1 /* $OpenBSD: ec_asn1.c,v 1.21 2015/10/16 15:15:39 jsing Exp $ */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <string.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include "ec_lcl.h" 64 #include <openssl/err.h> 65 #include <openssl/asn1t.h> 66 #include <openssl/objects.h> 67 68 int 69 EC_GROUP_get_basis_type(const EC_GROUP * group) 70 { 71 int i = 0; 72 73 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 74 NID_X9_62_characteristic_two_field) 75 /* everything else is currently not supported */ 76 return 0; 77 78 while (group->poly[i] != 0) 79 i++; 80 81 if (i == 4) 82 return NID_X9_62_ppBasis; 83 else if (i == 2) 84 return NID_X9_62_tpBasis; 85 else 86 /* everything else is currently not supported */ 87 return 0; 88 } 89 #ifndef OPENSSL_NO_EC2M 90 int 91 EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k) 92 { 93 if (group == NULL) 94 return 0; 95 96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 97 NID_X9_62_characteristic_two_field 98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { 99 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 100 return 0; 101 } 102 if (k) 103 *k = group->poly[1]; 104 105 return 1; 106 } 107 int 108 EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1, 109 unsigned int *k2, unsigned int *k3) 110 { 111 if (group == NULL) 112 return 0; 113 114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 115 NID_X9_62_characteristic_two_field 116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { 117 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 118 return 0; 119 } 120 if (k1) 121 *k1 = group->poly[3]; 122 if (k2) 123 *k2 = group->poly[2]; 124 if (k3) 125 *k3 = group->poly[1]; 126 127 return 1; 128 } 129 #endif 130 131 132 /* some structures needed for the asn1 encoding */ 133 typedef struct x9_62_pentanomial_st { 134 long k1; 135 long k2; 136 long k3; 137 } X9_62_PENTANOMIAL; 138 139 typedef struct x9_62_characteristic_two_st { 140 long m; 141 ASN1_OBJECT *type; 142 union { 143 char *ptr; 144 /* NID_X9_62_onBasis */ 145 ASN1_NULL *onBasis; 146 /* NID_X9_62_tpBasis */ 147 ASN1_INTEGER *tpBasis; 148 /* NID_X9_62_ppBasis */ 149 X9_62_PENTANOMIAL *ppBasis; 150 /* anything else */ 151 ASN1_TYPE *other; 152 } p; 153 } X9_62_CHARACTERISTIC_TWO; 154 155 typedef struct x9_62_fieldid_st { 156 ASN1_OBJECT *fieldType; 157 union { 158 char *ptr; 159 /* NID_X9_62_prime_field */ 160 ASN1_INTEGER *prime; 161 /* NID_X9_62_characteristic_two_field */ 162 X9_62_CHARACTERISTIC_TWO *char_two; 163 /* anything else */ 164 ASN1_TYPE *other; 165 } p; 166 } X9_62_FIELDID; 167 168 typedef struct x9_62_curve_st { 169 ASN1_OCTET_STRING *a; 170 ASN1_OCTET_STRING *b; 171 ASN1_BIT_STRING *seed; 172 } X9_62_CURVE; 173 174 typedef struct ec_parameters_st { 175 long version; 176 X9_62_FIELDID *fieldID; 177 X9_62_CURVE *curve; 178 ASN1_OCTET_STRING *base; 179 ASN1_INTEGER *order; 180 ASN1_INTEGER *cofactor; 181 } ECPARAMETERS; 182 183 struct ecpk_parameters_st { 184 int type; 185 union { 186 ASN1_OBJECT *named_curve; 187 ECPARAMETERS *parameters; 188 ASN1_NULL *implicitlyCA; 189 } value; 190 } /* ECPKPARAMETERS */ ; 191 192 /* SEC1 ECPrivateKey */ 193 typedef struct ec_privatekey_st { 194 long version; 195 ASN1_OCTET_STRING *privateKey; 196 ECPKPARAMETERS *parameters; 197 ASN1_BIT_STRING *publicKey; 198 } EC_PRIVATEKEY; 199 200 /* the OpenSSL ASN.1 definitions */ 201 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = { 202 { 203 .flags = 0, 204 .tag = 0, 205 .offset = offsetof(X9_62_PENTANOMIAL, k1), 206 .field_name = "k1", 207 .item = &LONG_it, 208 }, 209 { 210 .flags = 0, 211 .tag = 0, 212 .offset = offsetof(X9_62_PENTANOMIAL, k2), 213 .field_name = "k2", 214 .item = &LONG_it, 215 }, 216 { 217 .flags = 0, 218 .tag = 0, 219 .offset = offsetof(X9_62_PENTANOMIAL, k3), 220 .field_name = "k3", 221 .item = &LONG_it, 222 }, 223 }; 224 225 const ASN1_ITEM X9_62_PENTANOMIAL_it = { 226 .itype = ASN1_ITYPE_SEQUENCE, 227 .utype = V_ASN1_SEQUENCE, 228 .templates = X9_62_PENTANOMIAL_seq_tt, 229 .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE), 230 .funcs = NULL, 231 .size = sizeof(X9_62_PENTANOMIAL), 232 .sname = "X9_62_PENTANOMIAL", 233 }; 234 235 X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void); 236 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a); 237 238 X9_62_PENTANOMIAL * 239 X9_62_PENTANOMIAL_new(void) 240 { 241 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it); 242 } 243 244 void 245 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a) 246 { 247 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it); 248 } 249 250 static const ASN1_TEMPLATE char_two_def_tt = { 251 .flags = 0, 252 .tag = 0, 253 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other), 254 .field_name = "p.other", 255 .item = &ASN1_ANY_it, 256 }; 257 258 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { 259 { 260 .value = NID_X9_62_onBasis, 261 .tt = { 262 .flags = 0, 263 .tag = 0, 264 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis), 265 .field_name = "p.onBasis", 266 .item = &ASN1_NULL_it, 267 }, 268 269 }, 270 { 271 .value = NID_X9_62_tpBasis, 272 .tt = { 273 .flags = 0, 274 .tag = 0, 275 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis), 276 .field_name = "p.tpBasis", 277 .item = &ASN1_INTEGER_it, 278 }, 279 280 }, 281 { 282 .value = NID_X9_62_ppBasis, 283 .tt = { 284 .flags = 0, 285 .tag = 0, 286 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis), 287 .field_name = "p.ppBasis", 288 .item = &X9_62_PENTANOMIAL_it, 289 }, 290 291 }, 292 }; 293 294 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { 295 .flags = 0, 296 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 297 .app_items = 0, 298 .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, 299 .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), 300 .default_tt = &char_two_def_tt, 301 .null_tt = NULL, 302 }; 303 304 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = { 305 { 306 .flags = 0, 307 .tag = 0, 308 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m), 309 .field_name = "m", 310 .item = &LONG_it, 311 }, 312 { 313 .flags = 0, 314 .tag = 0, 315 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 316 .field_name = "type", 317 .item = &ASN1_OBJECT_it, 318 }, 319 { 320 .flags = ASN1_TFLG_ADB_OID, 321 .tag = -1, 322 .offset = 0, 323 .field_name = "X9_62_CHARACTERISTIC_TWO", 324 .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb, 325 }, 326 }; 327 328 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = { 329 .itype = ASN1_ITYPE_SEQUENCE, 330 .utype = V_ASN1_SEQUENCE, 331 .templates = X9_62_CHARACTERISTIC_TWO_seq_tt, 332 .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE), 333 .funcs = NULL, 334 .size = sizeof(X9_62_CHARACTERISTIC_TWO), 335 .sname = "X9_62_CHARACTERISTIC_TWO", 336 }; 337 X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void); 338 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a); 339 340 X9_62_CHARACTERISTIC_TWO * 341 X9_62_CHARACTERISTIC_TWO_new(void) 342 { 343 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it); 344 } 345 346 void 347 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a) 348 { 349 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it); 350 } 351 static const ASN1_TEMPLATE fieldID_def_tt = { 352 .flags = 0, 353 .tag = 0, 354 .offset = offsetof(X9_62_FIELDID, p.other), 355 .field_name = "p.other", 356 .item = &ASN1_ANY_it, 357 }; 358 359 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { 360 { 361 .value = NID_X9_62_prime_field, 362 .tt = { 363 .flags = 0, 364 .tag = 0, 365 .offset = offsetof(X9_62_FIELDID, p.prime), 366 .field_name = "p.prime", 367 .item = &ASN1_INTEGER_it, 368 }, 369 370 }, 371 { 372 .value = NID_X9_62_characteristic_two_field, 373 .tt = { 374 .flags = 0, 375 .tag = 0, 376 .offset = offsetof(X9_62_FIELDID, p.char_two), 377 .field_name = "p.char_two", 378 .item = &X9_62_CHARACTERISTIC_TWO_it, 379 }, 380 381 }, 382 }; 383 384 static const ASN1_ADB X9_62_FIELDID_adb = { 385 .flags = 0, 386 .offset = offsetof(X9_62_FIELDID, fieldType), 387 .app_items = 0, 388 .tbl = X9_62_FIELDID_adbtbl, 389 .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), 390 .default_tt = &fieldID_def_tt, 391 .null_tt = NULL, 392 }; 393 394 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = { 395 { 396 .flags = 0, 397 .tag = 0, 398 .offset = offsetof(X9_62_FIELDID, fieldType), 399 .field_name = "fieldType", 400 .item = &ASN1_OBJECT_it, 401 }, 402 { 403 .flags = ASN1_TFLG_ADB_OID, 404 .tag = -1, 405 .offset = 0, 406 .field_name = "X9_62_FIELDID", 407 .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb, 408 }, 409 }; 410 411 const ASN1_ITEM X9_62_FIELDID_it = { 412 .itype = ASN1_ITYPE_SEQUENCE, 413 .utype = V_ASN1_SEQUENCE, 414 .templates = X9_62_FIELDID_seq_tt, 415 .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE), 416 .funcs = NULL, 417 .size = sizeof(X9_62_FIELDID), 418 .sname = "X9_62_FIELDID", 419 }; 420 421 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = { 422 { 423 .flags = 0, 424 .tag = 0, 425 .offset = offsetof(X9_62_CURVE, a), 426 .field_name = "a", 427 .item = &ASN1_OCTET_STRING_it, 428 }, 429 { 430 .flags = 0, 431 .tag = 0, 432 .offset = offsetof(X9_62_CURVE, b), 433 .field_name = "b", 434 .item = &ASN1_OCTET_STRING_it, 435 }, 436 { 437 .flags = ASN1_TFLG_OPTIONAL, 438 .tag = 0, 439 .offset = offsetof(X9_62_CURVE, seed), 440 .field_name = "seed", 441 .item = &ASN1_BIT_STRING_it, 442 }, 443 }; 444 445 const ASN1_ITEM X9_62_CURVE_it = { 446 .itype = ASN1_ITYPE_SEQUENCE, 447 .utype = V_ASN1_SEQUENCE, 448 .templates = X9_62_CURVE_seq_tt, 449 .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE), 450 .funcs = NULL, 451 .size = sizeof(X9_62_CURVE), 452 .sname = "X9_62_CURVE", 453 }; 454 455 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = { 456 { 457 .flags = 0, 458 .tag = 0, 459 .offset = offsetof(ECPARAMETERS, version), 460 .field_name = "version", 461 .item = &LONG_it, 462 }, 463 { 464 .flags = 0, 465 .tag = 0, 466 .offset = offsetof(ECPARAMETERS, fieldID), 467 .field_name = "fieldID", 468 .item = &X9_62_FIELDID_it, 469 }, 470 { 471 .flags = 0, 472 .tag = 0, 473 .offset = offsetof(ECPARAMETERS, curve), 474 .field_name = "curve", 475 .item = &X9_62_CURVE_it, 476 }, 477 { 478 .flags = 0, 479 .tag = 0, 480 .offset = offsetof(ECPARAMETERS, base), 481 .field_name = "base", 482 .item = &ASN1_OCTET_STRING_it, 483 }, 484 { 485 .flags = 0, 486 .tag = 0, 487 .offset = offsetof(ECPARAMETERS, order), 488 .field_name = "order", 489 .item = &ASN1_INTEGER_it, 490 }, 491 { 492 .flags = ASN1_TFLG_OPTIONAL, 493 .tag = 0, 494 .offset = offsetof(ECPARAMETERS, cofactor), 495 .field_name = "cofactor", 496 .item = &ASN1_INTEGER_it, 497 }, 498 }; 499 500 const ASN1_ITEM ECPARAMETERS_it = { 501 .itype = ASN1_ITYPE_SEQUENCE, 502 .utype = V_ASN1_SEQUENCE, 503 .templates = ECPARAMETERS_seq_tt, 504 .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE), 505 .funcs = NULL, 506 .size = sizeof(ECPARAMETERS), 507 .sname = "ECPARAMETERS", 508 }; 509 ECPARAMETERS *ECPARAMETERS_new(void); 510 void ECPARAMETERS_free(ECPARAMETERS *a); 511 512 ECPARAMETERS * 513 ECPARAMETERS_new(void) 514 { 515 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it); 516 } 517 518 void 519 ECPARAMETERS_free(ECPARAMETERS *a) 520 { 521 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it); 522 } 523 524 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = { 525 { 526 .flags = 0, 527 .tag = 0, 528 .offset = offsetof(ECPKPARAMETERS, value.named_curve), 529 .field_name = "value.named_curve", 530 .item = &ASN1_OBJECT_it, 531 }, 532 { 533 .flags = 0, 534 .tag = 0, 535 .offset = offsetof(ECPKPARAMETERS, value.parameters), 536 .field_name = "value.parameters", 537 .item = &ECPARAMETERS_it, 538 }, 539 { 540 .flags = 0, 541 .tag = 0, 542 .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA), 543 .field_name = "value.implicitlyCA", 544 .item = &ASN1_NULL_it, 545 }, 546 }; 547 548 const ASN1_ITEM ECPKPARAMETERS_it = { 549 .itype = ASN1_ITYPE_CHOICE, 550 .utype = offsetof(ECPKPARAMETERS, type), 551 .templates = ECPKPARAMETERS_ch_tt, 552 .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE), 553 .funcs = NULL, 554 .size = sizeof(ECPKPARAMETERS), 555 .sname = "ECPKPARAMETERS", 556 }; 557 558 ECPKPARAMETERS *ECPKPARAMETERS_new(void); 559 void ECPKPARAMETERS_free(ECPKPARAMETERS *a); 560 ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len); 561 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out); 562 563 ECPKPARAMETERS * 564 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) 565 { 566 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 567 &ECPKPARAMETERS_it); 568 } 569 570 int 571 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out) 572 { 573 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it); 574 } 575 576 ECPKPARAMETERS * 577 ECPKPARAMETERS_new(void) 578 { 579 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it); 580 } 581 582 void 583 ECPKPARAMETERS_free(ECPKPARAMETERS *a) 584 { 585 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it); 586 } 587 588 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = { 589 { 590 .flags = 0, 591 .tag = 0, 592 .offset = offsetof(EC_PRIVATEKEY, version), 593 .field_name = "version", 594 .item = &LONG_it, 595 }, 596 { 597 .flags = 0, 598 .tag = 0, 599 .offset = offsetof(EC_PRIVATEKEY, privateKey), 600 .field_name = "privateKey", 601 .item = &ASN1_OCTET_STRING_it, 602 }, 603 { 604 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 605 .tag = 0, 606 .offset = offsetof(EC_PRIVATEKEY, parameters), 607 .field_name = "parameters", 608 .item = &ECPKPARAMETERS_it, 609 }, 610 { 611 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 612 .tag = 1, 613 .offset = offsetof(EC_PRIVATEKEY, publicKey), 614 .field_name = "publicKey", 615 .item = &ASN1_BIT_STRING_it, 616 }, 617 }; 618 619 const ASN1_ITEM EC_PRIVATEKEY_it = { 620 .itype = ASN1_ITYPE_SEQUENCE, 621 .utype = V_ASN1_SEQUENCE, 622 .templates = EC_PRIVATEKEY_seq_tt, 623 .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE), 624 .funcs = NULL, 625 .size = sizeof(EC_PRIVATEKEY), 626 .sname = "EC_PRIVATEKEY", 627 }; 628 629 EC_PRIVATEKEY *EC_PRIVATEKEY_new(void); 630 void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a); 631 EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len); 632 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out); 633 634 EC_PRIVATEKEY * 635 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) 636 { 637 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 638 &EC_PRIVATEKEY_it); 639 } 640 641 int 642 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out) 643 { 644 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it); 645 } 646 647 EC_PRIVATEKEY * 648 EC_PRIVATEKEY_new(void) 649 { 650 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it); 651 } 652 653 void 654 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) 655 { 656 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); 657 } 658 /* some declarations of internal function */ 659 660 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 661 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 662 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 663 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 664 /* ec_asn1_parameters2group() creates a EC_GROUP object from a 665 * ECPARAMETERS object */ 666 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 667 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 668 * EC_GROUP object */ 669 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); 670 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a 671 * ECPKPARAMETERS object */ 672 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 673 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 674 * EC_GROUP object */ 675 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 676 ECPKPARAMETERS *); 677 678 679 /* the function definitions */ 680 681 static int 682 ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) 683 { 684 int ok = 0, nid; 685 BIGNUM *tmp = NULL; 686 687 if (group == NULL || field == NULL) 688 return 0; 689 690 /* clear the old values (if necessary) */ 691 if (field->fieldType != NULL) 692 ASN1_OBJECT_free(field->fieldType); 693 if (field->p.other != NULL) 694 ASN1_TYPE_free(field->p.other); 695 696 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 697 /* set OID for the field */ 698 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 699 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 700 goto err; 701 } 702 if (nid == NID_X9_62_prime_field) { 703 if ((tmp = BN_new()) == NULL) { 704 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 705 goto err; 706 } 707 /* the parameters are specified by the prime number p */ 708 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { 709 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 710 goto err; 711 } 712 /* set the prime number */ 713 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 714 if (field->p.prime == NULL) { 715 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 716 goto err; 717 } 718 } else /* nid == NID_X9_62_characteristic_two_field */ 719 #ifdef OPENSSL_NO_EC2M 720 { 721 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED); 722 goto err; 723 } 724 #else 725 { 726 int field_type; 727 X9_62_CHARACTERISTIC_TWO *char_two; 728 729 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 730 char_two = field->p.char_two; 731 732 if (char_two == NULL) { 733 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 734 goto err; 735 } 736 char_two->m = (long) EC_GROUP_get_degree(group); 737 738 field_type = EC_GROUP_get_basis_type(group); 739 740 if (field_type == 0) { 741 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 742 goto err; 743 } 744 /* set base type OID */ 745 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 746 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 747 goto err; 748 } 749 if (field_type == NID_X9_62_tpBasis) { 750 unsigned int k; 751 752 if (!EC_GROUP_get_trinomial_basis(group, &k)) 753 goto err; 754 755 char_two->p.tpBasis = ASN1_INTEGER_new(); 756 if (!char_two->p.tpBasis) { 757 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 758 goto err; 759 } 760 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) { 761 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, 762 ERR_R_ASN1_LIB); 763 goto err; 764 } 765 } else if (field_type == NID_X9_62_ppBasis) { 766 unsigned int k1, k2, k3; 767 768 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 769 goto err; 770 771 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 772 if (!char_two->p.ppBasis) { 773 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 774 goto err; 775 } 776 /* set k? values */ 777 char_two->p.ppBasis->k1 = (long) k1; 778 char_two->p.ppBasis->k2 = (long) k2; 779 char_two->p.ppBasis->k3 = (long) k3; 780 } else { /* field_type == NID_X9_62_onBasis */ 781 /* for ONB the parameters are (asn1) NULL */ 782 char_two->p.onBasis = ASN1_NULL_new(); 783 if (!char_two->p.onBasis) { 784 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 785 goto err; 786 } 787 } 788 } 789 #endif 790 791 ok = 1; 792 793 err: 794 BN_free(tmp); 795 return (ok); 796 } 797 798 static int 799 ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) 800 { 801 int ok = 0, nid; 802 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 803 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, 804 *b_buf = NULL; 805 size_t len_1, len_2; 806 unsigned char char_zero = 0; 807 808 if (!group || !curve || !curve->a || !curve->b) 809 return 0; 810 811 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 812 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 813 goto err; 814 } 815 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 816 817 /* get a and b */ 818 if (nid == NID_X9_62_prime_field) { 819 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { 820 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 821 goto err; 822 } 823 } 824 #ifndef OPENSSL_NO_EC2M 825 else { /* nid == NID_X9_62_characteristic_two_field */ 826 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { 827 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 828 goto err; 829 } 830 } 831 #endif 832 len_1 = (size_t) BN_num_bytes(tmp_1); 833 len_2 = (size_t) BN_num_bytes(tmp_2); 834 835 if (len_1 == 0) { 836 /* len_1 == 0 => a == 0 */ 837 a_buf = &char_zero; 838 len_1 = 1; 839 } else { 840 if ((buffer_1 = malloc(len_1)) == NULL) { 841 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 842 ERR_R_MALLOC_FAILURE); 843 goto err; 844 } 845 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 846 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 847 goto err; 848 } 849 a_buf = buffer_1; 850 } 851 852 if (len_2 == 0) { 853 /* len_2 == 0 => b == 0 */ 854 b_buf = &char_zero; 855 len_2 = 1; 856 } else { 857 if ((buffer_2 = malloc(len_2)) == NULL) { 858 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 859 ERR_R_MALLOC_FAILURE); 860 goto err; 861 } 862 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 863 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 864 goto err; 865 } 866 b_buf = buffer_2; 867 } 868 869 /* set a and b */ 870 if (!ASN1_STRING_set(curve->a, a_buf, len_1) || 871 !ASN1_STRING_set(curve->b, b_buf, len_2)) { 872 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 873 goto err; 874 } 875 /* set the seed (optional) */ 876 if (group->seed) { 877 if (!curve->seed) 878 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 879 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 880 goto err; 881 } 882 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 883 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 884 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 885 (int) group->seed_len)) { 886 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 887 goto err; 888 } 889 } else { 890 if (curve->seed) { 891 ASN1_BIT_STRING_free(curve->seed); 892 curve->seed = NULL; 893 } 894 } 895 896 ok = 1; 897 898 err: 899 free(buffer_1); 900 free(buffer_2); 901 BN_free(tmp_1); 902 BN_free(tmp_2); 903 return (ok); 904 } 905 906 static ECPARAMETERS * 907 ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param) 908 { 909 int ok = 0; 910 size_t len = 0; 911 ECPARAMETERS *ret = NULL; 912 BIGNUM *tmp = NULL; 913 unsigned char *buffer = NULL; 914 const EC_POINT *point = NULL; 915 point_conversion_form_t form; 916 917 if ((tmp = BN_new()) == NULL) { 918 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 919 goto err; 920 } 921 if (param == NULL) { 922 if ((ret = ECPARAMETERS_new()) == NULL) { 923 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 924 ERR_R_MALLOC_FAILURE); 925 goto err; 926 } 927 } else 928 ret = param; 929 930 /* set the version (always one) */ 931 ret->version = (long) 0x1; 932 933 /* set the fieldID */ 934 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 935 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 936 goto err; 937 } 938 /* set the curve */ 939 if (!ec_asn1_group2curve(group, ret->curve)) { 940 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 941 goto err; 942 } 943 /* set the base point */ 944 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 945 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); 946 goto err; 947 } 948 form = EC_GROUP_get_point_conversion_form(group); 949 950 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 951 if (len == 0) { 952 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 953 goto err; 954 } 955 if ((buffer = malloc(len)) == NULL) { 956 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 957 goto err; 958 } 959 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 960 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 961 goto err; 962 } 963 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 964 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 965 goto err; 966 } 967 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 968 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 969 goto err; 970 } 971 /* set the order */ 972 if (!EC_GROUP_get_order(group, tmp, NULL)) { 973 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 974 goto err; 975 } 976 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 977 if (ret->order == NULL) { 978 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 979 goto err; 980 } 981 /* set the cofactor (optional) */ 982 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 983 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 984 if (ret->cofactor == NULL) { 985 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 986 goto err; 987 } 988 } 989 ok = 1; 990 991 err: if (!ok) { 992 if (ret && !param) 993 ECPARAMETERS_free(ret); 994 ret = NULL; 995 } 996 BN_free(tmp); 997 free(buffer); 998 return (ret); 999 } 1000 1001 ECPKPARAMETERS * 1002 ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params) 1003 { 1004 int ok = 1, tmp; 1005 ECPKPARAMETERS *ret = params; 1006 1007 if (ret == NULL) { 1008 if ((ret = ECPKPARAMETERS_new()) == NULL) { 1009 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 1010 ERR_R_MALLOC_FAILURE); 1011 return NULL; 1012 } 1013 } else { 1014 if (ret->type == 0 && ret->value.named_curve) 1015 ASN1_OBJECT_free(ret->value.named_curve); 1016 else if (ret->type == 1 && ret->value.parameters) 1017 ECPARAMETERS_free(ret->value.parameters); 1018 } 1019 1020 if (EC_GROUP_get_asn1_flag(group)) { 1021 /* 1022 * use the asn1 OID to describe the elliptic curve 1023 * parameters 1024 */ 1025 tmp = EC_GROUP_get_curve_name(group); 1026 if (tmp) { 1027 ret->type = 0; 1028 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 1029 ok = 0; 1030 } else 1031 /* we don't kmow the nid => ERROR */ 1032 ok = 0; 1033 } else { 1034 /* use the ECPARAMETERS structure */ 1035 ret->type = 1; 1036 if ((ret->value.parameters = ec_asn1_group2parameters( 1037 group, NULL)) == NULL) 1038 ok = 0; 1039 } 1040 1041 if (!ok) { 1042 ECPKPARAMETERS_free(ret); 1043 return NULL; 1044 } 1045 return ret; 1046 } 1047 1048 static EC_GROUP * 1049 ec_asn1_parameters2group(const ECPARAMETERS * params) 1050 { 1051 int ok = 0, tmp; 1052 EC_GROUP *ret = NULL; 1053 BIGNUM *p = NULL, *a = NULL, *b = NULL; 1054 EC_POINT *point = NULL; 1055 long field_bits; 1056 1057 if (!params->fieldID || !params->fieldID->fieldType || 1058 !params->fieldID->p.ptr) { 1059 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1060 goto err; 1061 } 1062 /* now extract the curve parameters a and b */ 1063 if (!params->curve || !params->curve->a || 1064 !params->curve->a->data || !params->curve->b || 1065 !params->curve->b->data) { 1066 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1067 goto err; 1068 } 1069 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 1070 if (a == NULL) { 1071 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 1072 goto err; 1073 } 1074 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 1075 if (b == NULL) { 1076 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 1077 goto err; 1078 } 1079 /* get the field parameters */ 1080 tmp = OBJ_obj2nid(params->fieldID->fieldType); 1081 if (tmp == NID_X9_62_characteristic_two_field) 1082 #ifdef OPENSSL_NO_EC2M 1083 { 1084 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED); 1085 goto err; 1086 } 1087 #else 1088 { 1089 X9_62_CHARACTERISTIC_TWO *char_two; 1090 1091 char_two = params->fieldID->p.char_two; 1092 1093 field_bits = char_two->m; 1094 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1095 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 1096 goto err; 1097 } 1098 if ((p = BN_new()) == NULL) { 1099 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 1100 goto err; 1101 } 1102 /* get the base type */ 1103 tmp = OBJ_obj2nid(char_two->type); 1104 1105 if (tmp == NID_X9_62_tpBasis) { 1106 long tmp_long; 1107 1108 if (!char_two->p.tpBasis) { 1109 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1110 goto err; 1111 } 1112 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 1113 1114 if (!(char_two->m > tmp_long && tmp_long > 0)) { 1115 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); 1116 goto err; 1117 } 1118 /* create the polynomial */ 1119 if (!BN_set_bit(p, (int) char_two->m)) 1120 goto err; 1121 if (!BN_set_bit(p, (int) tmp_long)) 1122 goto err; 1123 if (!BN_set_bit(p, 0)) 1124 goto err; 1125 } else if (tmp == NID_X9_62_ppBasis) { 1126 X9_62_PENTANOMIAL *penta; 1127 1128 penta = char_two->p.ppBasis; 1129 if (!penta) { 1130 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1131 goto err; 1132 } 1133 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) { 1134 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); 1135 goto err; 1136 } 1137 /* create the polynomial */ 1138 if (!BN_set_bit(p, (int) char_two->m)) 1139 goto err; 1140 if (!BN_set_bit(p, (int) penta->k1)) 1141 goto err; 1142 if (!BN_set_bit(p, (int) penta->k2)) 1143 goto err; 1144 if (!BN_set_bit(p, (int) penta->k3)) 1145 goto err; 1146 if (!BN_set_bit(p, 0)) 1147 goto err; 1148 } else if (tmp == NID_X9_62_onBasis) { 1149 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); 1150 goto err; 1151 } else { /* error */ 1152 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1153 goto err; 1154 } 1155 1156 /* create the EC_GROUP structure */ 1157 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 1158 } 1159 #endif 1160 else if (tmp == NID_X9_62_prime_field) { 1161 /* we have a curve over a prime field */ 1162 /* extract the prime number */ 1163 if (!params->fieldID->p.prime) { 1164 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1165 goto err; 1166 } 1167 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 1168 if (p == NULL) { 1169 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1170 goto err; 1171 } 1172 if (BN_is_negative(p) || BN_is_zero(p)) { 1173 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 1174 goto err; 1175 } 1176 field_bits = BN_num_bits(p); 1177 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1178 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 1179 goto err; 1180 } 1181 /* create the EC_GROUP structure */ 1182 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 1183 } else { 1184 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 1185 goto err; 1186 } 1187 1188 if (ret == NULL) { 1189 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1190 goto err; 1191 } 1192 /* extract seed (optional) */ 1193 if (params->curve->seed != NULL) { 1194 free(ret->seed); 1195 if (!(ret->seed = malloc(params->curve->seed->length))) { 1196 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 1197 ERR_R_MALLOC_FAILURE); 1198 goto err; 1199 } 1200 memcpy(ret->seed, params->curve->seed->data, 1201 params->curve->seed->length); 1202 ret->seed_len = params->curve->seed->length; 1203 } 1204 if (!params->order || !params->base || !params->base->data) { 1205 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1206 goto err; 1207 } 1208 if ((point = EC_POINT_new(ret)) == NULL) 1209 goto err; 1210 1211 /* set the point conversion form */ 1212 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 1213 (params->base->data[0] & ~0x01)); 1214 1215 /* extract the ec point */ 1216 if (!EC_POINT_oct2point(ret, point, params->base->data, 1217 params->base->length, NULL)) { 1218 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1219 goto err; 1220 } 1221 /* extract the order */ 1222 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 1223 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1224 goto err; 1225 } 1226 if (BN_is_negative(a) || BN_is_zero(a)) { 1227 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 1228 goto err; 1229 } 1230 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ 1231 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 1232 goto err; 1233 } 1234 /* extract the cofactor (optional) */ 1235 if (params->cofactor == NULL) { 1236 BN_free(b); 1237 b = NULL; 1238 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 1239 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1240 goto err; 1241 } 1242 /* set the generator, order and cofactor (if present) */ 1243 if (!EC_GROUP_set_generator(ret, point, a, b)) { 1244 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1245 goto err; 1246 } 1247 ok = 1; 1248 1249 err: if (!ok) { 1250 EC_GROUP_clear_free(ret); 1251 ret = NULL; 1252 } 1253 BN_free(p); 1254 BN_free(a); 1255 BN_free(b); 1256 EC_POINT_free(point); 1257 return (ret); 1258 } 1259 1260 EC_GROUP * 1261 ec_asn1_pkparameters2group(const ECPKPARAMETERS * params) 1262 { 1263 EC_GROUP *ret = NULL; 1264 int tmp = 0; 1265 1266 if (params == NULL) { 1267 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1268 EC_R_MISSING_PARAMETERS); 1269 return NULL; 1270 } 1271 if (params->type == 0) {/* the curve is given by an OID */ 1272 tmp = OBJ_obj2nid(params->value.named_curve); 1273 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 1274 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1275 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 1276 return NULL; 1277 } 1278 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1279 } else if (params->type == 1) { /* the parameters are given by a 1280 * ECPARAMETERS structure */ 1281 ret = ec_asn1_parameters2group(params->value.parameters); 1282 if (!ret) { 1283 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); 1284 return NULL; 1285 } 1286 EC_GROUP_set_asn1_flag(ret, 0x0); 1287 } else if (params->type == 2) { /* implicitlyCA */ 1288 return NULL; 1289 } else { 1290 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); 1291 return NULL; 1292 } 1293 1294 return ret; 1295 } 1296 1297 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 1298 1299 EC_GROUP * 1300 d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) 1301 { 1302 EC_GROUP *group = NULL; 1303 ECPKPARAMETERS *params = NULL; 1304 1305 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { 1306 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); 1307 goto err; 1308 } 1309 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1310 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); 1311 goto err; 1312 } 1313 1314 if (a != NULL) { 1315 EC_GROUP_clear_free(*a); 1316 *a = group; 1317 } 1318 1319 err: 1320 ECPKPARAMETERS_free(params); 1321 return (group); 1322 } 1323 1324 int 1325 i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) 1326 { 1327 int ret = 0; 1328 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1329 if (tmp == NULL) { 1330 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); 1331 return 0; 1332 } 1333 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1334 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); 1335 ECPKPARAMETERS_free(tmp); 1336 return 0; 1337 } 1338 ECPKPARAMETERS_free(tmp); 1339 return (ret); 1340 } 1341 1342 /* some EC_KEY functions */ 1343 1344 EC_KEY * 1345 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) 1346 { 1347 EC_KEY *ret = NULL; 1348 EC_PRIVATEKEY *priv_key = NULL; 1349 1350 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1351 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1352 return NULL; 1353 } 1354 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { 1355 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1356 EC_PRIVATEKEY_free(priv_key); 1357 return NULL; 1358 } 1359 if (a == NULL || *a == NULL) { 1360 if ((ret = EC_KEY_new()) == NULL) { 1361 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1362 goto err; 1363 } 1364 } else 1365 ret = *a; 1366 1367 if (priv_key->parameters) { 1368 EC_GROUP_clear_free(ret->group); 1369 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1370 } 1371 if (ret->group == NULL) { 1372 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1373 goto err; 1374 } 1375 ret->version = priv_key->version; 1376 1377 if (priv_key->privateKey) { 1378 ret->priv_key = BN_bin2bn( 1379 ASN1_STRING_data(priv_key->privateKey), 1380 ASN1_STRING_length(priv_key->privateKey), 1381 ret->priv_key); 1382 if (ret->priv_key == NULL) { 1383 ECerr(EC_F_D2I_ECPRIVATEKEY, 1384 ERR_R_BN_LIB); 1385 goto err; 1386 } 1387 } else { 1388 ECerr(EC_F_D2I_ECPRIVATEKEY, 1389 EC_R_MISSING_PRIVATE_KEY); 1390 goto err; 1391 } 1392 1393 if (priv_key->publicKey) { 1394 const unsigned char *pub_oct; 1395 size_t pub_oct_len; 1396 1397 EC_POINT_clear_free(ret->pub_key); 1398 ret->pub_key = EC_POINT_new(ret->group); 1399 if (ret->pub_key == NULL) { 1400 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1401 goto err; 1402 } 1403 pub_oct = ASN1_STRING_data(priv_key->publicKey); 1404 pub_oct_len = ASN1_STRING_length(priv_key->publicKey); 1405 /* save the point conversion form */ 1406 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1407 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1408 pub_oct, pub_oct_len, NULL)) { 1409 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1410 goto err; 1411 } 1412 } 1413 1414 EC_PRIVATEKEY_free(priv_key); 1415 if (a != NULL) 1416 *a = ret; 1417 return (ret); 1418 1419 err: 1420 if (a == NULL || *a != ret) 1421 EC_KEY_free(ret); 1422 if (priv_key) 1423 EC_PRIVATEKEY_free(priv_key); 1424 1425 return (NULL); 1426 } 1427 1428 int 1429 i2d_ECPrivateKey(EC_KEY * a, unsigned char **out) 1430 { 1431 int ret = 0, ok = 0; 1432 unsigned char *buffer = NULL; 1433 size_t buf_len = 0, tmp_len; 1434 EC_PRIVATEKEY *priv_key = NULL; 1435 1436 if (a == NULL || a->group == NULL || a->priv_key == NULL) { 1437 ECerr(EC_F_I2D_ECPRIVATEKEY, 1438 ERR_R_PASSED_NULL_PARAMETER); 1439 goto err; 1440 } 1441 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1442 ECerr(EC_F_I2D_ECPRIVATEKEY, 1443 ERR_R_MALLOC_FAILURE); 1444 goto err; 1445 } 1446 priv_key->version = a->version; 1447 1448 buf_len = (size_t) BN_num_bytes(a->priv_key); 1449 buffer = malloc(buf_len); 1450 if (buffer == NULL) { 1451 ECerr(EC_F_I2D_ECPRIVATEKEY, 1452 ERR_R_MALLOC_FAILURE); 1453 goto err; 1454 } 1455 if (!BN_bn2bin(a->priv_key, buffer)) { 1456 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); 1457 goto err; 1458 } 1459 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1460 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1461 goto err; 1462 } 1463 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1464 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1465 a->group, priv_key->parameters)) == NULL) { 1466 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1467 goto err; 1468 } 1469 } 1470 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { 1471 priv_key->publicKey = ASN1_BIT_STRING_new(); 1472 if (priv_key->publicKey == NULL) { 1473 ECerr(EC_F_I2D_ECPRIVATEKEY, 1474 ERR_R_MALLOC_FAILURE); 1475 goto err; 1476 } 1477 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1478 a->conv_form, NULL, 0, NULL); 1479 1480 if (tmp_len > buf_len) { 1481 unsigned char *tmp_buffer = realloc(buffer, tmp_len); 1482 if (!tmp_buffer) { 1483 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1484 goto err; 1485 } 1486 buffer = tmp_buffer; 1487 buf_len = tmp_len; 1488 } 1489 if (!EC_POINT_point2oct(a->group, a->pub_key, 1490 a->conv_form, buffer, buf_len, NULL)) { 1491 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1492 goto err; 1493 } 1494 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 1495 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1496 if (!ASN1_STRING_set(priv_key->publicKey, buffer, 1497 buf_len)) { 1498 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1499 goto err; 1500 } 1501 } 1502 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1503 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1504 goto err; 1505 } 1506 ok = 1; 1507 err: 1508 free(buffer); 1509 if (priv_key) 1510 EC_PRIVATEKEY_free(priv_key); 1511 return (ok ? ret : 0); 1512 } 1513 1514 int 1515 i2d_ECParameters(EC_KEY * a, unsigned char **out) 1516 { 1517 if (a == NULL) { 1518 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1519 return 0; 1520 } 1521 return i2d_ECPKParameters(a->group, out); 1522 } 1523 1524 EC_KEY * 1525 d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) 1526 { 1527 EC_KEY *ret; 1528 1529 if (in == NULL || *in == NULL) { 1530 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1531 return NULL; 1532 } 1533 if (a == NULL || *a == NULL) { 1534 if ((ret = EC_KEY_new()) == NULL) { 1535 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); 1536 return NULL; 1537 } 1538 } else 1539 ret = *a; 1540 1541 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1542 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); 1543 if (a == NULL || *a != ret) 1544 EC_KEY_free(ret); 1545 return NULL; 1546 } 1547 1548 if (a != NULL) 1549 *a = ret; 1550 return ret; 1551 } 1552 1553 EC_KEY * 1554 o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len) 1555 { 1556 EC_KEY *ret = NULL; 1557 1558 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1559 /* 1560 * sorry, but a EC_GROUP-structur is necessary to set the 1561 * public key 1562 */ 1563 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1564 return 0; 1565 } 1566 ret = *a; 1567 if (ret->pub_key == NULL && 1568 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1569 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1570 return 0; 1571 } 1572 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1573 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); 1574 return 0; 1575 } 1576 /* save the point conversion form */ 1577 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); 1578 *in += len; 1579 return ret; 1580 } 1581 1582 int 1583 i2o_ECPublicKey(EC_KEY * a, unsigned char **out) 1584 { 1585 size_t buf_len = 0; 1586 int new_buffer = 0; 1587 1588 if (a == NULL) { 1589 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1590 return 0; 1591 } 1592 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1593 a->conv_form, NULL, 0, NULL); 1594 1595 if (out == NULL || buf_len == 0) 1596 /* out == NULL => just return the length of the octet string */ 1597 return buf_len; 1598 1599 if (*out == NULL) { 1600 if ((*out = malloc(buf_len)) == NULL) { 1601 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1602 return 0; 1603 } 1604 new_buffer = 1; 1605 } 1606 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1607 *out, buf_len, NULL)) { 1608 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); 1609 if (new_buffer) { 1610 free(*out); 1611 *out = NULL; 1612 } 1613 return 0; 1614 } 1615 if (!new_buffer) 1616 *out += buf_len; 1617 return buf_len; 1618 } 1619