1 /* $OpenBSD: ec_asn1.c,v 1.21 2015/10/16 15:15:39 jsing Exp $ */
3 * Written by Nils Larsch for the OpenSSL project.
5 /* ====================================================================
6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
61 #include <openssl/opensslconf.h>
64 #include <openssl/err.h>
65 #include <openssl/asn1t.h>
66 #include <openssl/objects.h>
69 EC_GROUP_get_basis_type(const EC_GROUP
* group
)
73 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group
)) !=
74 NID_X9_62_characteristic_two_field
)
75 /* everything else is currently not supported */
78 while (group
->poly
[i
] != 0)
82 return NID_X9_62_ppBasis
;
84 return NID_X9_62_tpBasis
;
86 /* everything else is currently not supported */
89 #ifndef OPENSSL_NO_EC2M
91 EC_GROUP_get_trinomial_basis(const EC_GROUP
* group
, unsigned int *k
)
96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group
)) !=
97 NID_X9_62_characteristic_two_field
98 || !((group
->poly
[0] != 0) && (group
->poly
[1] != 0) && (group
->poly
[2] == 0))) {
99 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
108 EC_GROUP_get_pentanomial_basis(const EC_GROUP
* group
, unsigned int *k1
,
109 unsigned int *k2
, unsigned int *k3
)
114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group
)) !=
115 NID_X9_62_characteristic_two_field
116 || !((group
->poly
[0] != 0) && (group
->poly
[1] != 0) && (group
->poly
[2] != 0) && (group
->poly
[3] != 0) && (group
->poly
[4] == 0))) {
117 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
121 *k1
= group
->poly
[3];
123 *k2
= group
->poly
[2];
125 *k3
= group
->poly
[1];
132 /* some structures needed for the asn1 encoding */
133 typedef struct x9_62_pentanomial_st
{
139 typedef struct x9_62_characteristic_two_st
{
144 /* NID_X9_62_onBasis */
146 /* NID_X9_62_tpBasis */
147 ASN1_INTEGER
*tpBasis
;
148 /* NID_X9_62_ppBasis */
149 X9_62_PENTANOMIAL
*ppBasis
;
153 } X9_62_CHARACTERISTIC_TWO
;
155 typedef struct x9_62_fieldid_st
{
156 ASN1_OBJECT
*fieldType
;
159 /* NID_X9_62_prime_field */
161 /* NID_X9_62_characteristic_two_field */
162 X9_62_CHARACTERISTIC_TWO
*char_two
;
168 typedef struct x9_62_curve_st
{
169 ASN1_OCTET_STRING
*a
;
170 ASN1_OCTET_STRING
*b
;
171 ASN1_BIT_STRING
*seed
;
174 typedef struct ec_parameters_st
{
176 X9_62_FIELDID
*fieldID
;
178 ASN1_OCTET_STRING
*base
;
180 ASN1_INTEGER
*cofactor
;
183 struct ecpk_parameters_st
{
186 ASN1_OBJECT
*named_curve
;
187 ECPARAMETERS
*parameters
;
188 ASN1_NULL
*implicitlyCA
;
190 } /* ECPKPARAMETERS */ ;
192 /* SEC1 ECPrivateKey */
193 typedef struct ec_privatekey_st
{
195 ASN1_OCTET_STRING
*privateKey
;
196 ECPKPARAMETERS
*parameters
;
197 ASN1_BIT_STRING
*publicKey
;
200 /* the OpenSSL ASN.1 definitions */
201 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt
[] = {
205 .offset
= offsetof(X9_62_PENTANOMIAL
, k1
),
212 .offset
= offsetof(X9_62_PENTANOMIAL
, k2
),
219 .offset
= offsetof(X9_62_PENTANOMIAL
, k3
),
225 const ASN1_ITEM X9_62_PENTANOMIAL_it
= {
226 .itype
= ASN1_ITYPE_SEQUENCE
,
227 .utype
= V_ASN1_SEQUENCE
,
228 .templates
= X9_62_PENTANOMIAL_seq_tt
,
229 .tcount
= sizeof(X9_62_PENTANOMIAL_seq_tt
) / sizeof(ASN1_TEMPLATE
),
231 .size
= sizeof(X9_62_PENTANOMIAL
),
232 .sname
= "X9_62_PENTANOMIAL",
235 X9_62_PENTANOMIAL
*X9_62_PENTANOMIAL_new(void);
236 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL
*a
);
239 X9_62_PENTANOMIAL_new(void)
241 return (X9_62_PENTANOMIAL
*)ASN1_item_new(&X9_62_PENTANOMIAL_it
);
245 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL
*a
)
247 ASN1_item_free((ASN1_VALUE
*)a
, &X9_62_PENTANOMIAL_it
);
250 static const ASN1_TEMPLATE char_two_def_tt
= {
253 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, p
.other
),
254 .field_name
= "p.other",
255 .item
= &ASN1_ANY_it
,
258 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl
[] = {
260 .value
= NID_X9_62_onBasis
,
264 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, p
.onBasis
),
265 .field_name
= "p.onBasis",
266 .item
= &ASN1_NULL_it
,
271 .value
= NID_X9_62_tpBasis
,
275 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, p
.tpBasis
),
276 .field_name
= "p.tpBasis",
277 .item
= &ASN1_INTEGER_it
,
282 .value
= NID_X9_62_ppBasis
,
286 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, p
.ppBasis
),
287 .field_name
= "p.ppBasis",
288 .item
= &X9_62_PENTANOMIAL_it
,
294 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb
= {
296 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, type
),
298 .tbl
= X9_62_CHARACTERISTIC_TWO_adbtbl
,
299 .tblcount
= sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl
) / sizeof(ASN1_ADB_TABLE
),
300 .default_tt
= &char_two_def_tt
,
304 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt
[] = {
308 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, m
),
315 .offset
= offsetof(X9_62_CHARACTERISTIC_TWO
, type
),
316 .field_name
= "type",
317 .item
= &ASN1_OBJECT_it
,
320 .flags
= ASN1_TFLG_ADB_OID
,
323 .field_name
= "X9_62_CHARACTERISTIC_TWO",
324 .item
= (const ASN1_ITEM
*)&X9_62_CHARACTERISTIC_TWO_adb
,
328 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it
= {
329 .itype
= ASN1_ITYPE_SEQUENCE
,
330 .utype
= V_ASN1_SEQUENCE
,
331 .templates
= X9_62_CHARACTERISTIC_TWO_seq_tt
,
332 .tcount
= sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt
) / sizeof(ASN1_TEMPLATE
),
334 .size
= sizeof(X9_62_CHARACTERISTIC_TWO
),
335 .sname
= "X9_62_CHARACTERISTIC_TWO",
337 X9_62_CHARACTERISTIC_TWO
*X9_62_CHARACTERISTIC_TWO_new(void);
338 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO
*a
);
340 X9_62_CHARACTERISTIC_TWO
*
341 X9_62_CHARACTERISTIC_TWO_new(void)
343 return (X9_62_CHARACTERISTIC_TWO
*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it
);
347 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO
*a
)
349 ASN1_item_free((ASN1_VALUE
*)a
, &X9_62_CHARACTERISTIC_TWO_it
);
351 static const ASN1_TEMPLATE fieldID_def_tt
= {
354 .offset
= offsetof(X9_62_FIELDID
, p
.other
),
355 .field_name
= "p.other",
356 .item
= &ASN1_ANY_it
,
359 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl
[] = {
361 .value
= NID_X9_62_prime_field
,
365 .offset
= offsetof(X9_62_FIELDID
, p
.prime
),
366 .field_name
= "p.prime",
367 .item
= &ASN1_INTEGER_it
,
372 .value
= NID_X9_62_characteristic_two_field
,
376 .offset
= offsetof(X9_62_FIELDID
, p
.char_two
),
377 .field_name
= "p.char_two",
378 .item
= &X9_62_CHARACTERISTIC_TWO_it
,
384 static const ASN1_ADB X9_62_FIELDID_adb
= {
386 .offset
= offsetof(X9_62_FIELDID
, fieldType
),
388 .tbl
= X9_62_FIELDID_adbtbl
,
389 .tblcount
= sizeof(X9_62_FIELDID_adbtbl
) / sizeof(ASN1_ADB_TABLE
),
390 .default_tt
= &fieldID_def_tt
,
394 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt
[] = {
398 .offset
= offsetof(X9_62_FIELDID
, fieldType
),
399 .field_name
= "fieldType",
400 .item
= &ASN1_OBJECT_it
,
403 .flags
= ASN1_TFLG_ADB_OID
,
406 .field_name
= "X9_62_FIELDID",
407 .item
= (const ASN1_ITEM
*)&X9_62_FIELDID_adb
,
411 const ASN1_ITEM X9_62_FIELDID_it
= {
412 .itype
= ASN1_ITYPE_SEQUENCE
,
413 .utype
= V_ASN1_SEQUENCE
,
414 .templates
= X9_62_FIELDID_seq_tt
,
415 .tcount
= sizeof(X9_62_FIELDID_seq_tt
) / sizeof(ASN1_TEMPLATE
),
417 .size
= sizeof(X9_62_FIELDID
),
418 .sname
= "X9_62_FIELDID",
421 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt
[] = {
425 .offset
= offsetof(X9_62_CURVE
, a
),
427 .item
= &ASN1_OCTET_STRING_it
,
432 .offset
= offsetof(X9_62_CURVE
, b
),
434 .item
= &ASN1_OCTET_STRING_it
,
437 .flags
= ASN1_TFLG_OPTIONAL
,
439 .offset
= offsetof(X9_62_CURVE
, seed
),
440 .field_name
= "seed",
441 .item
= &ASN1_BIT_STRING_it
,
445 const ASN1_ITEM X9_62_CURVE_it
= {
446 .itype
= ASN1_ITYPE_SEQUENCE
,
447 .utype
= V_ASN1_SEQUENCE
,
448 .templates
= X9_62_CURVE_seq_tt
,
449 .tcount
= sizeof(X9_62_CURVE_seq_tt
) / sizeof(ASN1_TEMPLATE
),
451 .size
= sizeof(X9_62_CURVE
),
452 .sname
= "X9_62_CURVE",
455 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt
[] = {
459 .offset
= offsetof(ECPARAMETERS
, version
),
460 .field_name
= "version",
466 .offset
= offsetof(ECPARAMETERS
, fieldID
),
467 .field_name
= "fieldID",
468 .item
= &X9_62_FIELDID_it
,
473 .offset
= offsetof(ECPARAMETERS
, curve
),
474 .field_name
= "curve",
475 .item
= &X9_62_CURVE_it
,
480 .offset
= offsetof(ECPARAMETERS
, base
),
481 .field_name
= "base",
482 .item
= &ASN1_OCTET_STRING_it
,
487 .offset
= offsetof(ECPARAMETERS
, order
),
488 .field_name
= "order",
489 .item
= &ASN1_INTEGER_it
,
492 .flags
= ASN1_TFLG_OPTIONAL
,
494 .offset
= offsetof(ECPARAMETERS
, cofactor
),
495 .field_name
= "cofactor",
496 .item
= &ASN1_INTEGER_it
,
500 const ASN1_ITEM ECPARAMETERS_it
= {
501 .itype
= ASN1_ITYPE_SEQUENCE
,
502 .utype
= V_ASN1_SEQUENCE
,
503 .templates
= ECPARAMETERS_seq_tt
,
504 .tcount
= sizeof(ECPARAMETERS_seq_tt
) / sizeof(ASN1_TEMPLATE
),
506 .size
= sizeof(ECPARAMETERS
),
507 .sname
= "ECPARAMETERS",
509 ECPARAMETERS
*ECPARAMETERS_new(void);
510 void ECPARAMETERS_free(ECPARAMETERS
*a
);
513 ECPARAMETERS_new(void)
515 return (ECPARAMETERS
*)ASN1_item_new(&ECPARAMETERS_it
);
519 ECPARAMETERS_free(ECPARAMETERS
*a
)
521 ASN1_item_free((ASN1_VALUE
*)a
, &ECPARAMETERS_it
);
524 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt
[] = {
528 .offset
= offsetof(ECPKPARAMETERS
, value
.named_curve
),
529 .field_name
= "value.named_curve",
530 .item
= &ASN1_OBJECT_it
,
535 .offset
= offsetof(ECPKPARAMETERS
, value
.parameters
),
536 .field_name
= "value.parameters",
537 .item
= &ECPARAMETERS_it
,
542 .offset
= offsetof(ECPKPARAMETERS
, value
.implicitlyCA
),
543 .field_name
= "value.implicitlyCA",
544 .item
= &ASN1_NULL_it
,
548 const ASN1_ITEM ECPKPARAMETERS_it
= {
549 .itype
= ASN1_ITYPE_CHOICE
,
550 .utype
= offsetof(ECPKPARAMETERS
, type
),
551 .templates
= ECPKPARAMETERS_ch_tt
,
552 .tcount
= sizeof(ECPKPARAMETERS_ch_tt
) / sizeof(ASN1_TEMPLATE
),
554 .size
= sizeof(ECPKPARAMETERS
),
555 .sname
= "ECPKPARAMETERS",
558 ECPKPARAMETERS
*ECPKPARAMETERS_new(void);
559 void ECPKPARAMETERS_free(ECPKPARAMETERS
*a
);
560 ECPKPARAMETERS
*d2i_ECPKPARAMETERS(ECPKPARAMETERS
**a
, const unsigned char **in
, long len
);
561 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS
*a
, unsigned char **out
);
564 d2i_ECPKPARAMETERS(ECPKPARAMETERS
**a
, const unsigned char **in
, long len
)
566 return (ECPKPARAMETERS
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
571 i2d_ECPKPARAMETERS(const ECPKPARAMETERS
*a
, unsigned char **out
)
573 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &ECPKPARAMETERS_it
);
577 ECPKPARAMETERS_new(void)
579 return (ECPKPARAMETERS
*)ASN1_item_new(&ECPKPARAMETERS_it
);
583 ECPKPARAMETERS_free(ECPKPARAMETERS
*a
)
585 ASN1_item_free((ASN1_VALUE
*)a
, &ECPKPARAMETERS_it
);
588 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt
[] = {
592 .offset
= offsetof(EC_PRIVATEKEY
, version
),
593 .field_name
= "version",
599 .offset
= offsetof(EC_PRIVATEKEY
, privateKey
),
600 .field_name
= "privateKey",
601 .item
= &ASN1_OCTET_STRING_it
,
604 .flags
= ASN1_TFLG_EXPLICIT
| ASN1_TFLG_OPTIONAL
,
606 .offset
= offsetof(EC_PRIVATEKEY
, parameters
),
607 .field_name
= "parameters",
608 .item
= &ECPKPARAMETERS_it
,
611 .flags
= ASN1_TFLG_EXPLICIT
| ASN1_TFLG_OPTIONAL
,
613 .offset
= offsetof(EC_PRIVATEKEY
, publicKey
),
614 .field_name
= "publicKey",
615 .item
= &ASN1_BIT_STRING_it
,
619 const ASN1_ITEM EC_PRIVATEKEY_it
= {
620 .itype
= ASN1_ITYPE_SEQUENCE
,
621 .utype
= V_ASN1_SEQUENCE
,
622 .templates
= EC_PRIVATEKEY_seq_tt
,
623 .tcount
= sizeof(EC_PRIVATEKEY_seq_tt
) / sizeof(ASN1_TEMPLATE
),
625 .size
= sizeof(EC_PRIVATEKEY
),
626 .sname
= "EC_PRIVATEKEY",
629 EC_PRIVATEKEY
*EC_PRIVATEKEY_new(void);
630 void EC_PRIVATEKEY_free(EC_PRIVATEKEY
*a
);
631 EC_PRIVATEKEY
*d2i_EC_PRIVATEKEY(EC_PRIVATEKEY
**a
, const unsigned char **in
, long len
);
632 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY
*a
, unsigned char **out
);
635 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY
**a
, const unsigned char **in
, long len
)
637 return (EC_PRIVATEKEY
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
642 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY
*a
, unsigned char **out
)
644 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &EC_PRIVATEKEY_it
);
648 EC_PRIVATEKEY_new(void)
650 return (EC_PRIVATEKEY
*)ASN1_item_new(&EC_PRIVATEKEY_it
);
654 EC_PRIVATEKEY_free(EC_PRIVATEKEY
*a
)
656 ASN1_item_free((ASN1_VALUE
*)a
, &EC_PRIVATEKEY_it
);
658 /* some declarations of internal function */
660 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
661 static int ec_asn1_group2fieldid(const EC_GROUP
*, X9_62_FIELDID
*);
662 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
663 static int ec_asn1_group2curve(const EC_GROUP
*, X9_62_CURVE
*);
664 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
665 * ECPARAMETERS object */
666 static EC_GROUP
*ec_asn1_parameters2group(const ECPARAMETERS
*);
667 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
669 static ECPARAMETERS
*ec_asn1_group2parameters(const EC_GROUP
*, ECPARAMETERS
*);
670 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
671 * ECPKPARAMETERS object */
672 static EC_GROUP
*ec_asn1_pkparameters2group(const ECPKPARAMETERS
*);
673 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
675 static ECPKPARAMETERS
*ec_asn1_group2pkparameters(const EC_GROUP
*,
679 /* the function definitions */
682 ec_asn1_group2fieldid(const EC_GROUP
* group
, X9_62_FIELDID
* field
)
687 if (group
== NULL
|| field
== NULL
)
690 /* clear the old values (if necessary) */
691 if (field
->fieldType
!= NULL
)
692 ASN1_OBJECT_free(field
->fieldType
);
693 if (field
->p
.other
!= NULL
)
694 ASN1_TYPE_free(field
->p
.other
);
696 nid
= EC_METHOD_get_field_type(EC_GROUP_method_of(group
));
697 /* set OID for the field */
698 if ((field
->fieldType
= OBJ_nid2obj(nid
)) == NULL
) {
699 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_OBJ_LIB
);
702 if (nid
== NID_X9_62_prime_field
) {
703 if ((tmp
= BN_new()) == NULL
) {
704 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
707 /* the parameters are specified by the prime number p */
708 if (!EC_GROUP_get_curve_GFp(group
, tmp
, NULL
, NULL
, NULL
)) {
709 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_EC_LIB
);
712 /* set the prime number */
713 field
->p
.prime
= BN_to_ASN1_INTEGER(tmp
, NULL
);
714 if (field
->p
.prime
== NULL
) {
715 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_ASN1_LIB
);
718 } else /* nid == NID_X9_62_characteristic_two_field */
719 #ifdef OPENSSL_NO_EC2M
721 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, EC_R_GF2M_NOT_SUPPORTED
);
727 X9_62_CHARACTERISTIC_TWO
*char_two
;
729 field
->p
.char_two
= X9_62_CHARACTERISTIC_TWO_new();
730 char_two
= field
->p
.char_two
;
732 if (char_two
== NULL
) {
733 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
736 char_two
->m
= (long) EC_GROUP_get_degree(group
);
738 field_type
= EC_GROUP_get_basis_type(group
);
740 if (field_type
== 0) {
741 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_EC_LIB
);
744 /* set base type OID */
745 if ((char_two
->type
= OBJ_nid2obj(field_type
)) == NULL
) {
746 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_OBJ_LIB
);
749 if (field_type
== NID_X9_62_tpBasis
) {
752 if (!EC_GROUP_get_trinomial_basis(group
, &k
))
755 char_two
->p
.tpBasis
= ASN1_INTEGER_new();
756 if (!char_two
->p
.tpBasis
) {
757 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
760 if (!ASN1_INTEGER_set(char_two
->p
.tpBasis
, (long) k
)) {
761 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
,
765 } else if (field_type
== NID_X9_62_ppBasis
) {
766 unsigned int k1
, k2
, k3
;
768 if (!EC_GROUP_get_pentanomial_basis(group
, &k1
, &k2
, &k3
))
771 char_two
->p
.ppBasis
= X9_62_PENTANOMIAL_new();
772 if (!char_two
->p
.ppBasis
) {
773 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
777 char_two
->p
.ppBasis
->k1
= (long) k1
;
778 char_two
->p
.ppBasis
->k2
= (long) k2
;
779 char_two
->p
.ppBasis
->k3
= (long) k3
;
780 } else { /* field_type == NID_X9_62_onBasis */
781 /* for ONB the parameters are (asn1) NULL */
782 char_two
->p
.onBasis
= ASN1_NULL_new();
783 if (!char_two
->p
.onBasis
) {
784 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
799 ec_asn1_group2curve(const EC_GROUP
* group
, X9_62_CURVE
* curve
)
802 BIGNUM
*tmp_1
= NULL
, *tmp_2
= NULL
;
803 unsigned char *buffer_1
= NULL
, *buffer_2
= NULL
, *a_buf
= NULL
,
806 unsigned char char_zero
= 0;
808 if (!group
|| !curve
|| !curve
->a
|| !curve
->b
)
811 if ((tmp_1
= BN_new()) == NULL
|| (tmp_2
= BN_new()) == NULL
) {
812 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_MALLOC_FAILURE
);
815 nid
= EC_METHOD_get_field_type(EC_GROUP_method_of(group
));
818 if (nid
== NID_X9_62_prime_field
) {
819 if (!EC_GROUP_get_curve_GFp(group
, NULL
, tmp_1
, tmp_2
, NULL
)) {
820 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_EC_LIB
);
824 #ifndef OPENSSL_NO_EC2M
825 else { /* nid == NID_X9_62_characteristic_two_field */
826 if (!EC_GROUP_get_curve_GF2m(group
, NULL
, tmp_1
, tmp_2
, NULL
)) {
827 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_EC_LIB
);
832 len_1
= (size_t) BN_num_bytes(tmp_1
);
833 len_2
= (size_t) BN_num_bytes(tmp_2
);
836 /* len_1 == 0 => a == 0 */
840 if ((buffer_1
= malloc(len_1
)) == NULL
) {
841 ECerr(EC_F_EC_ASN1_GROUP2CURVE
,
842 ERR_R_MALLOC_FAILURE
);
845 if ((len_1
= BN_bn2bin(tmp_1
, buffer_1
)) == 0) {
846 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_BN_LIB
);
853 /* len_2 == 0 => b == 0 */
857 if ((buffer_2
= malloc(len_2
)) == NULL
) {
858 ECerr(EC_F_EC_ASN1_GROUP2CURVE
,
859 ERR_R_MALLOC_FAILURE
);
862 if ((len_2
= BN_bn2bin(tmp_2
, buffer_2
)) == 0) {
863 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_BN_LIB
);
870 if (!ASN1_STRING_set(curve
->a
, a_buf
, len_1
) ||
871 !ASN1_STRING_set(curve
->b
, b_buf
, len_2
)) {
872 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_ASN1_LIB
);
875 /* set the seed (optional) */
878 if ((curve
->seed
= ASN1_BIT_STRING_new()) == NULL
) {
879 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_MALLOC_FAILURE
);
882 curve
->seed
->flags
&= ~(ASN1_STRING_FLAG_BITS_LEFT
| 0x07);
883 curve
->seed
->flags
|= ASN1_STRING_FLAG_BITS_LEFT
;
884 if (!ASN1_BIT_STRING_set(curve
->seed
, group
->seed
,
885 (int) group
->seed_len
)) {
886 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_ASN1_LIB
);
891 ASN1_BIT_STRING_free(curve
->seed
);
906 static ECPARAMETERS
*
907 ec_asn1_group2parameters(const EC_GROUP
* group
, ECPARAMETERS
* param
)
911 ECPARAMETERS
*ret
= NULL
;
913 unsigned char *buffer
= NULL
;
914 const EC_POINT
*point
= NULL
;
915 point_conversion_form_t form
;
917 if ((tmp
= BN_new()) == NULL
) {
918 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
922 if ((ret
= ECPARAMETERS_new()) == NULL
) {
923 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
,
924 ERR_R_MALLOC_FAILURE
);
930 /* set the version (always one) */
931 ret
->version
= (long) 0x1;
933 /* set the fieldID */
934 if (!ec_asn1_group2fieldid(group
, ret
->fieldID
)) {
935 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
939 if (!ec_asn1_group2curve(group
, ret
->curve
)) {
940 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
943 /* set the base point */
944 if ((point
= EC_GROUP_get0_generator(group
)) == NULL
) {
945 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, EC_R_UNDEFINED_GENERATOR
);
948 form
= EC_GROUP_get_point_conversion_form(group
);
950 len
= EC_POINT_point2oct(group
, point
, form
, NULL
, len
, NULL
);
952 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
955 if ((buffer
= malloc(len
)) == NULL
) {
956 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
959 if (!EC_POINT_point2oct(group
, point
, form
, buffer
, len
, NULL
)) {
960 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
963 if (ret
->base
== NULL
&& (ret
->base
= ASN1_OCTET_STRING_new()) == NULL
) {
964 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
967 if (!ASN1_OCTET_STRING_set(ret
->base
, buffer
, len
)) {
968 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
972 if (!EC_GROUP_get_order(group
, tmp
, NULL
)) {
973 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
976 ret
->order
= BN_to_ASN1_INTEGER(tmp
, ret
->order
);
977 if (ret
->order
== NULL
) {
978 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
981 /* set the cofactor (optional) */
982 if (EC_GROUP_get_cofactor(group
, tmp
, NULL
)) {
983 ret
->cofactor
= BN_to_ASN1_INTEGER(tmp
, ret
->cofactor
);
984 if (ret
->cofactor
== NULL
) {
985 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
993 ECPARAMETERS_free(ret
);
1002 ec_asn1_group2pkparameters(const EC_GROUP
* group
, ECPKPARAMETERS
* params
)
1005 ECPKPARAMETERS
*ret
= params
;
1008 if ((ret
= ECPKPARAMETERS_new()) == NULL
) {
1009 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS
,
1010 ERR_R_MALLOC_FAILURE
);
1014 if (ret
->type
== 0 && ret
->value
.named_curve
)
1015 ASN1_OBJECT_free(ret
->value
.named_curve
);
1016 else if (ret
->type
== 1 && ret
->value
.parameters
)
1017 ECPARAMETERS_free(ret
->value
.parameters
);
1020 if (EC_GROUP_get_asn1_flag(group
)) {
1022 * use the asn1 OID to describe the elliptic curve
1025 tmp
= EC_GROUP_get_curve_name(group
);
1028 if ((ret
->value
.named_curve
= OBJ_nid2obj(tmp
)) == NULL
)
1031 /* we don't kmow the nid => ERROR */
1034 /* use the ECPARAMETERS structure */
1036 if ((ret
->value
.parameters
= ec_asn1_group2parameters(
1037 group
, NULL
)) == NULL
)
1042 ECPKPARAMETERS_free(ret
);
1049 ec_asn1_parameters2group(const ECPARAMETERS
* params
)
1052 EC_GROUP
*ret
= NULL
;
1053 BIGNUM
*p
= NULL
, *a
= NULL
, *b
= NULL
;
1054 EC_POINT
*point
= NULL
;
1057 if (!params
->fieldID
|| !params
->fieldID
->fieldType
||
1058 !params
->fieldID
->p
.ptr
) {
1059 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1062 /* now extract the curve parameters a and b */
1063 if (!params
->curve
|| !params
->curve
->a
||
1064 !params
->curve
->a
->data
|| !params
->curve
->b
||
1065 !params
->curve
->b
->data
) {
1066 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1069 a
= BN_bin2bn(params
->curve
->a
->data
, params
->curve
->a
->length
, NULL
);
1071 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_BN_LIB
);
1074 b
= BN_bin2bn(params
->curve
->b
->data
, params
->curve
->b
->length
, NULL
);
1076 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_BN_LIB
);
1079 /* get the field parameters */
1080 tmp
= OBJ_obj2nid(params
->fieldID
->fieldType
);
1081 if (tmp
== NID_X9_62_characteristic_two_field
)
1082 #ifdef OPENSSL_NO_EC2M
1084 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_GF2M_NOT_SUPPORTED
);
1089 X9_62_CHARACTERISTIC_TWO
*char_two
;
1091 char_two
= params
->fieldID
->p
.char_two
;
1093 field_bits
= char_two
->m
;
1094 if (field_bits
> OPENSSL_ECC_MAX_FIELD_BITS
) {
1095 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_FIELD_TOO_LARGE
);
1098 if ((p
= BN_new()) == NULL
) {
1099 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_MALLOC_FAILURE
);
1102 /* get the base type */
1103 tmp
= OBJ_obj2nid(char_two
->type
);
1105 if (tmp
== NID_X9_62_tpBasis
) {
1108 if (!char_two
->p
.tpBasis
) {
1109 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1112 tmp_long
= ASN1_INTEGER_get(char_two
->p
.tpBasis
);
1114 if (!(char_two
->m
> tmp_long
&& tmp_long
> 0)) {
1115 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_TRINOMIAL_BASIS
);
1118 /* create the polynomial */
1119 if (!BN_set_bit(p
, (int) char_two
->m
))
1121 if (!BN_set_bit(p
, (int) tmp_long
))
1123 if (!BN_set_bit(p
, 0))
1125 } else if (tmp
== NID_X9_62_ppBasis
) {
1126 X9_62_PENTANOMIAL
*penta
;
1128 penta
= char_two
->p
.ppBasis
;
1130 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1133 if (!(char_two
->m
> penta
->k3
&& penta
->k3
> penta
->k2
&& penta
->k2
> penta
->k1
&& penta
->k1
> 0)) {
1134 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_PENTANOMIAL_BASIS
);
1137 /* create the polynomial */
1138 if (!BN_set_bit(p
, (int) char_two
->m
))
1140 if (!BN_set_bit(p
, (int) penta
->k1
))
1142 if (!BN_set_bit(p
, (int) penta
->k2
))
1144 if (!BN_set_bit(p
, (int) penta
->k3
))
1146 if (!BN_set_bit(p
, 0))
1148 } else if (tmp
== NID_X9_62_onBasis
) {
1149 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_NOT_IMPLEMENTED
);
1151 } else { /* error */
1152 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1156 /* create the EC_GROUP structure */
1157 ret
= EC_GROUP_new_curve_GF2m(p
, a
, b
, NULL
);
1160 else if (tmp
== NID_X9_62_prime_field
) {
1161 /* we have a curve over a prime field */
1162 /* extract the prime number */
1163 if (!params
->fieldID
->p
.prime
) {
1164 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1167 p
= ASN1_INTEGER_to_BN(params
->fieldID
->p
.prime
, NULL
);
1169 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
1172 if (BN_is_negative(p
) || BN_is_zero(p
)) {
1173 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_FIELD
);
1176 field_bits
= BN_num_bits(p
);
1177 if (field_bits
> OPENSSL_ECC_MAX_FIELD_BITS
) {
1178 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_FIELD_TOO_LARGE
);
1181 /* create the EC_GROUP structure */
1182 ret
= EC_GROUP_new_curve_GFp(p
, a
, b
, NULL
);
1184 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_FIELD
);
1189 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
1192 /* extract seed (optional) */
1193 if (params
->curve
->seed
!= NULL
) {
1195 if (!(ret
->seed
= malloc(params
->curve
->seed
->length
))) {
1196 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
1197 ERR_R_MALLOC_FAILURE
);
1200 memcpy(ret
->seed
, params
->curve
->seed
->data
,
1201 params
->curve
->seed
->length
);
1202 ret
->seed_len
= params
->curve
->seed
->length
;
1204 if (!params
->order
|| !params
->base
|| !params
->base
->data
) {
1205 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1208 if ((point
= EC_POINT_new(ret
)) == NULL
)
1211 /* set the point conversion form */
1212 EC_GROUP_set_point_conversion_form(ret
, (point_conversion_form_t
)
1213 (params
->base
->data
[0] & ~0x01));
1215 /* extract the ec point */
1216 if (!EC_POINT_oct2point(ret
, point
, params
->base
->data
,
1217 params
->base
->length
, NULL
)) {
1218 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
1221 /* extract the order */
1222 if ((a
= ASN1_INTEGER_to_BN(params
->order
, a
)) == NULL
) {
1223 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
1226 if (BN_is_negative(a
) || BN_is_zero(a
)) {
1227 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_GROUP_ORDER
);
1230 if (BN_num_bits(a
) > (int) field_bits
+ 1) { /* Hasse bound */
1231 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_INVALID_GROUP_ORDER
);
1234 /* extract the cofactor (optional) */
1235 if (params
->cofactor
== NULL
) {
1238 } else if ((b
= ASN1_INTEGER_to_BN(params
->cofactor
, b
)) == NULL
) {
1239 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
1242 /* set the generator, order and cofactor (if present) */
1243 if (!EC_GROUP_set_generator(ret
, point
, a
, b
)) {
1244 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
1250 EC_GROUP_clear_free(ret
);
1256 EC_POINT_free(point
);
1261 ec_asn1_pkparameters2group(const ECPKPARAMETERS
* params
)
1263 EC_GROUP
*ret
= NULL
;
1266 if (params
== NULL
) {
1267 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
,
1268 EC_R_MISSING_PARAMETERS
);
1271 if (params
->type
== 0) {/* the curve is given by an OID */
1272 tmp
= OBJ_obj2nid(params
->value
.named_curve
);
1273 if ((ret
= EC_GROUP_new_by_curve_name(tmp
)) == NULL
) {
1274 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
,
1275 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE
);
1278 EC_GROUP_set_asn1_flag(ret
, OPENSSL_EC_NAMED_CURVE
);
1279 } else if (params
->type
== 1) { /* the parameters are given by a
1280 * ECPARAMETERS structure */
1281 ret
= ec_asn1_parameters2group(params
->value
.parameters
);
1283 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
, ERR_R_EC_LIB
);
1286 EC_GROUP_set_asn1_flag(ret
, 0x0);
1287 } else if (params
->type
== 2) { /* implicitlyCA */
1290 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1297 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1300 d2i_ECPKParameters(EC_GROUP
** a
, const unsigned char **in
, long len
)
1302 EC_GROUP
*group
= NULL
;
1303 ECPKPARAMETERS
*params
= NULL
;
1305 if ((params
= d2i_ECPKPARAMETERS(NULL
, in
, len
)) == NULL
) {
1306 ECerr(EC_F_D2I_ECPKPARAMETERS
, EC_R_D2I_ECPKPARAMETERS_FAILURE
);
1309 if ((group
= ec_asn1_pkparameters2group(params
)) == NULL
) {
1310 ECerr(EC_F_D2I_ECPKPARAMETERS
, EC_R_PKPARAMETERS2GROUP_FAILURE
);
1315 EC_GROUP_clear_free(*a
);
1320 ECPKPARAMETERS_free(params
);
1325 i2d_ECPKParameters(const EC_GROUP
* a
, unsigned char **out
)
1328 ECPKPARAMETERS
*tmp
= ec_asn1_group2pkparameters(a
, NULL
);
1330 ECerr(EC_F_I2D_ECPKPARAMETERS
, EC_R_GROUP2PKPARAMETERS_FAILURE
);
1333 if ((ret
= i2d_ECPKPARAMETERS(tmp
, out
)) == 0) {
1334 ECerr(EC_F_I2D_ECPKPARAMETERS
, EC_R_I2D_ECPKPARAMETERS_FAILURE
);
1335 ECPKPARAMETERS_free(tmp
);
1338 ECPKPARAMETERS_free(tmp
);
1342 /* some EC_KEY functions */
1345 d2i_ECPrivateKey(EC_KEY
** a
, const unsigned char **in
, long len
)
1348 EC_PRIVATEKEY
*priv_key
= NULL
;
1350 if ((priv_key
= EC_PRIVATEKEY_new()) == NULL
) {
1351 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_MALLOC_FAILURE
);
1354 if ((priv_key
= d2i_EC_PRIVATEKEY(&priv_key
, in
, len
)) == NULL
) {
1355 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1356 EC_PRIVATEKEY_free(priv_key
);
1359 if (a
== NULL
|| *a
== NULL
) {
1360 if ((ret
= EC_KEY_new()) == NULL
) {
1361 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_MALLOC_FAILURE
);
1367 if (priv_key
->parameters
) {
1368 EC_GROUP_clear_free(ret
->group
);
1369 ret
->group
= ec_asn1_pkparameters2group(priv_key
->parameters
);
1371 if (ret
->group
== NULL
) {
1372 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1375 ret
->version
= priv_key
->version
;
1377 if (priv_key
->privateKey
) {
1378 ret
->priv_key
= BN_bin2bn(
1379 ASN1_STRING_data(priv_key
->privateKey
),
1380 ASN1_STRING_length(priv_key
->privateKey
),
1382 if (ret
->priv_key
== NULL
) {
1383 ECerr(EC_F_D2I_ECPRIVATEKEY
,
1388 ECerr(EC_F_D2I_ECPRIVATEKEY
,
1389 EC_R_MISSING_PRIVATE_KEY
);
1393 if (priv_key
->publicKey
) {
1394 const unsigned char *pub_oct
;
1397 EC_POINT_clear_free(ret
->pub_key
);
1398 ret
->pub_key
= EC_POINT_new(ret
->group
);
1399 if (ret
->pub_key
== NULL
) {
1400 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1403 pub_oct
= ASN1_STRING_data(priv_key
->publicKey
);
1404 pub_oct_len
= ASN1_STRING_length(priv_key
->publicKey
);
1405 /* save the point conversion form */
1406 ret
->conv_form
= (point_conversion_form_t
) (pub_oct
[0] & ~0x01);
1407 if (!EC_POINT_oct2point(ret
->group
, ret
->pub_key
,
1408 pub_oct
, pub_oct_len
, NULL
)) {
1409 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1414 EC_PRIVATEKEY_free(priv_key
);
1420 if (a
== NULL
|| *a
!= ret
)
1423 EC_PRIVATEKEY_free(priv_key
);
1429 i2d_ECPrivateKey(EC_KEY
* a
, unsigned char **out
)
1431 int ret
= 0, ok
= 0;
1432 unsigned char *buffer
= NULL
;
1433 size_t buf_len
= 0, tmp_len
;
1434 EC_PRIVATEKEY
*priv_key
= NULL
;
1436 if (a
== NULL
|| a
->group
== NULL
|| a
->priv_key
== NULL
) {
1437 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1438 ERR_R_PASSED_NULL_PARAMETER
);
1441 if ((priv_key
= EC_PRIVATEKEY_new()) == NULL
) {
1442 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1443 ERR_R_MALLOC_FAILURE
);
1446 priv_key
->version
= a
->version
;
1448 buf_len
= (size_t) BN_num_bytes(a
->priv_key
);
1449 buffer
= malloc(buf_len
);
1450 if (buffer
== NULL
) {
1451 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1452 ERR_R_MALLOC_FAILURE
);
1455 if (!BN_bn2bin(a
->priv_key
, buffer
)) {
1456 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_BN_LIB
);
1459 if (!ASN1_STRING_set(priv_key
->privateKey
, buffer
, buf_len
)) {
1460 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_ASN1_LIB
);
1463 if (!(a
->enc_flag
& EC_PKEY_NO_PARAMETERS
)) {
1464 if ((priv_key
->parameters
= ec_asn1_group2pkparameters(
1465 a
->group
, priv_key
->parameters
)) == NULL
) {
1466 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1470 if (!(a
->enc_flag
& EC_PKEY_NO_PUBKEY
) && a
->pub_key
!= NULL
) {
1471 priv_key
->publicKey
= ASN1_BIT_STRING_new();
1472 if (priv_key
->publicKey
== NULL
) {
1473 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1474 ERR_R_MALLOC_FAILURE
);
1477 tmp_len
= EC_POINT_point2oct(a
->group
, a
->pub_key
,
1478 a
->conv_form
, NULL
, 0, NULL
);
1480 if (tmp_len
> buf_len
) {
1481 unsigned char *tmp_buffer
= realloc(buffer
, tmp_len
);
1483 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_MALLOC_FAILURE
);
1486 buffer
= tmp_buffer
;
1489 if (!EC_POINT_point2oct(a
->group
, a
->pub_key
,
1490 a
->conv_form
, buffer
, buf_len
, NULL
)) {
1491 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1494 priv_key
->publicKey
->flags
&= ~(ASN1_STRING_FLAG_BITS_LEFT
| 0x07);
1495 priv_key
->publicKey
->flags
|= ASN1_STRING_FLAG_BITS_LEFT
;
1496 if (!ASN1_STRING_set(priv_key
->publicKey
, buffer
,
1498 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_ASN1_LIB
);
1502 if ((ret
= i2d_EC_PRIVATEKEY(priv_key
, out
)) == 0) {
1503 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1510 EC_PRIVATEKEY_free(priv_key
);
1511 return (ok
? ret
: 0);
1515 i2d_ECParameters(EC_KEY
* a
, unsigned char **out
)
1518 ECerr(EC_F_I2D_ECPARAMETERS
, ERR_R_PASSED_NULL_PARAMETER
);
1521 return i2d_ECPKParameters(a
->group
, out
);
1525 d2i_ECParameters(EC_KEY
** a
, const unsigned char **in
, long len
)
1529 if (in
== NULL
|| *in
== NULL
) {
1530 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_PASSED_NULL_PARAMETER
);
1533 if (a
== NULL
|| *a
== NULL
) {
1534 if ((ret
= EC_KEY_new()) == NULL
) {
1535 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_MALLOC_FAILURE
);
1541 if (!d2i_ECPKParameters(&ret
->group
, in
, len
)) {
1542 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_EC_LIB
);
1543 if (a
== NULL
|| *a
!= ret
)
1554 o2i_ECPublicKey(EC_KEY
** a
, const unsigned char **in
, long len
)
1558 if (a
== NULL
|| (*a
) == NULL
|| (*a
)->group
== NULL
) {
1560 * sorry, but a EC_GROUP-structur is necessary to set the
1563 ECerr(EC_F_O2I_ECPUBLICKEY
, ERR_R_PASSED_NULL_PARAMETER
);
1567 if (ret
->pub_key
== NULL
&&
1568 (ret
->pub_key
= EC_POINT_new(ret
->group
)) == NULL
) {
1569 ECerr(EC_F_O2I_ECPUBLICKEY
, ERR_R_MALLOC_FAILURE
);
1572 if (!EC_POINT_oct2point(ret
->group
, ret
->pub_key
, *in
, len
, NULL
)) {
1573 ECerr(EC_F_O2I_ECPUBLICKEY
, ERR_R_EC_LIB
);
1576 /* save the point conversion form */
1577 ret
->conv_form
= (point_conversion_form_t
) (*in
[0] & ~0x01);
1583 i2o_ECPublicKey(EC_KEY
* a
, unsigned char **out
)
1589 ECerr(EC_F_I2O_ECPUBLICKEY
, ERR_R_PASSED_NULL_PARAMETER
);
1592 buf_len
= EC_POINT_point2oct(a
->group
, a
->pub_key
,
1593 a
->conv_form
, NULL
, 0, NULL
);
1595 if (out
== NULL
|| buf_len
== 0)
1596 /* out == NULL => just return the length of the octet string */
1600 if ((*out
= malloc(buf_len
)) == NULL
) {
1601 ECerr(EC_F_I2O_ECPUBLICKEY
, ERR_R_MALLOC_FAILURE
);
1606 if (!EC_POINT_point2oct(a
->group
, a
->pub_key
, a
->conv_form
,
1607 *out
, buf_len
, NULL
)) {
1608 ECerr(EC_F_I2O_ECPUBLICKEY
, ERR_R_EC_LIB
);