ec.h 48.5 KB
Newer Older
1
/* crypto/ec/ec.h */
2 3 4
/*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
N
Nils Larsch 已提交
5 6 7 8
/**
 * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
 * \author Originally written by Bodo Moeller for the OpenSSL project
 */
9
/* ====================================================================
N
Nils Larsch 已提交
10
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
B
Bodo Möller 已提交
11
 *
12 13 14
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
B
Bodo Möller 已提交
15
 *
16 17
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
B
Bodo Möller 已提交
18
 *
19 20 21 22
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
B
Bodo Möller 已提交
23
 *
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
B
Bodo Möller 已提交
60 61
 *
 */
62 63 64 65 66 67 68 69 70 71 72 73 74
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by 
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * The elliptic curve binary polynomial software is originally written by 
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */
B
Bodo Möller 已提交
75 76 77 78

#ifndef HEADER_EC_H
#define HEADER_EC_H

79 80
#include <openssl/opensslconf.h>

81
#ifdef OPENSSL_NO_EC
82
#error EC is disabled.
83 84
#endif

85
#include <openssl/asn1.h>
86
#include <openssl/symhacks.h>
87 88 89
#ifndef OPENSSL_NO_DEPRECATED
#include <openssl/bn.h>
#endif
B
Bodo Möller 已提交
90

91 92
#ifdef  __cplusplus
extern "C" {
93 94 95 96
#elif defined(__SUNPRO_C)
# if __SUNPRO_C >= 0x520
# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
# endif
97
#endif
B
Bodo Möller 已提交
98

99 100 101 102 103
  
#ifndef OPENSSL_ECC_MAX_FIELD_BITS
# define OPENSSL_ECC_MAX_FIELD_BITS 661
#endif

N
Nils Larsch 已提交
104 105
/** Enum for the point conversion form as defined in X9.62 (ECDSA)
 *  for the encoding of a elliptic curve point (x,y) */
106
typedef enum {
N
Nils Larsch 已提交
107 108
	/** the point is encoded as z||x, where the octet z specifies 
	 *  which solution of the quadratic equation y is  */
109
	POINT_CONVERSION_COMPRESSED = 2,
N
Nils Larsch 已提交
110
	/** the point is encoded as z||x||y, where z is the octet 0x02  */
111
	POINT_CONVERSION_UNCOMPRESSED = 4,
N
Nils Larsch 已提交
112 113
	/** the point is encoded as z||x||y, where the octet z specifies
         *  which solution of the quadratic equation y is  */
114 115 116 117 118 119 120 121 122 123 124 125
	POINT_CONVERSION_HYBRID = 6
} point_conversion_form_t;


typedef struct ec_method_st EC_METHOD;

typedef struct ec_group_st
	/*
	 EC_METHOD *meth;
	 -- field definition
	 -- curve coefficients
	 -- optional generator with associated information (order, cofactor)
126
	 -- optional extra data (precomputed table for fast computation of multiples of generator)
127
	 -- ASN1 stuff
128 129 130 131 132 133
	*/
	EC_GROUP;

typedef struct ec_point_st EC_POINT;


N
Nils Larsch 已提交
134 135 136 137 138 139 140
/********************************************************************/
/*               EC_METHODs for curves over GF(p)                   */       
/********************************************************************/

/** Returns the basic GFp ec methods which provides the basis for the
 *  optimized methods. 
 *  \return  EC_METHOD object
141 142
 */
const EC_METHOD *EC_GFp_simple_method(void);
N
Nils Larsch 已提交
143 144 145 146

/** Returns GFp methods using montgomery multiplication.
 *  \return  EC_METHOD object
 */
147
const EC_METHOD *EC_GFp_mont_method(void);
N
Nils Larsch 已提交
148 149 150 151

/** Returns GFp methods using optimized methods for NIST recommended curves
 *  \return  EC_METHOD object
 */
B
Bodo Möller 已提交
152
const EC_METHOD *EC_GFp_nist_method(void);
153

B
Bodo Möller 已提交
154
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
155
#ifndef OPENSSL_SYS_WIN32
156 157 158 159
/** Returns 64-bit optimized methods for nistp224
 *  \return  EC_METHOD object
 */
const EC_METHOD *EC_GFp_nistp224_method(void);
160 161 162 163 164 165 166 167 168 169

/** Returns 64-bit optimized methods for nistp256
 *  \return  EC_METHOD object
 */
const EC_METHOD *EC_GFp_nistp256_method(void);

/** Returns 64-bit optimized methods for nistp521
 *  \return  EC_METHOD object
 */
const EC_METHOD *EC_GFp_nistp521_method(void);
170
#endif
171
#endif
N
Nils Larsch 已提交
172

173
#ifndef OPENSSL_NO_EC2M
N
Nils Larsch 已提交
174 175 176 177 178 179
/********************************************************************/ 
/*           EC_METHOD for curves over GF(2^m)                      */
/********************************************************************/

/** Returns the basic GF2m ec method 
 *  \return  EC_METHOD object
180 181 182
 */
const EC_METHOD *EC_GF2m_simple_method(void);

183 184
#endif

185

N
Nils Larsch 已提交
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237
/********************************************************************/
/*                   EC_GROUP functions                             */
/********************************************************************/

/** Creates a new EC_GROUP object
 *  \param   meth  EC_METHOD to use
 *  \return  newly created EC_GROUP object or NULL in case of an error.
 */
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);

/** Frees a EC_GROUP object
 *  \param  group  EC_GROUP object to be freed.
 */
void EC_GROUP_free(EC_GROUP *group);

/** Clears and frees a EC_GROUP object
 *  \param  group  EC_GROUP object to be cleared and freed.
 */
void EC_GROUP_clear_free(EC_GROUP *group);

/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
 *  \param  dst  destination EC_GROUP object
 *  \param  src  source EC_GROUP object
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);

/** Creates a new EC_GROUP object and copies the copies the content
 *  form src to the newly created EC_KEY object
 *  \param  src  source EC_GROUP object
 *  \return newly created EC_GROUP object or NULL in case of an error.
 */
EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);

/** Returns the EC_METHOD of the EC_GROUP object.
 *  \param  group  EC_GROUP object 
 *  \return EC_METHOD used in this EC_GROUP object.
 */
const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);

/** Returns the field type of the EC_METHOD.
 *  \param  meth  EC_METHOD object
 *  \return NID of the underlying field type OID.
 */
int EC_METHOD_get_field_type(const EC_METHOD *meth);

/** Sets the generator and it's order/cofactor of a EC_GROUP object.
 *  \param  group      EC_GROUP object 
 *  \param  generator  EC_POINT object with the generator.
 *  \param  order      the order of the group generated by the generator.
 *  \param  cofactor   the index of the sub-group generated by the generator
 *                     in the group of all points on the elliptic curve.
238
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
239 240 241 242 243 244 245 246 247
 */
int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);

/** Returns the generator of a EC_GROUP object.
 *  \param  group  EC_GROUP object
 *  \return the currently used generator (possibly NULL).
 */
const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);

248 249 250 251 252 253
/** Returns the montgomery data for order(Generator)
 *  \param  group  EC_GROUP object
 *  \return the currently used generator (possibly NULL).
*/
BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);

N
Nils Larsch 已提交
254 255 256 257
/** Gets the order of a EC_GROUP
 *  \param  group  EC_GROUP object
 *  \param  order  BIGNUM to which the order is copied
 *  \param  ctx    BN_CTX object (optional)
258
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
259 260
 */
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
261

N
Nils Larsch 已提交
262 263 264 265
/** Gets the cofactor of a EC_GROUP
 *  \param  group     EC_GROUP object
 *  \param  cofactor  BIGNUM to which the cofactor is copied
 *  \param  ctx       BN_CTX object (optional)
266
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
267 268
 */
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
269

N
Nils Larsch 已提交
270 271 272 273 274
/** Sets the name of a EC_GROUP object
 *  \param  group  EC_GROUP object
 *  \param  nid    NID of the curve name OID
 */
void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
275

N
Nils Larsch 已提交
276 277 278 279 280
/** Returns the curve name of a EC_GROUP object
 *  \param  group  EC_GROUP object
 *  \return NID of the curve name OID or 0 if not set.
 */
int EC_GROUP_get_curve_name(const EC_GROUP *group);
B
Bodo Möller 已提交
281

N
Nils Larsch 已提交
282 283
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
284

285
void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
286 287
point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);

288
unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
289 290
size_t EC_GROUP_get_seed_len(const EC_GROUP *);
size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
291

N
Nils Larsch 已提交
292 293 294 295 296 297
/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
 *  \param  group  EC_GROUP object
 *  \param  p      BIGNUM with the prime number
 *  \param  a      BIGNUM with parameter a of the equation
 *  \param  b      BIGNUM with parameter b of the equation
 *  \param  ctx    BN_CTX object (optional)
298
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
299 300 301 302 303 304 305 306 307
 */
int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);

/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
 *  \param  group  EC_GROUP object
 *  \param  p      BIGNUM for the prime number
 *  \param  a      BIGNUM for parameter a of the equation
 *  \param  b      BIGNUM for parameter b of the equation
 *  \param  ctx    BN_CTX object (optional)
308
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
309 310 311
 */
int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);

312
#ifndef OPENSSL_NO_EC2M
N
Nils Larsch 已提交
313 314 315 316 317 318
/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
 *  \param  group  EC_GROUP object
 *  \param  p      BIGNUM with the polynomial defining the underlying field
 *  \param  a      BIGNUM with parameter a of the equation
 *  \param  b      BIGNUM with parameter b of the equation
 *  \param  ctx    BN_CTX object (optional)
319
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
320 321 322 323 324 325 326 327 328
 */
int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);

/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
 *  \param  group  EC_GROUP object
 *  \param  p      BIGNUM for the polynomial defining the underlying field
 *  \param  a      BIGNUM for parameter a of the equation
 *  \param  b      BIGNUM for parameter b of the equation
 *  \param  ctx    BN_CTX object (optional)
329
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
330 331
 */
int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
332
#endif
N
Nils Larsch 已提交
333 334 335 336 337
/** Returns the number of bits needed to represent a field element 
 *  \param  group  EC_GROUP object
 *  \return number of bits needed to represent a field element
 */
int EC_GROUP_get_degree(const EC_GROUP *group);
338

N
Nils Larsch 已提交
339 340 341 342 343
/** Checks whether the parameter in the EC_GROUP define a valid ec group
 *  \param  group  EC_GROUP object
 *  \param  ctx    BN_CTX object (optional)
 *  \return 1 if group is a valid ec group and 0 otherwise
 */
B
Bodo Möller 已提交
344
int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
B
Bodo Möller 已提交
345

N
Nils Larsch 已提交
346 347 348 349 350 351 352 353 354 355 356 357 358 359
/** Checks whether the discriminant of the elliptic curve is zero or not
 *  \param  group  EC_GROUP object
 *  \param  ctx    BN_CTX object (optional)
 *  \return 1 if the discriminant is not zero and 0 otherwise
 */
int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);

/** Compares two EC_GROUP objects
 *  \param  a    first EC_GROUP object
 *  \param  b    second EC_GROUP object
 *  \param  ctx  BN_CTX object (optional)
 *  \return 0 if both groups are equal and 1 otherwise
 */
int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
360

361
/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
B
Bodo Möller 已提交
362 363
 * after choosing an appropriate EC_METHOD */

N
Nils Larsch 已提交
364 365 366 367 368 369 370 371 372
/** Creates a new EC_GROUP object with the specified parameters defined
 *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
 *  \param  p    BIGNUM with the prime number
 *  \param  a    BIGNUM with the parameter a of the equation
 *  \param  b    BIGNUM with the parameter b of the equation
 *  \param  ctx  BN_CTX object (optional)
 *  \return newly created EC_GROUP object with the specified parameters
 */
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
373
#ifndef OPENSSL_NO_EC2M
N
Nils Larsch 已提交
374 375 376 377 378 379 380 381 382
/** Creates a new EC_GROUP object with the specified parameters defined
 *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
 *  \param  p    BIGNUM with the polynomial defining the underlying field
 *  \param  a    BIGNUM with the parameter a of the equation
 *  \param  b    BIGNUM with the parameter b of the equation
 *  \param  ctx  BN_CTX object (optional)
 *  \return newly created EC_GROUP object with the specified parameters
 */
EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
383
#endif
N
Nils Larsch 已提交
384 385 386 387 388
/** Creates a EC_GROUP object with a curve specified by a NID
 *  \param  nid  NID of the OID of the curve name
 *  \return newly created EC_GROUP object with specified curve or NULL
 *          if an error occurred
 */
389
EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
N
Nils Larsch 已提交
390 391 392 393 394 395


/********************************************************************/
/*               handling of internal curves                        */
/********************************************************************/

396 397 398 399
typedef struct { 
	int nid;
	const char *comment;
	} EC_builtin_curve;
N
Nils Larsch 已提交
400

401 402 403 404 405
/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
 * of all available curves or zero if a error occurred. 
 * In case r ist not zero nitems EC_builtin_curve structures 
 * are filled with the data of the first nitems internal groups */
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
406

407 408
const char *EC_curve_nid2nist(int nid);
int EC_curve_nist2nid(const char *name);
B
Bodo Möller 已提交
409

N
Nils Larsch 已提交
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432
/********************************************************************/
/*                    EC_POINT functions                            */
/********************************************************************/

/** Creates a new EC_POINT object for the specified EC_GROUP
 *  \param  group  EC_GROUP the underlying EC_GROUP object
 *  \return newly created EC_POINT object or NULL if an error occurred
 */
EC_POINT *EC_POINT_new(const EC_GROUP *group);

/** Frees a EC_POINT object
 *  \param  point  EC_POINT object to be freed
 */
void EC_POINT_free(EC_POINT *point);

/** Clears and frees a EC_POINT object
 *  \param  point  EC_POINT object to be cleared and freed
 */
void EC_POINT_clear_free(EC_POINT *point);

/** Copies EC_POINT object
 *  \param  dst  destination EC_POINT object
 *  \param  src  source EC_POINT object
433
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
434 435
 */
int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
B
Bodo Möller 已提交
436

N
Nils Larsch 已提交
437 438 439 440 441 442 443
/** Creates a new EC_POINT object and copies the content of the supplied
 *  EC_POINT
 *  \param  src    source EC_POINT object
 *  \param  group  underlying the EC_GROUP object
 *  \return newly created EC_POINT object or NULL if an error occurred 
 */
EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
444
 
N
Nils Larsch 已提交
445 446 447 448 449 450 451 452 453
/** Returns the EC_METHOD used in EC_POINT object 
 *  \param  point  EC_POINT object
 *  \return the EC_METHOD used
 */
const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);

/** Sets a point to infinity (neutral element)
 *  \param  group  underlying EC_GROUP object
 *  \param  point  EC_POINT to set to infinity
454
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
455 456 457 458 459 460 461 462 463 464
 */
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);

/** Sets the jacobian projective coordinates of a EC_POINT over GFp
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM with the x-coordinate
 *  \param  y      BIGNUM with the y-coordinate
 *  \param  z      BIGNUM with the z-coordinate
 *  \param  ctx    BN_CTX object (optional)
465
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
466 467 468 469 470 471 472 473 474 475 476
 */
int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);

/** Gets the jacobian projective coordinates of a EC_POINT over GFp
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM for the x-coordinate
 *  \param  y      BIGNUM for the y-coordinate
 *  \param  z      BIGNUM for the z-coordinate
 *  \param  ctx    BN_CTX object (optional)
477
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
478 479 480 481 482 483 484 485 486 487
 */
int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);

/** Sets the affine coordinates of a EC_POINT over GFp
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM with the x-coordinate
 *  \param  y      BIGNUM with the y-coordinate
 *  \param  ctx    BN_CTX object (optional)
488
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
489 490 491 492 493 494 495 496 497 498
 */
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);

/** Gets the affine coordinates of a EC_POINT over GFp
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM for the x-coordinate
 *  \param  y      BIGNUM for the y-coordinate
 *  \param  ctx    BN_CTX object (optional)
499
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
500 501 502 503 504 505 506 507 508 509
 */
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);

/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM with x-coordinate
 *  \param  y_bit  integer with the y-Bit (either 0 or 1)
 *  \param  ctx    BN_CTX object (optional)
510
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
511 512 513
 */
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
	const BIGNUM *x, int y_bit, BN_CTX *ctx);
514
#ifndef OPENSSL_NO_EC2M
N
Nils Larsch 已提交
515 516 517 518 519 520
/** Sets the affine coordinates of a EC_POINT over GF2m
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM with the x-coordinate
 *  \param  y      BIGNUM with the y-coordinate
 *  \param  ctx    BN_CTX object (optional)
521
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
522 523 524 525 526 527 528 529 530 531
 */
int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);

/** Gets the affine coordinates of a EC_POINT over GF2m
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM for the x-coordinate
 *  \param  y      BIGNUM for the y-coordinate
 *  \param  ctx    BN_CTX object (optional)
532
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
533 534 535 536 537 538 539 540 541 542
 */
int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);

/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  x      BIGNUM with x-coordinate
 *  \param  y_bit  integer with the y-Bit (either 0 or 1)
 *  \param  ctx    BN_CTX object (optional)
543
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
544 545 546
 */
int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
	const BIGNUM *x, int y_bit, BN_CTX *ctx);
547
#endif
N
Nils Larsch 已提交
548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567
/** Encodes a EC_POINT object to a octet string
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  form   point conversion form
 *  \param  buf    memory buffer for the result. If NULL the function returns
 *                 required buffer size.
 *  \param  len    length of the memory buffer
 *  \param  ctx    BN_CTX object (optional)
 *  \return the length of the encoded octet string or 0 if an error occurred
 */
size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
	point_conversion_form_t form,
        unsigned char *buf, size_t len, BN_CTX *ctx);

/** Decodes a EC_POINT from a octet string
 *  \param  group  underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \param  buf    memory buffer with the encoded ec point
 *  \param  len    length of the encoded ec point
 *  \param  ctx    BN_CTX object (optional)
568
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
569 570 571
 */
int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
        const unsigned char *buf, size_t len, BN_CTX *ctx);
572

573 574 575 576 577 578 579 580 581 582
/* other interfaces to point2oct/oct2point: */
BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
	point_conversion_form_t form, BIGNUM *, BN_CTX *);
EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
	EC_POINT *, BN_CTX *);
char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
	point_conversion_form_t form, BN_CTX *);
EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
	EC_POINT *, BN_CTX *);

583

N
Nils Larsch 已提交
584 585 586 587 588 589 590 591 592 593
/********************************************************************/
/*         functions for doing EC_POINT arithmetic                  */
/********************************************************************/

/** Computes the sum of two EC_POINT 
 *  \param  group  underlying EC_GROUP object
 *  \param  r      EC_POINT object for the result (r = a + b)
 *  \param  a      EC_POINT object with the first summand
 *  \param  b      EC_POINT object with the second summand
 *  \param  ctx    BN_CTX object (optional)
594
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
595 596 597 598 599 600 601 602
 */
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);

/** Computes the double of a EC_POINT
 *  \param  group  underlying EC_GROUP object
 *  \param  r      EC_POINT object for the result (r = 2 * a)
 *  \param  a      EC_POINT object 
 *  \param  ctx    BN_CTX object (optional)
603
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
604 605 606 607 608 609 610
 */
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);

/** Computes the inverse of a EC_POINT
 *  \param  group  underlying EC_GROUP object
 *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
 *  \param  ctx    BN_CTX object (optional)
611
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637
 */
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);

/** Checks whether the point is the neutral element of the group
 *  \param  group  the underlying EC_GROUP object
 *  \param  p      EC_POINT object
 *  \return 1 if the point is the neutral element and 0 otherwise
 */
int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);

/** Checks whether the point is on the curve 
 *  \param  group  underlying EC_GROUP object
 *  \param  point  EC_POINT object to check
 *  \param  ctx    BN_CTX object (optional)
 *  \return 1 if point if on the curve and 0 otherwise
 */
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);

/** Compares two EC_POINTs 
 *  \param  group  underlying EC_GROUP object
 *  \param  a      first EC_POINT object
 *  \param  b      second EC_POINT object
 *  \param  ctx    BN_CTX object (optional)
 *  \return 0 if both points are equal and a value != 0 otherwise
 */
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
B
Bodo Möller 已提交
638

639 640
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
B
Bodo Möller 已提交
641

642
/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
N
Nils Larsch 已提交
643 644 645 646 647 648 649
 *  \param  group  underlying EC_GROUP object
 *  \param  r      EC_POINT object for the result
 *  \param  n      BIGNUM with the multiplier for the group generator (optional)
 *  \param  num    number futher summands
 *  \param  p      array of size num of EC_POINT objects
 *  \param  m      array of size num of BIGNUM objects
 *  \param  ctx    BN_CTX object (optional)
650
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
651 652 653 654 655 656 657 658 659 660
 */
int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);

/** Computes r = generator * n + q * m
 *  \param  group  underlying EC_GROUP object
 *  \param  r      EC_POINT object for the result
 *  \param  n      BIGNUM with the multiplier for the group generator (optional)
 *  \param  q      EC_POINT object with the first factor of the second summand
 *  \param  m      BIGNUM with the second factor of the second summand
 *  \param  ctx    BN_CTX object (optional)
661
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
662 663
 */
int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
664

N
Nils Larsch 已提交
665 666 667
/** Stores multiples of generator for faster point multiplication
 *  \param  group  EC_GROUP object
 *  \param  ctx    BN_CTX object (optional)
668
 *  \return 1 on success and 0 if an error occurred
N
Nils Larsch 已提交
669 670
 */
int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
B
Bodo Möller 已提交
671

N
Nils Larsch 已提交
672 673 674 675 676
/** Reports whether a precomputation has been done
 *  \param  group  EC_GROUP object
 *  \return 1 if a pre-computation has been done and 0 otherwise
 */
int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
B
Bodo Möller 已提交
677 678


N
Nils Larsch 已提交
679 680 681
/********************************************************************/
/*                       ASN1 stuff                                 */
/********************************************************************/
682 683

/* EC_GROUP_get_basis_type() returns the NID of the basis type
684 685
 * used to represent the field elements */
int EC_GROUP_get_basis_type(const EC_GROUP *);
686
#ifndef OPENSSL_NO_EC2M
687 688
int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
689
	unsigned int *k2, unsigned int *k3);
690
#endif
691

B
Bodo Möller 已提交
692
#define OPENSSL_EC_NAMED_CURVE	0x001
693 694 695

typedef struct ecpk_parameters_st ECPKPARAMETERS;

696
EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
697 698
int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);

699 700
#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
701 702 703 704
#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
		(unsigned char *)(x))
705

706 707 708 709 710 711 712
#ifndef OPENSSL_NO_BIO
int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
#endif
#ifndef OPENSSL_NO_FP_API
int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
#endif

N
Nils Larsch 已提交
713 714 715 716 717

/********************************************************************/
/*                      EC_KEY functions                            */
/********************************************************************/

718 719 720 721 722 723
typedef struct ec_key_st EC_KEY;

/* some values for the encoding_flag */
#define EC_PKEY_NO_PARAMETERS	0x001
#define EC_PKEY_NO_PUBKEY	0x002

724 725 726 727
/* some values for the flags field */
#define EC_FLAG_NON_FIPS_ALLOW	0x1
#define EC_FLAG_FIPS_CHECKED	0x2

N
Nils Larsch 已提交
728 729 730
/** Creates a new EC_KEY object.
 *  \return EC_KEY object or NULL if an error occurred.
 */
731
EC_KEY *EC_KEY_new(void);
N
Nils Larsch 已提交
732

733 734 735 736 737 738
int EC_KEY_get_flags(const EC_KEY *key);

void EC_KEY_set_flags(EC_KEY *key, int flags);

void EC_KEY_clear_flags(EC_KEY *key, int flags);

N
Nils Larsch 已提交
739 740 741 742 743
/** Creates a new EC_KEY object using a named curve as underlying
 *  EC_GROUP object.
 *  \param  nid  NID of the named curve.
 *  \return EC_KEY object or NULL if an error occurred. 
 */
N
Nils Larsch 已提交
744
EC_KEY *EC_KEY_new_by_curve_name(int nid);
N
Nils Larsch 已提交
745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812

/** Frees a EC_KEY object.
 *  \param  key  EC_KEY object to be freed.
 */
void EC_KEY_free(EC_KEY *key);

/** Copies a EC_KEY object.
 *  \param  dst  destination EC_KEY object
 *  \param  src  src EC_KEY object
 *  \return dst or NULL if an error occurred.
 */
EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);

/** Creates a new EC_KEY object and copies the content from src to it.
 *  \param  src  the source EC_KEY object
 *  \return newly created EC_KEY object or NULL if an error occurred.
 */
EC_KEY *EC_KEY_dup(const EC_KEY *src);

/** Increases the internal reference count of a EC_KEY object.
 *  \param  key  EC_KEY object
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_up_ref(EC_KEY *key);

/** Returns the EC_GROUP object of a EC_KEY object
 *  \param  key  EC_KEY object
 *  \return the EC_GROUP object (possibly NULL).
 */
const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);

/** Sets the EC_GROUP of a EC_KEY object.
 *  \param  key    EC_KEY object
 *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
 *                 object will use an own copy of the EC_GROUP).
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);

/** Returns the private key of a EC_KEY object.
 *  \param  key  EC_KEY object
 *  \return a BIGNUM with the private key (possibly NULL).
 */
const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);

/** Sets the private key of a EC_KEY object.
 *  \param  key  EC_KEY object
 *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
 *               will use an own copy of the BIGNUM).
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);

/** Returns the public key of a EC_KEY object.
 *  \param  key  the EC_KEY object
 *  \return a EC_POINT object with the public key (possibly NULL)
 */
const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);

/** Sets the public key of a EC_KEY object.
 *  \param  key  EC_KEY object
 *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
 *               will use an own copy of the EC_POINT object).
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);

unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
813 814 815
void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
N
Nils Larsch 已提交
816
/* functions to set/get method specific data  */
817
void *EC_KEY_get_key_method_data(EC_KEY *key, 
N
Nils Larsch 已提交
818
	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
B
Bodo Möller 已提交
819 820 821 822 823 824 825 826 827
/** Sets the key method data of an EC_KEY object, if none has yet been set.
 *  \param  key              EC_KEY object
 *  \param  data             opaque data to install.
 *  \param  dup_func         a function that duplicates |data|.
 *  \param  free_func        a function that frees |data|.
 *  \param  clear_free_func  a function that wipes and frees |data|.
 *  \return the previously set data pointer, or NULL if |data| was inserted.
 */
void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
N
Nils Larsch 已提交
828 829
	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
/* wrapper functions for the underlying EC_GROUP object */
830
void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
N
Nils Larsch 已提交
831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851

/** Creates a table of pre-computed multiples of the generator to 
 *  accelerate further EC_KEY operations.
 *  \param  key  EC_KEY object
 *  \param  ctx  BN_CTX object (optional)
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);

/** Creates a new ec private (and optional a new public) key.
 *  \param  key  EC_KEY object
 *  \return 1 on success and 0 if an error occurred.
 */
int EC_KEY_generate_key(EC_KEY *key);

/** Verifies that a private and/or public key is valid.
 *  \param  key  the EC_KEY object
 *  \return 1 on success and 0 otherwise.
 */
int EC_KEY_check_key(const EC_KEY *key);

852
/** Sets a public key from affine coordindates performing
853
 *  necessary NIST PKV tests.
854 855 856 857 858 859 860
 *  \param  key  the EC_KEY object
 *  \param  x    public key x coordinate
 *  \param  y    public key y coordinate
 *  \return 1 on success and 0 otherwise.
 */
int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);

N
Nils Larsch 已提交
861 862 863 864 865 866 867 868 869 870 871

/********************************************************************/
/*        de- and encoding functions for SEC1 ECPrivateKey          */
/********************************************************************/

/** Decodes a private key from a memory buffer.
 *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
 *  \param  in   pointer to memory with the DER encoded private key
 *  \param  len  length of the DER encoded private key
 *  \return the decoded private key or NULL if an error occurred.
 */
872
EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
N
Nils Larsch 已提交
873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896

/** Encodes a private key object and stores the result in a buffer.
 *  \param  key  the EC_KEY object to encode
 *  \param  out  the buffer for the result (if NULL the function returns number
 *               of bytes needed).
 *  \return 1 on success and 0 if an error occurred.
 */
int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);


/********************************************************************/
/*        de- and encoding functions for EC parameters              */
/********************************************************************/

/** Decodes ec parameter from a memory buffer.
 *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
 *  \param  in   pointer to memory with the DER encoded ec parameters
 *  \param  len  length of the DER encoded ec parameters
 *  \return a EC_KEY object with the decoded parameters or NULL if an error
 *          occurred.
 */
EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);

/** Encodes ec parameter and stores the result in a buffer.
897
 *  \param  key  the EC_KEY object with ec parameters to encode
N
Nils Larsch 已提交
898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925
 *  \param  out  the buffer for the result (if NULL the function returns number
 *               of bytes needed).
 *  \return 1 on success and 0 if an error occurred.
 */
int i2d_ECParameters(EC_KEY *key, unsigned char **out);


/********************************************************************/
/*         de- and encoding functions for EC public key             */
/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
/********************************************************************/

/** Decodes a ec public key from a octet string.
 *  \param  key  a pointer to a EC_KEY object which should be used
 *  \param  in   memory buffer with the encoded public key
 *  \param  len  length of the encoded public key
 *  \return EC_KEY object with decoded public key or NULL if an error
 *          occurred.
 */
EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);

/** Encodes a ec public key in an octet string.
 *  \param  key  the EC_KEY object with the public key
 *  \param  out  the buffer for the result (if NULL the function returns number
 *               of bytes needed).
 *  \return 1 on success and 0 if an error occurred
 */
int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
926 927

#ifndef OPENSSL_NO_BIO
N
Nils Larsch 已提交
928 929 930 931 932 933 934 935 936 937 938 939 940 941 942
/** Prints out the ec parameters on human readable form.
 *  \param  bp   BIO object to which the information is printed
 *  \param  key  EC_KEY object
 *  \return 1 on success and 0 if an error occurred
 */
int	ECParameters_print(BIO *bp, const EC_KEY *key);

/** Prints out the contents of a EC_KEY object
 *  \param  bp   BIO object to which the information is printed
 *  \param  key  EC_KEY object
 *  \param  off  line offset 
 *  \return 1 on success and 0 if an error occurred
 */
int	EC_KEY_print(BIO *bp, const EC_KEY *key, int off);

943 944
#endif
#ifndef OPENSSL_NO_FP_API
N
Nils Larsch 已提交
945 946 947 948 949 950 951 952 953 954 955 956 957 958 959
/** Prints out the ec parameters on human readable form.
 *  \param  fp   file descriptor to which the information is printed
 *  \param  key  EC_KEY object
 *  \return 1 on success and 0 if an error occurred
 */
int	ECParameters_print_fp(FILE *fp, const EC_KEY *key);

/** Prints out the contents of a EC_KEY object
 *  \param  fp   file descriptor to which the information is printed
 *  \param  key  EC_KEY object
 *  \param  off  line offset 
 *  \return 1 on success and 0 if an error occurred
 */
int	EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);

960
#endif
961

962
#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
963

D
Dr. Stephen Henson 已提交
964 965 966 967 968 969 970 971
#ifndef __cplusplus
#if defined(__SUNPRO_C)
#  if __SUNPRO_C >= 0x520
# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
#  endif
# endif
#endif

972
#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
973 974
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
975 976
				EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)

977 978 979 980
#define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
				EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
981

D
Dr. Stephen Henson 已提交
982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031
#define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)

#define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)

#define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)

#define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)

#define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md)

#define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd)

#define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)

#define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
			EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen)

#define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p)

#define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
				EVP_PKEY_OP_DERIVE, \
				EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p)

1032
#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID		(EVP_PKEY_ALG_CTRL + 1)
1033
#define EVP_PKEY_CTRL_EC_PARAM_ENC			(EVP_PKEY_ALG_CTRL + 2)
D
Dr. Stephen Henson 已提交
1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044
#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR			(EVP_PKEY_ALG_CTRL + 3)
#define EVP_PKEY_CTRL_EC_KDF_TYPE			(EVP_PKEY_ALG_CTRL + 4)
#define EVP_PKEY_CTRL_EC_KDF_MD				(EVP_PKEY_ALG_CTRL + 5)
#define EVP_PKEY_CTRL_GET_EC_KDF_MD			(EVP_PKEY_ALG_CTRL + 6)
#define EVP_PKEY_CTRL_EC_KDF_OUTLEN			(EVP_PKEY_ALG_CTRL + 7)
#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN			(EVP_PKEY_ALG_CTRL + 8)
#define EVP_PKEY_CTRL_EC_KDF_UKM			(EVP_PKEY_ALG_CTRL + 9)
#define EVP_PKEY_CTRL_GET_EC_KDF_UKM			(EVP_PKEY_ALG_CTRL + 10)
/* KDF types */
#define EVP_PKEY_ECDH_KDF_NONE				1
#define EVP_PKEY_ECDH_KDF_X9_62				2
1045

1046 1047 1048 1049
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
1050
void ERR_load_EC_strings(void);
B
Bodo Möller 已提交
1051

1052
/* Error codes for the EC functions. */
B
Bodo Möller 已提交
1053

1054
/* Function codes. */
1055
#define EC_F_BN_TO_FELEM				 224
B
Bodo Möller 已提交
1056
#define EC_F_COMPUTE_WNAF				 143
1057 1058 1059
#define EC_F_D2I_ECPARAMETERS				 144
#define EC_F_D2I_ECPKPARAMETERS				 145
#define EC_F_D2I_ECPRIVATEKEY				 146
1060
#define EC_F_DO_EC_KEY_PRINT				 221
D
Dr. Stephen Henson 已提交
1061 1062
#define EC_F_ECDH_CMS_DECRYPT				 238
#define EC_F_ECDH_CMS_SET_SHARED_INFO			 239
1063
#define EC_F_ECKEY_PARAM2TYPE				 223
1064 1065 1066 1067 1068 1069
#define EC_F_ECKEY_PARAM_DECODE				 212
#define EC_F_ECKEY_PRIV_DECODE				 213
#define EC_F_ECKEY_PRIV_ENCODE				 214
#define EC_F_ECKEY_PUB_DECODE				 215
#define EC_F_ECKEY_PUB_ENCODE				 216
#define EC_F_ECKEY_TYPE2PARAM				 220
1070 1071 1072 1073
#define EC_F_ECPARAMETERS_PRINT				 147
#define EC_F_ECPARAMETERS_PRINT_FP			 148
#define EC_F_ECPKPARAMETERS_PRINT			 149
#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
B
Bodo Möller 已提交
1074 1075 1076 1077
#define EC_F_ECP_NIST_MOD_192				 203
#define EC_F_ECP_NIST_MOD_224				 204
#define EC_F_ECP_NIST_MOD_256				 205
#define EC_F_ECP_NIST_MOD_521				 206
1078 1079 1080 1081
#define EC_F_EC_ASN1_GROUP2CURVE			 153
#define EC_F_EC_ASN1_GROUP2FIELDID			 154
#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
1082
#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
1083
#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
1084
#define EC_F_EC_EX_DATA_SET_DATA			 211
1085
#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY		 208
1086
#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159
1087
#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195
1088 1089 1090 1091 1092
#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160
#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161
#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164
B
Bodo Möller 已提交
1093 1094 1095
#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133
#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
#define EC_F_EC_GFP_MONT_FIELD_MUL			 131
1096
#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE		 209
B
Bodo Möller 已提交
1097
#define EC_F_EC_GFP_MONT_FIELD_SQR			 132
1098 1099
#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE		 189
#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP		 135
1100 1101 1102
#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE		 225
#define EC_F_EC_GFP_NISTP224_POINTS_MUL			 228
#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
1103 1104 1105 1106 1107 1108
#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE		 230
#define EC_F_EC_GFP_NISTP256_POINTS_MUL			 231
#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE		 233
#define EC_F_EC_GFP_NISTP521_POINTS_MUL			 234
#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
B
Bodo Möller 已提交
1109 1110
#define EC_F_EC_GFP_NIST_FIELD_MUL			 200
#define EC_F_EC_GFP_NIST_FIELD_SQR			 201
1111
#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE		 202
1112 1113 1114
#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165
#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166
#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
1115 1116 1117 1118
#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103
#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104
1119
#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137
1120 1121 1122 1123 1124 1125 1126 1127
#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167
#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168
#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169
#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
#define EC_F_EC_GROUP_CHECK				 170
#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171
1128
#define EC_F_EC_GROUP_COPY				 106
1129 1130
#define EC_F_EC_GROUP_GET0_GENERATOR			 139
#define EC_F_EC_GROUP_GET_COFACTOR			 140
1131
#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172
1132
#define EC_F_EC_GROUP_GET_CURVE_GFP			 130
1133
#define EC_F_EC_GROUP_GET_DEGREE			 173
1134
#define EC_F_EC_GROUP_GET_ORDER				 141
1135 1136
#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193
#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194
1137
#define EC_F_EC_GROUP_NEW				 108
1138
#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME			 174
1139
#define EC_F_EC_GROUP_NEW_FROM_DATA			 175
1140
#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
1141
#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176
1142
#define EC_F_EC_GROUP_SET_CURVE_GFP			 109
1143
#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
1144
#define EC_F_EC_GROUP_SET_GENERATOR			 111
1145 1146 1147
#define EC_F_EC_KEY_CHECK_KEY				 177
#define EC_F_EC_KEY_COPY				 178
#define EC_F_EC_KEY_GENERATE_KEY			 179
1148
#define EC_F_EC_KEY_NEW					 182
1149 1150
#define EC_F_EC_KEY_PRINT				 180
#define EC_F_EC_KEY_PRINT_FP				 181
1151
#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES	 229
1152
#define EC_F_EC_POINTS_MAKE_AFFINE			 136
1153 1154 1155 1156
#define EC_F_EC_POINT_ADD				 112
#define EC_F_EC_POINT_CMP				 113
#define EC_F_EC_POINT_COPY				 114
#define EC_F_EC_POINT_DBL				 115
1157
#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183
1158 1159
#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116
#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117
1160
#define EC_F_EC_POINT_INVERT				 210
1161 1162 1163
#define EC_F_EC_POINT_IS_AT_INFINITY			 118
#define EC_F_EC_POINT_IS_ON_CURVE			 119
#define EC_F_EC_POINT_MAKE_AFFINE			 120
1164
#define EC_F_EC_POINT_MUL				 184
1165 1166 1167
#define EC_F_EC_POINT_NEW				 121
#define EC_F_EC_POINT_OCT2POINT				 122
#define EC_F_EC_POINT_POINT2OCT				 123
1168
#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185
1169
#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124
1170
#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186
B
Bodo Möller 已提交
1171 1172
#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125
#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126
1173
#define EC_F_EC_POINT_SET_TO_INFINITY			 127
1174
#define EC_F_EC_PRE_COMP_DUP				 207
1175
#define EC_F_EC_PRE_COMP_NEW				 196
1176 1177 1178 1179 1180
#define EC_F_EC_WNAF_MUL				 187
#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188
#define EC_F_I2D_ECPARAMETERS				 190
#define EC_F_I2D_ECPKPARAMETERS				 191
#define EC_F_I2D_ECPRIVATEKEY				 192
1181
#define EC_F_I2O_ECPUBLICKEY				 151
1182
#define EC_F_NISTP224_PRE_COMP_NEW			 227
1183 1184
#define EC_F_NISTP256_PRE_COMP_NEW			 236
#define EC_F_NISTP521_PRE_COMP_NEW			 237
1185 1186 1187 1188 1189
#define EC_F_ECP_NISTZ256_GET_AFFINE			 240
#define EC_F_ECP_NISTZ256_POINTS_MUL			 241
#define EC_F_ECP_NISTZ256_WINDOWED_MUL			 242
#define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE		 243
#define EC_F_ECP_NISTZ256_PRE_COMP_NEW			 244
1190
#define EC_F_O2I_ECPUBLICKEY				 152
1191
#define EC_F_OLD_EC_PRIV_DECODE				 222
1192 1193 1194 1195 1196 1197
#define EC_F_PKEY_EC_CTRL				 197
#define EC_F_PKEY_EC_CTRL_STR				 198
#define EC_F_PKEY_EC_DERIVE				 217
#define EC_F_PKEY_EC_KEYGEN				 199
#define EC_F_PKEY_EC_PARAMGEN				 219
#define EC_F_PKEY_EC_SIGN				 218
B
Bodo Möller 已提交
1198

1199
/* Reason codes. */
1200 1201
#define EC_R_ASN1_ERROR					 115
#define EC_R_ASN1_UNKNOWN_FIELD				 116
1202
#define EC_R_BIGNUM_OUT_OF_RANGE			 144
1203
#define EC_R_BUFFER_TOO_SMALL				 100
1204
#define EC_R_COORDINATES_OUT_OF_RANGE			 146
1205
#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117
1206
#define EC_R_DECODE_ERROR				 142
B
Bodo Möller 已提交
1207
#define EC_R_DISCRIMINANT_IS_ZERO			 118
1208
#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119
B
Ben Laurie 已提交
1209
#define EC_R_FIELD_TOO_LARGE				 143
1210
#define EC_R_GF2M_NOT_SUPPORTED				 147
1211 1212
#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120
#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121
1213
#define EC_R_INCOMPATIBLE_OBJECTS			 101
1214
#define EC_R_INVALID_ARGUMENT				 112
1215 1216
#define EC_R_INVALID_COMPRESSED_POINT			 110
#define EC_R_INVALID_COMPRESSION_BIT			 109
1217
#define EC_R_INVALID_CURVE				 141
D
Dr. Stephen Henson 已提交
1218
#define EC_R_INVALID_DIGEST				 151
1219
#define EC_R_INVALID_DIGEST_TYPE			 138
1220
#define EC_R_INVALID_ENCODING				 102
1221 1222
#define EC_R_INVALID_FIELD				 103
#define EC_R_INVALID_FORM				 104
1223
#define EC_R_INVALID_GROUP_ORDER			 122
1224
#define EC_R_INVALID_PENTANOMIAL_BASIS			 132
1225
#define EC_R_INVALID_PRIVATE_KEY			 123
1226
#define EC_R_INVALID_TRINOMIAL_BASIS			 137
D
Dr. Stephen Henson 已提交
1227
#define EC_R_KDF_PARAMETER_ERROR			 148
1228
#define EC_R_KEYS_NOT_SET				 140
1229 1230
#define EC_R_MISSING_PARAMETERS				 124
#define EC_R_MISSING_PRIVATE_KEY			 125
1231 1232
#define EC_R_NOT_A_NIST_PRIME				 135
#define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136
1233
#define EC_R_NOT_IMPLEMENTED				 126
B
Bodo Möller 已提交
1234
#define EC_R_NOT_INITIALIZED				 111
B
Bodo Möller 已提交
1235
#define EC_R_NO_FIELD_MOD				 133
1236
#define EC_R_NO_PARAMETERS_SET				 139
B
Bodo Möller 已提交
1237
#define EC_R_PASSED_NULL_PARAMETER			 134
D
Dr. Stephen Henson 已提交
1238
#define EC_R_PEER_KEY_ERROR				 149
1239
#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
1240 1241
#define EC_R_POINT_AT_INFINITY				 106
#define EC_R_POINT_IS_NOT_ON_CURVE			 107
D
Dr. Stephen Henson 已提交
1242
#define EC_R_SHARED_INFO_ERROR				 150
1243
#define EC_R_SLOT_FULL					 108
B
Bodo Möller 已提交
1244
#define EC_R_UNDEFINED_GENERATOR			 113
1245 1246
#define EC_R_UNDEFINED_ORDER				 128
#define EC_R_UNKNOWN_GROUP				 129
1247
#define EC_R_UNKNOWN_ORDER				 114
1248
#define EC_R_UNSUPPORTED_FIELD				 131
1249
#define EC_R_WRONG_CURVE_PARAMETERS			 145
1250
#define EC_R_WRONG_ORDER				 130
B
Bodo Möller 已提交
1251

1252 1253 1254
#ifdef  __cplusplus
}
#endif
B
Bodo Möller 已提交
1255
#endif