resolve conflicts

1 files changed, 177 insertions, 64 deletions

diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index cc4cf27755..fdd7aa2755 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -1,6 +1,9 @@
 /* crypto/ec/ec_lcl.h */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -52,35 +55,56 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
 
 
 #include <stdlib.h>
 
+#include <openssl/obj_mac.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 
+#if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+#endif
 
 /* Structure details are not part of the exported interface,
  * so all this may change in future versions. */
 
 struct ec_method_st {
+        /* used by EC_METHOD_get_field_type: */
+        int field_type; /* a NID */
+
         /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
         int (*group_init)(EC_GROUP *);
         void (*group_finish)(EC_GROUP *);
         void (*group_clear_finish)(EC_GROUP *);
         int (*group_copy)(EC_GROUP *, const EC_GROUP *);
 
-        /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
-        int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-        int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+        /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
+        /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+        int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+        int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
 
-        /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
-         * EC_GROUP_get_order, EC_GROUP_get_cofactor:
-         */
-        int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
-                const BIGNUM *order, const BIGNUM *cofactor);
-        EC_POINT *(*group_get0_generator)(const EC_GROUP *);
-        int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-        int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+        /* used by EC_GROUP_get_degree: */
+        int (*group_get_degree)(const EC_GROUP *);
+
+        /* used by EC_GROUP_check: */
+        int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
 
         /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
         int (*point_init)(EC_POINT *);
@@ -89,20 +113,22 @@ struct ec_method_st {
         int (*point_copy)(EC_POINT *, const EC_POINT *);
 
         /* used by EC_POINT_set_to_infinity,
-         * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
-         * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
-         * EC_POINT_set_compressed_coordinates_GFp:
+         * EC_POINT_set_Jprojective_coordinates_GFp,
+         * EC_POINT_get_Jprojective_coordinates_GFp,
+         * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
+         * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
+         * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
          */
         int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
         int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
                 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
         int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
                 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-        int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+        int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
                 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-        int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+        int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
                 BIGNUM *x, BIGNUM *y, BN_CTX *);
-        int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+        int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
                 const BIGNUM *x, int y_bit, BN_CTX *);
 
         /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
@@ -125,34 +151,65 @@ struct ec_method_st {
         int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
         int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
 
+        /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult
+         * (default implementations are used if the 'mul' pointer is 0): */
+        int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+        int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
+        int (*have_precompute_mult)(const EC_GROUP *group);
+
 
         /* internal functions */
 
-        /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
+        /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that
          * the same implementations of point operations can be used with different
          * optimized implementations of expensive field operations: */
         int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
         int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+        int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 
         int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
         int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
         int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
 } /* EC_METHOD */;
 
+typedef struct ec_extra_data_st {
+        struct ec_extra_data_st *next;
+        void *data;
+        void *(*dup_func)(void *);
+        void (*free_func)(void *);
+        void (*clear_free_func)(void *);
+} EC_EXTRA_DATA; /* used in EC_GROUP */
 
 struct ec_group_st {
         const EC_METHOD *meth;
 
-        void *extra_data;
-        void *(*extra_data_dup_func)(void *);
-        void (*extra_data_free_func)(void *);
-        void (*extra_data_clear_free_func)(void *);
+        EC_POINT *generator; /* optional */
+        BIGNUM order, cofactor;
+
+        int curve_name;/* optional NID for named curve */
+        int asn1_flag; /* flag to control the asn1 encoding */
+        point_conversion_form_t asn1_form;
+
+        unsigned char *seed; /* optional seed for parameters (appears in ASN1) */
+        size_t seed_len;
 
-        /* All members except 'meth' and 'extra_data...' are handled by
-         * the method functions, even if they appear generic */
+        EC_EXTRA_DATA *extra_data; /* linked list */
+
+        /* The following members are handled by the method functions,
+         * even if they appear generic */
         
         BIGNUM field; /* Field specification.
-                       * For curves over GF(p), this is the modulus. */
+                       * For curves over GF(p), this is the modulus;
+                       * for curves over GF(2^m), this is the 
+                       * irreducible polynomial defining the field.
+                       */
+
+        unsigned int poly[5]; /* Field specification for curves over GF(2^m).
+                               * The irreducible f(t) is then of the form:
+                               *     t^poly[0] + t^poly[1] + ... + t^poly[k]
+                               * where m = poly[0] > poly[1] > ... > poly[k] = 0.
+                               */
 
         BIGNUM a, b; /* Curve coefficients.
                       * (Here the assumption is that BIGNUMs can be used
@@ -160,29 +217,49 @@ struct ec_group_st {
                       * For characteristic  > 3,  the curve is defined
                       * by a Weierstrass equation of the form
                       *     y^2 = x^3 + a*x + b.
+                      * For characteristic  2,  the curve is defined by
+                      * an equation of the form
+                      *     y^2 + x*y = x^3 + a*x^2 + b.
                       */
-        int a_is_minus3; /* enable optimized point arithmetics for special case */
 
-        EC_POINT *generator; /* optional */
-        BIGNUM order, cofactor;
+        int a_is_minus3; /* enable optimized point arithmetics for special case */
 
         void *field_data1; /* method-specific (e.g., Montgomery structure) */
         void *field_data2; /* method-specific */
+        int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */
 } /* EC_GROUP */;
 
+struct ec_key_st {
+        int version;
+
+        EC_GROUP *group;
+
+        EC_POINT *pub_key;
+        BIGNUM   *priv_key;
+
+        unsigned int enc_flag;
+        point_conversion_form_t conv_form;
 
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
+        int     references;
+
+        EC_EXTRA_DATA *method_data;
+} /* EC_KEY */;
+
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
  * (with visibility limited to 'package' level for now).
  * We use the function pointers as index for retrieval; this obviates
  * global ex_data-style index tables.
- * (Currently, we have one slot only, but is is possible to extend this
- * if necessary.) */
-int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
-        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-void EC_GROUP_free_extra_data(EC_GROUP *);
-void EC_GROUP_clear_free_extra_data(EC_GROUP *);
+ */
+int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
+        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
+        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
+        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
+        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
+void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
 
 
 
@@ -201,18 +278,23 @@ struct ec_point_st {
 
 
 
+/* method functions in ec_mult.c
+ * (ec_lib.c uses these as defaults if group->method->mul is 0) */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
+
+
 /* method functions in ecp_smpl.c */
 int ec_GFp_simple_group_init(EC_GROUP *);
 void ec_GFp_simple_group_finish(EC_GROUP *);
 void ec_GFp_simple_group_clear_finish(EC_GROUP *);
 int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
-        const BIGNUM *order, const BIGNUM *cofactor);
-EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
-int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
 int ec_GFp_simple_point_init(EC_POINT *);
 void ec_GFp_simple_point_finish(EC_POINT *);
 void ec_GFp_simple_point_clear_finish(EC_POINT *);
@@ -222,11 +304,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
         const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
 int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
         BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
         const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
         BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
         const BIGNUM *x, int y_bit, BN_CTX *);
 size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
         unsigned char *buf, size_t len, BN_CTX *);
@@ -246,7 +328,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX
 
 /* method functions in ecp_mont.c */
 int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 void ec_GFp_mont_group_finish(EC_GROUP *);
 void ec_GFp_mont_group_clear_finish(EC_GROUP *);
 int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
@@ -257,21 +339,52 @@ int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT
 int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
 
 
-/* method functions in ecp_recp.c */
-int ec_GFp_recp_group_init(EC_GROUP *);
-int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_recp_group_finish(EC_GROUP *);
-void ec_GFp_recp_group_clear_finish(EC_GROUP *);
-int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
 /* method functions in ecp_nist.c */
-int ec_GFp_nist_group_init(EC_GROUP *);
-int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_nist_group_finish(EC_GROUP *);
-void ec_GFp_nist_group_clear_finish(EC_GROUP *);
-int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
+        BIGNUM *x, BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, int y_bit, BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+        const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+
+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group);