Home | History | Annotate | Download | only in ec 
      1 /* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
      2  * ====================================================================
      3  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions
      7  * are met:
      8  *
      9  * 1. Redistributions of source code must retain the above copyright
     10  *    notice, this list of conditions and the following disclaimer.
     11  *
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in
     14  *    the documentation and/or other materials provided with the
     15  *    distribution.
     16  *
     17  * 3. All advertising materials mentioning features or use of this
     18  *    software must display the following acknowledgment:
     19  *    "This product includes software developed by the OpenSSL Project
     20  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     21  *
     22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     23  *    endorse or promote products derived from this software without
     24  *    prior written permission. For written permission, please contact
     25  *    openssl-core (at) openssl.org.
     26  *
     27  * 5. Products derived from this software may not be called "OpenSSL"
     28  *    nor may "OpenSSL" appear in their names without prior written
     29  *    permission of the OpenSSL Project.
     30  *
     31  * 6. Redistributions of any form whatsoever must retain the following
     32  *    acknowledgment:
     33  *    "This product includes software developed by the OpenSSL Project
     34  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     35  *
     36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     47  * OF THE POSSIBILITY OF SUCH DAMAGE.
     48  * ====================================================================
     49  *
     50  * This product includes cryptographic software written by Eric Young
     51  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     52  * Hudson (tjh (at) cryptsoft.com).
     53  *
     54  */
     55 /* ====================================================================
     56  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
     57  *
     58  * Portions of the attached software ("Contribution") are developed by
     59  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
     60  *
     61  * The Contribution is licensed pursuant to the OpenSSL open source
     62  * license provided above.
     63  *
     64  * The elliptic curve binary polynomial software is originally written by
     65  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
     66  * Laboratories. */
     67 
     68 #include <openssl/ec.h>
     69 
     70 #include <openssl/bn.h>
     71 #include <openssl/err.h>
     72 #include <openssl/mem.h>
     73 
     74 #include "internal.h"
     75 
     76 
     77 const EC_METHOD *EC_GFp_mont_method(void) {
     78   static const EC_METHOD ret = {EC_FLAGS_DEFAULT_OCT,
     79                                 ec_GFp_mont_group_init,
     80                                 ec_GFp_mont_group_finish,
     81                                 ec_GFp_mont_group_clear_finish,
     82                                 ec_GFp_mont_group_copy,
     83                                 ec_GFp_mont_group_set_curve,
     84                                 ec_GFp_simple_group_get_curve,
     85                                 ec_GFp_simple_group_get_degree,
     86                                 ec_GFp_simple_group_check_discriminant,
     87                                 ec_GFp_simple_point_init,
     88                                 ec_GFp_simple_point_finish,
     89                                 ec_GFp_simple_point_clear_finish,
     90                                 ec_GFp_simple_point_copy,
     91                                 ec_GFp_simple_point_set_to_infinity,
     92                                 ec_GFp_simple_set_Jprojective_coordinates_GFp,
     93                                 ec_GFp_simple_get_Jprojective_coordinates_GFp,
     94                                 ec_GFp_simple_point_set_affine_coordinates,
     95                                 ec_GFp_simple_point_get_affine_coordinates,
     96                                 0,
     97                                 0,
     98                                 0,
     99                                 ec_GFp_simple_add,
    100                                 ec_GFp_simple_dbl,
    101                                 ec_GFp_simple_invert,
    102                                 ec_GFp_simple_is_at_infinity,
    103                                 ec_GFp_simple_is_on_curve,
    104                                 ec_GFp_simple_cmp,
    105                                 ec_GFp_simple_make_affine,
    106                                 ec_GFp_simple_points_make_affine,
    107                                 0 /* mul */,
    108                                 0 /* precompute_mult */,
    109                                 0 /* have_precompute_mult */,
    110                                 ec_GFp_mont_field_mul,
    111                                 ec_GFp_mont_field_sqr,
    112                                 0 /* field_div */,
    113                                 ec_GFp_mont_field_encode,
    114                                 ec_GFp_mont_field_decode,
    115                                 ec_GFp_mont_field_set_to_one};
    116 
    117   return &ret;
    118 }
    119 
    120 int ec_GFp_mont_group_init(EC_GROUP *group) {
    121   int ok;
    122 
    123   ok = ec_GFp_simple_group_init(group);
    124   group->mont = NULL;
    125   group->one = NULL;
    126   return ok;
    127 }
    128 
    129 void ec_GFp_mont_group_finish(EC_GROUP *group) {
    130   BN_MONT_CTX_free(group->mont);
    131   group->mont = NULL;
    132   BN_free(group->one);
    133   group->one = NULL;
    134   ec_GFp_simple_group_finish(group);
    135 }
    136 
    137 void ec_GFp_mont_group_clear_finish(EC_GROUP *group) {
    138   BN_MONT_CTX_free(group->mont);
    139   group->mont = NULL;
    140   BN_clear_free(group->one);
    141   group->one = NULL;
    142   ec_GFp_simple_group_clear_finish(group);
    143 }
    144 
    145 int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
    146   BN_MONT_CTX_free(dest->mont);
    147   dest->mont = NULL;
    148   BN_clear_free(dest->one);
    149   dest->one = NULL;
    150 
    151   if (!ec_GFp_simple_group_copy(dest, src)) {
    152     return 0;
    153   }
    154 
    155   if (src->mont != NULL) {
    156     dest->mont = BN_MONT_CTX_new();
    157     if (dest->mont == NULL) {
    158       return 0;
    159     }
    160     if (!BN_MONT_CTX_copy(dest->mont, src->mont)) {
    161       goto err;
    162     }
    163   }
    164   if (src->one != NULL) {
    165     dest->one = BN_dup(src->one);
    166     if (dest->one == NULL) {
    167       goto err;
    168     }
    169   }
    170 
    171   return 1;
    172 
    173 err:
    174   BN_MONT_CTX_free(dest->mont);
    175   dest->mont = NULL;
    176   return 0;
    177 }
    178 
    179 int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
    180                                 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) {
    181   BN_CTX *new_ctx = NULL;
    182   BN_MONT_CTX *mont = NULL;
    183   BIGNUM *one = NULL;
    184   int ret = 0;
    185 
    186   BN_MONT_CTX_free(group->mont);
    187   group->mont = NULL;
    188   BN_free(group->one);
    189   group->one = NULL;
    190 
    191   if (ctx == NULL) {
    192     ctx = new_ctx = BN_CTX_new();
    193     if (ctx == NULL) {
    194       return 0;
    195     }
    196   }
    197 
    198   mont = BN_MONT_CTX_new();
    199   if (mont == NULL) {
    200     goto err;
    201   }
    202   if (!BN_MONT_CTX_set(mont, p, ctx)) {
    203     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_group_set_curve, ERR_R_BN_LIB);
    204     goto err;
    205   }
    206   one = BN_new();
    207   if (one == NULL || !BN_to_montgomery(one, BN_value_one(), mont, ctx)) {
    208     goto err;
    209   }
    210 
    211   group->mont = mont;
    212   mont = NULL;
    213   group->one = one;
    214   one = NULL;
    215 
    216   ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
    217 
    218   if (!ret) {
    219     BN_MONT_CTX_free(group->mont);
    220     group->mont = NULL;
    221     BN_free(group->one);
    222     group->one = NULL;
    223   }
    224 
    225 err:
    226   BN_CTX_free(new_ctx);
    227   BN_MONT_CTX_free(mont);
    228   BN_free(one);
    229   return ret;
    230 }
    231 
    232 int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    233                           const BIGNUM *b, BN_CTX *ctx) {
    234   if (group->mont == NULL) {
    235     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_mul, EC_R_NOT_INITIALIZED);
    236     return 0;
    237   }
    238 
    239   return BN_mod_mul_montgomery(r, a, b, group->mont, ctx);
    240 }
    241 
    242 int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    243                           BN_CTX *ctx) {
    244   if (group->mont == NULL) {
    245     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_sqr, EC_R_NOT_INITIALIZED);
    246     return 0;
    247   }
    248 
    249   return BN_mod_mul_montgomery(r, a, a, group->mont, ctx);
    250 }
    251 
    252 int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    253                              BN_CTX *ctx) {
    254   if (group->mont == NULL) {
    255     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_encode, EC_R_NOT_INITIALIZED);
    256     return 0;
    257   }
    258 
    259   return BN_to_montgomery(r, a, group->mont, ctx);
    260 }
    261 
    262 int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
    263                              BN_CTX *ctx) {
    264   if (group->mont == NULL) {
    265     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_decode, EC_R_NOT_INITIALIZED);
    266     return 0;
    267   }
    268 
    269   return BN_from_montgomery(r, a, group->mont, ctx);
    270 }
    271 
    272 int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
    273                                  BN_CTX *ctx) {
    274   if (group->one == NULL) {
    275     OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_set_to_one, EC_R_NOT_INITIALIZED);
    276     return 0;
    277   }
    278 
    279   if (!BN_copy(r, group->one)) {
    280     return 0;
    281   }
    282   return 1;
    283 }
    284