1*e71b7053SJung-uk Kim=pod 2*e71b7053SJung-uk Kim 3*e71b7053SJung-uk Kim=head1 NAME 4*e71b7053SJung-uk Kim 5*e71b7053SJung-uk KimEC_GROUP_get_ecparameters, 6*e71b7053SJung-uk KimEC_GROUP_get_ecpkparameters, 7*e71b7053SJung-uk KimEC_GROUP_new, 8*e71b7053SJung-uk KimEC_GROUP_new_from_ecparameters, 9*e71b7053SJung-uk KimEC_GROUP_new_from_ecpkparameters, 10*e71b7053SJung-uk KimEC_GROUP_free, 11*e71b7053SJung-uk KimEC_GROUP_clear_free, 12*e71b7053SJung-uk KimEC_GROUP_new_curve_GFp, 13*e71b7053SJung-uk KimEC_GROUP_new_curve_GF2m, 14*e71b7053SJung-uk KimEC_GROUP_new_by_curve_name, 15*e71b7053SJung-uk KimEC_GROUP_set_curve, 16*e71b7053SJung-uk KimEC_GROUP_get_curve, 17*e71b7053SJung-uk KimEC_GROUP_set_curve_GFp, 18*e71b7053SJung-uk KimEC_GROUP_get_curve_GFp, 19*e71b7053SJung-uk KimEC_GROUP_set_curve_GF2m, 20*e71b7053SJung-uk KimEC_GROUP_get_curve_GF2m, 21*e71b7053SJung-uk KimEC_get_builtin_curves - Functions for creating and destroying EC_GROUP 22*e71b7053SJung-uk Kimobjects 23*e71b7053SJung-uk Kim 24*e71b7053SJung-uk Kim=head1 SYNOPSIS 25*e71b7053SJung-uk Kim 26*e71b7053SJung-uk Kim #include <openssl/ec.h> 27*e71b7053SJung-uk Kim 28*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); 29*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) 30*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) 31*e71b7053SJung-uk Kim void EC_GROUP_free(EC_GROUP *group); 32*e71b7053SJung-uk Kim void EC_GROUP_clear_free(EC_GROUP *group); 33*e71b7053SJung-uk Kim 34*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, 35*e71b7053SJung-uk Kim const BIGNUM *b, BN_CTX *ctx); 36*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, 37*e71b7053SJung-uk Kim const BIGNUM *b, BN_CTX *ctx); 38*e71b7053SJung-uk Kim EC_GROUP *EC_GROUP_new_by_curve_name(int nid); 39*e71b7053SJung-uk Kim 40*e71b7053SJung-uk Kim int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, 41*e71b7053SJung-uk Kim const BIGNUM *b, BN_CTX *ctx); 42*e71b7053SJung-uk Kim int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, 43*e71b7053SJung-uk Kim BN_CTX *ctx); 44*e71b7053SJung-uk Kim int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, 45*e71b7053SJung-uk Kim const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 46*e71b7053SJung-uk Kim int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, 47*e71b7053SJung-uk Kim BIGNUM *a, BIGNUM *b, BN_CTX *ctx); 48*e71b7053SJung-uk Kim int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, 49*e71b7053SJung-uk Kim const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 50*e71b7053SJung-uk Kim int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, 51*e71b7053SJung-uk Kim BIGNUM *a, BIGNUM *b, BN_CTX *ctx); 52*e71b7053SJung-uk Kim 53*e71b7053SJung-uk Kim ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) 54*e71b7053SJung-uk Kim ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) 55*e71b7053SJung-uk Kim 56*e71b7053SJung-uk Kim size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); 57*e71b7053SJung-uk Kim 58*e71b7053SJung-uk Kim=head1 DESCRIPTION 59*e71b7053SJung-uk Kim 60*e71b7053SJung-uk KimWithin the library there are two forms of elliptic curve that are of interest. The first form is those defined over the 61*e71b7053SJung-uk Kimprime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised 62*e71b7053SJung-uk Kimelliptic curve equation as follows: 63*e71b7053SJung-uk Kim 64*e71b7053SJung-uk Kimy^2 mod p = x^3 +ax + b mod p 65*e71b7053SJung-uk Kim 66*e71b7053SJung-uk KimThe second form is those defined over a binary field F2^m where the elements of the field are integers of length at 67*e71b7053SJung-uk Kimmost m bits. For this form the elliptic curve equation is modified to: 68*e71b7053SJung-uk Kim 69*e71b7053SJung-uk Kimy^2 + xy = x^3 + ax^2 + b (where b != 0) 70*e71b7053SJung-uk Kim 71*e71b7053SJung-uk KimOperations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL 72*e71b7053SJung-uk Kimuse a trinomial or a pentanomial for this parameter. 73*e71b7053SJung-uk Kim 74*e71b7053SJung-uk KimA new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see 75*e71b7053SJung-uk KimL<EC_GFp_simple_method(3)>). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. 76*e71b7053SJung-uk KimEC_GROUP_new_from_ecparameters() will create a group from the 77*e71b7053SJung-uk Kimspecified B<params> and 78*e71b7053SJung-uk KimEC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B<params>. 79*e71b7053SJung-uk Kim 80*e71b7053SJung-uk KimEC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve over Fp B<b> 81*e71b7053SJung-uk Kimis the prime for the field. For a curve over F2^m B<p> represents the irreducible polynomial - each bit 82*e71b7053SJung-uk Kimrepresents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether 83*e71b7053SJung-uk Kimthe polynomial is a trinomial or a pentanomial. 84*e71b7053SJung-uk Kim 85*e71b7053SJung-uk KimEC_group_get_curve() obtains the previously set curve parameters. 86*e71b7053SJung-uk Kim 87*e71b7053SJung-uk KimEC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for 88*e71b7053SJung-uk Kimbackwards compatibility only and should not be used. 89*e71b7053SJung-uk Kim 90*e71b7053SJung-uk KimEC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for 91*e71b7053SJung-uk Kimbackwards compatibility only and should not be used. 92*e71b7053SJung-uk Kim 93*e71b7053SJung-uk KimThe functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the 94*e71b7053SJung-uk KimEC_GROUP_set_curve function. An appropriate default implementation method will be used. 95*e71b7053SJung-uk Kim 96*e71b7053SJung-uk KimWhilst the library can be used to create any curve using the functions described above, there are also a number of 97*e71b7053SJung-uk Kimpredefined curves that are available. In order to obtain a list of all of the predefined curves, call the function 98*e71b7053SJung-uk KimEC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function 99*e71b7053SJung-uk Kimwill populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of 100*e71b7053SJung-uk Kimcurves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be 101*e71b7053SJung-uk Kimprovided. The return value is the total number of curves available (whether that number has been populated in B<r> or 102*e71b7053SJung-uk Kimnot). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available. 103*e71b7053SJung-uk KimThe EC_builtin_curve structure is defined as follows: 104*e71b7053SJung-uk Kim 105*e71b7053SJung-uk Kim typedef struct { 106*e71b7053SJung-uk Kim int nid; 107*e71b7053SJung-uk Kim const char *comment; 108*e71b7053SJung-uk Kim } EC_builtin_curve; 109*e71b7053SJung-uk Kim 110*e71b7053SJung-uk KimEach EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve. 111*e71b7053SJung-uk Kim 112*e71b7053SJung-uk KimIn order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to 113*e71b7053SJung-uk Kimbe constructed. 114*e71b7053SJung-uk Kim 115*e71b7053SJung-uk KimEC_GROUP_free frees the memory associated with the EC_GROUP. 116*e71b7053SJung-uk KimIf B<group> is NULL nothing is done. 117*e71b7053SJung-uk Kim 118*e71b7053SJung-uk KimEC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. 119*e71b7053SJung-uk KimIf B<group> is NULL nothing is done. 120*e71b7053SJung-uk Kim 121*e71b7053SJung-uk Kim=head1 RETURN VALUES 122*e71b7053SJung-uk Kim 123*e71b7053SJung-uk KimAll EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error. 124*e71b7053SJung-uk Kim 125*e71b7053SJung-uk KimEC_get_builtin_curves returns the number of builtin curves that are available. 126*e71b7053SJung-uk Kim 127*e71b7053SJung-uk KimEC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. 128*e71b7053SJung-uk Kim 129*e71b7053SJung-uk Kim=head1 SEE ALSO 130*e71b7053SJung-uk Kim 131*e71b7053SJung-uk KimL<crypto(7)>, L<EC_GROUP_copy(3)>, 132*e71b7053SJung-uk KimL<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, 133*e71b7053SJung-uk KimL<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> 134*e71b7053SJung-uk Kim 135*e71b7053SJung-uk Kim=head1 COPYRIGHT 136*e71b7053SJung-uk Kim 137*e71b7053SJung-uk KimCopyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. 138*e71b7053SJung-uk Kim 139*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 140*e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 141*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 142*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 143*e71b7053SJung-uk Kim 144*e71b7053SJung-uk Kim=cut 145