]>
Commit | Line | Data |
---|---|---|
35b73a1f | 1 | /* |
33388b44 | 2 | * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. |
aa8f3d76 | 3 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
65e81670 | 4 | * |
a7f182b7 | 5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
65e81670 | 9 | */ |
4f22f405 | 10 | |
579422c8 P |
11 | /* |
12 | * ECDSA low level APIs are deprecated for public use, but still ok for | |
13 | * internal use. | |
14 | */ | |
15 | #include "internal/deprecated.h" | |
16 | ||
5c6bf031 | 17 | #include <openssl/err.h> |
25f2138b | 18 | #include "crypto/bn.h" |
706457b7 | 19 | #include "ec_local.h" |
0657bf9c | 20 | |
0f113f3e MC |
21 | EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, |
22 | const BIGNUM *b, BN_CTX *ctx) | |
23 | { | |
24 | const EC_METHOD *meth; | |
25 | EC_GROUP *ret; | |
5c6bf031 | 26 | |
62f29eb1 | 27 | #if defined(OPENSSL_BN_ASM_MONT) |
0f113f3e MC |
28 | /* |
29 | * This might appear controversial, but the fact is that generic | |
30 | * prime method was observed to deliver better performance even | |
31 | * for NIST primes on a range of platforms, e.g.: 60%-15% | |
32 | * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25% | |
33 | * in 32-bit build and 35%--12% in 64-bit build on Core2... | |
34 | * Coefficients are relative to optimized bn_nist.c for most | |
35 | * intensive ECDSA verify and ECDH operations for 192- and 521- | |
36 | * bit keys respectively. Choice of these boundary values is | |
37 | * arguable, because the dependency of improvement coefficient | |
38 | * from key length is not a "monotone" curve. For example while | |
39 | * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's | |
40 | * generally faster, sometimes "respectfully" faster, sometimes | |
41 | * "tolerably" slower... What effectively happens is that loop | |
42 | * with bn_mul_add_words is put against bn_mul_mont, and the | |
43 | * latter "wins" on short vectors. Correct solution should be | |
44 | * implementing dedicated NxN multiplication subroutines for | |
45 | * small N. But till it materializes, let's stick to generic | |
46 | * prime method... | |
47 | * <appro> | |
48 | */ | |
49 | meth = EC_GFp_mont_method(); | |
fdf6dac8 | 50 | #else |
0f113f3e MC |
51 | if (BN_nist_mod_func(p)) |
52 | meth = EC_GFp_nist_method(); | |
53 | else | |
54 | meth = EC_GFp_mont_method(); | |
fdf6dac8 | 55 | #endif |
0657bf9c | 56 | |
a9612d6c | 57 | ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth); |
0f113f3e MC |
58 | if (ret == NULL) |
59 | return NULL; | |
0657bf9c | 60 | |
9cc570d4 | 61 | if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { |
cdf8d0db | 62 | EC_GROUP_free(ret); |
0f113f3e MC |
63 | return NULL; |
64 | } | |
65 | ||
66 | return ret; | |
67 | } | |
7793f30e | 68 | |
b3310161 | 69 | #ifndef OPENSSL_NO_EC2M |
0f113f3e MC |
70 | EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, |
71 | const BIGNUM *b, BN_CTX *ctx) | |
72 | { | |
73 | const EC_METHOD *meth; | |
74 | EC_GROUP *ret; | |
75 | ||
76 | meth = EC_GF2m_simple_method(); | |
77 | ||
a9612d6c | 78 | ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth); |
0f113f3e MC |
79 | if (ret == NULL) |
80 | return NULL; | |
7793f30e | 81 | |
9cc570d4 | 82 | if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { |
cdf8d0db | 83 | EC_GROUP_free(ret); |
0f113f3e MC |
84 | return NULL; |
85 | } | |
7793f30e | 86 | |
0f113f3e MC |
87 | return ret; |
88 | } | |
b3310161 | 89 | #endif |