1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimEC_POINT_set_Jprojective_coordinates_GFp, 6e71b7053SJung-uk KimEC_POINT_point2buf, 7e71b7053SJung-uk KimEC_POINT_new, 8e71b7053SJung-uk KimEC_POINT_free, 9e71b7053SJung-uk KimEC_POINT_clear_free, 10e71b7053SJung-uk KimEC_POINT_copy, 11e71b7053SJung-uk KimEC_POINT_dup, 12e71b7053SJung-uk KimEC_POINT_method_of, 13e71b7053SJung-uk KimEC_POINT_set_to_infinity, 14e71b7053SJung-uk KimEC_POINT_get_Jprojective_coordinates_GFp, 15e71b7053SJung-uk KimEC_POINT_set_affine_coordinates, 16e71b7053SJung-uk KimEC_POINT_get_affine_coordinates, 17e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates, 18e71b7053SJung-uk KimEC_POINT_set_affine_coordinates_GFp, 19e71b7053SJung-uk KimEC_POINT_get_affine_coordinates_GFp, 20e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates_GFp, 21e71b7053SJung-uk KimEC_POINT_set_affine_coordinates_GF2m, 22e71b7053SJung-uk KimEC_POINT_get_affine_coordinates_GF2m, 23e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates_GF2m, 24e71b7053SJung-uk KimEC_POINT_point2oct, 25e71b7053SJung-uk KimEC_POINT_oct2point, 26e71b7053SJung-uk KimEC_POINT_point2bn, 27e71b7053SJung-uk KimEC_POINT_bn2point, 28e71b7053SJung-uk KimEC_POINT_point2hex, 29e71b7053SJung-uk KimEC_POINT_hex2point 30e71b7053SJung-uk Kim- Functions for creating, destroying and manipulating EC_POINT objects 31e71b7053SJung-uk Kim 32e71b7053SJung-uk Kim=head1 SYNOPSIS 33e71b7053SJung-uk Kim 34e71b7053SJung-uk Kim #include <openssl/ec.h> 35e71b7053SJung-uk Kim 36e71b7053SJung-uk Kim EC_POINT *EC_POINT_new(const EC_GROUP *group); 37e71b7053SJung-uk Kim void EC_POINT_free(EC_POINT *point); 38e71b7053SJung-uk Kim void EC_POINT_clear_free(EC_POINT *point); 39e71b7053SJung-uk Kim int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); 40e71b7053SJung-uk Kim EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); 41e71b7053SJung-uk Kim const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); 42e71b7053SJung-uk Kim int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); 43e71b7053SJung-uk Kim int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, 44e71b7053SJung-uk Kim EC_POINT *p, 45e71b7053SJung-uk Kim const BIGNUM *x, const BIGNUM *y, 46e71b7053SJung-uk Kim const BIGNUM *z, BN_CTX *ctx); 47e71b7053SJung-uk Kim int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, 48e71b7053SJung-uk Kim const EC_POINT *p, 49e71b7053SJung-uk Kim BIGNUM *x, BIGNUM *y, BIGNUM *z, 50e71b7053SJung-uk Kim BN_CTX *ctx); 51e71b7053SJung-uk Kim int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, 52e71b7053SJung-uk Kim const BIGNUM *x, const BIGNUM *y, 53e71b7053SJung-uk Kim BN_CTX *ctx); 54e71b7053SJung-uk Kim int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, 55e71b7053SJung-uk Kim BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 56e71b7053SJung-uk Kim int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, 57e71b7053SJung-uk Kim const BIGNUM *x, int y_bit, 58e71b7053SJung-uk Kim BN_CTX *ctx); 59e71b7053SJung-uk Kim int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, 60e71b7053SJung-uk Kim const BIGNUM *x, const BIGNUM *y, 61e71b7053SJung-uk Kim BN_CTX *ctx); 62e71b7053SJung-uk Kim int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, 63e71b7053SJung-uk Kim const EC_POINT *p, 64e71b7053SJung-uk Kim BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 65e71b7053SJung-uk Kim int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, 66e71b7053SJung-uk Kim EC_POINT *p, 67e71b7053SJung-uk Kim const BIGNUM *x, int y_bit, 68e71b7053SJung-uk Kim BN_CTX *ctx); 69e71b7053SJung-uk Kim int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, 70e71b7053SJung-uk Kim const BIGNUM *x, const BIGNUM *y, 71e71b7053SJung-uk Kim BN_CTX *ctx); 72e71b7053SJung-uk Kim int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, 73e71b7053SJung-uk Kim const EC_POINT *p, 74e71b7053SJung-uk Kim BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 75e71b7053SJung-uk Kim int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, 76e71b7053SJung-uk Kim EC_POINT *p, 77e71b7053SJung-uk Kim const BIGNUM *x, int y_bit, 78e71b7053SJung-uk Kim BN_CTX *ctx); 79e71b7053SJung-uk Kim size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, 80e71b7053SJung-uk Kim point_conversion_form_t form, 81e71b7053SJung-uk Kim unsigned char *buf, size_t len, BN_CTX *ctx); 82e71b7053SJung-uk Kim size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, 83e71b7053SJung-uk Kim point_conversion_form_t form, 84e71b7053SJung-uk Kim unsigned char **pbuf, BN_CTX *ctx); 85e71b7053SJung-uk Kim int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, 86e71b7053SJung-uk Kim const unsigned char *buf, size_t len, BN_CTX *ctx); 87e71b7053SJung-uk Kim BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, 88e71b7053SJung-uk Kim point_conversion_form_t form, BIGNUM *bn, 89e71b7053SJung-uk Kim BN_CTX *ctx); 90e71b7053SJung-uk Kim EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, 91e71b7053SJung-uk Kim EC_POINT *p, BN_CTX *ctx); 92e71b7053SJung-uk Kim char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, 93e71b7053SJung-uk Kim point_conversion_form_t form, BN_CTX *ctx); 94e71b7053SJung-uk Kim EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, 95e71b7053SJung-uk Kim EC_POINT *p, BN_CTX *ctx); 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim 98e71b7053SJung-uk Kim=head1 DESCRIPTION 99e71b7053SJung-uk Kim 100e71b7053SJung-uk KimAn B<EC_POINT> structure represents a point on a curve. A new point is 101e71b7053SJung-uk Kimconstructed by calling the function EC_POINT_new() and providing the 102e71b7053SJung-uk KimB<group> object that the point relates to. 103e71b7053SJung-uk Kim 104e71b7053SJung-uk KimEC_POINT_free() frees the memory associated with the B<EC_POINT>. 105e71b7053SJung-uk Kimif B<point> is NULL nothing is done. 106e71b7053SJung-uk Kim 107e71b7053SJung-uk KimEC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and 108e71b7053SJung-uk Kimthen frees its memory. If B<point> is NULL nothing is done. 109e71b7053SJung-uk Kim 110e71b7053SJung-uk KimEC_POINT_copy() copies the point B<src> into B<dst>. Both B<src> and B<dst> 111e71b7053SJung-uk Kimmust use the same B<EC_METHOD>. 112e71b7053SJung-uk Kim 113e71b7053SJung-uk KimEC_POINT_dup() creates a new B<EC_POINT> object and copies the content from 114e71b7053SJung-uk KimB<src> to the newly created B<EC_POINT> object. 115e71b7053SJung-uk Kim 116e71b7053SJung-uk KimEC_POINT_method_of() obtains the B<EC_METHOD> associated with B<point>. 117e71b7053SJung-uk Kim 118e71b7053SJung-uk KimA valid point on a curve is the special point at infinity. A point is set to 119e71b7053SJung-uk Kimbe at infinity by calling EC_POINT_set_to_infinity(). 120e71b7053SJung-uk Kim 121e71b7053SJung-uk KimThe affine co-ordinates for a point describe a point in terms of its x and y 122e71b7053SJung-uk Kimposition. The function EC_POINT_set_affine_coordinates() sets the B<x> and B<y> 123e71b7053SJung-uk Kimco-ordinates for the point B<p> defined over the curve given in B<group>. The 124e71b7053SJung-uk Kimfunction EC_POINT_get_affine_coordinates() sets B<x> and B<y>, either of which 125e71b7053SJung-uk Kimmay be NULL, to the corresponding coordinates of B<p>. 126e71b7053SJung-uk Kim 127e71b7053SJung-uk KimThe functions EC_POINT_set_affine_coordinates_GFp() and 128e71b7053SJung-uk KimEC_POINT_set_affine_coordinates_GF2m() are synonyms for 129e71b7053SJung-uk KimEC_POINT_set_affine_coordinates(). They are defined for backwards compatibility 130e71b7053SJung-uk Kimonly and should not be used. 131e71b7053SJung-uk Kim 132e71b7053SJung-uk KimThe functions EC_POINT_get_affine_coordinates_GFp() and 133e71b7053SJung-uk KimEC_POINT_get_affine_coordinates_GF2m() are synonyms for 134e71b7053SJung-uk KimEC_POINT_get_affine_coordinates(). They are defined for backwards compatibility 135e71b7053SJung-uk Kimonly and should not be used. 136e71b7053SJung-uk Kim 137e71b7053SJung-uk KimAs well as the affine co-ordinates, a point can alternatively be described in 138e71b7053SJung-uk Kimterms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian 139e71b7053SJung-uk Kimprojective co-ordinates are expressed as three values x, y and z. Working in 140e71b7053SJung-uk Kimthis co-ordinate system provides more efficient point multiplication 141e71b7053SJung-uk Kimoperations. A mapping exists between Jacobian projective co-ordinates and 142e71b7053SJung-uk Kimaffine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written 143e71b7053SJung-uk Kimas an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian 144e71b7053SJung-uk Kimprojective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped 145e71b7053SJung-uk Kimto (x, y, 1). To set or get the projective co-ordinates use 146e71b7053SJung-uk KimEC_POINT_set_Jprojective_coordinates_GFp() and 147e71b7053SJung-uk KimEC_POINT_get_Jprojective_coordinates_GFp() respectively. 148e71b7053SJung-uk Kim 149e71b7053SJung-uk KimPoints can also be described in terms of their compressed co-ordinates. For a 150e71b7053SJung-uk Kimpoint (x, y), for any given value for x such that the point is on the curve 151e71b7053SJung-uk Kimthere will only ever be two possible values for y. Therefore a point can be set 152e71b7053SJung-uk Kimusing the EC_POINT_set_compressed_coordinates() function where B<x> is the x 153e71b7053SJung-uk Kimco-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two 154e71b7053SJung-uk Kimpossible values for y should be used. 155e71b7053SJung-uk Kim 156e71b7053SJung-uk KimThe functions EC_POINT_set_compressed_coordinates_GFp() and 157e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates_GF2m() are synonyms for 158e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates(). They are defined for backwards 159e71b7053SJung-uk Kimcompatibility only and should not be used. 160e71b7053SJung-uk Kim 161e71b7053SJung-uk KimIn addition B<EC_POINT> can be converted to and from various external 162e71b7053SJung-uk Kimrepresentations. The octet form is the binary encoding of the B<ECPoint> 163e71b7053SJung-uk Kimstructure (as defined in RFC5480 and used in certificates and TLS records): 164e71b7053SJung-uk Kimonly the content octets are present, the B<OCTET STRING> tag and length are 165e71b7053SJung-uk Kimnot included. B<BIGNUM> form is the octet form interpreted as a big endian 166e71b7053SJung-uk Kiminteger converted to a B<BIGNUM> structure. Hexadecimal form is the octet 167e71b7053SJung-uk Kimform converted to a NULL terminated character string where each character 168e71b7053SJung-uk Kimis one of the printable values 0-9 or A-F (or a-f). 169e71b7053SJung-uk Kim 170e71b7053SJung-uk KimThe functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), 171e71b7053SJung-uk KimEC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from 172e71b7053SJung-uk Kimand to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively. 173e71b7053SJung-uk Kim 174*17f01e99SJung-uk KimThe function EC_POINT_point2oct() encodes the given curve point B<p> as an 175*17f01e99SJung-uk Kimoctet string into the buffer B<buf> of size B<len>, using the specified 176*17f01e99SJung-uk Kimconversion form B<form>. 177*17f01e99SJung-uk KimThe encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve 178*17f01e99SJung-uk KimCryptography") standard. 179*17f01e99SJung-uk KimSimilarly the function EC_POINT_oct2point() decodes a curve point into B<p> from 180*17f01e99SJung-uk Kimthe octet string contained in the given buffer B<buf> of size B<len>, conforming 181*17f01e99SJung-uk Kimto Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. 182*17f01e99SJung-uk Kim 183*17f01e99SJung-uk KimThe functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point B<p>, 184*17f01e99SJung-uk Kimrespectively, to the hexadecimal or BIGNUM representation of the same 185*17f01e99SJung-uk Kimencoding of the function EC_POINT_point2oct(). 186*17f01e99SJung-uk KimVice versa, similarly to the function EC_POINT_oct2point(), the functions 187*17f01e99SJung-uk KimEC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or 188*17f01e99SJung-uk KimBIGNUM representation into the EC_POINT B<p>. 189*17f01e99SJung-uk Kim 190*17f01e99SJung-uk KimNotice that, according to the standard, the octet string encoding of the point 191*17f01e99SJung-uk Kimat infinity for a given curve is fixed to a single octet of value zero and that, 192*17f01e99SJung-uk Kimvice versa, a single octet of size zero is decoded as the point at infinity. 193*17f01e99SJung-uk Kim 194e71b7053SJung-uk KimThe function EC_POINT_point2oct() must be supplied with a buffer long enough to 195e71b7053SJung-uk Kimstore the octet form. The return value provides the number of octets stored. 196e71b7053SJung-uk KimCalling the function with a NULL buffer will not perform the conversion but 197e71b7053SJung-uk Kimwill still return the required buffer length. 198e71b7053SJung-uk Kim 199e71b7053SJung-uk KimThe function EC_POINT_point2buf() allocates a buffer of suitable length and 200e71b7053SJung-uk Kimwrites an EC_POINT to it in octet format. The allocated buffer is written to 201e71b7053SJung-uk KimB<*pbuf> and its length is returned. The caller must free up the allocated 202e71b7053SJung-uk Kimbuffer with a call to OPENSSL_free(). Since the allocated buffer value is 203e71b7053SJung-uk Kimwritten to B<*pbuf> the B<pbuf> parameter B<MUST NOT> be B<NULL>. 204e71b7053SJung-uk Kim 205e71b7053SJung-uk KimThe function EC_POINT_point2hex() will allocate sufficient memory to store the 206e71b7053SJung-uk Kimhexadecimal string. It is the caller's responsibility to free this memory with 207e71b7053SJung-uk Kima subsequent call to OPENSSL_free(). 208e71b7053SJung-uk Kim 209e71b7053SJung-uk Kim=head1 RETURN VALUES 210e71b7053SJung-uk Kim 211e71b7053SJung-uk KimEC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL 212e71b7053SJung-uk Kimon error. 213e71b7053SJung-uk Kim 214e71b7053SJung-uk KimThe following functions return 1 on success or 0 on error: EC_POINT_copy(), 215e71b7053SJung-uk KimEC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), 216e71b7053SJung-uk KimEC_POINT_get_Jprojective_coordinates_GFp(), 217e71b7053SJung-uk KimEC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), 218e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates_GFp(), 219e71b7053SJung-uk KimEC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), 220e71b7053SJung-uk KimEC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point(). 221e71b7053SJung-uk Kim 222e71b7053SJung-uk KimEC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. 223e71b7053SJung-uk Kim 224e71b7053SJung-uk KimEC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required 225e71b7053SJung-uk Kimbuffer or 0 on error. 226e71b7053SJung-uk Kim 227e71b7053SJung-uk KimEC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on 228e71b7053SJung-uk Kimerror. 229e71b7053SJung-uk Kim 230e71b7053SJung-uk KimEC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on 231e71b7053SJung-uk Kimerror. 232e71b7053SJung-uk Kim 233e71b7053SJung-uk KimEC_POINT_point2hex() returns a pointer to the hex string, or NULL on error. 234e71b7053SJung-uk Kim 235e71b7053SJung-uk KimEC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on 236e71b7053SJung-uk Kimerror. 237e71b7053SJung-uk Kim 238e71b7053SJung-uk Kim=head1 SEE ALSO 239e71b7053SJung-uk Kim 240e71b7053SJung-uk KimL<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, 241e71b7053SJung-uk KimL<EC_POINT_add(3)>, L<EC_KEY_new(3)>, 242e71b7053SJung-uk KimL<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> 243e71b7053SJung-uk Kim 244e71b7053SJung-uk Kim=head1 COPYRIGHT 245e71b7053SJung-uk Kim 246e71b7053SJung-uk KimCopyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. 247e71b7053SJung-uk Kim 248e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License"). You may not use 249e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 250e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 251e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 252e71b7053SJung-uk Kim 253e71b7053SJung-uk Kim=cut 254