1/* crypto/ec/ec_asn1.c */ 2/* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2000-2019 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <string.h> 60#include "ec_lcl.h" 61#include <openssl/err.h> 62#include <openssl/asn1t.h> 63#include <openssl/objects.h> 64 65#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) 66 67int EC_GROUP_get_basis_type(const EC_GROUP *group) 68{ 69 int i; 70 71 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 72 NID_X9_62_characteristic_two_field) 73 /* everything else is currently not supported */ 74 return 0; 75 76 /* Find the last non-zero element of group->poly[] */ 77 for (i = 0; 78 i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; 79 i++) 80 continue; 81 82 if (i == 4) 83 return NID_X9_62_ppBasis; 84 else if (i == 2) 85 return NID_X9_62_tpBasis; 86 else 87 /* everything else is currently not supported */ 88 return 0; 89} 90 91#ifndef OPENSSL_NO_EC2M 92int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) 93{ 94 if (group == NULL) 95 return 0; 96 97 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 98 NID_X9_62_characteristic_two_field 99 || !((group->poly[0] != 0) && (group->poly[1] != 0) 100 && (group->poly[2] == 0))) { 101 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 102 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 103 return 0; 104 } 105 106 if (k) 107 *k = group->poly[1]; 108 109 return 1; 110} 111 112int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, 113 unsigned int *k2, unsigned int *k3) 114{ 115 if (group == NULL) 116 return 0; 117 118 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 119 NID_X9_62_characteristic_two_field 120 || !((group->poly[0] != 0) && (group->poly[1] != 0) 121 && (group->poly[2] != 0) && (group->poly[3] != 0) 122 && (group->poly[4] == 0))) { 123 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 124 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 125 return 0; 126 } 127 128 if (k1) 129 *k1 = group->poly[3]; 130 if (k2) 131 *k2 = group->poly[2]; 132 if (k3) 133 *k3 = group->poly[1]; 134 135 return 1; 136} 137#endif 138 139/* some structures needed for the asn1 encoding */ 140typedef struct x9_62_pentanomial_st { 141 long k1; 142 long k2; 143 long k3; 144} X9_62_PENTANOMIAL; 145 146typedef struct x9_62_characteristic_two_st { 147 long m; 148 ASN1_OBJECT *type; 149 union { 150 char *ptr; 151 /* NID_X9_62_onBasis */ 152 ASN1_NULL *onBasis; 153 /* NID_X9_62_tpBasis */ 154 ASN1_INTEGER *tpBasis; 155 /* NID_X9_62_ppBasis */ 156 X9_62_PENTANOMIAL *ppBasis; 157 /* anything else */ 158 ASN1_TYPE *other; 159 } p; 160} X9_62_CHARACTERISTIC_TWO; 161 162typedef struct x9_62_fieldid_st { 163 ASN1_OBJECT *fieldType; 164 union { 165 char *ptr; 166 /* NID_X9_62_prime_field */ 167 ASN1_INTEGER *prime; 168 /* NID_X9_62_characteristic_two_field */ 169 X9_62_CHARACTERISTIC_TWO *char_two; 170 /* anything else */ 171 ASN1_TYPE *other; 172 } p; 173} X9_62_FIELDID; 174 175typedef struct x9_62_curve_st { 176 ASN1_OCTET_STRING *a; 177 ASN1_OCTET_STRING *b; 178 ASN1_BIT_STRING *seed; 179} X9_62_CURVE; 180 181typedef struct ec_parameters_st { 182 long version; 183 X9_62_FIELDID *fieldID; 184 X9_62_CURVE *curve; 185 ASN1_OCTET_STRING *base; 186 ASN1_INTEGER *order; 187 ASN1_INTEGER *cofactor; 188} ECPARAMETERS; 189 190struct ecpk_parameters_st { 191 int type; 192 union { 193 ASN1_OBJECT *named_curve; 194 ECPARAMETERS *parameters; 195 ASN1_NULL *implicitlyCA; 196 } value; 197} /* ECPKPARAMETERS */ ; 198 199/* SEC1 ECPrivateKey */ 200typedef struct ec_privatekey_st { 201 long version; 202 ASN1_OCTET_STRING *privateKey; 203 ECPKPARAMETERS *parameters; 204 ASN1_BIT_STRING *publicKey; 205} EC_PRIVATEKEY; 206 207/* the OpenSSL ASN.1 definitions */ 208ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { 209 ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), 210 ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), 211 ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) 212} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) 213 214DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 215IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 216 217ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); 218 219ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { 220 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), 221 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), 222 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) 223} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); 224 225ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { 226 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), 227 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), 228 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) 229} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) 230 231DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 232IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 233 234ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); 235 236ASN1_ADB(X9_62_FIELDID) = { 237 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), 238 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) 239} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); 240 241ASN1_SEQUENCE(X9_62_FIELDID) = { 242 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), 243 ASN1_ADB_OBJECT(X9_62_FIELDID) 244} ASN1_SEQUENCE_END(X9_62_FIELDID) 245 246ASN1_SEQUENCE(X9_62_CURVE) = { 247 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), 248 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), 249 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) 250} ASN1_SEQUENCE_END(X9_62_CURVE) 251 252ASN1_SEQUENCE(ECPARAMETERS) = { 253 ASN1_SIMPLE(ECPARAMETERS, version, LONG), 254 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), 255 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), 256 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), 257 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), 258 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) 259} ASN1_SEQUENCE_END(ECPARAMETERS) 260 261DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 262IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 263 264ASN1_CHOICE(ECPKPARAMETERS) = { 265 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), 266 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), 267 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) 268} ASN1_CHOICE_END(ECPKPARAMETERS) 269 270DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) 271DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) 272IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) 273 274ASN1_SEQUENCE(EC_PRIVATEKEY) = { 275 ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), 276 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), 277 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), 278 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) 279} ASN1_SEQUENCE_END(EC_PRIVATEKEY) 280 281DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) 282DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY) 283IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) 284 285/* some declarations of internal function */ 286 287/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 288static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 289/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 290static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 291/* 292 * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS 293 * object 294 */ 295static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 296/* 297 * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP 298 * object 299 */ 300static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, 301 ECPARAMETERS *); 302/* 303 * ec_asn1_pkparameters2group() creates a EC_GROUP object from a 304 * ECPKPARAMETERS object 305 */ 306static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 307/* 308 * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 309 * EC_GROUP object 310 */ 311static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 312 ECPKPARAMETERS *); 313 314/* the function definitions */ 315 316static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) 317{ 318 int ok = 0, nid; 319 BIGNUM *tmp = NULL; 320 321 if (group == NULL || field == NULL) 322 return 0; 323 324 /* clear the old values (if necessary) */ 325 if (field->fieldType != NULL) 326 ASN1_OBJECT_free(field->fieldType); 327 if (field->p.other != NULL) 328 ASN1_TYPE_free(field->p.other); 329 330 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 331 /* set OID for the field */ 332 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 333 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 334 goto err; 335 } 336 337 if (nid == NID_X9_62_prime_field) { 338 if ((tmp = BN_new()) == NULL) { 339 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 340 goto err; 341 } 342 /* the parameters are specified by the prime number p */ 343 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { 344 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 345 goto err; 346 } 347 /* set the prime number */ 348 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 349 if (field->p.prime == NULL) { 350 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 351 goto err; 352 } 353 } else /* nid == NID_X9_62_characteristic_two_field */ 354#ifdef OPENSSL_NO_EC2M 355 { 356 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED); 357 goto err; 358 } 359#else 360 { 361 int field_type; 362 X9_62_CHARACTERISTIC_TWO *char_two; 363 364 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 365 char_two = field->p.char_two; 366 367 if (char_two == NULL) { 368 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 369 goto err; 370 } 371 372 char_two->m = (long)EC_GROUP_get_degree(group); 373 374 field_type = EC_GROUP_get_basis_type(group); 375 376 if (field_type == 0) { 377 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 378 goto err; 379 } 380 /* set base type OID */ 381 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 382 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 383 goto err; 384 } 385 386 if (field_type == NID_X9_62_tpBasis) { 387 unsigned int k; 388 389 if (!EC_GROUP_get_trinomial_basis(group, &k)) 390 goto err; 391 392 char_two->p.tpBasis = ASN1_INTEGER_new(); 393 if (!char_two->p.tpBasis) { 394 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 395 goto err; 396 } 397 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { 398 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 399 goto err; 400 } 401 } else if (field_type == NID_X9_62_ppBasis) { 402 unsigned int k1, k2, k3; 403 404 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 405 goto err; 406 407 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 408 if (!char_two->p.ppBasis) { 409 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 410 goto err; 411 } 412 413 /* set k? values */ 414 char_two->p.ppBasis->k1 = (long)k1; 415 char_two->p.ppBasis->k2 = (long)k2; 416 char_two->p.ppBasis->k3 = (long)k3; 417 } else { /* field_type == NID_X9_62_onBasis */ 418 419 /* for ONB the parameters are (asn1) NULL */ 420 char_two->p.onBasis = ASN1_NULL_new(); 421 if (!char_two->p.onBasis) { 422 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 423 goto err; 424 } 425 } 426 } 427#endif 428 429 ok = 1; 430 431 err:if (tmp) 432 BN_free(tmp); 433 return (ok); 434} 435 436static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) 437{ 438 int ok = 0, nid; 439 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 440 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, 441 *a_buf = NULL, *b_buf = NULL; 442 size_t len_1, len_2; 443 unsigned char char_zero = 0; 444 445 if (!group || !curve || !curve->a || !curve->b) 446 return 0; 447 448 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 449 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 450 goto err; 451 } 452 453 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 454 455 /* get a and b */ 456 if (nid == NID_X9_62_prime_field) { 457 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { 458 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 459 goto err; 460 } 461 } 462#ifndef OPENSSL_NO_EC2M 463 else { /* nid == NID_X9_62_characteristic_two_field */ 464 465 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { 466 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 467 goto err; 468 } 469 } 470#endif 471 len_1 = (size_t)BN_num_bytes(tmp_1); 472 len_2 = (size_t)BN_num_bytes(tmp_2); 473 474 if (len_1 == 0) { 475 /* len_1 == 0 => a == 0 */ 476 a_buf = &char_zero; 477 len_1 = 1; 478 } else { 479 if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { 480 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 481 goto err; 482 } 483 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 484 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 485 goto err; 486 } 487 a_buf = buffer_1; 488 } 489 490 if (len_2 == 0) { 491 /* len_2 == 0 => b == 0 */ 492 b_buf = &char_zero; 493 len_2 = 1; 494 } else { 495 if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { 496 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 497 goto err; 498 } 499 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 500 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 501 goto err; 502 } 503 b_buf = buffer_2; 504 } 505 506 /* set a and b */ 507 if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || 508 !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { 509 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 510 goto err; 511 } 512 513 /* set the seed (optional) */ 514 if (group->seed) { 515 if (!curve->seed) 516 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 517 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 518 goto err; 519 } 520 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 521 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 522 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 523 (int)group->seed_len)) { 524 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 525 goto err; 526 } 527 } else { 528 if (curve->seed) { 529 ASN1_BIT_STRING_free(curve->seed); 530 curve->seed = NULL; 531 } 532 } 533 534 ok = 1; 535 536 err:if (buffer_1) 537 OPENSSL_free(buffer_1); 538 if (buffer_2) 539 OPENSSL_free(buffer_2); 540 if (tmp_1) 541 BN_free(tmp_1); 542 if (tmp_2) 543 BN_free(tmp_2); 544 return (ok); 545} 546 547static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, 548 ECPARAMETERS *param) 549{ 550 int ok = 0; 551 size_t len = 0; 552 ECPARAMETERS *ret = NULL; 553 BIGNUM *tmp = NULL; 554 unsigned char *buffer = NULL; 555 const EC_POINT *point = NULL; 556 point_conversion_form_t form; 557 558 if ((tmp = BN_new()) == NULL) { 559 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 560 goto err; 561 } 562 563 if (param == NULL) { 564 if ((ret = ECPARAMETERS_new()) == NULL) { 565 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 566 goto err; 567 } 568 } else 569 ret = param; 570 571 /* set the version (always one) */ 572 ret->version = (long)0x1; 573 574 /* set the fieldID */ 575 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 576 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 577 goto err; 578 } 579 580 /* set the curve */ 581 if (!ec_asn1_group2curve(group, ret->curve)) { 582 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 583 goto err; 584 } 585 586 /* set the base point */ 587 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 588 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); 589 goto err; 590 } 591 592 form = EC_GROUP_get_point_conversion_form(group); 593 594 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 595 if (len == 0) { 596 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 597 goto err; 598 } 599 if ((buffer = OPENSSL_malloc(len)) == NULL) { 600 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 601 goto err; 602 } 603 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 604 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 605 goto err; 606 } 607 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 608 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 609 goto err; 610 } 611 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 612 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 613 goto err; 614 } 615 616 /* set the order */ 617 if (!EC_GROUP_get_order(group, tmp, NULL)) { 618 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 619 goto err; 620 } 621 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 622 if (ret->order == NULL) { 623 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 624 goto err; 625 } 626 627 /* set the cofactor (optional) */ 628 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 629 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 630 if (ret->cofactor == NULL) { 631 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 632 goto err; 633 } 634 } 635 636 ok = 1; 637 638 err:if (!ok) { 639 if (ret && !param) 640 ECPARAMETERS_free(ret); 641 ret = NULL; 642 } 643 if (tmp) 644 BN_free(tmp); 645 if (buffer) 646 OPENSSL_free(buffer); 647 return (ret); 648} 649 650ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, 651 ECPKPARAMETERS *params) 652{ 653 int ok = 1, tmp; 654 ECPKPARAMETERS *ret = params; 655 656 if (ret == NULL) { 657 if ((ret = ECPKPARAMETERS_new()) == NULL) { 658 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE); 659 return NULL; 660 } 661 } else { 662 if (ret->type == 0 && ret->value.named_curve) 663 ASN1_OBJECT_free(ret->value.named_curve); 664 else if (ret->type == 1 && ret->value.parameters) 665 ECPARAMETERS_free(ret->value.parameters); 666 } 667 668 if (EC_GROUP_get_asn1_flag(group)) { 669 /* 670 * use the asn1 OID to describe the the elliptic curve parameters 671 */ 672 tmp = EC_GROUP_get_curve_name(group); 673 if (tmp) { 674 ret->type = 0; 675 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 676 ok = 0; 677 } else 678 /* we don't kmow the nid => ERROR */ 679 ok = 0; 680 } else { 681 /* use the ECPARAMETERS structure */ 682 ret->type = 1; 683 if ((ret->value.parameters = 684 ec_asn1_group2parameters(group, NULL)) == NULL) 685 ok = 0; 686 } 687 688 if (!ok) { 689 ECPKPARAMETERS_free(ret); 690 return NULL; 691 } 692 return ret; 693} 694 695static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) 696{ 697 int ok = 0, tmp; 698 EC_GROUP *ret = NULL, *dup = NULL; 699 BIGNUM *p = NULL, *a = NULL, *b = NULL; 700 EC_POINT *point = NULL; 701 long field_bits; 702 int curve_name = NID_undef; 703 BN_CTX *ctx = NULL; 704 705 if (!params->fieldID || !params->fieldID->fieldType || 706 !params->fieldID->p.ptr) { 707 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 708 goto err; 709 } 710 711 /* now extract the curve parameters a and b */ 712 if (!params->curve || !params->curve->a || 713 !params->curve->a->data || !params->curve->b || 714 !params->curve->b->data) { 715 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 716 goto err; 717 } 718 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 719 if (a == NULL) { 720 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 721 goto err; 722 } 723 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 724 if (b == NULL) { 725 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 726 goto err; 727 } 728 729 /* get the field parameters */ 730 tmp = OBJ_obj2nid(params->fieldID->fieldType); 731 if (tmp == NID_X9_62_characteristic_two_field) 732#ifdef OPENSSL_NO_EC2M 733 { 734 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED); 735 goto err; 736 } 737#else 738 { 739 X9_62_CHARACTERISTIC_TWO *char_two; 740 741 char_two = params->fieldID->p.char_two; 742 743 field_bits = char_two->m; 744 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 745 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 746 goto err; 747 } 748 749 if ((p = BN_new()) == NULL) { 750 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 751 goto err; 752 } 753 754 /* get the base type */ 755 tmp = OBJ_obj2nid(char_two->type); 756 757 if (tmp == NID_X9_62_tpBasis) { 758 long tmp_long; 759 760 if (!char_two->p.tpBasis) { 761 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 762 goto err; 763 } 764 765 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 766 767 if (!(char_two->m > tmp_long && tmp_long > 0)) { 768 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 769 EC_R_INVALID_TRINOMIAL_BASIS); 770 goto err; 771 } 772 773 /* create the polynomial */ 774 if (!BN_set_bit(p, (int)char_two->m)) 775 goto err; 776 if (!BN_set_bit(p, (int)tmp_long)) 777 goto err; 778 if (!BN_set_bit(p, 0)) 779 goto err; 780 } else if (tmp == NID_X9_62_ppBasis) { 781 X9_62_PENTANOMIAL *penta; 782 783 penta = char_two->p.ppBasis; 784 if (!penta) { 785 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 786 goto err; 787 } 788 789 if (! 790 (char_two->m > penta->k3 && penta->k3 > penta->k2 791 && penta->k2 > penta->k1 && penta->k1 > 0)) { 792 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 793 EC_R_INVALID_PENTANOMIAL_BASIS); 794 goto err; 795 } 796 797 /* create the polynomial */ 798 if (!BN_set_bit(p, (int)char_two->m)) 799 goto err; 800 if (!BN_set_bit(p, (int)penta->k1)) 801 goto err; 802 if (!BN_set_bit(p, (int)penta->k2)) 803 goto err; 804 if (!BN_set_bit(p, (int)penta->k3)) 805 goto err; 806 if (!BN_set_bit(p, 0)) 807 goto err; 808 } else if (tmp == NID_X9_62_onBasis) { 809 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); 810 goto err; 811 } else { /* error */ 812 813 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 814 goto err; 815 } 816 817 /* create the EC_GROUP structure */ 818 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 819 } 820#endif 821 else if (tmp == NID_X9_62_prime_field) { 822 /* we have a curve over a prime field */ 823 /* extract the prime number */ 824 if (!params->fieldID->p.prime) { 825 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 826 goto err; 827 } 828 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 829 if (p == NULL) { 830 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 831 goto err; 832 } 833 834 if (BN_is_negative(p) || BN_is_zero(p)) { 835 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 836 goto err; 837 } 838 839 field_bits = BN_num_bits(p); 840 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 841 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 842 goto err; 843 } 844 845 /* create the EC_GROUP structure */ 846 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 847 } else { 848 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 849 goto err; 850 } 851 852 if (ret == NULL) { 853 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 854 goto err; 855 } 856 857 /* extract seed (optional) */ 858 if (params->curve->seed != NULL) { 859 if (ret->seed != NULL) 860 OPENSSL_free(ret->seed); 861 if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { 862 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 863 goto err; 864 } 865 memcpy(ret->seed, params->curve->seed->data, 866 params->curve->seed->length); 867 ret->seed_len = params->curve->seed->length; 868 } 869 870 if (!params->order || !params->base || !params->base->data) { 871 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 872 goto err; 873 } 874 875 if ((point = EC_POINT_new(ret)) == NULL) 876 goto err; 877 878 /* set the point conversion form */ 879 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 880 (params->base->data[0] & ~0x01)); 881 882 /* extract the ec point */ 883 if (!EC_POINT_oct2point(ret, point, params->base->data, 884 params->base->length, NULL)) { 885 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 886 goto err; 887 } 888 889 /* extract the order */ 890 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 891 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 892 goto err; 893 } 894 if (BN_is_negative(a) || BN_is_zero(a)) { 895 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 896 goto err; 897 } 898 if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ 899 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 900 goto err; 901 } 902 903 /* extract the cofactor (optional) */ 904 if (params->cofactor == NULL) { 905 if (b) { 906 BN_free(b); 907 b = NULL; 908 } 909 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 910 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 911 goto err; 912 } 913 /* set the generator, order and cofactor (if present) */ 914 if (!EC_GROUP_set_generator(ret, point, a, b)) { 915 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 916 goto err; 917 } 918 919 /* 920 * Check if the explicit parameters group just created matches one of the 921 * built-in curves. 922 * 923 * We create a copy of the group just built, so that we can remove optional 924 * fields for the lookup: we do this to avoid the possibility that one of 925 * the optional parameters is used to force the library into using a less 926 * performant and less secure EC_METHOD instead of the specialized one. 927 * In any case, `seed` is not really used in any computation, while a 928 * cofactor different from the one in the built-in table is just 929 * mathematically wrong anyway and should not be used. 930 */ 931 if ((ctx = BN_CTX_new()) == NULL) { 932 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 933 goto err; 934 } 935 if ((dup = EC_GROUP_dup(ret)) == NULL 936 || EC_GROUP_set_seed(dup, NULL, 0) != 1 937 || !EC_GROUP_set_generator(dup, point, a, NULL)) { 938 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 939 goto err; 940 } 941 if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { 942 /* 943 * The input explicit parameters successfully matched one of the 944 * built-in curves: often for built-in curves we have specialized 945 * methods with better performance and hardening. 946 * 947 * In this case we replace the `EC_GROUP` created through explicit 948 * parameters with one created from a named group. 949 */ 950 EC_GROUP *named_group = NULL; 951 952#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 953 /* 954 * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for 955 * the same curve, we prefer the SECP nid when matching explicit 956 * parameters as that is associated with a specialized EC_METHOD. 957 */ 958 if (curve_name == NID_wap_wsg_idm_ecid_wtls12) 959 curve_name = NID_secp224r1; 960#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ 961 962 if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { 963 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 964 goto err; 965 } 966 EC_GROUP_free(ret); 967 ret = named_group; 968 969 /* 970 * Set the flag so that EC_GROUPs created from explicit parameters are 971 * serialized using explicit parameters by default. 972 * 973 * 0x0 = OPENSSL_EC_EXPLICIT_CURVE 974 */ 975 EC_GROUP_set_asn1_flag(ret, 0x0); 976 977 /* 978 * If the input params do not contain the optional seed field we make 979 * sure it is not added to the returned group. 980 * 981 * The seed field is not really used inside libcrypto anyway, and 982 * adding it to parsed explicit parameter keys would alter their DER 983 * encoding output (because of the extra field) which could impact 984 * applications fingerprinting keys by their DER encoding. 985 */ 986 if (params->curve->seed == NULL) { 987 if (EC_GROUP_set_seed(ret, NULL, 0) != 1) 988 goto err; 989 } 990 } 991 992 ok = 1; 993 994 err: 995 if (!ok) { 996 if (ret) 997 EC_GROUP_free(ret); 998 ret = NULL; 999 } 1000 if (dup) 1001 EC_GROUP_free(dup); 1002 1003 if (p) 1004 BN_free(p); 1005 if (a) 1006 BN_free(a); 1007 if (b) 1008 BN_free(b); 1009 if (point) 1010 EC_POINT_free(point); 1011 if (ctx) 1012 BN_CTX_free(ctx); 1013 return (ret); 1014} 1015 1016EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) 1017{ 1018 EC_GROUP *ret = NULL; 1019 int tmp = 0; 1020 1021 if (params == NULL) { 1022 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS); 1023 return NULL; 1024 } 1025 1026 if (params->type == 0) { /* the curve is given by an OID */ 1027 tmp = OBJ_obj2nid(params->value.named_curve); 1028 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 1029 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1030 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 1031 return NULL; 1032 } 1033 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1034 } else if (params->type == 1) { /* the parameters are given by a 1035 * ECPARAMETERS structure */ 1036 ret = ec_asn1_parameters2group(params->value.parameters); 1037 if (!ret) { 1038 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); 1039 return NULL; 1040 } 1041 EC_GROUP_set_asn1_flag(ret, 0x0); 1042 } else if (params->type == 2) { /* implicitlyCA */ 1043 return NULL; 1044 } else { 1045 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); 1046 return NULL; 1047 } 1048 1049 return ret; 1050} 1051 1052/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 1053 1054EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) 1055{ 1056 EC_GROUP *group = NULL; 1057 ECPKPARAMETERS *params = NULL; 1058 const unsigned char *p = *in; 1059 1060 if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { 1061 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); 1062 ECPKPARAMETERS_free(params); 1063 return NULL; 1064 } 1065 1066 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1067 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); 1068 ECPKPARAMETERS_free(params); 1069 return NULL; 1070 } 1071 1072 if (a && *a) 1073 EC_GROUP_free(*a); 1074 if (a) 1075 *a = group; 1076 1077 ECPKPARAMETERS_free(params); 1078 *in = p; 1079 return (group); 1080} 1081 1082int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) 1083{ 1084 int ret = 0; 1085 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1086 if (tmp == NULL) { 1087 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); 1088 return 0; 1089 } 1090 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1091 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); 1092 ECPKPARAMETERS_free(tmp); 1093 return 0; 1094 } 1095 ECPKPARAMETERS_free(tmp); 1096 return (ret); 1097} 1098 1099/* some EC_KEY functions */ 1100 1101EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) 1102{ 1103 int ok = 0; 1104 EC_KEY *ret = NULL; 1105 EC_PRIVATEKEY *priv_key = NULL; 1106 const unsigned char *p = *in; 1107 1108 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) { 1109 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1110 return NULL; 1111 } 1112 1113 if (a == NULL || *a == NULL) { 1114 if ((ret = EC_KEY_new()) == NULL) { 1115 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1116 goto err; 1117 } 1118 } else 1119 ret = *a; 1120 1121 if (priv_key->parameters) { 1122 if (ret->group) 1123 EC_GROUP_free(ret->group); 1124 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1125 } 1126 1127 if (ret->group == NULL) { 1128 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1129 goto err; 1130 } 1131 1132 ret->version = priv_key->version; 1133 1134 if (priv_key->privateKey) { 1135 ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey), 1136 M_ASN1_STRING_length(priv_key->privateKey), 1137 ret->priv_key); 1138 if (ret->priv_key == NULL) { 1139 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB); 1140 goto err; 1141 } 1142 } else { 1143 ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY); 1144 goto err; 1145 } 1146 1147 if (ret->pub_key) 1148 EC_POINT_clear_free(ret->pub_key); 1149 ret->pub_key = EC_POINT_new(ret->group); 1150 if (ret->pub_key == NULL) { 1151 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1152 goto err; 1153 } 1154 1155 if (priv_key->publicKey) { 1156 const unsigned char *pub_oct; 1157 int pub_oct_len; 1158 1159 pub_oct = M_ASN1_STRING_data(priv_key->publicKey); 1160 pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); 1161 /* 1162 * The first byte - point conversion form - must be present. 1163 */ 1164 if (pub_oct_len <= 0) { 1165 ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); 1166 goto err; 1167 } 1168 /* Save the point conversion form. */ 1169 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1170 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1171 pub_oct, (size_t)(pub_oct_len), NULL)) { 1172 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1173 goto err; 1174 } 1175 } else { 1176 if (!EC_POINT_mul 1177 (ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL)) { 1178 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1179 goto err; 1180 } 1181 /* Remember the original private-key-only encoding. */ 1182 ret->enc_flag |= EC_PKEY_NO_PUBKEY; 1183 } 1184 1185 if (a) 1186 *a = ret; 1187 *in = p; 1188 ok = 1; 1189 err: 1190 if (!ok) { 1191 if (ret && (a == NULL || *a != ret)) 1192 EC_KEY_free(ret); 1193 ret = NULL; 1194 } 1195 1196 if (priv_key) 1197 EC_PRIVATEKEY_free(priv_key); 1198 1199 return (ret); 1200} 1201 1202int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) 1203{ 1204 int ret = 0, ok = 0; 1205 unsigned char *buffer = NULL; 1206 size_t buf_len = 0, tmp_len, bn_len; 1207 EC_PRIVATEKEY *priv_key = NULL; 1208 1209 if (a == NULL || a->group == NULL || a->priv_key == NULL || 1210 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { 1211 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); 1212 goto err; 1213 } 1214 1215 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1216 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1217 goto err; 1218 } 1219 1220 priv_key->version = a->version; 1221 1222 bn_len = (size_t)BN_num_bytes(a->priv_key); 1223 1224 /* Octetstring may need leading zeros if BN is to short */ 1225 1226 buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8; 1227 1228 if (bn_len > buf_len) { 1229 ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); 1230 goto err; 1231 } 1232 1233 buffer = OPENSSL_malloc(buf_len); 1234 if (buffer == NULL) { 1235 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1236 goto err; 1237 } 1238 1239 if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) { 1240 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); 1241 goto err; 1242 } 1243 1244 if (buf_len - bn_len > 0) { 1245 memset(buffer, 0, buf_len - bn_len); 1246 } 1247 1248 if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1249 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1250 goto err; 1251 } 1252 1253 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1254 if ((priv_key->parameters = 1255 ec_asn1_group2pkparameters(a->group, 1256 priv_key->parameters)) == NULL) { 1257 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1258 goto err; 1259 } 1260 } 1261 1262 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { 1263 priv_key->publicKey = M_ASN1_BIT_STRING_new(); 1264 if (priv_key->publicKey == NULL) { 1265 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1266 goto err; 1267 } 1268 1269 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1270 a->conv_form, NULL, 0, NULL); 1271 1272 if (tmp_len > buf_len) { 1273 unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); 1274 if (!tmp_buffer) { 1275 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1276 goto err; 1277 } 1278 buffer = tmp_buffer; 1279 buf_len = tmp_len; 1280 } 1281 1282 if (!EC_POINT_point2oct(a->group, a->pub_key, 1283 a->conv_form, buffer, buf_len, NULL)) { 1284 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1285 goto err; 1286 } 1287 1288 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 1289 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1290 if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { 1291 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1292 goto err; 1293 } 1294 } 1295 1296 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1297 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1298 goto err; 1299 } 1300 ok = 1; 1301 err: 1302 if (buffer) 1303 OPENSSL_free(buffer); 1304 if (priv_key) 1305 EC_PRIVATEKEY_free(priv_key); 1306 return (ok ? ret : 0); 1307} 1308 1309int i2d_ECParameters(EC_KEY *a, unsigned char **out) 1310{ 1311 if (a == NULL) { 1312 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1313 return 0; 1314 } 1315 return i2d_ECPKParameters(a->group, out); 1316} 1317 1318EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) 1319{ 1320 EC_KEY *ret; 1321 1322 if (in == NULL || *in == NULL) { 1323 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1324 return NULL; 1325 } 1326 1327 if (a == NULL || *a == NULL) { 1328 if ((ret = EC_KEY_new()) == NULL) { 1329 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); 1330 return NULL; 1331 } 1332 } else 1333 ret = *a; 1334 1335 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1336 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); 1337 if (a == NULL || *a != ret) 1338 EC_KEY_free(ret); 1339 return NULL; 1340 } 1341 1342 if (a) 1343 *a = ret; 1344 1345 return ret; 1346} 1347 1348EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) 1349{ 1350 EC_KEY *ret = NULL; 1351 1352 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1353 /* 1354 * sorry, but a EC_GROUP-structur is necessary to set the public key 1355 */ 1356 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1357 return 0; 1358 } 1359 ret = *a; 1360 if (ret->pub_key == NULL && 1361 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1362 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1363 return 0; 1364 } 1365 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1366 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); 1367 return 0; 1368 } 1369 /* save the point conversion form */ 1370 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); 1371 *in += len; 1372 return ret; 1373} 1374 1375int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) 1376{ 1377 size_t buf_len = 0; 1378 int new_buffer = 0; 1379 1380 if (a == NULL) { 1381 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1382 return 0; 1383 } 1384 1385 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1386 a->conv_form, NULL, 0, NULL); 1387 1388 if (out == NULL || buf_len == 0) 1389 /* out == NULL => just return the length of the octet string */ 1390 return buf_len; 1391 1392 if (*out == NULL) { 1393 if ((*out = OPENSSL_malloc(buf_len)) == NULL) { 1394 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1395 return 0; 1396 } 1397 new_buffer = 1; 1398 } 1399 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1400 *out, buf_len, NULL)) { 1401 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); 1402 if (new_buffer) { 1403 OPENSSL_free(*out); 1404 *out = NULL; 1405 } 1406 return 0; 1407 } 1408 if (!new_buffer) 1409 *out += buf_len; 1410 return buf_len; 1411} 1412