VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1f/crypto/ec/ec_asn1.c@ 83531

Last change on this file since 83531 was 83531, checked in by vboxsync, 5 years ago

setting svn:sync-process=export for openssl-1.1.1f, all files except tests
File size: 38.4 KB
Line 
1/*
2 * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include "ec_local.h"
12#include <openssl/err.h>
13#include <openssl/asn1t.h>
14#include <openssl/objects.h>
15#include "internal/nelem.h"
16
17int EC_GROUP_get_basis_type(const EC_GROUP *group)
18{
19 int i;
20
21 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
22 NID_X9_62_characteristic_two_field)
23 /* everything else is currently not supported */
24 return 0;
25
26 /* Find the last non-zero element of group->poly[] */
27 for (i = 0;
28 i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
29 i++)
30 continue;
31
32 if (i == 4)
33 return NID_X9_62_ppBasis;
34 else if (i == 2)
35 return NID_X9_62_tpBasis;
36 else
37 /* everything else is currently not supported */
38 return 0;
39}
40
41#ifndef OPENSSL_NO_EC2M
42int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
43{
44 if (group == NULL)
45 return 0;
46
47 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
48 NID_X9_62_characteristic_two_field
49 || !((group->poly[0] != 0) && (group->poly[1] != 0)
50 && (group->poly[2] == 0))) {
51 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
52 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
53 return 0;
54 }
55
56 if (k)
57 *k = group->poly[1];
58
59 return 1;
60}
61
62int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
63 unsigned int *k2, unsigned int *k3)
64{
65 if (group == NULL)
66 return 0;
67
68 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
69 NID_X9_62_characteristic_two_field
70 || !((group->poly[0] != 0) && (group->poly[1] != 0)
71 && (group->poly[2] != 0) && (group->poly[3] != 0)
72 && (group->poly[4] == 0))) {
73 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
74 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
75 return 0;
76 }
77
78 if (k1)
79 *k1 = group->poly[3];
80 if (k2)
81 *k2 = group->poly[2];
82 if (k3)
83 *k3 = group->poly[1];
84
85 return 1;
86}
87#endif
88
89/* some structures needed for the asn1 encoding */
90typedef struct x9_62_pentanomial_st {
91 int32_t k1;
92 int32_t k2;
93 int32_t k3;
94} X9_62_PENTANOMIAL;
95
96typedef struct x9_62_characteristic_two_st {
97 int32_t m;
98 ASN1_OBJECT *type;
99 union {
100 char *ptr;
101 /* NID_X9_62_onBasis */
102 ASN1_NULL *onBasis;
103 /* NID_X9_62_tpBasis */
104 ASN1_INTEGER *tpBasis;
105 /* NID_X9_62_ppBasis */
106 X9_62_PENTANOMIAL *ppBasis;
107 /* anything else */
108 ASN1_TYPE *other;
109 } p;
110} X9_62_CHARACTERISTIC_TWO;
111
112typedef struct x9_62_fieldid_st {
113 ASN1_OBJECT *fieldType;
114 union {
115 char *ptr;
116 /* NID_X9_62_prime_field */
117 ASN1_INTEGER *prime;
118 /* NID_X9_62_characteristic_two_field */
119 X9_62_CHARACTERISTIC_TWO *char_two;
120 /* anything else */
121 ASN1_TYPE *other;
122 } p;
123} X9_62_FIELDID;
124
125typedef struct x9_62_curve_st {
126 ASN1_OCTET_STRING *a;
127 ASN1_OCTET_STRING *b;
128 ASN1_BIT_STRING *seed;
129} X9_62_CURVE;
130
131struct ec_parameters_st {
132 int32_t version;
133 X9_62_FIELDID *fieldID;
134 X9_62_CURVE *curve;
135 ASN1_OCTET_STRING *base;
136 ASN1_INTEGER *order;
137 ASN1_INTEGER *cofactor;
138} /* ECPARAMETERS */ ;
139
140struct ecpk_parameters_st {
141 int type;
142 union {
143 ASN1_OBJECT *named_curve;
144 ECPARAMETERS *parameters;
145 ASN1_NULL *implicitlyCA;
146 } value;
147} /* ECPKPARAMETERS */ ;
148
149/* SEC1 ECPrivateKey */
150typedef struct ec_privatekey_st {
151 int32_t version;
152 ASN1_OCTET_STRING *privateKey;
153 ECPKPARAMETERS *parameters;
154 ASN1_BIT_STRING *publicKey;
155} EC_PRIVATEKEY;
156
157/* the OpenSSL ASN.1 definitions */
158ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
159 ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
160 ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
161 ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
162} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
163
164DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
165IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
166
167ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
168
169ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
170 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
171 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
172 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
173} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
174
175ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
176 ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
177 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
178 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
179} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
180
181DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
182IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
183
184ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
185
186ASN1_ADB(X9_62_FIELDID) = {
187 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
188 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
189} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
190
191ASN1_SEQUENCE(X9_62_FIELDID) = {
192 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
193 ASN1_ADB_OBJECT(X9_62_FIELDID)
194} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
195
196ASN1_SEQUENCE(X9_62_CURVE) = {
197 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
198 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
199 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
200} static_ASN1_SEQUENCE_END(X9_62_CURVE)
201
202ASN1_SEQUENCE(ECPARAMETERS) = {
203 ASN1_EMBED(ECPARAMETERS, version, INT32),
204 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
205 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
206 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
207 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
208 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
209} ASN1_SEQUENCE_END(ECPARAMETERS)
210
211DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
212IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
213
214ASN1_CHOICE(ECPKPARAMETERS) = {
215 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
216 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
217 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
218} ASN1_CHOICE_END(ECPKPARAMETERS)
219
220DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
221DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
222IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
223
224ASN1_SEQUENCE(EC_PRIVATEKEY) = {
225 ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
226 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
227 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
228 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
229} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
230
231DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
232DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
233IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
234
235/* some declarations of internal function */
236
237/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
238static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
239/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
240static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
241
242/* the function definitions */
243
244static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
245{
246 int ok = 0, nid;
247 BIGNUM *tmp = NULL;
248
249 if (group == NULL || field == NULL)
250 return 0;
251
252 /* clear the old values (if necessary) */
253 ASN1_OBJECT_free(field->fieldType);
254 ASN1_TYPE_free(field->p.other);
255
256 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
257 /* set OID for the field */
258 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
259 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
260 goto err;
261 }
262
263 if (nid == NID_X9_62_prime_field) {
264 if ((tmp = BN_new()) == NULL) {
265 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
266 goto err;
267 }
268 /* the parameters are specified by the prime number p */
269 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
270 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
271 goto err;
272 }
273 /* set the prime number */
274 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
275 if (field->p.prime == NULL) {
276 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
277 goto err;
278 }
279 } else if (nid == NID_X9_62_characteristic_two_field)
280#ifdef OPENSSL_NO_EC2M
281 {
282 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
283 goto err;
284 }
285#else
286 {
287 int field_type;
288 X9_62_CHARACTERISTIC_TWO *char_two;
289
290 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
291 char_two = field->p.char_two;
292
293 if (char_two == NULL) {
294 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
295 goto err;
296 }
297
298 char_two->m = (long)EC_GROUP_get_degree(group);
299
300 field_type = EC_GROUP_get_basis_type(group);
301
302 if (field_type == 0) {
303 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
304 goto err;
305 }
306 /* set base type OID */
307 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
308 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
309 goto err;
310 }
311
312 if (field_type == NID_X9_62_tpBasis) {
313 unsigned int k;
314
315 if (!EC_GROUP_get_trinomial_basis(group, &k))
316 goto err;
317
318 char_two->p.tpBasis = ASN1_INTEGER_new();
319 if (char_two->p.tpBasis == NULL) {
320 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
321 goto err;
322 }
323 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
324 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
325 goto err;
326 }
327 } else if (field_type == NID_X9_62_ppBasis) {
328 unsigned int k1, k2, k3;
329
330 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
331 goto err;
332
333 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
334 if (char_two->p.ppBasis == NULL) {
335 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
336 goto err;
337 }
338
339 /* set k? values */
340 char_two->p.ppBasis->k1 = (long)k1;
341 char_two->p.ppBasis->k2 = (long)k2;
342 char_two->p.ppBasis->k3 = (long)k3;
343 } else { /* field_type == NID_X9_62_onBasis */
344
345 /* for ONB the parameters are (asn1) NULL */
346 char_two->p.onBasis = ASN1_NULL_new();
347 if (char_two->p.onBasis == NULL) {
348 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
349 goto err;
350 }
351 }
352 }
353#endif
354 else {
355 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
356 goto err;
357 }
358
359 ok = 1;
360
361 err:
362 BN_free(tmp);
363 return ok;
364}
365
366static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
367{
368 int ok = 0;
369 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
370 unsigned char *a_buf = NULL, *b_buf = NULL;
371 size_t len;
372
373 if (!group || !curve || !curve->a || !curve->b)
374 return 0;
375
376 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
377 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
378 goto err;
379 }
380
381 /* get a and b */
382 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
383 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
384 goto err;
385 }
386
387 /*
388 * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
389 * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
390 * definition of how to encode the field elements.
391 */
392 len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
393 if ((a_buf = OPENSSL_malloc(len)) == NULL
394 || (b_buf = OPENSSL_malloc(len)) == NULL) {
395 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
396 goto err;
397 }
398 if (BN_bn2binpad(tmp_1, a_buf, len) < 0
399 || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
400 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
401 goto err;
402 }
403
404 /* set a and b */
405 if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
406 || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
407 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
408 goto err;
409 }
410
411 /* set the seed (optional) */
412 if (group->seed) {
413 if (!curve->seed)
414 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
415 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
416 goto err;
417 }
418 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
419 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
420 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
421 (int)group->seed_len)) {
422 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
423 goto err;
424 }
425 } else {
426 ASN1_BIT_STRING_free(curve->seed);
427 curve->seed = NULL;
428 }
429
430 ok = 1;
431
432 err:
433 OPENSSL_free(a_buf);
434 OPENSSL_free(b_buf);
435 BN_free(tmp_1);
436 BN_free(tmp_2);
437 return ok;
438}
439
440ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
441 ECPARAMETERS *params)
442{
443 size_t len = 0;
444 ECPARAMETERS *ret = NULL;
445 const BIGNUM *tmp;
446 unsigned char *buffer = NULL;
447 const EC_POINT *point = NULL;
448 point_conversion_form_t form;
449 ASN1_INTEGER *orig;
450
451 if (params == NULL) {
452 if ((ret = ECPARAMETERS_new()) == NULL) {
453 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
454 goto err;
455 }
456 } else
457 ret = params;
458
459 /* set the version (always one) */
460 ret->version = (long)0x1;
461
462 /* set the fieldID */
463 if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
464 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
465 goto err;
466 }
467
468 /* set the curve */
469 if (!ec_asn1_group2curve(group, ret->curve)) {
470 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
471 goto err;
472 }
473
474 /* set the base point */
475 if ((point = EC_GROUP_get0_generator(group)) == NULL) {
476 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
477 goto err;
478 }
479
480 form = EC_GROUP_get_point_conversion_form(group);
481
482 len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
483 if (len == 0) {
484 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
485 goto err;
486 }
487 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
488 OPENSSL_free(buffer);
489 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
490 goto err;
491 }
492 ASN1_STRING_set0(ret->base, buffer, len);
493
494 /* set the order */
495 tmp = EC_GROUP_get0_order(group);
496 if (tmp == NULL) {
497 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
498 goto err;
499 }
500 ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
501 if (ret->order == NULL) {
502 ret->order = orig;
503 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
504 goto err;
505 }
506
507 /* set the cofactor (optional) */
508 tmp = EC_GROUP_get0_cofactor(group);
509 if (tmp != NULL) {
510 ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
511 if (ret->cofactor == NULL) {
512 ret->cofactor = orig;
513 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
514 goto err;
515 }
516 }
517
518 return ret;
519
520 err:
521 if (params == NULL)
522 ECPARAMETERS_free(ret);
523 return NULL;
524}
525
526ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
527 ECPKPARAMETERS *params)
528{
529 int ok = 1, tmp;
530 ECPKPARAMETERS *ret = params;
531
532 if (ret == NULL) {
533 if ((ret = ECPKPARAMETERS_new()) == NULL) {
534 ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
535 return NULL;
536 }
537 } else {
538 if (ret->type == 0)
539 ASN1_OBJECT_free(ret->value.named_curve);
540 else if (ret->type == 1 && ret->value.parameters)
541 ECPARAMETERS_free(ret->value.parameters);
542 }
543
544 if (EC_GROUP_get_asn1_flag(group)) {
545 /*
546 * use the asn1 OID to describe the elliptic curve parameters
547 */
548 tmp = EC_GROUP_get_curve_name(group);
549 if (tmp) {
550 ret->type = 0;
551 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
552 ok = 0;
553 } else
554 /* we don't know the nid => ERROR */
555 ok = 0;
556 } else {
557 /* use the ECPARAMETERS structure */
558 ret->type = 1;
559 if ((ret->value.parameters =
560 EC_GROUP_get_ecparameters(group, NULL)) == NULL)
561 ok = 0;
562 }
563
564 if (!ok) {
565 ECPKPARAMETERS_free(ret);
566 return NULL;
567 }
568 return ret;
569}
570
571EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
572{
573 int ok = 0, tmp;
574 EC_GROUP *ret = NULL, *dup = NULL;
575 BIGNUM *p = NULL, *a = NULL, *b = NULL;
576 EC_POINT *point = NULL;
577 long field_bits;
578 int curve_name = NID_undef;
579 BN_CTX *ctx = NULL;
580
581 if (!params->fieldID || !params->fieldID->fieldType ||
582 !params->fieldID->p.ptr) {
583 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
584 goto err;
585 }
586
587 /*
588 * Now extract the curve parameters a and b. Note that, although SEC 1
589 * specifies the length of their encodings, historical versions of OpenSSL
590 * encoded them incorrectly, so we must accept any length for backwards
591 * compatibility.
592 */
593 if (!params->curve || !params->curve->a ||
594 !params->curve->a->data || !params->curve->b ||
595 !params->curve->b->data) {
596 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
597 goto err;
598 }
599 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
600 if (a == NULL) {
601 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
602 goto err;
603 }
604 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
605 if (b == NULL) {
606 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
607 goto err;
608 }
609
610 /* get the field parameters */
611 tmp = OBJ_obj2nid(params->fieldID->fieldType);
612 if (tmp == NID_X9_62_characteristic_two_field)
613#ifdef OPENSSL_NO_EC2M
614 {
615 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
616 goto err;
617 }
618#else
619 {
620 X9_62_CHARACTERISTIC_TWO *char_two;
621
622 char_two = params->fieldID->p.char_two;
623
624 field_bits = char_two->m;
625 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
626 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
627 goto err;
628 }
629
630 if ((p = BN_new()) == NULL) {
631 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
632 goto err;
633 }
634
635 /* get the base type */
636 tmp = OBJ_obj2nid(char_two->type);
637
638 if (tmp == NID_X9_62_tpBasis) {
639 long tmp_long;
640
641 if (!char_two->p.tpBasis) {
642 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
643 goto err;
644 }
645
646 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
647
648 if (!(char_two->m > tmp_long && tmp_long > 0)) {
649 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
650 EC_R_INVALID_TRINOMIAL_BASIS);
651 goto err;
652 }
653
654 /* create the polynomial */
655 if (!BN_set_bit(p, (int)char_two->m))
656 goto err;
657 if (!BN_set_bit(p, (int)tmp_long))
658 goto err;
659 if (!BN_set_bit(p, 0))
660 goto err;
661 } else if (tmp == NID_X9_62_ppBasis) {
662 X9_62_PENTANOMIAL *penta;
663
664 penta = char_two->p.ppBasis;
665 if (!penta) {
666 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
667 goto err;
668 }
669
670 if (!
671 (char_two->m > penta->k3 && penta->k3 > penta->k2
672 && penta->k2 > penta->k1 && penta->k1 > 0)) {
673 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
674 EC_R_INVALID_PENTANOMIAL_BASIS);
675 goto err;
676 }
677
678 /* create the polynomial */
679 if (!BN_set_bit(p, (int)char_two->m))
680 goto err;
681 if (!BN_set_bit(p, (int)penta->k1))
682 goto err;
683 if (!BN_set_bit(p, (int)penta->k2))
684 goto err;
685 if (!BN_set_bit(p, (int)penta->k3))
686 goto err;
687 if (!BN_set_bit(p, 0))
688 goto err;
689 } else if (tmp == NID_X9_62_onBasis) {
690 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
691 goto err;
692 } else { /* error */
693
694 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
695 goto err;
696 }
697
698 /* create the EC_GROUP structure */
699 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
700 }
701#endif
702 else if (tmp == NID_X9_62_prime_field) {
703 /* we have a curve over a prime field */
704 /* extract the prime number */
705 if (!params->fieldID->p.prime) {
706 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
707 goto err;
708 }
709 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
710 if (p == NULL) {
711 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
712 goto err;
713 }
714
715 if (BN_is_negative(p) || BN_is_zero(p)) {
716 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
717 goto err;
718 }
719
720 field_bits = BN_num_bits(p);
721 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
722 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
723 goto err;
724 }
725
726 /* create the EC_GROUP structure */
727 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
728 } else {
729 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
730 goto err;
731 }
732
733 if (ret == NULL) {
734 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
735 goto err;
736 }
737
738 /* extract seed (optional) */
739 if (params->curve->seed != NULL) {
740 OPENSSL_free(ret->seed);
741 if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
742 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
743 goto err;
744 }
745 memcpy(ret->seed, params->curve->seed->data,
746 params->curve->seed->length);
747 ret->seed_len = params->curve->seed->length;
748 }
749
750 if (!params->order || !params->base || !params->base->data) {
751 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
752 goto err;
753 }
754
755 if ((point = EC_POINT_new(ret)) == NULL)
756 goto err;
757
758 /* set the point conversion form */
759 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
760 (params->base->data[0] & ~0x01));
761
762 /* extract the ec point */
763 if (!EC_POINT_oct2point(ret, point, params->base->data,
764 params->base->length, NULL)) {
765 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
766 goto err;
767 }
768
769 /* extract the order */
770 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
771 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
772 goto err;
773 }
774 if (BN_is_negative(a) || BN_is_zero(a)) {
775 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
776 goto err;
777 }
778 if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
779 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
780 goto err;
781 }
782
783 /* extract the cofactor (optional) */
784 if (params->cofactor == NULL) {
785 BN_free(b);
786 b = NULL;
787 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
788 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
789 goto err;
790 }
791 /* set the generator, order and cofactor (if present) */
792 if (!EC_GROUP_set_generator(ret, point, a, b)) {
793 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
794 goto err;
795 }
796
797 /*
798 * Check if the explicit parameters group just created matches one of the
799 * built-in curves.
800 *
801 * We create a copy of the group just built, so that we can remove optional
802 * fields for the lookup: we do this to avoid the possibility that one of
803 * the optional parameters is used to force the library into using a less
804 * performant and less secure EC_METHOD instead of the specialized one.
805 * In any case, `seed` is not really used in any computation, while a
806 * cofactor different from the one in the built-in table is just
807 * mathematically wrong anyway and should not be used.
808 */
809 if ((ctx = BN_CTX_new()) == NULL) {
810 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
811 goto err;
812 }
813 if ((dup = EC_GROUP_dup(ret)) == NULL
814 || EC_GROUP_set_seed(dup, NULL, 0) != 1
815 || !EC_GROUP_set_generator(dup, point, a, NULL)) {
816 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
817 goto err;
818 }
819 if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) {
820 /*
821 * The input explicit parameters successfully matched one of the
822 * built-in curves: often for built-in curves we have specialized
823 * methods with better performance and hardening.
824 *
825 * In this case we replace the `EC_GROUP` created through explicit
826 * parameters with one created from a named group.
827 */
828 EC_GROUP *named_group = NULL;
829
830#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
831 /*
832 * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
833 * the same curve, we prefer the SECP nid when matching explicit
834 * parameters as that is associated with a specialized EC_METHOD.
835 */
836 if (curve_name == NID_wap_wsg_idm_ecid_wtls12)
837 curve_name = NID_secp224r1;
838#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
839
840 if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) {
841 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
842 goto err;
843 }
844 EC_GROUP_free(ret);
845 ret = named_group;
846
847 /*
848 * Set the flag so that EC_GROUPs created from explicit parameters are
849 * serialized using explicit parameters by default.
850 */
851 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
852
853 /*
854 * If the input params do not contain the optional seed field we make
855 * sure it is not added to the returned group.
856 *
857 * The seed field is not really used inside libcrypto anyway, and
858 * adding it to parsed explicit parameter keys would alter their DER
859 * encoding output (because of the extra field) which could impact
860 * applications fingerprinting keys by their DER encoding.
861 */
862 if (params->curve->seed == NULL) {
863 if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
864 goto err;
865 }
866 }
867
868 ok = 1;
869
870 err:
871 if (!ok) {
872 EC_GROUP_free(ret);
873 ret = NULL;
874 }
875 EC_GROUP_free(dup);
876
877 BN_free(p);
878 BN_free(a);
879 BN_free(b);
880 EC_POINT_free(point);
881
882 BN_CTX_free(ctx);
883
884 return ret;
885}
886
887EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
888{
889 EC_GROUP *ret = NULL;
890 int tmp = 0;
891
892 if (params == NULL) {
893 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
894 return NULL;
895 }
896
897 if (params->type == 0) { /* the curve is given by an OID */
898 tmp = OBJ_obj2nid(params->value.named_curve);
899 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
900 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
901 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
902 return NULL;
903 }
904 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
905 } else if (params->type == 1) { /* the parameters are given by a
906 * ECPARAMETERS structure */
907 ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
908 if (!ret) {
909 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
910 return NULL;
911 }
912 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
913 } else if (params->type == 2) { /* implicitlyCA */
914 return NULL;
915 } else {
916 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
917 return NULL;
918 }
919
920 return ret;
921}
922
923/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
924
925EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
926{
927 EC_GROUP *group = NULL;
928 ECPKPARAMETERS *params = NULL;
929 const unsigned char *p = *in;
930
931 if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
932 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
933 ECPKPARAMETERS_free(params);
934 return NULL;
935 }
936
937 if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
938 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
939 ECPKPARAMETERS_free(params);
940 return NULL;
941 }
942
943 if (a) {
944 EC_GROUP_free(*a);
945 *a = group;
946 }
947
948 ECPKPARAMETERS_free(params);
949 *in = p;
950 return group;
951}
952
953int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
954{
955 int ret = 0;
956 ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
957 if (tmp == NULL) {
958 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
959 return 0;
960 }
961 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
962 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
963 ECPKPARAMETERS_free(tmp);
964 return 0;
965 }
966 ECPKPARAMETERS_free(tmp);
967 return ret;
968}
969
970/* some EC_KEY functions */
971
972EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
973{
974 EC_KEY *ret = NULL;
975 EC_PRIVATEKEY *priv_key = NULL;
976 const unsigned char *p = *in;
977
978 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
979 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
980 return NULL;
981 }
982
983 if (a == NULL || *a == NULL) {
984 if ((ret = EC_KEY_new()) == NULL) {
985 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
986 goto err;
987 }
988 } else
989 ret = *a;
990
991 if (priv_key->parameters) {
992 EC_GROUP_free(ret->group);
993 ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
994 }
995
996 if (ret->group == NULL) {
997 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
998 goto err;
999 }
1000
1001 ret->version = priv_key->version;
1002
1003 if (priv_key->privateKey) {
1004 ASN1_OCTET_STRING *pkey = priv_key->privateKey;
1005 if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
1006 ASN1_STRING_length(pkey)) == 0)
1007 goto err;
1008 } else {
1009 ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
1010 goto err;
1011 }
1012
1013 EC_POINT_clear_free(ret->pub_key);
1014 ret->pub_key = EC_POINT_new(ret->group);
1015 if (ret->pub_key == NULL) {
1016 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1017 goto err;
1018 }
1019
1020 if (priv_key->publicKey) {
1021 const unsigned char *pub_oct;
1022 int pub_oct_len;
1023
1024 pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
1025 pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
1026 if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
1027 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1028 goto err;
1029 }
1030 } else {
1031 if (ret->group->meth->keygenpub == NULL
1032 || ret->group->meth->keygenpub(ret) == 0)
1033 goto err;
1034 /* Remember the original private-key-only encoding. */
1035 ret->enc_flag |= EC_PKEY_NO_PUBKEY;
1036 }
1037
1038 if (a)
1039 *a = ret;
1040 EC_PRIVATEKEY_free(priv_key);
1041 *in = p;
1042 return ret;
1043
1044 err:
1045 if (a == NULL || *a != ret)
1046 EC_KEY_free(ret);
1047 EC_PRIVATEKEY_free(priv_key);
1048 return NULL;
1049}
1050
1051int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
1052{
1053 int ret = 0, ok = 0;
1054 unsigned char *priv= NULL, *pub= NULL;
1055 size_t privlen = 0, publen = 0;
1056
1057 EC_PRIVATEKEY *priv_key = NULL;
1058
1059 if (a == NULL || a->group == NULL ||
1060 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
1061 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
1062 goto err;
1063 }
1064
1065 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1066 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1067 goto err;
1068 }
1069
1070 priv_key->version = a->version;
1071
1072 privlen = EC_KEY_priv2buf(a, &priv);
1073
1074 if (privlen == 0) {
1075 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1076 goto err;
1077 }
1078
1079 ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
1080 priv = NULL;
1081
1082 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1083 if ((priv_key->parameters =
1084 EC_GROUP_get_ecpkparameters(a->group,
1085 priv_key->parameters)) == NULL) {
1086 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1087 goto err;
1088 }
1089 }
1090
1091 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
1092 priv_key->publicKey = ASN1_BIT_STRING_new();
1093 if (priv_key->publicKey == NULL) {
1094 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1095 goto err;
1096 }
1097
1098 publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
1099
1100 if (publen == 0) {
1101 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1102 goto err;
1103 }
1104
1105 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1106 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1107 ASN1_STRING_set0(priv_key->publicKey, pub, publen);
1108 pub = NULL;
1109 }
1110
1111 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1112 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1113 goto err;
1114 }
1115 ok = 1;
1116 err:
1117 OPENSSL_clear_free(priv, privlen);
1118 OPENSSL_free(pub);
1119 EC_PRIVATEKEY_free(priv_key);
1120 return (ok ? ret : 0);
1121}
1122
1123int i2d_ECParameters(EC_KEY *a, unsigned char **out)
1124{
1125 if (a == NULL) {
1126 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1127 return 0;
1128 }
1129 return i2d_ECPKParameters(a->group, out);
1130}
1131
1132EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
1133{
1134 EC_KEY *ret;
1135
1136 if (in == NULL || *in == NULL) {
1137 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1138 return NULL;
1139 }
1140
1141 if (a == NULL || *a == NULL) {
1142 if ((ret = EC_KEY_new()) == NULL) {
1143 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
1144 return NULL;
1145 }
1146 } else
1147 ret = *a;
1148
1149 if (!d2i_ECPKParameters(&ret->group, in, len)) {
1150 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
1151 if (a == NULL || *a != ret)
1152 EC_KEY_free(ret);
1153 return NULL;
1154 }
1155
1156 if (a)
1157 *a = ret;
1158
1159 return ret;
1160}
1161
1162EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
1163{
1164 EC_KEY *ret = NULL;
1165
1166 if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
1167 /*
1168 * sorry, but a EC_GROUP-structure is necessary to set the public key
1169 */
1170 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1171 return 0;
1172 }
1173 ret = *a;
1174 if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
1175 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
1176 return 0;
1177 }
1178 *in += len;
1179 return ret;
1180}
1181
1182int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
1183{
1184 size_t buf_len = 0;
1185 int new_buffer = 0;
1186
1187 if (a == NULL) {
1188 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1189 return 0;
1190 }
1191
1192 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1193 a->conv_form, NULL, 0, NULL);
1194
1195 if (out == NULL || buf_len == 0)
1196 /* out == NULL => just return the length of the octet string */
1197 return buf_len;
1198
1199 if (*out == NULL) {
1200 if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
1201 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1202 return 0;
1203 }
1204 new_buffer = 1;
1205 }
1206 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1207 *out, buf_len, NULL)) {
1208 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
1209 if (new_buffer) {
1210 OPENSSL_free(*out);
1211 *out = NULL;
1212 }
1213 return 0;
1214 }
1215 if (!new_buffer)
1216 *out += buf_len;
1217 return buf_len;
1218}
1219
1220ASN1_SEQUENCE(ECDSA_SIG) = {
1221 ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
1222 ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
1223} static_ASN1_SEQUENCE_END(ECDSA_SIG)
1224
1225DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
1226DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
1227IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
1228
1229ECDSA_SIG *ECDSA_SIG_new(void)
1230{
1231 ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
1232 if (sig == NULL)
1233 ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
1234 return sig;
1235}
1236
1237void ECDSA_SIG_free(ECDSA_SIG *sig)
1238{
1239 if (sig == NULL)
1240 return;
1241 BN_clear_free(sig->r);
1242 BN_clear_free(sig->s);
1243 OPENSSL_free(sig);
1244}
1245
1246void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
1247{
1248 if (pr != NULL)
1249 *pr = sig->r;
1250 if (ps != NULL)
1251 *ps = sig->s;
1252}
1253
1254const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
1255{
1256 return sig->r;
1257}
1258
1259const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
1260{
1261 return sig->s;
1262}
1263
1264int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
1265{
1266 if (r == NULL || s == NULL)
1267 return 0;
1268 BN_clear_free(sig->r);
1269 BN_clear_free(sig->s);
1270 sig->r = r;
1271 sig->s = s;
1272 return 1;
1273}
1274
1275int ECDSA_size(const EC_KEY *r)
1276{
1277 int ret, i;
1278 ASN1_INTEGER bs;
1279 unsigned char buf[4];
1280 const EC_GROUP *group;
1281
1282 if (r == NULL)
1283 return 0;
1284 group = EC_KEY_get0_group(r);
1285 if (group == NULL)
1286 return 0;
1287
1288 i = EC_GROUP_order_bits(group);
1289 if (i == 0)
1290 return 0;
1291 bs.length = (i + 7) / 8;
1292 bs.data = buf;
1293 bs.type = V_ASN1_INTEGER;
1294 /* If the top bit is set the asn1 encoding is 1 larger. */
1295 buf[0] = 0xff;
1296
1297 i = i2d_ASN1_INTEGER(&bs, NULL);
1298 i += i; /* r and s */
1299 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
1300 return ret;
1301}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette