1/* 2 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11#ifndef HEADER_EC_H 12# define HEADER_EC_H 13 14# include <openssl/opensslconf.h> 15 16# ifndef OPENSSL_NO_EC 17# include <openssl/asn1.h> 18# include <openssl/symhacks.h> 19# if OPENSSL_API_COMPAT < 0x10100000L 20# include <openssl/bn.h> 21# endif 22# include <openssl/ecerr.h> 23# ifdef __cplusplus 24extern "C" { 25# endif 26 27# ifndef OPENSSL_ECC_MAX_FIELD_BITS 28# define OPENSSL_ECC_MAX_FIELD_BITS 661 29# endif 30 31/** Enum for the point conversion form as defined in X9.62 (ECDSA) 32 * for the encoding of a elliptic curve point (x,y) */ 33typedef enum { 34 /** the point is encoded as z||x, where the octet z specifies 35 * which solution of the quadratic equation y is */ 36 POINT_CONVERSION_COMPRESSED = 2, 37 /** the point is encoded as z||x||y, where z is the octet 0x04 */ 38 POINT_CONVERSION_UNCOMPRESSED = 4, 39 /** the point is encoded as z||x||y, where the octet z specifies 40 * which solution of the quadratic equation y is */ 41 POINT_CONVERSION_HYBRID = 6 42} point_conversion_form_t; 43 44typedef struct ec_method_st EC_METHOD; 45typedef struct ec_group_st EC_GROUP; 46typedef struct ec_point_st EC_POINT; 47typedef struct ecpk_parameters_st ECPKPARAMETERS; 48typedef struct ec_parameters_st ECPARAMETERS; 49 50/********************************************************************/ 51/* EC_METHODs for curves over GF(p) */ 52/********************************************************************/ 53 54/** Returns the basic GFp ec methods which provides the basis for the 55 * optimized methods. 56 * \return EC_METHOD object 57 */ 58const EC_METHOD *EC_GFp_simple_method(void); 59 60/** Returns GFp methods using montgomery multiplication. 61 * \return EC_METHOD object 62 */ 63const EC_METHOD *EC_GFp_mont_method(void); 64 65/** Returns GFp methods using optimized methods for NIST recommended curves 66 * \return EC_METHOD object 67 */ 68const EC_METHOD *EC_GFp_nist_method(void); 69 70# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 71/** Returns 64-bit optimized methods for nistp224 72 * \return EC_METHOD object 73 */ 74const EC_METHOD *EC_GFp_nistp224_method(void); 75 76/** Returns 64-bit optimized methods for nistp256 77 * \return EC_METHOD object 78 */ 79const EC_METHOD *EC_GFp_nistp256_method(void); 80 81/** Returns 64-bit optimized methods for nistp521 82 * \return EC_METHOD object 83 */ 84const EC_METHOD *EC_GFp_nistp521_method(void); 85# endif 86 87# ifndef OPENSSL_NO_EC2M 88/********************************************************************/ 89/* EC_METHOD for curves over GF(2^m) */ 90/********************************************************************/ 91 92/** Returns the basic GF2m ec method 93 * \return EC_METHOD object 94 */ 95const EC_METHOD *EC_GF2m_simple_method(void); 96 97# endif 98 99/********************************************************************/ 100/* EC_GROUP functions */ 101/********************************************************************/ 102 103/** Creates a new EC_GROUP object 104 * \param meth EC_METHOD to use 105 * \return newly created EC_GROUP object or NULL in case of an error. 106 */ 107EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); 108 109/** Frees a EC_GROUP object 110 * \param group EC_GROUP object to be freed. 111 */ 112void EC_GROUP_free(EC_GROUP *group); 113 114/** Clears and frees a EC_GROUP object 115 * \param group EC_GROUP object to be cleared and freed. 116 */ 117void EC_GROUP_clear_free(EC_GROUP *group); 118 119/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. 120 * \param dst destination EC_GROUP object 121 * \param src source EC_GROUP object 122 * \return 1 on success and 0 if an error occurred. 123 */ 124int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); 125 126/** Creates a new EC_GROUP object and copies the copies the content 127 * form src to the newly created EC_KEY object 128 * \param src source EC_GROUP object 129 * \return newly created EC_GROUP object or NULL in case of an error. 130 */ 131EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); 132 133/** Returns the EC_METHOD of the EC_GROUP object. 134 * \param group EC_GROUP object 135 * \return EC_METHOD used in this EC_GROUP object. 136 */ 137const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); 138 139/** Returns the field type of the EC_METHOD. 140 * \param meth EC_METHOD object 141 * \return NID of the underlying field type OID. 142 */ 143int EC_METHOD_get_field_type(const EC_METHOD *meth); 144 145/** Sets the generator and its order/cofactor of a EC_GROUP object. 146 * \param group EC_GROUP object 147 * \param generator EC_POINT object with the generator. 148 * \param order the order of the group generated by the generator. 149 * \param cofactor the index of the sub-group generated by the generator 150 * in the group of all points on the elliptic curve. 151 * \return 1 on success and 0 if an error occurred 152 */ 153int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, 154 const BIGNUM *order, const BIGNUM *cofactor); 155 156/** Returns the generator of a EC_GROUP object. 157 * \param group EC_GROUP object 158 * \return the currently used generator (possibly NULL). 159 */ 160const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); 161 162/** Returns the montgomery data for order(Generator) 163 * \param group EC_GROUP object 164 * \return the currently used montgomery data (possibly NULL). 165*/ 166BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); 167 168/** Gets the order of a EC_GROUP 169 * \param group EC_GROUP object 170 * \param order BIGNUM to which the order is copied 171 * \param ctx unused 172 * \return 1 on success and 0 if an error occurred 173 */ 174int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); 175 176/** Gets the order of an EC_GROUP 177 * \param group EC_GROUP object 178 * \return the group order 179 */ 180const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); 181 182/** Gets the number of bits of the order of an EC_GROUP 183 * \param group EC_GROUP object 184 * \return number of bits of group order. 185 */ 186int EC_GROUP_order_bits(const EC_GROUP *group); 187 188/** Gets the cofactor of a EC_GROUP 189 * \param group EC_GROUP object 190 * \param cofactor BIGNUM to which the cofactor is copied 191 * \param ctx unused 192 * \return 1 on success and 0 if an error occurred 193 */ 194int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, 195 BN_CTX *ctx); 196 197/** Gets the cofactor of an EC_GROUP 198 * \param group EC_GROUP object 199 * \return the group cofactor 200 */ 201const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); 202 203/** Sets the name of a EC_GROUP object 204 * \param group EC_GROUP object 205 * \param nid NID of the curve name OID 206 */ 207void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); 208 209/** Returns the curve name of a EC_GROUP object 210 * \param group EC_GROUP object 211 * \return NID of the curve name OID or 0 if not set. 212 */ 213int EC_GROUP_get_curve_name(const EC_GROUP *group); 214 215void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); 216int EC_GROUP_get_asn1_flag(const EC_GROUP *group); 217 218void EC_GROUP_set_point_conversion_form(EC_GROUP *group, 219 point_conversion_form_t form); 220point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); 221 222unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); 223size_t EC_GROUP_get_seed_len(const EC_GROUP *); 224size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); 225 226/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) 227 * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) 228 * \param group EC_GROUP object 229 * \param p BIGNUM with the prime number (GFp) or the polynomial 230 * defining the underlying field (GF2m) 231 * \param a BIGNUM with parameter a of the equation 232 * \param b BIGNUM with parameter b of the equation 233 * \param ctx BN_CTX object (optional) 234 * \return 1 on success and 0 if an error occurred 235 */ 236int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, 237 const BIGNUM *b, BN_CTX *ctx); 238 239/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) 240 * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) 241 * \param group EC_GROUP object 242 * \param p BIGNUM with the prime number (GFp) or the polynomial 243 * defining the underlying field (GF2m) 244 * \param a BIGNUM for parameter a of the equation 245 * \param b BIGNUM for parameter b of the equation 246 * \param ctx BN_CTX object (optional) 247 * \return 1 on success and 0 if an error occurred 248 */ 249int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, 250 BN_CTX *ctx); 251 252/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve 253 * \param group EC_GROUP object 254 * \param p BIGNUM with the prime number (GFp) or the polynomial 255 * defining the underlying field (GF2m) 256 * \param a BIGNUM with parameter a of the equation 257 * \param b BIGNUM with parameter b of the equation 258 * \param ctx BN_CTX object (optional) 259 * \return 1 on success and 0 if an error occurred 260 */ 261DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, 262 const BIGNUM *a, const BIGNUM *b, 263 BN_CTX *ctx)) 264 265/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve 266 * \param group EC_GROUP object 267 * \param p BIGNUM with the prime number (GFp) or the polynomial 268 * defining the underlying field (GF2m) 269 * \param a BIGNUM for parameter a of the equation 270 * \param b BIGNUM for parameter b of the equation 271 * \param ctx BN_CTX object (optional) 272 * \return 1 on success and 0 if an error occurred 273 */ 274DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, 275 BIGNUM *a, BIGNUM *b, 276 BN_CTX *ctx)) 277 278# ifndef OPENSSL_NO_EC2M 279/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve 280 * \param group EC_GROUP object 281 * \param p BIGNUM with the prime number (GFp) or the polynomial 282 * defining the underlying field (GF2m) 283 * \param a BIGNUM with parameter a of the equation 284 * \param b BIGNUM with parameter b of the equation 285 * \param ctx BN_CTX object (optional) 286 * \return 1 on success and 0 if an error occurred 287 */ 288DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, 289 const BIGNUM *a, const BIGNUM *b, 290 BN_CTX *ctx)) 291 292/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve 293 * \param group EC_GROUP object 294 * \param p BIGNUM with the prime number (GFp) or the polynomial 295 * defining the underlying field (GF2m) 296 * \param a BIGNUM for parameter a of the equation 297 * \param b BIGNUM for parameter b of the equation 298 * \param ctx BN_CTX object (optional) 299 * \return 1 on success and 0 if an error occurred 300 */ 301DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, 302 BIGNUM *a, BIGNUM *b, 303 BN_CTX *ctx)) 304# endif 305/** Returns the number of bits needed to represent a field element 306 * \param group EC_GROUP object 307 * \return number of bits needed to represent a field element 308 */ 309int EC_GROUP_get_degree(const EC_GROUP *group); 310 311/** Checks whether the parameter in the EC_GROUP define a valid ec group 312 * \param group EC_GROUP object 313 * \param ctx BN_CTX object (optional) 314 * \return 1 if group is a valid ec group and 0 otherwise 315 */ 316int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); 317 318/** Checks whether the discriminant of the elliptic curve is zero or not 319 * \param group EC_GROUP object 320 * \param ctx BN_CTX object (optional) 321 * \return 1 if the discriminant is not zero and 0 otherwise 322 */ 323int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); 324 325/** Compares two EC_GROUP objects 326 * \param a first EC_GROUP object 327 * \param b second EC_GROUP object 328 * \param ctx BN_CTX object (optional) 329 * \return 0 if the groups are equal, 1 if not, or -1 on error 330 */ 331int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); 332 333/* 334 * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after 335 * choosing an appropriate EC_METHOD 336 */ 337 338/** Creates a new EC_GROUP object with the specified parameters defined 339 * over GFp (defined by the equation y^2 = x^3 + a*x + b) 340 * \param p BIGNUM with the prime number 341 * \param a BIGNUM with the parameter a of the equation 342 * \param b BIGNUM with the parameter b of the equation 343 * \param ctx BN_CTX object (optional) 344 * \return newly created EC_GROUP object with the specified parameters 345 */ 346EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, 347 const BIGNUM *b, BN_CTX *ctx); 348# ifndef OPENSSL_NO_EC2M 349/** Creates a new EC_GROUP object with the specified parameters defined 350 * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) 351 * \param p BIGNUM with the polynomial defining the underlying field 352 * \param a BIGNUM with the parameter a of the equation 353 * \param b BIGNUM with the parameter b of the equation 354 * \param ctx BN_CTX object (optional) 355 * \return newly created EC_GROUP object with the specified parameters 356 */ 357EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, 358 const BIGNUM *b, BN_CTX *ctx); 359# endif 360 361/** Creates a EC_GROUP object with a curve specified by a NID 362 * \param nid NID of the OID of the curve name 363 * \return newly created EC_GROUP object with specified curve or NULL 364 * if an error occurred 365 */ 366EC_GROUP *EC_GROUP_new_by_curve_name(int nid); 367 368/** Creates a new EC_GROUP object from an ECPARAMETERS object 369 * \param params pointer to the ECPARAMETERS object 370 * \return newly created EC_GROUP object with specified curve or NULL 371 * if an error occurred 372 */ 373EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); 374 375/** Creates an ECPARAMETERS object for the given EC_GROUP object. 376 * \param group pointer to the EC_GROUP object 377 * \param params pointer to an existing ECPARAMETERS object or NULL 378 * \return pointer to the new ECPARAMETERS object or NULL 379 * if an error occurred. 380 */ 381ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, 382 ECPARAMETERS *params); 383 384/** Creates a new EC_GROUP object from an ECPKPARAMETERS object 385 * \param params pointer to an existing ECPKPARAMETERS object, or NULL 386 * \return newly created EC_GROUP object with specified curve, or NULL 387 * if an error occurred 388 */ 389EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); 390 391/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. 392 * \param group pointer to the EC_GROUP object 393 * \param params pointer to an existing ECPKPARAMETERS object or NULL 394 * \return pointer to the new ECPKPARAMETERS object or NULL 395 * if an error occurred. 396 */ 397ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, 398 ECPKPARAMETERS *params); 399 400/********************************************************************/ 401/* handling of internal curves */ 402/********************************************************************/ 403 404typedef struct { 405 int nid; 406 const char *comment; 407} EC_builtin_curve; 408 409/* 410 * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all 411 * available curves or zero if a error occurred. In case r is not zero, 412 * nitems EC_builtin_curve structures are filled with the data of the first 413 * nitems internal groups 414 */ 415size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); 416 417const char *EC_curve_nid2nist(int nid); 418int EC_curve_nist2nid(const char *name); 419 420/********************************************************************/ 421/* EC_POINT functions */ 422/********************************************************************/ 423 424/** Creates a new EC_POINT object for the specified EC_GROUP 425 * \param group EC_GROUP the underlying EC_GROUP object 426 * \return newly created EC_POINT object or NULL if an error occurred 427 */ 428EC_POINT *EC_POINT_new(const EC_GROUP *group); 429 430/** Frees a EC_POINT object 431 * \param point EC_POINT object to be freed 432 */ 433void EC_POINT_free(EC_POINT *point); 434 435/** Clears and frees a EC_POINT object 436 * \param point EC_POINT object to be cleared and freed 437 */ 438void EC_POINT_clear_free(EC_POINT *point); 439 440/** Copies EC_POINT object 441 * \param dst destination EC_POINT object 442 * \param src source EC_POINT object 443 * \return 1 on success and 0 if an error occurred 444 */ 445int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); 446 447/** Creates a new EC_POINT object and copies the content of the supplied 448 * EC_POINT 449 * \param src source EC_POINT object 450 * \param group underlying the EC_GROUP object 451 * \return newly created EC_POINT object or NULL if an error occurred 452 */ 453EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); 454 455/** Returns the EC_METHOD used in EC_POINT object 456 * \param point EC_POINT object 457 * \return the EC_METHOD used 458 */ 459const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); 460 461/** Sets a point to infinity (neutral element) 462 * \param group underlying EC_GROUP object 463 * \param point EC_POINT to set to infinity 464 * \return 1 on success and 0 if an error occurred 465 */ 466int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); 467 468/** Sets the jacobian projective coordinates of a EC_POINT over GFp 469 * \param group underlying EC_GROUP object 470 * \param p EC_POINT object 471 * \param x BIGNUM with the x-coordinate 472 * \param y BIGNUM with the y-coordinate 473 * \param z BIGNUM with the z-coordinate 474 * \param ctx BN_CTX object (optional) 475 * \return 1 on success and 0 if an error occurred 476 */ 477int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, 478 EC_POINT *p, const BIGNUM *x, 479 const BIGNUM *y, const BIGNUM *z, 480 BN_CTX *ctx); 481 482/** Gets the jacobian projective coordinates of a EC_POINT over GFp 483 * \param group underlying EC_GROUP object 484 * \param p EC_POINT object 485 * \param x BIGNUM for the x-coordinate 486 * \param y BIGNUM for the y-coordinate 487 * \param z BIGNUM for the z-coordinate 488 * \param ctx BN_CTX object (optional) 489 * \return 1 on success and 0 if an error occurred 490 */ 491int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, 492 const EC_POINT *p, BIGNUM *x, 493 BIGNUM *y, BIGNUM *z, 494 BN_CTX *ctx); 495 496/** Sets the affine coordinates of an EC_POINT 497 * \param group underlying EC_GROUP object 498 * \param p EC_POINT object 499 * \param x BIGNUM with the x-coordinate 500 * \param y BIGNUM with the y-coordinate 501 * \param ctx BN_CTX object (optional) 502 * \return 1 on success and 0 if an error occurred 503 */ 504int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, 505 const BIGNUM *x, const BIGNUM *y, 506 BN_CTX *ctx); 507 508/** Gets the affine coordinates of an EC_POINT. 509 * \param group underlying EC_GROUP object 510 * \param p EC_POINT object 511 * \param x BIGNUM for the x-coordinate 512 * \param y BIGNUM for the y-coordinate 513 * \param ctx BN_CTX object (optional) 514 * \return 1 on success and 0 if an error occurred 515 */ 516int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, 517 BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 518 519/** Sets the affine coordinates of an EC_POINT. A synonym of 520 * EC_POINT_set_affine_coordinates 521 * \param group underlying EC_GROUP object 522 * \param p EC_POINT object 523 * \param x BIGNUM with the x-coordinate 524 * \param y BIGNUM with the y-coordinate 525 * \param ctx BN_CTX object (optional) 526 * \return 1 on success and 0 if an error occurred 527 */ 528DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, 529 EC_POINT *p, 530 const BIGNUM *x, 531 const BIGNUM *y, 532 BN_CTX *ctx)) 533 534/** Gets the affine coordinates of an EC_POINT. A synonym of 535 * EC_POINT_get_affine_coordinates 536 * \param group underlying EC_GROUP object 537 * \param p EC_POINT object 538 * \param x BIGNUM for the x-coordinate 539 * \param y BIGNUM for the y-coordinate 540 * \param ctx BN_CTX object (optional) 541 * \return 1 on success and 0 if an error occurred 542 */ 543DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, 544 const EC_POINT *p, 545 BIGNUM *x, 546 BIGNUM *y, 547 BN_CTX *ctx)) 548 549/** Sets the x9.62 compressed coordinates of a EC_POINT 550 * \param group underlying EC_GROUP object 551 * \param p EC_POINT object 552 * \param x BIGNUM with x-coordinate 553 * \param y_bit integer with the y-Bit (either 0 or 1) 554 * \param ctx BN_CTX object (optional) 555 * \return 1 on success and 0 if an error occurred 556 */ 557int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, 558 const BIGNUM *x, int y_bit, 559 BN_CTX *ctx); 560 561/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of 562 * EC_POINT_set_compressed_coordinates 563 * \param group underlying EC_GROUP object 564 * \param p EC_POINT object 565 * \param x BIGNUM with x-coordinate 566 * \param y_bit integer with the y-Bit (either 0 or 1) 567 * \param ctx BN_CTX object (optional) 568 * \return 1 on success and 0 if an error occurred 569 */ 570DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, 571 EC_POINT *p, 572 const BIGNUM *x, 573 int y_bit, 574 BN_CTX *ctx)) 575# ifndef OPENSSL_NO_EC2M 576/** Sets the affine coordinates of an EC_POINT. A synonym of 577 * EC_POINT_set_affine_coordinates 578 * \param group underlying EC_GROUP object 579 * \param p EC_POINT object 580 * \param x BIGNUM with the x-coordinate 581 * \param y BIGNUM with the y-coordinate 582 * \param ctx BN_CTX object (optional) 583 * \return 1 on success and 0 if an error occurred 584 */ 585DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, 586 EC_POINT *p, 587 const BIGNUM *x, 588 const BIGNUM *y, 589 BN_CTX *ctx)) 590 591/** Gets the affine coordinates of an EC_POINT. A synonym of 592 * EC_POINT_get_affine_coordinates 593 * \param group underlying EC_GROUP object 594 * \param p EC_POINT object 595 * \param x BIGNUM for the x-coordinate 596 * \param y BIGNUM for the y-coordinate 597 * \param ctx BN_CTX object (optional) 598 * \return 1 on success and 0 if an error occurred 599 */ 600DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, 601 const EC_POINT *p, 602 BIGNUM *x, 603 BIGNUM *y, 604 BN_CTX *ctx)) 605 606/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of 607 * EC_POINT_set_compressed_coordinates 608 * \param group underlying EC_GROUP object 609 * \param p EC_POINT object 610 * \param x BIGNUM with x-coordinate 611 * \param y_bit integer with the y-Bit (either 0 or 1) 612 * \param ctx BN_CTX object (optional) 613 * \return 1 on success and 0 if an error occurred 614 */ 615DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, 616 EC_POINT *p, 617 const BIGNUM *x, 618 int y_bit, 619 BN_CTX *ctx)) 620# endif 621/** Encodes a EC_POINT object to a octet string 622 * \param group underlying EC_GROUP object 623 * \param p EC_POINT object 624 * \param form point conversion form 625 * \param buf memory buffer for the result. If NULL the function returns 626 * required buffer size. 627 * \param len length of the memory buffer 628 * \param ctx BN_CTX object (optional) 629 * \return the length of the encoded octet string or 0 if an error occurred 630 */ 631size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, 632 point_conversion_form_t form, 633 unsigned char *buf, size_t len, BN_CTX *ctx); 634 635/** Decodes a EC_POINT from a octet string 636 * \param group underlying EC_GROUP object 637 * \param p EC_POINT object 638 * \param buf memory buffer with the encoded ec point 639 * \param len length of the encoded ec point 640 * \param ctx BN_CTX object (optional) 641 * \return 1 on success and 0 if an error occurred 642 */ 643int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, 644 const unsigned char *buf, size_t len, BN_CTX *ctx); 645 646/** Encodes an EC_POINT object to an allocated octet string 647 * \param group underlying EC_GROUP object 648 * \param point EC_POINT object 649 * \param form point conversion form 650 * \param pbuf returns pointer to allocated buffer 651 * \param ctx BN_CTX object (optional) 652 * \return the length of the encoded octet string or 0 if an error occurred 653 */ 654size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, 655 point_conversion_form_t form, 656 unsigned char **pbuf, BN_CTX *ctx); 657 658/* other interfaces to point2oct/oct2point: */ 659BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, 660 point_conversion_form_t form, BIGNUM *, BN_CTX *); 661EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, 662 EC_POINT *, BN_CTX *); 663char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, 664 point_conversion_form_t form, BN_CTX *); 665EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, 666 EC_POINT *, BN_CTX *); 667 668/********************************************************************/ 669/* functions for doing EC_POINT arithmetic */ 670/********************************************************************/ 671 672/** Computes the sum of two EC_POINT 673 * \param group underlying EC_GROUP object 674 * \param r EC_POINT object for the result (r = a + b) 675 * \param a EC_POINT object with the first summand 676 * \param b EC_POINT object with the second summand 677 * \param ctx BN_CTX object (optional) 678 * \return 1 on success and 0 if an error occurred 679 */ 680int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 681 const EC_POINT *b, BN_CTX *ctx); 682 683/** Computes the double of a EC_POINT 684 * \param group underlying EC_GROUP object 685 * \param r EC_POINT object for the result (r = 2 * a) 686 * \param a EC_POINT object 687 * \param ctx BN_CTX object (optional) 688 * \return 1 on success and 0 if an error occurred 689 */ 690int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 691 BN_CTX *ctx); 692 693/** Computes the inverse of a EC_POINT 694 * \param group underlying EC_GROUP object 695 * \param a EC_POINT object to be inverted (it's used for the result as well) 696 * \param ctx BN_CTX object (optional) 697 * \return 1 on success and 0 if an error occurred 698 */ 699int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); 700 701/** Checks whether the point is the neutral element of the group 702 * \param group the underlying EC_GROUP object 703 * \param p EC_POINT object 704 * \return 1 if the point is the neutral element and 0 otherwise 705 */ 706int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); 707 708/** Checks whether the point is on the curve 709 * \param group underlying EC_GROUP object 710 * \param point EC_POINT object to check 711 * \param ctx BN_CTX object (optional) 712 * \return 1 if the point is on the curve, 0 if not, or -1 on error 713 */ 714int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, 715 BN_CTX *ctx); 716 717/** Compares two EC_POINTs 718 * \param group underlying EC_GROUP object 719 * \param a first EC_POINT object 720 * \param b second EC_POINT object 721 * \param ctx BN_CTX object (optional) 722 * \return 1 if the points are not equal, 0 if they are, or -1 on error 723 */ 724int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, 725 BN_CTX *ctx); 726 727int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); 728int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, 729 EC_POINT *points[], BN_CTX *ctx); 730 731/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] 732 * \param group underlying EC_GROUP object 733 * \param r EC_POINT object for the result 734 * \param n BIGNUM with the multiplier for the group generator (optional) 735 * \param num number further summands 736 * \param p array of size num of EC_POINT objects 737 * \param m array of size num of BIGNUM objects 738 * \param ctx BN_CTX object (optional) 739 * \return 1 on success and 0 if an error occurred 740 */ 741int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, 742 size_t num, const EC_POINT *p[], const BIGNUM *m[], 743 BN_CTX *ctx); 744 745/** Computes r = generator * n + q * m 746 * \param group underlying EC_GROUP object 747 * \param r EC_POINT object for the result 748 * \param n BIGNUM with the multiplier for the group generator (optional) 749 * \param q EC_POINT object with the first factor of the second summand 750 * \param m BIGNUM with the second factor of the second summand 751 * \param ctx BN_CTX object (optional) 752 * \return 1 on success and 0 if an error occurred 753 */ 754int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, 755 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); 756 757/** Stores multiples of generator for faster point multiplication 758 * \param group EC_GROUP object 759 * \param ctx BN_CTX object (optional) 760 * \return 1 on success and 0 if an error occurred 761 */ 762int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 763 764/** Reports whether a precomputation has been done 765 * \param group EC_GROUP object 766 * \return 1 if a pre-computation has been done and 0 otherwise 767 */ 768int EC_GROUP_have_precompute_mult(const EC_GROUP *group); 769 770/********************************************************************/ 771/* ASN1 stuff */ 772/********************************************************************/ 773 774DECLARE_ASN1_ITEM(ECPKPARAMETERS) 775DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) 776DECLARE_ASN1_ITEM(ECPARAMETERS) 777DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 778 779/* 780 * EC_GROUP_get_basis_type() returns the NID of the basis type used to 781 * represent the field elements 782 */ 783int EC_GROUP_get_basis_type(const EC_GROUP *); 784# ifndef OPENSSL_NO_EC2M 785int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); 786int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 787 unsigned int *k2, unsigned int *k3); 788# endif 789 790# define OPENSSL_EC_EXPLICIT_CURVE 0x000 791# define OPENSSL_EC_NAMED_CURVE 0x001 792 793EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); 794int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); 795 796# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) 797# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) 798# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ 799 (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) 800# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ 801 (unsigned char *)(x)) 802 803int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); 804# ifndef OPENSSL_NO_STDIO 805int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); 806# endif 807 808/********************************************************************/ 809/* EC_KEY functions */ 810/********************************************************************/ 811 812/* some values for the encoding_flag */ 813# define EC_PKEY_NO_PARAMETERS 0x001 814# define EC_PKEY_NO_PUBKEY 0x002 815 816/* some values for the flags field */ 817# define EC_FLAG_NON_FIPS_ALLOW 0x1 818# define EC_FLAG_FIPS_CHECKED 0x2 819# define EC_FLAG_COFACTOR_ECDH 0x1000 820 821/** Creates a new EC_KEY object. 822 * \return EC_KEY object or NULL if an error occurred. 823 */ 824EC_KEY *EC_KEY_new(void); 825 826int EC_KEY_get_flags(const EC_KEY *key); 827 828void EC_KEY_set_flags(EC_KEY *key, int flags); 829 830void EC_KEY_clear_flags(EC_KEY *key, int flags); 831 832int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); 833 834/** Creates a new EC_KEY object using a named curve as underlying 835 * EC_GROUP object. 836 * \param nid NID of the named curve. 837 * \return EC_KEY object or NULL if an error occurred. 838 */ 839EC_KEY *EC_KEY_new_by_curve_name(int nid); 840 841/** Frees a EC_KEY object. 842 * \param key EC_KEY object to be freed. 843 */ 844void EC_KEY_free(EC_KEY *key); 845 846/** Copies a EC_KEY object. 847 * \param dst destination EC_KEY object 848 * \param src src EC_KEY object 849 * \return dst or NULL if an error occurred. 850 */ 851EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); 852 853/** Creates a new EC_KEY object and copies the content from src to it. 854 * \param src the source EC_KEY object 855 * \return newly created EC_KEY object or NULL if an error occurred. 856 */ 857EC_KEY *EC_KEY_dup(const EC_KEY *src); 858 859/** Increases the internal reference count of a EC_KEY object. 860 * \param key EC_KEY object 861 * \return 1 on success and 0 if an error occurred. 862 */ 863int EC_KEY_up_ref(EC_KEY *key); 864 865/** Returns the ENGINE object of a EC_KEY object 866 * \param eckey EC_KEY object 867 * \return the ENGINE object (possibly NULL). 868 */ 869ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); 870 871/** Returns the EC_GROUP object of a EC_KEY object 872 * \param key EC_KEY object 873 * \return the EC_GROUP object (possibly NULL). 874 */ 875const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); 876 877/** Sets the EC_GROUP of a EC_KEY object. 878 * \param key EC_KEY object 879 * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY 880 * object will use an own copy of the EC_GROUP). 881 * \return 1 on success and 0 if an error occurred. 882 */ 883int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); 884 885/** Returns the private key of a EC_KEY object. 886 * \param key EC_KEY object 887 * \return a BIGNUM with the private key (possibly NULL). 888 */ 889const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); 890 891/** Sets the private key of a EC_KEY object. 892 * \param key EC_KEY object 893 * \param prv BIGNUM with the private key (note: the EC_KEY object 894 * will use an own copy of the BIGNUM). 895 * \return 1 on success and 0 if an error occurred. 896 */ 897int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); 898 899/** Returns the public key of a EC_KEY object. 900 * \param key the EC_KEY object 901 * \return a EC_POINT object with the public key (possibly NULL) 902 */ 903const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); 904 905/** Sets the public key of a EC_KEY object. 906 * \param key EC_KEY object 907 * \param pub EC_POINT object with the public key (note: the EC_KEY object 908 * will use an own copy of the EC_POINT object). 909 * \return 1 on success and 0 if an error occurred. 910 */ 911int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); 912 913unsigned EC_KEY_get_enc_flags(const EC_KEY *key); 914void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); 915point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); 916void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); 917 918#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ 919 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) 920int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); 921void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); 922 923/* wrapper functions for the underlying EC_GROUP object */ 924void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); 925 926/** Creates a table of pre-computed multiples of the generator to 927 * accelerate further EC_KEY operations. 928 * \param key EC_KEY object 929 * \param ctx BN_CTX object (optional) 930 * \return 1 on success and 0 if an error occurred. 931 */ 932int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); 933 934/** Creates a new ec private (and optional a new public) key. 935 * \param key EC_KEY object 936 * \return 1 on success and 0 if an error occurred. 937 */ 938int EC_KEY_generate_key(EC_KEY *key); 939 940/** Verifies that a private and/or public key is valid. 941 * \param key the EC_KEY object 942 * \return 1 on success and 0 otherwise. 943 */ 944int EC_KEY_check_key(const EC_KEY *key); 945 946/** Indicates if an EC_KEY can be used for signing. 947 * \param eckey the EC_KEY object 948 * \return 1 if can can sign and 0 otherwise. 949 */ 950int EC_KEY_can_sign(const EC_KEY *eckey); 951 952/** Sets a public key from affine coordinates performing 953 * necessary NIST PKV tests. 954 * \param key the EC_KEY object 955 * \param x public key x coordinate 956 * \param y public key y coordinate 957 * \return 1 on success and 0 otherwise. 958 */ 959int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, 960 BIGNUM *y); 961 962/** Encodes an EC_KEY public key to an allocated octet string 963 * \param key key to encode 964 * \param form point conversion form 965 * \param pbuf returns pointer to allocated buffer 966 * \param ctx BN_CTX object (optional) 967 * \return the length of the encoded octet string or 0 if an error occurred 968 */ 969size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, 970 unsigned char **pbuf, BN_CTX *ctx); 971 972/** Decodes a EC_KEY public key from a octet string 973 * \param key key to decode 974 * \param buf memory buffer with the encoded ec point 975 * \param len length of the encoded ec point 976 * \param ctx BN_CTX object (optional) 977 * \return 1 on success and 0 if an error occurred 978 */ 979 980int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, 981 BN_CTX *ctx); 982 983/** Decodes an EC_KEY private key from an octet string 984 * \param key key to decode 985 * \param buf memory buffer with the encoded private key 986 * \param len length of the encoded key 987 * \return 1 on success and 0 if an error occurred 988 */ 989 990int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); 991 992/** Encodes a EC_KEY private key to an octet string 993 * \param key key to encode 994 * \param buf memory buffer for the result. If NULL the function returns 995 * required buffer size. 996 * \param len length of the memory buffer 997 * \return the length of the encoded octet string or 0 if an error occurred 998 */ 999 1000size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); 1001 1002/** Encodes an EC_KEY private key to an allocated octet string 1003 * \param eckey key to encode 1004 * \param pbuf returns pointer to allocated buffer 1005 * \return the length of the encoded octet string or 0 if an error occurred 1006 */ 1007size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); 1008 1009/********************************************************************/ 1010/* de- and encoding functions for SEC1 ECPrivateKey */ 1011/********************************************************************/ 1012 1013/** Decodes a private key from a memory buffer. 1014 * \param key a pointer to a EC_KEY object which should be used (or NULL) 1015 * \param in pointer to memory with the DER encoded private key 1016 * \param len length of the DER encoded private key 1017 * \return the decoded private key or NULL if an error occurred. 1018 */ 1019EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); 1020 1021/** Encodes a private key object and stores the result in a buffer. 1022 * \param key the EC_KEY object to encode 1023 * \param out the buffer for the result (if NULL the function returns number 1024 * of bytes needed). 1025 * \return 1 on success and 0 if an error occurred. 1026 */ 1027int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); 1028 1029/********************************************************************/ 1030/* de- and encoding functions for EC parameters */ 1031/********************************************************************/ 1032 1033/** Decodes ec parameter from a memory buffer. 1034 * \param key a pointer to a EC_KEY object which should be used (or NULL) 1035 * \param in pointer to memory with the DER encoded ec parameters 1036 * \param len length of the DER encoded ec parameters 1037 * \return a EC_KEY object with the decoded parameters or NULL if an error 1038 * occurred. 1039 */ 1040EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); 1041 1042/** Encodes ec parameter and stores the result in a buffer. 1043 * \param key the EC_KEY object with ec parameters to encode 1044 * \param out the buffer for the result (if NULL the function returns number 1045 * of bytes needed). 1046 * \return 1 on success and 0 if an error occurred. 1047 */ 1048int i2d_ECParameters(EC_KEY *key, unsigned char **out); 1049 1050/********************************************************************/ 1051/* de- and encoding functions for EC public key */ 1052/* (octet string, not DER -- hence 'o2i' and 'i2o') */ 1053/********************************************************************/ 1054 1055/** Decodes a ec public key from a octet string. 1056 * \param key a pointer to a EC_KEY object which should be used 1057 * \param in memory buffer with the encoded public key 1058 * \param len length of the encoded public key 1059 * \return EC_KEY object with decoded public key or NULL if an error 1060 * occurred. 1061 */ 1062EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); 1063 1064/** Encodes a ec public key in an octet string. 1065 * \param key the EC_KEY object with the public key 1066 * \param out the buffer for the result (if NULL the function returns number 1067 * of bytes needed). 1068 * \return 1 on success and 0 if an error occurred 1069 */ 1070int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); 1071 1072/** Prints out the ec parameters on human readable form. 1073 * \param bp BIO object to which the information is printed 1074 * \param key EC_KEY object 1075 * \return 1 on success and 0 if an error occurred 1076 */ 1077int ECParameters_print(BIO *bp, const EC_KEY *key); 1078 1079/** Prints out the contents of a EC_KEY object 1080 * \param bp BIO object to which the information is printed 1081 * \param key EC_KEY object 1082 * \param off line offset 1083 * \return 1 on success and 0 if an error occurred 1084 */ 1085int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); 1086 1087# ifndef OPENSSL_NO_STDIO 1088/** Prints out the ec parameters on human readable form. 1089 * \param fp file descriptor to which the information is printed 1090 * \param key EC_KEY object 1091 * \return 1 on success and 0 if an error occurred 1092 */ 1093int ECParameters_print_fp(FILE *fp, const EC_KEY *key); 1094 1095/** Prints out the contents of a EC_KEY object 1096 * \param fp file descriptor to which the information is printed 1097 * \param key EC_KEY object 1098 * \param off line offset 1099 * \return 1 on success and 0 if an error occurred 1100 */ 1101int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); 1102 1103# endif 1104 1105const EC_KEY_METHOD *EC_KEY_OpenSSL(void); 1106const EC_KEY_METHOD *EC_KEY_get_default_method(void); 1107void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); 1108const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); 1109int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); 1110EC_KEY *EC_KEY_new_method(ENGINE *engine); 1111 1112/** The old name for ecdh_KDF_X9_63 1113 * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, 1114 * it is actually specified in ANSI X9.63. 1115 * This identifier is retained for backwards compatibility 1116 */ 1117int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 1118 const unsigned char *Z, size_t Zlen, 1119 const unsigned char *sinfo, size_t sinfolen, 1120 const EVP_MD *md); 1121 1122int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, 1123 const EC_KEY *ecdh, 1124 void *(*KDF) (const void *in, size_t inlen, 1125 void *out, size_t *outlen)); 1126 1127typedef struct ECDSA_SIG_st ECDSA_SIG; 1128 1129/** Allocates and initialize a ECDSA_SIG structure 1130 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 1131 */ 1132ECDSA_SIG *ECDSA_SIG_new(void); 1133 1134/** frees a ECDSA_SIG structure 1135 * \param sig pointer to the ECDSA_SIG structure 1136 */ 1137void ECDSA_SIG_free(ECDSA_SIG *sig); 1138 1139/** DER encode content of ECDSA_SIG object (note: this function modifies *pp 1140 * (*pp += length of the DER encoded signature)). 1141 * \param sig pointer to the ECDSA_SIG object 1142 * \param pp pointer to a unsigned char pointer for the output or NULL 1143 * \return the length of the DER encoded ECDSA_SIG object or a negative value 1144 * on error 1145 */ 1146int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); 1147 1148/** Decodes a DER encoded ECDSA signature (note: this function changes *pp 1149 * (*pp += len)). 1150 * \param sig pointer to ECDSA_SIG pointer (may be NULL) 1151 * \param pp memory buffer with the DER encoded signature 1152 * \param len length of the buffer 1153 * \return pointer to the decoded ECDSA_SIG structure (or NULL) 1154 */ 1155ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); 1156 1157/** Accessor for r and s fields of ECDSA_SIG 1158 * \param sig pointer to ECDSA_SIG structure 1159 * \param pr pointer to BIGNUM pointer for r (may be NULL) 1160 * \param ps pointer to BIGNUM pointer for s (may be NULL) 1161 */ 1162void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); 1163 1164/** Accessor for r field of ECDSA_SIG 1165 * \param sig pointer to ECDSA_SIG structure 1166 */ 1167const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); 1168 1169/** Accessor for s field of ECDSA_SIG 1170 * \param sig pointer to ECDSA_SIG structure 1171 */ 1172const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); 1173 1174/** Setter for r and s fields of ECDSA_SIG 1175 * \param sig pointer to ECDSA_SIG structure 1176 * \param r pointer to BIGNUM for r (may be NULL) 1177 * \param s pointer to BIGNUM for s (may be NULL) 1178 */ 1179int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); 1180 1181/** Computes the ECDSA signature of the given hash value using 1182 * the supplied private key and returns the created signature. 1183 * \param dgst pointer to the hash value 1184 * \param dgst_len length of the hash value 1185 * \param eckey EC_KEY object containing a private EC key 1186 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 1187 */ 1188ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, 1189 EC_KEY *eckey); 1190 1191/** Computes ECDSA signature of a given hash value using the supplied 1192 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 1193 * \param dgst pointer to the hash value to sign 1194 * \param dgstlen length of the hash value 1195 * \param kinv BIGNUM with a pre-computed inverse k (optional) 1196 * \param rp BIGNUM with a pre-computed rp value (optional), 1197 * see ECDSA_sign_setup 1198 * \param eckey EC_KEY object containing a private EC key 1199 * \return pointer to a ECDSA_SIG structure or NULL if an error occurred 1200 */ 1201ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 1202 const BIGNUM *kinv, const BIGNUM *rp, 1203 EC_KEY *eckey); 1204 1205/** Verifies that the supplied signature is a valid ECDSA 1206 * signature of the supplied hash value using the supplied public key. 1207 * \param dgst pointer to the hash value 1208 * \param dgst_len length of the hash value 1209 * \param sig ECDSA_SIG structure 1210 * \param eckey EC_KEY object containing a public EC key 1211 * \return 1 if the signature is valid, 0 if the signature is invalid 1212 * and -1 on error 1213 */ 1214int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 1215 const ECDSA_SIG *sig, EC_KEY *eckey); 1216 1217/** Precompute parts of the signing operation 1218 * \param eckey EC_KEY object containing a private EC key 1219 * \param ctx BN_CTX object (optional) 1220 * \param kinv BIGNUM pointer for the inverse of k 1221 * \param rp BIGNUM pointer for x coordinate of k * generator 1222 * \return 1 on success and 0 otherwise 1223 */ 1224int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); 1225 1226/** Computes ECDSA signature of a given hash value using the supplied 1227 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 1228 * \param type this parameter is ignored 1229 * \param dgst pointer to the hash value to sign 1230 * \param dgstlen length of the hash value 1231 * \param sig memory for the DER encoded created signature 1232 * \param siglen pointer to the length of the returned signature 1233 * \param eckey EC_KEY object containing a private EC key 1234 * \return 1 on success and 0 otherwise 1235 */ 1236int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 1237 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); 1238 1239/** Computes ECDSA signature of a given hash value using the supplied 1240 * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). 1241 * \param type this parameter is ignored 1242 * \param dgst pointer to the hash value to sign 1243 * \param dgstlen length of the hash value 1244 * \param sig buffer to hold the DER encoded signature 1245 * \param siglen pointer to the length of the returned signature 1246 * \param kinv BIGNUM with a pre-computed inverse k (optional) 1247 * \param rp BIGNUM with a pre-computed rp value (optional), 1248 * see ECDSA_sign_setup 1249 * \param eckey EC_KEY object containing a private EC key 1250 * \return 1 on success and 0 otherwise 1251 */ 1252int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 1253 unsigned char *sig, unsigned int *siglen, 1254 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); 1255 1256/** Verifies that the given signature is valid ECDSA signature 1257 * of the supplied hash value using the specified public key. 1258 * \param type this parameter is ignored 1259 * \param dgst pointer to the hash value 1260 * \param dgstlen length of the hash value 1261 * \param sig pointer to the DER encoded signature 1262 * \param siglen length of the DER encoded signature 1263 * \param eckey EC_KEY object containing a public EC key 1264 * \return 1 if the signature is valid, 0 if the signature is invalid 1265 * and -1 on error 1266 */ 1267int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 1268 const unsigned char *sig, int siglen, EC_KEY *eckey); 1269 1270/** Returns the maximum length of the DER encoded signature 1271 * \param eckey EC_KEY object 1272 * \return numbers of bytes required for the DER encoded signature 1273 */ 1274int ECDSA_size(const EC_KEY *eckey); 1275 1276/********************************************************************/ 1277/* EC_KEY_METHOD constructors, destructors, writers and accessors */ 1278/********************************************************************/ 1279 1280EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); 1281void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); 1282void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, 1283 int (*init)(EC_KEY *key), 1284 void (*finish)(EC_KEY *key), 1285 int (*copy)(EC_KEY *dest, const EC_KEY *src), 1286 int (*set_group)(EC_KEY *key, const EC_GROUP *grp), 1287 int (*set_private)(EC_KEY *key, 1288 const BIGNUM *priv_key), 1289 int (*set_public)(EC_KEY *key, 1290 const EC_POINT *pub_key)); 1291 1292void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, 1293 int (*keygen)(EC_KEY *key)); 1294 1295void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, 1296 int (*ckey)(unsigned char **psec, 1297 size_t *pseclen, 1298 const EC_POINT *pub_key, 1299 const EC_KEY *ecdh)); 1300 1301void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, 1302 int (*sign)(int type, const unsigned char *dgst, 1303 int dlen, unsigned char *sig, 1304 unsigned int *siglen, 1305 const BIGNUM *kinv, const BIGNUM *r, 1306 EC_KEY *eckey), 1307 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, 1308 BIGNUM **kinvp, BIGNUM **rp), 1309 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, 1310 int dgst_len, 1311 const BIGNUM *in_kinv, 1312 const BIGNUM *in_r, 1313 EC_KEY *eckey)); 1314 1315void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, 1316 int (*verify)(int type, const unsigned 1317 char *dgst, int dgst_len, 1318 const unsigned char *sigbuf, 1319 int sig_len, EC_KEY *eckey), 1320 int (*verify_sig)(const unsigned char *dgst, 1321 int dgst_len, 1322 const ECDSA_SIG *sig, 1323 EC_KEY *eckey)); 1324 1325void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, 1326 int (**pinit)(EC_KEY *key), 1327 void (**pfinish)(EC_KEY *key), 1328 int (**pcopy)(EC_KEY *dest, const EC_KEY *src), 1329 int (**pset_group)(EC_KEY *key, 1330 const EC_GROUP *grp), 1331 int (**pset_private)(EC_KEY *key, 1332 const BIGNUM *priv_key), 1333 int (**pset_public)(EC_KEY *key, 1334 const EC_POINT *pub_key)); 1335 1336void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, 1337 int (**pkeygen)(EC_KEY *key)); 1338 1339void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, 1340 int (**pck)(unsigned char **psec, 1341 size_t *pseclen, 1342 const EC_POINT *pub_key, 1343 const EC_KEY *ecdh)); 1344 1345void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, 1346 int (**psign)(int type, const unsigned char *dgst, 1347 int dlen, unsigned char *sig, 1348 unsigned int *siglen, 1349 const BIGNUM *kinv, const BIGNUM *r, 1350 EC_KEY *eckey), 1351 int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, 1352 BIGNUM **kinvp, BIGNUM **rp), 1353 ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, 1354 int dgst_len, 1355 const BIGNUM *in_kinv, 1356 const BIGNUM *in_r, 1357 EC_KEY *eckey)); 1358 1359void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, 1360 int (**pverify)(int type, const unsigned 1361 char *dgst, int dgst_len, 1362 const unsigned char *sigbuf, 1363 int sig_len, EC_KEY *eckey), 1364 int (**pverify_sig)(const unsigned char *dgst, 1365 int dgst_len, 1366 const ECDSA_SIG *sig, 1367 EC_KEY *eckey)); 1368 1369# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) 1370 1371# ifndef __cplusplus 1372# if defined(__SUNPRO_C) 1373# if __SUNPRO_C >= 0x520 1374# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) 1375# endif 1376# endif 1377# endif 1378 1379# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ 1380 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1381 EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ 1382 EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) 1383 1384# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ 1385 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1386 EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ 1387 EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) 1388 1389# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ 1390 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1391 EVP_PKEY_OP_DERIVE, \ 1392 EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) 1393 1394# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ 1395 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1396 EVP_PKEY_OP_DERIVE, \ 1397 EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) 1398 1399# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ 1400 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1401 EVP_PKEY_OP_DERIVE, \ 1402 EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) 1403 1404# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ 1405 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1406 EVP_PKEY_OP_DERIVE, \ 1407 EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) 1408 1409# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ 1410 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1411 EVP_PKEY_OP_DERIVE, \ 1412 EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) 1413 1414# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ 1415 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1416 EVP_PKEY_OP_DERIVE, \ 1417 EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) 1418 1419# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ 1420 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1421 EVP_PKEY_OP_DERIVE, \ 1422 EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) 1423 1424# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ 1425 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1426 EVP_PKEY_OP_DERIVE, \ 1427 EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ 1428 (void *)(plen)) 1429 1430# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ 1431 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1432 EVP_PKEY_OP_DERIVE, \ 1433 EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) 1434 1435# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ 1436 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ 1437 EVP_PKEY_OP_DERIVE, \ 1438 EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) 1439 1440/* SM2 will skip the operation check so no need to pass operation here */ 1441# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ 1442 EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ 1443 EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) 1444 1445# define EVP_PKEY_CTX_get1_id(ctx, id) \ 1446 EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ 1447 EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) 1448 1449# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ 1450 EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ 1451 EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) 1452 1453# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) 1454# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) 1455# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) 1456# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) 1457# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) 1458# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) 1459# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) 1460# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) 1461# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) 1462# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) 1463# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) 1464# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) 1465# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) 1466/* KDF types */ 1467# define EVP_PKEY_ECDH_KDF_NONE 1 1468# define EVP_PKEY_ECDH_KDF_X9_63 2 1469/** The old name for EVP_PKEY_ECDH_KDF_X9_63 1470 * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, 1471 * it is actually specified in ANSI X9.63. 1472 * This identifier is retained for backwards compatibility 1473 */ 1474# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 1475 1476 1477# ifdef __cplusplus 1478} 1479# endif 1480# endif 1481#endif 1482