crypto/ecc/ecl.c

f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * ***** BEGIN LICENSE BLOCK *****
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Version: MPL 1.1/GPL 2.0/LGPL 2.1
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The contents of this file are subject to the Mozilla Public License Version
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * 1.1 (the "License"); you may not use this file except in compliance with
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the License. You may obtain a copy of the License at
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * http://www.mozilla.org/MPL/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Software distributed under the License is distributed on an "AS IS" basis,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * for the specific language governing rights and limitations under the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The Original Code is the elliptic curve math library.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The Initial Developer of the Original Code is
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Sun Microsystems, Inc.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Portions created by the Initial Developer are Copyright (C) 2003
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the Initial Developer. All Rights Reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Contributor(s):
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Alternatively, the contents of this file may be used under the terms of
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * either the GNU General Public License Version 2 or later (the "GPL"), or
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * in which case the provisions of the GPL or the LGPL are applicable instead
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * of those above. If you wish to allow use of your version of this file only
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * under the terms of either the GPL or the LGPL, and not to allow others to
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * use your version of this file under the terms of the MPL, indicate your
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * decision by deleting the provisions above and replace them with the notice
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and other provisions required by the GPL or the LGPL. If you do not delete
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the provisions above, a recipient may use your version of this file under
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the terms of any one of the MPL, the GPL or the LGPL.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * ***** END LICENSE BLOCK ***** */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Sun elects to use this software under the MPL license.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#pragma ident   "%Z%%M% %I% %E% SMI"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "mpi.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "mplogic.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ecl.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ecl-priv.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ec2.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ecp.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifndef _KERNEL
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <stdlib.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <string.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Allocate memory for a new ECGroup object. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_new(int kmflag)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef _KERNEL
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = (ECGroup *) kmem_alloc(sizeof(ECGroup), kmflag);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = (ECGroup *) malloc(sizeof(ECGroup));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->constructed = MP_YES;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group->meth = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->text = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&group->curvea) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&group->curveb) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&group->genx) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&group->geny) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&group->order) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->base_point_mul = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->points_mul = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->validate_point = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->extra1 = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->extra2 = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->extra_free = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&group->curvea, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&group->curveb, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&group->genx, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&group->geny, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&group->order, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct a generic ECGroup for elliptic curves over prime fields. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_consGFp(const mp_int *irr, const mp_int *curvea,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                const mp_int *curveb, const mp_int *genx,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                const mp_int *geny, const mp_int *order, int cofactor)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = ECGroup_new(FLAG(irr));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->meth = GFMethod_consGFp(irr);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->meth == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_MEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(curvea, &group->curvea));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(curveb, &group->curveb));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(genx, &group->genx));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(geny, &group->geny));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(order, &group->order));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->cofactor = cofactor;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_add = &ec_GFp_pt_add_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_sub = &ec_GFp_pt_sub_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_dbl = &ec_GFp_pt_dbl_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->base_point_mul = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->points_mul = &ec_GFp_pts_mul_jac;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->validate_point = &ec_GFp_validate_point;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct a generic ECGroup for elliptic curves over prime fields with
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * field arithmetic implemented in Montgomery coordinates. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                     const mp_int *curveb, const mp_int *genx,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                     const mp_int *geny, const mp_int *order, int cofactor)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = ECGroup_new(FLAG(irr));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->meth = GFMethod_consGFp_mont(irr);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->meth == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_MEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(group->meth->
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers               field_enc(curvea, &group->curvea, group->meth));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(group->meth->
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers               field_enc(curveb, &group->curveb, group->meth));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(order, &group->order));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->cofactor = cofactor;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_add = &ec_GFp_pt_add_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_sub = &ec_GFp_pt_sub_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_dbl = &ec_GFp_pt_dbl_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->base_point_mul = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->points_mul = &ec_GFp_pts_mul_jac;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->validate_point = &ec_GFp_validate_point;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef NSS_ECC_MORE_THAN_SUITE_B
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct a generic ECGroup for elliptic curves over binary polynomial
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * fields. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                 const mp_int *curvea, const mp_int *curveb,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                 const mp_int *genx, const mp_int *geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                 const mp_int *order, int cofactor)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = ECGroup_new(FLAG(irr));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->meth = GFMethod_consGF2m(irr, irr_arr);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->meth == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_MEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(curvea, &group->curvea));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(curveb, &group->curveb));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(genx, &group->genx));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(geny, &group->geny));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_copy(order, &group->order));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->cofactor = cofactor;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_add = &ec_GF2m_pt_add_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_sub = &ec_GF2m_pt_sub_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_dbl = &ec_GF2m_pt_dbl_aff;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->point_mul = &ec_GF2m_pt_mul_mont;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->base_point_mul = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->points_mul = &ec_pts_mul_basic;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group->validate_point = &ec_GF2m_validate_point;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct ECGroup from hex parameters and name, if any. Called by
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * ECGroup_fromHex and ECGroup_fromName. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersecgroup_fromNameAndHex(const ECCurveName name,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                   const ECCurveParams * params, int kmflag)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_int irr, curvea, curveb, genx, geny, order;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    int bits;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* initialize values */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&irr) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&curvea) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&curveb) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&genx) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&geny) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_DIGITS(&order) = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&irr, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&curvea, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&curveb, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&genx, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&geny, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_init(&order, kmflag));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    MP_CHECKOK(mp_read_radix(&order, params->order, 16));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* determine number of bits */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    bits = mpl_significant_bits(&irr) - 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (bits < MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = bits;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* determine which optimizations (if any) to use */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (params->field == ECField_GFp) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef NSS_ECC_MORE_THAN_SUITE_B
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        switch (name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef ECL_USE_FP
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        case ECCurve_SECG_PRIME_160R1:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_secp160r1_fp(group));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        case ECCurve_SECG_PRIME_192R1:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef ECL_USE_FP
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_nistp192_fp(group));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gfp192(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        case ECCurve_SECG_PRIME_224R1:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef ECL_USE_FP
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_nistp224_fp(group));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gfp224(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        case ECCurve_SECG_PRIME_256R1:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gfp256(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        case ECCurve_SECG_PRIME_521R1:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gfp521(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        default:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            /* use generic arithmetic */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            group =
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                                     &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef NSS_ECC_MORE_THAN_SUITE_B
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    } else if (params->field == ECField_GF2m) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        if ((name == ECCurve_NIST_K163) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            (name == ECCurve_NIST_B163) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            (name == ECCurve_SECG_CHAR2_163R1)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gf2m163(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        } else if ((name == ECCurve_SECG_CHAR2_193R1) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                   (name == ECCurve_SECG_CHAR2_193R2)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gf2m193(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        } else if ((name == ECCurve_NIST_K233) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                   (name == ECCurve_NIST_B233)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            MP_CHECKOK(ec_group_set_gf2m233(group, name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_UNDEF;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* set name, if any */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if ((group != NULL) && (params->text != NULL)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef _KERNEL
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        int n = strlen(params->text) + 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group->text = kmem_alloc(n, kmflag);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        if (group->text == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            res = MP_MEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        bcopy(params->text, group->text, n);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group->text_len = n;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group->text = strdup(params->text);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        if (group->text == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers            res = MP_MEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&irr);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&curvea);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&curveb);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&genx);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&geny);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&order);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct ECGroup from hexadecimal representations of parameters. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_fromHex(const ECCurveParams * params, int kmflag)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return ecgroup_fromNameAndHex(ECCurve_noName, params, kmflag);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Construct ECGroup from named parameters. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_fromName(const ECCurveName name, int kmflag)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECGroup *group = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    ECCurveParams *params = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_err res = MP_OKAY;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    params = EC_GetNamedCurveParams(name, kmflag);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (params == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_UNDEF;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* construct actual group */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    group = ecgroup_fromNameAndHex(name, params, kmflag);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        res = MP_UNDEF;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        goto CLEANUP;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers  CLEANUP:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    EC_FreeCurveParams(params);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (res != MP_OKAY) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        ECGroup_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Validates an EC public key as described in Section 5.2.2 of X9.62. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersmp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers                    mp_int *py)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* 1: Verify that publicValue is not the point at infinity */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* 2: Verify that the coordinates of publicValue are elements
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers     *    of the field.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers     */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* 3: Verify that publicValue is on the curve. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    /* 4: Verify that the order of the curve times the publicValue
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers     *    is the point at infinity.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers     */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    return group->validate_point(px, py, group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Free the memory allocated (if any) to an ECGroup object. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersvoid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersECGroup_free(ECGroup *group)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    GFMethod_free(group->meth);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->constructed == MP_NO)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        return;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&group->curvea);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&group->curveb);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&group->genx);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&group->geny);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    mp_clear(&group->order);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->text != NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef _KERNEL
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        kmem_free(group->text, group->text_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        free(group->text);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    if (group->extra_free != NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers        group->extra_free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef _KERNEL
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    kmem_free(group, sizeof (ECGroup));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers    free(group);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}