1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #ifdef HITLS_CRYPTO_ECC
18
19 #include "securec.h"
20 #include "bsl_sal.h"
21 #include "bsl_err_internal.h"
22 #include "crypt_utils.h"
23 #include "crypt_errno.h"
24 #include "ecc_local.h"
25 #include "crypt_types.h"
26 #include "crypt_params_key.h"
27 #include "crypt_ecc_pkey.h"
28
29 typedef struct {
30 const uint8_t *data;
31 uint32_t dataLen;
32 } ECC_ReadData;
33
34 typedef struct {
35 ECC_ReadData p;
36 ECC_ReadData a;
37 ECC_ReadData b;
38 ECC_ReadData n;
39 ECC_ReadData h;
40 ECC_ReadData x;
41 ECC_ReadData y;
42 } CURVE_Para;
43
44 #if defined(HITLS_CRYPTO_CURVE_NISTP224) || defined(HITLS_CRYPTO_CURVE_NISTP256) || \
45 defined(HITLS_CRYPTO_CURVE_NISTP384) || defined(HITLS_CRYPTO_CURVE_NISTP521) || \
46 defined(HITLS_CRYPTO_CURVE_SM2)
47 static const uint8_t NIST_P_H[] = {
48 0x01
49 };
50 #endif
51
52 #ifdef HITLS_CRYPTO_CURVE_NISTP224
53 static const uint8_t NIST_P224_P[] = {
54 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
55 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
56 };
57
58 static const uint8_t NIST_P224_A[] = {
59 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
60 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe
61 };
62
63 static const uint8_t NIST_P224_B[] = {
64 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7,
65 0xd7, 0xbf, 0xd8, 0xba, 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4
66 };
67
68 static const uint8_t NIST_P224_X[] = {
69 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13, 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3,
70 0x56, 0xc2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21
71 };
72
73 static const uint8_t NIST_P224_Y[] = {
74 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0,
75 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34
76 };
77
78 static const uint8_t NIST_P224_N[] = {
79 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2,
80 0xe0, 0xb8, 0xf0, 0x3e, 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d
81 };
82 #endif
83
84 #ifdef HITLS_CRYPTO_CURVE_NISTP256
85 static const uint8_t NIST_P256_P[] = {
86 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
88 };
89
90 static const uint8_t NIST_P256_A[] = {
91 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
92 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc
93 };
94
95 static const uint8_t NIST_P256_B[] = {
96 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
97 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
98 };
99
100 static const uint8_t NIST_P256_X[] = {
101 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
102 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96
103 };
104
105 static const uint8_t NIST_P256_Y[] = {
106 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
107 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
108 };
109
110 static const uint8_t NIST_P256_N[] = {
111 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
112 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
113 };
114 #endif
115
116 #ifdef HITLS_CRYPTO_CURVE_NISTP384
117 static const uint8_t NIST_P384_P[] = {
118 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
119 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
120 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff
121 };
122
123 static const uint8_t NIST_P384_A[] = {
124 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
125 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
126 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xfc
127 };
128
129 static const uint8_t NIST_P384_B[] = {
130 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4, 0x98, 0x8e, 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19,
131 0x18, 0x1d, 0x9c, 0x6e, 0xfe, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13, 0x87, 0x5a,
132 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d, 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef
133 };
134
135 static const uint8_t NIST_P384_X[] = {
136 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
137 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98, 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
138 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c, 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
139 };
140
141 static const uint8_t NIST_P384_Y[] = {
142 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
143 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
144 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
145 };
146
147 static const uint8_t NIST_P384_N[] = {
148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
149 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37, 0x2d, 0xdf,
150 0x58, 0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a, 0xec, 0xec, 0x19, 0x6a, 0xcc, 0xc5, 0x29, 0x73
151 };
152 #endif
153
154 #ifdef HITLS_CRYPTO_CURVE_NISTP521
155 static const uint8_t NIST_P521_P[] = {
156 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
157 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
158 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
159 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
160 0xff, 0xff
161 };
162
163 static const uint8_t NIST_P521_A[] = {
164 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
165 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
166 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
167 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
168 0xff, 0xfc
169 };
170
171 static const uint8_t NIST_P521_B[] = {
172 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
173 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
174 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
175 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
176 0x3f, 0x00
177 };
178
179 static const uint8_t NIST_P521_X[] = {
180 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
181 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
182 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
183 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
184 0xbd, 0x66
185 };
186
187 static const uint8_t NIST_P521_Y[] = {
188 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
189 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
190 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
191 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
192 0x66, 0x50
193 };
194
195 static const uint8_t NIST_P521_N[] = {
196 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
197 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
198 0xff, 0xfa, 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, 0xf7, 0x09,
199 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38,
200 0x64, 0x09
201 };
202 #endif
203
204 #if defined(HITLS_CRYPTO_CURVE_BP256R1) || defined(HITLS_CRYPTO_CURVE_BP384R1) || defined(HITLS_CRYPTO_CURVE_BP512R1)
205 static const uint8_t BRAINPOOL_P_H[] = {
206 0x01
207 };
208 #endif
209
210 #ifdef HITLS_CRYPTO_CURVE_BP256R1
211 static const uint8_t BRAINPOOL_P256R1_P[] = {
212 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72,
213 0x6e, 0x3b, 0xf6, 0x23, 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e, 0x53, 0x77
214 };
215
216 static const uint8_t BRAINPOOL_P256R1_A[] = {
217 0x7d, 0x5a, 0x09, 0x75, 0xfc, 0x2c, 0x30, 0x57, 0xee, 0xf6, 0x75, 0x30, 0x41, 0x7a, 0xff, 0xe7,
218 0xfb, 0x80, 0x55, 0xc1, 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30, 0xb5, 0xd9
219 };
220
221 static const uint8_t BRAINPOOL_P256R1_B[] = {
222 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30, 0xb5, 0xd9, 0xbb, 0xd7, 0x7c, 0xbf,
223 0x95, 0x84, 0x16, 0x29, 0x5c, 0xf7, 0xe1, 0xce, 0x6b, 0xcc, 0xdc, 0x18, 0xff, 0x8c, 0x07, 0xb6
224 };
225
226 static const uint8_t BRAINPOOL_P256R1_X[] = {
227 0x8b, 0xd2, 0xae, 0xb9, 0xcb, 0x7e, 0x57, 0xcb, 0x2c, 0x4b, 0x48, 0x2f, 0xfc, 0x81, 0xb7, 0xaf,
228 0xb9, 0xde, 0x27, 0xe1, 0xe3, 0xbd, 0x23, 0xc2, 0x3a, 0x44, 0x53, 0xbd, 0x9a, 0xce, 0x32, 0x62
229 };
230
231 static const uint8_t BRAINPOOL_P256R1_Y[] = {
232 0x54, 0x7e, 0xf8, 0x35, 0xc3, 0xda, 0xc4, 0xfd, 0x97, 0xf8, 0x46, 0x1a, 0x14, 0x61, 0x1d, 0xc9,
233 0xc2, 0x77, 0x45, 0x13, 0x2d, 0xed, 0x8e, 0x54, 0x5c, 0x1d, 0x54, 0xc7, 0x2f, 0x04, 0x69, 0x97
234 };
235
236 static const uint8_t BRAINPOOL_P256R1_N[] = {
237 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71,
238 0x8c, 0x39, 0x7a, 0xa3, 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48, 0x56, 0xa7
239 };
240 #endif
241
242 #ifdef HITLS_CRYPTO_CURVE_BP384R1
243 static const uint8_t BRAINPOOL_P384R1_P[] = {
244 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf,
245 0x15, 0x2f, 0x71, 0x09, 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7, 0x11, 0x23,
246 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53
247 };
248
249 static const uint8_t BRAINPOOL_P384R1_A[] = {
250 0x7b, 0xc3, 0x82, 0xc6, 0x3d, 0x8c, 0x15, 0x0c, 0x3c, 0x72, 0x08, 0x0a, 0xce, 0x05, 0xaf, 0xa0,
251 0xc2, 0xbe, 0xa2, 0x8e, 0x4f, 0xb2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xef, 0xba, 0x91, 0xf9, 0x0f,
252 0x8a, 0xa5, 0x81, 0x4a, 0x50, 0x3a, 0xd4, 0xeb, 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26
253 };
254
255 static const uint8_t BRAINPOOL_P384R1_B[] = {
256 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 0x8b, 0x39, 0xb5, 0x54, 0x16, 0xf0, 0x44, 0x7c,
257 0x2f, 0xb7, 0x7d, 0xe1, 0x07, 0xdc, 0xd2, 0xa6, 0x2e, 0x88, 0x0e, 0xa5, 0x3e, 0xeb, 0x62, 0xd5,
258 0x7c, 0xb4, 0x39, 0x02, 0x95, 0xdb, 0xc9, 0x94, 0x3a, 0xb7, 0x86, 0x96, 0xfa, 0x50, 0x4c, 0x11
259 };
260
261 static const uint8_t BRAINPOOL_P384R1_X[] = {
262 0x1d, 0x1c, 0x64, 0xf0, 0x68, 0xcf, 0x45, 0xff, 0xa2, 0xa6, 0x3a, 0x81, 0xb7, 0xc1, 0x3f, 0x6b,
263 0x88, 0x47, 0xa3, 0xe7, 0x7e, 0xf1, 0x4f, 0xe3, 0xdb, 0x7f, 0xca, 0xfe, 0x0c, 0xbd, 0x10, 0xe8,
264 0xe8, 0x26, 0xe0, 0x34, 0x36, 0xd6, 0x46, 0xaa, 0xef, 0x87, 0xb2, 0xe2, 0x47, 0xd4, 0xaf, 0x1e
265 };
266
267 static const uint8_t BRAINPOOL_P384R1_Y[] = {
268 0x8a, 0xbe, 0x1d, 0x75, 0x20, 0xf9, 0xc2, 0xa4, 0x5c, 0xb1, 0xeb, 0x8e, 0x95, 0xcf, 0xd5, 0x52,
269 0x62, 0xb7, 0x0b, 0x29, 0xfe, 0xec, 0x58, 0x64, 0xe1, 0x9c, 0x05, 0x4f, 0xf9, 0x91, 0x29, 0x28,
270 0x0e, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3c, 0x53, 0x15
271 };
272
273 static const uint8_t BRAINPOOL_P384R1_N[] = {
274 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf,
275 0x15, 0x2f, 0x71, 0x09, 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04, 0x25, 0xa7,
276 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10, 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65
277 };
278 #endif
279
280 #ifdef HITLS_CRYPTO_CURVE_BP512R1
281 static const uint8_t BRAINPOOL_P512R1_P[] = {
282 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07,
283 0xcb, 0x30, 0x8d, 0xb3, 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 0x08, 0x71,
284 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42, 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6,
285 0x28, 0x81, 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56, 0x58, 0x3a, 0x48, 0xf3
286 };
287
288 static const uint8_t BRAINPOOL_P512R1_A[] = {
289 0x78, 0x30, 0xa3, 0x31, 0x8b, 0x60, 0x3b, 0x89, 0xe2, 0x32, 0x71, 0x45, 0xac, 0x23, 0x4c, 0xc5,
290 0x94, 0xcb, 0xdd, 0x8d, 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98, 0x63, 0xbc,
291 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1, 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5,
292 0x7f, 0x11, 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d, 0x77, 0xfc, 0x94, 0xca
293 };
294
295 static const uint8_t BRAINPOOL_P512R1_B[] = {
296 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98, 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a,
297 0xa8, 0x25, 0x3a, 0xa1, 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11, 0x17, 0xa7,
298 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d, 0x77, 0xfc, 0x94, 0xca, 0xdc, 0x08, 0x3e, 0x67,
299 0x98, 0x40, 0x50, 0xb7, 0x5e, 0xba, 0xe5, 0xdd, 0x28, 0x09, 0xbd, 0x63, 0x80, 0x16, 0xf7, 0x23
300 };
301
302 static const uint8_t BRAINPOOL_P512R1_X[] = {
303 0x81, 0xae, 0xe4, 0xbd, 0xd8, 0x2e, 0xd9, 0x64, 0x5a, 0x21, 0x32, 0x2e, 0x9c, 0x4c, 0x6a, 0x93,
304 0x85, 0xed, 0x9f, 0x70, 0xb5, 0xd9, 0x16, 0xc1, 0xb4, 0x3b, 0x62, 0xee, 0xf4, 0xd0, 0x09, 0x8e,
305 0xff, 0x3b, 0x1f, 0x78, 0xe2, 0xd0, 0xd4, 0x8d, 0x50, 0xd1, 0x68, 0x7b, 0x93, 0xb9, 0x7d, 0x5f,
306 0x7c, 0x6d, 0x50, 0x47, 0x40, 0x6a, 0x5e, 0x68, 0x8b, 0x35, 0x22, 0x09, 0xbc, 0xb9, 0xf8, 0x22
307 };
308
309 static const uint8_t BRAINPOOL_P512R1_Y[] = {
310 0x7d, 0xde, 0x38, 0x5d, 0x56, 0x63, 0x32, 0xec, 0xc0, 0xea, 0xbf, 0xa9, 0xcf, 0x78, 0x22, 0xfd,
311 0xf2, 0x09, 0xf7, 0x00, 0x24, 0xa5, 0x7b, 0x1a, 0xa0, 0x00, 0xc5, 0x5b, 0x88, 0x1f, 0x81, 0x11,
312 0xb2, 0xdc, 0xde, 0x49, 0x4a, 0x5f, 0x48, 0x5e, 0x5b, 0xca, 0x4b, 0xd8, 0x8a, 0x27, 0x63, 0xae,
313 0xd1, 0xca, 0x2b, 0x2f, 0xa8, 0xf0, 0x54, 0x06, 0x78, 0xcd, 0x1e, 0x0f, 0x3a, 0xd8, 0x08, 0x92
314 };
315
316 static const uint8_t BRAINPOOL_P512R1_N[] = {
317 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07,
318 0xcb, 0x30, 0x8d, 0xb3, 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 0x08, 0x70,
319 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47,
320 0x1d, 0xb1, 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82, 0x9c, 0xa9, 0x00, 0x69
321 };
322 #endif
323
324 #ifdef HITLS_CRYPTO_CURVE_SM2
325 static const uint8_t NIST_SM2_P[] = {
326 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
327 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
328 };
329
330 static const uint8_t NIST_SM2_A[] = {
331 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
332 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc
333 };
334
335 static const uint8_t NIST_SM2_B[] = {
336 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, 0xcf, 0x65, 0x09, 0xa7,
337 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93
338 };
339
340 static const uint8_t NIST_SM2_X[] = {
341 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, 0x6a, 0x39, 0xc9, 0x94,
342 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7
343 };
344
345 static const uint8_t NIST_SM2_Y[] = {
346 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, 0x6b, 0x69, 0x21, 0x53,
347 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0
348 };
349
350 static const uint8_t NIST_SM2_N[] = {
351 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
352 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
353 };
354 #endif
355
356 #if defined(HITLS_CRYPTO_CURVE_NISTP224) || defined(HITLS_CRYPTO_CURVE_NISTP256) || \
357 defined(HITLS_CRYPTO_CURVE_NISTP384) || defined(HITLS_CRYPTO_CURVE_NISTP521) || \
358 defined(HITLS_CRYPTO_CURVE_SM2)
359 #define CRYPT_CURVE_PARA_DECLARE(name) \
360 static const CURVE_Para paraNist##name = { \
361 .p.data = NIST_##name##_P, \
362 .p.dataLen = sizeof(NIST_##name##_P), \
363 .a.data = NIST_##name##_A, \
364 .a.dataLen = sizeof(NIST_##name##_A), \
365 .b.data = NIST_##name##_B, \
366 .b.dataLen = sizeof(NIST_##name##_B), \
367 .n.data = NIST_##name##_N, \
368 .n.dataLen = sizeof(NIST_##name##_N), \
369 .h.data = NIST_P_H, \
370 .h.dataLen = sizeof(NIST_P_H), \
371 .x.data = NIST_##name##_X, \
372 .x.dataLen = sizeof(NIST_##name##_X), \
373 .y.data = NIST_##name##_Y, \
374 .y.dataLen = sizeof(NIST_##name##_Y) \
375 }
376 #endif
377
378 #if defined(HITLS_CRYPTO_CURVE_BP256R1) || defined(HITLS_CRYPTO_CURVE_BP384R1) || defined(HITLS_CRYPTO_CURVE_BP512R1)
379 #define CRYPT_CURVE_BRAINPOOL_PARA_DECLARE(name) \
380 static const CURVE_Para paraBrainpool##name = { \
381 .p.data = BRAINPOOL_##name##_P, \
382 .p.dataLen = sizeof(BRAINPOOL_##name##_P), \
383 .a.data = BRAINPOOL_##name##_A, \
384 .a.dataLen = sizeof(BRAINPOOL_##name##_A), \
385 .b.data = BRAINPOOL_##name##_B, \
386 .b.dataLen = sizeof(BRAINPOOL_##name##_B), \
387 .n.data = BRAINPOOL_##name##_N, \
388 .n.dataLen = sizeof(BRAINPOOL_##name##_N), \
389 .h.data = BRAINPOOL_P_H, \
390 .h.dataLen = sizeof(BRAINPOOL_P_H), \
391 .x.data = BRAINPOOL_##name##_X, \
392 .x.dataLen = sizeof(BRAINPOOL_##name##_X), \
393 .y.data = BRAINPOOL_##name##_Y, \
394 .y.dataLen = sizeof(BRAINPOOL_##name##_Y) \
395 }
396 #endif
397
398 #ifdef HITLS_CRYPTO_CURVE_NISTP224
399 CRYPT_CURVE_PARA_DECLARE(P224);
400 #endif
401 #ifdef HITLS_CRYPTO_CURVE_NISTP256
402 CRYPT_CURVE_PARA_DECLARE(P256);
403 #endif
404 #ifdef HITLS_CRYPTO_CURVE_NISTP384
405 CRYPT_CURVE_PARA_DECLARE(P384);
406 #endif
407 #ifdef HITLS_CRYPTO_CURVE_NISTP521
408 CRYPT_CURVE_PARA_DECLARE(P521);
409 #endif
410
411 #ifdef HITLS_CRYPTO_CURVE_BP256R1
412 CRYPT_CURVE_BRAINPOOL_PARA_DECLARE(P256R1);
413 #endif
414 #ifdef HITLS_CRYPTO_CURVE_BP384R1
415 CRYPT_CURVE_BRAINPOOL_PARA_DECLARE(P384R1);
416 #endif
417 #ifdef HITLS_CRYPTO_CURVE_BP512R1
418 CRYPT_CURVE_BRAINPOOL_PARA_DECLARE(P512R1);
419 #endif
420 #ifdef HITLS_CRYPTO_CURVE_SM2
421 CRYPT_CURVE_PARA_DECLARE(SM2);
422 #endif
423
424 typedef struct {
425 uint32_t id;
426 const CURVE_Para *curvePara;
427 } CURVE_ParaMap;
428
429 static const CURVE_ParaMap CURVE_PARAS[] = {
430 #ifdef HITLS_CRYPTO_CURVE_NISTP224
431 { CRYPT_ECC_NISTP224, ¶NistP224 },
432 #endif
433 #ifdef HITLS_CRYPTO_CURVE_NISTP256
434 { CRYPT_ECC_NISTP256, ¶NistP256 },
435 #endif
436 #ifdef HITLS_CRYPTO_CURVE_NISTP384
437 { CRYPT_ECC_NISTP384, ¶NistP384 },
438 #endif
439 #ifdef HITLS_CRYPTO_CURVE_NISTP521
440 { CRYPT_ECC_NISTP521, ¶NistP521 },
441 #endif
442 #ifdef HITLS_CRYPTO_CURVE_BP256R1
443 { CRYPT_ECC_BRAINPOOLP256R1, ¶BrainpoolP256R1 },
444 #endif
445 #ifdef HITLS_CRYPTO_CURVE_BP384R1
446 { CRYPT_ECC_BRAINPOOLP384R1, ¶BrainpoolP384R1 },
447 #endif
448 #ifdef HITLS_CRYPTO_CURVE_BP512R1
449 { CRYPT_ECC_BRAINPOOLP512R1, ¶BrainpoolP512R1 },
450 #endif
451 #ifdef HITLS_CRYPTO_CURVE_SM2
452 { CRYPT_ECC_SM2, ¶NistSM2 },
453 #endif
454 };
455
GetCurvePara(CRYPT_PKEY_ParaId id)456 static const CURVE_Para *GetCurvePara(CRYPT_PKEY_ParaId id)
457 {
458 for (uint32_t i = 0; i < sizeof(CURVE_PARAS) / sizeof(CURVE_PARAS[0]); i++) {
459 if (CURVE_PARAS[i].id == id) {
460 return CURVE_PARAS[i].curvePara;
461 }
462 }
463 BSL_ERR_PUSH_ERROR(CRYPT_ECDH_ERR_UNSUPPORT_CURVE_TYPE);
464 return NULL;
465 }
466
InitMontPara(ECC_Para * para)467 static int32_t InitMontPara(ECC_Para *para)
468 {
469 if (para->method->bnMontEnc == NULL) {
470 return CRYPT_SUCCESS;
471 }
472 BN_Optimizer *opt = BN_OptimizerCreate();
473 para->montP = BN_MontCreate(para->p);
474 if (para->montP == NULL || opt == NULL) {
475 BN_OptimizerDestroy(opt); // The montP is freed by the caller.
476 return CRYPT_MEM_ALLOC_FAIL;
477 }
478 int32_t ret;
479 GOTO_ERR_IF(para->method->bnMontEnc(para->a, para->montP, opt, false), ret);
480 GOTO_ERR_IF(para->method->bnMontEnc(para->b, para->montP, opt, false), ret);
481 ERR:
482 BN_OptimizerDestroy(opt);
483 return ret;
484 }
485
ECC_NewPara(CRYPT_PKEY_ParaId id)486 ECC_Para *ECC_NewPara(CRYPT_PKEY_ParaId id)
487 {
488 const CURVE_Para *curve = GetCurvePara(id);
489 if (curve == NULL) {
490 return NULL;
491 }
492 const ECC_Method *method = ECC_FindMethod(id);
493 if (method == NULL) {
494 BSL_ERR_PUSH_ERROR(CRYPT_ECC_NOT_SUPPORT);
495 return NULL;
496 }
497 ECC_Para *para = BSL_SAL_Malloc(sizeof(ECC_Para));
498 if (para == NULL) {
499 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
500 return NULL;
501 }
502 (void)memset_s(para, sizeof(ECC_Para), 0, sizeof(ECC_Para));
503 para->method = method;
504 uint32_t bits = curve->p.dataLen * 8; // bits = bytes * 8
505 para->id = id;
506 para->p = BN_Create(bits);
507 para->a = BN_Create(bits);
508 para->b = BN_Create(bits);
509 para->n = BN_Create(bits);
510 para->h = BN_Create(1); // The cofactor is usually 1.
511 para->x = BN_Create(bits);
512 para->y = BN_Create(bits);
513
514 if (para->p == NULL || para->a == NULL || para->b == NULL || para->n == NULL ||
515 para->h == NULL || para->x == NULL || para->y == NULL) {
516 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
517 goto ERR;
518 }
519
520 int32_t ret;
521 GOTO_ERR_IF(BN_Bin2Bn(para->p, curve->p.data, curve->p.dataLen), ret);
522 GOTO_ERR_IF(BN_Bin2Bn(para->a, curve->a.data, curve->a.dataLen), ret);
523 GOTO_ERR_IF(BN_Bin2Bn(para->b, curve->b.data, curve->b.dataLen), ret);
524 GOTO_ERR_IF(BN_Bin2Bn(para->n, curve->n.data, curve->n.dataLen), ret);
525 GOTO_ERR_IF(BN_Bin2Bn(para->h, curve->h.data, curve->h.dataLen), ret);
526 GOTO_ERR_IF(BN_Bin2Bn(para->x, curve->x.data, curve->x.dataLen), ret);
527 GOTO_ERR_IF(BN_Bin2Bn(para->y, curve->y.data, curve->y.dataLen), ret);
528 GOTO_ERR_IF(InitMontPara(para), ret);
529 return para;
530 ERR:
531 ECC_FreePara(para);
532 return NULL;
533 }
534
535 static const uint32_t CURVE_ID_LIST[] = {
536 CRYPT_ECC_NISTP224,
537 CRYPT_ECC_NISTP256,
538 CRYPT_ECC_NISTP384,
539 CRYPT_ECC_NISTP521,
540 CRYPT_ECC_BRAINPOOLP256R1,
541 CRYPT_ECC_BRAINPOOLP384R1,
542 CRYPT_ECC_BRAINPOOLP512R1,
543 CRYPT_ECC_SM2,
544 };
545
ECC_GetCurveId(const BSL_Param * eccPara)546 CRYPT_PKEY_ParaId ECC_GetCurveId(const BSL_Param *eccPara)
547 {
548 int32_t ret;
549 BN_BigNum *a = BN_Create(ECC_MAX_BIT_LEN);
550 BN_BigNum *b = BN_Create(ECC_MAX_BIT_LEN);
551 const BSL_Param *temp = NULL;
552
553 for (uint32_t i = 0; i < sizeof(CURVE_ID_LIST) / sizeof(CURVE_ID_LIST[0]); i++) {
554 const CURVE_Para *curve = GetCurvePara(CURVE_ID_LIST[i]);
555 if (curve == NULL) {
556 continue;
557 }
558 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_P);
559 if (temp == NULL) {
560 goto ERR;
561 }
562 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
563 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->p.data, curve->p.dataLen), ret);
564 if (BN_Cmp(a, b) != 0) {
565 continue;
566 }
567 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_A);
568 if (temp == NULL) {
569 goto ERR;
570 }
571 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
572 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->a.data, curve->a.dataLen), ret);
573 BREAK_IF(BN_Cmp(a, b) != 0);
574
575 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_B);
576 if (temp == NULL) {
577 goto ERR;
578 }
579 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
580 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->b.data, curve->b.dataLen), ret);
581 BREAK_IF(BN_Cmp(a, b) != 0);
582
583 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_H);
584 if (temp == NULL) {
585 goto ERR;
586 }
587 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
588 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->h.data, curve->h.dataLen), ret);
589 BREAK_IF(BN_Cmp(a, b) != 0);
590
591 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_N);
592 if (temp == NULL) {
593 goto ERR;
594 }
595 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
596 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->n.data, curve->n.dataLen), ret);
597 BREAK_IF(BN_Cmp(a, b) != 0);
598
599 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_X);
600 if (temp == NULL) {
601 goto ERR;
602 }
603 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
604 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->x.data, curve->x.dataLen), ret);
605 BREAK_IF(BN_Cmp(a, b) != 0);
606
607 temp = BSL_PARAM_FindConstParam(eccPara, CRYPT_PARAM_EC_Y);
608 if (temp == NULL) {
609 goto ERR;
610 }
611 GOTO_ERR_IF_EX(BN_Bin2Bn(a, temp->value, temp->valueLen), ret);
612 GOTO_ERR_IF_EX(BN_Bin2Bn(b, curve->y.data, curve->y.dataLen), ret);
613 BREAK_IF(BN_Cmp(a, b) != 0);
614
615 BN_Destroy(a);
616 BN_Destroy(b);
617 return CURVE_ID_LIST[i];
618 }
619 ERR:
620 BN_Destroy(a);
621 BN_Destroy(b);
622 return CRYPT_PKEY_PARAID_MAX;
623 }
624
GetEccParam(const BN_BigNum * x,BSL_Param * param,int32_t key)625 static int32_t GetEccParam(const BN_BigNum *x, BSL_Param *param, int32_t key)
626 {
627 BSL_Param *temp = BSL_PARAM_FindParam(param, key);
628 if (temp == NULL) {
629 BSL_ERR_PUSH_ERROR(CRYPT_DSA_PARA_ERROR);
630 return CRYPT_DSA_PARA_ERROR;
631 }
632
633 temp->useLen = temp->valueLen;
634 int32_t ret = BN_Bn2Bin(x, temp->value, &temp->useLen);
635 if (ret != CRYPT_SUCCESS) {
636 BSL_ERR_PUSH_ERROR(ret);
637 }
638 return ret;
639 }
640
ECC_GetPara(const ECC_Pkey * pkey,BSL_Param * eccPara)641 int32_t ECC_GetPara(const ECC_Pkey *pkey, BSL_Param *eccPara)
642 {
643 if (pkey == NULL || eccPara == NULL) {
644 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
645 return CRYPT_NULL_INPUT;
646 }
647 if (pkey->para == NULL) {
648 BSL_ERR_PUSH_ERROR(CRYPT_ECC_PKEY_ERR_EMPTY_KEY);
649 return CRYPT_ECC_PKEY_ERR_EMPTY_KEY;
650 }
651 int32_t ret = GetEccParam(pkey->para->p, eccPara, CRYPT_PARAM_EC_P);
652 if (ret != CRYPT_SUCCESS) {
653 BSL_ERR_PUSH_ERROR(ret);
654 return ret;
655 }
656 BN_BigNum *paraA = BN_Dup(pkey->para->a);
657 BN_BigNum *paraB = BN_Dup(pkey->para->b);
658 if (paraA == NULL || paraB == NULL) {
659 ret = CRYPT_MEM_ALLOC_FAIL;
660 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
661 goto ERR;
662 }
663 if (pkey->para->method->bnMontDec != NULL) {
664 pkey->para->method->bnMontDec(paraA, pkey->para->montP);
665 pkey->para->method->bnMontDec(paraB, pkey->para->montP);
666 }
667 ret = GetEccParam(paraA, eccPara, CRYPT_PARAM_EC_A);
668 if (ret != CRYPT_SUCCESS) {
669 goto ERR;
670 }
671 ret = GetEccParam(paraB, eccPara, CRYPT_PARAM_EC_B);
672 if (ret != CRYPT_SUCCESS) {
673 goto ERR;
674 }
675 ret = GetEccParam(pkey->para->n, eccPara, CRYPT_PARAM_EC_N);
676 if (ret != CRYPT_SUCCESS) {
677 goto ERR;
678 }
679 ret = GetEccParam(pkey->para->h, eccPara, CRYPT_PARAM_EC_H);
680 if (ret != CRYPT_SUCCESS) {
681 goto ERR;
682 }
683 ret = GetEccParam(pkey->para->x, eccPara, CRYPT_PARAM_EC_X);
684 if (ret != CRYPT_SUCCESS) {
685 goto ERR;
686 }
687 ret = GetEccParam(pkey->para->y, eccPara, CRYPT_PARAM_EC_Y);
688 ERR:
689 BN_Destroy(paraA);
690 BN_Destroy(paraB);
691 return ret;
692 }
693
ECC_FreePara(ECC_Para * para)694 void ECC_FreePara(ECC_Para *para)
695 {
696 if (para == NULL) {
697 return;
698 }
699 BN_Destroy(para->p);
700 BN_Destroy(para->a);
701 BN_Destroy(para->b);
702 BN_Destroy(para->n);
703 BN_Destroy(para->h);
704 BN_Destroy(para->x);
705 BN_Destroy(para->y);
706 uint32_t i;
707 for (i = 0; i < sizeof(para->tableG) / sizeof(ECC_Point *); i++) {
708 // clear pre-computation table
709 ECC_FreePoint(para->tableG[i]);
710 }
711 BN_MontDestroy(para->montP);
712 BSL_SAL_Free(para);
713 }
714
715
ECC_GetParaId(const ECC_Para * para)716 CRYPT_PKEY_ParaId ECC_GetParaId(const ECC_Para *para)
717 {
718 if (para == NULL) {
719 return CRYPT_PKEY_PARAID_MAX;
720 }
721 return para->id;
722 }
723
ECC_SetPara(ECC_Pkey * ctx,ECC_Para * para)724 int32_t ECC_SetPara(ECC_Pkey *ctx, ECC_Para *para)
725 {
726 if (ctx == NULL || para == NULL) {
727 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
728 return CRYPT_NULL_INPUT;
729 }
730
731 // Refresh the public and private keys.
732 BN_Destroy(ctx->prvkey);
733 ctx->prvkey = NULL;
734 ECC_FreePoint(ctx->pubkey);
735 ctx->pubkey = NULL;
736
737 ECC_FreePara(ctx->para);
738 ctx->para = para;
739 ECC_SetLibCtx(ctx->libCtx, ctx->para);
740
741 return CRYPT_SUCCESS;
742 }
743
744 #endif /* HITLS_CRYPTO_ECC */
745