* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- * 1) for code that a licensee deletes from the ECC Code;
- * 2) separates from the ECC Code; or
- * 3) for infringements caused by:
- * i) the modification of the ECC Code or
- * ii) the combination of the ECC Code with other software or
- * devices where such combination causes the infringement.
- *
* The software is originally written by Sheueling Chang Shantz and
* Douglas Stebila of Sun Microsystems Laboratories.
*
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
ec_GF2m_simple_add,
ec_GF2m_simple_dbl,
ec_GF2m_simple_invert,
- ec_GF2m_mont_mul,
- ec_GF2m_mont_precompute_mult,
ec_GF2m_simple_is_at_infinity,
ec_GF2m_simple_is_on_curve,
ec_GF2m_simple_cmp,
ec_GF2m_simple_make_affine,
ec_GF2m_simple_points_make_affine,
+
+ /* the following three method functions are defined in ec2_mult.c */
+ ec_GF2m_simple_mul,
+ ec_GF2m_precompute_mult,
+ ec_GF2m_have_precompute_mult,
+
ec_GF2m_simple_field_mul,
ec_GF2m_simple_field_sqr,
ec_GF2m_simple_field_div,
dest->poly[2] = src->poly[2];
dest->poly[3] = src->poly[3];
dest->poly[4] = src->poly[4];
- bn_wexpand(&dest->a, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
- bn_wexpand(&dest->b, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+ bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+ bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
return 1;
/* group->a */
if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
- bn_wexpand(&group->a, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+ bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
/* group->b */
if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
- bn_wexpand(&group->b, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+ bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
ret = 1;
if (!BN_copy(p, &group->field)) return 0;
}
- if (a != NULL || b != NULL)
+ if (a != NULL)
{
- if (a != NULL)
- {
- if (!BN_copy(a, &group->a)) goto err;
- }
- if (b != NULL)
- {
- if (!BN_copy(b, &group->b)) goto err;
- }
+ if (!BN_copy(a, &group->a)) goto err;
+ }
+
+ if (b != NULL)
+ {
+ if (!BN_copy(b, &group->b)) goto err;
}
ret = 1;
ret = 1;
err:
- BN_CTX_end(ctx);
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
{
point->Z_is_one = 0;
- return (BN_zero(&point->Z));
+ BN_zero(&point->Z);
+ return 1;
}
}
if (!BN_copy(&point->X, x)) goto err;
- point->X.neg = 0;
+ BN_set_negative(&point->X, 0);
if (!BN_copy(&point->Y, y)) goto err;
- point->Y.neg = 0;
+ BN_set_negative(&point->Y, 0);
if (!BN_copy(&point->Z, BN_value_one())) goto err;
- point->Z.neg = 0;
+ BN_set_negative(&point->Z, 0);
point->Z_is_one = 1;
ret = 1;
if (x != NULL)
{
if (!BN_copy(x, &point->X)) goto err;
- x->neg = 0;
+ BN_set_negative(x, 0);
}
if (y != NULL)
{
if (!BN_copy(y, &point->Y)) goto err;
- y->neg = 0;
+ BN_set_negative(y, 0);
}
ret = 1;
}
form = buf[0];
y_bit = form & 1;
- form = form & ~1;
+ form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID))
*/
int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
{
- BN_CTX *new_ctx = NULL;
- BIGNUM *rh, *lh, *tmp1;
int ret = -1;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *lh, *y2;
+ int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+ int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
if (EC_POINT_is_at_infinity(group, point))
return 1;
-
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+
/* only support affine coordinates */
if (!point->Z_is_one) goto err;
}
BN_CTX_start(ctx);
- rh = BN_CTX_get(ctx);
+ y2 = BN_CTX_get(ctx);
lh = BN_CTX_get(ctx);
- tmp1 = BN_CTX_get(ctx);
- if (tmp1 == NULL) goto err;
+ if (lh == NULL) goto err;
/* We have a curve defined by a Weierstrass equation
* y^2 + x*y = x^3 + a*x^2 + b.
- * To test this, we add up the right-hand side in 'rh'
- * and the left-hand side in 'lh'.
+ * <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+ * <=> ((x + a) * x + y ) * x + b + y^2 = 0
*/
-
- /* rh := X^3 */
- if (!group->meth->field_sqr(group, tmp1, &point->X, ctx)) goto err;
- if (!group->meth->field_mul(group, rh, tmp1, &point->X, ctx)) goto err;
-
- /* rh := rh + a*X^2 */
- if (!group->meth->field_mul(group, tmp1, tmp1, &group->a, ctx)) goto err;
- if (!BN_GF2m_add(rh, rh, tmp1)) goto err;
-
- /* rh := rh + b */
- if (!BN_GF2m_add(rh, rh, &group->b)) goto err;
-
- /* lh := Y^2 */
- if (!group->meth->field_sqr(group, lh, &point->Y, ctx)) goto err;
-
- /* lh := lh + x*y */
- if (!group->meth->field_mul(group, tmp1, &point->X, &point->Y, ctx)) goto err;
- if (!BN_GF2m_add(lh, lh, tmp1)) goto err;
-
- ret = (0 == BN_GF2m_cmp(lh, rh));
-
+ if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err;
+ if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
+ if (!BN_GF2m_add(lh, lh, &point->Y)) goto err;
+ if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
+ if (!BN_GF2m_add(lh, lh, &group->b)) goto err;
+ if (!field_sqr(group, y2, &point->Y, ctx)) goto err;
+ if (!BN_GF2m_add(lh, lh, y2)) goto err;
+ ret = BN_is_zero(lh);
err:
if (ctx) BN_CTX_end(ctx);
if (new_ctx) BN_CTX_free(new_ctx);