1 /* $OpenBSD: ec_asn1.c,v 1.45 2023/05/04 05:59:38 tb Exp $ */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <string.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include <openssl/err.h> 64 #include <openssl/asn1t.h> 65 #include <openssl/objects.h> 66 67 #include "asn1_local.h" 68 #include "ec_local.h" 69 70 int 71 EC_GROUP_get_basis_type(const EC_GROUP *group) 72 { 73 int i = 0; 74 75 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 76 NID_X9_62_characteristic_two_field) 77 /* everything else is currently not supported */ 78 return 0; 79 80 while (group->poly[i] != 0) 81 i++; 82 83 if (i == 4) 84 return NID_X9_62_ppBasis; 85 else if (i == 2) 86 return NID_X9_62_tpBasis; 87 else 88 /* everything else is currently not supported */ 89 return 0; 90 } 91 92 /* some structures needed for the asn1 encoding */ 93 typedef struct x9_62_pentanomial_st { 94 long k1; 95 long k2; 96 long k3; 97 } X9_62_PENTANOMIAL; 98 99 typedef struct x9_62_characteristic_two_st { 100 long m; 101 ASN1_OBJECT *type; 102 union { 103 char *ptr; 104 /* NID_X9_62_onBasis */ 105 ASN1_NULL *onBasis; 106 /* NID_X9_62_tpBasis */ 107 ASN1_INTEGER *tpBasis; 108 /* NID_X9_62_ppBasis */ 109 X9_62_PENTANOMIAL *ppBasis; 110 /* anything else */ 111 ASN1_TYPE *other; 112 } p; 113 } X9_62_CHARACTERISTIC_TWO; 114 115 typedef struct x9_62_fieldid_st { 116 ASN1_OBJECT *fieldType; 117 union { 118 char *ptr; 119 /* NID_X9_62_prime_field */ 120 ASN1_INTEGER *prime; 121 /* NID_X9_62_characteristic_two_field */ 122 X9_62_CHARACTERISTIC_TWO *char_two; 123 /* anything else */ 124 ASN1_TYPE *other; 125 } p; 126 } X9_62_FIELDID; 127 128 typedef struct x9_62_curve_st { 129 ASN1_OCTET_STRING *a; 130 ASN1_OCTET_STRING *b; 131 ASN1_BIT_STRING *seed; 132 } X9_62_CURVE; 133 134 typedef struct ec_parameters_st { 135 long version; 136 X9_62_FIELDID *fieldID; 137 X9_62_CURVE *curve; 138 ASN1_OCTET_STRING *base; 139 ASN1_INTEGER *order; 140 ASN1_INTEGER *cofactor; 141 } ECPARAMETERS; 142 143 struct ecpk_parameters_st { 144 int type; 145 union { 146 ASN1_OBJECT *named_curve; 147 ECPARAMETERS *parameters; 148 ASN1_NULL *implicitlyCA; 149 } value; 150 } /* ECPKPARAMETERS */ ; 151 152 /* SEC1 ECPrivateKey */ 153 typedef struct ec_privatekey_st { 154 long version; 155 ASN1_OCTET_STRING *privateKey; 156 ECPKPARAMETERS *parameters; 157 ASN1_BIT_STRING *publicKey; 158 } EC_PRIVATEKEY; 159 160 /* the OpenSSL ASN.1 definitions */ 161 static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = { 162 { 163 .flags = 0, 164 .tag = 0, 165 .offset = offsetof(X9_62_PENTANOMIAL, k1), 166 .field_name = "k1", 167 .item = &LONG_it, 168 }, 169 { 170 .flags = 0, 171 .tag = 0, 172 .offset = offsetof(X9_62_PENTANOMIAL, k2), 173 .field_name = "k2", 174 .item = &LONG_it, 175 }, 176 { 177 .flags = 0, 178 .tag = 0, 179 .offset = offsetof(X9_62_PENTANOMIAL, k3), 180 .field_name = "k3", 181 .item = &LONG_it, 182 }, 183 }; 184 185 const ASN1_ITEM X9_62_PENTANOMIAL_it = { 186 .itype = ASN1_ITYPE_SEQUENCE, 187 .utype = V_ASN1_SEQUENCE, 188 .templates = X9_62_PENTANOMIAL_seq_tt, 189 .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE), 190 .funcs = NULL, 191 .size = sizeof(X9_62_PENTANOMIAL), 192 .sname = "X9_62_PENTANOMIAL", 193 }; 194 195 X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void); 196 void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a); 197 198 X9_62_PENTANOMIAL * 199 X9_62_PENTANOMIAL_new(void) 200 { 201 return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it); 202 } 203 204 void 205 X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a) 206 { 207 ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it); 208 } 209 210 static const ASN1_TEMPLATE char_two_def_tt = { 211 .flags = 0, 212 .tag = 0, 213 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other), 214 .field_name = "p.other", 215 .item = &ASN1_ANY_it, 216 }; 217 218 static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { 219 { 220 .value = NID_X9_62_onBasis, 221 .tt = { 222 .flags = 0, 223 .tag = 0, 224 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis), 225 .field_name = "p.onBasis", 226 .item = &ASN1_NULL_it, 227 }, 228 }, 229 { 230 .value = NID_X9_62_tpBasis, 231 .tt = { 232 .flags = 0, 233 .tag = 0, 234 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis), 235 .field_name = "p.tpBasis", 236 .item = &ASN1_INTEGER_it, 237 }, 238 }, 239 { 240 .value = NID_X9_62_ppBasis, 241 .tt = { 242 .flags = 0, 243 .tag = 0, 244 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis), 245 .field_name = "p.ppBasis", 246 .item = &X9_62_PENTANOMIAL_it, 247 }, 248 249 }, 250 }; 251 252 static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { 253 .flags = 0, 254 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 255 .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, 256 .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), 257 .default_tt = &char_two_def_tt, 258 .null_tt = NULL, 259 }; 260 261 static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = { 262 { 263 .flags = 0, 264 .tag = 0, 265 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m), 266 .field_name = "m", 267 .item = &LONG_it, 268 }, 269 { 270 .flags = 0, 271 .tag = 0, 272 .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), 273 .field_name = "type", 274 .item = &ASN1_OBJECT_it, 275 }, 276 { 277 .flags = ASN1_TFLG_ADB_OID, 278 .tag = -1, 279 .offset = 0, 280 .field_name = "X9_62_CHARACTERISTIC_TWO", 281 .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb, 282 }, 283 }; 284 285 const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = { 286 .itype = ASN1_ITYPE_SEQUENCE, 287 .utype = V_ASN1_SEQUENCE, 288 .templates = X9_62_CHARACTERISTIC_TWO_seq_tt, 289 .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE), 290 .funcs = NULL, 291 .size = sizeof(X9_62_CHARACTERISTIC_TWO), 292 .sname = "X9_62_CHARACTERISTIC_TWO", 293 }; 294 295 X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void); 296 void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a); 297 298 X9_62_CHARACTERISTIC_TWO * 299 X9_62_CHARACTERISTIC_TWO_new(void) 300 { 301 return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it); 302 } 303 304 void 305 X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a) 306 { 307 ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it); 308 } 309 310 static const ASN1_TEMPLATE fieldID_def_tt = { 311 .flags = 0, 312 .tag = 0, 313 .offset = offsetof(X9_62_FIELDID, p.other), 314 .field_name = "p.other", 315 .item = &ASN1_ANY_it, 316 }; 317 318 static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { 319 { 320 .value = NID_X9_62_prime_field, 321 .tt = { 322 .flags = 0, 323 .tag = 0, 324 .offset = offsetof(X9_62_FIELDID, p.prime), 325 .field_name = "p.prime", 326 .item = &ASN1_INTEGER_it, 327 }, 328 }, 329 { 330 .value = NID_X9_62_characteristic_two_field, 331 .tt = { 332 .flags = 0, 333 .tag = 0, 334 .offset = offsetof(X9_62_FIELDID, p.char_two), 335 .field_name = "p.char_two", 336 .item = &X9_62_CHARACTERISTIC_TWO_it, 337 }, 338 }, 339 }; 340 341 static const ASN1_ADB X9_62_FIELDID_adb = { 342 .flags = 0, 343 .offset = offsetof(X9_62_FIELDID, fieldType), 344 .tbl = X9_62_FIELDID_adbtbl, 345 .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), 346 .default_tt = &fieldID_def_tt, 347 .null_tt = NULL, 348 }; 349 350 static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = { 351 { 352 .flags = 0, 353 .tag = 0, 354 .offset = offsetof(X9_62_FIELDID, fieldType), 355 .field_name = "fieldType", 356 .item = &ASN1_OBJECT_it, 357 }, 358 { 359 .flags = ASN1_TFLG_ADB_OID, 360 .tag = -1, 361 .offset = 0, 362 .field_name = "X9_62_FIELDID", 363 .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb, 364 }, 365 }; 366 367 const ASN1_ITEM X9_62_FIELDID_it = { 368 .itype = ASN1_ITYPE_SEQUENCE, 369 .utype = V_ASN1_SEQUENCE, 370 .templates = X9_62_FIELDID_seq_tt, 371 .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE), 372 .funcs = NULL, 373 .size = sizeof(X9_62_FIELDID), 374 .sname = "X9_62_FIELDID", 375 }; 376 377 static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = { 378 { 379 .flags = 0, 380 .tag = 0, 381 .offset = offsetof(X9_62_CURVE, a), 382 .field_name = "a", 383 .item = &ASN1_OCTET_STRING_it, 384 }, 385 { 386 .flags = 0, 387 .tag = 0, 388 .offset = offsetof(X9_62_CURVE, b), 389 .field_name = "b", 390 .item = &ASN1_OCTET_STRING_it, 391 }, 392 { 393 .flags = ASN1_TFLG_OPTIONAL, 394 .tag = 0, 395 .offset = offsetof(X9_62_CURVE, seed), 396 .field_name = "seed", 397 .item = &ASN1_BIT_STRING_it, 398 }, 399 }; 400 401 const ASN1_ITEM X9_62_CURVE_it = { 402 .itype = ASN1_ITYPE_SEQUENCE, 403 .utype = V_ASN1_SEQUENCE, 404 .templates = X9_62_CURVE_seq_tt, 405 .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE), 406 .funcs = NULL, 407 .size = sizeof(X9_62_CURVE), 408 .sname = "X9_62_CURVE", 409 }; 410 411 static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = { 412 { 413 .flags = 0, 414 .tag = 0, 415 .offset = offsetof(ECPARAMETERS, version), 416 .field_name = "version", 417 .item = &LONG_it, 418 }, 419 { 420 .flags = 0, 421 .tag = 0, 422 .offset = offsetof(ECPARAMETERS, fieldID), 423 .field_name = "fieldID", 424 .item = &X9_62_FIELDID_it, 425 }, 426 { 427 .flags = 0, 428 .tag = 0, 429 .offset = offsetof(ECPARAMETERS, curve), 430 .field_name = "curve", 431 .item = &X9_62_CURVE_it, 432 }, 433 { 434 .flags = 0, 435 .tag = 0, 436 .offset = offsetof(ECPARAMETERS, base), 437 .field_name = "base", 438 .item = &ASN1_OCTET_STRING_it, 439 }, 440 { 441 .flags = 0, 442 .tag = 0, 443 .offset = offsetof(ECPARAMETERS, order), 444 .field_name = "order", 445 .item = &ASN1_INTEGER_it, 446 }, 447 { 448 .flags = ASN1_TFLG_OPTIONAL, 449 .tag = 0, 450 .offset = offsetof(ECPARAMETERS, cofactor), 451 .field_name = "cofactor", 452 .item = &ASN1_INTEGER_it, 453 }, 454 }; 455 456 const ASN1_ITEM ECPARAMETERS_it = { 457 .itype = ASN1_ITYPE_SEQUENCE, 458 .utype = V_ASN1_SEQUENCE, 459 .templates = ECPARAMETERS_seq_tt, 460 .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE), 461 .funcs = NULL, 462 .size = sizeof(ECPARAMETERS), 463 .sname = "ECPARAMETERS", 464 }; 465 466 ECPARAMETERS *ECPARAMETERS_new(void); 467 void ECPARAMETERS_free(ECPARAMETERS *a); 468 469 ECPARAMETERS * 470 ECPARAMETERS_new(void) 471 { 472 return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it); 473 } 474 475 void 476 ECPARAMETERS_free(ECPARAMETERS *a) 477 { 478 ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it); 479 } 480 481 static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = { 482 { 483 .flags = 0, 484 .tag = 0, 485 .offset = offsetof(ECPKPARAMETERS, value.named_curve), 486 .field_name = "value.named_curve", 487 .item = &ASN1_OBJECT_it, 488 }, 489 { 490 .flags = 0, 491 .tag = 0, 492 .offset = offsetof(ECPKPARAMETERS, value.parameters), 493 .field_name = "value.parameters", 494 .item = &ECPARAMETERS_it, 495 }, 496 { 497 .flags = 0, 498 .tag = 0, 499 .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA), 500 .field_name = "value.implicitlyCA", 501 .item = &ASN1_NULL_it, 502 }, 503 }; 504 505 const ASN1_ITEM ECPKPARAMETERS_it = { 506 .itype = ASN1_ITYPE_CHOICE, 507 .utype = offsetof(ECPKPARAMETERS, type), 508 .templates = ECPKPARAMETERS_ch_tt, 509 .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE), 510 .funcs = NULL, 511 .size = sizeof(ECPKPARAMETERS), 512 .sname = "ECPKPARAMETERS", 513 }; 514 515 ECPKPARAMETERS *ECPKPARAMETERS_new(void); 516 void ECPKPARAMETERS_free(ECPKPARAMETERS *a); 517 ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len); 518 int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out); 519 520 ECPKPARAMETERS * 521 d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) 522 { 523 return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 524 &ECPKPARAMETERS_it); 525 } 526 527 int 528 i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out) 529 { 530 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it); 531 } 532 533 ECPKPARAMETERS * 534 ECPKPARAMETERS_new(void) 535 { 536 return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it); 537 } 538 539 void 540 ECPKPARAMETERS_free(ECPKPARAMETERS *a) 541 { 542 ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it); 543 } 544 545 static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = { 546 { 547 .flags = 0, 548 .tag = 0, 549 .offset = offsetof(EC_PRIVATEKEY, version), 550 .field_name = "version", 551 .item = &LONG_it, 552 }, 553 { 554 .flags = 0, 555 .tag = 0, 556 .offset = offsetof(EC_PRIVATEKEY, privateKey), 557 .field_name = "privateKey", 558 .item = &ASN1_OCTET_STRING_it, 559 }, 560 { 561 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 562 .tag = 0, 563 .offset = offsetof(EC_PRIVATEKEY, parameters), 564 .field_name = "parameters", 565 .item = &ECPKPARAMETERS_it, 566 }, 567 { 568 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 569 .tag = 1, 570 .offset = offsetof(EC_PRIVATEKEY, publicKey), 571 .field_name = "publicKey", 572 .item = &ASN1_BIT_STRING_it, 573 }, 574 }; 575 576 const ASN1_ITEM EC_PRIVATEKEY_it = { 577 .itype = ASN1_ITYPE_SEQUENCE, 578 .utype = V_ASN1_SEQUENCE, 579 .templates = EC_PRIVATEKEY_seq_tt, 580 .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE), 581 .funcs = NULL, 582 .size = sizeof(EC_PRIVATEKEY), 583 .sname = "EC_PRIVATEKEY", 584 }; 585 586 EC_PRIVATEKEY *EC_PRIVATEKEY_new(void); 587 void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a); 588 EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len); 589 int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out); 590 591 EC_PRIVATEKEY * 592 d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) 593 { 594 return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 595 &EC_PRIVATEKEY_it); 596 } 597 598 int 599 i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out) 600 { 601 return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it); 602 } 603 604 EC_PRIVATEKEY * 605 EC_PRIVATEKEY_new(void) 606 { 607 return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it); 608 } 609 610 void 611 EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) 612 { 613 ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); 614 } 615 616 /* some declarations of internal function */ 617 618 /* ec_asn1_group2fieldid() sets the values in a X9_62_FIELDID object */ 619 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 620 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 621 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 622 /* ec_asn1_parameters2group() creates a EC_GROUP object from a 623 * ECPARAMETERS object */ 624 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 625 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 626 * EC_GROUP object */ 627 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); 628 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a 629 * ECPKPARAMETERS object */ 630 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 631 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 632 * EC_GROUP object */ 633 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 634 ECPKPARAMETERS *); 635 636 /* the function definitions */ 637 638 static int 639 ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) 640 { 641 int ok = 0, nid; 642 BIGNUM *tmp = NULL; 643 644 if (group == NULL || field == NULL) 645 return 0; 646 647 /* clear the old values (if necessary) */ 648 if (field->fieldType != NULL) 649 ASN1_OBJECT_free(field->fieldType); 650 if (field->p.other != NULL) 651 ASN1_TYPE_free(field->p.other); 652 653 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 654 /* set OID for the field */ 655 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 656 ECerror(ERR_R_OBJ_LIB); 657 goto err; 658 } 659 if (nid == NID_X9_62_prime_field) { 660 if ((tmp = BN_new()) == NULL) { 661 ECerror(ERR_R_MALLOC_FAILURE); 662 goto err; 663 } 664 /* the parameters are specified by the prime number p */ 665 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { 666 ECerror(ERR_R_EC_LIB); 667 goto err; 668 } 669 /* set the prime number */ 670 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 671 if (field->p.prime == NULL) { 672 ECerror(ERR_R_ASN1_LIB); 673 goto err; 674 } 675 } else { 676 ECerror(EC_R_GF2M_NOT_SUPPORTED); 677 goto err; 678 } 679 680 ok = 1; 681 682 err: 683 BN_free(tmp); 684 return (ok); 685 } 686 687 static int 688 ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) 689 { 690 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 691 unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, 692 *b_buf = NULL; 693 size_t len_1, len_2; 694 unsigned char char_zero = 0; 695 int ok = 0; 696 697 if (!group || !curve || !curve->a || !curve->b) 698 return 0; 699 700 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 701 ECerror(ERR_R_MALLOC_FAILURE); 702 goto err; 703 } 704 705 /* get a and b */ 706 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { 707 ECerror(ERR_R_EC_LIB); 708 goto err; 709 } 710 len_1 = (size_t) BN_num_bytes(tmp_1); 711 len_2 = (size_t) BN_num_bytes(tmp_2); 712 713 if (len_1 == 0) { 714 /* len_1 == 0 => a == 0 */ 715 a_buf = &char_zero; 716 len_1 = 1; 717 } else { 718 if ((buffer_1 = malloc(len_1)) == NULL) { 719 ECerror(ERR_R_MALLOC_FAILURE); 720 goto err; 721 } 722 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 723 ECerror(ERR_R_BN_LIB); 724 goto err; 725 } 726 a_buf = buffer_1; 727 } 728 729 if (len_2 == 0) { 730 /* len_2 == 0 => b == 0 */ 731 b_buf = &char_zero; 732 len_2 = 1; 733 } else { 734 if ((buffer_2 = malloc(len_2)) == NULL) { 735 ECerror(ERR_R_MALLOC_FAILURE); 736 goto err; 737 } 738 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 739 ECerror(ERR_R_BN_LIB); 740 goto err; 741 } 742 b_buf = buffer_2; 743 } 744 745 /* set a and b */ 746 if (!ASN1_STRING_set(curve->a, a_buf, len_1) || 747 !ASN1_STRING_set(curve->b, b_buf, len_2)) { 748 ECerror(ERR_R_ASN1_LIB); 749 goto err; 750 } 751 752 ASN1_BIT_STRING_free(curve->seed); 753 curve->seed = NULL; 754 755 /* set the seed (optional) */ 756 if (group->seed != NULL) { 757 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 758 ECerror(ERR_R_MALLOC_FAILURE); 759 goto err; 760 } 761 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 762 (int) group->seed_len)) { 763 ECerror(ERR_R_ASN1_LIB); 764 goto err; 765 } 766 if (!asn1_abs_set_unused_bits(curve->seed, 0)) { 767 ECerror(ERR_R_ASN1_LIB); 768 goto err; 769 } 770 } 771 772 ok = 1; 773 774 err: 775 free(buffer_1); 776 free(buffer_2); 777 BN_free(tmp_1); 778 BN_free(tmp_2); 779 return (ok); 780 } 781 782 static ECPARAMETERS * 783 ec_asn1_group2parameters(const EC_GROUP *group, ECPARAMETERS *param) 784 { 785 int ok = 0; 786 size_t len = 0; 787 ECPARAMETERS *ret = NULL; 788 BIGNUM *tmp = NULL; 789 unsigned char *buffer = NULL; 790 const EC_POINT *point = NULL; 791 point_conversion_form_t form; 792 793 if ((tmp = BN_new()) == NULL) { 794 ECerror(ERR_R_MALLOC_FAILURE); 795 goto err; 796 } 797 if (param == NULL) { 798 if ((ret = ECPARAMETERS_new()) == NULL) { 799 ECerror(ERR_R_MALLOC_FAILURE); 800 goto err; 801 } 802 } else 803 ret = param; 804 805 /* set the version (always one) */ 806 ret->version = (long) 0x1; 807 808 /* set the fieldID */ 809 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 810 ECerror(ERR_R_EC_LIB); 811 goto err; 812 } 813 /* set the curve */ 814 if (!ec_asn1_group2curve(group, ret->curve)) { 815 ECerror(ERR_R_EC_LIB); 816 goto err; 817 } 818 /* set the base point */ 819 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 820 ECerror(EC_R_UNDEFINED_GENERATOR); 821 goto err; 822 } 823 form = EC_GROUP_get_point_conversion_form(group); 824 825 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 826 if (len == 0) { 827 ECerror(ERR_R_EC_LIB); 828 goto err; 829 } 830 if ((buffer = malloc(len)) == NULL) { 831 ECerror(ERR_R_MALLOC_FAILURE); 832 goto err; 833 } 834 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 835 ECerror(ERR_R_EC_LIB); 836 goto err; 837 } 838 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 839 ECerror(ERR_R_MALLOC_FAILURE); 840 goto err; 841 } 842 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 843 ECerror(ERR_R_ASN1_LIB); 844 goto err; 845 } 846 /* set the order */ 847 if (!EC_GROUP_get_order(group, tmp, NULL)) { 848 ECerror(ERR_R_EC_LIB); 849 goto err; 850 } 851 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 852 if (ret->order == NULL) { 853 ECerror(ERR_R_ASN1_LIB); 854 goto err; 855 } 856 /* set the cofactor (optional) */ 857 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 858 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 859 if (ret->cofactor == NULL) { 860 ECerror(ERR_R_ASN1_LIB); 861 goto err; 862 } 863 } 864 ok = 1; 865 866 err: 867 if (!ok) { 868 if (ret && !param) 869 ECPARAMETERS_free(ret); 870 ret = NULL; 871 } 872 BN_free(tmp); 873 free(buffer); 874 return (ret); 875 } 876 877 ECPKPARAMETERS * 878 ec_asn1_group2pkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) 879 { 880 int ok = 1, tmp; 881 ECPKPARAMETERS *ret = params; 882 883 if (ret == NULL) { 884 if ((ret = ECPKPARAMETERS_new()) == NULL) { 885 ECerror(ERR_R_MALLOC_FAILURE); 886 return NULL; 887 } 888 } else { 889 if (ret->type == 0 && ret->value.named_curve) 890 ASN1_OBJECT_free(ret->value.named_curve); 891 else if (ret->type == 1 && ret->value.parameters) 892 ECPARAMETERS_free(ret->value.parameters); 893 } 894 895 if (EC_GROUP_get_asn1_flag(group)) { 896 /* 897 * use the asn1 OID to describe the elliptic curve 898 * parameters 899 */ 900 tmp = EC_GROUP_get_curve_name(group); 901 if (tmp) { 902 ret->type = 0; 903 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) 904 ok = 0; 905 } else 906 /* we don't know the group => ERROR */ 907 ok = 0; 908 } else { 909 /* use the ECPARAMETERS structure */ 910 ret->type = 1; 911 if ((ret->value.parameters = ec_asn1_group2parameters(group, 912 NULL)) == NULL) 913 ok = 0; 914 } 915 916 if (!ok) { 917 ECPKPARAMETERS_free(ret); 918 return NULL; 919 } 920 return ret; 921 } 922 923 static EC_GROUP * 924 ec_asn1_parameters2group(const ECPARAMETERS *params) 925 { 926 int ok = 0, tmp; 927 EC_GROUP *ret = NULL; 928 BIGNUM *p = NULL, *a = NULL, *b = NULL; 929 EC_POINT *point = NULL; 930 long field_bits; 931 932 if (!params->fieldID || !params->fieldID->fieldType || 933 !params->fieldID->p.ptr) { 934 ECerror(EC_R_ASN1_ERROR); 935 goto err; 936 } 937 /* now extract the curve parameters a and b */ 938 if (!params->curve || !params->curve->a || 939 !params->curve->a->data || !params->curve->b || 940 !params->curve->b->data) { 941 ECerror(EC_R_ASN1_ERROR); 942 goto err; 943 } 944 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 945 if (a == NULL) { 946 ECerror(ERR_R_BN_LIB); 947 goto err; 948 } 949 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 950 if (b == NULL) { 951 ECerror(ERR_R_BN_LIB); 952 goto err; 953 } 954 /* get the field parameters */ 955 tmp = OBJ_obj2nid(params->fieldID->fieldType); 956 if (tmp == NID_X9_62_characteristic_two_field) { 957 ECerror(EC_R_GF2M_NOT_SUPPORTED); 958 goto err; 959 } else if (tmp == NID_X9_62_prime_field) { 960 /* we have a curve over a prime field */ 961 /* extract the prime number */ 962 if (!params->fieldID->p.prime) { 963 ECerror(EC_R_ASN1_ERROR); 964 goto err; 965 } 966 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 967 if (p == NULL) { 968 ECerror(ERR_R_ASN1_LIB); 969 goto err; 970 } 971 if (BN_is_negative(p) || BN_is_zero(p)) { 972 ECerror(EC_R_INVALID_FIELD); 973 goto err; 974 } 975 field_bits = BN_num_bits(p); 976 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 977 ECerror(EC_R_FIELD_TOO_LARGE); 978 goto err; 979 } 980 /* create the EC_GROUP structure */ 981 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 982 } else { 983 ECerror(EC_R_INVALID_FIELD); 984 goto err; 985 } 986 987 if (ret == NULL) { 988 ECerror(ERR_R_EC_LIB); 989 goto err; 990 } 991 /* extract seed (optional) */ 992 if (params->curve->seed != NULL) { 993 free(ret->seed); 994 if (!(ret->seed = malloc(params->curve->seed->length))) { 995 ECerror(ERR_R_MALLOC_FAILURE); 996 goto err; 997 } 998 memcpy(ret->seed, params->curve->seed->data, 999 params->curve->seed->length); 1000 ret->seed_len = params->curve->seed->length; 1001 } 1002 if (!params->order || !params->base || !params->base->data) { 1003 ECerror(EC_R_ASN1_ERROR); 1004 goto err; 1005 } 1006 if ((point = EC_POINT_new(ret)) == NULL) 1007 goto err; 1008 1009 /* set the point conversion form */ 1010 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 1011 (params->base->data[0] & ~0x01)); 1012 1013 /* extract the ec point */ 1014 if (!EC_POINT_oct2point(ret, point, params->base->data, 1015 params->base->length, NULL)) { 1016 ECerror(ERR_R_EC_LIB); 1017 goto err; 1018 } 1019 /* extract the order */ 1020 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 1021 ECerror(ERR_R_ASN1_LIB); 1022 goto err; 1023 } 1024 if (BN_is_negative(a) || BN_is_zero(a)) { 1025 ECerror(EC_R_INVALID_GROUP_ORDER); 1026 goto err; 1027 } 1028 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ 1029 ECerror(EC_R_INVALID_GROUP_ORDER); 1030 goto err; 1031 } 1032 /* extract the cofactor (optional) */ 1033 if (params->cofactor == NULL) { 1034 BN_free(b); 1035 b = NULL; 1036 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 1037 ECerror(ERR_R_ASN1_LIB); 1038 goto err; 1039 } 1040 /* set the generator, order and cofactor (if present) */ 1041 if (!EC_GROUP_set_generator(ret, point, a, b)) { 1042 ECerror(ERR_R_EC_LIB); 1043 goto err; 1044 } 1045 ok = 1; 1046 1047 err: 1048 if (!ok) { 1049 EC_GROUP_free(ret); 1050 ret = NULL; 1051 } 1052 BN_free(p); 1053 BN_free(a); 1054 BN_free(b); 1055 EC_POINT_free(point); 1056 return (ret); 1057 } 1058 1059 EC_GROUP * 1060 ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) 1061 { 1062 EC_GROUP *ret = NULL; 1063 int tmp = 0; 1064 1065 if (params == NULL) { 1066 ECerror(EC_R_MISSING_PARAMETERS); 1067 return NULL; 1068 } 1069 if (params->type == 0) {/* the curve is given by an OID */ 1070 tmp = OBJ_obj2nid(params->value.named_curve); 1071 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 1072 ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 1073 return NULL; 1074 } 1075 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1076 } else if (params->type == 1) { /* the parameters are given by a 1077 * ECPARAMETERS structure */ 1078 ret = ec_asn1_parameters2group(params->value.parameters); 1079 if (!ret) { 1080 ECerror(ERR_R_EC_LIB); 1081 return NULL; 1082 } 1083 EC_GROUP_set_asn1_flag(ret, 0x0); 1084 } else if (params->type == 2) { /* implicitlyCA */ 1085 return NULL; 1086 } else { 1087 ECerror(EC_R_ASN1_ERROR); 1088 return NULL; 1089 } 1090 1091 return ret; 1092 } 1093 1094 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 1095 1096 EC_GROUP * 1097 d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) 1098 { 1099 EC_GROUP *group = NULL; 1100 ECPKPARAMETERS *params; 1101 1102 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { 1103 ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE); 1104 goto err; 1105 } 1106 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1107 ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE); 1108 goto err; 1109 } 1110 1111 if (a != NULL) { 1112 EC_GROUP_free(*a); 1113 *a = group; 1114 } 1115 1116 err: 1117 ECPKPARAMETERS_free(params); 1118 return (group); 1119 } 1120 1121 int 1122 i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) 1123 { 1124 int ret = 0; 1125 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1126 if (tmp == NULL) { 1127 ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE); 1128 return 0; 1129 } 1130 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1131 ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE); 1132 ECPKPARAMETERS_free(tmp); 1133 return 0; 1134 } 1135 ECPKPARAMETERS_free(tmp); 1136 return (ret); 1137 } 1138 1139 /* some EC_KEY functions */ 1140 1141 EC_KEY * 1142 d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) 1143 { 1144 EC_KEY *ret = NULL; 1145 EC_PRIVATEKEY *priv_key = NULL; 1146 1147 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { 1148 ECerror(ERR_R_EC_LIB); 1149 return NULL; 1150 } 1151 if (a == NULL || *a == NULL) { 1152 if ((ret = EC_KEY_new()) == NULL) { 1153 ECerror(ERR_R_MALLOC_FAILURE); 1154 goto err; 1155 } 1156 } else 1157 ret = *a; 1158 1159 if (priv_key->parameters) { 1160 EC_GROUP_free(ret->group); 1161 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1162 } 1163 if (ret->group == NULL) { 1164 ECerror(ERR_R_EC_LIB); 1165 goto err; 1166 } 1167 ret->version = priv_key->version; 1168 1169 if (priv_key->privateKey) { 1170 ret->priv_key = BN_bin2bn( 1171 ASN1_STRING_data(priv_key->privateKey), 1172 ASN1_STRING_length(priv_key->privateKey), 1173 ret->priv_key); 1174 if (ret->priv_key == NULL) { 1175 ECerror(ERR_R_BN_LIB); 1176 goto err; 1177 } 1178 } else { 1179 ECerror(EC_R_MISSING_PRIVATE_KEY); 1180 goto err; 1181 } 1182 1183 if (ret->pub_key) 1184 EC_POINT_free(ret->pub_key); 1185 ret->pub_key = EC_POINT_new(ret->group); 1186 if (ret->pub_key == NULL) { 1187 ECerror(ERR_R_EC_LIB); 1188 goto err; 1189 } 1190 1191 if (priv_key->publicKey) { 1192 const unsigned char *pub_oct; 1193 size_t pub_oct_len; 1194 1195 pub_oct = ASN1_STRING_data(priv_key->publicKey); 1196 pub_oct_len = ASN1_STRING_length(priv_key->publicKey); 1197 if (pub_oct == NULL || pub_oct_len <= 0) { 1198 ECerror(EC_R_BUFFER_TOO_SMALL); 1199 goto err; 1200 } 1201 1202 /* save the point conversion form */ 1203 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1204 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1205 pub_oct, pub_oct_len, NULL)) { 1206 ECerror(ERR_R_EC_LIB); 1207 goto err; 1208 } 1209 } else { 1210 if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, 1211 NULL, NULL, NULL)) { 1212 ECerror(ERR_R_EC_LIB); 1213 goto err; 1214 } 1215 /* Remember the original private-key-only encoding. */ 1216 ret->enc_flag |= EC_PKEY_NO_PUBKEY; 1217 } 1218 1219 EC_PRIVATEKEY_free(priv_key); 1220 if (a != NULL) 1221 *a = ret; 1222 return (ret); 1223 1224 err: 1225 if (a == NULL || *a != ret) 1226 EC_KEY_free(ret); 1227 if (priv_key) 1228 EC_PRIVATEKEY_free(priv_key); 1229 1230 return (NULL); 1231 } 1232 1233 int 1234 i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) 1235 { 1236 int ret = 0, ok = 0; 1237 unsigned char *buffer = NULL; 1238 size_t buf_len = 0, tmp_len; 1239 EC_PRIVATEKEY *priv_key = NULL; 1240 1241 if (a == NULL || a->group == NULL || a->priv_key == NULL || 1242 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { 1243 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1244 goto err; 1245 } 1246 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1247 ECerror(ERR_R_MALLOC_FAILURE); 1248 goto err; 1249 } 1250 priv_key->version = a->version; 1251 1252 buf_len = (size_t) BN_num_bytes(a->priv_key); 1253 buffer = malloc(buf_len); 1254 if (buffer == NULL) { 1255 ECerror(ERR_R_MALLOC_FAILURE); 1256 goto err; 1257 } 1258 if (!BN_bn2bin(a->priv_key, buffer)) { 1259 ECerror(ERR_R_BN_LIB); 1260 goto err; 1261 } 1262 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1263 ECerror(ERR_R_ASN1_LIB); 1264 goto err; 1265 } 1266 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1267 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1268 a->group, priv_key->parameters)) == NULL) { 1269 ECerror(ERR_R_EC_LIB); 1270 goto err; 1271 } 1272 } 1273 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { 1274 priv_key->publicKey = ASN1_BIT_STRING_new(); 1275 if (priv_key->publicKey == NULL) { 1276 ECerror(ERR_R_MALLOC_FAILURE); 1277 goto err; 1278 } 1279 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1280 a->conv_form, NULL, 0, NULL); 1281 1282 if (tmp_len > buf_len) { 1283 unsigned char *tmp_buffer = realloc(buffer, tmp_len); 1284 if (!tmp_buffer) { 1285 ECerror(ERR_R_MALLOC_FAILURE); 1286 goto err; 1287 } 1288 buffer = tmp_buffer; 1289 buf_len = tmp_len; 1290 } 1291 if (!EC_POINT_point2oct(a->group, a->pub_key, 1292 a->conv_form, buffer, buf_len, NULL)) { 1293 ECerror(ERR_R_EC_LIB); 1294 goto err; 1295 } 1296 if (!ASN1_STRING_set(priv_key->publicKey, buffer, buf_len)) { 1297 ECerror(ERR_R_ASN1_LIB); 1298 goto err; 1299 } 1300 if (!asn1_abs_set_unused_bits(priv_key->publicKey, 0)) { 1301 ECerror(ERR_R_ASN1_LIB); 1302 goto err; 1303 } 1304 } 1305 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1306 ECerror(ERR_R_EC_LIB); 1307 goto err; 1308 } 1309 ok = 1; 1310 err: 1311 free(buffer); 1312 if (priv_key) 1313 EC_PRIVATEKEY_free(priv_key); 1314 return (ok ? ret : 0); 1315 } 1316 1317 int 1318 i2d_ECParameters(EC_KEY *a, unsigned char **out) 1319 { 1320 if (a == NULL) { 1321 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1322 return 0; 1323 } 1324 return i2d_ECPKParameters(a->group, out); 1325 } 1326 1327 EC_KEY * 1328 d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) 1329 { 1330 EC_KEY *ret; 1331 1332 if (in == NULL || *in == NULL) { 1333 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1334 return NULL; 1335 } 1336 if (a == NULL || *a == NULL) { 1337 if ((ret = EC_KEY_new()) == NULL) { 1338 ECerror(ERR_R_MALLOC_FAILURE); 1339 return NULL; 1340 } 1341 } else 1342 ret = *a; 1343 1344 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1345 ECerror(ERR_R_EC_LIB); 1346 if (a == NULL || *a != ret) 1347 EC_KEY_free(ret); 1348 return NULL; 1349 } 1350 1351 if (a != NULL) 1352 *a = ret; 1353 return ret; 1354 } 1355 1356 EC_KEY * 1357 o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) 1358 { 1359 EC_KEY *ret = NULL; 1360 1361 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1362 /* An EC_GROUP structure is necessary to set the public key. */ 1363 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1364 return 0; 1365 } 1366 ret = *a; 1367 if (ret->pub_key == NULL && 1368 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1369 ECerror(ERR_R_MALLOC_FAILURE); 1370 return 0; 1371 } 1372 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1373 ECerror(ERR_R_EC_LIB); 1374 return 0; 1375 } 1376 /* save the point conversion form */ 1377 ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); 1378 *in += len; 1379 return ret; 1380 } 1381 1382 int 1383 i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) 1384 { 1385 size_t buf_len = 0; 1386 int new_buffer = 0; 1387 1388 if (a == NULL) { 1389 ECerror(ERR_R_PASSED_NULL_PARAMETER); 1390 return 0; 1391 } 1392 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1393 a->conv_form, NULL, 0, NULL); 1394 1395 if (out == NULL || buf_len == 0) 1396 /* out == NULL => just return the length of the octet string */ 1397 return buf_len; 1398 1399 if (*out == NULL) { 1400 if ((*out = malloc(buf_len)) == NULL) { 1401 ECerror(ERR_R_MALLOC_FAILURE); 1402 return 0; 1403 } 1404 new_buffer = 1; 1405 } 1406 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1407 *out, buf_len, NULL)) { 1408 ECerror(ERR_R_EC_LIB); 1409 if (new_buffer) { 1410 free(*out); 1411 *out = NULL; 1412 } 1413 return 0; 1414 } 1415 if (!new_buffer) 1416 *out += buf_len; 1417 return buf_len; 1418 } 1419