search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import LibreSSL v2.4.2 to vendor branch
[dragonfly.git] / crypto / libressl / crypto / ec / ec_asn1.c
blob43cb3e9a3201e354e530c3f24178f3bcece439a3
1 /* $OpenBSD: ec_asn1.c,v 1.21 2015/10/16 15:15:39 jsing Exp $ */
2 /*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <string.h>
60
61 #include <openssl/opensslconf.h>
62
63 #include "ec_lcl.h"
64 #include <openssl/err.h>
65 #include <openssl/asn1t.h>
66 #include <openssl/objects.h>
67
68 int
69 EC_GROUP_get_basis_type(const EC_GROUP * group)
70 {
71 int i = 0;
72
73 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
74 NID_X9_62_characteristic_two_field)
75 /* everything else is currently not supported */
76 return 0;
77
78 while (group->poly[i] != 0)
79 i++;
80
81 if (i == 4)
82 return NID_X9_62_ppBasis;
83 else if (i == 2)
84 return NID_X9_62_tpBasis;
85 else
86 /* everything else is currently not supported */
87 return 0;
88 }
89 #ifndef OPENSSL_NO_EC2M
90 int
91 EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k)
92 {
93 if (group == NULL)
94 return 0;
95
96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
97 NID_X9_62_characteristic_two_field
98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
99 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
100 return 0;
101 }
102 if (k)
103 *k = group->poly[1];
104
105 return 1;
106 }
107 int
108 EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
109 unsigned int *k2, unsigned int *k3)
110 {
111 if (group == NULL)
112 return 0;
113
114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
115 NID_X9_62_characteristic_two_field
116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
117 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
118 return 0;
119 }
120 if (k1)
121 *k1 = group->poly[3];
122 if (k2)
123 *k2 = group->poly[2];
124 if (k3)
125 *k3 = group->poly[1];
126
127 return 1;
128 }
129 #endif
130
131
132 /* some structures needed for the asn1 encoding */
133 typedef struct x9_62_pentanomial_st {
134 long k1;
135 long k2;
136 long k3;
137 } X9_62_PENTANOMIAL;
138
139 typedef struct x9_62_characteristic_two_st {
140 long m;
141 ASN1_OBJECT *type;
142 union {
143 char *ptr;
144 /* NID_X9_62_onBasis */
145 ASN1_NULL *onBasis;
146 /* NID_X9_62_tpBasis */
147 ASN1_INTEGER *tpBasis;
148 /* NID_X9_62_ppBasis */
149 X9_62_PENTANOMIAL *ppBasis;
150 /* anything else */
151 ASN1_TYPE *other;
152 } p;
153 } X9_62_CHARACTERISTIC_TWO;
154
155 typedef struct x9_62_fieldid_st {
156 ASN1_OBJECT *fieldType;
157 union {
158 char *ptr;
159 /* NID_X9_62_prime_field */
160 ASN1_INTEGER *prime;
161 /* NID_X9_62_characteristic_two_field */
162 X9_62_CHARACTERISTIC_TWO *char_two;
163 /* anything else */
164 ASN1_TYPE *other;
165 } p;
166 } X9_62_FIELDID;
167
168 typedef struct x9_62_curve_st {
169 ASN1_OCTET_STRING *a;
170 ASN1_OCTET_STRING *b;
171 ASN1_BIT_STRING *seed;
172 } X9_62_CURVE;
173
174 typedef struct ec_parameters_st {
175 long version;
176 X9_62_FIELDID *fieldID;
177 X9_62_CURVE *curve;
178 ASN1_OCTET_STRING *base;
179 ASN1_INTEGER *order;
180 ASN1_INTEGER *cofactor;
181 } ECPARAMETERS;
182
183 struct ecpk_parameters_st {
184 int type;
185 union {
186 ASN1_OBJECT *named_curve;
187 ECPARAMETERS *parameters;
188 ASN1_NULL *implicitlyCA;
189 } value;
190 } /* ECPKPARAMETERS */ ;
191
192 /* SEC1 ECPrivateKey */
193 typedef struct ec_privatekey_st {
194 long version;
195 ASN1_OCTET_STRING *privateKey;
196 ECPKPARAMETERS *parameters;
197 ASN1_BIT_STRING *publicKey;
198 } EC_PRIVATEKEY;
199
200 /* the OpenSSL ASN.1 definitions */
201 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = {
202 {
203 .flags = 0,
204 .tag = 0,
205 .offset = offsetof(X9_62_PENTANOMIAL, k1),
206 .field_name = "k1",
207 .item = &LONG_it,
208 },
209 {
210 .flags = 0,
211 .tag = 0,
212 .offset = offsetof(X9_62_PENTANOMIAL, k2),
213 .field_name = "k2",
214 .item = &LONG_it,
215 },
216 {
217 .flags = 0,
218 .tag = 0,
219 .offset = offsetof(X9_62_PENTANOMIAL, k3),
220 .field_name = "k3",
221 .item = &LONG_it,
222 },
223 };
224
225 const ASN1_ITEM X9_62_PENTANOMIAL_it = {
226 .itype = ASN1_ITYPE_SEQUENCE,
227 .utype = V_ASN1_SEQUENCE,
228 .templates = X9_62_PENTANOMIAL_seq_tt,
229 .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE),
230 .funcs = NULL,
231 .size = sizeof(X9_62_PENTANOMIAL),
232 .sname = "X9_62_PENTANOMIAL",
233 };
234
235 X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void);
236 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a);
237
238 X9_62_PENTANOMIAL *
239 X9_62_PENTANOMIAL_new(void)
240 {
241 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it);
242 }
243
244 void
245 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a)
246 {
247 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it);
248 }
249
250 static const ASN1_TEMPLATE char_two_def_tt = {
251 .flags = 0,
252 .tag = 0,
253 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other),
254 .field_name = "p.other",
255 .item = &ASN1_ANY_it,
256 };
257
258 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = {
259 {
260 .value = NID_X9_62_onBasis,
261 .tt = {
262 .flags = 0,
263 .tag = 0,
264 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis),
265 .field_name = "p.onBasis",
266 .item = &ASN1_NULL_it,
267 },
268
269 },
270 {
271 .value = NID_X9_62_tpBasis,
272 .tt = {
273 .flags = 0,
274 .tag = 0,
275 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis),
276 .field_name = "p.tpBasis",
277 .item = &ASN1_INTEGER_it,
278 },
279
280 },
281 {
282 .value = NID_X9_62_ppBasis,
283 .tt = {
284 .flags = 0,
285 .tag = 0,
286 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis),
287 .field_name = "p.ppBasis",
288 .item = &X9_62_PENTANOMIAL_it,
289 },
290
291 },
292 };
293
294 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = {
295 .flags = 0,
296 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
297 .app_items = 0,
298 .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl,
299 .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE),
300 .default_tt = &char_two_def_tt,
301 .null_tt = NULL,
302 };
303
304 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = {
305 {
306 .flags = 0,
307 .tag = 0,
308 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m),
309 .field_name = "m",
310 .item = &LONG_it,
311 },
312 {
313 .flags = 0,
314 .tag = 0,
315 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
316 .field_name = "type",
317 .item = &ASN1_OBJECT_it,
318 },
319 {
320 .flags = ASN1_TFLG_ADB_OID,
321 .tag = -1,
322 .offset = 0,
323 .field_name = "X9_62_CHARACTERISTIC_TWO",
324 .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb,
325 },
326 };
327
328 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = {
329 .itype = ASN1_ITYPE_SEQUENCE,
330 .utype = V_ASN1_SEQUENCE,
331 .templates = X9_62_CHARACTERISTIC_TWO_seq_tt,
332 .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE),
333 .funcs = NULL,
334 .size = sizeof(X9_62_CHARACTERISTIC_TWO),
335 .sname = "X9_62_CHARACTERISTIC_TWO",
336 };
337 X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void);
338 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a);
339
340 X9_62_CHARACTERISTIC_TWO *
341 X9_62_CHARACTERISTIC_TWO_new(void)
342 {
343 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it);
344 }
345
346 void
347 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a)
348 {
349 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it);
350 }
351 static const ASN1_TEMPLATE fieldID_def_tt = {
352 .flags = 0,
353 .tag = 0,
354 .offset = offsetof(X9_62_FIELDID, p.other),
355 .field_name = "p.other",
356 .item = &ASN1_ANY_it,
357 };
358
359 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = {
360 {
361 .value = NID_X9_62_prime_field,
362 .tt = {
363 .flags = 0,
364 .tag = 0,
365 .offset = offsetof(X9_62_FIELDID, p.prime),
366 .field_name = "p.prime",
367 .item = &ASN1_INTEGER_it,
368 },
369
370 },
371 {
372 .value = NID_X9_62_characteristic_two_field,
373 .tt = {
374 .flags = 0,
375 .tag = 0,
376 .offset = offsetof(X9_62_FIELDID, p.char_two),
377 .field_name = "p.char_two",
378 .item = &X9_62_CHARACTERISTIC_TWO_it,
379 },
380
381 },
382 };
383
384 static const ASN1_ADB X9_62_FIELDID_adb = {
385 .flags = 0,
386 .offset = offsetof(X9_62_FIELDID, fieldType),
387 .app_items = 0,
388 .tbl = X9_62_FIELDID_adbtbl,
389 .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE),
390 .default_tt = &fieldID_def_tt,
391 .null_tt = NULL,
392 };
393
394 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = {
395 {
396 .flags = 0,
397 .tag = 0,
398 .offset = offsetof(X9_62_FIELDID, fieldType),
399 .field_name = "fieldType",
400 .item = &ASN1_OBJECT_it,
401 },
402 {
403 .flags = ASN1_TFLG_ADB_OID,
404 .tag = -1,
405 .offset = 0,
406 .field_name = "X9_62_FIELDID",
407 .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb,
408 },
409 };
410
411 const ASN1_ITEM X9_62_FIELDID_it = {
412 .itype = ASN1_ITYPE_SEQUENCE,
413 .utype = V_ASN1_SEQUENCE,
414 .templates = X9_62_FIELDID_seq_tt,
415 .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE),
416 .funcs = NULL,
417 .size = sizeof(X9_62_FIELDID),
418 .sname = "X9_62_FIELDID",
419 };
420
421 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = {
422 {
423 .flags = 0,
424 .tag = 0,
425 .offset = offsetof(X9_62_CURVE, a),
426 .field_name = "a",
427 .item = &ASN1_OCTET_STRING_it,
428 },
429 {
430 .flags = 0,
431 .tag = 0,
432 .offset = offsetof(X9_62_CURVE, b),
433 .field_name = "b",
434 .item = &ASN1_OCTET_STRING_it,
435 },
436 {
437 .flags = ASN1_TFLG_OPTIONAL,
438 .tag = 0,
439 .offset = offsetof(X9_62_CURVE, seed),
440 .field_name = "seed",
441 .item = &ASN1_BIT_STRING_it,
442 },
443 };
444
445 const ASN1_ITEM X9_62_CURVE_it = {
446 .itype = ASN1_ITYPE_SEQUENCE,
447 .utype = V_ASN1_SEQUENCE,
448 .templates = X9_62_CURVE_seq_tt,
449 .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE),
450 .funcs = NULL,
451 .size = sizeof(X9_62_CURVE),
452 .sname = "X9_62_CURVE",
453 };
454
455 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = {
456 {
457 .flags = 0,
458 .tag = 0,
459 .offset = offsetof(ECPARAMETERS, version),
460 .field_name = "version",
461 .item = &LONG_it,
462 },
463 {
464 .flags = 0,
465 .tag = 0,
466 .offset = offsetof(ECPARAMETERS, fieldID),
467 .field_name = "fieldID",
468 .item = &X9_62_FIELDID_it,
469 },
470 {
471 .flags = 0,
472 .tag = 0,
473 .offset = offsetof(ECPARAMETERS, curve),
474 .field_name = "curve",
475 .item = &X9_62_CURVE_it,
476 },
477 {
478 .flags = 0,
479 .tag = 0,
480 .offset = offsetof(ECPARAMETERS, base),
481 .field_name = "base",
482 .item = &ASN1_OCTET_STRING_it,
483 },
484 {
485 .flags = 0,
486 .tag = 0,
487 .offset = offsetof(ECPARAMETERS, order),
488 .field_name = "order",
489 .item = &ASN1_INTEGER_it,
490 },
491 {
492 .flags = ASN1_TFLG_OPTIONAL,
493 .tag = 0,
494 .offset = offsetof(ECPARAMETERS, cofactor),
495 .field_name = "cofactor",
496 .item = &ASN1_INTEGER_it,
497 },
498 };
499
500 const ASN1_ITEM ECPARAMETERS_it = {
501 .itype = ASN1_ITYPE_SEQUENCE,
502 .utype = V_ASN1_SEQUENCE,
503 .templates = ECPARAMETERS_seq_tt,
504 .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE),
505 .funcs = NULL,
506 .size = sizeof(ECPARAMETERS),
507 .sname = "ECPARAMETERS",
508 };
509 ECPARAMETERS *ECPARAMETERS_new(void);
510 void ECPARAMETERS_free(ECPARAMETERS *a);
511
512 ECPARAMETERS *
513 ECPARAMETERS_new(void)
514 {
515 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it);
516 }
517
518 void
519 ECPARAMETERS_free(ECPARAMETERS *a)
520 {
521 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it);
522 }
523
524 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = {
525 {
526 .flags = 0,
527 .tag = 0,
528 .offset = offsetof(ECPKPARAMETERS, value.named_curve),
529 .field_name = "value.named_curve",
530 .item = &ASN1_OBJECT_it,
531 },
532 {
533 .flags = 0,
534 .tag = 0,
535 .offset = offsetof(ECPKPARAMETERS, value.parameters),
536 .field_name = "value.parameters",
537 .item = &ECPARAMETERS_it,
538 },
539 {
540 .flags = 0,
541 .tag = 0,
542 .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA),
543 .field_name = "value.implicitlyCA",
544 .item = &ASN1_NULL_it,
545 },
546 };
547
548 const ASN1_ITEM ECPKPARAMETERS_it = {
549 .itype = ASN1_ITYPE_CHOICE,
550 .utype = offsetof(ECPKPARAMETERS, type),
551 .templates = ECPKPARAMETERS_ch_tt,
552 .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE),
553 .funcs = NULL,
554 .size = sizeof(ECPKPARAMETERS),
555 .sname = "ECPKPARAMETERS",
556 };
557
558 ECPKPARAMETERS *ECPKPARAMETERS_new(void);
559 void ECPKPARAMETERS_free(ECPKPARAMETERS *a);
560 ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len);
561 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out);
562
563 ECPKPARAMETERS *
564 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len)
565 {
566 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
567 &ECPKPARAMETERS_it);
568 }
569
570 int
571 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out)
572 {
573 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it);
574 }
575
576 ECPKPARAMETERS *
577 ECPKPARAMETERS_new(void)
578 {
579 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it);
580 }
581
582 void
583 ECPKPARAMETERS_free(ECPKPARAMETERS *a)
584 {
585 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it);
586 }
587
588 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = {
589 {
590 .flags = 0,
591 .tag = 0,
592 .offset = offsetof(EC_PRIVATEKEY, version),
593 .field_name = "version",
594 .item = &LONG_it,
595 },
596 {
597 .flags = 0,
598 .tag = 0,
599 .offset = offsetof(EC_PRIVATEKEY, privateKey),
600 .field_name = "privateKey",
601 .item = &ASN1_OCTET_STRING_it,
602 },
603 {
604 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
605 .tag = 0,
606 .offset = offsetof(EC_PRIVATEKEY, parameters),
607 .field_name = "parameters",
608 .item = &ECPKPARAMETERS_it,
609 },
610 {
611 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
612 .tag = 1,
613 .offset = offsetof(EC_PRIVATEKEY, publicKey),
614 .field_name = "publicKey",
615 .item = &ASN1_BIT_STRING_it,
616 },
617 };
618
619 const ASN1_ITEM EC_PRIVATEKEY_it = {
620 .itype = ASN1_ITYPE_SEQUENCE,
621 .utype = V_ASN1_SEQUENCE,
622 .templates = EC_PRIVATEKEY_seq_tt,
623 .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
624 .funcs = NULL,
625 .size = sizeof(EC_PRIVATEKEY),
626 .sname = "EC_PRIVATEKEY",
627 };
628
629 EC_PRIVATEKEY *EC_PRIVATEKEY_new(void);
630 void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a);
631 EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len);
632 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out);
633
634 EC_PRIVATEKEY *
635 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len)
636 {
637 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
638 &EC_PRIVATEKEY_it);
639 }
640
641 int
642 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out)
643 {
644 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it);
645 }
646
647 EC_PRIVATEKEY *
648 EC_PRIVATEKEY_new(void)
649 {
650 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it);
651 }
652
653 void
654 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a)
655 {
656 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it);
657 }
658 /* some declarations of internal function */
659
660 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
661 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
662 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
663 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
664 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
665 * ECPARAMETERS object */
666 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
667 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
668 * EC_GROUP object */
669 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *);
670 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
671 * ECPKPARAMETERS object */
672 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
673 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
674 * EC_GROUP object */
675 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
676 ECPKPARAMETERS *);
677
678
679 /* the function definitions */
680
681 static int
682 ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
683 {
684 int ok = 0, nid;
685 BIGNUM *tmp = NULL;
686
687 if (group == NULL || field == NULL)
688 return 0;
689
690 /* clear the old values (if necessary) */
691 if (field->fieldType != NULL)
692 ASN1_OBJECT_free(field->fieldType);
693 if (field->p.other != NULL)
694 ASN1_TYPE_free(field->p.other);
695
696 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
697 /* set OID for the field */
698 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
699 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
700 goto err;
701 }
702 if (nid == NID_X9_62_prime_field) {
703 if ((tmp = BN_new()) == NULL) {
704 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
705 goto err;
706 }
707 /* the parameters are specified by the prime number p */
708 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
709 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
710 goto err;
711 }
712 /* set the prime number */
713 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
714 if (field->p.prime == NULL) {
715 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
716 goto err;
717 }
718 } else /* nid == NID_X9_62_characteristic_two_field */
719 #ifdef OPENSSL_NO_EC2M
720 {
721 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
722 goto err;
723 }
724 #else
725 {
726 int field_type;
727 X9_62_CHARACTERISTIC_TWO *char_two;
728
729 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
730 char_two = field->p.char_two;
731
732 if (char_two == NULL) {
733 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
734 goto err;
735 }
736 char_two->m = (long) EC_GROUP_get_degree(group);
737
738 field_type = EC_GROUP_get_basis_type(group);
739
740 if (field_type == 0) {
741 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
742 goto err;
743 }
744 /* set base type OID */
745 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
746 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
747 goto err;
748 }
749 if (field_type == NID_X9_62_tpBasis) {
750 unsigned int k;
751
752 if (!EC_GROUP_get_trinomial_basis(group, &k))
753 goto err;
754
755 char_two->p.tpBasis = ASN1_INTEGER_new();
756 if (!char_two->p.tpBasis) {
757 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
758 goto err;
759 }
760 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
761 ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
762 ERR_R_ASN1_LIB);
763 goto err;
764 }
765 } else if (field_type == NID_X9_62_ppBasis) {
766 unsigned int k1, k2, k3;
767
768 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
769 goto err;
770
771 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
772 if (!char_two->p.ppBasis) {
773 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
774 goto err;
775 }
776 /* set k? values */
777 char_two->p.ppBasis->k1 = (long) k1;
778 char_two->p.ppBasis->k2 = (long) k2;
779 char_two->p.ppBasis->k3 = (long) k3;
780 } else { /* field_type == NID_X9_62_onBasis */
781 /* for ONB the parameters are (asn1) NULL */
782 char_two->p.onBasis = ASN1_NULL_new();
783 if (!char_two->p.onBasis) {
784 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
785 goto err;
786 }
787 }
788 }
789 #endif
790
791 ok = 1;
792
793 err:
794 BN_free(tmp);
795 return (ok);
796 }
797
798 static int
799 ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
800 {
801 int ok = 0, nid;
802 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
803 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL,
804 *b_buf = NULL;
805 size_t len_1, len_2;
806 unsigned char char_zero = 0;
807
808 if (!group || !curve || !curve->a || !curve->b)
809 return 0;
810
811 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
812 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
813 goto err;
814 }
815 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
816
817 /* get a and b */
818 if (nid == NID_X9_62_prime_field) {
819 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
820 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
821 goto err;
822 }
823 }
824 #ifndef OPENSSL_NO_EC2M
825 else { /* nid == NID_X9_62_characteristic_two_field */
826 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
827 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
828 goto err;
829 }
830 }
831 #endif
832 len_1 = (size_t) BN_num_bytes(tmp_1);
833 len_2 = (size_t) BN_num_bytes(tmp_2);
834
835 if (len_1 == 0) {
836 /* len_1 == 0 => a == 0 */
837 a_buf = &char_zero;
838 len_1 = 1;
839 } else {
840 if ((buffer_1 = malloc(len_1)) == NULL) {
841 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
842 ERR_R_MALLOC_FAILURE);
843 goto err;
844 }
845 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
846 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
847 goto err;
848 }
849 a_buf = buffer_1;
850 }
851
852 if (len_2 == 0) {
853 /* len_2 == 0 => b == 0 */
854 b_buf = &char_zero;
855 len_2 = 1;
856 } else {
857 if ((buffer_2 = malloc(len_2)) == NULL) {
858 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
859 ERR_R_MALLOC_FAILURE);
860 goto err;
861 }
862 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
863 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
864 goto err;
865 }
866 b_buf = buffer_2;
867 }
868
869 /* set a and b */
870 if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
871 !ASN1_STRING_set(curve->b, b_buf, len_2)) {
872 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
873 goto err;
874 }
875 /* set the seed (optional) */
876 if (group->seed) {
877 if (!curve->seed)
878 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
879 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
880 goto err;
881 }
882 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
883 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
884 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
885 (int) group->seed_len)) {
886 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
887 goto err;
888 }
889 } else {
890 if (curve->seed) {
891 ASN1_BIT_STRING_free(curve->seed);
892 curve->seed = NULL;
893 }
894 }
895
896 ok = 1;
897
898 err:
899 free(buffer_1);
900 free(buffer_2);
901 BN_free(tmp_1);
902 BN_free(tmp_2);
903 return (ok);
904 }
905
906 static ECPARAMETERS *
907 ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
908 {
909 int ok = 0;
910 size_t len = 0;
911 ECPARAMETERS *ret = NULL;
912 BIGNUM *tmp = NULL;
913 unsigned char *buffer = NULL;
914 const EC_POINT *point = NULL;
915 point_conversion_form_t form;
916
917 if ((tmp = BN_new()) == NULL) {
918 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
919 goto err;
920 }
921 if (param == NULL) {
922 if ((ret = ECPARAMETERS_new()) == NULL) {
923 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
924 ERR_R_MALLOC_FAILURE);
925 goto err;
926 }
927 } else
928 ret = param;
929
930 /* set the version (always one) */
931 ret->version = (long) 0x1;
932
933 /* set the fieldID */
934 if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
935 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
936 goto err;
937 }
938 /* set the curve */
939 if (!ec_asn1_group2curve(group, ret->curve)) {
940 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
941 goto err;
942 }
943 /* set the base point */
944 if ((point = EC_GROUP_get0_generator(group)) == NULL) {
945 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
946 goto err;
947 }
948 form = EC_GROUP_get_point_conversion_form(group);
949
950 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
951 if (len == 0) {
952 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
953 goto err;
954 }
955 if ((buffer = malloc(len)) == NULL) {
956 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
957 goto err;
958 }
959 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
960 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
961 goto err;
962 }
963 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
964 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
965 goto err;
966 }
967 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
968 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
969 goto err;
970 }
971 /* set the order */
972 if (!EC_GROUP_get_order(group, tmp, NULL)) {
973 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
974 goto err;
975 }
976 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
977 if (ret->order == NULL) {
978 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
979 goto err;
980 }
981 /* set the cofactor (optional) */
982 if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
983 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
984 if (ret->cofactor == NULL) {
985 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
986 goto err;
987 }
988 }
989 ok = 1;
990
991 err: if (!ok) {
992 if (ret && !param)
993 ECPARAMETERS_free(ret);
994 ret = NULL;
995 }
996 BN_free(tmp);
997 free(buffer);
998 return (ret);
999 }
1000
1001 ECPKPARAMETERS *
1002 ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
1003 {
1004 int ok = 1, tmp;
1005 ECPKPARAMETERS *ret = params;
1006
1007 if (ret == NULL) {
1008 if ((ret = ECPKPARAMETERS_new()) == NULL) {
1009 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
1010 ERR_R_MALLOC_FAILURE);
1011 return NULL;
1012 }
1013 } else {
1014 if (ret->type == 0 && ret->value.named_curve)
1015 ASN1_OBJECT_free(ret->value.named_curve);
1016 else if (ret->type == 1 && ret->value.parameters)
1017 ECPARAMETERS_free(ret->value.parameters);
1018 }
1019
1020 if (EC_GROUP_get_asn1_flag(group)) {
1021 /*
1022 * use the asn1 OID to describe the elliptic curve
1023 * parameters
1024 */
1025 tmp = EC_GROUP_get_curve_name(group);
1026 if (tmp) {
1027 ret->type = 0;
1028 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
1029 ok = 0;
1030 } else
1031 /* we don't kmow the nid => ERROR */
1032 ok = 0;
1033 } else {
1034 /* use the ECPARAMETERS structure */
1035 ret->type = 1;
1036 if ((ret->value.parameters = ec_asn1_group2parameters(
1037 group, NULL)) == NULL)
1038 ok = 0;
1039 }
1040
1041 if (!ok) {
1042 ECPKPARAMETERS_free(ret);
1043 return NULL;
1044 }
1045 return ret;
1046 }
1047
1048 static EC_GROUP *
1049 ec_asn1_parameters2group(const ECPARAMETERS * params)
1050 {
1051 int ok = 0, tmp;
1052 EC_GROUP *ret = NULL;
1053 BIGNUM *p = NULL, *a = NULL, *b = NULL;
1054 EC_POINT *point = NULL;
1055 long field_bits;
1056
1057 if (!params->fieldID || !params->fieldID->fieldType ||
1058 !params->fieldID->p.ptr) {
1059 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1060 goto err;
1061 }
1062 /* now extract the curve parameters a and b */
1063 if (!params->curve || !params->curve->a ||
1064 !params->curve->a->data || !params->curve->b ||
1065 !params->curve->b->data) {
1066 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1067 goto err;
1068 }
1069 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
1070 if (a == NULL) {
1071 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
1072 goto err;
1073 }
1074 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
1075 if (b == NULL) {
1076 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
1077 goto err;
1078 }
1079 /* get the field parameters */
1080 tmp = OBJ_obj2nid(params->fieldID->fieldType);
1081 if (tmp == NID_X9_62_characteristic_two_field)
1082 #ifdef OPENSSL_NO_EC2M
1083 {
1084 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
1085 goto err;
1086 }
1087 #else
1088 {
1089 X9_62_CHARACTERISTIC_TWO *char_two;
1090
1091 char_two = params->fieldID->p.char_two;
1092
1093 field_bits = char_two->m;
1094 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1095 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
1096 goto err;
1097 }
1098 if ((p = BN_new()) == NULL) {
1099 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
1100 goto err;
1101 }
1102 /* get the base type */
1103 tmp = OBJ_obj2nid(char_two->type);
1104
1105 if (tmp == NID_X9_62_tpBasis) {
1106 long tmp_long;
1107
1108 if (!char_two->p.tpBasis) {
1109 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1110 goto err;
1111 }
1112 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
1113
1114 if (!(char_two->m > tmp_long && tmp_long > 0)) {
1115 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
1116 goto err;
1117 }
1118 /* create the polynomial */
1119 if (!BN_set_bit(p, (int) char_two->m))
1120 goto err;
1121 if (!BN_set_bit(p, (int) tmp_long))
1122 goto err;
1123 if (!BN_set_bit(p, 0))
1124 goto err;
1125 } else if (tmp == NID_X9_62_ppBasis) {
1126 X9_62_PENTANOMIAL *penta;
1127
1128 penta = char_two->p.ppBasis;
1129 if (!penta) {
1130 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1131 goto err;
1132 }
1133 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
1134 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
1135 goto err;
1136 }
1137 /* create the polynomial */
1138 if (!BN_set_bit(p, (int) char_two->m))
1139 goto err;
1140 if (!BN_set_bit(p, (int) penta->k1))
1141 goto err;
1142 if (!BN_set_bit(p, (int) penta->k2))
1143 goto err;
1144 if (!BN_set_bit(p, (int) penta->k3))
1145 goto err;
1146 if (!BN_set_bit(p, 0))
1147 goto err;
1148 } else if (tmp == NID_X9_62_onBasis) {
1149 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
1150 goto err;
1151 } else { /* error */
1152 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1153 goto err;
1154 }
1155
1156 /* create the EC_GROUP structure */
1157 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
1158 }
1159 #endif
1160 else if (tmp == NID_X9_62_prime_field) {
1161 /* we have a curve over a prime field */
1162 /* extract the prime number */
1163 if (!params->fieldID->p.prime) {
1164 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1165 goto err;
1166 }
1167 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
1168 if (p == NULL) {
1169 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
1170 goto err;
1171 }
1172 if (BN_is_negative(p) || BN_is_zero(p)) {
1173 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
1174 goto err;
1175 }
1176 field_bits = BN_num_bits(p);
1177 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1178 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
1179 goto err;
1180 }
1181 /* create the EC_GROUP structure */
1182 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
1183 } else {
1184 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
1185 goto err;
1186 }
1187
1188 if (ret == NULL) {
1189 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
1190 goto err;
1191 }
1192 /* extract seed (optional) */
1193 if (params->curve->seed != NULL) {
1194 free(ret->seed);
1195 if (!(ret->seed = malloc(params->curve->seed->length))) {
1196 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
1197 ERR_R_MALLOC_FAILURE);
1198 goto err;
1199 }
1200 memcpy(ret->seed, params->curve->seed->data,
1201 params->curve->seed->length);
1202 ret->seed_len = params->curve->seed->length;
1203 }
1204 if (!params->order || !params->base || !params->base->data) {
1205 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1206 goto err;
1207 }
1208 if ((point = EC_POINT_new(ret)) == NULL)
1209 goto err;
1210
1211 /* set the point conversion form */
1212 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
1213 (params->base->data[0] & ~0x01));
1214
1215 /* extract the ec point */
1216 if (!EC_POINT_oct2point(ret, point, params->base->data,
1217 params->base->length, NULL)) {
1218 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
1219 goto err;
1220 }
1221 /* extract the order */
1222 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
1223 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
1224 goto err;
1225 }
1226 if (BN_is_negative(a) || BN_is_zero(a)) {
1227 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
1228 goto err;
1229 }
1230 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */
1231 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
1232 goto err;
1233 }
1234 /* extract the cofactor (optional) */
1235 if (params->cofactor == NULL) {
1236 BN_free(b);
1237 b = NULL;
1238 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
1239 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
1240 goto err;
1241 }
1242 /* set the generator, order and cofactor (if present) */
1243 if (!EC_GROUP_set_generator(ret, point, a, b)) {
1244 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
1245 goto err;
1246 }
1247 ok = 1;
1248
1249 err: if (!ok) {
1250 EC_GROUP_clear_free(ret);
1251 ret = NULL;
1252 }
1253 BN_free(p);
1254 BN_free(a);
1255 BN_free(b);
1256 EC_POINT_free(point);
1257 return (ret);
1258 }
1259
1260 EC_GROUP *
1261 ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
1262 {
1263 EC_GROUP *ret = NULL;
1264 int tmp = 0;
1265
1266 if (params == NULL) {
1267 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
1268 EC_R_MISSING_PARAMETERS);
1269 return NULL;
1270 }
1271 if (params->type == 0) {/* the curve is given by an OID */
1272 tmp = OBJ_obj2nid(params->value.named_curve);
1273 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
1274 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
1275 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1276 return NULL;
1277 }
1278 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
1279 } else if (params->type == 1) { /* the parameters are given by a
1280 * ECPARAMETERS structure */
1281 ret = ec_asn1_parameters2group(params->value.parameters);
1282 if (!ret) {
1283 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
1284 return NULL;
1285 }
1286 EC_GROUP_set_asn1_flag(ret, 0x0);
1287 } else if (params->type == 2) { /* implicitlyCA */
1288 return NULL;
1289 } else {
1290 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
1291 return NULL;
1292 }
1293
1294 return ret;
1295 }
1296
1297 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1298
1299 EC_GROUP *
1300 d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
1301 {
1302 EC_GROUP *group = NULL;
1303 ECPKPARAMETERS *params = NULL;
1304
1305 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
1306 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
1307 goto err;
1308 }
1309 if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
1310 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
1311 goto err;
1312 }
1313
1314 if (a != NULL) {
1315 EC_GROUP_clear_free(*a);
1316 *a = group;
1317 }
1318
1319 err:
1320 ECPKPARAMETERS_free(params);
1321 return (group);
1322 }
1323
1324 int
1325 i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
1326 {
1327 int ret = 0;
1328 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1329 if (tmp == NULL) {
1330 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
1331 return 0;
1332 }
1333 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
1334 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
1335 ECPKPARAMETERS_free(tmp);
1336 return 0;
1337 }
1338 ECPKPARAMETERS_free(tmp);
1339 return (ret);
1340 }
1341
1342 /* some EC_KEY functions */
1343
1344 EC_KEY *
1345 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1346 {
1347 EC_KEY *ret = NULL;
1348 EC_PRIVATEKEY *priv_key = NULL;
1349
1350 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1351 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1352 return NULL;
1353 }
1354 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
1355 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1356 EC_PRIVATEKEY_free(priv_key);
1357 return NULL;
1358 }
1359 if (a == NULL || *a == NULL) {
1360 if ((ret = EC_KEY_new()) == NULL) {
1361 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1362 goto err;
1363 }
1364 } else
1365 ret = *a;
1366
1367 if (priv_key->parameters) {
1368 EC_GROUP_clear_free(ret->group);
1369 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1370 }
1371 if (ret->group == NULL) {
1372 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1373 goto err;
1374 }
1375 ret->version = priv_key->version;
1376
1377 if (priv_key->privateKey) {
1378 ret->priv_key = BN_bin2bn(
1379 ASN1_STRING_data(priv_key->privateKey),
1380 ASN1_STRING_length(priv_key->privateKey),
1381 ret->priv_key);
1382 if (ret->priv_key == NULL) {
1383 ECerr(EC_F_D2I_ECPRIVATEKEY,
1384 ERR_R_BN_LIB);
1385 goto err;
1386 }
1387 } else {
1388 ECerr(EC_F_D2I_ECPRIVATEKEY,
1389 EC_R_MISSING_PRIVATE_KEY);
1390 goto err;
1391 }
1392
1393 if (priv_key->publicKey) {
1394 const unsigned char *pub_oct;
1395 size_t pub_oct_len;
1396
1397 EC_POINT_clear_free(ret->pub_key);
1398 ret->pub_key = EC_POINT_new(ret->group);
1399 if (ret->pub_key == NULL) {
1400 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1401 goto err;
1402 }
1403 pub_oct = ASN1_STRING_data(priv_key->publicKey);
1404 pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
1405 /* save the point conversion form */
1406 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
1407 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1408 pub_oct, pub_oct_len, NULL)) {
1409 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1410 goto err;
1411 }
1412 }
1413
1414 EC_PRIVATEKEY_free(priv_key);
1415 if (a != NULL)
1416 *a = ret;
1417 return (ret);
1418
1419 err:
1420 if (a == NULL || *a != ret)
1421 EC_KEY_free(ret);
1422 if (priv_key)
1423 EC_PRIVATEKEY_free(priv_key);
1424
1425 return (NULL);
1426 }
1427
1428 int
1429 i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1430 {
1431 int ret = 0, ok = 0;
1432 unsigned char *buffer = NULL;
1433 size_t buf_len = 0, tmp_len;
1434 EC_PRIVATEKEY *priv_key = NULL;
1435
1436 if (a == NULL || a->group == NULL || a->priv_key == NULL) {
1437 ECerr(EC_F_I2D_ECPRIVATEKEY,
1438 ERR_R_PASSED_NULL_PARAMETER);
1439 goto err;
1440 }
1441 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1442 ECerr(EC_F_I2D_ECPRIVATEKEY,
1443 ERR_R_MALLOC_FAILURE);
1444 goto err;
1445 }
1446 priv_key->version = a->version;
1447
1448 buf_len = (size_t) BN_num_bytes(a->priv_key);
1449 buffer = malloc(buf_len);
1450 if (buffer == NULL) {
1451 ECerr(EC_F_I2D_ECPRIVATEKEY,
1452 ERR_R_MALLOC_FAILURE);
1453 goto err;
1454 }
1455 if (!BN_bn2bin(a->priv_key, buffer)) {
1456 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
1457 goto err;
1458 }
1459 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
1460 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1461 goto err;
1462 }
1463 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1464 if ((priv_key->parameters = ec_asn1_group2pkparameters(
1465 a->group, priv_key->parameters)) == NULL) {
1466 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1467 goto err;
1468 }
1469 }
1470 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
1471 priv_key->publicKey = ASN1_BIT_STRING_new();
1472 if (priv_key->publicKey == NULL) {
1473 ECerr(EC_F_I2D_ECPRIVATEKEY,
1474 ERR_R_MALLOC_FAILURE);
1475 goto err;
1476 }
1477 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
1478 a->conv_form, NULL, 0, NULL);
1479
1480 if (tmp_len > buf_len) {
1481 unsigned char *tmp_buffer = realloc(buffer, tmp_len);
1482 if (!tmp_buffer) {
1483 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1484 goto err;
1485 }
1486 buffer = tmp_buffer;
1487 buf_len = tmp_len;
1488 }
1489 if (!EC_POINT_point2oct(a->group, a->pub_key,
1490 a->conv_form, buffer, buf_len, NULL)) {
1491 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1492 goto err;
1493 }
1494 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1495 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1496 if (!ASN1_STRING_set(priv_key->publicKey, buffer,
1497 buf_len)) {
1498 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1499 goto err;
1500 }
1501 }
1502 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1503 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1504 goto err;
1505 }
1506 ok = 1;
1507 err:
1508 free(buffer);
1509 if (priv_key)
1510 EC_PRIVATEKEY_free(priv_key);
1511 return (ok ? ret : 0);
1512 }
1513
1514 int
1515 i2d_ECParameters(EC_KEY * a, unsigned char **out)
1516 {
1517 if (a == NULL) {
1518 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1519 return 0;
1520 }
1521 return i2d_ECPKParameters(a->group, out);
1522 }
1523
1524 EC_KEY *
1525 d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
1526 {
1527 EC_KEY *ret;
1528
1529 if (in == NULL || *in == NULL) {
1530 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1531 return NULL;
1532 }
1533 if (a == NULL || *a == NULL) {
1534 if ((ret = EC_KEY_new()) == NULL) {
1535 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
1536 return NULL;
1537 }
1538 } else
1539 ret = *a;
1540
1541 if (!d2i_ECPKParameters(&ret->group, in, len)) {
1542 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
1543 if (a == NULL || *a != ret)
1544 EC_KEY_free(ret);
1545 return NULL;
1546 }
1547
1548 if (a != NULL)
1549 *a = ret;
1550 return ret;
1551 }
1552
1553 EC_KEY *
1554 o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
1555 {
1556 EC_KEY *ret = NULL;
1557
1558 if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
1559 /*
1560 * sorry, but a EC_GROUP-structur is necessary to set the
1561 * public key
1562 */
1563 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1564 return 0;
1565 }
1566 ret = *a;
1567 if (ret->pub_key == NULL &&
1568 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
1569 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1570 return 0;
1571 }
1572 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
1573 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
1574 return 0;
1575 }
1576 /* save the point conversion form */
1577 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
1578 *in += len;
1579 return ret;
1580 }
1581
1582 int
1583 i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
1584 {
1585 size_t buf_len = 0;
1586 int new_buffer = 0;
1587
1588 if (a == NULL) {
1589 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1590 return 0;
1591 }
1592 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1593 a->conv_form, NULL, 0, NULL);
1594
1595 if (out == NULL || buf_len == 0)
1596 /* out == NULL => just return the length of the octet string */
1597 return buf_len;
1598
1599 if (*out == NULL) {
1600 if ((*out = malloc(buf_len)) == NULL) {
1601 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1602 return 0;
1603 }
1604 new_buffer = 1;
1605 }
1606 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1607 *out, buf_len, NULL)) {
1608 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
1609 if (new_buffer) {
1610 free(*out);
1611 *out = NULL;
1612 }
1613 return 0;
1614 }
1615 if (!new_buffer)
1616 *out += buf_len;
1617 return buf_len;
1618 }
DragonFly BSD