search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libc: make stdio_impl.h an internal libc header
[unleashed/tickless.git] / lib / libcrypto / ec / ec_asn1.c
blobb64b7e14d3c621f7f6b006c758e066f477d46f76
1 /* $OpenBSD: ec_asn1.c,v 1.24 2017/05/26 16:32:14 jsing Exp $ */
2 /*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <string.h>
60
61 #include <openssl/opensslconf.h>
62
63 #include "ec_lcl.h"
64 #include <openssl/err.h>
65 #include <openssl/asn1t.h>
66 #include <openssl/objects.h>
67
68 int
69 EC_GROUP_get_basis_type(const EC_GROUP * group)
70 {
71 int i = 0;
72
73 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
74 NID_X9_62_characteristic_two_field)
75 /* everything else is currently not supported */
76 return 0;
77
78 while (group->poly[i] != 0)
79 i++;
80
81 if (i == 4)
82 return NID_X9_62_ppBasis;
83 else if (i == 2)
84 return NID_X9_62_tpBasis;
85 else
86 /* everything else is currently not supported */
87 return 0;
88 }
89 #ifndef OPENSSL_NO_EC2M
90 int
91 EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k)
92 {
93 if (group == NULL)
94 return 0;
95
96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
97 NID_X9_62_characteristic_two_field
98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
99 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
100 return 0;
101 }
102 if (k)
103 *k = group->poly[1];
104
105 return 1;
106 }
107 int
108 EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
109 unsigned int *k2, unsigned int *k3)
110 {
111 if (group == NULL)
112 return 0;
113
114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
115 NID_X9_62_characteristic_two_field
116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
117 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
118 return 0;
119 }
120 if (k1)
121 *k1 = group->poly[3];
122 if (k2)
123 *k2 = group->poly[2];
124 if (k3)
125 *k3 = group->poly[1];
126
127 return 1;
128 }
129 #endif
130
131
132 /* some structures needed for the asn1 encoding */
133 typedef struct x9_62_pentanomial_st {
134 long k1;
135 long k2;
136 long k3;
137 } X9_62_PENTANOMIAL;
138
139 typedef struct x9_62_characteristic_two_st {
140 long m;
141 ASN1_OBJECT *type;
142 union {
143 char *ptr;
144 /* NID_X9_62_onBasis */
145 ASN1_NULL *onBasis;
146 /* NID_X9_62_tpBasis */
147 ASN1_INTEGER *tpBasis;
148 /* NID_X9_62_ppBasis */
149 X9_62_PENTANOMIAL *ppBasis;
150 /* anything else */
151 ASN1_TYPE *other;
152 } p;
153 } X9_62_CHARACTERISTIC_TWO;
154
155 typedef struct x9_62_fieldid_st {
156 ASN1_OBJECT *fieldType;
157 union {
158 char *ptr;
159 /* NID_X9_62_prime_field */
160 ASN1_INTEGER *prime;
161 /* NID_X9_62_characteristic_two_field */
162 X9_62_CHARACTERISTIC_TWO *char_two;
163 /* anything else */
164 ASN1_TYPE *other;
165 } p;
166 } X9_62_FIELDID;
167
168 typedef struct x9_62_curve_st {
169 ASN1_OCTET_STRING *a;
170 ASN1_OCTET_STRING *b;
171 ASN1_BIT_STRING *seed;
172 } X9_62_CURVE;
173
174 typedef struct ec_parameters_st {
175 long version;
176 X9_62_FIELDID *fieldID;
177 X9_62_CURVE *curve;
178 ASN1_OCTET_STRING *base;
179 ASN1_INTEGER *order;
180 ASN1_INTEGER *cofactor;
181 } ECPARAMETERS;
182
183 struct ecpk_parameters_st {
184 int type;
185 union {
186 ASN1_OBJECT *named_curve;
187 ECPARAMETERS *parameters;
188 ASN1_NULL *implicitlyCA;
189 } value;
190 } /* ECPKPARAMETERS */ ;
191
192 /* SEC1 ECPrivateKey */
193 typedef struct ec_privatekey_st {
194 long version;
195 ASN1_OCTET_STRING *privateKey;
196 ECPKPARAMETERS *parameters;
197 ASN1_BIT_STRING *publicKey;
198 } EC_PRIVATEKEY;
199
200 /* the OpenSSL ASN.1 definitions */
201 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = {
202 {
203 .flags = 0,
204 .tag = 0,
205 .offset = offsetof(X9_62_PENTANOMIAL, k1),
206 .field_name = "k1",
207 .item = &LONG_it,
208 },
209 {
210 .flags = 0,
211 .tag = 0,
212 .offset = offsetof(X9_62_PENTANOMIAL, k2),
213 .field_name = "k2",
214 .item = &LONG_it,
215 },
216 {
217 .flags = 0,
218 .tag = 0,
219 .offset = offsetof(X9_62_PENTANOMIAL, k3),
220 .field_name = "k3",
221 .item = &LONG_it,
222 },
223 };
224
225 const ASN1_ITEM X9_62_PENTANOMIAL_it = {
226 .itype = ASN1_ITYPE_SEQUENCE,
227 .utype = V_ASN1_SEQUENCE,
228 .templates = X9_62_PENTANOMIAL_seq_tt,
229 .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE),
230 .funcs = NULL,
231 .size = sizeof(X9_62_PENTANOMIAL),
232 .sname = "X9_62_PENTANOMIAL",
233 };
234
235 X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void);
236 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a);
237
238 X9_62_PENTANOMIAL *
239 X9_62_PENTANOMIAL_new(void)
240 {
241 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it);
242 }
243
244 void
245 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a)
246 {
247 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it);
248 }
249
250 static const ASN1_TEMPLATE char_two_def_tt = {
251 .flags = 0,
252 .tag = 0,
253 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other),
254 .field_name = "p.other",
255 .item = &ASN1_ANY_it,
256 };
257
258 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = {
259 {
260 .value = NID_X9_62_onBasis,
261 .tt = {
262 .flags = 0,
263 .tag = 0,
264 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis),
265 .field_name = "p.onBasis",
266 .item = &ASN1_NULL_it,
267 },
268
269 },
270 {
271 .value = NID_X9_62_tpBasis,
272 .tt = {
273 .flags = 0,
274 .tag = 0,
275 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis),
276 .field_name = "p.tpBasis",
277 .item = &ASN1_INTEGER_it,
278 },
279
280 },
281 {
282 .value = NID_X9_62_ppBasis,
283 .tt = {
284 .flags = 0,
285 .tag = 0,
286 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis),
287 .field_name = "p.ppBasis",
288 .item = &X9_62_PENTANOMIAL_it,
289 },
290
291 },
292 };
293
294 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = {
295 .flags = 0,
296 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
297 .app_items = 0,
298 .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl,
299 .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE),
300 .default_tt = &char_two_def_tt,
301 .null_tt = NULL,
302 };
303
304 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = {
305 {
306 .flags = 0,
307 .tag = 0,
308 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m),
309 .field_name = "m",
310 .item = &LONG_it,
311 },
312 {
313 .flags = 0,
314 .tag = 0,
315 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
316 .field_name = "type",
317 .item = &ASN1_OBJECT_it,
318 },
319 {
320 .flags = ASN1_TFLG_ADB_OID,
321 .tag = -1,
322 .offset = 0,
323 .field_name = "X9_62_CHARACTERISTIC_TWO",
324 .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb,
325 },
326 };
327
328 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = {
329 .itype = ASN1_ITYPE_SEQUENCE,
330 .utype = V_ASN1_SEQUENCE,
331 .templates = X9_62_CHARACTERISTIC_TWO_seq_tt,
332 .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE),
333 .funcs = NULL,
334 .size = sizeof(X9_62_CHARACTERISTIC_TWO),
335 .sname = "X9_62_CHARACTERISTIC_TWO",
336 };
337 X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void);
338 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a);
339
340 X9_62_CHARACTERISTIC_TWO *
341 X9_62_CHARACTERISTIC_TWO_new(void)
342 {
343 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it);
344 }
345
346 void
347 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a)
348 {
349 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it);
350 }
351 static const ASN1_TEMPLATE fieldID_def_tt = {
352 .flags = 0,
353 .tag = 0,
354 .offset = offsetof(X9_62_FIELDID, p.other),
355 .field_name = "p.other",
356 .item = &ASN1_ANY_it,
357 };
358
359 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = {
360 {
361 .value = NID_X9_62_prime_field,
362 .tt = {
363 .flags = 0,
364 .tag = 0,
365 .offset = offsetof(X9_62_FIELDID, p.prime),
366 .field_name = "p.prime",
367 .item = &ASN1_INTEGER_it,
368 },
369
370 },
371 {
372 .value = NID_X9_62_characteristic_two_field,
373 .tt = {
374 .flags = 0,
375 .tag = 0,
376 .offset = offsetof(X9_62_FIELDID, p.char_two),
377 .field_name = "p.char_two",
378 .item = &X9_62_CHARACTERISTIC_TWO_it,
379 },
380
381 },
382 };
383
384 static const ASN1_ADB X9_62_FIELDID_adb = {
385 .flags = 0,
386 .offset = offsetof(X9_62_FIELDID, fieldType),
387 .app_items = 0,
388 .tbl = X9_62_FIELDID_adbtbl,
389 .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE),
390 .default_tt = &fieldID_def_tt,
391 .null_tt = NULL,
392 };
393
394 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = {
395 {
396 .flags = 0,
397 .tag = 0,
398 .offset = offsetof(X9_62_FIELDID, fieldType),
399 .field_name = "fieldType",
400 .item = &ASN1_OBJECT_it,
401 },
402 {
403 .flags = ASN1_TFLG_ADB_OID,
404 .tag = -1,
405 .offset = 0,
406 .field_name = "X9_62_FIELDID",
407 .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb,
408 },
409 };
410
411 const ASN1_ITEM X9_62_FIELDID_it = {
412 .itype = ASN1_ITYPE_SEQUENCE,
413 .utype = V_ASN1_SEQUENCE,
414 .templates = X9_62_FIELDID_seq_tt,
415 .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE),
416 .funcs = NULL,
417 .size = sizeof(X9_62_FIELDID),
418 .sname = "X9_62_FIELDID",
419 };
420
421 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = {
422 {
423 .flags = 0,
424 .tag = 0,
425 .offset = offsetof(X9_62_CURVE, a),
426 .field_name = "a",
427 .item = &ASN1_OCTET_STRING_it,
428 },
429 {
430 .flags = 0,
431 .tag = 0,
432 .offset = offsetof(X9_62_CURVE, b),
433 .field_name = "b",
434 .item = &ASN1_OCTET_STRING_it,
435 },
436 {
437 .flags = ASN1_TFLG_OPTIONAL,
438 .tag = 0,
439 .offset = offsetof(X9_62_CURVE, seed),
440 .field_name = "seed",
441 .item = &ASN1_BIT_STRING_it,
442 },
443 };
444
445 const ASN1_ITEM X9_62_CURVE_it = {
446 .itype = ASN1_ITYPE_SEQUENCE,
447 .utype = V_ASN1_SEQUENCE,
448 .templates = X9_62_CURVE_seq_tt,
449 .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE),
450 .funcs = NULL,
451 .size = sizeof(X9_62_CURVE),
452 .sname = "X9_62_CURVE",
453 };
454
455 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = {
456 {
457 .flags = 0,
458 .tag = 0,
459 .offset = offsetof(ECPARAMETERS, version),
460 .field_name = "version",
461 .item = &LONG_it,
462 },
463 {
464 .flags = 0,
465 .tag = 0,
466 .offset = offsetof(ECPARAMETERS, fieldID),
467 .field_name = "fieldID",
468 .item = &X9_62_FIELDID_it,
469 },
470 {
471 .flags = 0,
472 .tag = 0,
473 .offset = offsetof(ECPARAMETERS, curve),
474 .field_name = "curve",
475 .item = &X9_62_CURVE_it,
476 },
477 {
478 .flags = 0,
479 .tag = 0,
480 .offset = offsetof(ECPARAMETERS, base),
481 .field_name = "base",
482 .item = &ASN1_OCTET_STRING_it,
483 },
484 {
485 .flags = 0,
486 .tag = 0,
487 .offset = offsetof(ECPARAMETERS, order),
488 .field_name = "order",
489 .item = &ASN1_INTEGER_it,
490 },
491 {
492 .flags = ASN1_TFLG_OPTIONAL,
493 .tag = 0,
494 .offset = offsetof(ECPARAMETERS, cofactor),
495 .field_name = "cofactor",
496 .item = &ASN1_INTEGER_it,
497 },
498 };
499
500 const ASN1_ITEM ECPARAMETERS_it = {
501 .itype = ASN1_ITYPE_SEQUENCE,
502 .utype = V_ASN1_SEQUENCE,
503 .templates = ECPARAMETERS_seq_tt,
504 .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE),
505 .funcs = NULL,
506 .size = sizeof(ECPARAMETERS),
507 .sname = "ECPARAMETERS",
508 };
509 ECPARAMETERS *ECPARAMETERS_new(void);
510 void ECPARAMETERS_free(ECPARAMETERS *a);
511
512 ECPARAMETERS *
513 ECPARAMETERS_new(void)
514 {
515 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it);
516 }
517
518 void
519 ECPARAMETERS_free(ECPARAMETERS *a)
520 {
521 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it);
522 }
523
524 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = {
525 {
526 .flags = 0,
527 .tag = 0,
528 .offset = offsetof(ECPKPARAMETERS, value.named_curve),
529 .field_name = "value.named_curve",
530 .item = &ASN1_OBJECT_it,
531 },
532 {
533 .flags = 0,
534 .tag = 0,
535 .offset = offsetof(ECPKPARAMETERS, value.parameters),
536 .field_name = "value.parameters",
537 .item = &ECPARAMETERS_it,
538 },
539 {
540 .flags = 0,
541 .tag = 0,
542 .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA),
543 .field_name = "value.implicitlyCA",
544 .item = &ASN1_NULL_it,
545 },
546 };
547
548 const ASN1_ITEM ECPKPARAMETERS_it = {
549 .itype = ASN1_ITYPE_CHOICE,
550 .utype = offsetof(ECPKPARAMETERS, type),
551 .templates = ECPKPARAMETERS_ch_tt,
552 .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE),
553 .funcs = NULL,
554 .size = sizeof(ECPKPARAMETERS),
555 .sname = "ECPKPARAMETERS",
556 };
557
558 ECPKPARAMETERS *ECPKPARAMETERS_new(void);
559 void ECPKPARAMETERS_free(ECPKPARAMETERS *a);
560 ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len);
561 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out);
562
563 ECPKPARAMETERS *
564 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len)
565 {
566 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
567 &ECPKPARAMETERS_it);
568 }
569
570 int
571 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out)
572 {
573 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it);
574 }
575
576 ECPKPARAMETERS *
577 ECPKPARAMETERS_new(void)
578 {
579 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it);
580 }
581
582 void
583 ECPKPARAMETERS_free(ECPKPARAMETERS *a)
584 {
585 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it);
586 }
587
588 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = {
589 {
590 .flags = 0,
591 .tag = 0,
592 .offset = offsetof(EC_PRIVATEKEY, version),
593 .field_name = "version",
594 .item = &LONG_it,
595 },
596 {
597 .flags = 0,
598 .tag = 0,
599 .offset = offsetof(EC_PRIVATEKEY, privateKey),
600 .field_name = "privateKey",
601 .item = &ASN1_OCTET_STRING_it,
602 },
603 {
604 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
605 .tag = 0,
606 .offset = offsetof(EC_PRIVATEKEY, parameters),
607 .field_name = "parameters",
608 .item = &ECPKPARAMETERS_it,
609 },
610 {
611 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
612 .tag = 1,
613 .offset = offsetof(EC_PRIVATEKEY, publicKey),
614 .field_name = "publicKey",
615 .item = &ASN1_BIT_STRING_it,
616 },
617 };
618
619 const ASN1_ITEM EC_PRIVATEKEY_it = {
620 .itype = ASN1_ITYPE_SEQUENCE,
621 .utype = V_ASN1_SEQUENCE,
622 .templates = EC_PRIVATEKEY_seq_tt,
623 .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
624 .funcs = NULL,
625 .size = sizeof(EC_PRIVATEKEY),
626 .sname = "EC_PRIVATEKEY",
627 };
628
629 EC_PRIVATEKEY *EC_PRIVATEKEY_new(void);
630 void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a);
631 EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len);
632 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out);
633
634 EC_PRIVATEKEY *
635 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len)
636 {
637 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
638 &EC_PRIVATEKEY_it);
639 }
640
641 int
642 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out)
643 {
644 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it);
645 }
646
647 EC_PRIVATEKEY *
648 EC_PRIVATEKEY_new(void)
649 {
650 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it);
651 }
652
653 void
654 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a)
655 {
656 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it);
657 }
658 /* some declarations of internal function */
659
660 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
661 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
662 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
663 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
664 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
665 * ECPARAMETERS object */
666 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
667 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
668 * EC_GROUP object */
669 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *);
670 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
671 * ECPKPARAMETERS object */
672 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
673 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
674 * EC_GROUP object */
675 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
676 ECPKPARAMETERS *);
677
678
679 /* the function definitions */
680
681 static int
682 ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
683 {
684 int ok = 0, nid;
685 BIGNUM *tmp = NULL;
686
687 if (group == NULL || field == NULL)
688 return 0;
689
690 /* clear the old values (if necessary) */
691 if (field->fieldType != NULL)
692 ASN1_OBJECT_free(field->fieldType);
693 if (field->p.other != NULL)
694 ASN1_TYPE_free(field->p.other);
695
696 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
697 /* set OID for the field */
698 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
699 ECerror(ERR_R_OBJ_LIB);
700 goto err;
701 }
702 if (nid == NID_X9_62_prime_field) {
703 if ((tmp = BN_new()) == NULL) {
704 ECerror(ERR_R_MALLOC_FAILURE);
705 goto err;
706 }
707 /* the parameters are specified by the prime number p */
708 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
709 ECerror(ERR_R_EC_LIB);
710 goto err;
711 }
712 /* set the prime number */
713 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
714 if (field->p.prime == NULL) {
715 ECerror(ERR_R_ASN1_LIB);
716 goto err;
717 }
718 } else /* nid == NID_X9_62_characteristic_two_field */
719 #ifdef OPENSSL_NO_EC2M
720 {
721 ECerror(EC_R_GF2M_NOT_SUPPORTED);
722 goto err;
723 }
724 #else
725 {
726 int field_type;
727 X9_62_CHARACTERISTIC_TWO *char_two;
728
729 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
730 char_two = field->p.char_two;
731
732 if (char_two == NULL) {
733 ECerror(ERR_R_MALLOC_FAILURE);
734 goto err;
735 }
736 char_two->m = (long) EC_GROUP_get_degree(group);
737
738 field_type = EC_GROUP_get_basis_type(group);
739
740 if (field_type == 0) {
741 ECerror(ERR_R_EC_LIB);
742 goto err;
743 }
744 /* set base type OID */
745 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
746 ECerror(ERR_R_OBJ_LIB);
747 goto err;
748 }
749 if (field_type == NID_X9_62_tpBasis) {
750 unsigned int k;
751
752 if (!EC_GROUP_get_trinomial_basis(group, &k))
753 goto err;
754
755 char_two->p.tpBasis = ASN1_INTEGER_new();
756 if (!char_two->p.tpBasis) {
757 ECerror(ERR_R_MALLOC_FAILURE);
758 goto err;
759 }
760 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
761 ECerror(ERR_R_ASN1_LIB);
762 goto err;
763 }
764 } else if (field_type == NID_X9_62_ppBasis) {
765 unsigned int k1, k2, k3;
766
767 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
768 goto err;
769
770 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
771 if (!char_two->p.ppBasis) {
772 ECerror(ERR_R_MALLOC_FAILURE);
773 goto err;
774 }
775 /* set k? values */
776 char_two->p.ppBasis->k1 = (long) k1;
777 char_two->p.ppBasis->k2 = (long) k2;
778 char_two->p.ppBasis->k3 = (long) k3;
779 } else { /* field_type == NID_X9_62_onBasis */
780 /* for ONB the parameters are (asn1) NULL */
781 char_two->p.onBasis = ASN1_NULL_new();
782 if (!char_two->p.onBasis) {
783 ECerror(ERR_R_MALLOC_FAILURE);
784 goto err;
785 }
786 }
787 }
788 #endif
789
790 ok = 1;
791
792 err:
793 BN_free(tmp);
794 return (ok);
795 }
796
797 static int
798 ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
799 {
800 int ok = 0, nid;
801 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
802 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL,
803 *b_buf = NULL;
804 size_t len_1, len_2;
805 unsigned char char_zero = 0;
806
807 if (!group || !curve || !curve->a || !curve->b)
808 return 0;
809
810 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
811 ECerror(ERR_R_MALLOC_FAILURE);
812 goto err;
813 }
814 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
815
816 /* get a and b */
817 if (nid == NID_X9_62_prime_field) {
818 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
819 ECerror(ERR_R_EC_LIB);
820 goto err;
821 }
822 }
823 #ifndef OPENSSL_NO_EC2M
824 else { /* nid == NID_X9_62_characteristic_two_field */
825 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
826 ECerror(ERR_R_EC_LIB);
827 goto err;
828 }
829 }
830 #endif
831 len_1 = (size_t) BN_num_bytes(tmp_1);
832 len_2 = (size_t) BN_num_bytes(tmp_2);
833
834 if (len_1 == 0) {
835 /* len_1 == 0 => a == 0 */
836 a_buf = &char_zero;
837 len_1 = 1;
838 } else {
839 if ((buffer_1 = malloc(len_1)) == NULL) {
840 ECerror(ERR_R_MALLOC_FAILURE);
841 goto err;
842 }
843 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
844 ECerror(ERR_R_BN_LIB);
845 goto err;
846 }
847 a_buf = buffer_1;
848 }
849
850 if (len_2 == 0) {
851 /* len_2 == 0 => b == 0 */
852 b_buf = &char_zero;
853 len_2 = 1;
854 } else {
855 if ((buffer_2 = malloc(len_2)) == NULL) {
856 ECerror(ERR_R_MALLOC_FAILURE);
857 goto err;
858 }
859 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
860 ECerror(ERR_R_BN_LIB);
861 goto err;
862 }
863 b_buf = buffer_2;
864 }
865
866 /* set a and b */
867 if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
868 !ASN1_STRING_set(curve->b, b_buf, len_2)) {
869 ECerror(ERR_R_ASN1_LIB);
870 goto err;
871 }
872 /* set the seed (optional) */
873 if (group->seed) {
874 if (!curve->seed)
875 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
876 ECerror(ERR_R_MALLOC_FAILURE);
877 goto err;
878 }
879 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
880 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
881 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
882 (int) group->seed_len)) {
883 ECerror(ERR_R_ASN1_LIB);
884 goto err;
885 }
886 } else {
887 if (curve->seed) {
888 ASN1_BIT_STRING_free(curve->seed);
889 curve->seed = NULL;
890 }
891 }
892
893 ok = 1;
894
895 err:
896 free(buffer_1);
897 free(buffer_2);
898 BN_free(tmp_1);
899 BN_free(tmp_2);
900 return (ok);
901 }
902
903 static ECPARAMETERS *
904 ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
905 {
906 int ok = 0;
907 size_t len = 0;
908 ECPARAMETERS *ret = NULL;
909 BIGNUM *tmp = NULL;
910 unsigned char *buffer = NULL;
911 const EC_POINT *point = NULL;
912 point_conversion_form_t form;
913
914 if ((tmp = BN_new()) == NULL) {
915 ECerror(ERR_R_MALLOC_FAILURE);
916 goto err;
917 }
918 if (param == NULL) {
919 if ((ret = ECPARAMETERS_new()) == NULL) {
920 ECerror(ERR_R_MALLOC_FAILURE);
921 goto err;
922 }
923 } else
924 ret = param;
925
926 /* set the version (always one) */
927 ret->version = (long) 0x1;
928
929 /* set the fieldID */
930 if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
931 ECerror(ERR_R_EC_LIB);
932 goto err;
933 }
934 /* set the curve */
935 if (!ec_asn1_group2curve(group, ret->curve)) {
936 ECerror(ERR_R_EC_LIB);
937 goto err;
938 }
939 /* set the base point */
940 if ((point = EC_GROUP_get0_generator(group)) == NULL) {
941 ECerror(EC_R_UNDEFINED_GENERATOR);
942 goto err;
943 }
944 form = EC_GROUP_get_point_conversion_form(group);
945
946 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
947 if (len == 0) {
948 ECerror(ERR_R_EC_LIB);
949 goto err;
950 }
951 if ((buffer = malloc(len)) == NULL) {
952 ECerror(ERR_R_MALLOC_FAILURE);
953 goto err;
954 }
955 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
956 ECerror(ERR_R_EC_LIB);
957 goto err;
958 }
959 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
960 ECerror(ERR_R_MALLOC_FAILURE);
961 goto err;
962 }
963 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
964 ECerror(ERR_R_ASN1_LIB);
965 goto err;
966 }
967 /* set the order */
968 if (!EC_GROUP_get_order(group, tmp, NULL)) {
969 ECerror(ERR_R_EC_LIB);
970 goto err;
971 }
972 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
973 if (ret->order == NULL) {
974 ECerror(ERR_R_ASN1_LIB);
975 goto err;
976 }
977 /* set the cofactor (optional) */
978 if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
979 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
980 if (ret->cofactor == NULL) {
981 ECerror(ERR_R_ASN1_LIB);
982 goto err;
983 }
984 }
985 ok = 1;
986
987 err: if (!ok) {
988 if (ret && !param)
989 ECPARAMETERS_free(ret);
990 ret = NULL;
991 }
992 BN_free(tmp);
993 free(buffer);
994 return (ret);
995 }
996
997 ECPKPARAMETERS *
998 ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
999 {
1000 int ok = 1, tmp;
1001 ECPKPARAMETERS *ret = params;
1002
1003 if (ret == NULL) {
1004 if ((ret = ECPKPARAMETERS_new()) == NULL) {
1005 ECerror(ERR_R_MALLOC_FAILURE);
1006 return NULL;
1007 }
1008 } else {
1009 if (ret->type == 0 && ret->value.named_curve)
1010 ASN1_OBJECT_free(ret->value.named_curve);
1011 else if (ret->type == 1 && ret->value.parameters)
1012 ECPARAMETERS_free(ret->value.parameters);
1013 }
1014
1015 if (EC_GROUP_get_asn1_flag(group)) {
1016 /*
1017 * use the asn1 OID to describe the elliptic curve
1018 * parameters
1019 */
1020 tmp = EC_GROUP_get_curve_name(group);
1021 if (tmp) {
1022 ret->type = 0;
1023 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
1024 ok = 0;
1025 } else
1026 /* we don't kmow the nid => ERROR */
1027 ok = 0;
1028 } else {
1029 /* use the ECPARAMETERS structure */
1030 ret->type = 1;
1031 if ((ret->value.parameters = ec_asn1_group2parameters(
1032 group, NULL)) == NULL)
1033 ok = 0;
1034 }
1035
1036 if (!ok) {
1037 ECPKPARAMETERS_free(ret);
1038 return NULL;
1039 }
1040 return ret;
1041 }
1042
1043 static EC_GROUP *
1044 ec_asn1_parameters2group(const ECPARAMETERS * params)
1045 {
1046 int ok = 0, tmp;
1047 EC_GROUP *ret = NULL;
1048 BIGNUM *p = NULL, *a = NULL, *b = NULL;
1049 EC_POINT *point = NULL;
1050 long field_bits;
1051
1052 if (!params->fieldID || !params->fieldID->fieldType ||
1053 !params->fieldID->p.ptr) {
1054 ECerror(EC_R_ASN1_ERROR);
1055 goto err;
1056 }
1057 /* now extract the curve parameters a and b */
1058 if (!params->curve || !params->curve->a ||
1059 !params->curve->a->data || !params->curve->b ||
1060 !params->curve->b->data) {
1061 ECerror(EC_R_ASN1_ERROR);
1062 goto err;
1063 }
1064 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
1065 if (a == NULL) {
1066 ECerror(ERR_R_BN_LIB);
1067 goto err;
1068 }
1069 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
1070 if (b == NULL) {
1071 ECerror(ERR_R_BN_LIB);
1072 goto err;
1073 }
1074 /* get the field parameters */
1075 tmp = OBJ_obj2nid(params->fieldID->fieldType);
1076 if (tmp == NID_X9_62_characteristic_two_field)
1077 #ifdef OPENSSL_NO_EC2M
1078 {
1079 ECerror(EC_R_GF2M_NOT_SUPPORTED);
1080 goto err;
1081 }
1082 #else
1083 {
1084 X9_62_CHARACTERISTIC_TWO *char_two;
1085
1086 char_two = params->fieldID->p.char_two;
1087
1088 field_bits = char_two->m;
1089 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1090 ECerror(EC_R_FIELD_TOO_LARGE);
1091 goto err;
1092 }
1093 if ((p = BN_new()) == NULL) {
1094 ECerror(ERR_R_MALLOC_FAILURE);
1095 goto err;
1096 }
1097 /* get the base type */
1098 tmp = OBJ_obj2nid(char_two->type);
1099
1100 if (tmp == NID_X9_62_tpBasis) {
1101 long tmp_long;
1102
1103 if (!char_two->p.tpBasis) {
1104 ECerror(EC_R_ASN1_ERROR);
1105 goto err;
1106 }
1107 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
1108
1109 if (!(char_two->m > tmp_long && tmp_long > 0)) {
1110 ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
1111 goto err;
1112 }
1113 /* create the polynomial */
1114 if (!BN_set_bit(p, (int) char_two->m))
1115 goto err;
1116 if (!BN_set_bit(p, (int) tmp_long))
1117 goto err;
1118 if (!BN_set_bit(p, 0))
1119 goto err;
1120 } else if (tmp == NID_X9_62_ppBasis) {
1121 X9_62_PENTANOMIAL *penta;
1122
1123 penta = char_two->p.ppBasis;
1124 if (!penta) {
1125 ECerror(EC_R_ASN1_ERROR);
1126 goto err;
1127 }
1128 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
1129 ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
1130 goto err;
1131 }
1132 /* create the polynomial */
1133 if (!BN_set_bit(p, (int) char_two->m))
1134 goto err;
1135 if (!BN_set_bit(p, (int) penta->k1))
1136 goto err;
1137 if (!BN_set_bit(p, (int) penta->k2))
1138 goto err;
1139 if (!BN_set_bit(p, (int) penta->k3))
1140 goto err;
1141 if (!BN_set_bit(p, 0))
1142 goto err;
1143 } else if (tmp == NID_X9_62_onBasis) {
1144 ECerror(EC_R_NOT_IMPLEMENTED);
1145 goto err;
1146 } else { /* error */
1147 ECerror(EC_R_ASN1_ERROR);
1148 goto err;
1149 }
1150
1151 /* create the EC_GROUP structure */
1152 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
1153 }
1154 #endif
1155 else if (tmp == NID_X9_62_prime_field) {
1156 /* we have a curve over a prime field */
1157 /* extract the prime number */
1158 if (!params->fieldID->p.prime) {
1159 ECerror(EC_R_ASN1_ERROR);
1160 goto err;
1161 }
1162 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
1163 if (p == NULL) {
1164 ECerror(ERR_R_ASN1_LIB);
1165 goto err;
1166 }
1167 if (BN_is_negative(p) || BN_is_zero(p)) {
1168 ECerror(EC_R_INVALID_FIELD);
1169 goto err;
1170 }
1171 field_bits = BN_num_bits(p);
1172 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1173 ECerror(EC_R_FIELD_TOO_LARGE);
1174 goto err;
1175 }
1176 /* create the EC_GROUP structure */
1177 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
1178 } else {
1179 ECerror(EC_R_INVALID_FIELD);
1180 goto err;
1181 }
1182
1183 if (ret == NULL) {
1184 ECerror(ERR_R_EC_LIB);
1185 goto err;
1186 }
1187 /* extract seed (optional) */
1188 if (params->curve->seed != NULL) {
1189 free(ret->seed);
1190 if (!(ret->seed = malloc(params->curve->seed->length))) {
1191 ECerror(ERR_R_MALLOC_FAILURE);
1192 goto err;
1193 }
1194 memcpy(ret->seed, params->curve->seed->data,
1195 params->curve->seed->length);
1196 ret->seed_len = params->curve->seed->length;
1197 }
1198 if (!params->order || !params->base || !params->base->data) {
1199 ECerror(EC_R_ASN1_ERROR);
1200 goto err;
1201 }
1202 if ((point = EC_POINT_new(ret)) == NULL)
1203 goto err;
1204
1205 /* set the point conversion form */
1206 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
1207 (params->base->data[0] & ~0x01));
1208
1209 /* extract the ec point */
1210 if (!EC_POINT_oct2point(ret, point, params->base->data,
1211 params->base->length, NULL)) {
1212 ECerror(ERR_R_EC_LIB);
1213 goto err;
1214 }
1215 /* extract the order */
1216 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
1217 ECerror(ERR_R_ASN1_LIB);
1218 goto err;
1219 }
1220 if (BN_is_negative(a) || BN_is_zero(a)) {
1221 ECerror(EC_R_INVALID_GROUP_ORDER);
1222 goto err;
1223 }
1224 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */
1225 ECerror(EC_R_INVALID_GROUP_ORDER);
1226 goto err;
1227 }
1228 /* extract the cofactor (optional) */
1229 if (params->cofactor == NULL) {
1230 BN_free(b);
1231 b = NULL;
1232 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
1233 ECerror(ERR_R_ASN1_LIB);
1234 goto err;
1235 }
1236 /* set the generator, order and cofactor (if present) */
1237 if (!EC_GROUP_set_generator(ret, point, a, b)) {
1238 ECerror(ERR_R_EC_LIB);
1239 goto err;
1240 }
1241 ok = 1;
1242
1243 err: if (!ok) {
1244 EC_GROUP_clear_free(ret);
1245 ret = NULL;
1246 }
1247 BN_free(p);
1248 BN_free(a);
1249 BN_free(b);
1250 EC_POINT_free(point);
1251 return (ret);
1252 }
1253
1254 EC_GROUP *
1255 ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
1256 {
1257 EC_GROUP *ret = NULL;
1258 int tmp = 0;
1259
1260 if (params == NULL) {
1261 ECerror(EC_R_MISSING_PARAMETERS);
1262 return NULL;
1263 }
1264 if (params->type == 0) {/* the curve is given by an OID */
1265 tmp = OBJ_obj2nid(params->value.named_curve);
1266 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
1267 ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1268 return NULL;
1269 }
1270 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
1271 } else if (params->type == 1) { /* the parameters are given by a
1272 * ECPARAMETERS structure */
1273 ret = ec_asn1_parameters2group(params->value.parameters);
1274 if (!ret) {
1275 ECerror(ERR_R_EC_LIB);
1276 return NULL;
1277 }
1278 EC_GROUP_set_asn1_flag(ret, 0x0);
1279 } else if (params->type == 2) { /* implicitlyCA */
1280 return NULL;
1281 } else {
1282 ECerror(EC_R_ASN1_ERROR);
1283 return NULL;
1284 }
1285
1286 return ret;
1287 }
1288
1289 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1290
1291 EC_GROUP *
1292 d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
1293 {
1294 EC_GROUP *group = NULL;
1295 ECPKPARAMETERS *params = NULL;
1296
1297 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
1298 ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
1299 goto err;
1300 }
1301 if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
1302 ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE);
1303 goto err;
1304 }
1305
1306 if (a != NULL) {
1307 EC_GROUP_clear_free(*a);
1308 *a = group;
1309 }
1310
1311 err:
1312 ECPKPARAMETERS_free(params);
1313 return (group);
1314 }
1315
1316 int
1317 i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
1318 {
1319 int ret = 0;
1320 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1321 if (tmp == NULL) {
1322 ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE);
1323 return 0;
1324 }
1325 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
1326 ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE);
1327 ECPKPARAMETERS_free(tmp);
1328 return 0;
1329 }
1330 ECPKPARAMETERS_free(tmp);
1331 return (ret);
1332 }
1333
1334 /* some EC_KEY functions */
1335
1336 EC_KEY *
1337 d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1338 {
1339 EC_KEY *ret = NULL;
1340 EC_PRIVATEKEY *priv_key = NULL;
1341
1342 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1343 ECerror(ERR_R_MALLOC_FAILURE);
1344 return NULL;
1345 }
1346 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
1347 ECerror(ERR_R_EC_LIB);
1348 EC_PRIVATEKEY_free(priv_key);
1349 return NULL;
1350 }
1351 if (a == NULL || *a == NULL) {
1352 if ((ret = EC_KEY_new()) == NULL) {
1353 ECerror(ERR_R_MALLOC_FAILURE);
1354 goto err;
1355 }
1356 } else
1357 ret = *a;
1358
1359 if (priv_key->parameters) {
1360 EC_GROUP_clear_free(ret->group);
1361 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1362 }
1363 if (ret->group == NULL) {
1364 ECerror(ERR_R_EC_LIB);
1365 goto err;
1366 }
1367 ret->version = priv_key->version;
1368
1369 if (priv_key->privateKey) {
1370 ret->priv_key = BN_bin2bn(
1371 ASN1_STRING_data(priv_key->privateKey),
1372 ASN1_STRING_length(priv_key->privateKey),
1373 ret->priv_key);
1374 if (ret->priv_key == NULL) {
1375 ECerror(ERR_R_BN_LIB);
1376 goto err;
1377 }
1378 } else {
1379 ECerror(EC_R_MISSING_PRIVATE_KEY);
1380 goto err;
1381 }
1382
1383 if (priv_key->publicKey) {
1384 const unsigned char *pub_oct;
1385 size_t pub_oct_len;
1386
1387 EC_POINT_clear_free(ret->pub_key);
1388 ret->pub_key = EC_POINT_new(ret->group);
1389 if (ret->pub_key == NULL) {
1390 ECerror(ERR_R_EC_LIB);
1391 goto err;
1392 }
1393
1394 pub_oct = ASN1_STRING_data(priv_key->publicKey);
1395 pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
1396 if (pub_oct == NULL || pub_oct_len <= 0) {
1397 ECerror(EC_R_BUFFER_TOO_SMALL);
1398 goto err;
1399 }
1400
1401 /* save the point conversion form */
1402 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
1403 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1404 pub_oct, pub_oct_len, NULL)) {
1405 ECerror(ERR_R_EC_LIB);
1406 goto err;
1407 }
1408 }
1409
1410 EC_PRIVATEKEY_free(priv_key);
1411 if (a != NULL)
1412 *a = ret;
1413 return (ret);
1414
1415 err:
1416 if (a == NULL || *a != ret)
1417 EC_KEY_free(ret);
1418 if (priv_key)
1419 EC_PRIVATEKEY_free(priv_key);
1420
1421 return (NULL);
1422 }
1423
1424 int
1425 i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1426 {
1427 int ret = 0, ok = 0;
1428 unsigned char *buffer = NULL;
1429 size_t buf_len = 0, tmp_len;
1430 EC_PRIVATEKEY *priv_key = NULL;
1431
1432 if (a == NULL || a->group == NULL || a->priv_key == NULL) {
1433 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1434 goto err;
1435 }
1436 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1437 ECerror(ERR_R_MALLOC_FAILURE);
1438 goto err;
1439 }
1440 priv_key->version = a->version;
1441
1442 buf_len = (size_t) BN_num_bytes(a->priv_key);
1443 buffer = malloc(buf_len);
1444 if (buffer == NULL) {
1445 ECerror(ERR_R_MALLOC_FAILURE);
1446 goto err;
1447 }
1448 if (!BN_bn2bin(a->priv_key, buffer)) {
1449 ECerror(ERR_R_BN_LIB);
1450 goto err;
1451 }
1452 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
1453 ECerror(ERR_R_ASN1_LIB);
1454 goto err;
1455 }
1456 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1457 if ((priv_key->parameters = ec_asn1_group2pkparameters(
1458 a->group, priv_key->parameters)) == NULL) {
1459 ECerror(ERR_R_EC_LIB);
1460 goto err;
1461 }
1462 }
1463 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
1464 priv_key->publicKey = ASN1_BIT_STRING_new();
1465 if (priv_key->publicKey == NULL) {
1466 ECerror(ERR_R_MALLOC_FAILURE);
1467 goto err;
1468 }
1469 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
1470 a->conv_form, NULL, 0, NULL);
1471
1472 if (tmp_len > buf_len) {
1473 unsigned char *tmp_buffer = realloc(buffer, tmp_len);
1474 if (!tmp_buffer) {
1475 ECerror(ERR_R_MALLOC_FAILURE);
1476 goto err;
1477 }
1478 buffer = tmp_buffer;
1479 buf_len = tmp_len;
1480 }
1481 if (!EC_POINT_point2oct(a->group, a->pub_key,
1482 a->conv_form, buffer, buf_len, NULL)) {
1483 ECerror(ERR_R_EC_LIB);
1484 goto err;
1485 }
1486 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1487 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1488 if (!ASN1_STRING_set(priv_key->publicKey, buffer,
1489 buf_len)) {
1490 ECerror(ERR_R_ASN1_LIB);
1491 goto err;
1492 }
1493 }
1494 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1495 ECerror(ERR_R_EC_LIB);
1496 goto err;
1497 }
1498 ok = 1;
1499 err:
1500 free(buffer);
1501 if (priv_key)
1502 EC_PRIVATEKEY_free(priv_key);
1503 return (ok ? ret : 0);
1504 }
1505
1506 int
1507 i2d_ECParameters(EC_KEY * a, unsigned char **out)
1508 {
1509 if (a == NULL) {
1510 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1511 return 0;
1512 }
1513 return i2d_ECPKParameters(a->group, out);
1514 }
1515
1516 EC_KEY *
1517 d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
1518 {
1519 EC_KEY *ret;
1520
1521 if (in == NULL || *in == NULL) {
1522 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1523 return NULL;
1524 }
1525 if (a == NULL || *a == NULL) {
1526 if ((ret = EC_KEY_new()) == NULL) {
1527 ECerror(ERR_R_MALLOC_FAILURE);
1528 return NULL;
1529 }
1530 } else
1531 ret = *a;
1532
1533 if (!d2i_ECPKParameters(&ret->group, in, len)) {
1534 ECerror(ERR_R_EC_LIB);
1535 if (a == NULL || *a != ret)
1536 EC_KEY_free(ret);
1537 return NULL;
1538 }
1539
1540 if (a != NULL)
1541 *a = ret;
1542 return ret;
1543 }
1544
1545 EC_KEY *
1546 o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
1547 {
1548 EC_KEY *ret = NULL;
1549
1550 if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
1551 /*
1552 * sorry, but a EC_GROUP-structur is necessary to set the
1553 * public key
1554 */
1555 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1556 return 0;
1557 }
1558 ret = *a;
1559 if (ret->pub_key == NULL &&
1560 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
1561 ECerror(ERR_R_MALLOC_FAILURE);
1562 return 0;
1563 }
1564 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
1565 ECerror(ERR_R_EC_LIB);
1566 return 0;
1567 }
1568 /* save the point conversion form */
1569 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
1570 *in += len;
1571 return ret;
1572 }
1573
1574 int
1575 i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
1576 {
1577 size_t buf_len = 0;
1578 int new_buffer = 0;
1579
1580 if (a == NULL) {
1581 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1582 return 0;
1583 }
1584 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1585 a->conv_form, NULL, 0, NULL);
1586
1587 if (out == NULL || buf_len == 0)
1588 /* out == NULL => just return the length of the octet string */
1589 return buf_len;
1590
1591 if (*out == NULL) {
1592 if ((*out = malloc(buf_len)) == NULL) {
1593 ECerror(ERR_R_MALLOC_FAILURE);
1594 return 0;
1595 }
1596 new_buffer = 1;
1597 }
1598 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1599 *out, buf_len, NULL)) {
1600 ECerror(ERR_R_EC_LIB);
1601 if (new_buffer) {
1602 free(*out);
1603 *out = NULL;
1604 }
1605 return 0;
1606 }
1607 if (!new_buffer)
1608 *out += buf_len;
1609 return buf_len;
1610 }
unleashed repo fork