1 files changed, 434 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EC_GROUP_copy.3 b/src/lib/libcrypto/man/EC_GROUP_copy.3
new file mode 100644
index 0000000000..61c094700a
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_copy.3
@@ -0,0 +1,434 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt EC_GROUP_COPY 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_copy ,
+.Nm EC_GROUP_dup ,
+.Nm EC_GROUP_method_of ,
+.Nm EC_GROUP_set_generator ,
+.Nm EC_GROUP_get0_generator ,
+.Nm EC_GROUP_get_order ,
+.Nm EC_GROUP_get_cofactor ,
+.Nm EC_GROUP_set_curve_name ,
+.Nm EC_GROUP_get_curve_name ,
+.Nm EC_GROUP_set_asn1_flag ,
+.Nm EC_GROUP_get_asn1_flag ,
+.Nm EC_GROUP_set_point_conversion_form ,
+.Nm EC_GROUP_get_point_conversion_form ,
+.Nm EC_GROUP_get0_seed ,
+.Nm EC_GROUP_get_seed_len ,
+.Nm EC_GROUP_set_seed ,
+.Nm EC_GROUP_get_degree ,
+.Nm EC_GROUP_check ,
+.Nm EC_GROUP_check_discriminant ,
+.Nm EC_GROUP_cmp ,
+.Nm EC_GROUP_get_basis_type ,
+.Nm EC_GROUP_get_trinomial_basis ,
+.Nm EC_GROUP_get_pentanomial_basis
+.Nd manipulate EC_GROUP objects
+.Sh SYNOPSIS
+.In openssl/ec.h
+.In openssl/bn.h
+.Ft int
+.Fo EC_GROUP_copy
+.Fa "EC_GROUP *dst"
+.Fa "const EC_GROUP *src"
+.Fc
+.Ft EC_GROUP *
+.Fo EC_GROUP_dup
+.Fa "const EC_GROUP *src"
+.Fc
+.Ft const EC_METHOD *
+.Fo EC_GROUP_method_of
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_set_generator
+.Fa "EC_GROUP *group"
+.Fa "const EC_POINT *generator"
+.Fa "const BIGNUM *order"
+.Fa "const BIGNUM *cofactor"
+.Fc
+.Ft const EC_POINT *
+.Fo EC_GROUP_get0_generator
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_order
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *order"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_cofactor
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *cofactor"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft void
+.Fo EC_GROUP_set_curve_name
+.Fa "EC_GROUP *group"
+.Fa "int nid"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_curve_name
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft void
+.Fo EC_GROUP_set_asn1_flag
+.Fa "EC_GROUP *group"
+.Fa "int flag"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_asn1_flag
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft void
+.Fo EC_GROUP_set_point_conversion_form
+.Fa "EC_GROUP *group"
+.Fa "point_conversion_form_t form"
+.Fc
+.Ft point_conversion_form_t
+.Fo EC_GROUP_get_point_conversion_form
+.Fa "const EC_GROUP *"
+.Fc
+.Ft unsigned char *
+.Fo EC_GROUP_get0_seed
+.Fa "const EC_GROUP *x"
+.Fc
+.Ft size_t
+.Fo EC_GROUP_get_seed_len
+.Fa "const EC_GROUP *"
+.Fc
+.Ft size_t
+.Fo EC_GROUP_set_seed
+.Fa "EC_GROUP *"
+.Fa "const unsigned char *"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_degree
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_check
+.Fa "const EC_GROUP *group"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_check_discriminant
+.Fa "const EC_GROUP *group"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_cmp
+.Fa "const EC_GROUP *a"
+.Fa "const EC_GROUP *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_basis_type
+.Fa "const EC_GROUP *"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_trinomial_basis
+.Fa "const EC_GROUP *"
+.Fa "unsigned int *k"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_pentanomial_basis
+.Fa "const EC_GROUP *"
+.Fa "unsigned int *k1"
+.Fa "unsigned int *k2"
+.Fa "unsigned int *k3"
+.Fc
+.Sh DESCRIPTION
+.Fn EC_GROUP_copy
+copies the curve
+.Fa src
+into
+.Fa dst .
+Both
+.Fa src
+and
+.Fa dst
+must use the same
+.Vt EC_METHOD .
+.Pp
+.Fn EC_GROUP_dup
+creates a new
+.Vt EC_GROUP
+object and copies the content from
+.Fa src
+to the newly created
+.Vt EC_GROUP
+object.
+.Pp
+.Fn EC_GROUP_method_of
+obtains the
+.Vt EC_METHOD
+of
+.Fa group .
+.Pp
+.Fn EC_GROUP_set_generator
+sets curve paramaters that must be agreed by all participants using
+the curve.
+These paramaters include the
+.Fa generator ,
+the
+.Fa order
+and the
+.Fa cofactor .
+The
+.Fa generator
+is a well defined point on the curve chosen for cryptographic
+operations.
+Integers used for point multiplications will be between 0 and
+.Fa order No - 1 .
+The
+.Fa order
+multipied by the
+.Fa cofactor
+gives the number of points on the curve.
+.Pp
+.Fn EC_GROUP_get0_generator
+returns the generator for the identified
+.Fa group .
+.Pp
+The functions
+.Fn EC_GROUP_get_order
+and
+.Fn EC_GROUP_get_cofactor
+populate the provided
+.Fa order
+and
+.Fa cofactor
+parameters with the respective order and cofactors for the
+.Fa group .
+.Pp
+The functions
+.Fn EC_GROUP_set_curve_name
+and
+.Fn EC_GROUP_get_curve_name
+set and get the NID for the curve, respectively (see
+.Xr EC_GROUP_new 3 ) .
+If a curve does not have a NID associated with it, then
+.Fn EC_GROUP_get_curve_name
+will return 0.
+.Pp
+The asn1_flag value on a curve is used to determine whether there is a
+specific ASN1 OID to describe the curve or not.
+If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID.
+If not then asn1_flag is 0.
+The functions
+.Fn EC_GROUP_get_asn1_flag
+and
+.Fn EC_GROUP_set_asn1_flag
+get and set the status of the asn1_flag for the curve.
+If set, then the curve_name must also be set.
+.Pp
+The point_conversion_form for a curve controls how
+.Vt EC_POINT
+data is encoded as ASN1 as defined in X9.62 (ECDSA).
+.Vt point_conversion_form_t
+is an enum defined as follows:
+.Bd -literal
+typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *   which solution of the quadratic equation y is  */
+        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x02  */
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+        POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+.Ed
+.Pp
+For
+.Dv POINT_CONVERSION_UNCOMPRESSED
+the point is encoded as an octet signifying the UNCOMPRESSED form
+has been used followed by the octets for x, followed by the octets
+for y.
+.Pp
+For any given x co-ordinate for a point on a curve it is possible to
+derive two possible y values.
+For
+.Dv POINT_CONVERSION_COMPRESSED
+the point is encoded as an octet signifying that the COMPRESSED
+form has been used AND which of the two possible solutions for y
+has been used, followed by the octets for x.
+.Pp
+For
+.Dv POINT_CONVERSION_HYBRID
+the point is encoded as an octet signifying the HYBRID form has
+been used AND which of the two possible solutions for y has been
+used, followed by the octets for x, followed by the octets for y.
+.Pp
+The functions
+.Fn EC_GROUP_set_point_conversion_form
+and
+.Fn EC_GROUP_get_point_conversion_form
+set and get the point_conversion_form for the curve, respectively.
+.Pp
+ANSI X9.62 (ECDSA standard) defines a method of generating the curve
+parameter b from a random number.
+This provides advantages in that a parameter obtained in this way is
+highly unlikely to be susceptible to special purpose attacks, or have
+any trapdoors in it.
+If the seed is present for a curve then the b parameter was generated in
+a verifiable fashion using that seed.
+The OpenSSL EC library does not use this seed value but does enable you
+to inspect it using
+.Fn EC_GROUP_get0_seed .
+This returns a pointer to a memory block containing the seed that was
+used.
+The length of the memory block can be obtained using
+.Fn EC_GROUP_get_seed_len .
+A number of the builtin curves within the library provide seed values
+that can be obtained.
+It is also possible to set a custom seed using
+.Fn EC_GROUP_set_seed
+and passing a pointer to a memory block, along with the length of
+the seed.
+Again, the EC library will not use this seed value, although it will be
+preserved in any ASN1 based communications.
+.Pp
+.Fn EC_GROUP_get_degree
+gets the degree of the field.
+For Fp fields this will be the number of bits in p.
+For F2^m fields this will be the value m.
+.Pp
+The function
+.Fn EC_GROUP_check_discriminant
+calculates the discriminant for the curve and verifies that it is
+valid.
+For a curve defined over Fp the discriminant is given by the formula
+4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b.
+In either case for the curve to be valid the discriminant must be
+non-zero.
+.Pp
+The function
+.Fn EC_GROUP_check
+performs a number of checks on a curve to verify that it is valid.
+Checks performed include verifying that the discriminant is non zero;
+that a generator has been defined; that the generator is on the curve
+and has the correct order.
+.Pp
+.Fn EC_GROUP_cmp
+compares
+.Fa a
+and
+.Fa b
+to determine whether they represent the same curve or not.
+.Pp
+The functions
+.Fn EC_GROUP_get_basis_type ,
+.Fn EC_GROUP_get_trinomial_basis ,
+and
+.Fn EC_GROUP_get_pentanomial_basis
+should only be called for curves defined over an F2^m field.
+Addition and multiplication operations within an F2^m field are
+performed using an irreducible polynomial function f(x).
+This function is either a trinomial of the form:
+.Pp
+.Dl f(x) = x^m + x^k + 1 with m > k >= 1
+.Pp
+or a pentanomial of the form:
+.Pp
+.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
+.Pp
+The function
+.Fn EC_GROUP_get_basis_type
+returns a NID identifying whether a trinomial or pentanomial is in
+use for the field.
+The function
+.Fn EC_GROUP_get_trinomial_basis
+must only be called where f(x) is of the trinomial form, and returns
+the value of
+.Fa k .
+Similarly, the function
+.Fn EC_GROUP_get_pentanomial_basis
+must only be called where f(x) is of the pentanomial form, and
+returns the values of
+.Fa k1 ,
+.Fa k2 ,
+and
+.Fa k3 .
+.Sh RETURN VALUES
+The following functions return 1 on success or 0 on error:
+.Fn EC_GROUP_copy ,
+.Fn EC_GROUP_set_generator ,
+.Fn EC_GROUP_check ,
+.Fn EC_GROUP_check_discriminant ,
+.Fn EC_GROUP_get_trinomial_basis ,
+and
+.Fn EC_GROUP_get_pentanomial_basis .
+.Pp
+.Fn EC_GROUP_dup
+returns a pointer to the duplicated curve or
+.Dv NULL
+on error.
+.Pp
+.Fn EC_GROUP_method_of
+returns the
+.Vt EC_METHOD
+implementation in use for the given curve or
+.Dv NULL
+on error.
+.Pp
+.Fn EC_GROUP_get0_generator
+returns the generator for the given curve or
+.Dv NULL
+on error.
+.Pp
+.Fn EC_GROUP_get_order ,
+.Fn EC_GROUP_get_cofactor ,
+.Fn EC_GROUP_get_curve_name ,
+.Fn EC_GROUP_get_asn1_flag ,
+.Fn EC_GROUP_get_point_conversion_form ,
+and
+.Fn EC_GROUP_get_degree
+return the order, cofactor, curve name (NID), ASN1 flag,
+point_conversion_form and degree for the specified curve, respectively.
+If there is no curve name associated with a curve then
+.Fn EC_GROUP_get_curve_name
+returns 0.
+.Pp
+.Fn EC_GROUP_get0_seed
+returns a pointer to the seed that was used to generate the parameter
+b, or
+.Dv NULL
+if the seed is not specified.
+.Fn EC_GROUP_get_seed_len
+returns the length of the seed or 0 if the seed is not specified.
+.Pp
+.Fn EC_GROUP_set_seed
+returns the length of the seed that has been set.
+If the supplied seed is
+.Dv NULL
+or the supplied seed length is 0, the return value will be 1.
+On error 0 is returned.
+.Pp
+.Fn EC_GROUP_cmp
+returns 0 if the curves are equal, 1 if they are not equal,
+or -1 on error.
+.Pp
+.Fn EC_GROUP_get_basis_type
+returns the values
+.Dv NID_X9_62_tpBasis
+or
+.Dv NID_X9_62_ppBasis
+as defined in
+.In openssl/obj_mac.h
+for a trinomial or pentanomial, respectively.
+Alternatively in the event of an error a 0 is returned.
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr ec 3 ,
+.Xr EC_GFp_simple_method 3 ,
+.Xr EC_GROUP_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_new 3

diff --git a/src/lib/libcrypto/man/EC_GROUP_copy.3 b/src/lib/libcrypto/man/EC_GROUP_copy.3 new file mode 100644 index 0000000000..61c094700a --- /dev/null +++ b/src/lib/libcrypto/man/EC_GROUP_copy.3
@@ -0,0 +1,434 @@
	1	.Dd $Mdocdate: November 2 2016 $
	2	.Dt EC_GROUP_COPY 3
	3	.Os
	4	.Sh NAME
	5	.Nm EC_GROUP_copy ,
	6	.Nm EC_GROUP_dup ,
	7	.Nm EC_GROUP_method_of ,
	8	.Nm EC_GROUP_set_generator ,
	9	.Nm EC_GROUP_get0_generator ,
	10	.Nm EC_GROUP_get_order ,
	11	.Nm EC_GROUP_get_cofactor ,
	12	.Nm EC_GROUP_set_curve_name ,
	13	.Nm EC_GROUP_get_curve_name ,
	14	.Nm EC_GROUP_set_asn1_flag ,
	15	.Nm EC_GROUP_get_asn1_flag ,
	16	.Nm EC_GROUP_set_point_conversion_form ,
	17	.Nm EC_GROUP_get_point_conversion_form ,
	18	.Nm EC_GROUP_get0_seed ,
	19	.Nm EC_GROUP_get_seed_len ,
	20	.Nm EC_GROUP_set_seed ,
	21	.Nm EC_GROUP_get_degree ,
	22	.Nm EC_GROUP_check ,
	23	.Nm EC_GROUP_check_discriminant ,
	24	.Nm EC_GROUP_cmp ,
	25	.Nm EC_GROUP_get_basis_type ,
	26	.Nm EC_GROUP_get_trinomial_basis ,
	27	.Nm EC_GROUP_get_pentanomial_basis
	28	.Nd manipulate EC_GROUP objects
	29	.Sh SYNOPSIS
	30	.In openssl/ec.h
	31	.In openssl/bn.h
	32	.Ft int
	33	.Fo EC_GROUP_copy
	34	.Fa "EC_GROUP *dst"
	35	.Fa "const EC_GROUP *src"
	36	.Fc
	37	.Ft EC_GROUP *
	38	.Fo EC_GROUP_dup
	39	.Fa "const EC_GROUP *src"
	40	.Fc
	41	.Ft const EC_METHOD *
	42	.Fo EC_GROUP_method_of
	43	.Fa "const EC_GROUP *group"
	44	.Fc
	45	.Ft int
	46	.Fo EC_GROUP_set_generator
	47	.Fa "EC_GROUP *group"
	48	.Fa "const EC_POINT *generator"
	49	.Fa "const BIGNUM *order"
	50	.Fa "const BIGNUM *cofactor"
	51	.Fc
	52	.Ft const EC_POINT *
	53	.Fo EC_GROUP_get0_generator
	54	.Fa "const EC_GROUP *group"
	55	.Fc
	56	.Ft int
	57	.Fo EC_GROUP_get_order
	58	.Fa "const EC_GROUP *group"
	59	.Fa "BIGNUM *order"
	60	.Fa "BN_CTX *ctx"
	61	.Fc
	62	.Ft int
	63	.Fo EC_GROUP_get_cofactor
	64	.Fa "const EC_GROUP *group"
	65	.Fa "BIGNUM *cofactor"
	66	.Fa "BN_CTX *ctx"
	67	.Fc
	68	.Ft void
	69	.Fo EC_GROUP_set_curve_name
	70	.Fa "EC_GROUP *group"
	71	.Fa "int nid"
	72	.Fc
	73	.Ft int
	74	.Fo EC_GROUP_get_curve_name
	75	.Fa "const EC_GROUP *group"
	76	.Fc
	77	.Ft void
	78	.Fo EC_GROUP_set_asn1_flag
	79	.Fa "EC_GROUP *group"
	80	.Fa "int flag"
	81	.Fc
	82	.Ft int
	83	.Fo EC_GROUP_get_asn1_flag
	84	.Fa "const EC_GROUP *group"
	85	.Fc
	86	.Ft void
	87	.Fo EC_GROUP_set_point_conversion_form
	88	.Fa "EC_GROUP *group"
	89	.Fa "point_conversion_form_t form"
	90	.Fc
	91	.Ft point_conversion_form_t
	92	.Fo EC_GROUP_get_point_conversion_form
	93	.Fa "const EC_GROUP *"
	94	.Fc
	95	.Ft unsigned char *
	96	.Fo EC_GROUP_get0_seed
	97	.Fa "const EC_GROUP *x"
	98	.Fc
	99	.Ft size_t
	100	.Fo EC_GROUP_get_seed_len
	101	.Fa "const EC_GROUP *"
	102	.Fc
	103	.Ft size_t
	104	.Fo EC_GROUP_set_seed
	105	.Fa "EC_GROUP *"
	106	.Fa "const unsigned char *"
	107	.Fa "size_t len"
	108	.Fc
	109	.Ft int
	110	.Fo EC_GROUP_get_degree
	111	.Fa "const EC_GROUP *group"
	112	.Fc
	113	.Ft int
	114	.Fo EC_GROUP_check
	115	.Fa "const EC_GROUP *group"
	116	.Fa "BN_CTX *ctx"
	117	.Fc
	118	.Ft int
	119	.Fo EC_GROUP_check_discriminant
	120	.Fa "const EC_GROUP *group"
	121	.Fa "BN_CTX *ctx"
	122	.Fc
	123	.Ft int
	124	.Fo EC_GROUP_cmp
	125	.Fa "const EC_GROUP *a"
	126	.Fa "const EC_GROUP *b"
	127	.Fa "BN_CTX *ctx"
	128	.Fc
	129	.Ft int
	130	.Fo EC_GROUP_get_basis_type
	131	.Fa "const EC_GROUP *"
	132	.Fc
	133	.Ft int
	134	.Fo EC_GROUP_get_trinomial_basis
	135	.Fa "const EC_GROUP *"
	136	.Fa "unsigned int *k"
	137	.Fc
	138	.Ft int
	139	.Fo EC_GROUP_get_pentanomial_basis
	140	.Fa "const EC_GROUP *"
	141	.Fa "unsigned int *k1"
	142	.Fa "unsigned int *k2"
	143	.Fa "unsigned int *k3"
	144	.Fc
	145	.Sh DESCRIPTION
	146	.Fn EC_GROUP_copy
	147	copies the curve
	148	.Fa src
	149	into
	150	.Fa dst .
	151	Both
	152	.Fa src
	153	and
	154	.Fa dst
	155	must use the same
	156	.Vt EC_METHOD .
	157	.Pp
	158	.Fn EC_GROUP_dup
	159	creates a new
	160	.Vt EC_GROUP
	161	object and copies the content from
	162	.Fa src
	163	to the newly created
	164	.Vt EC_GROUP
	165	object.
	166	.Pp
	167	.Fn EC_GROUP_method_of
	168	obtains the
	169	.Vt EC_METHOD
	170	of
	171	.Fa group .
	172	.Pp
	173	.Fn EC_GROUP_set_generator
	174	sets curve paramaters that must be agreed by all participants using
	175	the curve.
	176	These paramaters include the
	177	.Fa generator ,
	178	the
	179	.Fa order
	180	and the
	181	.Fa cofactor .
	182	The
	183	.Fa generator
	184	is a well defined point on the curve chosen for cryptographic
	185	operations.
	186	Integers used for point multiplications will be between 0 and
	187	.Fa order No - 1 .
	188	The
	189	.Fa order
	190	multipied by the
	191	.Fa cofactor
	192	gives the number of points on the curve.
	193	.Pp
	194	.Fn EC_GROUP_get0_generator
	195	returns the generator for the identified
	196	.Fa group .
	197	.Pp
	198	The functions
	199	.Fn EC_GROUP_get_order
	200	and
	201	.Fn EC_GROUP_get_cofactor
	202	populate the provided
	203	.Fa order
	204	and
	205	.Fa cofactor
	206	parameters with the respective order and cofactors for the
	207	.Fa group .
	208	.Pp
	209	The functions
	210	.Fn EC_GROUP_set_curve_name
	211	and
	212	.Fn EC_GROUP_get_curve_name
	213	set and get the NID for the curve, respectively (see
	214	.Xr EC_GROUP_new 3 ) .
	215	If a curve does not have a NID associated with it, then
	216	.Fn EC_GROUP_get_curve_name
	217	will return 0.
	218	.Pp
	219	The asn1_flag value on a curve is used to determine whether there is a
	220	specific ASN1 OID to describe the curve or not.
	221	If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID.
	222	If not then asn1_flag is 0.
	223	The functions
	224	.Fn EC_GROUP_get_asn1_flag
	225	and
	226	.Fn EC_GROUP_set_asn1_flag
	227	get and set the status of the asn1_flag for the curve.
	228	If set, then the curve_name must also be set.
	229	.Pp
	230	The point_conversion_form for a curve controls how
	231	.Vt EC_POINT
	232	data is encoded as ASN1 as defined in X9.62 (ECDSA).
	233	.Vt point_conversion_form_t
	234	is an enum defined as follows:
	235	.Bd -literal
	236	typedef enum {
	237	/** the point is encoded as z\|\|x, where the octet z specifies
	238	* which solution of the quadratic equation y is */
	239	POINT_CONVERSION_COMPRESSED = 2,
	240	/** the point is encoded as z\|\|x\|\|y, where z is the octet 0x02 */
	241	POINT_CONVERSION_UNCOMPRESSED = 4,
	242	/** the point is encoded as z\|\|x\|\|y, where the octet z specifies
	243	* which solution of the quadratic equation y is */
	244	POINT_CONVERSION_HYBRID = 6
	245	} point_conversion_form_t;
	246	.Ed
	247	.Pp
	248	For
	249	.Dv POINT_CONVERSION_UNCOMPRESSED
	250	the point is encoded as an octet signifying the UNCOMPRESSED form
	251	has been used followed by the octets for x, followed by the octets
	252	for y.
	253	.Pp
	254	For any given x co-ordinate for a point on a curve it is possible to
	255	derive two possible y values.
	256	For
	257	.Dv POINT_CONVERSION_COMPRESSED
	258	the point is encoded as an octet signifying that the COMPRESSED
	259	form has been used AND which of the two possible solutions for y
	260	has been used, followed by the octets for x.
	261	.Pp
	262	For
	263	.Dv POINT_CONVERSION_HYBRID
	264	the point is encoded as an octet signifying the HYBRID form has
	265	been used AND which of the two possible solutions for y has been
	266	used, followed by the octets for x, followed by the octets for y.
	267	.Pp
	268	The functions
	269	.Fn EC_GROUP_set_point_conversion_form
	270	and
	271	.Fn EC_GROUP_get_point_conversion_form
	272	set and get the point_conversion_form for the curve, respectively.
	273	.Pp
	274	ANSI X9.62 (ECDSA standard) defines a method of generating the curve
	275	parameter b from a random number.
	276	This provides advantages in that a parameter obtained in this way is
	277	highly unlikely to be susceptible to special purpose attacks, or have
	278	any trapdoors in it.
	279	If the seed is present for a curve then the b parameter was generated in
	280	a verifiable fashion using that seed.
	281	The OpenSSL EC library does not use this seed value but does enable you
	282	to inspect it using
	283	.Fn EC_GROUP_get0_seed .
	284	This returns a pointer to a memory block containing the seed that was
	285	used.
	286	The length of the memory block can be obtained using
	287	.Fn EC_GROUP_get_seed_len .
	288	A number of the builtin curves within the library provide seed values
	289	that can be obtained.
	290	It is also possible to set a custom seed using
	291	.Fn EC_GROUP_set_seed
	292	and passing a pointer to a memory block, along with the length of
	293	the seed.
	294	Again, the EC library will not use this seed value, although it will be
	295	preserved in any ASN1 based communications.
	296	.Pp
	297	.Fn EC_GROUP_get_degree
	298	gets the degree of the field.
	299	For Fp fields this will be the number of bits in p.
	300	For F2^m fields this will be the value m.
	301	.Pp
	302	The function
	303	.Fn EC_GROUP_check_discriminant
	304	calculates the discriminant for the curve and verifies that it is
	305	valid.
	306	For a curve defined over Fp the discriminant is given by the formula
	307	4a^3 + 27b^2 whilst for F2^m curves the discriminant is simply b.
	308	In either case for the curve to be valid the discriminant must be
	309	non-zero.
	310	.Pp
	311	The function
	312	.Fn EC_GROUP_check
	313	performs a number of checks on a curve to verify that it is valid.
	314	Checks performed include verifying that the discriminant is non zero;
	315	that a generator has been defined; that the generator is on the curve
	316	and has the correct order.
	317	.Pp
	318	.Fn EC_GROUP_cmp
	319	compares
	320	.Fa a
	321	and
	322	.Fa b
	323	to determine whether they represent the same curve or not.
	324	.Pp
	325	The functions
	326	.Fn EC_GROUP_get_basis_type ,
	327	.Fn EC_GROUP_get_trinomial_basis ,
	328	and
	329	.Fn EC_GROUP_get_pentanomial_basis
	330	should only be called for curves defined over an F2^m field.
	331	Addition and multiplication operations within an F2^m field are
	332	performed using an irreducible polynomial function f(x).
	333	This function is either a trinomial of the form:
	334	.Pp
	335	.Dl f(x) = x^m + x^k + 1 with m > k >= 1
	336	.Pp
	337	or a pentanomial of the form:
	338	.Pp
	339	.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
	340	.Pp
	341	The function
	342	.Fn EC_GROUP_get_basis_type
	343	returns a NID identifying whether a trinomial or pentanomial is in
	344	use for the field.
	345	The function
	346	.Fn EC_GROUP_get_trinomial_basis
	347	must only be called where f(x) is of the trinomial form, and returns
	348	the value of
	349	.Fa k .
	350	Similarly, the function
	351	.Fn EC_GROUP_get_pentanomial_basis
	352	must only be called where f(x) is of the pentanomial form, and
	353	returns the values of
	354	.Fa k1 ,
	355	.Fa k2 ,
	356	and
	357	.Fa k3 .
	358	.Sh RETURN VALUES
	359	The following functions return 1 on success or 0 on error:
	360	.Fn EC_GROUP_copy ,
	361	.Fn EC_GROUP_set_generator ,
	362	.Fn EC_GROUP_check ,
	363	.Fn EC_GROUP_check_discriminant ,
	364	.Fn EC_GROUP_get_trinomial_basis ,
	365	and
	366	.Fn EC_GROUP_get_pentanomial_basis .
	367	.Pp
	368	.Fn EC_GROUP_dup
	369	returns a pointer to the duplicated curve or
	370	.Dv NULL
	371	on error.
	372	.Pp
	373	.Fn EC_GROUP_method_of
	374	returns the
	375	.Vt EC_METHOD
	376	implementation in use for the given curve or
	377	.Dv NULL
	378	on error.
	379	.Pp
	380	.Fn EC_GROUP_get0_generator
	381	returns the generator for the given curve or
	382	.Dv NULL
	383	on error.
	384	.Pp
	385	.Fn EC_GROUP_get_order ,
	386	.Fn EC_GROUP_get_cofactor ,
	387	.Fn EC_GROUP_get_curve_name ,
	388	.Fn EC_GROUP_get_asn1_flag ,
	389	.Fn EC_GROUP_get_point_conversion_form ,
	390	and
	391	.Fn EC_GROUP_get_degree
	392	return the order, cofactor, curve name (NID), ASN1 flag,
	393	point_conversion_form and degree for the specified curve, respectively.
	394	If there is no curve name associated with a curve then
	395	.Fn EC_GROUP_get_curve_name
	396	returns 0.
	397	.Pp
	398	.Fn EC_GROUP_get0_seed
	399	returns a pointer to the seed that was used to generate the parameter
	400	b, or
	401	.Dv NULL
	402	if the seed is not specified.
	403	.Fn EC_GROUP_get_seed_len
	404	returns the length of the seed or 0 if the seed is not specified.
	405	.Pp
	406	.Fn EC_GROUP_set_seed
	407	returns the length of the seed that has been set.
	408	If the supplied seed is
	409	.Dv NULL
	410	or the supplied seed length is 0, the return value will be 1.
	411	On error 0 is returned.
	412	.Pp
	413	.Fn EC_GROUP_cmp
	414	returns 0 if the curves are equal, 1 if they are not equal,
	415	or -1 on error.
	416	.Pp
	417	.Fn EC_GROUP_get_basis_type
	418	returns the values
	419	.Dv NID_X9_62_tpBasis
	420	or
	421	.Dv NID_X9_62_ppBasis
	422	as defined in
	423	.In openssl/obj_mac.h
	424	for a trinomial or pentanomial, respectively.
	425	Alternatively in the event of an error a 0 is returned.
	426	.Sh SEE ALSO
	427	.Xr crypto 3 ,
	428	.Xr d2i_ECPKParameters 3 ,
	429	.Xr ec 3 ,
	430	.Xr EC_GFp_simple_method 3 ,
	431	.Xr EC_GROUP_new 3 ,
	432	.Xr EC_KEY_new 3 ,
	433	.Xr EC_POINT_add 3 ,
	434	.Xr EC_POINT_new 3