1109998Smarkm/* crypto/ec/ec_lcl.h */ 2160814Ssimon/* 3160814Ssimon * Originally written by Bodo Moeller for the OpenSSL project. 4160814Ssimon */ 5109998Smarkm/* ==================================================================== 6160814Ssimon * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 7109998Smarkm * 8109998Smarkm * Redistribution and use in source and binary forms, with or without 9109998Smarkm * modification, are permitted provided that the following conditions 10109998Smarkm * are met: 11109998Smarkm * 12109998Smarkm * 1. Redistributions of source code must retain the above copyright 13296465Sdelphij * notice, this list of conditions and the following disclaimer. 14109998Smarkm * 15109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 16109998Smarkm * notice, this list of conditions and the following disclaimer in 17109998Smarkm * the documentation and/or other materials provided with the 18109998Smarkm * distribution. 19109998Smarkm * 20109998Smarkm * 3. All advertising materials mentioning features or use of this 21109998Smarkm * software must display the following acknowledgment: 22109998Smarkm * "This product includes software developed by the OpenSSL Project 23109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24109998Smarkm * 25109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26109998Smarkm * endorse or promote products derived from this software without 27109998Smarkm * prior written permission. For written permission, please contact 28109998Smarkm * openssl-core@openssl.org. 29109998Smarkm * 30109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 31109998Smarkm * nor may "OpenSSL" appear in their names without prior written 32109998Smarkm * permission of the OpenSSL Project. 33109998Smarkm * 34109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 35109998Smarkm * acknowledgment: 36109998Smarkm * "This product includes software developed by the OpenSSL Project 37109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38109998Smarkm * 39109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 51109998Smarkm * ==================================================================== 52109998Smarkm * 53109998Smarkm * This product includes cryptographic software written by Eric Young 54109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 55109998Smarkm * Hudson (tjh@cryptsoft.com). 56109998Smarkm * 57109998Smarkm */ 58160814Ssimon/* ==================================================================== 59160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 60160814Ssimon * 61296465Sdelphij * Portions of the attached software ("Contribution") are developed by 62160814Ssimon * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 63160814Ssimon * 64160814Ssimon * The Contribution is licensed pursuant to the OpenSSL open source 65160814Ssimon * license provided above. 66160814Ssimon * 67296465Sdelphij * The elliptic curve binary polynomial software is originally written by 68160814Ssimon * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 69160814Ssimon * 70160814Ssimon */ 71109998Smarkm 72109998Smarkm#include <stdlib.h> 73109998Smarkm 74160814Ssimon#include <openssl/obj_mac.h> 75109998Smarkm#include <openssl/ec.h> 76160814Ssimon#include <openssl/bn.h> 77109998Smarkm 78160814Ssimon#if defined(__SUNPRO_C) 79160814Ssimon# if __SUNPRO_C >= 0x520 80296465Sdelphij# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) 81160814Ssimon# endif 82160814Ssimon#endif 83109998Smarkm 84296465Sdelphij/* 85296465Sdelphij * Structure details are not part of the exported interface, so all this may 86296465Sdelphij * change in future versions. 87296465Sdelphij */ 88109998Smarkm 89109998Smarkmstruct ec_method_st { 90296465Sdelphij /* used by EC_METHOD_get_field_type: */ 91296465Sdelphij int field_type; /* a NID */ 92296465Sdelphij /* 93296465Sdelphij * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, 94296465Sdelphij * EC_GROUP_copy: 95296465Sdelphij */ 96296465Sdelphij int (*group_init) (EC_GROUP *); 97296465Sdelphij void (*group_finish) (EC_GROUP *); 98296465Sdelphij void (*group_clear_finish) (EC_GROUP *); 99296465Sdelphij int (*group_copy) (EC_GROUP *, const EC_GROUP *); 100296465Sdelphij /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ 101296465Sdelphij /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ 102296465Sdelphij int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, 103296465Sdelphij const BIGNUM *b, BN_CTX *); 104296465Sdelphij int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, 105296465Sdelphij BN_CTX *); 106296465Sdelphij /* used by EC_GROUP_get_degree: */ 107296465Sdelphij int (*group_get_degree) (const EC_GROUP *); 108296465Sdelphij /* used by EC_GROUP_check: */ 109296465Sdelphij int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *); 110296465Sdelphij /* 111296465Sdelphij * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, 112296465Sdelphij * EC_POINT_copy: 113296465Sdelphij */ 114296465Sdelphij int (*point_init) (EC_POINT *); 115296465Sdelphij void (*point_finish) (EC_POINT *); 116296465Sdelphij void (*point_clear_finish) (EC_POINT *); 117296465Sdelphij int (*point_copy) (EC_POINT *, const EC_POINT *); 118296465Sdelphij /*- 119296465Sdelphij * used by EC_POINT_set_to_infinity, 120296465Sdelphij * EC_POINT_set_Jprojective_coordinates_GFp, 121296465Sdelphij * EC_POINT_get_Jprojective_coordinates_GFp, 122296465Sdelphij * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, 123296465Sdelphij * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, 124296465Sdelphij * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: 125296465Sdelphij */ 126296465Sdelphij int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); 127296465Sdelphij int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, 128296465Sdelphij EC_POINT *, const BIGNUM *x, 129296465Sdelphij const BIGNUM *y, 130296465Sdelphij const BIGNUM *z, BN_CTX *); 131296465Sdelphij int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *, 132296465Sdelphij const EC_POINT *, BIGNUM *x, 133296465Sdelphij BIGNUM *y, BIGNUM *z, 134296465Sdelphij BN_CTX *); 135296465Sdelphij int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, 136296465Sdelphij const BIGNUM *x, const BIGNUM *y, 137296465Sdelphij BN_CTX *); 138296465Sdelphij int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, 139296465Sdelphij BIGNUM *x, BIGNUM *y, BN_CTX *); 140296465Sdelphij int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *, 141296465Sdelphij const BIGNUM *x, int y_bit, 142296465Sdelphij BN_CTX *); 143296465Sdelphij /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ 144296465Sdelphij size_t (*point2oct) (const EC_GROUP *, const EC_POINT *, 145296465Sdelphij point_conversion_form_t form, unsigned char *buf, 146296465Sdelphij size_t len, BN_CTX *); 147296465Sdelphij int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf, 148296465Sdelphij size_t len, BN_CTX *); 149296465Sdelphij /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ 150296465Sdelphij int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 151296465Sdelphij const EC_POINT *b, BN_CTX *); 152296465Sdelphij int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); 153296465Sdelphij int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); 154296465Sdelphij /* 155296465Sdelphij * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: 156296465Sdelphij */ 157296465Sdelphij int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *); 158296465Sdelphij int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); 159296465Sdelphij int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, 160296465Sdelphij BN_CTX *); 161296465Sdelphij /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ 162296465Sdelphij int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); 163296465Sdelphij int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], 164296465Sdelphij BN_CTX *); 165296465Sdelphij /* 166296465Sdelphij * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, 167296465Sdelphij * EC_POINT_have_precompute_mult (default implementations are used if the 168296465Sdelphij * 'mul' pointer is 0): 169296465Sdelphij */ 170296465Sdelphij int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 171296465Sdelphij size_t num, const EC_POINT *points[], const BIGNUM *scalars[], 172296465Sdelphij BN_CTX *); 173296465Sdelphij int (*precompute_mult) (EC_GROUP *group, BN_CTX *); 174296465Sdelphij int (*have_precompute_mult) (const EC_GROUP *group); 175296465Sdelphij /* internal functions */ 176296465Sdelphij /* 177296465Sdelphij * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 178296465Sdelphij * 'dbl' so that the same implementations of point operations can be used 179296465Sdelphij * with different optimized implementations of expensive field 180296465Sdelphij * operations: 181296465Sdelphij */ 182296465Sdelphij int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 183296465Sdelphij const BIGNUM *b, BN_CTX *); 184296465Sdelphij int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); 185296465Sdelphij int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 186296465Sdelphij const BIGNUM *b, BN_CTX *); 187296465Sdelphij /* e.g. to Montgomery */ 188296465Sdelphij int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 189296465Sdelphij BN_CTX *); 190296465Sdelphij /* e.g. from Montgomery */ 191296465Sdelphij int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 192296465Sdelphij BN_CTX *); 193296465Sdelphij int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *); 194296465Sdelphij} /* EC_METHOD */ ; 195160814Ssimon 196160814Ssimontypedef struct ec_extra_data_st { 197296465Sdelphij struct ec_extra_data_st *next; 198296465Sdelphij void *data; 199296465Sdelphij void *(*dup_func) (void *); 200296465Sdelphij void (*free_func) (void *); 201296465Sdelphij void (*clear_free_func) (void *); 202296465Sdelphij} EC_EXTRA_DATA; /* used in EC_GROUP */ 203109998Smarkm 204109998Smarkmstruct ec_group_st { 205296465Sdelphij const EC_METHOD *meth; 206296465Sdelphij EC_POINT *generator; /* optional */ 207296465Sdelphij BIGNUM order, cofactor; 208296465Sdelphij int curve_name; /* optional NID for named curve */ 209296465Sdelphij int asn1_flag; /* flag to control the asn1 encoding */ 210296465Sdelphij point_conversion_form_t asn1_form; 211296465Sdelphij unsigned char *seed; /* optional seed for parameters (appears in 212296465Sdelphij * ASN1) */ 213296465Sdelphij size_t seed_len; 214296465Sdelphij EC_EXTRA_DATA *extra_data; /* linked list */ 215296465Sdelphij /* 216296465Sdelphij * The following members are handled by the method functions, even if 217296465Sdelphij * they appear generic 218296465Sdelphij */ 219296465Sdelphij /* 220296465Sdelphij * Field specification. For curves over GF(p), this is the modulus; for 221296465Sdelphij * curves over GF(2^m), this is the irreducible polynomial defining the 222296465Sdelphij * field. 223296465Sdelphij */ 224296465Sdelphij BIGNUM field; 225296465Sdelphij /* 226296465Sdelphij * Field specification for curves over GF(2^m). The irreducible f(t) is 227296465Sdelphij * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m = 228296465Sdelphij * poly[0] > poly[1] > ... > poly[k] = 0. 229296465Sdelphij */ 230296465Sdelphij unsigned int poly[5]; 231296465Sdelphij /* 232296465Sdelphij * Curve coefficients. (Here the assumption is that BIGNUMs can be used 233296465Sdelphij * or abused for all kinds of fields, not just GF(p).) For characteristic 234296465Sdelphij * > 3, the curve is defined by a Weierstrass equation of the form y^2 = 235296465Sdelphij * x^3 + a*x + b. For characteristic 2, the curve is defined by an 236296465Sdelphij * equation of the form y^2 + x*y = x^3 + a*x^2 + b. 237296465Sdelphij */ 238296465Sdelphij BIGNUM a, b; 239296465Sdelphij /* enable optimized point arithmetics for special case */ 240296465Sdelphij int a_is_minus3; 241296465Sdelphij /* method-specific (e.g., Montgomery structure) */ 242296465Sdelphij void *field_data1; 243296465Sdelphij /* method-specific */ 244296465Sdelphij void *field_data2; 245296465Sdelphij /* method-specific */ 246296465Sdelphij int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *, 247296465Sdelphij BN_CTX *); 248296465Sdelphij} /* EC_GROUP */ ; 249109998Smarkm 250160814Ssimonstruct ec_key_st { 251296465Sdelphij int version; 252296465Sdelphij EC_GROUP *group; 253296465Sdelphij EC_POINT *pub_key; 254296465Sdelphij BIGNUM *priv_key; 255296465Sdelphij unsigned int enc_flag; 256296465Sdelphij point_conversion_form_t conv_form; 257296465Sdelphij int references; 258296465Sdelphij EC_EXTRA_DATA *method_data; 259296465Sdelphij} /* EC_KEY */ ; 260109998Smarkm 261296465Sdelphij/* 262296465Sdelphij * Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs 263296465Sdelphij * only (with visibility limited to 'package' level for now). We use the 264296465Sdelphij * function pointers as index for retrieval; this obviates global 265296465Sdelphij * ex_data-style index tables. 266160814Ssimon */ 267160814Ssimonint EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, 268296465Sdelphij void *(*dup_func) (void *), 269296465Sdelphij void (*free_func) (void *), 270296465Sdelphij void (*clear_free_func) (void *)); 271296465Sdelphijvoid *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, void *(*dup_func) (void *), 272296465Sdelphij void (*free_func) (void *), 273296465Sdelphij void (*clear_free_func) (void *)); 274296465Sdelphijvoid EC_EX_DATA_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *), 275296465Sdelphij void (*free_func) (void *), 276296465Sdelphij void (*clear_free_func) (void *)); 277296465Sdelphijvoid EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *), 278296465Sdelphij void (*free_func) (void *), 279296465Sdelphij void (*clear_free_func) (void *)); 280160814Ssimonvoid EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); 281160814Ssimonvoid EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); 282109998Smarkm 283109998Smarkmstruct ec_point_st { 284296465Sdelphij const EC_METHOD *meth; 285296465Sdelphij /* 286296465Sdelphij * All members except 'meth' are handled by the method functions, even if 287296465Sdelphij * they appear generic 288296465Sdelphij */ 289296465Sdelphij BIGNUM X; 290296465Sdelphij BIGNUM Y; 291296465Sdelphij BIGNUM Z; /* Jacobian projective coordinates: (X, Y, Z) 292296465Sdelphij * represents (X/Z^2, Y/Z^3) if Z != 0 */ 293296465Sdelphij int Z_is_one; /* enable optimized point arithmetics for 294296465Sdelphij * special case */ 295296465Sdelphij} /* EC_POINT */ ; 296109998Smarkm 297296465Sdelphij/* 298296465Sdelphij * method functions in ec_mult.c (ec_lib.c uses these as defaults if 299296465Sdelphij * group->method->mul is 0) 300296465Sdelphij */ 301160814Ssimonint ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 302296465Sdelphij size_t num, const EC_POINT *points[], const BIGNUM *scalars[], 303296465Sdelphij BN_CTX *); 304160814Ssimonint ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); 305160814Ssimonint ec_wNAF_have_precompute_mult(const EC_GROUP *group); 306160814Ssimon 307109998Smarkm/* method functions in ecp_smpl.c */ 308109998Smarkmint ec_GFp_simple_group_init(EC_GROUP *); 309109998Smarkmvoid ec_GFp_simple_group_finish(EC_GROUP *); 310109998Smarkmvoid ec_GFp_simple_group_clear_finish(EC_GROUP *); 311109998Smarkmint ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); 312296465Sdelphijint ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 313296465Sdelphij const BIGNUM *a, const BIGNUM *b, BN_CTX *); 314296465Sdelphijint ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 315296465Sdelphij BIGNUM *b, BN_CTX *); 316160814Ssimonint ec_GFp_simple_group_get_degree(const EC_GROUP *); 317160814Ssimonint ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 318109998Smarkmint ec_GFp_simple_point_init(EC_POINT *); 319109998Smarkmvoid ec_GFp_simple_point_finish(EC_POINT *); 320109998Smarkmvoid ec_GFp_simple_point_clear_finish(EC_POINT *); 321109998Smarkmint ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); 322109998Smarkmint ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 323296465Sdelphijint ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, 324296465Sdelphij EC_POINT *, const BIGNUM *x, 325296465Sdelphij const BIGNUM *y, 326296465Sdelphij const BIGNUM *z, BN_CTX *); 327296465Sdelphijint ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, 328296465Sdelphij const EC_POINT *, BIGNUM *x, 329296465Sdelphij BIGNUM *y, BIGNUM *z, 330296465Sdelphij BN_CTX *); 331160814Ssimonint ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, 332296465Sdelphij const BIGNUM *x, 333296465Sdelphij const BIGNUM *y, BN_CTX *); 334296465Sdelphijint ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, 335296465Sdelphij const EC_POINT *, BIGNUM *x, 336296465Sdelphij BIGNUM *y, BN_CTX *); 337160814Ssimonint ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 338296465Sdelphij const BIGNUM *x, int y_bit, 339296465Sdelphij BN_CTX *); 340296465Sdelphijsize_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, 341296465Sdelphij point_conversion_form_t form, 342296465Sdelphij unsigned char *buf, size_t len, BN_CTX *); 343109998Smarkmint ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, 344296465Sdelphij const unsigned char *buf, size_t len, BN_CTX *); 345296465Sdelphijint ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 346296465Sdelphij const EC_POINT *b, BN_CTX *); 347296465Sdelphijint ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 348296465Sdelphij BN_CTX *); 349109998Smarkmint ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 350109998Smarkmint ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 351109998Smarkmint ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 352296465Sdelphijint ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, 353296465Sdelphij BN_CTX *); 354109998Smarkmint ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 355296465Sdelphijint ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, 356296465Sdelphij EC_POINT *[], BN_CTX *); 357296465Sdelphijint ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 358296465Sdelphij const BIGNUM *b, BN_CTX *); 359296465Sdelphijint ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 360296465Sdelphij BN_CTX *); 361109998Smarkm 362109998Smarkm/* method functions in ecp_mont.c */ 363109998Smarkmint ec_GFp_mont_group_init(EC_GROUP *); 364296465Sdelphijint ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, 365296465Sdelphij const BIGNUM *b, BN_CTX *); 366109998Smarkmvoid ec_GFp_mont_group_finish(EC_GROUP *); 367109998Smarkmvoid ec_GFp_mont_group_clear_finish(EC_GROUP *); 368109998Smarkmint ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); 369296465Sdelphijint ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 370296465Sdelphij const BIGNUM *b, BN_CTX *); 371296465Sdelphijint ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 372296465Sdelphij BN_CTX *); 373296465Sdelphijint ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 374296465Sdelphij BN_CTX *); 375296465Sdelphijint ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 376296465Sdelphij BN_CTX *); 377109998Smarkmint ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); 378109998Smarkm 379109998Smarkm/* method functions in ecp_nist.c */ 380160814Ssimonint ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); 381296465Sdelphijint ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, 382296465Sdelphij const BIGNUM *b, BN_CTX *); 383296465Sdelphijint ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 384296465Sdelphij const BIGNUM *b, BN_CTX *); 385296465Sdelphijint ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 386296465Sdelphij BN_CTX *); 387160814Ssimon 388160814Ssimon/* method functions in ec2_smpl.c */ 389160814Ssimonint ec_GF2m_simple_group_init(EC_GROUP *); 390160814Ssimonvoid ec_GF2m_simple_group_finish(EC_GROUP *); 391160814Ssimonvoid ec_GF2m_simple_group_clear_finish(EC_GROUP *); 392160814Ssimonint ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); 393296465Sdelphijint ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 394296465Sdelphij const BIGNUM *a, const BIGNUM *b, 395296465Sdelphij BN_CTX *); 396296465Sdelphijint ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 397296465Sdelphij BIGNUM *b, BN_CTX *); 398160814Ssimonint ec_GF2m_simple_group_get_degree(const EC_GROUP *); 399160814Ssimonint ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 400160814Ssimonint ec_GF2m_simple_point_init(EC_POINT *); 401160814Ssimonvoid ec_GF2m_simple_point_finish(EC_POINT *); 402160814Ssimonvoid ec_GF2m_simple_point_clear_finish(EC_POINT *); 403160814Ssimonint ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); 404160814Ssimonint ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 405160814Ssimonint ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, 406296465Sdelphij const BIGNUM *x, 407296465Sdelphij const BIGNUM *y, BN_CTX *); 408296465Sdelphijint ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, 409296465Sdelphij const EC_POINT *, BIGNUM *x, 410296465Sdelphij BIGNUM *y, BN_CTX *); 411160814Ssimonint ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 412296465Sdelphij const BIGNUM *x, int y_bit, 413296465Sdelphij BN_CTX *); 414296465Sdelphijsize_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, 415296465Sdelphij point_conversion_form_t form, 416296465Sdelphij unsigned char *buf, size_t len, BN_CTX *); 417160814Ssimonint ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, 418296465Sdelphij const unsigned char *buf, size_t len, BN_CTX *); 419296465Sdelphijint ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 420296465Sdelphij const EC_POINT *b, BN_CTX *); 421296465Sdelphijint ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 422296465Sdelphij BN_CTX *); 423160814Ssimonint ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 424160814Ssimonint ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 425160814Ssimonint ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 426296465Sdelphijint ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, 427296465Sdelphij BN_CTX *); 428160814Ssimonint ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 429296465Sdelphijint ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, 430296465Sdelphij EC_POINT *[], BN_CTX *); 431296465Sdelphijint ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 432296465Sdelphij const BIGNUM *b, BN_CTX *); 433296465Sdelphijint ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 434296465Sdelphij BN_CTX *); 435296465Sdelphijint ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 436296465Sdelphij const BIGNUM *b, BN_CTX *); 437160814Ssimon 438160814Ssimon/* method functions in ec2_mult.c */ 439296465Sdelphijint ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, 440296465Sdelphij const BIGNUM *scalar, size_t num, 441296465Sdelphij const EC_POINT *points[], const BIGNUM *scalars[], 442296465Sdelphij BN_CTX *); 443160814Ssimonint ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 444160814Ssimonint ec_GF2m_have_precompute_mult(const EC_GROUP *group); 445