91 int ec_GFp_simple_group_init(EC_GROUP *group) {  in ec_GFp_simple_group_init()  argument
92   BN_init(&group->field);  in ec_GFp_simple_group_init()
93   group->a_is_minus3 = 0;  in ec_GFp_simple_group_init()
97 void ec_GFp_simple_group_finish(EC_GROUP *group) {  in ec_GFp_simple_group_finish()  argument
98   BN_free(&group->field);  in ec_GFp_simple_group_finish()
101 int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p,  in ec_GFp_simple_group_set_curve()  argument
127   if (!BN_copy(&group->field, p)) {  in ec_GFp_simple_group_set_curve()
130   BN_set_negative(&group->field, 0);  in ec_GFp_simple_group_set_curve()
132   bn_set_minimal_width(&group->field);  in ec_GFp_simple_group_set_curve()
135   if (!BN_nnmod(tmp, a, &group->field, ctx) ||  in ec_GFp_simple_group_set_curve()
136       !ec_bignum_to_felem(group, &group->a, tmp)) {  in ec_GFp_simple_group_set_curve()
144   group->a_is_minus3 = (0 == BN_cmp(tmp, &group->field));  in ec_GFp_simple_group_set_curve()
147   if (!BN_nnmod(tmp, b, &group->field, ctx) ||  in ec_GFp_simple_group_set_curve()
148       !ec_bignum_to_felem(group, &group->b, tmp)) {  in ec_GFp_simple_group_set_curve()
152   if (!ec_bignum_to_felem(group, &group->one, BN_value_one())) {  in ec_GFp_simple_group_set_curve()
164 int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,  in ec_GFp_simple_group_get_curve()  argument
166   if ((p != NULL && !BN_copy(p, &group->field)) ||  in ec_GFp_simple_group_get_curve()
167       (a != NULL && !ec_felem_to_bignum(group, a, &group->a)) ||  in ec_GFp_simple_group_get_curve()
168       (b != NULL && !ec_felem_to_bignum(group, b, &group->b))) {  in ec_GFp_simple_group_get_curve()
186 void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,  in ec_GFp_simple_point_set_to_infinity()  argument
193 int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,  in ec_GFp_simple_point_set_affine_coordinates()  argument
202   if (!ec_bignum_to_felem(group, &point->X, x) ||  in ec_GFp_simple_point_set_affine_coordinates()
203       !ec_bignum_to_felem(group, &point->Y, y)) {  in ec_GFp_simple_point_set_affine_coordinates()
206   OPENSSL_memcpy(&point->Z, &group->one, sizeof(EC_FELEM));  in ec_GFp_simple_point_set_affine_coordinates()
211 void ec_GFp_simple_invert(const EC_GROUP *group, EC_RAW_POINT *point) {  in ec_GFp_simple_invert()  argument
212   ec_felem_neg(group, &point->Y, &point->Y);  in ec_GFp_simple_invert()
215 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group,  in ec_GFp_simple_is_at_infinity()  argument
217   return ec_felem_non_zero_mask(group, &point->Z) == 0;  in ec_GFp_simple_is_at_infinity()
220 int ec_GFp_simple_is_on_curve(const EC_GROUP *group,  in ec_GFp_simple_is_on_curve()  argument
222   if (ec_GFp_simple_is_at_infinity(group, point)) {  in ec_GFp_simple_is_on_curve()
236                           const EC_FELEM *b) = group->meth->felem_mul;  in ec_GFp_simple_is_on_curve()
238       group->meth->felem_sqr;  in ec_GFp_simple_is_on_curve()
242   felem_sqr(group, &rh, &point->X);  in ec_GFp_simple_is_on_curve()
245   if (!ec_felem_equal(group, &point->Z, &group->one)) {  in ec_GFp_simple_is_on_curve()
246     felem_sqr(group, &tmp, &point->Z);  in ec_GFp_simple_is_on_curve()
247     felem_sqr(group, &Z4, &tmp);  in ec_GFp_simple_is_on_curve()
248     felem_mul(group, &Z6, &Z4, &tmp);  in ec_GFp_simple_is_on_curve()
251     if (group->a_is_minus3) {  in ec_GFp_simple_is_on_curve()
252       ec_felem_add(group, &tmp, &Z4, &Z4);  in ec_GFp_simple_is_on_curve()
253       ec_felem_add(group, &tmp, &tmp, &Z4);  in ec_GFp_simple_is_on_curve()
254       ec_felem_sub(group, &rh, &rh, &tmp);  in ec_GFp_simple_is_on_curve()
255       felem_mul(group, &rh, &rh, &point->X);  in ec_GFp_simple_is_on_curve()
257       felem_mul(group, &tmp, &Z4, &group->a);  in ec_GFp_simple_is_on_curve()
258       ec_felem_add(group, &rh, &rh, &tmp);  in ec_GFp_simple_is_on_curve()
259       felem_mul(group, &rh, &rh, &point->X);  in ec_GFp_simple_is_on_curve()
263     felem_mul(group, &tmp, &group->b, &Z6);  in ec_GFp_simple_is_on_curve()
264     ec_felem_add(group, &rh, &rh, &tmp);  in ec_GFp_simple_is_on_curve()
267     ec_felem_add(group, &rh, &rh, &group->a);  in ec_GFp_simple_is_on_curve()
268     felem_mul(group, &rh, &rh, &point->X);  in ec_GFp_simple_is_on_curve()
270     ec_felem_add(group, &rh, &rh, &group->b);  in ec_GFp_simple_is_on_curve()
274   felem_sqr(group, &tmp, &point->Y);  in ec_GFp_simple_is_on_curve()
275   return ec_felem_equal(group, &tmp, &rh);  in ec_GFp_simple_is_on_curve()
278 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_RAW_POINT *a,  in ec_GFp_simple_cmp()  argument
282   if (ec_GFp_simple_is_at_infinity(group, a)) {  in ec_GFp_simple_cmp()
283     return ec_GFp_simple_is_at_infinity(group, b) ? 0 : 1;  in ec_GFp_simple_cmp()
286   if (ec_GFp_simple_is_at_infinity(group, b)) {  in ec_GFp_simple_cmp()
290   int a_Z_is_one = ec_felem_equal(group, &a->Z, &group->one);  in ec_GFp_simple_cmp()
291   int b_Z_is_one = ec_felem_equal(group, &b->Z, &group->one);  in ec_GFp_simple_cmp()
294     return !ec_felem_equal(group, &a->X, &b->X) ||  in ec_GFp_simple_cmp()
295            !ec_felem_equal(group, &a->Y, &b->Y);  in ec_GFp_simple_cmp()
299                           const EC_FELEM *b) = group->meth->felem_mul;  in ec_GFp_simple_cmp()
301       group->meth->felem_sqr;  in ec_GFp_simple_cmp()
311     felem_sqr(group, &Zb23, &b->Z);  in ec_GFp_simple_cmp()
312     felem_mul(group, &tmp1, &a->X, &Zb23);  in ec_GFp_simple_cmp()
318     felem_sqr(group, &Za23, &a->Z);  in ec_GFp_simple_cmp()
319     felem_mul(group, &tmp2, &b->X, &Za23);  in ec_GFp_simple_cmp()
326   if (!ec_felem_equal(group, tmp1_, tmp2_)) {  in ec_GFp_simple_cmp()
331     felem_mul(group, &Zb23, &Zb23, &b->Z);  in ec_GFp_simple_cmp()
332     felem_mul(group, &tmp1, &a->Y, &Zb23);  in ec_GFp_simple_cmp()
338     felem_mul(group, &Za23, &Za23, &a->Z);  in ec_GFp_simple_cmp()
339     felem_mul(group, &tmp2, &b->Y, &Za23);  in ec_GFp_simple_cmp()
346   if (!ec_felem_equal(group, tmp1_, tmp2_)) {  in ec_GFp_simple_cmp()
354 int ec_GFp_simple_mont_inv_mod_ord_vartime(const EC_GROUP *group,  in ec_GFp_simple_mont_inv_mod_ord_vartime()  argument
364   ec_scalar_inv_montgomery(group, out, in);  in ec_GFp_simple_mont_inv_mod_ord_vartime()
365   ec_scalar_from_montgomery(group, out, out);  in ec_GFp_simple_mont_inv_mod_ord_vartime()
369 int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,  in ec_GFp_simple_cmp_x_coordinate()  argument
371   if (ec_GFp_simple_is_at_infinity(group, p)) {  in ec_GFp_simple_cmp_x_coordinate()
378   return ec_get_x_coordinate_as_scalar(group, &x, p) &&  in ec_GFp_simple_cmp_x_coordinate()
379          ec_scalar_equal_vartime(group, &x, r);  in ec_GFp_simple_cmp_x_coordinate()