1 /* crypto/ec/ec_asn1.c */
2 /*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <string.h>
60 #include "ec_lcl.h"
61 #include <openssl/err.h>
62 #include <openssl/asn1t.h>
63 #include <openssl/objects.h>
64
65
EC_GROUP_get_basis_type(const EC_GROUP * group)66 int EC_GROUP_get_basis_type(const EC_GROUP *group)
67 {
68 int i=0;
69
70 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
71 NID_X9_62_characteristic_two_field)
72 /* everything else is currently not supported */
73 return 0;
74
75 while (group->poly[i] != 0)
76 i++;
77
78 if (i == 4)
79 return NID_X9_62_ppBasis;
80 else if (i == 2)
81 return NID_X9_62_tpBasis;
82 else
83 /* everything else is currently not supported */
84 return 0;
85 }
86 #ifndef OPENSSL_NO_EC2M
EC_GROUP_get_trinomial_basis(const EC_GROUP * group,unsigned int * k)87 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
88 {
89 if (group == NULL)
90 return 0;
91
92 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
93 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
94 {
95 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
96 return 0;
97 }
98
99 if (k)
100 *k = group->poly[1];
101
102 return 1;
103 }
EC_GROUP_get_pentanomial_basis(const EC_GROUP * group,unsigned int * k1,unsigned int * k2,unsigned int * k3)104 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
105 unsigned int *k2, unsigned int *k3)
106 {
107 if (group == NULL)
108 return 0;
109
110 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
111 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
112 {
113 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
114 return 0;
115 }
116
117 if (k1)
118 *k1 = group->poly[3];
119 if (k2)
120 *k2 = group->poly[2];
121 if (k3)
122 *k3 = group->poly[1];
123
124 return 1;
125 }
126 #endif
127
128
129 /* some structures needed for the asn1 encoding */
130 typedef struct x9_62_pentanomial_st {
131 long k1;
132 long k2;
133 long k3;
134 } X9_62_PENTANOMIAL;
135
136 typedef struct x9_62_characteristic_two_st {
137 long m;
138 ASN1_OBJECT *type;
139 union {
140 char *ptr;
141 /* NID_X9_62_onBasis */
142 ASN1_NULL *onBasis;
143 /* NID_X9_62_tpBasis */
144 ASN1_INTEGER *tpBasis;
145 /* NID_X9_62_ppBasis */
146 X9_62_PENTANOMIAL *ppBasis;
147 /* anything else */
148 ASN1_TYPE *other;
149 } p;
150 } X9_62_CHARACTERISTIC_TWO;
151
152 typedef struct x9_62_fieldid_st {
153 ASN1_OBJECT *fieldType;
154 union {
155 char *ptr;
156 /* NID_X9_62_prime_field */
157 ASN1_INTEGER *prime;
158 /* NID_X9_62_characteristic_two_field */
159 X9_62_CHARACTERISTIC_TWO *char_two;
160 /* anything else */
161 ASN1_TYPE *other;
162 } p;
163 } X9_62_FIELDID;
164
165 typedef struct x9_62_curve_st {
166 ASN1_OCTET_STRING *a;
167 ASN1_OCTET_STRING *b;
168 ASN1_BIT_STRING *seed;
169 } X9_62_CURVE;
170
171 typedef struct ec_parameters_st {
172 long version;
173 X9_62_FIELDID *fieldID;
174 X9_62_CURVE *curve;
175 ASN1_OCTET_STRING *base;
176 ASN1_INTEGER *order;
177 ASN1_INTEGER *cofactor;
178 } ECPARAMETERS;
179
180 struct ecpk_parameters_st {
181 int type;
182 union {
183 ASN1_OBJECT *named_curve;
184 ECPARAMETERS *parameters;
185 ASN1_NULL *implicitlyCA;
186 } value;
187 }/* ECPKPARAMETERS */;
188
189 /* SEC1 ECPrivateKey */
190 typedef struct ec_privatekey_st {
191 long version;
192 ASN1_OCTET_STRING *privateKey;
193 ECPKPARAMETERS *parameters;
194 ASN1_BIT_STRING *publicKey;
195 } EC_PRIVATEKEY;
196
197 /* the OpenSSL ASN.1 definitions */
198 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
199 ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
200 ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
201 ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
202 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
203
204 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
205 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
206
207 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
208
209 ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
210 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
211 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
212 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
213 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
214
215 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
216 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
217 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
218 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
219 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
220
221 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
222 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
223
224 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
225
226 ASN1_ADB(X9_62_FIELDID) = {
227 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
228 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
229 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
230
231 ASN1_SEQUENCE(X9_62_FIELDID) = {
232 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
233 ASN1_ADB_OBJECT(X9_62_FIELDID)
234 } ASN1_SEQUENCE_END(X9_62_FIELDID)
235
236 ASN1_SEQUENCE(X9_62_CURVE) = {
237 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
238 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
239 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
240 } ASN1_SEQUENCE_END(X9_62_CURVE)
241
242 ASN1_SEQUENCE(ECPARAMETERS) = {
243 ASN1_SIMPLE(ECPARAMETERS, version, LONG),
244 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
245 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
246 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
247 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
248 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
249 } ASN1_SEQUENCE_END(ECPARAMETERS)
250
251 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
252 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
253
254 ASN1_CHOICE(ECPKPARAMETERS) = {
255 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
256 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
257 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
258 } ASN1_CHOICE_END(ECPKPARAMETERS)
259
260 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
261 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
262 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
263
264 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
265 ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
266 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
267 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
268 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
269 } ASN1_SEQUENCE_END(EC_PRIVATEKEY)
270
271 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
272 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
273 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
274
275 /* some declarations of internal function */
276
277 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
278 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
279 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
280 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
281 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
282 * ECPARAMETERS object */
283 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
284 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
285 * EC_GROUP object */
286 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
287 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
288 * ECPKPARAMETERS object */
289 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
290 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
291 * EC_GROUP object */
292 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
293 ECPKPARAMETERS *);
294
295
296 /* the function definitions */
297
ec_asn1_group2fieldid(const EC_GROUP * group,X9_62_FIELDID * field)298 static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
299 {
300 int ok=0, nid;
301 BIGNUM *tmp = NULL;
302
303 if (group == NULL || field == NULL)
304 return 0;
305
306 /* clear the old values (if necessary) */
307 if (field->fieldType != NULL)
308 ASN1_OBJECT_free(field->fieldType);
309 if (field->p.other != NULL)
310 ASN1_TYPE_free(field->p.other);
311
312 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
313 /* set OID for the field */
314 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL)
315 {
316 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
317 goto err;
318 }
319
320 if (nid == NID_X9_62_prime_field)
321 {
322 if ((tmp = BN_new()) == NULL)
323 {
324 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
325 goto err;
326 }
327 /* the parameters are specified by the prime number p */
328 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
329 {
330 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
331 goto err;
332 }
333 /* set the prime number */
334 field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL);
335 if (field->p.prime == NULL)
336 {
337 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
338 goto err;
339 }
340 }
341 else /* nid == NID_X9_62_characteristic_two_field */
342 #ifdef OPENSSL_NO_EC2M
343 {
344 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
345 goto err;
346 }
347 #else
348 {
349 int field_type;
350 X9_62_CHARACTERISTIC_TWO *char_two;
351
352 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
353 char_two = field->p.char_two;
354
355 if (char_two == NULL)
356 {
357 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
358 goto err;
359 }
360
361 char_two->m = (long)EC_GROUP_get_degree(group);
362
363 field_type = EC_GROUP_get_basis_type(group);
364
365 if (field_type == 0)
366 {
367 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
368 goto err;
369 }
370 /* set base type OID */
371 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL)
372 {
373 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
374 goto err;
375 }
376
377 if (field_type == NID_X9_62_tpBasis)
378 {
379 unsigned int k;
380
381 if (!EC_GROUP_get_trinomial_basis(group, &k))
382 goto err;
383
384 char_two->p.tpBasis = ASN1_INTEGER_new();
385 if (!char_two->p.tpBasis)
386 {
387 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
388 goto err;
389 }
390 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k))
391 {
392 ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
393 ERR_R_ASN1_LIB);
394 goto err;
395 }
396 }
397 else if (field_type == NID_X9_62_ppBasis)
398 {
399 unsigned int k1, k2, k3;
400
401 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
402 goto err;
403
404 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
405 if (!char_two->p.ppBasis)
406 {
407 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
408 goto err;
409 }
410
411 /* set k? values */
412 char_two->p.ppBasis->k1 = (long)k1;
413 char_two->p.ppBasis->k2 = (long)k2;
414 char_two->p.ppBasis->k3 = (long)k3;
415 }
416 else /* field_type == NID_X9_62_onBasis */
417 {
418 /* for ONB the parameters are (asn1) NULL */
419 char_two->p.onBasis = ASN1_NULL_new();
420 if (!char_two->p.onBasis)
421 {
422 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
423 goto err;
424 }
425 }
426 }
427 #endif
428
429 ok = 1;
430
431 err : if (tmp)
432 BN_free(tmp);
433 return(ok);
434 }
435
ec_asn1_group2curve(const EC_GROUP * group,X9_62_CURVE * curve)436 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
437 {
438 int ok=0, nid;
439 BIGNUM *tmp_1=NULL, *tmp_2=NULL;
440 unsigned char *buffer_1=NULL, *buffer_2=NULL,
441 *a_buf=NULL, *b_buf=NULL;
442 size_t len_1, len_2;
443 unsigned char char_zero = 0;
444
445 if (!group || !curve || !curve->a || !curve->b)
446 return 0;
447
448 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
449 {
450 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
451 goto err;
452 }
453
454 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
455
456 /* get a and b */
457 if (nid == NID_X9_62_prime_field)
458 {
459 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
460 {
461 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
462 goto err;
463 }
464 }
465 #ifndef OPENSSL_NO_EC2M
466 else /* nid == NID_X9_62_characteristic_two_field */
467 {
468 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
469 {
470 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
471 goto err;
472 }
473 }
474 #endif
475 len_1 = (size_t)BN_num_bytes(tmp_1);
476 len_2 = (size_t)BN_num_bytes(tmp_2);
477
478 if (len_1 == 0)
479 {
480 /* len_1 == 0 => a == 0 */
481 a_buf = &char_zero;
482 len_1 = 1;
483 }
484 else
485 {
486 if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
487 {
488 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
489 ERR_R_MALLOC_FAILURE);
490 goto err;
491 }
492 if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
493 {
494 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
495 goto err;
496 }
497 a_buf = buffer_1;
498 }
499
500 if (len_2 == 0)
501 {
502 /* len_2 == 0 => b == 0 */
503 b_buf = &char_zero;
504 len_2 = 1;
505 }
506 else
507 {
508 if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
509 {
510 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
511 ERR_R_MALLOC_FAILURE);
512 goto err;
513 }
514 if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
515 {
516 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
517 goto err;
518 }
519 b_buf = buffer_2;
520 }
521
522 /* set a and b */
523 if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
524 !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2))
525 {
526 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
527 goto err;
528 }
529
530 /* set the seed (optional) */
531 if (group->seed)
532 {
533 if (!curve->seed)
534 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL)
535 {
536 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
537 goto err;
538 }
539 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
540 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
541 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
542 (int)group->seed_len))
543 {
544 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
545 goto err;
546 }
547 }
548 else
549 {
550 if (curve->seed)
551 {
552 ASN1_BIT_STRING_free(curve->seed);
553 curve->seed = NULL;
554 }
555 }
556
557 ok = 1;
558
559 err: if (buffer_1)
560 OPENSSL_free(buffer_1);
561 if (buffer_2)
562 OPENSSL_free(buffer_2);
563 if (tmp_1)
564 BN_free(tmp_1);
565 if (tmp_2)
566 BN_free(tmp_2);
567 return(ok);
568 }
569
ec_asn1_group2parameters(const EC_GROUP * group,ECPARAMETERS * param)570 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
571 ECPARAMETERS *param)
572 {
573 int ok=0;
574 size_t len=0;
575 ECPARAMETERS *ret=NULL;
576 BIGNUM *tmp=NULL;
577 unsigned char *buffer=NULL;
578 const EC_POINT *point=NULL;
579 point_conversion_form_t form;
580
581 if ((tmp = BN_new()) == NULL)
582 {
583 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
584 goto err;
585 }
586
587 if (param == NULL)
588 {
589 if ((ret = ECPARAMETERS_new()) == NULL)
590 {
591 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
592 ERR_R_MALLOC_FAILURE);
593 goto err;
594 }
595 }
596 else
597 ret = param;
598
599 /* set the version (always one) */
600 ret->version = (long)0x1;
601
602 /* set the fieldID */
603 if (!ec_asn1_group2fieldid(group, ret->fieldID))
604 {
605 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
606 goto err;
607 }
608
609 /* set the curve */
610 if (!ec_asn1_group2curve(group, ret->curve))
611 {
612 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
613 goto err;
614 }
615
616 /* set the base point */
617 if ((point = EC_GROUP_get0_generator(group)) == NULL)
618 {
619 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
620 goto err;
621 }
622
623 form = EC_GROUP_get_point_conversion_form(group);
624
625 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
626 if (len == 0)
627 {
628 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
629 goto err;
630 }
631 if ((buffer = OPENSSL_malloc(len)) == NULL)
632 {
633 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
634 goto err;
635 }
636 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
637 {
638 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
639 goto err;
640 }
641 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
642 {
643 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
644 goto err;
645 }
646 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
647 {
648 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
649 goto err;
650 }
651
652 /* set the order */
653 if (!EC_GROUP_get_order(group, tmp, NULL))
654 {
655 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
656 goto err;
657 }
658 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
659 if (ret->order == NULL)
660 {
661 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
662 goto err;
663 }
664
665 /* set the cofactor (optional) */
666 if (EC_GROUP_get_cofactor(group, tmp, NULL))
667 {
668 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
669 if (ret->cofactor == NULL)
670 {
671 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
672 goto err;
673 }
674 }
675
676 ok = 1;
677
678 err : if(!ok)
679 {
680 if (ret && !param)
681 ECPARAMETERS_free(ret);
682 ret = NULL;
683 }
684 if (tmp)
685 BN_free(tmp);
686 if (buffer)
687 OPENSSL_free(buffer);
688 return(ret);
689 }
690
ec_asn1_group2pkparameters(const EC_GROUP * group,ECPKPARAMETERS * params)691 ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
692 ECPKPARAMETERS *params)
693 {
694 int ok = 1, tmp;
695 ECPKPARAMETERS *ret = params;
696
697 if (ret == NULL)
698 {
699 if ((ret = ECPKPARAMETERS_new()) == NULL)
700 {
701 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
702 ERR_R_MALLOC_FAILURE);
703 return NULL;
704 }
705 }
706 else
707 {
708 if (ret->type == 0 && ret->value.named_curve)
709 ASN1_OBJECT_free(ret->value.named_curve);
710 else if (ret->type == 1 && ret->value.parameters)
711 ECPARAMETERS_free(ret->value.parameters);
712 }
713
714 if (EC_GROUP_get_asn1_flag(group))
715 {
716 /* use the asn1 OID to describe the
717 * the elliptic curve parameters
718 */
719 tmp = EC_GROUP_get_curve_name(group);
720 if (tmp)
721 {
722 ret->type = 0;
723 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
724 ok = 0;
725 }
726 else
727 /* we don't kmow the nid => ERROR */
728 ok = 0;
729 }
730 else
731 {
732 /* use the ECPARAMETERS structure */
733 ret->type = 1;
734 if ((ret->value.parameters = ec_asn1_group2parameters(
735 group, NULL)) == NULL)
736 ok = 0;
737 }
738
739 if (!ok)
740 {
741 ECPKPARAMETERS_free(ret);
742 return NULL;
743 }
744 return ret;
745 }
746
ec_asn1_parameters2group(const ECPARAMETERS * params)747 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
748 {
749 int ok = 0, tmp;
750 EC_GROUP *ret = NULL;
751 BIGNUM *p = NULL, *a = NULL, *b = NULL;
752 EC_POINT *point=NULL;
753 long field_bits;
754
755 if (!params->fieldID || !params->fieldID->fieldType ||
756 !params->fieldID->p.ptr)
757 {
758 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
759 goto err;
760 }
761
762 /* now extract the curve parameters a and b */
763 if (!params->curve || !params->curve->a ||
764 !params->curve->a->data || !params->curve->b ||
765 !params->curve->b->data)
766 {
767 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
768 goto err;
769 }
770 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
771 if (a == NULL)
772 {
773 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
774 goto err;
775 }
776 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
777 if (b == NULL)
778 {
779 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
780 goto err;
781 }
782
783 /* get the field parameters */
784 tmp = OBJ_obj2nid(params->fieldID->fieldType);
785 if (tmp == NID_X9_62_characteristic_two_field)
786 #ifdef OPENSSL_NO_EC2M
787 {
788 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
789 goto err;
790 }
791 #else
792 {
793 X9_62_CHARACTERISTIC_TWO *char_two;
794
795 char_two = params->fieldID->p.char_two;
796
797 field_bits = char_two->m;
798 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
799 {
800 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
801 goto err;
802 }
803
804 if ((p = BN_new()) == NULL)
805 {
806 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
807 goto err;
808 }
809
810 /* get the base type */
811 tmp = OBJ_obj2nid(char_two->type);
812
813 if (tmp == NID_X9_62_tpBasis)
814 {
815 long tmp_long;
816
817 if (!char_two->p.tpBasis)
818 {
819 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
820 goto err;
821 }
822
823 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
824
825 if (!(char_two->m > tmp_long && tmp_long > 0))
826 {
827 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
828 goto err;
829 }
830
831 /* create the polynomial */
832 if (!BN_set_bit(p, (int)char_two->m))
833 goto err;
834 if (!BN_set_bit(p, (int)tmp_long))
835 goto err;
836 if (!BN_set_bit(p, 0))
837 goto err;
838 }
839 else if (tmp == NID_X9_62_ppBasis)
840 {
841 X9_62_PENTANOMIAL *penta;
842
843 penta = char_two->p.ppBasis;
844 if (!penta)
845 {
846 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
847 goto err;
848 }
849
850 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))
851 {
852 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
853 goto err;
854 }
855
856 /* create the polynomial */
857 if (!BN_set_bit(p, (int)char_two->m)) goto err;
858 if (!BN_set_bit(p, (int)penta->k1)) goto err;
859 if (!BN_set_bit(p, (int)penta->k2)) goto err;
860 if (!BN_set_bit(p, (int)penta->k3)) goto err;
861 if (!BN_set_bit(p, 0)) goto err;
862 }
863 else if (tmp == NID_X9_62_onBasis)
864 {
865 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
866 goto err;
867 }
868 else /* error */
869 {
870 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
871 goto err;
872 }
873
874 /* create the EC_GROUP structure */
875 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
876 }
877 #endif
878 else if (tmp == NID_X9_62_prime_field)
879 {
880 /* we have a curve over a prime field */
881 /* extract the prime number */
882 if (!params->fieldID->p.prime)
883 {
884 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
885 goto err;
886 }
887 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
888 if (p == NULL)
889 {
890 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
891 goto err;
892 }
893
894 if (BN_is_negative(p) || BN_is_zero(p))
895 {
896 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
897 goto err;
898 }
899
900 field_bits = BN_num_bits(p);
901 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
902 {
903 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
904 goto err;
905 }
906
907 /* create the EC_GROUP structure */
908 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
909 }
910 else
911 {
912 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
913 goto err;
914 }
915
916 if (ret == NULL)
917 {
918 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
919 goto err;
920 }
921
922 /* extract seed (optional) */
923 if (params->curve->seed != NULL)
924 {
925 if (ret->seed != NULL)
926 OPENSSL_free(ret->seed);
927 if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
928 {
929 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
930 ERR_R_MALLOC_FAILURE);
931 goto err;
932 }
933 memcpy(ret->seed, params->curve->seed->data,
934 params->curve->seed->length);
935 ret->seed_len = params->curve->seed->length;
936 }
937
938 if (!params->order || !params->base || !params->base->data)
939 {
940 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
941 goto err;
942 }
943
944 if ((point = EC_POINT_new(ret)) == NULL) goto err;
945
946 /* set the point conversion form */
947 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
948 (params->base->data[0] & ~0x01));
949
950 /* extract the ec point */
951 if (!EC_POINT_oct2point(ret, point, params->base->data,
952 params->base->length, NULL))
953 {
954 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
955 goto err;
956 }
957
958 /* extract the order */
959 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL)
960 {
961 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
962 goto err;
963 }
964 if (BN_is_negative(a) || BN_is_zero(a))
965 {
966 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
967 goto err;
968 }
969 if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */
970 {
971 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
972 goto err;
973 }
974
975 /* extract the cofactor (optional) */
976 if (params->cofactor == NULL)
977 {
978 if (b)
979 {
980 BN_free(b);
981 b = NULL;
982 }
983 }
984 else
985 if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL)
986 {
987 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
988 goto err;
989 }
990 /* set the generator, order and cofactor (if present) */
991 if (!EC_GROUP_set_generator(ret, point, a, b))
992 {
993 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
994 goto err;
995 }
996
997 ok = 1;
998
999 err: if (!ok)
1000 {
1001 if (ret)
1002 EC_GROUP_clear_free(ret);
1003 ret = NULL;
1004 }
1005
1006 if (p)
1007 BN_free(p);
1008 if (a)
1009 BN_free(a);
1010 if (b)
1011 BN_free(b);
1012 if (point)
1013 EC_POINT_free(point);
1014 return(ret);
1015 }
1016
ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)1017 EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
1018 {
1019 EC_GROUP *ret=NULL;
1020 int tmp=0;
1021
1022 if (params == NULL)
1023 {
1024 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
1025 EC_R_MISSING_PARAMETERS);
1026 return NULL;
1027 }
1028
1029 if (params->type == 0)
1030 { /* the curve is given by an OID */
1031 tmp = OBJ_obj2nid(params->value.named_curve);
1032 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL)
1033 {
1034 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
1035 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1036 return NULL;
1037 }
1038 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
1039 }
1040 else if (params->type == 1)
1041 { /* the parameters are given by a ECPARAMETERS
1042 * structure */
1043 ret = ec_asn1_parameters2group(params->value.parameters);
1044 if (!ret)
1045 {
1046 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
1047 return NULL;
1048 }
1049 EC_GROUP_set_asn1_flag(ret, 0x0);
1050 }
1051 else if (params->type == 2)
1052 { /* implicitlyCA */
1053 return NULL;
1054 }
1055 else
1056 {
1057 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
1058 return NULL;
1059 }
1060
1061 return ret;
1062 }
1063
1064 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1065
d2i_ECPKParameters(EC_GROUP ** a,const unsigned char ** in,long len)1066 EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
1067 {
1068 EC_GROUP *group = NULL;
1069 ECPKPARAMETERS *params = NULL;
1070
1071 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
1072 {
1073 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
1074 ECPKPARAMETERS_free(params);
1075 return NULL;
1076 }
1077
1078 if ((group = ec_asn1_pkparameters2group(params)) == NULL)
1079 {
1080 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
1081 ECPKPARAMETERS_free(params);
1082 return NULL;
1083 }
1084
1085
1086 if (a && *a)
1087 EC_GROUP_clear_free(*a);
1088 if (a)
1089 *a = group;
1090
1091 ECPKPARAMETERS_free(params);
1092 return(group);
1093 }
1094
i2d_ECPKParameters(const EC_GROUP * a,unsigned char ** out)1095 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
1096 {
1097 int ret=0;
1098 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1099 if (tmp == NULL)
1100 {
1101 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
1102 return 0;
1103 }
1104 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
1105 {
1106 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
1107 ECPKPARAMETERS_free(tmp);
1108 return 0;
1109 }
1110 ECPKPARAMETERS_free(tmp);
1111 return(ret);
1112 }
1113
1114 /* some EC_KEY functions */
1115
d2i_ECPrivateKey(EC_KEY ** a,const unsigned char ** in,long len)1116 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
1117 {
1118 int ok=0;
1119 EC_KEY *ret=NULL;
1120 EC_PRIVATEKEY *priv_key=NULL;
1121
1122 if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
1123 {
1124 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1125 return NULL;
1126 }
1127
1128 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
1129 {
1130 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1131 EC_PRIVATEKEY_free(priv_key);
1132 return NULL;
1133 }
1134
1135 if (a == NULL || *a == NULL)
1136 {
1137 if ((ret = EC_KEY_new()) == NULL)
1138 {
1139 ECerr(EC_F_D2I_ECPRIVATEKEY,
1140 ERR_R_MALLOC_FAILURE);
1141 goto err;
1142 }
1143 if (a)
1144 *a = ret;
1145 }
1146 else
1147 ret = *a;
1148
1149 if (priv_key->parameters)
1150 {
1151 if (ret->group)
1152 EC_GROUP_clear_free(ret->group);
1153 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1154 }
1155
1156 if (ret->group == NULL)
1157 {
1158 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1159 goto err;
1160 }
1161
1162 ret->version = priv_key->version;
1163
1164 if (priv_key->privateKey)
1165 {
1166 ret->priv_key = BN_bin2bn(
1167 M_ASN1_STRING_data(priv_key->privateKey),
1168 M_ASN1_STRING_length(priv_key->privateKey),
1169 ret->priv_key);
1170 if (ret->priv_key == NULL)
1171 {
1172 ECerr(EC_F_D2I_ECPRIVATEKEY,
1173 ERR_R_BN_LIB);
1174 goto err;
1175 }
1176 }
1177 else
1178 {
1179 ECerr(EC_F_D2I_ECPRIVATEKEY,
1180 EC_R_MISSING_PRIVATE_KEY);
1181 goto err;
1182 }
1183
1184 if (priv_key->publicKey)
1185 {
1186 const unsigned char *pub_oct;
1187 size_t pub_oct_len;
1188
1189 if (ret->pub_key)
1190 EC_POINT_clear_free(ret->pub_key);
1191 ret->pub_key = EC_POINT_new(ret->group);
1192 if (ret->pub_key == NULL)
1193 {
1194 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1195 goto err;
1196 }
1197 pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
1198 pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
1199 /* save the point conversion form */
1200 ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
1201 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1202 pub_oct, pub_oct_len, NULL))
1203 {
1204 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1205 goto err;
1206 }
1207 }
1208
1209 ok = 1;
1210 err:
1211 if (!ok)
1212 {
1213 if (ret)
1214 EC_KEY_free(ret);
1215 ret = NULL;
1216 }
1217
1218 if (priv_key)
1219 EC_PRIVATEKEY_free(priv_key);
1220
1221 return(ret);
1222 }
1223
i2d_ECPrivateKey(EC_KEY * a,unsigned char ** out)1224 int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
1225 {
1226 int ret=0, ok=0;
1227 unsigned char *buffer=NULL;
1228 size_t buf_len=0, tmp_len;
1229 EC_PRIVATEKEY *priv_key=NULL;
1230
1231 if (a == NULL || a->group == NULL || a->priv_key == NULL)
1232 {
1233 ECerr(EC_F_I2D_ECPRIVATEKEY,
1234 ERR_R_PASSED_NULL_PARAMETER);
1235 goto err;
1236 }
1237
1238 if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
1239 {
1240 ECerr(EC_F_I2D_ECPRIVATEKEY,
1241 ERR_R_MALLOC_FAILURE);
1242 goto err;
1243 }
1244
1245 priv_key->version = a->version;
1246
1247 buf_len = (size_t)BN_num_bytes(a->priv_key);
1248 buffer = OPENSSL_malloc(buf_len);
1249 if (buffer == NULL)
1250 {
1251 ECerr(EC_F_I2D_ECPRIVATEKEY,
1252 ERR_R_MALLOC_FAILURE);
1253 goto err;
1254 }
1255
1256 if (!BN_bn2bin(a->priv_key, buffer))
1257 {
1258 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
1259 goto err;
1260 }
1261
1262 if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
1263 {
1264 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1265 goto err;
1266 }
1267
1268 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
1269 {
1270 if ((priv_key->parameters = ec_asn1_group2pkparameters(
1271 a->group, priv_key->parameters)) == NULL)
1272 {
1273 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1274 goto err;
1275 }
1276 }
1277
1278 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
1279 {
1280 priv_key->publicKey = M_ASN1_BIT_STRING_new();
1281 if (priv_key->publicKey == NULL)
1282 {
1283 ECerr(EC_F_I2D_ECPRIVATEKEY,
1284 ERR_R_MALLOC_FAILURE);
1285 goto err;
1286 }
1287
1288 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
1289 a->conv_form, NULL, 0, NULL);
1290
1291 if (tmp_len > buf_len)
1292 {
1293 unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
1294 if (!tmp_buffer)
1295 {
1296 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1297 goto err;
1298 }
1299 buffer = tmp_buffer;
1300 buf_len = tmp_len;
1301 }
1302
1303 if (!EC_POINT_point2oct(a->group, a->pub_key,
1304 a->conv_form, buffer, buf_len, NULL))
1305 {
1306 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1307 goto err;
1308 }
1309
1310 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
1311 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1312 if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer,
1313 buf_len))
1314 {
1315 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1316 goto err;
1317 }
1318 }
1319
1320 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
1321 {
1322 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1323 goto err;
1324 }
1325 ok=1;
1326 err:
1327 if (buffer)
1328 OPENSSL_free(buffer);
1329 if (priv_key)
1330 EC_PRIVATEKEY_free(priv_key);
1331 return(ok?ret:0);
1332 }
1333
i2d_ECParameters(EC_KEY * a,unsigned char ** out)1334 int i2d_ECParameters(EC_KEY *a, unsigned char **out)
1335 {
1336 if (a == NULL)
1337 {
1338 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1339 return 0;
1340 }
1341 return i2d_ECPKParameters(a->group, out);
1342 }
1343
d2i_ECParameters(EC_KEY ** a,const unsigned char ** in,long len)1344 EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
1345 {
1346 EC_KEY *ret;
1347
1348 if (in == NULL || *in == NULL)
1349 {
1350 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1351 return NULL;
1352 }
1353
1354 if (a == NULL || *a == NULL)
1355 {
1356 if ((ret = EC_KEY_new()) == NULL)
1357 {
1358 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
1359 return NULL;
1360 }
1361 if (a)
1362 *a = ret;
1363 }
1364 else
1365 ret = *a;
1366
1367 if (!d2i_ECPKParameters(&ret->group, in, len))
1368 {
1369 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
1370 return NULL;
1371 }
1372
1373 return ret;
1374 }
1375
o2i_ECPublicKey(EC_KEY ** a,const unsigned char ** in,long len)1376 EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
1377 {
1378 EC_KEY *ret=NULL;
1379
1380 if (a == NULL || (*a) == NULL || (*a)->group == NULL)
1381 {
1382 /* sorry, but a EC_GROUP-structur is necessary
1383 * to set the public key */
1384 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1385 return 0;
1386 }
1387 ret = *a;
1388 if (ret->pub_key == NULL &&
1389 (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
1390 {
1391 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1392 return 0;
1393 }
1394 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
1395 {
1396 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
1397 return 0;
1398 }
1399 /* save the point conversion form */
1400 ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
1401 *in += len;
1402 return ret;
1403 }
1404
i2o_ECPublicKey(EC_KEY * a,unsigned char ** out)1405 int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
1406 {
1407 size_t buf_len=0;
1408 int new_buffer = 0;
1409
1410 if (a == NULL)
1411 {
1412 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1413 return 0;
1414 }
1415
1416 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1417 a->conv_form, NULL, 0, NULL);
1418
1419 if (out == NULL || buf_len == 0)
1420 /* out == NULL => just return the length of the octet string */
1421 return buf_len;
1422
1423 if (*out == NULL)
1424 {
1425 if ((*out = OPENSSL_malloc(buf_len)) == NULL)
1426 {
1427 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1428 return 0;
1429 }
1430 new_buffer = 1;
1431 }
1432 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1433 *out, buf_len, NULL))
1434 {
1435 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
1436 OPENSSL_free(*out);
1437 *out = NULL;
1438 return 0;
1439 }
1440 if (!new_buffer)
1441 *out += buf_len;
1442 return buf_len;
1443 }
1444