1 /* $OpenBSD: ec_asn1.c,v 1.14 2015/03/20 03:02:51 doug Exp $ */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <string.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include "ec_lcl.h" 64 #include <openssl/err.h> 65 #include <openssl/asn1t.h> 66 #include <openssl/objects.h> 67 68 int 69 EC_GROUP_get_basis_type(const EC_GROUP * group) 70 { 71 int i = 0; 72 73 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 74 NID_X9_62_characteristic_two_field) 75 /* everything else is currently not supported */ 76 return 0; 77 78 while (group->poly[i] != 0) 79 i++; 80 81 if (i == 4) 82 return NID_X9_62_ppBasis; 83 else if (i == 2) 84 return NID_X9_62_tpBasis; 85 else 86 /* everything else is currently not supported */ 87 return 0; 88 } 89 #ifndef OPENSSL_NO_EC2M 90 int 91 EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k) 92 { 93 if (group == NULL) 94 return 0; 95 96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 97 NID_X9_62_characteristic_two_field 98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { 99 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 100 return 0; 101 } 102 if (k) 103 *k = group->poly[1]; 104 105 return 1; 106 } 107 int 108 EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1, 109 unsigned int *k2, unsigned int *k3) 110 { 111 if (group == NULL) 112 return 0; 113 114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 115 NID_X9_62_characteristic_two_field 116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { 117 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 118 return 0; 119 } 120 if (k1) 121 *k1 = group->poly[3]; 122 if (k2) 123 *k2 = group->poly[2]; 124 if (k3) 125 *k3 = group->poly[1]; 126 127 return 1; 128 } 129 #endif 130 131 132 /* some structures needed for the asn1 encoding */ 133 typedef struct x9_62_pentanomial_st { 134 long k1; 135 long k2; 136 long k3; 137 } X9_62_PENTANOMIAL; 138 139 typedef struct x9_62_characteristic_two_st { 140 long m; 141 ASN1_OBJECT *type; 142 union { 143 char *ptr; 144 /* NID_X9_62_onBasis */ 145 ASN1_NULL *onBasis; 146 /* NID_X9_62_tpBasis */ 147 ASN1_INTEGER *tpBasis; 148 /* NID_X9_62_ppBasis */ 149 X9_62_PENTANOMIAL *ppBasis; 150 /* anything else */ 151 ASN1_TYPE *other; 152 } p; 153 } X9_62_CHARACTERISTIC_TWO; 154 155 typedef struct x9_62_fieldid_st { 156 ASN1_OBJECT *fieldType; 157 union { 158 char *ptr; 159 /* NID_X9_62_prime_field */ 160 ASN1_INTEGER *prime; 161 /* NID_X9_62_characteristic_two_field */ 162 X9_62_CHARACTERISTIC_TWO *char_two; 163 /* anything else */ 164 ASN1_TYPE *other; 165 } p; 166 } X9_62_FIELDID; 167 168 typedef struct x9_62_curve_st { 169 ASN1_OCTET_STRING *a; 170 ASN1_OCTET_STRING *b; 171 ASN1_BIT_STRING *seed; 172 } X9_62_CURVE; 173 174 typedef struct ec_parameters_st { 175 long version; 176 X9_62_FIELDID *fieldID; 177 X9_62_CURVE *curve; 178 ASN1_OCTET_STRING *base; 179 ASN1_INTEGER *order; 180 ASN1_INTEGER *cofactor; 181 } ECPARAMETERS; 182 183 struct ecpk_parameters_st { 184 int type; 185 union { 186 ASN1_OBJECT *named_curve; 187 ECPARAMETERS *parameters; 188 ASN1_NULL *implicitlyCA; 189 } value; 190 } /* ECPKPARAMETERS */ ; 191 192 /* SEC1 ECPrivateKey */ 193 typedef struct ec_privatekey_st { 194 long version; 195 ASN1_OCTET_STRING *privateKey; 196 ECPKPARAMETERS *parameters; 197 ASN1_BIT_STRING *publicKey; 198 } EC_PRIVATEKEY; 199 200 /* the OpenSSL ASN.1 definitions */ 201 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { 202 ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), 203 ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), 204 ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) 205 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) 206 207 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 208 209 X9_62_PENTANOMIAL * 210 X9_62_PENTANOMIAL_new(void) 211 { 212 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it); 213 } 214 215 void 216 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a) 217 { 218 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it); 219 } 220 221 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); 222 223 ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { 224 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), 225 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), 226 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) 227 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); 228 229 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { 230 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), 231 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), 232 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) 233 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) 234 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 235 236 X9_62_CHARACTERISTIC_TWO * 237 X9_62_CHARACTERISTIC_TWO_new(void) 238 { 239 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it); 240 } 241 242 void 243 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a) 244 { 245 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it); 246 } 247 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); 248 249 ASN1_ADB(X9_62_FIELDID) = { 250 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), 251 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) 252 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); 253 254 ASN1_SEQUENCE(X9_62_FIELDID) = { 255 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), 256 ASN1_ADB_OBJECT(X9_62_FIELDID) 257 } ASN1_SEQUENCE_END(X9_62_FIELDID) 258 259 ASN1_SEQUENCE(X9_62_CURVE) = { 260 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), 261 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), 262 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) 263 } ASN1_SEQUENCE_END(X9_62_CURVE) 264 265 ASN1_SEQUENCE(ECPARAMETERS) = { 266 ASN1_SIMPLE(ECPARAMETERS, version, LONG), 267 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), 268 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), 269 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), 270 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), 271 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) 272 } ASN1_SEQUENCE_END(ECPARAMETERS) 273 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 274 275 ECPARAMETERS * 276 ECPARAMETERS_new(void) 277 { 278 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it); 279 } 280 281 void 282 ECPARAMETERS_free(ECPARAMETERS *a) 283 { 284 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it); 285 } 286 287 ASN1_CHOICE(ECPKPARAMETERS) = { 288 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), 289 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), 290 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) 291 } ASN1_CHOICE_END(ECPKPARAMETERS) 292 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) 293 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) 294 295 ECPKPARAMETERS * 296 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) 297 { 298 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 299 &ECPKPARAMETERS_it); 300 } 301 302 int 303 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out) 304 { 305 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it); 306 } 307 308 ECPKPARAMETERS * 309 ECPKPARAMETERS_new(void) 310 { 311 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it); 312 } 313 314 void 315 ECPKPARAMETERS_free(ECPKPARAMETERS *a) 316 { 317 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it); 318 } 319 320 ASN1_SEQUENCE(EC_PRIVATEKEY) = { 321 ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), 322 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), 323 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), 324 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) 325 } ASN1_SEQUENCE_END(EC_PRIVATEKEY) 326 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) 327 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY) 328 329 EC_PRIVATEKEY * 330 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) 331 { 332 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 333 &EC_PRIVATEKEY_it); 334 } 335 336 int 337 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out) 338 { 339 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it); 340 } 341 342 EC_PRIVATEKEY * 343 EC_PRIVATEKEY_new(void) 344 { 345 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it); 346 } 347 348 void 349 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) 350 { 351 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); 352 } 353 /* some declarations of internal function */ 354 355 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 356 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 357 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 358 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 359 /* ec_asn1_parameters2group() creates a EC_GROUP object from a 360 * ECPARAMETERS object */ 361 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 362 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 363 * EC_GROUP object */ 364 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); 365 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a 366 * ECPKPARAMETERS object */ 367 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 368 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 369 * EC_GROUP object */ 370 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 371 ECPKPARAMETERS *); 372 373 374 /* the function definitions */ 375 376 static int 377 ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) 378 { 379 int ok = 0, nid; 380 BIGNUM *tmp = NULL; 381 382 if (group == NULL || field == NULL) 383 return 0; 384 385 /* clear the old values (if necessary) */ 386 if (field->fieldType != NULL) 387 ASN1_OBJECT_free(field->fieldType); 388 if (field->p.other != NULL) 389 ASN1_TYPE_free(field->p.other); 390 391 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 392 /* set OID for the field */ 393 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 394 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 395 goto err; 396 } 397 if (nid == NID_X9_62_prime_field) { 398 if ((tmp = BN_new()) == NULL) { 399 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 400 goto err; 401 } 402 /* the parameters are specified by the prime number p */ 403 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { 404 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 405 goto err; 406 } 407 /* set the prime number */ 408 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 409 if (field->p.prime == NULL) { 410 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 411 goto err; 412 } 413 } else /* nid == NID_X9_62_characteristic_two_field */ 414 #ifdef OPENSSL_NO_EC2M 415 { 416 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED); 417 goto err; 418 } 419 #else 420 { 421 int field_type; 422 X9_62_CHARACTERISTIC_TWO *char_two; 423 424 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 425 char_two = field->p.char_two; 426 427 if (char_two == NULL) { 428 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 429 goto err; 430 } 431 char_two->m = (long) EC_GROUP_get_degree(group); 432 433 field_type = EC_GROUP_get_basis_type(group); 434 435 if (field_type == 0) { 436 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 437 goto err; 438 } 439 /* set base type OID */ 440 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 441 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 442 goto err; 443 } 444 if (field_type == NID_X9_62_tpBasis) { 445 unsigned int k; 446 447 if (!EC_GROUP_get_trinomial_basis(group, &k)) 448 goto err; 449 450 char_two->p.tpBasis = ASN1_INTEGER_new(); 451 if (!char_two->p.tpBasis) { 452 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 453 goto err; 454 } 455 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) { 456 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, 457 ERR_R_ASN1_LIB); 458 goto err; 459 } 460 } else if (field_type == NID_X9_62_ppBasis) { 461 unsigned int k1, k2, k3; 462 463 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 464 goto err; 465 466 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 467 if (!char_two->p.ppBasis) { 468 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 469 goto err; 470 } 471 /* set k? values */ 472 char_two->p.ppBasis->k1 = (long) k1; 473 char_two->p.ppBasis->k2 = (long) k2; 474 char_two->p.ppBasis->k3 = (long) k3; 475 } else { /* field_type == NID_X9_62_onBasis */ 476 /* for ONB the parameters are (asn1) NULL */ 477 char_two->p.onBasis = ASN1_NULL_new(); 478 if (!char_two->p.onBasis) { 479 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 480 goto err; 481 } 482 } 483 } 484 #endif 485 486 ok = 1; 487 488 err: 489 BN_free(tmp); 490 return (ok); 491 } 492 493 static int 494 ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) 495 { 496 int ok = 0, nid; 497 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 498 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, 499 *b_buf = NULL; 500 size_t len_1, len_2; 501 unsigned char char_zero = 0; 502 503 if (!group || !curve || !curve->a || !curve->b) 504 return 0; 505 506 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 507 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 508 goto err; 509 } 510 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 511 512 /* get a and b */ 513 if (nid == NID_X9_62_prime_field) { 514 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { 515 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 516 goto err; 517 } 518 } 519 #ifndef OPENSSL_NO_EC2M 520 else { /* nid == NID_X9_62_characteristic_two_field */ 521 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { 522 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 523 goto err; 524 } 525 } 526 #endif 527 len_1 = (size_t) BN_num_bytes(tmp_1); 528 len_2 = (size_t) BN_num_bytes(tmp_2); 529 530 if (len_1 == 0) { 531 /* len_1 == 0 => a == 0 */ 532 a_buf = &char_zero; 533 len_1 = 1; 534 } else { 535 if ((buffer_1 = malloc(len_1)) == NULL) { 536 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 537 ERR_R_MALLOC_FAILURE); 538 goto err; 539 } 540 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 541 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 542 goto err; 543 } 544 a_buf = buffer_1; 545 } 546 547 if (len_2 == 0) { 548 /* len_2 == 0 => b == 0 */ 549 b_buf = &char_zero; 550 len_2 = 1; 551 } else { 552 if ((buffer_2 = malloc(len_2)) == NULL) { 553 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 554 ERR_R_MALLOC_FAILURE); 555 goto err; 556 } 557 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 558 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 559 goto err; 560 } 561 b_buf = buffer_2; 562 } 563 564 /* set a and b */ 565 if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || 566 !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { 567 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 568 goto err; 569 } 570 /* set the seed (optional) */ 571 if (group->seed) { 572 if (!curve->seed) 573 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 574 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 575 goto err; 576 } 577 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 578 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 579 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 580 (int) group->seed_len)) { 581 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 582 goto err; 583 } 584 } else { 585 if (curve->seed) { 586 ASN1_BIT_STRING_free(curve->seed); 587 curve->seed = NULL; 588 } 589 } 590 591 ok = 1; 592 593 err: 594 free(buffer_1); 595 free(buffer_2); 596 BN_free(tmp_1); 597 BN_free(tmp_2); 598 return (ok); 599 } 600 601 static ECPARAMETERS * 602 ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param) 603 { 604 int ok = 0; 605 size_t len = 0; 606 ECPARAMETERS *ret = NULL; 607 BIGNUM *tmp = NULL; 608 unsigned char *buffer = NULL; 609 const EC_POINT *point = NULL; 610 point_conversion_form_t form; 611 612 if ((tmp = BN_new()) == NULL) { 613 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 614 goto err; 615 } 616 if (param == NULL) { 617 if ((ret = ECPARAMETERS_new()) == NULL) { 618 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 619 ERR_R_MALLOC_FAILURE); 620 goto err; 621 } 622 } else 623 ret = param; 624 625 /* set the version (always one) */ 626 ret->version = (long) 0x1; 627 628 /* set the fieldID */ 629 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 630 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 631 goto err; 632 } 633 /* set the curve */ 634 if (!ec_asn1_group2curve(group, ret->curve)) { 635 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 636 goto err; 637 } 638 /* set the base point */ 639 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 640 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); 641 goto err; 642 } 643 form = EC_GROUP_get_point_conversion_form(group); 644 645 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 646 if (len == 0) { 647 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 648 goto err; 649 } 650 if ((buffer = malloc(len)) == NULL) { 651 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 652 goto err; 653 } 654 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 655 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 656 goto err; 657 } 658 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 659 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 660 goto err; 661 } 662 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 663 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 664 goto err; 665 } 666 /* set the order */ 667 if (!EC_GROUP_get_order(group, tmp, NULL)) { 668 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 669 goto err; 670 } 671 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 672 if (ret->order == NULL) { 673 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 674 goto err; 675 } 676 /* set the cofactor (optional) */ 677 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 678 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 679 if (ret->cofactor == NULL) { 680 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 681 goto err; 682 } 683 } 684 ok = 1; 685 686 err: if (!ok) { 687 if (ret && !param) 688 ECPARAMETERS_free(ret); 689 ret = NULL; 690 } 691 BN_free(tmp); 692 free(buffer); 693 return (ret); 694 } 695 696 ECPKPARAMETERS * 697 ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params) 698 { 699 int ok = 1, tmp; 700 ECPKPARAMETERS *ret = params; 701 702 if (ret == NULL) { 703 if ((ret = ECPKPARAMETERS_new()) == NULL) { 704 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 705 ERR_R_MALLOC_FAILURE); 706 return NULL; 707 } 708 } else { 709 if (ret->type == 0 && ret->value.named_curve) 710 ASN1_OBJECT_free(ret->value.named_curve); 711 else if (ret->type == 1 && ret->value.parameters) 712 ECPARAMETERS_free(ret->value.parameters); 713 } 714 715 if (EC_GROUP_get_asn1_flag(group)) { 716 /* 717 * use the asn1 OID to describe the the elliptic curve 718 * parameters 719 */ 720 tmp = EC_GROUP_get_curve_name(group); 721 if (tmp) { 722 ret->type = 0; 723 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 724 ok = 0; 725 } else 726 /* we don't kmow the nid => ERROR */ 727 ok = 0; 728 } else { 729 /* use the ECPARAMETERS structure */ 730 ret->type = 1; 731 if ((ret->value.parameters = ec_asn1_group2parameters( 732 group, NULL)) == NULL) 733 ok = 0; 734 } 735 736 if (!ok) { 737 ECPKPARAMETERS_free(ret); 738 return NULL; 739 } 740 return ret; 741 } 742 743 static EC_GROUP * 744 ec_asn1_parameters2group(const ECPARAMETERS * params) 745 { 746 int ok = 0, tmp; 747 EC_GROUP *ret = NULL; 748 BIGNUM *p = NULL, *a = NULL, *b = NULL; 749 EC_POINT *point = NULL; 750 long field_bits; 751 752 if (!params->fieldID || !params->fieldID->fieldType || 753 !params->fieldID->p.ptr) { 754 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 755 goto err; 756 } 757 /* now extract the curve parameters a and b */ 758 if (!params->curve || !params->curve->a || 759 !params->curve->a->data || !params->curve->b || 760 !params->curve->b->data) { 761 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 762 goto err; 763 } 764 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 765 if (a == NULL) { 766 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 767 goto err; 768 } 769 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 770 if (b == NULL) { 771 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 772 goto err; 773 } 774 /* get the field parameters */ 775 tmp = OBJ_obj2nid(params->fieldID->fieldType); 776 if (tmp == NID_X9_62_characteristic_two_field) 777 #ifdef OPENSSL_NO_EC2M 778 { 779 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED); 780 goto err; 781 } 782 #else 783 { 784 X9_62_CHARACTERISTIC_TWO *char_two; 785 786 char_two = params->fieldID->p.char_two; 787 788 field_bits = char_two->m; 789 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 790 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 791 goto err; 792 } 793 if ((p = BN_new()) == NULL) { 794 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 795 goto err; 796 } 797 /* get the base type */ 798 tmp = OBJ_obj2nid(char_two->type); 799 800 if (tmp == NID_X9_62_tpBasis) { 801 long tmp_long; 802 803 if (!char_two->p.tpBasis) { 804 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 805 goto err; 806 } 807 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 808 809 if (!(char_two->m > tmp_long && tmp_long > 0)) { 810 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); 811 goto err; 812 } 813 /* create the polynomial */ 814 if (!BN_set_bit(p, (int) char_two->m)) 815 goto err; 816 if (!BN_set_bit(p, (int) tmp_long)) 817 goto err; 818 if (!BN_set_bit(p, 0)) 819 goto err; 820 } else if (tmp == NID_X9_62_ppBasis) { 821 X9_62_PENTANOMIAL *penta; 822 823 penta = char_two->p.ppBasis; 824 if (!penta) { 825 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 826 goto err; 827 } 828 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) { 829 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); 830 goto err; 831 } 832 /* create the polynomial */ 833 if (!BN_set_bit(p, (int) char_two->m)) 834 goto err; 835 if (!BN_set_bit(p, (int) penta->k1)) 836 goto err; 837 if (!BN_set_bit(p, (int) penta->k2)) 838 goto err; 839 if (!BN_set_bit(p, (int) penta->k3)) 840 goto err; 841 if (!BN_set_bit(p, 0)) 842 goto err; 843 } else if (tmp == NID_X9_62_onBasis) { 844 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); 845 goto err; 846 } else { /* error */ 847 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 848 goto err; 849 } 850 851 /* create the EC_GROUP structure */ 852 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 853 } 854 #endif 855 else if (tmp == NID_X9_62_prime_field) { 856 /* we have a curve over a prime field */ 857 /* extract the prime number */ 858 if (!params->fieldID->p.prime) { 859 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 860 goto err; 861 } 862 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 863 if (p == NULL) { 864 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 865 goto err; 866 } 867 if (BN_is_negative(p) || BN_is_zero(p)) { 868 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 869 goto err; 870 } 871 field_bits = BN_num_bits(p); 872 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 873 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 874 goto err; 875 } 876 /* create the EC_GROUP structure */ 877 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 878 } else { 879 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 880 goto err; 881 } 882 883 if (ret == NULL) { 884 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 885 goto err; 886 } 887 /* extract seed (optional) */ 888 if (params->curve->seed != NULL) { 889 free(ret->seed); 890 if (!(ret->seed = malloc(params->curve->seed->length))) { 891 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 892 ERR_R_MALLOC_FAILURE); 893 goto err; 894 } 895 memcpy(ret->seed, params->curve->seed->data, 896 params->curve->seed->length); 897 ret->seed_len = params->curve->seed->length; 898 } 899 if (!params->order || !params->base || !params->base->data) { 900 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 901 goto err; 902 } 903 if ((point = EC_POINT_new(ret)) == NULL) 904 goto err; 905 906 /* set the point conversion form */ 907 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 908 (params->base->data[0] & ~0x01)); 909 910 /* extract the ec point */ 911 if (!EC_POINT_oct2point(ret, point, params->base->data, 912 params->base->length, NULL)) { 913 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 914 goto err; 915 } 916 /* extract the order */ 917 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 918 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 919 goto err; 920 } 921 if (BN_is_negative(a) || BN_is_zero(a)) { 922 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 923 goto err; 924 } 925 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ 926 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 927 goto err; 928 } 929 /* extract the cofactor (optional) */ 930 if (params->cofactor == NULL) { 931 BN_free(b); 932 b = NULL; 933 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 934 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 935 goto err; 936 } 937 /* set the generator, order and cofactor (if present) */ 938 if (!EC_GROUP_set_generator(ret, point, a, b)) { 939 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 940 goto err; 941 } 942 ok = 1; 943 944 err: if (!ok) { 945 EC_GROUP_clear_free(ret); 946 ret = NULL; 947 } 948 BN_free(p); 949 BN_free(a); 950 BN_free(b); 951 EC_POINT_free(point); 952 return (ret); 953 } 954 955 EC_GROUP * 956 ec_asn1_pkparameters2group(const ECPKPARAMETERS * params) 957 { 958 EC_GROUP *ret = NULL; 959 int tmp = 0; 960 961 if (params == NULL) { 962 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 963 EC_R_MISSING_PARAMETERS); 964 return NULL; 965 } 966 if (params->type == 0) {/* the curve is given by an OID */ 967 tmp = OBJ_obj2nid(params->value.named_curve); 968 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 969 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 970 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 971 return NULL; 972 } 973 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 974 } else if (params->type == 1) { /* the parameters are given by a 975 * ECPARAMETERS structure */ 976 ret = ec_asn1_parameters2group(params->value.parameters); 977 if (!ret) { 978 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); 979 return NULL; 980 } 981 EC_GROUP_set_asn1_flag(ret, 0x0); 982 } else if (params->type == 2) { /* implicitlyCA */ 983 return NULL; 984 } else { 985 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); 986 return NULL; 987 } 988 989 return ret; 990 } 991 992 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 993 994 EC_GROUP * 995 d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) 996 { 997 EC_GROUP *group = NULL; 998 ECPKPARAMETERS *params = NULL; 999 1000 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { 1001 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); 1002 goto err; 1003 } 1004 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1005 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); 1006 goto err; 1007 } 1008 1009 if (a != NULL) { 1010 EC_GROUP_clear_free(*a); 1011 *a = group; 1012 } 1013 1014 err: 1015 ECPKPARAMETERS_free(params); 1016 return (group); 1017 } 1018 1019 int 1020 i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) 1021 { 1022 int ret = 0; 1023 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1024 if (tmp == NULL) { 1025 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); 1026 return 0; 1027 } 1028 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1029 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); 1030 ECPKPARAMETERS_free(tmp); 1031 return 0; 1032 } 1033 ECPKPARAMETERS_free(tmp); 1034 return (ret); 1035 } 1036 1037 /* some EC_KEY functions */ 1038 1039 EC_KEY * 1040 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) 1041 { 1042 EC_KEY *ret = NULL; 1043 EC_PRIVATEKEY *priv_key = NULL; 1044 1045 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1046 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1047 return NULL; 1048 } 1049 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { 1050 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1051 EC_PRIVATEKEY_free(priv_key); 1052 return NULL; 1053 } 1054 if (a == NULL || *a == NULL) { 1055 if ((ret = EC_KEY_new()) == NULL) { 1056 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1057 goto err; 1058 } 1059 } else 1060 ret = *a; 1061 1062 if (priv_key->parameters) { 1063 EC_GROUP_clear_free(ret->group); 1064 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1065 } 1066 if (ret->group == NULL) { 1067 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1068 goto err; 1069 } 1070 ret->version = priv_key->version; 1071 1072 if (priv_key->privateKey) { 1073 ret->priv_key = BN_bin2bn( 1074 M_ASN1_STRING_data(priv_key->privateKey), 1075 M_ASN1_STRING_length(priv_key->privateKey), 1076 ret->priv_key); 1077 if (ret->priv_key == NULL) { 1078 ECerr(EC_F_D2I_ECPRIVATEKEY, 1079 ERR_R_BN_LIB); 1080 goto err; 1081 } 1082 } else { 1083 ECerr(EC_F_D2I_ECPRIVATEKEY, 1084 EC_R_MISSING_PRIVATE_KEY); 1085 goto err; 1086 } 1087 1088 if (priv_key->publicKey) { 1089 const unsigned char *pub_oct; 1090 size_t pub_oct_len; 1091 1092 EC_POINT_clear_free(ret->pub_key); 1093 ret->pub_key = EC_POINT_new(ret->group); 1094 if (ret->pub_key == NULL) { 1095 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1096 goto err; 1097 } 1098 pub_oct = M_ASN1_STRING_data(priv_key->publicKey); 1099 pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); 1100 /* save the point conversion form */ 1101 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1102 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1103 pub_oct, pub_oct_len, NULL)) { 1104 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1105 goto err; 1106 } 1107 } 1108 1109 EC_PRIVATEKEY_free(priv_key); 1110 if (a != NULL) 1111 *a = ret; 1112 return (ret); 1113 1114 err: 1115 if (a == NULL || *a != ret) 1116 EC_KEY_free(ret); 1117 if (priv_key) 1118 EC_PRIVATEKEY_free(priv_key); 1119 1120 return (NULL); 1121 } 1122 1123 int 1124 i2d_ECPrivateKey(EC_KEY * a, unsigned char **out) 1125 { 1126 int ret = 0, ok = 0; 1127 unsigned char *buffer = NULL; 1128 size_t buf_len = 0, tmp_len; 1129 EC_PRIVATEKEY *priv_key = NULL; 1130 1131 if (a == NULL || a->group == NULL || a->priv_key == NULL) { 1132 ECerr(EC_F_I2D_ECPRIVATEKEY, 1133 ERR_R_PASSED_NULL_PARAMETER); 1134 goto err; 1135 } 1136 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1137 ECerr(EC_F_I2D_ECPRIVATEKEY, 1138 ERR_R_MALLOC_FAILURE); 1139 goto err; 1140 } 1141 priv_key->version = a->version; 1142 1143 buf_len = (size_t) BN_num_bytes(a->priv_key); 1144 buffer = malloc(buf_len); 1145 if (buffer == NULL) { 1146 ECerr(EC_F_I2D_ECPRIVATEKEY, 1147 ERR_R_MALLOC_FAILURE); 1148 goto err; 1149 } 1150 if (!BN_bn2bin(a->priv_key, buffer)) { 1151 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); 1152 goto err; 1153 } 1154 if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1155 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1156 goto err; 1157 } 1158 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1159 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1160 a->group, priv_key->parameters)) == NULL) { 1161 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1162 goto err; 1163 } 1164 } 1165 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { 1166 priv_key->publicKey = M_ASN1_BIT_STRING_new(); 1167 if (priv_key->publicKey == NULL) { 1168 ECerr(EC_F_I2D_ECPRIVATEKEY, 1169 ERR_R_MALLOC_FAILURE); 1170 goto err; 1171 } 1172 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1173 a->conv_form, NULL, 0, NULL); 1174 1175 if (tmp_len > buf_len) { 1176 unsigned char *tmp_buffer = realloc(buffer, tmp_len); 1177 if (!tmp_buffer) { 1178 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1179 goto err; 1180 } 1181 buffer = tmp_buffer; 1182 buf_len = tmp_len; 1183 } 1184 if (!EC_POINT_point2oct(a->group, a->pub_key, 1185 a->conv_form, buffer, buf_len, NULL)) { 1186 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1187 goto err; 1188 } 1189 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 1190 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1191 if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 1192 buf_len)) { 1193 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1194 goto err; 1195 } 1196 } 1197 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1198 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1199 goto err; 1200 } 1201 ok = 1; 1202 err: 1203 free(buffer); 1204 if (priv_key) 1205 EC_PRIVATEKEY_free(priv_key); 1206 return (ok ? ret : 0); 1207 } 1208 1209 int 1210 i2d_ECParameters(EC_KEY * a, unsigned char **out) 1211 { 1212 if (a == NULL) { 1213 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1214 return 0; 1215 } 1216 return i2d_ECPKParameters(a->group, out); 1217 } 1218 1219 EC_KEY * 1220 d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) 1221 { 1222 EC_KEY *ret; 1223 1224 if (in == NULL || *in == NULL) { 1225 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1226 return NULL; 1227 } 1228 if (a == NULL || *a == NULL) { 1229 if ((ret = EC_KEY_new()) == NULL) { 1230 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); 1231 return NULL; 1232 } 1233 } else 1234 ret = *a; 1235 1236 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1237 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); 1238 if (a == NULL || *a != ret) 1239 EC_KEY_free(ret); 1240 return NULL; 1241 } 1242 1243 if (a != NULL) 1244 *a = ret; 1245 return ret; 1246 } 1247 1248 EC_KEY * 1249 o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len) 1250 { 1251 EC_KEY *ret = NULL; 1252 1253 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1254 /* 1255 * sorry, but a EC_GROUP-structur is necessary to set the 1256 * public key 1257 */ 1258 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1259 return 0; 1260 } 1261 ret = *a; 1262 if (ret->pub_key == NULL && 1263 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1264 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1265 return 0; 1266 } 1267 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1268 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); 1269 return 0; 1270 } 1271 /* save the point conversion form */ 1272 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); 1273 *in += len; 1274 return ret; 1275 } 1276 1277 int 1278 i2o_ECPublicKey(EC_KEY * a, unsigned char **out) 1279 { 1280 size_t buf_len = 0; 1281 int new_buffer = 0; 1282 1283 if (a == NULL) { 1284 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1285 return 0; 1286 } 1287 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1288 a->conv_form, NULL, 0, NULL); 1289 1290 if (out == NULL || buf_len == 0) 1291 /* out == NULL => just return the length of the octet string */ 1292 return buf_len; 1293 1294 if (*out == NULL) { 1295 if ((*out = malloc(buf_len)) == NULL) { 1296 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1297 return 0; 1298 } 1299 new_buffer = 1; 1300 } 1301 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1302 *out, buf_len, NULL)) { 1303 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); 1304 if (new_buffer) { 1305 free(*out); 1306 *out = NULL; 1307 } 1308 return 0; 1309 } 1310 if (!new_buffer) 1311 *out += buf_len; 1312 return buf_len; 1313 } 1314