1 /* $OpenBSD: ec_asn1.c,v 1.37 2022/05/24 20:06:32 tb Exp $ */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <string.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include <openssl/err.h> 64 #include <openssl/asn1t.h> 65 #include <openssl/objects.h> 66 67 #include "asn1_locl.h" 68 #include "ec_lcl.h" 69 70 int 71 EC_GROUP_get_basis_type(const EC_GROUP * group) 72 { 73 int i = 0; 74 75 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 76 NID_X9_62_characteristic_two_field) 77 /* everything else is currently not supported */ 78 return 0; 79 80 while (group->poly[i] != 0) 81 i++; 82 83 if (i == 4) 84 return NID_X9_62_ppBasis; 85 else if (i == 2) 86 return NID_X9_62_tpBasis; 87 else 88 /* everything else is currently not supported */ 89 return 0; 90 } 91 92 #ifndef OPENSSL_NO_EC2M 93 int 94 EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k) 95 { 96 if (group == NULL) 97 return 0; 98 99 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 100 NID_X9_62_characteristic_two_field 101 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { 102 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 103 return 0; 104 } 105 if (k) 106 *k = group->poly[1]; 107 108 return 1; 109 } 110 111 int 112 EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1, 113 unsigned int *k2, unsigned int *k3) 114 { 115 if (group == NULL) 116 return 0; 117 118 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 119 NID_X9_62_characteristic_two_field 120 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { 121 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 122 return 0; 123 } 124 if (k1) 125 *k1 = group->poly[3]; 126 if (k2) 127 *k2 = group->poly[2]; 128 if (k3) 129 *k3 = group->poly[1]; 130 131 return 1; 132 } 133 #endif 134 135 /* some structures needed for the asn1 encoding */ 136 typedef struct x9_62_pentanomial_st { 137 long k1; 138 long k2; 139 long k3; 140 } X9_62_PENTANOMIAL; 141 142 typedef struct x9_62_characteristic_two_st { 143 long m; 144 ASN1_OBJECT *type; 145 union { 146 char *ptr; 147 /* NID_X9_62_onBasis */ 148 ASN1_NULL *onBasis; 149 /* NID_X9_62_tpBasis */ 150 ASN1_INTEGER *tpBasis; 151 /* NID_X9_62_ppBasis */ 152 X9_62_PENTANOMIAL *ppBasis; 153 /* anything else */ 154 ASN1_TYPE *other; 155 } p; 156 } X9_62_CHARACTERISTIC_TWO; 157 158 typedef struct x9_62_fieldid_st { 159 ASN1_OBJECT *fieldType; 160 union { 161 char *ptr; 162 /* NID_X9_62_prime_field */ 163 ASN1_INTEGER *prime; 164 /* NID_X9_62_characteristic_two_field */ 165 X9_62_CHARACTERISTIC_TWO *char_two; 166 /* anything else */ 167 ASN1_TYPE *other; 168 } p; 169 } X9_62_FIELDID; 170 171 typedef struct x9_62_curve_st { 172 ASN1_OCTET_STRING *a; 173 ASN1_OCTET_STRING *b; 174 ASN1_BIT_STRING *seed; 175 } X9_62_CURVE; 176 177 typedef struct ec_parameters_st { 178 long version; 179 X9_62_FIELDID *fieldID; 180 X9_62_CURVE *curve; 181 ASN1_OCTET_STRING *base; 182 ASN1_INTEGER *order; 183 ASN1_INTEGER *cofactor; 184 } ECPARAMETERS; 185 186 struct ecpk_parameters_st { 187 int type; 188 union { 189 ASN1_OBJECT *named_curve; 190 ECPARAMETERS *parameters; 191 ASN1_NULL *implicitlyCA; 192 } value; 193 } /* ECPKPARAMETERS */ ; 194 195 /* SEC1 ECPrivateKey */ 196 typedef struct ec_privatekey_st { 197 long version; 198 ASN1_OCTET_STRING *privateKey; 199 ECPKPARAMETERS *parameters; 200 ASN1_BIT_STRING *publicKey; 201 } EC_PRIVATEKEY; 202 203 /* the OpenSSL ASN.1 definitions */ 204 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = { 205 { 206 .flags = 0, 207 .tag = 0, 208 .offset = offsetof(X9_62_PENTANOMIAL, k1), 209 .field_name = "k1", 210 .item = &LONG_it, 211 }, 212 { 213 .flags = 0, 214 .tag = 0, 215 .offset = offsetof(X9_62_PENTANOMIAL, k2), 216 .field_name = "k2", 217 .item = &LONG_it, 218 }, 219 { 220 .flags = 0, 221 .tag = 0, 222 .offset = offsetof(X9_62_PENTANOMIAL, k3), 223 .field_name = "k3", 224 .item = &LONG_it, 225 }, 226 }; 227 228 const ASN1_ITEM X9_62_PENTANOMIAL_it = { 229 .itype = ASN1_ITYPE_SEQUENCE, 230 .utype = V_ASN1_SEQUENCE, 231 .templates = X9_62_PENTANOMIAL_seq_tt, 232 .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE), 233 .funcs = NULL, 234 .size = sizeof(X9_62_PENTANOMIAL), 235 .sname = "X9_62_PENTANOMIAL", 236 }; 237 238 X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void); 239 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a); 240 241 X9_62_PENTANOMIAL * 242 X9_62_PENTANOMIAL_new(void) 243 { 244 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it); 245 } 246 247 void 248 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a) 249 { 250 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it); 251 } 252 253 static const ASN1_TEMPLATE char_two_def_tt = { 254 .flags = 0, 255 .tag = 0, 256 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other), 257 .field_name = "p.other", 258 .item = &ASN1_ANY_it, 259 }; 260 261 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { 262 { 263 .value = NID_X9_62_onBasis, 264 .tt = { 265 .flags = 0, 266 .tag = 0, 267 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis), 268 .field_name = "p.onBasis", 269 .item = &ASN1_NULL_it, 270 }, 271 272 }, 273 { 274 .value = NID_X9_62_tpBasis, 275 .tt = { 276 .flags = 0, 277 .tag = 0, 278 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis), 279 .field_name = "p.tpBasis", 280 .item = &ASN1_INTEGER_it, 281 }, 282 283 }, 284 { 285 .value = NID_X9_62_ppBasis, 286 .tt = { 287 .flags = 0, 288 .tag = 0, 289 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis), 290 .field_name = "p.ppBasis", 291 .item = &X9_62_PENTANOMIAL_it, 292 }, 293 294 }, 295 }; 296 297 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { 298 .flags = 0, 299 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 300 .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, 301 .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), 302 .default_tt = &char_two_def_tt, 303 .null_tt = NULL, 304 }; 305 306 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = { 307 { 308 .flags = 0, 309 .tag = 0, 310 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m), 311 .field_name = "m", 312 .item = &LONG_it, 313 }, 314 { 315 .flags = 0, 316 .tag = 0, 317 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 318 .field_name = "type", 319 .item = &ASN1_OBJECT_it, 320 }, 321 { 322 .flags = ASN1_TFLG_ADB_OID, 323 .tag = -1, 324 .offset = 0, 325 .field_name = "X9_62_CHARACTERISTIC_TWO", 326 .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb, 327 }, 328 }; 329 330 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = { 331 .itype = ASN1_ITYPE_SEQUENCE, 332 .utype = V_ASN1_SEQUENCE, 333 .templates = X9_62_CHARACTERISTIC_TWO_seq_tt, 334 .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE), 335 .funcs = NULL, 336 .size = sizeof(X9_62_CHARACTERISTIC_TWO), 337 .sname = "X9_62_CHARACTERISTIC_TWO", 338 }; 339 340 X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void); 341 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a); 342 343 X9_62_CHARACTERISTIC_TWO * 344 X9_62_CHARACTERISTIC_TWO_new(void) 345 { 346 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it); 347 } 348 349 void 350 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a) 351 { 352 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it); 353 } 354 355 static const ASN1_TEMPLATE fieldID_def_tt = { 356 .flags = 0, 357 .tag = 0, 358 .offset = offsetof(X9_62_FIELDID, p.other), 359 .field_name = "p.other", 360 .item = &ASN1_ANY_it, 361 }; 362 363 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { 364 { 365 .value = NID_X9_62_prime_field, 366 .tt = { 367 .flags = 0, 368 .tag = 0, 369 .offset = offsetof(X9_62_FIELDID, p.prime), 370 .field_name = "p.prime", 371 .item = &ASN1_INTEGER_it, 372 }, 373 374 }, 375 { 376 .value = NID_X9_62_characteristic_two_field, 377 .tt = { 378 .flags = 0, 379 .tag = 0, 380 .offset = offsetof(X9_62_FIELDID, p.char_two), 381 .field_name = "p.char_two", 382 .item = &X9_62_CHARACTERISTIC_TWO_it, 383 }, 384 385 }, 386 }; 387 388 static const ASN1_ADB X9_62_FIELDID_adb = { 389 .flags = 0, 390 .offset = offsetof(X9_62_FIELDID, fieldType), 391 .tbl = X9_62_FIELDID_adbtbl, 392 .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), 393 .default_tt = &fieldID_def_tt, 394 .null_tt = NULL, 395 }; 396 397 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = { 398 { 399 .flags = 0, 400 .tag = 0, 401 .offset = offsetof(X9_62_FIELDID, fieldType), 402 .field_name = "fieldType", 403 .item = &ASN1_OBJECT_it, 404 }, 405 { 406 .flags = ASN1_TFLG_ADB_OID, 407 .tag = -1, 408 .offset = 0, 409 .field_name = "X9_62_FIELDID", 410 .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb, 411 }, 412 }; 413 414 const ASN1_ITEM X9_62_FIELDID_it = { 415 .itype = ASN1_ITYPE_SEQUENCE, 416 .utype = V_ASN1_SEQUENCE, 417 .templates = X9_62_FIELDID_seq_tt, 418 .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE), 419 .funcs = NULL, 420 .size = sizeof(X9_62_FIELDID), 421 .sname = "X9_62_FIELDID", 422 }; 423 424 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = { 425 { 426 .flags = 0, 427 .tag = 0, 428 .offset = offsetof(X9_62_CURVE, a), 429 .field_name = "a", 430 .item = &ASN1_OCTET_STRING_it, 431 }, 432 { 433 .flags = 0, 434 .tag = 0, 435 .offset = offsetof(X9_62_CURVE, b), 436 .field_name = "b", 437 .item = &ASN1_OCTET_STRING_it, 438 }, 439 { 440 .flags = ASN1_TFLG_OPTIONAL, 441 .tag = 0, 442 .offset = offsetof(X9_62_CURVE, seed), 443 .field_name = "seed", 444 .item = &ASN1_BIT_STRING_it, 445 }, 446 }; 447 448 const ASN1_ITEM X9_62_CURVE_it = { 449 .itype = ASN1_ITYPE_SEQUENCE, 450 .utype = V_ASN1_SEQUENCE, 451 .templates = X9_62_CURVE_seq_tt, 452 .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE), 453 .funcs = NULL, 454 .size = sizeof(X9_62_CURVE), 455 .sname = "X9_62_CURVE", 456 }; 457 458 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = { 459 { 460 .flags = 0, 461 .tag = 0, 462 .offset = offsetof(ECPARAMETERS, version), 463 .field_name = "version", 464 .item = &LONG_it, 465 }, 466 { 467 .flags = 0, 468 .tag = 0, 469 .offset = offsetof(ECPARAMETERS, fieldID), 470 .field_name = "fieldID", 471 .item = &X9_62_FIELDID_it, 472 }, 473 { 474 .flags = 0, 475 .tag = 0, 476 .offset = offsetof(ECPARAMETERS, curve), 477 .field_name = "curve", 478 .item = &X9_62_CURVE_it, 479 }, 480 { 481 .flags = 0, 482 .tag = 0, 483 .offset = offsetof(ECPARAMETERS, base), 484 .field_name = "base", 485 .item = &ASN1_OCTET_STRING_it, 486 }, 487 { 488 .flags = 0, 489 .tag = 0, 490 .offset = offsetof(ECPARAMETERS, order), 491 .field_name = "order", 492 .item = &ASN1_INTEGER_it, 493 }, 494 { 495 .flags = ASN1_TFLG_OPTIONAL, 496 .tag = 0, 497 .offset = offsetof(ECPARAMETERS, cofactor), 498 .field_name = "cofactor", 499 .item = &ASN1_INTEGER_it, 500 }, 501 }; 502 503 const ASN1_ITEM ECPARAMETERS_it = { 504 .itype = ASN1_ITYPE_SEQUENCE, 505 .utype = V_ASN1_SEQUENCE, 506 .templates = ECPARAMETERS_seq_tt, 507 .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE), 508 .funcs = NULL, 509 .size = sizeof(ECPARAMETERS), 510 .sname = "ECPARAMETERS", 511 }; 512 513 ECPARAMETERS *ECPARAMETERS_new(void); 514 void ECPARAMETERS_free(ECPARAMETERS *a); 515 516 ECPARAMETERS * 517 ECPARAMETERS_new(void) 518 { 519 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it); 520 } 521 522 void 523 ECPARAMETERS_free(ECPARAMETERS *a) 524 { 525 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it); 526 } 527 528 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = { 529 { 530 .flags = 0, 531 .tag = 0, 532 .offset = offsetof(ECPKPARAMETERS, value.named_curve), 533 .field_name = "value.named_curve", 534 .item = &ASN1_OBJECT_it, 535 }, 536 { 537 .flags = 0, 538 .tag = 0, 539 .offset = offsetof(ECPKPARAMETERS, value.parameters), 540 .field_name = "value.parameters", 541 .item = &ECPARAMETERS_it, 542 }, 543 { 544 .flags = 0, 545 .tag = 0, 546 .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA), 547 .field_name = "value.implicitlyCA", 548 .item = &ASN1_NULL_it, 549 }, 550 }; 551 552 const ASN1_ITEM ECPKPARAMETERS_it = { 553 .itype = ASN1_ITYPE_CHOICE, 554 .utype = offsetof(ECPKPARAMETERS, type), 555 .templates = ECPKPARAMETERS_ch_tt, 556 .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE), 557 .funcs = NULL, 558 .size = sizeof(ECPKPARAMETERS), 559 .sname = "ECPKPARAMETERS", 560 }; 561 562 ECPKPARAMETERS *ECPKPARAMETERS_new(void); 563 void ECPKPARAMETERS_free(ECPKPARAMETERS *a); 564 ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len); 565 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out); 566 567 ECPKPARAMETERS * 568 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) 569 { 570 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 571 &ECPKPARAMETERS_it); 572 } 573 574 int 575 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out) 576 { 577 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it); 578 } 579 580 ECPKPARAMETERS * 581 ECPKPARAMETERS_new(void) 582 { 583 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it); 584 } 585 586 void 587 ECPKPARAMETERS_free(ECPKPARAMETERS *a) 588 { 589 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it); 590 } 591 592 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = { 593 { 594 .flags = 0, 595 .tag = 0, 596 .offset = offsetof(EC_PRIVATEKEY, version), 597 .field_name = "version", 598 .item = &LONG_it, 599 }, 600 { 601 .flags = 0, 602 .tag = 0, 603 .offset = offsetof(EC_PRIVATEKEY, privateKey), 604 .field_name = "privateKey", 605 .item = &ASN1_OCTET_STRING_it, 606 }, 607 { 608 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 609 .tag = 0, 610 .offset = offsetof(EC_PRIVATEKEY, parameters), 611 .field_name = "parameters", 612 .item = &ECPKPARAMETERS_it, 613 }, 614 { 615 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 616 .tag = 1, 617 .offset = offsetof(EC_PRIVATEKEY, publicKey), 618 .field_name = "publicKey", 619 .item = &ASN1_BIT_STRING_it, 620 }, 621 }; 622 623 const ASN1_ITEM EC_PRIVATEKEY_it = { 624 .itype = ASN1_ITYPE_SEQUENCE, 625 .utype = V_ASN1_SEQUENCE, 626 .templates = EC_PRIVATEKEY_seq_tt, 627 .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE), 628 .funcs = NULL, 629 .size = sizeof(EC_PRIVATEKEY), 630 .sname = "EC_PRIVATEKEY", 631 }; 632 633 EC_PRIVATEKEY *EC_PRIVATEKEY_new(void); 634 void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a); 635 EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len); 636 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out); 637 638 EC_PRIVATEKEY * 639 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) 640 { 641 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 642 &EC_PRIVATEKEY_it); 643 } 644 645 int 646 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out) 647 { 648 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it); 649 } 650 651 EC_PRIVATEKEY * 652 EC_PRIVATEKEY_new(void) 653 { 654 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it); 655 } 656 657 void 658 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) 659 { 660 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); 661 } 662 663 /* some declarations of internal function */ 664 665 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 666 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 667 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 668 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 669 /* ec_asn1_parameters2group() creates a EC_GROUP object from a 670 * ECPARAMETERS object */ 671 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 672 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 673 * EC_GROUP object */ 674 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); 675 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a 676 * ECPKPARAMETERS object */ 677 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 678 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 679 * EC_GROUP object */ 680 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 681 ECPKPARAMETERS *); 682 683 /* the function definitions */ 684 685 static int 686 ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) 687 { 688 int ok = 0, nid; 689 BIGNUM *tmp = NULL; 690 691 if (group == NULL || field == NULL) 692 return 0; 693 694 /* clear the old values (if necessary) */ 695 if (field->fieldType != NULL) 696 ASN1_OBJECT_free(field->fieldType); 697 if (field->p.other != NULL) 698 ASN1_TYPE_free(field->p.other); 699 700 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 701 /* set OID for the field */ 702 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 703 ECerror(ERR_R_OBJ_LIB); 704 goto err; 705 } 706 if (nid == NID_X9_62_prime_field) { 707 if ((tmp = BN_new()) == NULL) { 708 ECerror(ERR_R_MALLOC_FAILURE); 709 goto err; 710 } 711 /* the parameters are specified by the prime number p */ 712 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { 713 ECerror(ERR_R_EC_LIB); 714 goto err; 715 } 716 /* set the prime number */ 717 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 718 if (field->p.prime == NULL) { 719 ECerror(ERR_R_ASN1_LIB); 720 goto err; 721 } 722 } else /* nid == NID_X9_62_characteristic_two_field */ 723 #ifdef OPENSSL_NO_EC2M 724 { 725 ECerror(EC_R_GF2M_NOT_SUPPORTED); 726 goto err; 727 } 728 #else 729 { 730 int field_type; 731 X9_62_CHARACTERISTIC_TWO *char_two; 732 733 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 734 char_two = field->p.char_two; 735 736 if (char_two == NULL) { 737 ECerror(ERR_R_MALLOC_FAILURE); 738 goto err; 739 } 740 char_two->m = (long) EC_GROUP_get_degree(group); 741 742 field_type = EC_GROUP_get_basis_type(group); 743 744 if (field_type == 0) { 745 ECerror(ERR_R_EC_LIB); 746 goto err; 747 } 748 /* set base type OID */ 749 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 750 ECerror(ERR_R_OBJ_LIB); 751 goto err; 752 } 753 if (field_type == NID_X9_62_tpBasis) { 754 unsigned int k; 755 756 if (!EC_GROUP_get_trinomial_basis(group, &k)) 757 goto err; 758 759 char_two->p.tpBasis = ASN1_INTEGER_new(); 760 if (!char_two->p.tpBasis) { 761 ECerror(ERR_R_MALLOC_FAILURE); 762 goto err; 763 } 764 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) { 765 ECerror(ERR_R_ASN1_LIB); 766 goto err; 767 } 768 } else if (field_type == NID_X9_62_ppBasis) { 769 unsigned int k1, k2, k3; 770 771 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 772 goto err; 773 774 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 775 if (!char_two->p.ppBasis) { 776 ECerror(ERR_R_MALLOC_FAILURE); 777 goto err; 778 } 779 /* set k? values */ 780 char_two->p.ppBasis->k1 = (long) k1; 781 char_two->p.ppBasis->k2 = (long) k2; 782 char_two->p.ppBasis->k3 = (long) k3; 783 } else { /* field_type == NID_X9_62_onBasis */ 784 /* for ONB the parameters are (asn1) NULL */ 785 char_two->p.onBasis = ASN1_NULL_new(); 786 if (!char_two->p.onBasis) { 787 ECerror(ERR_R_MALLOC_FAILURE); 788 goto err; 789 } 790 } 791 } 792 #endif 793 794 ok = 1; 795 796 err: 797 BN_free(tmp); 798 return (ok); 799 } 800 801 static int 802 ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) 803 { 804 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 805 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, 806 *b_buf = NULL; 807 size_t len_1, len_2; 808 unsigned char char_zero = 0; 809 int ok = 0; 810 811 if (!group || !curve || !curve->a || !curve->b) 812 return 0; 813 814 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 815 ECerror(ERR_R_MALLOC_FAILURE); 816 goto err; 817 } 818 819 /* get a and b */ 820 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { 821 ECerror(ERR_R_EC_LIB); 822 goto err; 823 } 824 len_1 = (size_t) BN_num_bytes(tmp_1); 825 len_2 = (size_t) BN_num_bytes(tmp_2); 826 827 if (len_1 == 0) { 828 /* len_1 == 0 => a == 0 */ 829 a_buf = &char_zero; 830 len_1 = 1; 831 } else { 832 if ((buffer_1 = malloc(len_1)) == NULL) { 833 ECerror(ERR_R_MALLOC_FAILURE); 834 goto err; 835 } 836 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 837 ECerror(ERR_R_BN_LIB); 838 goto err; 839 } 840 a_buf = buffer_1; 841 } 842 843 if (len_2 == 0) { 844 /* len_2 == 0 => b == 0 */ 845 b_buf = &char_zero; 846 len_2 = 1; 847 } else { 848 if ((buffer_2 = malloc(len_2)) == NULL) { 849 ECerror(ERR_R_MALLOC_FAILURE); 850 goto err; 851 } 852 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 853 ECerror(ERR_R_BN_LIB); 854 goto err; 855 } 856 b_buf = buffer_2; 857 } 858 859 /* set a and b */ 860 if (!ASN1_STRING_set(curve->a, a_buf, len_1) || 861 !ASN1_STRING_set(curve->b, b_buf, len_2)) { 862 ECerror(ERR_R_ASN1_LIB); 863 goto err; 864 } 865 866 ASN1_BIT_STRING_free(curve->seed); 867 curve->seed = NULL; 868 869 /* set the seed (optional) */ 870 if (group->seed != NULL) { 871 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 872 ECerror(ERR_R_MALLOC_FAILURE); 873 goto err; 874 } 875 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 876 (int) group->seed_len)) { 877 ECerror(ERR_R_ASN1_LIB); 878 goto err; 879 } 880 if (!asn1_abs_set_unused_bits(curve->seed, 0)) { 881 ECerror(ERR_R_ASN1_LIB); 882 goto err; 883 } 884 } 885 886 ok = 1; 887 888 err: 889 free(buffer_1); 890 free(buffer_2); 891 BN_free(tmp_1); 892 BN_free(tmp_2); 893 return (ok); 894 } 895 896 static ECPARAMETERS * 897 ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param) 898 { 899 int ok = 0; 900 size_t len = 0; 901 ECPARAMETERS *ret = NULL; 902 BIGNUM *tmp = NULL; 903 unsigned char *buffer = NULL; 904 const EC_POINT *point = NULL; 905 point_conversion_form_t form; 906 907 if ((tmp = BN_new()) == NULL) { 908 ECerror(ERR_R_MALLOC_FAILURE); 909 goto err; 910 } 911 if (param == NULL) { 912 if ((ret = ECPARAMETERS_new()) == NULL) { 913 ECerror(ERR_R_MALLOC_FAILURE); 914 goto err; 915 } 916 } else 917 ret = param; 918 919 /* set the version (always one) */ 920 ret->version = (long) 0x1; 921 922 /* set the fieldID */ 923 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 924 ECerror(ERR_R_EC_LIB); 925 goto err; 926 } 927 /* set the curve */ 928 if (!ec_asn1_group2curve(group, ret->curve)) { 929 ECerror(ERR_R_EC_LIB); 930 goto err; 931 } 932 /* set the base point */ 933 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 934 ECerror(EC_R_UNDEFINED_GENERATOR); 935 goto err; 936 } 937 form = EC_GROUP_get_point_conversion_form(group); 938 939 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 940 if (len == 0) { 941 ECerror(ERR_R_EC_LIB); 942 goto err; 943 } 944 if ((buffer = malloc(len)) == NULL) { 945 ECerror(ERR_R_MALLOC_FAILURE); 946 goto err; 947 } 948 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 949 ECerror(ERR_R_EC_LIB); 950 goto err; 951 } 952 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 953 ECerror(ERR_R_MALLOC_FAILURE); 954 goto err; 955 } 956 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 957 ECerror(ERR_R_ASN1_LIB); 958 goto err; 959 } 960 /* set the order */ 961 if (!EC_GROUP_get_order(group, tmp, NULL)) { 962 ECerror(ERR_R_EC_LIB); 963 goto err; 964 } 965 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 966 if (ret->order == NULL) { 967 ECerror(ERR_R_ASN1_LIB); 968 goto err; 969 } 970 /* set the cofactor (optional) */ 971 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 972 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 973 if (ret->cofactor == NULL) { 974 ECerror(ERR_R_ASN1_LIB); 975 goto err; 976 } 977 } 978 ok = 1; 979 980 err: 981 if (!ok) { 982 if (ret && !param) 983 ECPARAMETERS_free(ret); 984 ret = NULL; 985 } 986 BN_free(tmp); 987 free(buffer); 988 return (ret); 989 } 990 991 ECPKPARAMETERS * 992 ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params) 993 { 994 int ok = 1, tmp; 995 ECPKPARAMETERS *ret = params; 996 997 if (ret == NULL) { 998 if ((ret = ECPKPARAMETERS_new()) == NULL) { 999 ECerror(ERR_R_MALLOC_FAILURE); 1000 return NULL; 1001 } 1002 } else { 1003 if (ret->type == 0 && ret->value.named_curve) 1004 ASN1_OBJECT_free(ret->value.named_curve); 1005 else if (ret->type == 1 && ret->value.parameters) 1006 ECPARAMETERS_free(ret->value.parameters); 1007 } 1008 1009 if (EC_GROUP_get_asn1_flag(group)) { 1010 /* 1011 * use the asn1 OID to describe the elliptic curve 1012 * parameters 1013 */ 1014 tmp = EC_GROUP_get_curve_name(group); 1015 if (tmp) { 1016 ret->type = 0; 1017 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 1018 ok = 0; 1019 } else 1020 /* we don't know the group => ERROR */ 1021 ok = 0; 1022 } else { 1023 /* use the ECPARAMETERS structure */ 1024 ret->type = 1; 1025 if ((ret->value.parameters = ec_asn1_group2parameters( 1026 group, NULL)) == NULL) 1027 ok = 0; 1028 } 1029 1030 if (!ok) { 1031 ECPKPARAMETERS_free(ret); 1032 return NULL; 1033 } 1034 return ret; 1035 } 1036 1037 static EC_GROUP * 1038 ec_asn1_parameters2group(const ECPARAMETERS * params) 1039 { 1040 int ok = 0, tmp; 1041 EC_GROUP *ret = NULL; 1042 BIGNUM *p = NULL, *a = NULL, *b = NULL; 1043 EC_POINT *point = NULL; 1044 long field_bits; 1045 1046 if (!params->fieldID || !params->fieldID->fieldType || 1047 !params->fieldID->p.ptr) { 1048 ECerror(EC_R_ASN1_ERROR); 1049 goto err; 1050 } 1051 /* now extract the curve parameters a and b */ 1052 if (!params->curve || !params->curve->a || 1053 !params->curve->a->data || !params->curve->b || 1054 !params->curve->b->data) { 1055 ECerror(EC_R_ASN1_ERROR); 1056 goto err; 1057 } 1058 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 1059 if (a == NULL) { 1060 ECerror(ERR_R_BN_LIB); 1061 goto err; 1062 } 1063 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 1064 if (b == NULL) { 1065 ECerror(ERR_R_BN_LIB); 1066 goto err; 1067 } 1068 /* get the field parameters */ 1069 tmp = OBJ_obj2nid(params->fieldID->fieldType); 1070 if (tmp == NID_X9_62_characteristic_two_field) 1071 #ifdef OPENSSL_NO_EC2M 1072 { 1073 ECerror(EC_R_GF2M_NOT_SUPPORTED); 1074 goto err; 1075 } 1076 #else 1077 { 1078 X9_62_CHARACTERISTIC_TWO *char_two; 1079 1080 char_two = params->fieldID->p.char_two; 1081 1082 field_bits = char_two->m; 1083 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1084 ECerror(EC_R_FIELD_TOO_LARGE); 1085 goto err; 1086 } 1087 if ((p = BN_new()) == NULL) { 1088 ECerror(ERR_R_MALLOC_FAILURE); 1089 goto err; 1090 } 1091 /* get the base type */ 1092 tmp = OBJ_obj2nid(char_two->type); 1093 1094 if (tmp == NID_X9_62_tpBasis) { 1095 long tmp_long; 1096 1097 if (!char_two->p.tpBasis) { 1098 ECerror(EC_R_ASN1_ERROR); 1099 goto err; 1100 } 1101 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 1102 1103 if (!(char_two->m > tmp_long && tmp_long > 0)) { 1104 ECerror(EC_R_INVALID_TRINOMIAL_BASIS); 1105 goto err; 1106 } 1107 /* create the polynomial */ 1108 if (!BN_set_bit(p, (int) char_two->m)) 1109 goto err; 1110 if (!BN_set_bit(p, (int) tmp_long)) 1111 goto err; 1112 if (!BN_set_bit(p, 0)) 1113 goto err; 1114 } else if (tmp == NID_X9_62_ppBasis) { 1115 X9_62_PENTANOMIAL *penta; 1116 1117 penta = char_two->p.ppBasis; 1118 if (!penta) { 1119 ECerror(EC_R_ASN1_ERROR); 1120 goto err; 1121 } 1122 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) { 1123 ECerror(EC_R_INVALID_PENTANOMIAL_BASIS); 1124 goto err; 1125 } 1126 /* create the polynomial */ 1127 if (!BN_set_bit(p, (int) char_two->m)) 1128 goto err; 1129 if (!BN_set_bit(p, (int) penta->k1)) 1130 goto err; 1131 if (!BN_set_bit(p, (int) penta->k2)) 1132 goto err; 1133 if (!BN_set_bit(p, (int) penta->k3)) 1134 goto err; 1135 if (!BN_set_bit(p, 0)) 1136 goto err; 1137 } else if (tmp == NID_X9_62_onBasis) { 1138 ECerror(EC_R_NOT_IMPLEMENTED); 1139 goto err; 1140 } else { /* error */ 1141 ECerror(EC_R_ASN1_ERROR); 1142 goto err; 1143 } 1144 1145 /* create the EC_GROUP structure */ 1146 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 1147 } 1148 #endif 1149 else if (tmp == NID_X9_62_prime_field) { 1150 /* we have a curve over a prime field */ 1151 /* extract the prime number */ 1152 if (!params->fieldID->p.prime) { 1153 ECerror(EC_R_ASN1_ERROR); 1154 goto err; 1155 } 1156 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 1157 if (p == NULL) { 1158 ECerror(ERR_R_ASN1_LIB); 1159 goto err; 1160 } 1161 if (BN_is_negative(p) || BN_is_zero(p)) { 1162 ECerror(EC_R_INVALID_FIELD); 1163 goto err; 1164 } 1165 field_bits = BN_num_bits(p); 1166 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1167 ECerror(EC_R_FIELD_TOO_LARGE); 1168 goto err; 1169 } 1170 /* create the EC_GROUP structure */ 1171 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 1172 } else { 1173 ECerror(EC_R_INVALID_FIELD); 1174 goto err; 1175 } 1176 1177 if (ret == NULL) { 1178 ECerror(ERR_R_EC_LIB); 1179 goto err; 1180 } 1181 /* extract seed (optional) */ 1182 if (params->curve->seed != NULL) { 1183 free(ret->seed); 1184 if (!(ret->seed = malloc(params->curve->seed->length))) { 1185 ECerror(ERR_R_MALLOC_FAILURE); 1186 goto err; 1187 } 1188 memcpy(ret->seed, params->curve->seed->data, 1189 params->curve->seed->length); 1190 ret->seed_len = params->curve->seed->length; 1191 } 1192 if (!params->order || !params->base || !params->base->data) { 1193 ECerror(EC_R_ASN1_ERROR); 1194 goto err; 1195 } 1196 if ((point = EC_POINT_new(ret)) == NULL) 1197 goto err; 1198 1199 /* set the point conversion form */ 1200 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 1201 (params->base->data[0] & ~0x01)); 1202 1203 /* extract the ec point */ 1204 if (!EC_POINT_oct2point(ret, point, params->base->data, 1205 params->base->length, NULL)) { 1206 ECerror(ERR_R_EC_LIB); 1207 goto err; 1208 } 1209 /* extract the order */ 1210 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 1211 ECerror(ERR_R_ASN1_LIB); 1212 goto err; 1213 } 1214 if (BN_is_negative(a) || BN_is_zero(a)) { 1215 ECerror(EC_R_INVALID_GROUP_ORDER); 1216 goto err; 1217 } 1218 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ 1219 ECerror(EC_R_INVALID_GROUP_ORDER); 1220 goto err; 1221 } 1222 /* extract the cofactor (optional) */ 1223 if (params->cofactor == NULL) { 1224 BN_free(b); 1225 b = NULL; 1226 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 1227 ECerror(ERR_R_ASN1_LIB); 1228 goto err; 1229 } 1230 /* set the generator, order and cofactor (if present) */ 1231 if (!EC_GROUP_set_generator(ret, point, a, b)) { 1232 ECerror(ERR_R_EC_LIB); 1233 goto err; 1234 } 1235 ok = 1; 1236 1237 err: 1238 if (!ok) { 1239 EC_GROUP_clear_free(ret); 1240 ret = NULL; 1241 } 1242 BN_free(p); 1243 BN_free(a); 1244 BN_free(b); 1245 EC_POINT_free(point); 1246 return (ret); 1247 } 1248 1249 EC_GROUP * 1250 ec_asn1_pkparameters2group(const ECPKPARAMETERS * params) 1251 { 1252 EC_GROUP *ret = NULL; 1253 int tmp = 0; 1254 1255 if (params == NULL) { 1256 ECerror(EC_R_MISSING_PARAMETERS); 1257 return NULL; 1258 } 1259 if (params->type == 0) {/* the curve is given by an OID */ 1260 tmp = OBJ_obj2nid(params->value.named_curve); 1261 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 1262 ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 1263 return NULL; 1264 } 1265 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1266 } else if (params->type == 1) { /* the parameters are given by a 1267 * ECPARAMETERS structure */ 1268 ret = ec_asn1_parameters2group(params->value.parameters); 1269 if (!ret) { 1270 ECerror(ERR_R_EC_LIB); 1271 return NULL; 1272 } 1273 EC_GROUP_set_asn1_flag(ret, 0x0); 1274 } else if (params->type == 2) { /* implicitlyCA */ 1275 return NULL; 1276 } else { 1277 ECerror(EC_R_ASN1_ERROR); 1278 return NULL; 1279 } 1280 1281 return ret; 1282 } 1283 1284 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 1285 1286 EC_GROUP * 1287 d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) 1288 { 1289 EC_GROUP *group = NULL; 1290 ECPKPARAMETERS *params; 1291 1292 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { 1293 ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE); 1294 goto err; 1295 } 1296 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1297 ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE); 1298 goto err; 1299 } 1300 1301 if (a != NULL) { 1302 EC_GROUP_clear_free(*a); 1303 *a = group; 1304 } 1305 1306 err: 1307 ECPKPARAMETERS_free(params); 1308 return (group); 1309 } 1310 1311 int 1312 i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) 1313 { 1314 int ret = 0; 1315 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1316 if (tmp == NULL) { 1317 ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE); 1318 return 0; 1319 } 1320 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1321 ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE); 1322 ECPKPARAMETERS_free(tmp); 1323 return 0; 1324 } 1325 ECPKPARAMETERS_free(tmp); 1326 return (ret); 1327 } 1328 1329 /* some EC_KEY functions */ 1330 1331 EC_KEY * 1332 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) 1333 { 1334 EC_KEY *ret = NULL; 1335 EC_PRIVATEKEY *priv_key = NULL; 1336 1337 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { 1338 ECerror(ERR_R_EC_LIB); 1339 return NULL; 1340 } 1341 if (a == NULL || *a == NULL) { 1342 if ((ret = EC_KEY_new()) == NULL) { 1343 ECerror(ERR_R_MALLOC_FAILURE); 1344 goto err; 1345 } 1346 } else 1347 ret = *a; 1348 1349 if (priv_key->parameters) { 1350 EC_GROUP_clear_free(ret->group); 1351 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1352 } 1353 if (ret->group == NULL) { 1354 ECerror(ERR_R_EC_LIB); 1355 goto err; 1356 } 1357 ret->version = priv_key->version; 1358 1359 if (priv_key->privateKey) { 1360 ret->priv_key = BN_bin2bn( 1361 ASN1_STRING_data(priv_key->privateKey), 1362 ASN1_STRING_length(priv_key->privateKey), 1363 ret->priv_key); 1364 if (ret->priv_key == NULL) { 1365 ECerror(ERR_R_BN_LIB); 1366 goto err; 1367 } 1368 } else { 1369 ECerror(EC_R_MISSING_PRIVATE_KEY); 1370 goto err; 1371 } 1372 1373 if (ret->pub_key) 1374 EC_POINT_clear_free(ret->pub_key); 1375 ret->pub_key = EC_POINT_new(ret->group); 1376 if (ret->pub_key == NULL) { 1377 ECerror(ERR_R_EC_LIB); 1378 goto err; 1379 } 1380 1381 if (priv_key->publicKey) { 1382 const unsigned char *pub_oct; 1383 size_t pub_oct_len; 1384 1385 pub_oct = ASN1_STRING_data(priv_key->publicKey); 1386 pub_oct_len = ASN1_STRING_length(priv_key->publicKey); 1387 if (pub_oct == NULL || pub_oct_len <= 0) { 1388 ECerror(EC_R_BUFFER_TOO_SMALL); 1389 goto err; 1390 } 1391 1392 /* save the point conversion form */ 1393 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1394 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1395 pub_oct, pub_oct_len, NULL)) { 1396 ECerror(ERR_R_EC_LIB); 1397 goto err; 1398 } 1399 } else { 1400 if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, 1401 NULL, NULL, NULL)) { 1402 ECerror(ERR_R_EC_LIB); 1403 goto err; 1404 } 1405 /* Remember the original private-key-only encoding. */ 1406 ret->enc_flag |= EC_PKEY_NO_PUBKEY; 1407 } 1408 1409 EC_PRIVATEKEY_free(priv_key); 1410 if (a != NULL) 1411 *a = ret; 1412 return (ret); 1413 1414 err: 1415 if (a == NULL || *a != ret) 1416 EC_KEY_free(ret); 1417 if (priv_key) 1418 EC_PRIVATEKEY_free(priv_key); 1419 1420 return (NULL); 1421 } 1422 1423 int 1424 i2d_ECPrivateKey(EC_KEY * a, unsigned char **out) 1425 { 1426 int ret = 0, ok = 0; 1427 unsigned char *buffer = NULL; 1428 size_t buf_len = 0, tmp_len; 1429 EC_PRIVATEKEY *priv_key = NULL; 1430 1431 if (a == NULL || a->group == NULL || a->priv_key == NULL || 1432 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { 1433 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1434 goto err; 1435 } 1436 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1437 ECerror(ERR_R_MALLOC_FAILURE); 1438 goto err; 1439 } 1440 priv_key->version = a->version; 1441 1442 buf_len = (size_t) BN_num_bytes(a->priv_key); 1443 buffer = malloc(buf_len); 1444 if (buffer == NULL) { 1445 ECerror(ERR_R_MALLOC_FAILURE); 1446 goto err; 1447 } 1448 if (!BN_bn2bin(a->priv_key, buffer)) { 1449 ECerror(ERR_R_BN_LIB); 1450 goto err; 1451 } 1452 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1453 ECerror(ERR_R_ASN1_LIB); 1454 goto err; 1455 } 1456 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1457 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1458 a->group, priv_key->parameters)) == NULL) { 1459 ECerror(ERR_R_EC_LIB); 1460 goto err; 1461 } 1462 } 1463 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { 1464 priv_key->publicKey = ASN1_BIT_STRING_new(); 1465 if (priv_key->publicKey == NULL) { 1466 ECerror(ERR_R_MALLOC_FAILURE); 1467 goto err; 1468 } 1469 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1470 a->conv_form, NULL, 0, NULL); 1471 1472 if (tmp_len > buf_len) { 1473 unsigned char *tmp_buffer = realloc(buffer, tmp_len); 1474 if (!tmp_buffer) { 1475 ECerror(ERR_R_MALLOC_FAILURE); 1476 goto err; 1477 } 1478 buffer = tmp_buffer; 1479 buf_len = tmp_len; 1480 } 1481 if (!EC_POINT_point2oct(a->group, a->pub_key, 1482 a->conv_form, buffer, buf_len, NULL)) { 1483 ECerror(ERR_R_EC_LIB); 1484 goto err; 1485 } 1486 if (!ASN1_STRING_set(priv_key->publicKey, buffer, buf_len)) { 1487 ECerror(ERR_R_ASN1_LIB); 1488 goto err; 1489 } 1490 if (!asn1_abs_set_unused_bits(priv_key->publicKey, 0)) { 1491 ECerror(ERR_R_ASN1_LIB); 1492 goto err; 1493 } 1494 } 1495 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1496 ECerror(ERR_R_EC_LIB); 1497 goto err; 1498 } 1499 ok = 1; 1500 err: 1501 free(buffer); 1502 if (priv_key) 1503 EC_PRIVATEKEY_free(priv_key); 1504 return (ok ? ret : 0); 1505 } 1506 1507 int 1508 i2d_ECParameters(EC_KEY * a, unsigned char **out) 1509 { 1510 if (a == NULL) { 1511 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1512 return 0; 1513 } 1514 return i2d_ECPKParameters(a->group, out); 1515 } 1516 1517 EC_KEY * 1518 d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) 1519 { 1520 EC_KEY *ret; 1521 1522 if (in == NULL || *in == NULL) { 1523 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1524 return NULL; 1525 } 1526 if (a == NULL || *a == NULL) { 1527 if ((ret = EC_KEY_new()) == NULL) { 1528 ECerror(ERR_R_MALLOC_FAILURE); 1529 return NULL; 1530 } 1531 } else 1532 ret = *a; 1533 1534 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1535 ECerror(ERR_R_EC_LIB); 1536 if (a == NULL || *a != ret) 1537 EC_KEY_free(ret); 1538 return NULL; 1539 } 1540 1541 if (a != NULL) 1542 *a = ret; 1543 return ret; 1544 } 1545 1546 EC_KEY * 1547 o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len) 1548 { 1549 EC_KEY *ret = NULL; 1550 1551 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1552 /* An EC_GROUP structure is necessary to set the public key. */ 1553 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1554 return 0; 1555 } 1556 ret = *a; 1557 if (ret->pub_key == NULL && 1558 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1559 ECerror(ERR_R_MALLOC_FAILURE); 1560 return 0; 1561 } 1562 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1563 ECerror(ERR_R_EC_LIB); 1564 return 0; 1565 } 1566 /* save the point conversion form */ 1567 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); 1568 *in += len; 1569 return ret; 1570 } 1571 1572 int 1573 i2o_ECPublicKey(const EC_KEY * a, unsigned char **out) 1574 { 1575 size_t buf_len = 0; 1576 int new_buffer = 0; 1577 1578 if (a == NULL) { 1579 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1580 return 0; 1581 } 1582 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1583 a->conv_form, NULL, 0, NULL); 1584 1585 if (out == NULL || buf_len == 0) 1586 /* out == NULL => just return the length of the octet string */ 1587 return buf_len; 1588 1589 if (*out == NULL) { 1590 if ((*out = malloc(buf_len)) == NULL) { 1591 ECerror(ERR_R_MALLOC_FAILURE); 1592 return 0; 1593 } 1594 new_buffer = 1; 1595 } 1596 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1597 *out, buf_len, NULL)) { 1598 ECerror(ERR_R_EC_LIB); 1599 if (new_buffer) { 1600 free(*out); 1601 *out = NULL; 1602 } 1603 return 0; 1604 } 1605 if (!new_buffer) 1606 *out += buf_len; 1607 return buf_len; 1608 } 1609