xref: /openbsd-src/lib/libcrypto/man/EC_GROUP_new.3 (revision ccb0234a19004a66e78d3d83e864e8b09b25e192) 
1.\"	$OpenBSD: EC_GROUP_new.3,v 1.17 2024/04/27 07:41:47 tb Exp $
2.\"	OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200
3.\"
4.\" This file was written by Matt Caswell <matt@openssl.org>.
5.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\"
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\"
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in
16.\"    the documentation and/or other materials provided with the
17.\"    distribution.
18.\"
19.\" 3. All advertising materials mentioning features or use of this
20.\"    software must display the following acknowledgment:
21.\"    "This product includes software developed by the OpenSSL Project
22.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23.\"
24.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25.\"    endorse or promote products derived from this software without
26.\"    prior written permission. For written permission, please contact
27.\"    openssl-core@openssl.org.
28.\"
29.\" 5. Products derived from this software may not be called "OpenSSL"
30.\"    nor may "OpenSSL" appear in their names without prior written
31.\"    permission of the OpenSSL Project.
32.\"
33.\" 6. Redistributions of any form whatsoever must retain the following
34.\"    acknowledgment:
35.\"    "This product includes software developed by the OpenSSL Project
36.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37.\"
38.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
42.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\"
51.Dd $Mdocdate: April 27 2024 $
52.Dt EC_GROUP_NEW 3
53.Os
54.Sh NAME
55.Nm EC_GROUP_new ,
56.Nm EC_GROUP_free ,
57.Nm EC_GROUP_clear_free ,
58.Nm EC_GROUP_new_curve_GFp ,
59.Nm EC_GROUP_new_by_curve_name ,
60.Nm EC_GROUP_set_curve ,
61.Nm EC_GROUP_get_curve ,
62.Nm EC_GROUP_set_curve_GFp ,
63.Nm EC_GROUP_get_curve_GFp ,
64.Nm EC_get_builtin_curves ,
65.Nm EC_curve_nid2nist ,
66.Nm EC_curve_nist2nid
67.Nd create and destroy EC_GROUP objects
68.Sh SYNOPSIS
69.In openssl/ec.h
70.In openssl/bn.h
71.Ft EC_GROUP *
72.Fo EC_GROUP_new
73.Fa "const EC_METHOD *meth"
74.Fc
75.Ft void
76.Fo EC_GROUP_free
77.Fa "EC_GROUP *group"
78.Fc
79.Ft void
80.Fo EC_GROUP_clear_free
81.Fa "EC_GROUP *group"
82.Fc
83.Ft EC_GROUP *
84.Fo EC_GROUP_new_curve_GFp
85.Fa "const BIGNUM *p"
86.Fa "const BIGNUM *a"
87.Fa "const BIGNUM *b"
88.Fa "BN_CTX *ctx"
89.Fc
90.Ft EC_GROUP *
91.Fo EC_GROUP_new_by_curve_name
92.Fa "int nid"
93.Fc
94.Ft int
95.Fo EC_GROUP_set_curve
96.Fa "EC_GROUP *group"
97.Fa "const BIGNUM *p"
98.Fa "const BIGNUM *a"
99.Fa "const BIGNUM *b"
100.Fa "BN_CTX *ctx"
101.Fc
102.Ft int
103.Fo EC_GROUP_get_curve
104.Fa "const EC_GROUP *group"
105.Fa "BIGNUM *p"
106.Fa "BIGNUM *a"
107.Fa "BIGNUM *b"
108.Fa "BN_CTX *ctx"
109.Fc
110.Ft int
111.Fo EC_GROUP_set_curve_GFp
112.Fa "EC_GROUP *group"
113.Fa "const BIGNUM *p"
114.Fa "const BIGNUM *a"
115.Fa "const BIGNUM *b"
116.Fa "BN_CTX *ctx"
117.Fc
118.Ft int
119.Fo EC_GROUP_get_curve_GFp
120.Fa "const EC_GROUP *group"
121.Fa "BIGNUM *p"
122.Fa "BIGNUM *a"
123.Fa "BIGNUM *b"
124.Fa "BN_CTX *ctx"
125.Fc
126.Ft size_t
127.Fo EC_get_builtin_curves
128.Fa "EC_builtin_curve *r"
129.Fa "size_t nitems"
130.Fc
131.Ft "const char *"
132.Fo EC_curve_nid2nist
133.Fa "int nid"
134.Fc
135.Ft int
136.Fo EC_curve_nist2nid
137.Fa "const char *name"
138.Fc
139.Sh DESCRIPTION
140The EC library provides functions for performing operations on
141elliptic curves in Weierstrass form.
142Such curves are defined over the prime field of order
143.Fa p
144and satisfy the Weierstrass equation with coefficients
145.Fa a
146and
147.Fa b
148.Pp
149.Dl y^2 = x^3 + ax + b
150.Pp
151An
152.Vt EC_GROUP
153structure is used to represent the definition of an elliptic curve.
154A new curve can be constructed by calling
155.Fn EC_GROUP_new ,
156using the implementation provided by
157.Fa meth
158(see
159.Xr EC_GFp_simple_method 3 ) .
160It is then necessary to call
161.Fn EC_GROUP_set_curve
162to set the curve parameters.
163.Pp
164.Fn EC_GROUP_set_curve
165sets the curve parameters
166.Fa p ,
167.Fa a ,
168and
169.Fa b ,
170where
171.Fa a
172and
173.Fa b
174represent the coefficients of the curve equation.
175.Pp
176.Fn EC_GROUP_set_curve_GFp
177is a deprecated synonym for
178.Fn EC_GROUP_set_curve .
179.Pp
180.Fn EC_GROUP_get_curve
181obtains the previously set curve parameters.
182.Pp
183.Fn EC_GROUP_get_curve_GFp
184is a deprecated synonym for
185.Fn EC_GROUP_get_curve .
186.Pp
187The function
188.Fn EC_GROUP_new_curve_GFp
189is a shortcut for calling
190.Fn EC_GROUP_new
191and
192.Fn EC_GROUP_set_curve .
193An appropriate default implementation method will be used.
194.Pp
195Whilst the library can be used to create any curve using the functions
196described above, there are also a number of predefined curves that are
197available.
198In order to obtain a list of all of the predefined curves, call the
199function
200.Fn EC_get_builtin_curves .
201The parameter
202.Fa r
203should be an array of
204.Vt EC_builtin_cure
205structures of size
206.Fa nitems .
207The function will populate the
208.Fa r
209array with information about the builtin curves.
210If
211.Fa nitems
212is less than the total number of curves available, then the first
213.Fa nitems
214curves will be returned.
215Otherwise the total number of curves will be provided.
216The return value is the total number of curves available (whether that
217number has been populated in
218.Fa r
219or not).
220Passing a
221.Dv NULL
222.Fa r ,
223or setting
224.Fa nitems
225to 0, will do nothing other than return the total number of curves
226available.
227The
228.Vt EC_builtin_curve
229structure is defined as follows:
230.Bd -literal
231typedef struct {
232	int nid;
233	const char *comment;
234} EC_builtin_curve;
235.Ed
236.Pp
237Each
238.Vt EC_builtin_curve
239item has a unique integer ID
240.Pq Fa nid
241and a human readable comment string describing the curve.
242.Pp
243In order to construct a builtin curve, use the function
244.Fn EC_GROUP_new_by_curve_name
245and provide the
246.Fa nid
247of the curve to be constructed.
248.Pp
249.Fn EC_GROUP_free
250frees the memory associated with the
251.Vt EC_GROUP .
252If
253.Fa group
254is a
255.Dv NULL
256pointer, no action occurs.
257.Pp
258.Fn EC_GROUP_clear_free
259destroys any sensitive data held within the
260.Vt EC_GROUP
261and then frees its memory.
262If
263.Fa group
264is a
265.Dv NULL
266pointer, no action occurs.
267.Pp
268Some builtin curves can be identified by their NIST name
269in addition to a numerical identifier (NID).
270.Fn EC_curve_nid2nist
271and
272.Fn EC_curve_nist2nid
273translate between the two.
274The five built-in prime curves are:
275.Pp
276.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact
277.It No NIST Fa name Ta Em ASN.1 NID       Ta Em notes
278.It Qq P-192   Ta Dv NID_X9_62_prime192v1 Ta No deprecated in SP800-186
279.It Qq P-224   Ta Dv NID_secp224r1        Ta
280.It Qq P-256   Ta Dv NID_X9_62_prime256v1 Ta
281.It Qq P-384   Ta Dv NID_secp384r1        Ta
282.It Qq P-521   Ta Dv NID_secp521r1        Ta
283.El
284.Pp
285.Fn EC_curve_nid2nist
286and
287.Fn EC_curve_nist2nid
288also accept the ten binary curves defined in FIPS\& 186-4
289and deprecated in SP800-186,
290although they no longer correspond to builtin curves in LibreSSL.
291.Sh RETURN VALUES
292All
293.Fn EC_GROUP_new*
294functions return a pointer to the newly constructed group or
295.Dv NULL
296on error.
297.Pp
298.Fn EC_get_builtin_curves
299returns the number of builtin curves that are available.
300.Pp
301.Fn EC_curve_nid2nist
302returns a string constant containing the NIST name if
303.Fa nid
304identifies a NIST curve or
305.Dv NULL
306otherwise.
307.Pp
308.Fn EC_curve_nist2nid
309returns the NID corresponding to the NIST curve
310.Fa name ,
311or
312.Dv NID_undef .
313.Pp
314.Fn EC_GROUP_set_curve ,
315.Fn EC_GROUP_get_curve ,
316.Fn EC_GROUP_set_curve_GFp ,
317and
318.Fn EC_GROUP_get_curve_GFp
319return 1 on success or 0 on error.
320.Sh SEE ALSO
321.Xr crypto 3 ,
322.Xr d2i_ECPKParameters 3 ,
323.Xr EC_GFp_simple_method 3 ,
324.Xr EC_GROUP_copy 3 ,
325.Xr EC_KEY_new 3 ,
326.Xr EC_POINT_add 3 ,
327.Xr EC_POINT_new 3 ,
328.Xr ECDH_compute_key 3 ,
329.Xr ECDSA_SIG_new 3
330.Sh HISTORY
331.Fn EC_GROUP_new ,
332.Fn EC_GROUP_free ,
333.Fn EC_GROUP_clear_free ,
334.Fn EC_GROUP_new_curve_GFp ,
335.Fn EC_GROUP_set_curve_GFp ,
336and
337.Fn EC_GROUP_get_curve_GFp
338first appeared in OpenSSL 0.9.7 and have been available since
339.Ox 3.2 .
340.Pp
341.Fn EC_GROUP_new_by_curve_name
342and
343.Fn EC_get_builtin_curves
344first appeared in OpenSSL 0.9.8 and have been available since
345.Ox 4.5 .
346.Fn EC_curve_nid2nist ,
347and
348.Fn EC_curve_nist2nid
349first appeared in OpenSSL 1.1.0 and have been available since
350.Ox 5.8 .
351.Pp
352.Fn EC_GROUP_set_curve
353and
354.Fn EC_GROUP_get_curve
355first appeared in OpenSSL 1.1.1 and have been available since
356.Ox 7.0 .
357