1*4724848cSchristos=pod 2*4724848cSchristos 3*4724848cSchristos=head1 NAME 4*4724848cSchristos 5*4724848cSchristosEC_GROUP_get_ecparameters, 6*4724848cSchristosEC_GROUP_get_ecpkparameters, 7*4724848cSchristosEC_GROUP_new, 8*4724848cSchristosEC_GROUP_new_from_ecparameters, 9*4724848cSchristosEC_GROUP_new_from_ecpkparameters, 10*4724848cSchristosEC_GROUP_free, 11*4724848cSchristosEC_GROUP_clear_free, 12*4724848cSchristosEC_GROUP_new_curve_GFp, 13*4724848cSchristosEC_GROUP_new_curve_GF2m, 14*4724848cSchristosEC_GROUP_new_by_curve_name, 15*4724848cSchristosEC_GROUP_set_curve, 16*4724848cSchristosEC_GROUP_get_curve, 17*4724848cSchristosEC_GROUP_set_curve_GFp, 18*4724848cSchristosEC_GROUP_get_curve_GFp, 19*4724848cSchristosEC_GROUP_set_curve_GF2m, 20*4724848cSchristosEC_GROUP_get_curve_GF2m, 21*4724848cSchristosEC_get_builtin_curves - Functions for creating and destroying EC_GROUP 22*4724848cSchristosobjects 23*4724848cSchristos 24*4724848cSchristos=head1 SYNOPSIS 25*4724848cSchristos 26*4724848cSchristos #include <openssl/ec.h> 27*4724848cSchristos 28*4724848cSchristos EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); 29*4724848cSchristos EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) 30*4724848cSchristos EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) 31*4724848cSchristos void EC_GROUP_free(EC_GROUP *group); 32*4724848cSchristos void EC_GROUP_clear_free(EC_GROUP *group); 33*4724848cSchristos 34*4724848cSchristos EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, 35*4724848cSchristos const BIGNUM *b, BN_CTX *ctx); 36*4724848cSchristos EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, 37*4724848cSchristos const BIGNUM *b, BN_CTX *ctx); 38*4724848cSchristos EC_GROUP *EC_GROUP_new_by_curve_name(int nid); 39*4724848cSchristos 40*4724848cSchristos int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, 41*4724848cSchristos const BIGNUM *b, BN_CTX *ctx); 42*4724848cSchristos int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, 43*4724848cSchristos BN_CTX *ctx); 44*4724848cSchristos int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, 45*4724848cSchristos const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 46*4724848cSchristos int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, 47*4724848cSchristos BIGNUM *a, BIGNUM *b, BN_CTX *ctx); 48*4724848cSchristos int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, 49*4724848cSchristos const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); 50*4724848cSchristos int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, 51*4724848cSchristos BIGNUM *a, BIGNUM *b, BN_CTX *ctx); 52*4724848cSchristos 53*4724848cSchristos ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) 54*4724848cSchristos ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) 55*4724848cSchristos 56*4724848cSchristos size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); 57*4724848cSchristos 58*4724848cSchristos=head1 DESCRIPTION 59*4724848cSchristos 60*4724848cSchristosWithin the library there are two forms of elliptic curve that are of interest. 61*4724848cSchristosThe first form is those defined over the prime field Fp. The elements of Fp are 62*4724848cSchristosthe integers 0 to p-1, where p is a prime number. This gives us a revised 63*4724848cSchristoselliptic curve equation as follows: 64*4724848cSchristos 65*4724848cSchristosy^2 mod p = x^3 +ax + b mod p 66*4724848cSchristos 67*4724848cSchristosThe second form is those defined over a binary field F2^m where the elements of 68*4724848cSchristosthe field are integers of length at most m bits. For this form the elliptic 69*4724848cSchristoscurve equation is modified to: 70*4724848cSchristos 71*4724848cSchristosy^2 + xy = x^3 + ax^2 + b (where b != 0) 72*4724848cSchristos 73*4724848cSchristosOperations in a binary field are performed relative to an B<irreducible 74*4724848cSchristospolynomial>. All such curves with OpenSSL use a trinomial or a pentanomial for 75*4724848cSchristosthis parameter. 76*4724848cSchristos 77*4724848cSchristosA new curve can be constructed by calling EC_GROUP_new(), using the 78*4724848cSchristosimplementation provided by B<meth> (see L<EC_GFp_simple_method(3)>). It is then 79*4724848cSchristosnecessary to call EC_GROUP_set_curve() to set the curve parameters. 80*4724848cSchristosEC_GROUP_new_from_ecparameters() will create a group from the specified 81*4724848cSchristosB<params> and EC_GROUP_new_from_ecpkparameters() will create a group from the 82*4724848cSchristosspecific PK B<params>. 83*4724848cSchristos 84*4724848cSchristosEC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve 85*4724848cSchristosover Fp B<p> is the prime for the field. For a curve over F2^m B<p> represents 86*4724848cSchristosthe irreducible polynomial - each bit represents a term in the polynomial. 87*4724848cSchristosTherefore, there will either be three or five bits set dependent on whether the 88*4724848cSchristospolynomial is a trinomial or a pentanomial. 89*4724848cSchristosIn either case, B<a> and B<b> represents the coefficients a and b from the 90*4724848cSchristosrelevant equation introduced above. 91*4724848cSchristos 92*4724848cSchristosEC_group_get_curve() obtains the previously set curve parameters. 93*4724848cSchristos 94*4724848cSchristosEC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for 95*4724848cSchristosEC_GROUP_set_curve(). They are defined for backwards compatibility only and 96*4724848cSchristosshould not be used. 97*4724848cSchristos 98*4724848cSchristosEC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for 99*4724848cSchristosEC_GROUP_get_curve(). They are defined for backwards compatibility only and 100*4724848cSchristosshould not be used. 101*4724848cSchristos 102*4724848cSchristosThe functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are 103*4724848cSchristosshortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. 104*4724848cSchristosAn appropriate default implementation method will be used. 105*4724848cSchristos 106*4724848cSchristosWhilst the library can be used to create any curve using the functions described 107*4724848cSchristosabove, there are also a number of predefined curves that are available. In order 108*4724848cSchristosto obtain a list of all of the predefined curves, call the function 109*4724848cSchristosEC_get_builtin_curves(). The parameter B<r> should be an array of 110*4724848cSchristosEC_builtin_curve structures of size B<nitems>. The function will populate the 111*4724848cSchristosB<r> array with information about the builtin curves. If B<nitems> is less than 112*4724848cSchristosthe total number of curves available, then the first B<nitems> curves will be 113*4724848cSchristosreturned. Otherwise the total number of curves will be provided. The return 114*4724848cSchristosvalue is the total number of curves available (whether that number has been 115*4724848cSchristospopulated in B<r> or not). Passing a NULL B<r>, or setting B<nitems> to 0 will 116*4724848cSchristosdo nothing other than return the total number of curves available. 117*4724848cSchristosThe EC_builtin_curve structure is defined as follows: 118*4724848cSchristos 119*4724848cSchristos typedef struct { 120*4724848cSchristos int nid; 121*4724848cSchristos const char *comment; 122*4724848cSchristos } EC_builtin_curve; 123*4724848cSchristos 124*4724848cSchristosEach EC_builtin_curve item has a unique integer id (B<nid>), and a human 125*4724848cSchristosreadable comment string describing the curve. 126*4724848cSchristos 127*4724848cSchristosIn order to construct a builtin curve use the function 128*4724848cSchristosEC_GROUP_new_by_curve_name() and provide the B<nid> of the curve to 129*4724848cSchristosbe constructed. 130*4724848cSchristos 131*4724848cSchristosEC_GROUP_free() frees the memory associated with the EC_GROUP. 132*4724848cSchristosIf B<group> is NULL nothing is done. 133*4724848cSchristos 134*4724848cSchristosEC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and 135*4724848cSchristosthen frees its memory. If B<group> is NULL nothing is done. 136*4724848cSchristos 137*4724848cSchristos=head1 RETURN VALUES 138*4724848cSchristos 139*4724848cSchristosAll EC_GROUP_new* functions return a pointer to the newly constructed group, or 140*4724848cSchristosNULL on error. 141*4724848cSchristos 142*4724848cSchristosEC_get_builtin_curves() returns the number of builtin curves that are available. 143*4724848cSchristos 144*4724848cSchristosEC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), 145*4724848cSchristosEC_GROUP_get_curve_GF2m() return 1 on success or 0 on error. 146*4724848cSchristos 147*4724848cSchristos=head1 SEE ALSO 148*4724848cSchristos 149*4724848cSchristosL<crypto(7)>, L<EC_GROUP_copy(3)>, 150*4724848cSchristosL<EC_POINT_new(3)>, L<EC_POINT_add(3)>, L<EC_KEY_new(3)>, 151*4724848cSchristosL<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> 152*4724848cSchristos 153*4724848cSchristos=head1 COPYRIGHT 154*4724848cSchristos 155*4724848cSchristosCopyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. 156*4724848cSchristos 157*4724848cSchristosLicensed under the OpenSSL license (the "License"). You may not use 158*4724848cSchristosthis file except in compliance with the License. You can obtain a copy 159*4724848cSchristosin the file LICENSE in the source distribution or at 160*4724848cSchristosL<https://www.openssl.org/source/license.html>. 161*4724848cSchristos 162*4724848cSchristos=cut 163