053
NL		 296void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
297void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
df9cc153 298
3a12ce01 299struct ec_point_st {
ae5c8664
MC		 300 const EC_METHOD *meth;
301 /*
302 * All members except 'meth' are handled by the method functions, even if
303 * they appear generic
304 */
305 BIGNUM X;
306 BIGNUM Y;
307 BIGNUM Z; /* Jacobian projective coordinates: (X, Y, Z)
308 * represents (X/Z^2, Y/Z^3) if Z != 0 */
309 int Z_is_one; /* enable optimized point arithmetics for
310 * special case */
311} /* EC_POINT */ ;
0657bf9c 312
ae5c8664
MC		 313/*
314 * method functions in ec_mult.c (ec_lib.c uses these as defaults if
315 * group->method->mul is 0)
316 */
7793f30e 317int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
ae5c8664
MC		 318 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
319 BN_CTX *);
7793f30e 320int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
37c660ff
BM		 321int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
322
58fc6229
BM		 323/* method functions in ecp_smpl.c */
324int ec_GFp_simple_group_init(EC_GROUP *);
58fc6229
BM		 325void ec_GFp_simple_group_finish(EC_GROUP *);
326void ec_GFp_simple_group_clear_finish(EC_GROUP *);
327int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
ae5c8664
MC		 328int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
329 const BIGNUM *a, const BIGNUM *b, BN_CTX *);
330int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
331 BIGNUM *b, BN_CTX *);
7793f30e 332int ec_GFp_simple_group_get_degree(const EC_GROUP *);
17d6bb81 333int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
58fc6229
BM		 334int ec_GFp_simple_point_init(EC_POINT *);
335void ec_GFp_simple_point_finish(EC_POINT *);
336void ec_GFp_simple_point_clear_finish(EC_POINT *);
337int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
226cc7de 338int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
ae5c8664
MC		 339int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
340 EC_POINT *, const BIGNUM *x,
341 const BIGNUM *y,
342 const BIGNUM *z, BN_CTX *);
343int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
344 const EC_POINT *, BIGNUM *x,
345 BIGNUM *y, BIGNUM *z,
346 BN_CTX *);
35b73a1f 347int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 348 const BIGNUM *x,
349 const BIGNUM *y, BN_CTX *);
350int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
351 const EC_POINT *, BIGNUM *x,
352 BIGNUM *y, BN_CTX *);
35b73a1f 353int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 354 const BIGNUM *x, int y_bit,
355 BN_CTX *);
356size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
357 point_conversion_form_t form,
358 unsigned char *buf, size_t len, BN_CTX *);
58fc6229 359int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 360 const unsigned char *buf, size_t len, BN_CTX *);
361int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
362 const EC_POINT *b, BN_CTX *);
363int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
364 BN_CTX *);
1d5bd6cf 365int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
58fc6229
BM		 366int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
367int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
ae5c8664
MC		 368int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
369 BN_CTX *);
e869d4bd 370int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
ae5c8664
MC		 371int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
372 EC_POINT *[], BN_CTX *);
373int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
374 const BIGNUM *b, BN_CTX *);
375int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
376 BN_CTX *);
58fc6229
BM		 377
378/* method functions in ecp_mont.c */
f1f25544 379int ec_GFp_mont_group_init(EC_GROUP *);
ae5c8664
MC		 380int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
381 const BIGNUM *b, BN_CTX *);
2e0db076
BM		 382void ec_GFp_mont_group_finish(EC_GROUP *);
383void ec_GFp_mont_group_clear_finish(EC_GROUP *);
60428dbf 384int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
ae5c8664
MC		 385int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
386 const BIGNUM *b, BN_CTX *);
387int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
388 BN_CTX *);
389int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
390 BN_CTX *);
391int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
392 BN_CTX *);
48fe4d62 393int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
58fc6229 394
58fc6229 395/* method functions in ecp_nist.c */
e2c9c91b 396int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
ae5c8664
MC		 397int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
398 const BIGNUM *b, BN_CTX *);
399int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
400 const BIGNUM *b, BN_CTX *);
401int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
402 BN_CTX *);
7793f30e
BM		 403
404/* method functions in ec2_smpl.c */
405int ec_GF2m_simple_group_init(EC_GROUP *);
406void ec_GF2m_simple_group_finish(EC_GROUP *);
407void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
408int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
ae5c8664
MC		 409int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
410 const BIGNUM *a, const BIGNUM *b,
411 BN_CTX *);
412int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
413 BIGNUM *b, BN_CTX *);
7793f30e
BM		 414int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
415int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
416int ec_GF2m_simple_point_init(EC_POINT *);
417void ec_GF2m_simple_point_finish(EC_POINT *);
418void ec_GF2m_simple_point_clear_finish(EC_POINT *);
419int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
420int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
35b73a1f 421int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 422 const BIGNUM *x,
423 const BIGNUM *y, BN_CTX *);
424int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
425 const EC_POINT *, BIGNUM *x,
426 BIGNUM *y, BN_CTX *);
35b73a1f 427int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 428 const BIGNUM *x, int y_bit,
429 BN_CTX *);
430size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
431 point_conversion_form_t form,
432 unsigned char *buf, size_t len, BN_CTX *);
7793f30e 433int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
ae5c8664
MC		 434 const unsigned char *buf, size_t len, BN_CTX *);
435int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
436 const EC_POINT *b, BN_CTX *);
437int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
438 BN_CTX *);
7793f30e
BM		 439int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
440int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
441int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
ae5c8664
MC		 442int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
443 BN_CTX *);
7793f30e 444int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
ae5c8664
MC		 445int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
446 EC_POINT *[], BN_CTX *);
447int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
448 const BIGNUM *b, BN_CTX *);
449int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
450 BN_CTX *);
451int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
452 const BIGNUM *b, BN_CTX *);
7793f30e
BM		 453
454/* method functions in ec2_mult.c */
ae5c8664
MC		 455int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
456 const BIGNUM *scalar, size_t num,
457 const EC_POINT *points[], const BIGNUM *scalars[],
458 BN_CTX *);
15994b03 459int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
37c660ff 460int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
48ce525d 461
a5d03c54 462#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
48ce525d
BM		 463/* method functions in ecp_nistp224.c */
464int ec_GFp_nistp224_group_init(EC_GROUP *group);
ae5c8664
MC		 465int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
466 const BIGNUM *a, const BIGNUM *n,
467 BN_CTX *);
468int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
469 const EC_POINT *point,
470 BIGNUM *x, BIGNUM *y,
471 BN_CTX *ctx);
472int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r,
473 const BIGNUM *scalar, size_t num,
474 const EC_POINT *points[], const BIGNUM *scalars[],
475 BN_CTX *);
476int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
477 const BIGNUM *scalar, size_t num,
478 const EC_POINT *points[],
479 const BIGNUM *scalars[], BN_CTX *ctx);
48ce525d
BM		 480int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
481int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
9c37519b
BM		 482
483/* method functions in ecp_nistp256.c */
484int ec_GFp_nistp256_group_init(EC_GROUP *group);
ae5c8664
MC		 485int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
486 const BIGNUM *a, const BIGNUM *n,
487 BN_CTX *);
488int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
489 const EC_POINT *point,
490 BIGNUM *x, BIGNUM *y,
491 BN_CTX *ctx);
492int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r,
493 const BIGNUM *scalar, size_t num,
494 const EC_POINT *points[], const BIGNUM *scalars[],
495 BN_CTX *);
496int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
497 const BIGNUM *scalar, size_t num,
498 const EC_POINT *points[],
499 const BIGNUM *scalars[], BN_CTX *ctx);
9c37519b
BM		 500int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
501int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
502
503/* method functions in ecp_nistp521.c */
504int ec_GFp_nistp521_group_init(EC_GROUP *group);
ae5c8664
MC		 505int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
506 const BIGNUM *a, const BIGNUM *n,
507 BN_CTX *);
508int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
509 const EC_POINT *point,
510 BIGNUM *x, BIGNUM *y,
511 BN_CTX *ctx);
512int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r,
513 const BIGNUM *scalar, size_t num,
514 const EC_POINT *points[], const BIGNUM *scalars[],
515 BN_CTX *);
516int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
517 const BIGNUM *scalar, size_t num,
518 const EC_POINT *points[],
519 const BIGNUM *scalars[], BN_CTX *ctx);
9c37519b
BM		 520int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
521int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
522
523/* utility functions in ecp_nistputil.c */
524void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
ae5c8664
MC		 525 size_t felem_size,
526 void *tmp_felems,
527 void (*felem_one) (void *out),
528 int (*felem_is_zero) (const void
529 *in),
530 void (*felem_assign) (void *out,
531 const void
532 *in),
533 void (*felem_square) (void *out,
534 const void
535 *in),
536 void (*felem_mul) (void *out,
537 const void
538 *in1,
539 const void
540 *in2),
541 void (*felem_inv) (void *out,
542 const void
543 *in),
544 void (*felem_contract) (void
545 *out,
546 const
547 void
548 *in));
549void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
550 unsigned char *digit, unsigned char in);
48ce525d 551#endif
8aed2a75
AP		 552
553#ifdef ECP_NISTZ256_ASM
554/** Returns GFp methods using montgomery multiplication, with x86-64 optimized
555 * P256. See http://eprint.iacr.org/2013/816.
556 * \return EC_METHOD object
557 */
558const EC_METHOD *EC_GFp_nistz256_method(void);
559#endif
27918b7c
AP		 560
561#ifdef OPENSSL_FIPS
ae5c8664
MC		 562EC_GROUP *FIPS_ec_group_new_curve_gfp(const BIGNUM *p, const BIGNUM *a,
563 const BIGNUM *b, BN_CTX *ctx);
564EC_GROUP *FIPS_ec_group_new_curve_gf2m(const BIGNUM *p, const BIGNUM *a,
565 const BIGNUM *b, BN_CTX *ctx);
27918b7c
AP		 566EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid);
567#endif
A mirror of the official openssl repository