1 /* This Source Code Form is subject to the terms of the Mozilla Public
2  * License, v. 2.0. If a copy of the MPL was not distributed with this
3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 
5 #ifdef FREEBL_NO_DEPEND
6 #include "stubs.h"
7 #endif
8 
9 #include "blapi.h"
10 #include "secoid.h"
11 #include "secitem.h"
12 #include "secerr.h"
13 #include "ec.h"
14 #include "ecl-curve.h"
15 
16 #define CHECK_OK(func) \
17     if (func == NULL)  \
18     goto cleanup
19 #define CHECK_SEC_OK(func)         \
20     if (SECSuccess != (rv = func)) \
21     goto cleanup
22 
23 /* Copy all of the fields from srcParams into dstParams
24  */
25 SECStatus
EC_CopyParams(PLArenaPool * arena,ECParams * dstParams,const ECParams * srcParams)26 EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
27               const ECParams *srcParams)
28 {
29     SECStatus rv = SECFailure;
30 
31     dstParams->arena = arena;
32     dstParams->type = srcParams->type;
33     dstParams->fieldID.size = srcParams->fieldID.size;
34     dstParams->fieldID.type = srcParams->fieldID.type;
35     if (srcParams->fieldID.type == ec_field_GFp ||
36         srcParams->fieldID.type == ec_field_plain) {
37         CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
38                                       &srcParams->fieldID.u.prime));
39     } else {
40         CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
41                                       &srcParams->fieldID.u.poly));
42     }
43     dstParams->fieldID.k1 = srcParams->fieldID.k1;
44     dstParams->fieldID.k2 = srcParams->fieldID.k2;
45     dstParams->fieldID.k3 = srcParams->fieldID.k3;
46     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
47                                   &srcParams->curve.a));
48     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
49                                   &srcParams->curve.b));
50     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
51                                   &srcParams->curve.seed));
52     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
53                                   &srcParams->base));
54     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
55                                   &srcParams->order));
56     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
57                                   &srcParams->DEREncoding));
58     dstParams->name = srcParams->name;
59     CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
60                                   &srcParams->curveOID));
61     dstParams->cofactor = srcParams->cofactor;
62 
63     return SECSuccess;
64 
65 cleanup:
66     return SECFailure;
67 }
68 
69 static SECStatus
gf_populate_params_bytes(ECCurveName name,ECFieldType field_type,ECParams * params)70 gf_populate_params_bytes(ECCurveName name, ECFieldType field_type, ECParams *params)
71 {
72     SECStatus rv = SECFailure;
73     const ECCurveBytes *curveParams;
74 
75     if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve))
76         goto cleanup;
77     params->name = name;
78     curveParams = ecCurve_map[params->name];
79     CHECK_OK(curveParams);
80     params->fieldID.size = curveParams->size;
81     params->fieldID.type = field_type;
82     if (field_type != ec_field_GFp && field_type != ec_field_plain) {
83         return SECFailure;
84     }
85     params->fieldID.u.prime.len = curveParams->scalarSize;
86     params->fieldID.u.prime.data = (unsigned char *)curveParams->irr;
87     params->curve.a.len = curveParams->scalarSize;
88     params->curve.a.data = (unsigned char *)curveParams->curvea;
89     params->curve.b.len = curveParams->scalarSize;
90     params->curve.b.data = (unsigned char *)curveParams->curveb;
91     params->base.len = curveParams->pointSize;
92     params->base.data = (unsigned char *)curveParams->base;
93     params->order.len = curveParams->scalarSize;
94     params->order.data = (unsigned char *)curveParams->order;
95     params->cofactor = curveParams->cofactor;
96 
97     rv = SECSuccess;
98 
99 cleanup:
100     return rv;
101 }
102 
103 SECStatus
EC_FillParams(PLArenaPool * arena,const SECItem * encodedParams,ECParams * params)104 EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
105               ECParams *params)
106 {
107     SECStatus rv = SECFailure;
108     SECOidTag tag;
109     SECItem oid = { siBuffer, NULL, 0 };
110 
111 #if EC_DEBUG
112     int i;
113 
114     printf("Encoded params in EC_DecodeParams: ");
115     for (i = 0; i < encodedParams->len; i++) {
116         printf("%02x:", encodedParams->data[i]);
117     }
118     printf("\n");
119 #endif
120 
121     if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
122         (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN) &&
123         (encodedParams->len != PKIX_NEWCURVES_OID_TOTAL_LEN)) {
124         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
125         return SECFailure;
126     };
127 
128     oid.len = encodedParams->len - 2;
129     oid.data = encodedParams->data + 2;
130     if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
131         ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
132         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
133         return SECFailure;
134     }
135 
136     params->arena = arena;
137     params->cofactor = 0;
138     params->type = ec_params_named;
139     params->name = ECCurve_noName;
140 
141     /* Fill out curveOID */
142     params->curveOID.len = oid.len;
143     params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
144     if (params->curveOID.data == NULL)
145         goto cleanup;
146     memcpy(params->curveOID.data, oid.data, oid.len);
147 
148 #if EC_DEBUG
149     printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
150 #endif
151 
152     switch (tag) {
153         case SEC_OID_ANSIX962_EC_PRIME256V1:
154             /* Populate params for prime256v1 aka secp256r1
155              * (the NIST P-256 curve)
156              */
157             CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_X9_62_PRIME_256V1,
158                                                   ec_field_GFp, params));
159             break;
160 
161         case SEC_OID_SECG_EC_SECP384R1:
162             /* Populate params for secp384r1
163              * (the NIST P-384 curve)
164              */
165             CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_384R1,
166                                                   ec_field_GFp, params));
167             break;
168 
169         case SEC_OID_SECG_EC_SECP521R1:
170             /* Populate params for secp521r1
171              * (the NIST P-521 curve)
172              */
173             CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_521R1,
174                                                   ec_field_GFp, params));
175             break;
176 
177         case SEC_OID_CURVE25519:
178             /* Populate params for Curve25519 */
179             CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519, ec_field_plain,
180                                                   params));
181             break;
182 
183         default:
184             break;
185     };
186 
187 cleanup:
188     if (!params->cofactor) {
189         PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
190 #if EC_DEBUG
191         printf("Unrecognized curve, returning NULL params\n");
192 #endif
193     }
194 
195     return rv;
196 }
197 
198 SECStatus
EC_DecodeParams(const SECItem * encodedParams,ECParams ** ecparams)199 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
200 {
201     PLArenaPool *arena;
202     ECParams *params;
203     SECStatus rv = SECFailure;
204 
205     /* Initialize an arena for the ECParams structure */
206     if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
207         return SECFailure;
208 
209     params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
210     if (!params) {
211         PORT_FreeArena(arena, PR_TRUE);
212         return SECFailure;
213     }
214 
215     /* Copy the encoded params */
216     SECITEM_AllocItem(arena, &(params->DEREncoding),
217                       encodedParams->len);
218     memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
219 
220     /* Fill out the rest of the ECParams structure based on
221      * the encoded params
222      */
223     rv = EC_FillParams(arena, encodedParams, params);
224     if (rv == SECFailure) {
225         PORT_FreeArena(arena, PR_TRUE);
226         return SECFailure;
227     } else {
228         *ecparams = params;
229         ;
230         return SECSuccess;
231     }
232 }
233 
234 int
EC_GetPointSize(const ECParams * params)235 EC_GetPointSize(const ECParams *params)
236 {
237     ECCurveName name = params->name;
238     const ECCurveBytes *curveParams;
239 
240     if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve) ||
241         ((curveParams = ecCurve_map[name]) == NULL)) {
242         /* unknown curve, calculate point size from params. assume standard curves with 2 points
243          * and a point compression indicator byte */
244         int sizeInBytes = (params->fieldID.size + 7) / 8;
245         return sizeInBytes * 2 + 1;
246     }
247     if (name == ECCurve25519) {
248         /* Only X here */
249         return curveParams->scalarSize;
250     }
251     return curveParams->pointSize - 1;
252 }
253