summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec_local.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec/ec_local.h')
-rw-r--r--src/lib/libcrypto/ec/ec_local.h525
1 files changed, 525 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h
new file mode 100644
index 0000000000..5fc9bfebbb
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_local.h
@@ -0,0 +1,525 @@
1/* $OpenBSD: ec_local.h,v 1.1 2022/11/26 16:08:52 tb Exp $ */
2/*
3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72#include <stdlib.h>
73
74#include <openssl/bn.h>
75#include <openssl/ec.h>
76#include <openssl/ecdsa.h>
77#include <openssl/objects.h>
78
79#include "bn_local.h"
80
81__BEGIN_HIDDEN_DECLS
82
83#if defined(__SUNPRO_C)
84# if __SUNPRO_C >= 0x520
85# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
86# endif
87#endif
88
89/* Use default functions for poin2oct, oct2point and compressed coordinates */
90#define EC_FLAGS_DEFAULT_OCT 0x1
91
92struct ec_method_st {
93
94 /*
95 * Methods and members exposed directly by the public API.
96 */
97
98 int flags;
99
100 int field_type;
101
102 int (*group_init)(EC_GROUP *);
103 void (*group_finish)(EC_GROUP *);
104 void (*group_clear_finish)(EC_GROUP *);
105 int (*group_copy)(EC_GROUP *, const EC_GROUP *);
106
107 int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
108 const BIGNUM *b, BN_CTX *);
109 int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
110 BIGNUM *b, BN_CTX *);
111
112 int (*group_get_degree)(const EC_GROUP *);
113 int (*group_order_bits)(const EC_GROUP *);
114 int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
115
116 int (*point_init)(EC_POINT *);
117 void (*point_finish)(EC_POINT *);
118 void (*point_clear_finish)(EC_POINT *);
119 int (*point_copy)(EC_POINT *, const EC_POINT *);
120
121 int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
122 int (*point_set_Jprojective_coordinates)(const EC_GROUP *, EC_POINT *,
123 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
124 int (*point_get_Jprojective_coordinates)(const EC_GROUP *,
125 const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
126 int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
127 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
128 int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
129 BIGNUM *x, BIGNUM *y, BN_CTX *);
130 int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
131 const BIGNUM *x, int y_bit, BN_CTX *);
132
133 size_t (*point2oct)(const EC_GROUP *, const EC_POINT *,
134 point_conversion_form_t form, unsigned char *buf, size_t len,
135 BN_CTX *);
136 int (*oct2point)(const EC_GROUP *, EC_POINT *, const unsigned char *buf,
137 size_t len, BN_CTX *);
138
139 int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
140 const EC_POINT *b, BN_CTX *);
141 int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
142 int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
143
144 int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
145 int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
146 int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
147 BN_CTX *);
148
149 int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
150 int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[],
151 BN_CTX *);
152
153 int (*mul_generator_ct)(const EC_GROUP *, EC_POINT *r,
154 const BIGNUM *scalar, BN_CTX *);
155 int (*mul_single_ct)(const EC_GROUP *group, EC_POINT *r,
156 const BIGNUM *scalar, const EC_POINT *point, BN_CTX *);
157 int (*mul_double_nonct)(const EC_GROUP *group, EC_POINT *r,
158 const BIGNUM *g_scalar, const BIGNUM *p_scalar,
159 const EC_POINT *point, BN_CTX *);
160 int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
161 int (*have_precompute_mult)(const EC_GROUP *group);
162
163 /*
164 * Internal methods.
165 */
166
167 /*
168 * These can be used by 'add' and 'dbl' so that the same implementations
169 * of point operations can be used with different optimized versions of
170 * expensive field operations.
171 */
172 int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
173 const BIGNUM *b, BN_CTX *);
174 int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
175 BN_CTX *);
176 int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
177 const BIGNUM *b, BN_CTX *);
178
179 /* Encode to and decode from other forms (e.g. Montgomery). */
180 int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
181 BN_CTX *);
182 int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
183 BN_CTX *);
184
185 int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
186 int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p,
187 BN_CTX *ctx);
188} /* EC_METHOD */;
189
190typedef struct ec_extra_data_st {
191 struct ec_extra_data_st *next;
192 void *data;
193 void *(*dup_func)(void *);
194 void (*free_func)(void *);
195 void (*clear_free_func)(void *);
196} EC_EXTRA_DATA; /* used in EC_GROUP */
197
198struct ec_group_st {
199 /*
200 * Methods and members exposed via the public API.
201 */
202
203 const EC_METHOD *meth;
204
205 EC_POINT *generator; /* Optional */
206 BIGNUM order;
207 BIGNUM cofactor;
208
209 int curve_name; /* Optional NID for named curve. */
210
211 /* ASN.1 encoding controls. */
212 int asn1_flag;
213 point_conversion_form_t asn1_form;
214
215 /* Optional seed for parameters (appears in ASN.1). */
216 unsigned char *seed;
217 size_t seed_len;
218
219 /*
220 * Internal methods and members. Handled by the method functions, even
221 * if they appear to be generic.
222 */
223
224 EC_EXTRA_DATA *extra_data;
225
226 /*
227 * Field specification. For GF(p) this is the modulus; for GF(2^m),
228 * this is the irreducible polynomial defining the field.
229 */
230 BIGNUM field;
231
232 /*
233 * Field specification for GF(2^m). The irreducible polynomial is
234 * f(t) = t^poly[0] + t^poly[1] + ... + t^poly[k],
235 * where
236 * m = poly[0] > poly[1] > ... > poly[k] = 0,
237 * and the array is terminated with poly[k+1] = -1. All elliptic curve
238 * irreducibles have at most 5 non-zero terms.
239 */
240 int poly[6];
241
242 /*
243 * Curve coefficients. In characteristic > 3, the curve is defined by a
244 * Weierstrass equation of the form
245 * y^2 = x^3 + a*x + b.
246 * For characteristic 2, the curve is defined by an equation of the form
247 * y^2 + x*y = x^3 + a*x^2 + b.
248 */
249 BIGNUM a, b;
250
251 /* Enables optimized point arithmetics for special case. */
252 int a_is_minus3;
253
254 void *field_data1;
255 void *field_data2;
256 int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *,
257 BN_CTX *);
258} /* EC_GROUP */;
259
260struct ec_key_st {
261 const EC_KEY_METHOD *meth;
262 ENGINE *engine;
263
264 int version;
265
266 EC_GROUP *group;
267
268 EC_POINT *pub_key;
269 BIGNUM *priv_key;
270
271 unsigned int enc_flag;
272 point_conversion_form_t conv_form;
273
274 int references;
275 int flags;
276
277 EC_EXTRA_DATA *method_data;
278 CRYPTO_EX_DATA ex_data;
279} /* EC_KEY */;
280
281/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
282 * (with visibility limited to 'package' level for now).
283 * We use the function pointers as index for retrieval; this obviates
284 * global ex_data-style index tables.
285 */
286int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
287 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
288void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
289 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
290void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
291 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
292void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
293 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
294void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
295void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
296
297int ec_group_simple_order_bits(const EC_GROUP *group);
298
299struct ec_point_st {
300 const EC_METHOD *meth;
301
302 /*
303 * All members except 'meth' are handled by the method functions,
304 * even if they appear generic.
305 */
306
307 /*
308 * Jacobian projective coordinates: (X, Y, Z) represents (X/Z^2, Y/Z^3)
309 * if Z != 0
310 */
311 BIGNUM X;
312 BIGNUM Y;
313 BIGNUM Z;
314 int Z_is_one; /* enable optimized point arithmetics for special case */
315} /* EC_POINT */;
316
317/* method functions in ec_mult.c
318 * (ec_lib.c uses these as defaults if group->method->mul is 0) */
319int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
320 size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
321int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
322int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
323
324
325/* method functions in ecp_smpl.c */
326int ec_GFp_simple_group_init(EC_GROUP *);
327void ec_GFp_simple_group_finish(EC_GROUP *);
328void ec_GFp_simple_group_clear_finish(EC_GROUP *);
329int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
330int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
331int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
332int ec_GFp_simple_group_get_degree(const EC_GROUP *);
333int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
334int ec_GFp_simple_point_init(EC_POINT *);
335void ec_GFp_simple_point_finish(EC_POINT *);
336void ec_GFp_simple_point_clear_finish(EC_POINT *);
337int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
338int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
339int ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *, EC_POINT *,
340 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
341int ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *,
342 const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
343int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
344 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
345int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
346 BIGNUM *x, BIGNUM *y, BN_CTX *);
347int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
348 const BIGNUM *x, int y_bit, BN_CTX *);
349size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
350 unsigned char *buf, size_t len, BN_CTX *);
351int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
352 const unsigned char *buf, size_t len, BN_CTX *);
353int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
354int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
355int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
356int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
357int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
358int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
359int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
360int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
361int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
362int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
363int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
364int ec_GFp_simple_mul_generator_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, BN_CTX *);
365int ec_GFp_simple_mul_single_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar,
366 const EC_POINT *point, BN_CTX *);
367int ec_GFp_simple_mul_double_nonct(const EC_GROUP *, EC_POINT *r, const BIGNUM *g_scalar,
368 const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *);
369
370
371/* method functions in ecp_mont.c */
372int ec_GFp_mont_group_init(EC_GROUP *);
373int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
374void ec_GFp_mont_group_finish(EC_GROUP *);
375void ec_GFp_mont_group_clear_finish(EC_GROUP *);
376int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
377int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
378int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
379int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
380int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
381int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
382
383int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
384
385/* method functions in ecp_nist.c */
386int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
387int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
388int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
389int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
390
391
392/* method functions in ec2_smpl.c */
393int ec_GF2m_simple_group_init(EC_GROUP *);
394void ec_GF2m_simple_group_finish(EC_GROUP *);
395void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
396int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
397int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
398int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
399int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
400int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
401int ec_GF2m_simple_point_init(EC_POINT *);
402void ec_GF2m_simple_point_finish(EC_POINT *);
403void ec_GF2m_simple_point_clear_finish(EC_POINT *);
404int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
405int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
406int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
407 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
408int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
409 BIGNUM *x, BIGNUM *y, BN_CTX *);
410int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
411 const BIGNUM *x, int y_bit, BN_CTX *);
412size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
413 unsigned char *buf, size_t len, BN_CTX *);
414int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
415 const unsigned char *buf, size_t len, BN_CTX *);
416int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
417int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
418int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
419int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
420int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
421int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
422int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
423int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
424int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
425int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
426int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
427
428
429/* method functions in ec2_mult.c */
430int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
431 size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
432int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
433int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
434
435/* method functions in ec2_mult.c */
436int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
437 size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
438int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
439int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
440
441#ifndef OPENSSL_EC_NISTP_64_GCC_128
442/* method functions in ecp_nistp224.c */
443int ec_GFp_nistp224_group_init(EC_GROUP *group);
444int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
445int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
446int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
447int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
448int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
449int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
450
451/* method functions in ecp_nistp256.c */
452int ec_GFp_nistp256_group_init(EC_GROUP *group);
453int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
454int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
455int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
456int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
457int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
458int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
459
460#ifdef ECP_NISTZ256_ASM
461const EC_METHOD *EC_GFp_nistz256_method(void);
462#endif
463
464/* EC_METHOD definitions */
465
466struct ec_key_method_st {
467 const char *name;
468 int32_t flags;
469 int (*init)(EC_KEY *key);
470 void (*finish)(EC_KEY *key);
471 int (*copy)(EC_KEY *dest, const EC_KEY *src);
472 int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
473 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
474 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
475 int (*keygen)(EC_KEY *key);
476 int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
477 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
478 int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
479 *sig, unsigned int *siglen, const BIGNUM *kinv,
480 const BIGNUM *r, EC_KEY *eckey);
481 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
482 BIGNUM **rp);
483 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
484 const BIGNUM *in_kinv, const BIGNUM *in_r,
485 EC_KEY *eckey);
486 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
487 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
488 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
489 const ECDSA_SIG *sig, EC_KEY *eckey);
490} /* EC_KEY_METHOD */;
491
492#define EC_KEY_METHOD_DYNAMIC 1
493
494int ossl_ec_key_gen(EC_KEY *eckey);
495int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
496 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
497int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
498 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
499int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
500 const ECDSA_SIG *sig, EC_KEY *eckey);
501
502/* method functions in ecp_nistp521.c */
503int ec_GFp_nistp521_group_init(EC_GROUP *group);
504int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
505int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
506int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
507int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
508int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
509int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
510
511/* utility functions in ecp_nistputil.c */
512void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
513 size_t felem_size, void *tmp_felems,
514 void (*felem_one)(void *out),
515 int (*felem_is_zero)(const void *in),
516 void (*felem_assign)(void *out, const void *in),
517 void (*felem_square)(void *out, const void *in),
518 void (*felem_mul)(void *out, const void *in1, const void *in2),
519 void (*felem_inv)(void *out, const void *in),
520 void (*felem_contract)(void *out, const void *in));
521void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in);
522
523#endif
524
525__END_HIDDEN_DECLS