3 * Raw formatting of elliptic curve points
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
33 /*----- Main code ---------------------------------------------------------*/
35 /* --- @ec_ec2osp@ --- *
37 * Arguments: @ec_curve *c@ = elliptic curve
38 * @unsigned f@ = format flags for output
39 * @buf *b@ = pointer to a buffer
40 * @const ec *p@ = an elliptic curve point
42 * Returns: Zero on success, nonzero on failure.
44 * Use: Puts an elliptic curve point to the given buffer using the
45 * standard uncompressed format described in P1363 and SEC1.
46 * This requires at most @1 + 2 * c->f->noctets@ space in the
49 * Point compression features are determined by @f@ as follows.
50 * If @EC_CMPR@ is set then point compression is performed and a
51 * compressed form of the %$y$%-coordinate is contained in the
52 * first output byte; if @EC_SORT@ is set then P1363a `SORT'
53 * compression is used, otherwise LSB compression. If
54 * @EC_EXPLY@ is set, then an explicit %$y$%-coordinate is
55 * output in full. Otherwise the %$y$%-coordinate is
58 * Returns failure (@-1@) if the flags are invalid, or if there
59 * isn't enough space in the output buffer.
62 int ec_ec2osp(ec_curve
*c
, unsigned f
, buf
*b
, const ec
*p
)
68 /* --- Check the requested flags for sanity --- */
71 if (f
& ~((f
& EC_XONLY
) ? EC_XONLY
:
72 (f
& EC_CMPR
) ?
(EC_CMPR
| EC_EXPLY
| EC_SORT
) :
73 (f
& EC_EXPLY
) ? EC_EXPLY
:
77 /* --- Point at infinity --- */
79 if (EC_ATINF(p
)) return (buf_putbyte(b
, 0));
81 /* --- Fix up the format byte, compressing the %$y$%-coordinate --- */
85 f
|= EC_COMPR(c
, p
) ? EC_YBIT
: 0;
88 f
|= MP_CMP(p
->y
, >, t
.y
);
93 /* --- Write the format byte --- */
95 if (buf_putbyte(b
, f
)) return (-1);
97 /* --- Write the %$x$%-coordinate --- */
100 if ((q
= buf_get(b
, n
)) == 0) return (-1);
101 mp_storeb(p
->x
, q
, n
);
103 /* --- Write the %$y$%-coordinate if we need one --- */
106 if ((q
= buf_get(b
, n
)) == 0) return (-1);
107 mp_storeb(p
->y
, q
, n
);
110 /* --- All done --- */
115 /* --- @ec_os2ecp@ --- *
117 * Arguments: @ec_curve *c = elliptic curve
118 * @unsigned f@ = format flags for input
119 * @buf *b@ = pointer to a buffer
120 * @ec *d@ = an elliptic curve point
122 * Returns: Zero on success, nonzero on failure.
124 * Use: Reads an elliptic curve point from the given buffer using the
125 * standard uncompressed format described in P1363 and SEC1.
127 * Point compression features are determined by @f@ as follows.
128 * If @EC_LSB@ is set, then accept an LSB-compressed %$y$%-
129 * coordinate; if @EC_SORT@ is set, then accept a SORT-
130 * compressed %$y$%-coordinate; if @EC_EXPLY@ is set, then
131 * accept an explicit %$y$%-coordinate; if @EC_XONLY@ is set
132 * then accept a bare %$x$%-coordinate (a correct
133 * %$y$%-coordinate is chosen arbitrarily). Hybrid forms are
134 * acceptable, and the input is checked to verify that the
135 * redundant representations are consistent. If no flags are
136 * set in @f@, then no input (other than the point at infinity)
137 * will be acceptable.
140 int ec_os2ecp(ec_curve
*c
, unsigned f
, buf
*b
, ec
*d
)
144 ec t
= EC_INIT
, tt
= EC_INIT
;
145 mp
*x
= MP_NEW
, *y
= MP_NEW
;
149 /* --- Read the format byte --- */
151 if ((g
= buf_getbyte(b
)) < 0) goto done
;
153 /* --- Point at infinity --- */
155 if (!g
) { EC_SETINF(d
); rc
= 0; goto done
; }
157 /* --- Fetch the %$x$%-coordinate --- */
160 if ((q
= buf_get(b
, n
)) == 0) goto done
;
161 x
= mp_loadb(x
, q
, n
);
163 /* --- If we're compressing then figure out the right value --- *
165 * Also check that the format is acceptable to the caller.
168 switch (g
& ~EC_EXPLY
) {
170 t
.x
= x
; x
= MP_NEW
; break;
172 gwant
= EC_XONLY
; goto decompr
;
173 case EC_CMPR
: case EC_CMPR
| EC_YBIT
:
174 gwant
= EC_LSB
; goto decompr
;
175 case EC_CMPR
| EC_SORT
: case EC_CMPR
| EC_SORT
| EC_YBIT
:
176 gwant
= EC_SORT
; goto decompr
;
179 if (!(f
& gwant
)) goto done
;
180 if (!ec_find(c
, &t
, x
)) goto done
;
183 if (!EC_COMPR(c
, &t
) != !(g
& EC_YBIT
)) ec_neg(c
, &t
, &t
);
184 if (!EC_COMPR(c
, &t
) != !(g
& EC_YBIT
)) goto done
;
188 if (!MP_CMP(t
.y
, >, tt
.y
) != !(g
& EC_YBIT
)) {
189 if (MP_EQ(t
.y
, tt
.y
)) goto done
;
190 MP_DROP(t
.y
); t
.y
= MP_COPY(tt
.y
);
200 /* --- If an explicit %$y$%-coordinate is specified, read it in --- */
203 if (!(f
& EC_EXPLY
)) goto done
;
204 if ((q
= buf_get(b
, n
)) == 0) goto done
;
205 y
= mp_loadb(y
, q
, n
);
206 if (!t
.y
) t
.y
= MP_COPY(y
);
207 else if (!MP_EQ(y
, t
.y
)) goto done
;
210 /* --- We're ready --- */
215 /* --- Clean up --- */
220 if (t
.x
) MP_DROP(t
.x
); if (t
.y
) MP_DROP(t
.y
);
225 /* --- @ec_putraw@ --- *
227 * Arguments: @ec_curve *c@ = elliptic curve
228 * @buf *b@ = pointer to a buffer
229 * @const ec *p@ = an elliptic curve point
231 * Returns: Zero on success, nonzero on failure.
233 * Use: Puts an elliptic curve point to the given buffer using the
234 * standard uncompressed format described in P1363 and SEC1.
235 * This requires at most @1 + 2 * c->f->noctets@ space in the
236 * buffer. We don't do point compression.
239 int ec_putraw(ec_curve
*c
, buf
*b
, const ec
*p
)
240 { return (ec_ec2osp(c
, EC_EXPLY
, b
, p
)); }
242 /* --- @ec_getraw@ --- *
244 * Arguments: @ec_curve *c@ = elliptic curve
245 * @buf *b@ = pointer to a buffer
246 * @ec *d@ = an elliptic curve point
248 * Returns: Zero on success, nonzero on failure.
250 * Use: Reads an elliptic curve point from the given buffer using the
251 * standard uncompressed format described in P1363 and SEC1.
252 * We don't do point compression.
255 int ec_getraw(ec_curve
*c
, buf
*b
, ec
*d
)
256 { return (ec_os2ecp(c
, EC_LSB
| EC_SORT
| EC_EXPLY
, b
, d
)); }
258 /*----- That's all, folks -------------------------------------------------*/