1 /* crypto/ec/ec_asn1.c */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing (at) OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay (at) cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh (at) cryptsoft.com). 56 * 57 */ 58 59 #include <string.h> 60 #include "ec_lcl.h" 61 #include <openssl/err.h> 62 #include <openssl/asn1t.h> 63 #include <openssl/objects.h> 64 65 66 int EC_GROUP_get_basis_type(const EC_GROUP *group) 67 { 68 int i=0; 69 70 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 71 NID_X9_62_characteristic_two_field) 72 /* everything else is currently not supported */ 73 return 0; 74 75 while (group->poly[i] != 0) 76 i++; 77 78 if (i == 4) 79 return NID_X9_62_ppBasis; 80 else if (i == 2) 81 return NID_X9_62_tpBasis; 82 else 83 /* everything else is currently not supported */ 84 return 0; 85 } 86 #ifndef OPENSSL_NO_EC2M 87 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) 88 { 89 if (group == NULL) 90 return 0; 91 92 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 93 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) 94 { 95 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 96 return 0; 97 } 98 99 if (k) 100 *k = group->poly[1]; 101 102 return 1; 103 } 104 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, 105 unsigned int *k2, unsigned int *k3) 106 { 107 if (group == NULL) 108 return 0; 109 110 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 111 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) 112 { 113 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 114 return 0; 115 } 116 117 if (k1) 118 *k1 = group->poly[3]; 119 if (k2) 120 *k2 = group->poly[2]; 121 if (k3) 122 *k3 = group->poly[1]; 123 124 return 1; 125 } 126 #endif 127 128 129 /* some structures needed for the asn1 encoding */ 130 typedef struct x9_62_pentanomial_st { 131 long k1; 132 long k2; 133 long k3; 134 } X9_62_PENTANOMIAL; 135 136 typedef struct x9_62_characteristic_two_st { 137 long m; 138 ASN1_OBJECT *type; 139 union { 140 char *ptr; 141 /* NID_X9_62_onBasis */ 142 ASN1_NULL *onBasis; 143 /* NID_X9_62_tpBasis */ 144 ASN1_INTEGER *tpBasis; 145 /* NID_X9_62_ppBasis */ 146 X9_62_PENTANOMIAL *ppBasis; 147 /* anything else */ 148 ASN1_TYPE *other; 149 } p; 150 } X9_62_CHARACTERISTIC_TWO; 151 152 typedef struct x9_62_fieldid_st { 153 ASN1_OBJECT *fieldType; 154 union { 155 char *ptr; 156 /* NID_X9_62_prime_field */ 157 ASN1_INTEGER *prime; 158 /* NID_X9_62_characteristic_two_field */ 159 X9_62_CHARACTERISTIC_TWO *char_two; 160 /* anything else */ 161 ASN1_TYPE *other; 162 } p; 163 } X9_62_FIELDID; 164 165 typedef struct x9_62_curve_st { 166 ASN1_OCTET_STRING *a; 167 ASN1_OCTET_STRING *b; 168 ASN1_BIT_STRING *seed; 169 } X9_62_CURVE; 170 171 typedef struct ec_parameters_st { 172 long version; 173 X9_62_FIELDID *fieldID; 174 X9_62_CURVE *curve; 175 ASN1_OCTET_STRING *base; 176 ASN1_INTEGER *order; 177 ASN1_INTEGER *cofactor; 178 } ECPARAMETERS; 179 180 struct ecpk_parameters_st { 181 int type; 182 union { 183 ASN1_OBJECT *named_curve; 184 ECPARAMETERS *parameters; 185 ASN1_NULL *implicitlyCA; 186 } value; 187 }/* ECPKPARAMETERS */; 188 189 /* SEC1 ECPrivateKey */ 190 typedef struct ec_privatekey_st { 191 long version; 192 ASN1_OCTET_STRING *privateKey; 193 ECPKPARAMETERS *parameters; 194 ASN1_BIT_STRING *publicKey; 195 } EC_PRIVATEKEY; 196 197 /* the OpenSSL ASN.1 definitions */ 198 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { 199 ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), 200 ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), 201 ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) 202 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) 203 204 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 205 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 206 207 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); 208 209 ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { 210 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), 211 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), 212 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) 213 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); 214 215 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { 216 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), 217 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), 218 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) 219 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) 220 221 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 222 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 223 224 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); 225 226 ASN1_ADB(X9_62_FIELDID) = { 227 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), 228 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) 229 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); 230 231 ASN1_SEQUENCE(X9_62_FIELDID) = { 232 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), 233 ASN1_ADB_OBJECT(X9_62_FIELDID) 234 } ASN1_SEQUENCE_END(X9_62_FIELDID) 235 236 ASN1_SEQUENCE(X9_62_CURVE) = { 237 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), 238 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), 239 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) 240 } ASN1_SEQUENCE_END(X9_62_CURVE) 241 242 ASN1_SEQUENCE(ECPARAMETERS) = { 243 ASN1_SIMPLE(ECPARAMETERS, version, LONG), 244 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), 245 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), 246 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), 247 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), 248 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) 249 } ASN1_SEQUENCE_END(ECPARAMETERS) 250 251 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 252 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 253 254 ASN1_CHOICE(ECPKPARAMETERS) = { 255 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), 256 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), 257 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) 258 } ASN1_CHOICE_END(ECPKPARAMETERS) 259 260 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) 261 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) 262 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) 263 264 ASN1_SEQUENCE(EC_PRIVATEKEY) = { 265 ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), 266 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), 267 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), 268 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) 269 } ASN1_SEQUENCE_END(EC_PRIVATEKEY) 270 271 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) 272 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY) 273 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) 274 275 /* some declarations of internal function */ 276 277 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 278 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 279 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 280 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 281 /* ec_asn1_parameters2group() creates a EC_GROUP object from a 282 * ECPARAMETERS object */ 283 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 284 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 285 * EC_GROUP object */ 286 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *); 287 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a 288 * ECPKPARAMETERS object */ 289 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 290 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 291 * EC_GROUP object */ 292 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 293 ECPKPARAMETERS *); 294 295 296 /* the function definitions */ 297 298 static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) 299 { 300 int ok=0, nid; 301 BIGNUM *tmp = NULL; 302 303 if (group == NULL || field == NULL) 304 return 0; 305 306 /* clear the old values (if necessary) */ 307 if (field->fieldType != NULL) 308 ASN1_OBJECT_free(field->fieldType); 309 if (field->p.other != NULL) 310 ASN1_TYPE_free(field->p.other); 311 312 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 313 /* set OID for the field */ 314 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) 315 { 316 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 317 goto err; 318 } 319 320 if (nid == NID_X9_62_prime_field) 321 { 322 if ((tmp = BN_new()) == NULL) 323 { 324 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 325 goto err; 326 } 327 /* the parameters are specified by the prime number p */ 328 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) 329 { 330 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 331 goto err; 332 } 333 /* set the prime number */ 334 field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); 335 if (field->p.prime == NULL) 336 { 337 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 338 goto err; 339 } 340 } 341 else /* nid == NID_X9_62_characteristic_two_field */ 342 #ifdef OPENSSL_NO_EC2M 343 { 344 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED); 345 goto err; 346 } 347 #else 348 { 349 int field_type; 350 X9_62_CHARACTERISTIC_TWO *char_two; 351 352 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 353 char_two = field->p.char_two; 354 355 if (char_two == NULL) 356 { 357 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 358 goto err; 359 } 360 361 char_two->m = (long)EC_GROUP_get_degree(group); 362 363 field_type = EC_GROUP_get_basis_type(group); 364 365 if (field_type == 0) 366 { 367 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 368 goto err; 369 } 370 /* set base type OID */ 371 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) 372 { 373 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 374 goto err; 375 } 376 377 if (field_type == NID_X9_62_tpBasis) 378 { 379 unsigned int k; 380 381 if (!EC_GROUP_get_trinomial_basis(group, &k)) 382 goto err; 383 384 char_two->p.tpBasis = ASN1_INTEGER_new(); 385 if (!char_two->p.tpBasis) 386 { 387 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 388 goto err; 389 } 390 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) 391 { 392 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, 393 ERR_R_ASN1_LIB); 394 goto err; 395 } 396 } 397 else if (field_type == NID_X9_62_ppBasis) 398 { 399 unsigned int k1, k2, k3; 400 401 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 402 goto err; 403 404 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 405 if (!char_two->p.ppBasis) 406 { 407 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 408 goto err; 409 } 410 411 /* set k? values */ 412 char_two->p.ppBasis->k1 = (long)k1; 413 char_two->p.ppBasis->k2 = (long)k2; 414 char_two->p.ppBasis->k3 = (long)k3; 415 } 416 else /* field_type == NID_X9_62_onBasis */ 417 { 418 /* for ONB the parameters are (asn1) NULL */ 419 char_two->p.onBasis = ASN1_NULL_new(); 420 if (!char_two->p.onBasis) 421 { 422 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 423 goto err; 424 } 425 } 426 } 427 #endif 428 429 ok = 1; 430 431 err : if (tmp) 432 BN_free(tmp); 433 return(ok); 434 } 435 436 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) 437 { 438 int ok=0, nid; 439 BIGNUM *tmp_1=NULL, *tmp_2=NULL; 440 unsigned char *buffer_1=NULL, *buffer_2=NULL, 441 *a_buf=NULL, *b_buf=NULL; 442 size_t len_1, len_2; 443 unsigned char char_zero = 0; 444 445 if (!group || !curve || !curve->a || !curve->b) 446 return 0; 447 448 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) 449 { 450 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 451 goto err; 452 } 453 454 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 455 456 /* get a and b */ 457 if (nid == NID_X9_62_prime_field) 458 { 459 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) 460 { 461 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 462 goto err; 463 } 464 } 465 #ifndef OPENSSL_NO_EC2M 466 else /* nid == NID_X9_62_characteristic_two_field */ 467 { 468 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) 469 { 470 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 471 goto err; 472 } 473 } 474 #endif 475 len_1 = (size_t)BN_num_bytes(tmp_1); 476 len_2 = (size_t)BN_num_bytes(tmp_2); 477 478 if (len_1 == 0) 479 { 480 /* len_1 == 0 => a == 0 */ 481 a_buf = &char_zero; 482 len_1 = 1; 483 } 484 else 485 { 486 if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) 487 { 488 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 489 ERR_R_MALLOC_FAILURE); 490 goto err; 491 } 492 if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) 493 { 494 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 495 goto err; 496 } 497 a_buf = buffer_1; 498 } 499 500 if (len_2 == 0) 501 { 502 /* len_2 == 0 => b == 0 */ 503 b_buf = &char_zero; 504 len_2 = 1; 505 } 506 else 507 { 508 if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) 509 { 510 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 511 ERR_R_MALLOC_FAILURE); 512 goto err; 513 } 514 if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) 515 { 516 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 517 goto err; 518 } 519 b_buf = buffer_2; 520 } 521 522 /* set a and b */ 523 if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || 524 !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) 525 { 526 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 527 goto err; 528 } 529 530 /* set the seed (optional) */ 531 if (group->seed) 532 { 533 if (!curve->seed) 534 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) 535 { 536 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 537 goto err; 538 } 539 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 540 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 541 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 542 (int)group->seed_len)) 543 { 544 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 545 goto err; 546 } 547 } 548 else 549 { 550 if (curve->seed) 551 { 552 ASN1_BIT_STRING_free(curve->seed); 553 curve->seed = NULL; 554 } 555 } 556 557 ok = 1; 558 559 err: if (buffer_1) 560 OPENSSL_free(buffer_1); 561 if (buffer_2) 562 OPENSSL_free(buffer_2); 563 if (tmp_1) 564 BN_free(tmp_1); 565 if (tmp_2) 566 BN_free(tmp_2); 567 return(ok); 568 } 569 570 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, 571 ECPARAMETERS *param) 572 { 573 int ok=0; 574 size_t len=0; 575 ECPARAMETERS *ret=NULL; 576 BIGNUM *tmp=NULL; 577 unsigned char *buffer=NULL; 578 const EC_POINT *point=NULL; 579 point_conversion_form_t form; 580 581 if ((tmp = BN_new()) == NULL) 582 { 583 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 584 goto err; 585 } 586 587 if (param == NULL) 588 { 589 if ((ret = ECPARAMETERS_new()) == NULL) 590 { 591 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 592 ERR_R_MALLOC_FAILURE); 593 goto err; 594 } 595 } 596 else 597 ret = param; 598 599 /* set the version (always one) */ 600 ret->version = (long)0x1; 601 602 /* set the fieldID */ 603 if (!ec_asn1_group2fieldid(group, ret->fieldID)) 604 { 605 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 606 goto err; 607 } 608 609 /* set the curve */ 610 if (!ec_asn1_group2curve(group, ret->curve)) 611 { 612 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 613 goto err; 614 } 615 616 /* set the base point */ 617 if ((point = EC_GROUP_get0_generator(group)) == NULL) 618 { 619 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); 620 goto err; 621 } 622 623 form = EC_GROUP_get_point_conversion_form(group); 624 625 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 626 if (len == 0) 627 { 628 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 629 goto err; 630 } 631 if ((buffer = OPENSSL_malloc(len)) == NULL) 632 { 633 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 634 goto err; 635 } 636 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) 637 { 638 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 639 goto err; 640 } 641 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) 642 { 643 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 644 goto err; 645 } 646 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) 647 { 648 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 649 goto err; 650 } 651 652 /* set the order */ 653 if (!EC_GROUP_get_order(group, tmp, NULL)) 654 { 655 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 656 goto err; 657 } 658 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 659 if (ret->order == NULL) 660 { 661 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 662 goto err; 663 } 664 665 /* set the cofactor (optional) */ 666 if (EC_GROUP_get_cofactor(group, tmp, NULL)) 667 { 668 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 669 if (ret->cofactor == NULL) 670 { 671 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 672 goto err; 673 } 674 } 675 676 ok = 1; 677 678 err : if(!ok) 679 { 680 if (ret && !param) 681 ECPARAMETERS_free(ret); 682 ret = NULL; 683 } 684 if (tmp) 685 BN_free(tmp); 686 if (buffer) 687 OPENSSL_free(buffer); 688 return(ret); 689 } 690 691 ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, 692 ECPKPARAMETERS *params) 693 { 694 int ok = 1, tmp; 695 ECPKPARAMETERS *ret = params; 696 697 if (ret == NULL) 698 { 699 if ((ret = ECPKPARAMETERS_new()) == NULL) 700 { 701 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 702 ERR_R_MALLOC_FAILURE); 703 return NULL; 704 } 705 } 706 else 707 { 708 if (ret->type == 0 && ret->value.named_curve) 709 ASN1_OBJECT_free(ret->value.named_curve); 710 else if (ret->type == 1 && ret->value.parameters) 711 ECPARAMETERS_free(ret->value.parameters); 712 } 713 714 if (EC_GROUP_get_asn1_flag(group)) 715 { 716 /* use the asn1 OID to describe the 717 * the elliptic curve parameters 718 */ 719 tmp = EC_GROUP_get_curve_name(group); 720 if (tmp) 721 { 722 ret->type = 0; 723 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 724 ok = 0; 725 } 726 else 727 /* we don't kmow the nid => ERROR */ 728 ok = 0; 729 } 730 else 731 { 732 /* use the ECPARAMETERS structure */ 733 ret->type = 1; 734 if ((ret->value.parameters = ec_asn1_group2parameters( 735 group, NULL)) == NULL) 736 ok = 0; 737 } 738 739 if (!ok) 740 { 741 ECPKPARAMETERS_free(ret); 742 return NULL; 743 } 744 return ret; 745 } 746 747 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) 748 { 749 int ok = 0, tmp; 750 EC_GROUP *ret = NULL; 751 BIGNUM *p = NULL, *a = NULL, *b = NULL; 752 EC_POINT *point=NULL; 753 long field_bits; 754 755 if (!params->fieldID || !params->fieldID->fieldType || 756 !params->fieldID->p.ptr) 757 { 758 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 759 goto err; 760 } 761 762 /* now extract the curve parameters a and b */ 763 if (!params->curve || !params->curve->a || 764 !params->curve->a->data || !params->curve->b || 765 !params->curve->b->data) 766 { 767 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 768 goto err; 769 } 770 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 771 if (a == NULL) 772 { 773 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 774 goto err; 775 } 776 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 777 if (b == NULL) 778 { 779 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 780 goto err; 781 } 782 783 /* get the field parameters */ 784 tmp = OBJ_obj2nid(params->fieldID->fieldType); 785 if (tmp == NID_X9_62_characteristic_two_field) 786 #ifdef OPENSSL_NO_EC2M 787 { 788 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED); 789 goto err; 790 } 791 #else 792 { 793 X9_62_CHARACTERISTIC_TWO *char_two; 794 795 char_two = params->fieldID->p.char_two; 796 797 field_bits = char_two->m; 798 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) 799 { 800 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 801 goto err; 802 } 803 804 if ((p = BN_new()) == NULL) 805 { 806 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 807 goto err; 808 } 809 810 /* get the base type */ 811 tmp = OBJ_obj2nid(char_two->type); 812 813 if (tmp == NID_X9_62_tpBasis) 814 { 815 long tmp_long; 816 817 if (!char_two->p.tpBasis) 818 { 819 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 820 goto err; 821 } 822 823 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 824 825 if (!(char_two->m > tmp_long && tmp_long > 0)) 826 { 827 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); 828 goto err; 829 } 830 831 /* create the polynomial */ 832 if (!BN_set_bit(p, (int)char_two->m)) 833 goto err; 834 if (!BN_set_bit(p, (int)tmp_long)) 835 goto err; 836 if (!BN_set_bit(p, 0)) 837 goto err; 838 } 839 else if (tmp == NID_X9_62_ppBasis) 840 { 841 X9_62_PENTANOMIAL *penta; 842 843 penta = char_two->p.ppBasis; 844 if (!penta) 845 { 846 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 847 goto err; 848 } 849 850 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) 851 { 852 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); 853 goto err; 854 } 855 856 /* create the polynomial */ 857 if (!BN_set_bit(p, (int)char_two->m)) goto err; 858 if (!BN_set_bit(p, (int)penta->k1)) goto err; 859 if (!BN_set_bit(p, (int)penta->k2)) goto err; 860 if (!BN_set_bit(p, (int)penta->k3)) goto err; 861 if (!BN_set_bit(p, 0)) goto err; 862 } 863 else if (tmp == NID_X9_62_onBasis) 864 { 865 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); 866 goto err; 867 } 868 else /* error */ 869 { 870 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 871 goto err; 872 } 873 874 /* create the EC_GROUP structure */ 875 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 876 } 877 #endif 878 else if (tmp == NID_X9_62_prime_field) 879 { 880 /* we have a curve over a prime field */ 881 /* extract the prime number */ 882 if (!params->fieldID->p.prime) 883 { 884 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 885 goto err; 886 } 887 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 888 if (p == NULL) 889 { 890 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 891 goto err; 892 } 893 894 if (BN_is_negative(p) || BN_is_zero(p)) 895 { 896 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 897 goto err; 898 } 899 900 field_bits = BN_num_bits(p); 901 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) 902 { 903 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 904 goto err; 905 } 906 907 /* create the EC_GROUP structure */ 908 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 909 } 910 else 911 { 912 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 913 goto err; 914 } 915 916 if (ret == NULL) 917 { 918 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 919 goto err; 920 } 921 922 /* extract seed (optional) */ 923 if (params->curve->seed != NULL) 924 { 925 if (ret->seed != NULL) 926 OPENSSL_free(ret->seed); 927 if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) 928 { 929 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 930 ERR_R_MALLOC_FAILURE); 931 goto err; 932 } 933 memcpy(ret->seed, params->curve->seed->data, 934 params->curve->seed->length); 935 ret->seed_len = params->curve->seed->length; 936 } 937 938 if (!params->order || !params->base || !params->base->data) 939 { 940 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 941 goto err; 942 } 943 944 if ((point = EC_POINT_new(ret)) == NULL) goto err; 945 946 /* set the point conversion form */ 947 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 948 (params->base->data[0] & ~0x01)); 949 950 /* extract the ec point */ 951 if (!EC_POINT_oct2point(ret, point, params->base->data, 952 params->base->length, NULL)) 953 { 954 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 955 goto err; 956 } 957 958 /* extract the order */ 959 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) 960 { 961 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 962 goto err; 963 } 964 if (BN_is_negative(a) || BN_is_zero(a)) 965 { 966 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 967 goto err; 968 } 969 if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */ 970 { 971 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 972 goto err; 973 } 974 975 /* extract the cofactor (optional) */ 976 if (params->cofactor == NULL) 977 { 978 if (b) 979 { 980 BN_free(b); 981 b = NULL; 982 } 983 } 984 else 985 if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) 986 { 987 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 988 goto err; 989 } 990 /* set the generator, order and cofactor (if present) */ 991 if (!EC_GROUP_set_generator(ret, point, a, b)) 992 { 993 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 994 goto err; 995 } 996 997 ok = 1; 998 999 err: if (!ok) 1000 { 1001 if (ret) 1002 EC_GROUP_clear_free(ret); 1003 ret = NULL; 1004 } 1005 1006 if (p) 1007 BN_free(p); 1008 if (a) 1009 BN_free(a); 1010 if (b) 1011 BN_free(b); 1012 if (point) 1013 EC_POINT_free(point); 1014 return(ret); 1015 } 1016 1017 EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) 1018 { 1019 EC_GROUP *ret=NULL; 1020 int tmp=0; 1021 1022 if (params == NULL) 1023 { 1024 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1025 EC_R_MISSING_PARAMETERS); 1026 return NULL; 1027 } 1028 1029 if (params->type == 0) 1030 { /* the curve is given by an OID */ 1031 tmp = OBJ_obj2nid(params->value.named_curve); 1032 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) 1033 { 1034 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1035 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 1036 return NULL; 1037 } 1038 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1039 } 1040 else if (params->type == 1) 1041 { /* the parameters are given by a ECPARAMETERS 1042 * structure */ 1043 ret = ec_asn1_parameters2group(params->value.parameters); 1044 if (!ret) 1045 { 1046 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); 1047 return NULL; 1048 } 1049 EC_GROUP_set_asn1_flag(ret, 0x0); 1050 } 1051 else if (params->type == 2) 1052 { /* implicitlyCA */ 1053 return NULL; 1054 } 1055 else 1056 { 1057 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); 1058 return NULL; 1059 } 1060 1061 return ret; 1062 } 1063 1064 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 1065 1066 EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) 1067 { 1068 EC_GROUP *group = NULL; 1069 ECPKPARAMETERS *params = NULL; 1070 1071 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) 1072 { 1073 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); 1074 ECPKPARAMETERS_free(params); 1075 return NULL; 1076 } 1077 1078 if ((group = ec_asn1_pkparameters2group(params)) == NULL) 1079 { 1080 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); 1081 ECPKPARAMETERS_free(params); 1082 return NULL; 1083 } 1084 1085 1086 if (a && *a) 1087 EC_GROUP_clear_free(*a); 1088 if (a) 1089 *a = group; 1090 1091 ECPKPARAMETERS_free(params); 1092 return(group); 1093 } 1094 1095 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) 1096 { 1097 int ret=0; 1098 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1099 if (tmp == NULL) 1100 { 1101 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); 1102 return 0; 1103 } 1104 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) 1105 { 1106 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); 1107 ECPKPARAMETERS_free(tmp); 1108 return 0; 1109 } 1110 ECPKPARAMETERS_free(tmp); 1111 return(ret); 1112 } 1113 1114 /* some EC_KEY functions */ 1115 1116 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) 1117 { 1118 int ok=0; 1119 EC_KEY *ret=NULL; 1120 EC_PRIVATEKEY *priv_key=NULL; 1121 1122 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) 1123 { 1124 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1125 return NULL; 1126 } 1127 1128 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) 1129 { 1130 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1131 EC_PRIVATEKEY_free(priv_key); 1132 return NULL; 1133 } 1134 1135 if (a == NULL || *a == NULL) 1136 { 1137 if ((ret = EC_KEY_new()) == NULL) 1138 { 1139 ECerr(EC_F_D2I_ECPRIVATEKEY, 1140 ERR_R_MALLOC_FAILURE); 1141 goto err; 1142 } 1143 if (a) 1144 *a = ret; 1145 } 1146 else 1147 ret = *a; 1148 1149 if (priv_key->parameters) 1150 { 1151 if (ret->group) 1152 EC_GROUP_clear_free(ret->group); 1153 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1154 } 1155 1156 if (ret->group == NULL) 1157 { 1158 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1159 goto err; 1160 } 1161 1162 ret->version = priv_key->version; 1163 1164 if (priv_key->privateKey) 1165 { 1166 ret->priv_key = BN_bin2bn( 1167 M_ASN1_STRING_data(priv_key->privateKey), 1168 M_ASN1_STRING_length(priv_key->privateKey), 1169 ret->priv_key); 1170 if (ret->priv_key == NULL) 1171 { 1172 ECerr(EC_F_D2I_ECPRIVATEKEY, 1173 ERR_R_BN_LIB); 1174 goto err; 1175 } 1176 } 1177 else 1178 { 1179 ECerr(EC_F_D2I_ECPRIVATEKEY, 1180 EC_R_MISSING_PRIVATE_KEY); 1181 goto err; 1182 } 1183 1184 if (priv_key->publicKey) 1185 { 1186 const unsigned char *pub_oct; 1187 size_t pub_oct_len; 1188 1189 if (ret->pub_key) 1190 EC_POINT_clear_free(ret->pub_key); 1191 ret->pub_key = EC_POINT_new(ret->group); 1192 if (ret->pub_key == NULL) 1193 { 1194 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1195 goto err; 1196 } 1197 pub_oct = M_ASN1_STRING_data(priv_key->publicKey); 1198 pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); 1199 /* save the point conversion form */ 1200 ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); 1201 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1202 pub_oct, pub_oct_len, NULL)) 1203 { 1204 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1205 goto err; 1206 } 1207 } 1208 1209 ok = 1; 1210 err: 1211 if (!ok) 1212 { 1213 if (ret) 1214 EC_KEY_free(ret); 1215 ret = NULL; 1216 } 1217 1218 if (priv_key) 1219 EC_PRIVATEKEY_free(priv_key); 1220 1221 return(ret); 1222 } 1223 1224 int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) 1225 { 1226 int ret=0, ok=0; 1227 unsigned char *buffer=NULL; 1228 size_t buf_len=0, tmp_len; 1229 EC_PRIVATEKEY *priv_key=NULL; 1230 1231 if (a == NULL || a->group == NULL || a->priv_key == NULL) 1232 { 1233 ECerr(EC_F_I2D_ECPRIVATEKEY, 1234 ERR_R_PASSED_NULL_PARAMETER); 1235 goto err; 1236 } 1237 1238 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) 1239 { 1240 ECerr(EC_F_I2D_ECPRIVATEKEY, 1241 ERR_R_MALLOC_FAILURE); 1242 goto err; 1243 } 1244 1245 priv_key->version = a->version; 1246 1247 buf_len = (size_t)BN_num_bytes(a->priv_key); 1248 buffer = OPENSSL_malloc(buf_len); 1249 if (buffer == NULL) 1250 { 1251 ECerr(EC_F_I2D_ECPRIVATEKEY, 1252 ERR_R_MALLOC_FAILURE); 1253 goto err; 1254 } 1255 1256 if (!BN_bn2bin(a->priv_key, buffer)) 1257 { 1258 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); 1259 goto err; 1260 } 1261 1262 if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) 1263 { 1264 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1265 goto err; 1266 } 1267 1268 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) 1269 { 1270 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1271 a->group, priv_key->parameters)) == NULL) 1272 { 1273 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1274 goto err; 1275 } 1276 } 1277 1278 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) 1279 { 1280 priv_key->publicKey = M_ASN1_BIT_STRING_new(); 1281 if (priv_key->publicKey == NULL) 1282 { 1283 ECerr(EC_F_I2D_ECPRIVATEKEY, 1284 ERR_R_MALLOC_FAILURE); 1285 goto err; 1286 } 1287 1288 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1289 a->conv_form, NULL, 0, NULL); 1290 1291 if (tmp_len > buf_len) 1292 { 1293 unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); 1294 if (!tmp_buffer) 1295 { 1296 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1297 goto err; 1298 } 1299 buffer = tmp_buffer; 1300 buf_len = tmp_len; 1301 } 1302 1303 if (!EC_POINT_point2oct(a->group, a->pub_key, 1304 a->conv_form, buffer, buf_len, NULL)) 1305 { 1306 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1307 goto err; 1308 } 1309 1310 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 1311 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1312 if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 1313 buf_len)) 1314 { 1315 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1316 goto err; 1317 } 1318 } 1319 1320 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) 1321 { 1322 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1323 goto err; 1324 } 1325 ok=1; 1326 err: 1327 if (buffer) 1328 OPENSSL_free(buffer); 1329 if (priv_key) 1330 EC_PRIVATEKEY_free(priv_key); 1331 return(ok?ret:0); 1332 } 1333 1334 int i2d_ECParameters(EC_KEY *a, unsigned char **out) 1335 { 1336 if (a == NULL) 1337 { 1338 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1339 return 0; 1340 } 1341 return i2d_ECPKParameters(a->group, out); 1342 } 1343 1344 EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) 1345 { 1346 EC_KEY *ret; 1347 1348 if (in == NULL || *in == NULL) 1349 { 1350 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1351 return NULL; 1352 } 1353 1354 if (a == NULL || *a == NULL) 1355 { 1356 if ((ret = EC_KEY_new()) == NULL) 1357 { 1358 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); 1359 return NULL; 1360 } 1361 if (a) 1362 *a = ret; 1363 } 1364 else 1365 ret = *a; 1366 1367 if (!d2i_ECPKParameters(&ret->group, in, len)) 1368 { 1369 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); 1370 return NULL; 1371 } 1372 1373 return ret; 1374 } 1375 1376 EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) 1377 { 1378 EC_KEY *ret=NULL; 1379 1380 if (a == NULL || (*a) == NULL || (*a)->group == NULL) 1381 { 1382 /* sorry, but a EC_GROUP-structur is necessary 1383 * to set the public key */ 1384 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1385 return 0; 1386 } 1387 ret = *a; 1388 if (ret->pub_key == NULL && 1389 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) 1390 { 1391 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1392 return 0; 1393 } 1394 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) 1395 { 1396 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); 1397 return 0; 1398 } 1399 /* save the point conversion form */ 1400 ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); 1401 *in += len; 1402 return ret; 1403 } 1404 1405 int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) 1406 { 1407 size_t buf_len=0; 1408 int new_buffer = 0; 1409 1410 if (a == NULL) 1411 { 1412 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1413 return 0; 1414 } 1415 1416 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1417 a->conv_form, NULL, 0, NULL); 1418 1419 if (out == NULL || buf_len == 0) 1420 /* out == NULL => just return the length of the octet string */ 1421 return buf_len; 1422 1423 if (*out == NULL) 1424 { 1425 if ((*out = OPENSSL_malloc(buf_len)) == NULL) 1426 { 1427 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1428 return 0; 1429 } 1430 new_buffer = 1; 1431 } 1432 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1433 *out, buf_len, NULL)) 1434 { 1435 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); 1436 OPENSSL_free(*out); 1437 *out = NULL; 1438 return 0; 1439 } 1440 if (!new_buffer) 1441 *out += buf_len; 1442 return buf_len; 1443 } 1444
