130 int ec_GFp_simple_group_init(EC_GROUP *group)
132 	BN_init(&group->field);
133 	BN_init(&group->a);
134 	BN_init(&group->b);
135 	group->a_is_minus3 = 0;
140 void ec_GFp_simple_group_finish(EC_GROUP *group)
142 	BN_free(&group->field);
143 	BN_free(&group->a);
144 	BN_free(&group->b);
148 void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
150 	BN_clear_free(&group->field);
151 	BN_clear_free(&group->a);
152 	BN_clear_free(&group->b);
168 int ec_GFp_simple_group_set_curve(EC_GROUP *group,
193 	/* group->field */
194 	if (!BN_copy(&group->field, p)) goto err;
195 	BN_set_negative(&group->field, 0);
197 	/* group->a */
199 	if (group->meth->field_encode)
200 		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }	
202 		if (!BN_copy(&group->a, tmp_a)) goto err;
204 	/* group->b */
205 	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
206 	if (group->meth->field_encode)
207 		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
209 	/* group->a_is_minus3 */
211 	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
223 int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
230 		if (!BN_copy(p, &group->field)) return 0;
235 		if (group->meth->field_decode)
245 				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
249 				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
256 				if (!BN_copy(a, &group->a)) goto err;
260 				if (!BN_copy(b, &group->b)) goto err;
274 int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
276 	return BN_num_bits(&group->field);
280 int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
284 	const BIGNUM *p = &group->field;
304 	if (group->meth->field_decode)
306 		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
307 		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
311 		if (!BN_copy(a, &group->a)) goto err;
312 		if (!BN_copy(b, &group->b)) goto err;
385 int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
393 int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
408 		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
409 		if (group->meth->field_encode)
411 			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
417 		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
418 		if (group->meth->field_encode)
420 			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
428 		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
430 		if (group->meth->field_encode)
432 			if (Z_is_one && (group->meth->field_set_to_one != 0))
434 				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
438 				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
453 int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
459 	if (group->meth->field_decode != 0)
470 			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
474 			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
478 			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
506 int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
516 	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
520 int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
528 	if (EC_POINT_is_at_infinity(group, point))
550 	if (group->meth->field_decode)
552 		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
562 		if (group->meth->field_decode)
566 				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
570 				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
587 		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
593 		if (group->meth->field_encode == 0)
596 			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
600 			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
606 			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
611 			if (group->meth->field_encode == 0)
614 				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
618 				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
622 			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
636 int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
668 	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
669 	if (group->meth->field_decode == 0)
672 		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
673 		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
677 		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
678 		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
682 	if (group->a_is_minus3)
684 		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
685 		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
686 		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
690 		if (group->meth->field_decode)
692 			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
693 			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
698 			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
701 		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
705 	if (group->meth->field_decode)
707 		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
708 		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
712 		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
715 	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
735 			kron = BN_kronecker(x, &group->field, ctx);
745 		if (!BN_usub(y, &group->field, y)) goto err;
753 	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
765 size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
782 	if (EC_POINT_is_at_infinity(group, point))
799 	field_len = BN_num_bytes(&group->field);
824 		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
891 int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
930 		return EC_POINT_set_to_infinity(group, point);
933 	field_len = BN_num_bytes(&group->field);
955 	if (BN_ucmp(x, &group->field) >= 0)
963 		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
968 		if (BN_ucmp(y, &group->field) >= 0)
982 		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
985 	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
1001 int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
1011 		return EC_POINT_dbl(group, r, a, ctx);
1012 	if (EC_POINT_is_at_infinity(group, a))
1014 	if (EC_POINT_is_at_infinity(group, b))
1017 	field_mul = group->meth->field_mul;
1018 	field_sqr = group->meth->field_sqr;
1019 	p = &group->field;
1053 		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
1054 		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
1057 		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
1058 		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
1072 		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
1073 		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
1076 		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
1077 		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
1093 			ret = EC_POINT_dbl(group, r, a, ctx);
1125 			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
1126 		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
1132 	if (!field_sqr(group, n0, n6, ctx)) goto end;
1133 	if (!field_sqr(group, n4, n5, ctx)) goto end;
1134 	if (!field_mul(group, n3, n1, n4, ctx)) goto end;
1144 	if (!field_mul(group, n0, n0, n6, ctx)) goto end;
1145 	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
1146 	if (!field_mul(group, n1, n2, n5, ctx)) goto end;
1165 int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
1174 	if (EC_POINT_is_at_infinity(group, a))
1181 	field_mul = group->meth->field_mul;
1182 	field_sqr = group->meth->field_sqr;
1183 	p = &group->field;
1207 		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
1210 		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
1213 	else if (group->a_is_minus3)
1215 		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
1218 		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
1226 		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
1229 		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
1230 		if (!field_sqr(group, n1, n1, ctx)) goto err;
1231 		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
1243 		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
1250 	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
1251 	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
1257 	if (!field_sqr(group, &r->X, n1, ctx)) goto err;
1262 	if (!field_sqr(group, n0, n3, ctx)) goto err;
1268 	if (!field_mul(group, n0, n1, n0, ctx)) goto err;
1282 int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1284 	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
1288 	return BN_usub(&point->Y, &group->field, &point->Y);
1292 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
1298 int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
1307 	if (EC_POINT_is_at_infinity(group, point))
1310 	field_mul = group->meth->field_mul;
1311 	field_sqr = group->meth->field_sqr;
1312 	p = &group->field;
1338 	if (!field_sqr(group, rh, &point->X, ctx)) goto err;
1342 		if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;
1343 		if (!field_sqr(group, Z4, tmp, ctx)) goto err;
1344 		if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;
1347 		if (group->a_is_minus3)
1352 			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
1356 			if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;
1358 			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
1362 		if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;
1370 		if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;
1371 		if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
1373 		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
1377 	if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;
1389 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
1404 	if (EC_POINT_is_at_infinity(group, a))
1406 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
1414 	field_mul = group->meth->field_mul;
1415 	field_sqr = group->meth->field_sqr;
1439 		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
1440 		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
1447 		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
1448 		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
1464 		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
1465 		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
1472 		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
1473 		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
1497 int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1503 	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
1518 	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
1519 	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
1536 int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
1617 					if (!group->meth->field_mul(group, heap[i],
1627 		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
1633 	if (group->meth->field_encode != 0)
1638 		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
1639 		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
1648 			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
1649 			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
1668 			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
1669 			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
1671 			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
1672 			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
1674 			if (group->meth->field_set_to_one != 0)
1676 				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
1706 int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
1708 	return BN_mod_mul(r, a, b, &group->field, ctx);
1712 int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
1714 	return BN_mod_sqr(r, a, &group->field, ctx);

Indexes created Sat Sep 07 21:54:46 MDT 2024