1 /* crypto/ec/ec_asn1.c */
3 * Written by Nils Larsch for the OpenSSL project.
5 /* ====================================================================
6 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
61 #include <openssl/err.h>
62 #include <openssl/asn1t.h>
63 #include <openssl/objects.h>
66 int EC_GROUP_get_basis_type(const EC_GROUP
*group
)
70 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group
)) !=
71 NID_X9_62_characteristic_two_field
)
72 /* everything else is currently not supported */
75 while (group
->poly
[i
] != 0)
79 return NID_X9_62_ppBasis
;
81 return NID_X9_62_tpBasis
;
83 /* everything else is currently not supported */
87 int EC_GROUP_get_trinomial_basis(const EC_GROUP
*group
, unsigned int *k
)
92 if (EC_GROUP_method_of(group
)->group_set_curve
!= ec_GF2m_simple_group_set_curve
93 || !((group
->poly
[0] != 0) && (group
->poly
[1] != 0) && (group
->poly
[2] == 0)))
95 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
105 int EC_GROUP_get_pentanomial_basis(const EC_GROUP
*group
, unsigned int *k1
,
106 unsigned int *k2
, unsigned int *k3
)
111 if (EC_GROUP_method_of(group
)->group_set_curve
!= ec_GF2m_simple_group_set_curve
112 || !((group
->poly
[0] != 0) && (group
->poly
[1] != 0) && (group
->poly
[2] != 0) && (group
->poly
[3] != 0) && (group
->poly
[4] == 0)))
114 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
119 *k1
= group
->poly
[3];
121 *k2
= group
->poly
[2];
123 *k3
= group
->poly
[1];
130 /* some structures needed for the asn1 encoding */
131 typedef struct x9_62_fieldid_st
{
132 ASN1_OBJECT
*fieldType
;
133 ASN1_TYPE
*parameters
;
136 typedef struct x9_62_characteristic_two_st
{
139 ASN1_TYPE
*parameters
;
140 } X9_62_CHARACTERISTIC_TWO
;
142 typedef struct x9_62_pentanomial_st
{
148 typedef struct x9_62_curve_st
{
149 ASN1_OCTET_STRING
*a
;
150 ASN1_OCTET_STRING
*b
;
151 ASN1_BIT_STRING
*seed
;
154 typedef struct ec_parameters_st
{
156 X9_62_FIELDID
*fieldID
;
158 ASN1_OCTET_STRING
*base
;
160 ASN1_INTEGER
*cofactor
;
163 struct ecpk_parameters_st
{
166 ASN1_OBJECT
*named_curve
;
167 ECPARAMETERS
*parameters
;
168 ASN1_NULL
*implicitlyCA
;
170 }/* ECPKPARAMETERS */;
172 /* SEC1 ECPrivateKey */
173 typedef struct ec_privatekey_st
{
175 ASN1_OCTET_STRING
*privateKey
;
176 ECPKPARAMETERS
*parameters
;
177 ASN1_BIT_STRING
*publicKey
;
180 /* the OpenSSL asn1 definitions */
182 ASN1_SEQUENCE(X9_62_FIELDID
) = {
183 ASN1_SIMPLE(X9_62_FIELDID
, fieldType
, ASN1_OBJECT
),
184 ASN1_SIMPLE(X9_62_FIELDID
, parameters
, ASN1_ANY
)
185 } ASN1_SEQUENCE_END(X9_62_FIELDID
)
187 DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID
)
188 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID
, X9_62_FIELDID
)
189 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID
)
191 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO
) = {
192 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO
, m
, LONG
),
193 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO
, basis
, ASN1_OBJECT
),
194 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO
, parameters
, ASN1_ANY
)
195 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO
)
197 DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO
)
198 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO
, X9_62_CHARACTERISTIC_TWO
)
199 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO
)
201 ASN1_SEQUENCE(X9_62_PENTANOMIAL
) = {
202 ASN1_SIMPLE(X9_62_PENTANOMIAL
, k1
, LONG
),
203 ASN1_SIMPLE(X9_62_PENTANOMIAL
, k2
, LONG
),
204 ASN1_SIMPLE(X9_62_PENTANOMIAL
, k3
, LONG
)
205 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL
)
207 DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL
)
208 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL
, X9_62_PENTANOMIAL
)
209 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL
)
211 ASN1_SEQUENCE(X9_62_CURVE
) = {
212 ASN1_SIMPLE(X9_62_CURVE
, a
, ASN1_OCTET_STRING
),
213 ASN1_SIMPLE(X9_62_CURVE
, b
, ASN1_OCTET_STRING
),
214 ASN1_OPT(X9_62_CURVE
, seed
, ASN1_BIT_STRING
)
215 } ASN1_SEQUENCE_END(X9_62_CURVE
)
217 DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE
)
218 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE
, X9_62_CURVE
)
219 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE
)
221 ASN1_SEQUENCE(ECPARAMETERS
) = {
222 ASN1_SIMPLE(ECPARAMETERS
, version
, LONG
),
223 ASN1_SIMPLE(ECPARAMETERS
, fieldID
, X9_62_FIELDID
),
224 ASN1_SIMPLE(ECPARAMETERS
, curve
, X9_62_CURVE
),
225 ASN1_SIMPLE(ECPARAMETERS
, base
, ASN1_OCTET_STRING
),
226 ASN1_SIMPLE(ECPARAMETERS
, order
, ASN1_INTEGER
),
227 ASN1_SIMPLE(ECPARAMETERS
, cofactor
, ASN1_INTEGER
)
228 } ASN1_SEQUENCE_END(ECPARAMETERS
)
230 DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS
)
231 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS
, ECPARAMETERS
)
232 IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS
)
234 ASN1_CHOICE(ECPKPARAMETERS
) = {
235 ASN1_SIMPLE(ECPKPARAMETERS
, value
.named_curve
, ASN1_OBJECT
),
236 ASN1_SIMPLE(ECPKPARAMETERS
, value
.parameters
, ECPARAMETERS
),
237 ASN1_SIMPLE(ECPKPARAMETERS
, value
.implicitlyCA
, ASN1_NULL
)
238 } ASN1_CHOICE_END(ECPKPARAMETERS
)
240 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS
)
241 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS
, ECPKPARAMETERS
)
242 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS
)
244 ASN1_SEQUENCE(EC_PRIVATEKEY
) = {
245 ASN1_SIMPLE(EC_PRIVATEKEY
, version
, LONG
),
246 ASN1_SIMPLE(EC_PRIVATEKEY
, privateKey
, ASN1_OCTET_STRING
),
247 ASN1_EXP_OPT(EC_PRIVATEKEY
, parameters
, ECPKPARAMETERS
, 0),
248 ASN1_EXP_OPT(EC_PRIVATEKEY
, publicKey
, ASN1_BIT_STRING
, 1)
249 } ASN1_SEQUENCE_END(EC_PRIVATEKEY
)
251 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY
)
252 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY
, EC_PRIVATEKEY
)
253 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY
)
255 /* some declarations of internal function */
257 /* ec_asn1_group2field() creates a X9_62_FIELDID object from a
259 static X9_62_FIELDID
*ec_asn1_group2field(const EC_GROUP
*, X9_62_FIELDID
*);
260 /* ec_asn1_group2curve() creates a X9_62_CURVE object from a
262 static X9_62_CURVE
*ec_asn1_group2curve(const EC_GROUP
*, X9_62_CURVE
*);
263 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
264 * ECPARAMETERS object */
265 static EC_GROUP
*ec_asn1_parameters2group(const ECPARAMETERS
*);
266 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
268 static ECPARAMETERS
*ec_asn1_group2parameters(const EC_GROUP
*,ECPARAMETERS
*);
269 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
270 * ECPKPARAMETERS object */
271 static EC_GROUP
*ec_asn1_pkparameters2group(const ECPKPARAMETERS
*);
272 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
274 static ECPKPARAMETERS
*ec_asn1_group2pkparameters(const EC_GROUP
*,
278 /* the function definitions */
280 static X9_62_FIELDID
*ec_asn1_group2field(const EC_GROUP
*group
,
281 X9_62_FIELDID
*field
)
284 X9_62_FIELDID
*ret
= NULL
;
285 X9_62_CHARACTERISTIC_TWO
*char_two
= NULL
;
286 X9_62_PENTANOMIAL
*penta
= NULL
;
288 unsigned char *buffer
= NULL
;
294 if ((ret
= X9_62_FIELDID_new()) == NULL
)
296 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
303 /* clear the old values */
304 if (ret
->fieldType
!= NULL
)
305 ASN1_OBJECT_free(ret
->fieldType
);
306 if (ret
->parameters
!= NULL
)
307 ASN1_TYPE_free(ret
->parameters
);
310 nid
= EC_METHOD_get_field_type(EC_GROUP_method_of(group
));
311 /* set OID for the field */
312 if ((ret
->fieldType
= OBJ_nid2obj(nid
)) == NULL
)
314 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_OBJ_LIB
);
318 if ((ret
->parameters
= ASN1_TYPE_new()) == NULL
)
320 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
324 if (nid
== NID_X9_62_prime_field
)
326 if ((tmp
= BN_new()) == NULL
)
328 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
331 /* the parameters are specified by the prime number p */
332 ret
->parameters
->type
= V_ASN1_INTEGER
;
333 if (!EC_GROUP_get_curve_GFp(group
, tmp
, NULL
, NULL
, NULL
))
335 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_EC_LIB
);
338 /* set the prime number */
339 ret
->parameters
->value
.integer
= BN_to_ASN1_INTEGER(tmp
, NULL
);
340 if (ret
->parameters
->value
.integer
== NULL
)
342 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_ASN1_LIB
);
346 else /* nid == NID_X9_62_characteristic_two_field */
350 char_two
= X9_62_CHARACTERISTIC_TWO_new();
351 if (char_two
== NULL
)
353 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
357 char_two
->m
= (long)EC_GROUP_get_degree(group
);
359 field_type
= EC_GROUP_get_basis_type(group
);
363 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_EC_LIB
);
366 /* set base type OID */
367 if ((char_two
->basis
= OBJ_nid2obj(field_type
)) == NULL
)
369 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_OBJ_LIB
);
373 if (field_type
== NID_X9_62_tpBasis
)
377 if (!EC_GROUP_get_trinomial_basis(group
, &k
))
380 char_two
->parameters
->type
= V_ASN1_INTEGER
;
381 char_two
->parameters
->value
.integer
=
383 if (char_two
->parameters
->value
.integer
== NULL
)
385 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
,
389 if (!ASN1_INTEGER_set(char_two
->parameters
->value
.integer
, (long)k
))
391 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
,
396 else if (field_type
== NID_X9_62_ppBasis
)
398 unsigned int k1
, k2
, k3
;
400 if (!EC_GROUP_get_pentanomial_basis(group
, &k1
, &k2
, &k3
))
403 penta
= X9_62_PENTANOMIAL_new();
405 penta
->k1
= (long)k1
;
406 penta
->k2
= (long)k2
;
407 penta
->k3
= (long)k3
;
408 /* get the length of the encoded structure */
409 buf_len
= i2d_X9_62_PENTANOMIAL(penta
, NULL
);
410 if ((buffer
= OPENSSL_malloc(buf_len
)) == NULL
)
412 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
,
413 ERR_R_MALLOC_FAILURE
);
417 i2d_X9_62_PENTANOMIAL(penta
, &pp
);
418 /* set the encoded pentanomial */
419 char_two
->parameters
->type
=V_ASN1_SEQUENCE
;
420 char_two
->parameters
->value
.sequence
=ASN1_STRING_new();
421 ASN1_STRING_set(char_two
->parameters
->value
.sequence
,
424 OPENSSL_free(buffer
);
427 else /* field_type == NID_X9_62_onBasis */
429 /* for ONB the parameters are (asn1) NULL */
430 char_two
->parameters
->type
= V_ASN1_NULL
;
432 /* encoded the X9_62_CHARACTERISTIC_TWO structure */
433 buf_len
= i2d_X9_62_CHARACTERISTIC_TWO(char_two
, NULL
);
435 if ((buffer
= OPENSSL_malloc(buf_len
)) == NULL
)
437 ECerr(EC_F_EC_ASN1_GROUP2FIELDID
, ERR_R_MALLOC_FAILURE
);
441 i2d_X9_62_CHARACTERISTIC_TWO(char_two
, &pp
);
442 /* set the encoded parameters */
443 ret
->parameters
->type
= V_ASN1_SEQUENCE
;
444 ret
->parameters
->value
.sequence
= ASN1_STRING_new();
445 ASN1_STRING_set(ret
->parameters
->value
.sequence
,
454 X9_62_FIELDID_free(ret
);
460 X9_62_CHARACTERISTIC_TWO_free(char_two
);
462 X9_62_PENTANOMIAL_free(penta
);
464 OPENSSL_free(buffer
);
468 static X9_62_CURVE
*ec_asn1_group2curve(const EC_GROUP
*group
,
472 X9_62_CURVE
*ret
=NULL
;
475 unsigned char *buffer_1
=NULL
,
480 unsigned char char_zero
= 0;
482 if ((tmp_1
= BN_new()) == NULL
|| (tmp_2
= BN_new()) == NULL
)
484 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_MALLOC_FAILURE
);
490 if ((ret
= X9_62_CURVE_new()) == NULL
)
492 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_MALLOC_FAILURE
);
500 ASN1_OCTET_STRING_free(ret
->a
);
502 ASN1_OCTET_STRING_free(ret
->b
);
504 ASN1_BIT_STRING_free(ret
->seed
);
507 nid
= EC_METHOD_get_field_type(EC_GROUP_method_of(group
));
510 if (nid
== NID_X9_62_prime_field
)
512 if (!EC_GROUP_get_curve_GFp(group
, NULL
, tmp_1
, tmp_2
, NULL
))
514 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_EC_LIB
);
518 else /* nid == NID_X9_62_characteristic_two_field */
520 if (!EC_GROUP_get_curve_GF2m(group
, NULL
, tmp_1
, tmp_2
, NULL
))
522 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_EC_LIB
);
527 len_1
= (size_t)BN_num_bytes(tmp_1
);
528 len_2
= (size_t)BN_num_bytes(tmp_2
);
532 /* len_1 == 0 => a == 0 */
538 if ((buffer_1
= OPENSSL_malloc(len_1
)) == NULL
)
540 ECerr(EC_F_EC_ASN1_GROUP2CURVE
,
541 ERR_R_MALLOC_FAILURE
);
544 if ( (len_1
= BN_bn2bin(tmp_1
, buffer_1
)) == 0)
546 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_BN_LIB
);
554 /* len_2 == 0 => b == 0 */
560 if ((buffer_2
= OPENSSL_malloc(len_2
)) == NULL
)
562 ECerr(EC_F_EC_ASN1_GROUP2CURVE
,
563 ERR_R_MALLOC_FAILURE
);
566 if ( (len_2
= BN_bn2bin(tmp_2
, buffer_2
)) == 0)
568 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_BN_LIB
);
575 if ((ret
->a
= M_ASN1_OCTET_STRING_new()) == NULL
||
576 (ret
->b
= M_ASN1_OCTET_STRING_new()) == NULL
)
578 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_MALLOC_FAILURE
);
581 if (!M_ASN1_OCTET_STRING_set(ret
->a
, a_buf
, len_1
) ||
582 !M_ASN1_OCTET_STRING_set(ret
->b
, b_buf
, len_2
))
584 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_ASN1_LIB
);
588 /* set the seed (optional) */
591 if ((ret
->seed
= ASN1_BIT_STRING_new()) == NULL
) goto err
;
592 if (!ASN1_BIT_STRING_set(ret
->seed
, group
->seed
,
593 (int)group
->seed_len
))
595 ECerr(EC_F_EC_ASN1_GROUP2CURVE
, ERR_R_ASN1_LIB
);
607 X9_62_CURVE_free(ret
);
611 OPENSSL_free(buffer_1
);
613 OPENSSL_free(buffer_2
);
621 static ECPARAMETERS
*ec_asn1_group2parameters(const EC_GROUP
*group
,
626 ECPARAMETERS
*ret
=NULL
;
628 unsigned char *buffer
=NULL
;
629 const EC_POINT
*point
=NULL
;
630 point_conversion_form_t form
;
632 if ((tmp
= BN_new()) == NULL
)
634 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
640 if ((ret
= ECPARAMETERS_new()) == NULL
)
642 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
,
643 ERR_R_MALLOC_FAILURE
);
650 /* set the version (always one) */
651 ret
->version
= (long)0x1;
653 /* set the fieldID */
654 ret
->fieldID
= ec_asn1_group2field(group
, ret
->fieldID
);
655 if (ret
->fieldID
== NULL
)
657 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
662 ret
->curve
= ec_asn1_group2curve(group
, ret
->curve
);
663 if (ret
->curve
== NULL
)
665 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
669 /* set the base point */
670 if ((point
= EC_GROUP_get0_generator(group
)) == NULL
)
672 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, EC_R_UNDEFINED_GENERATOR
);
676 form
= EC_GROUP_get_point_conversion_form(group
);
678 len
= EC_POINT_point2oct(group
, point
, form
, NULL
, len
, NULL
);
681 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
684 if ((buffer
= OPENSSL_malloc(len
)) == NULL
)
686 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
689 if (!EC_POINT_point2oct(group
, point
, form
, buffer
, len
, NULL
))
691 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
694 if (ret
->base
== NULL
&& (ret
->base
= ASN1_OCTET_STRING_new()) == NULL
)
696 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_MALLOC_FAILURE
);
699 if (!ASN1_OCTET_STRING_set(ret
->base
, buffer
, len
))
701 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
706 if (!EC_GROUP_get_order(group
, tmp
, NULL
))
708 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
711 ret
->order
= BN_to_ASN1_INTEGER(tmp
, ret
->order
);
712 if (ret
->order
== NULL
)
714 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
718 /* set the cofactor */
719 if (!EC_GROUP_get_cofactor(group
, tmp
, NULL
))
721 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_EC_LIB
);
724 ret
->cofactor
= BN_to_ASN1_INTEGER(tmp
, ret
->cofactor
);
725 if (ret
->cofactor
== NULL
)
727 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS
, ERR_R_ASN1_LIB
);
736 ECPARAMETERS_free(ret
);
742 OPENSSL_free(buffer
);
746 ECPKPARAMETERS
*ec_asn1_group2pkparameters(const EC_GROUP
*group
,
747 ECPKPARAMETERS
*params
)
750 ECPKPARAMETERS
*ret
= params
;
754 if ((ret
= ECPKPARAMETERS_new()) == NULL
)
756 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS
,
757 ERR_R_MALLOC_FAILURE
);
763 if (ret
->type
== 0 && ret
->value
.named_curve
)
764 ASN1_OBJECT_free(ret
->value
.named_curve
);
765 else if (ret
->type
== 1 && ret
->value
.parameters
)
766 ECPARAMETERS_free(ret
->value
.parameters
);
769 if (EC_GROUP_get_asn1_flag(group
))
771 /* use the asn1 OID to describe the
772 * the elliptic curve parameters
774 tmp
= EC_GROUP_get_nid(group
);
778 if ((ret
->value
.named_curve
= OBJ_nid2obj(tmp
)) == NULL
)
782 /* we don't kmow the nid => ERROR */
787 /* use the ECPARAMETERS structure */
789 if ((ret
->value
.parameters
= ec_asn1_group2parameters(
790 group
, NULL
)) == NULL
)
796 ECPKPARAMETERS_free(ret
);
802 static EC_GROUP
*ec_asn1_parameters2group(const ECPARAMETERS
*params
)
805 EC_GROUP
*ret
= NULL
;
806 BIGNUM
*p
= NULL
, *a
= NULL
, *b
= NULL
;
807 EC_POINT
*point
=NULL
;
808 X9_62_CHARACTERISTIC_TWO
*char_two
= NULL
;
809 X9_62_PENTANOMIAL
*penta
= NULL
;
812 if (!params
->fieldID
|| !params
->fieldID
->fieldType
||
813 !params
->fieldID
->parameters
)
815 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
819 /* now extract the curve parameters a and b */
820 if (!params
->curve
|| !params
->curve
->a
||
821 !params
->curve
->a
->data
|| !params
->curve
->b
||
822 !params
->curve
->b
->data
)
824 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
827 a
= BN_bin2bn(params
->curve
->a
->data
, params
->curve
->a
->length
, NULL
);
830 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_BN_LIB
);
833 b
= BN_bin2bn(params
->curve
->b
->data
, params
->curve
->b
->length
, NULL
);
836 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_BN_LIB
);
840 /* get the field parameters */
841 tmp
= OBJ_obj2nid(params
->fieldID
->fieldType
);
843 if (tmp
== NID_X9_62_characteristic_two_field
)
845 ASN1_TYPE
*parameters
= params
->fieldID
->parameters
;
847 if (parameters
->type
!= V_ASN1_SEQUENCE
)
849 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
853 if ((p
= BN_new()) == NULL
)
855 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
856 ERR_R_MALLOC_FAILURE
);
860 /* extract the X9_62_CHARACTERISTIC_TWO object */
861 pp
= M_ASN1_STRING_data(parameters
->value
.sequence
);
862 char_two
= d2i_X9_62_CHARACTERISTIC_TWO(NULL
,
863 (const unsigned char **) &pp
,
864 M_ASN1_STRING_length(parameters
->value
.sequence
));
865 if (char_two
== NULL
)
867 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
870 /* get the base type */
871 tmp
= OBJ_obj2nid(char_two
->basis
);
873 if (tmp
== NID_X9_62_tpBasis
)
877 if (char_two
->parameters
->type
!= V_ASN1_INTEGER
||
878 char_two
->parameters
->value
.integer
== NULL
)
880 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
885 tmp_long
= ASN1_INTEGER_get(char_two
->parameters
->value
.integer
);
886 /* create the polynomial */
887 if (!BN_set_bit(p
, (int)char_two
->m
)) goto err
;
888 if (!BN_set_bit(p
, (int)tmp_long
)) goto err
;
889 if (!BN_set_bit(p
, 0)) goto err
;
891 else if (tmp
== NID_X9_62_ppBasis
)
893 if (char_two
->parameters
->type
!= V_ASN1_SEQUENCE
||
894 char_two
->parameters
->value
.sequence
== NULL
)
896 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
900 /* extract the pentanomial data */
901 pp
= M_ASN1_STRING_data(
902 char_two
->parameters
->value
.sequence
);
903 penta
= d2i_X9_62_PENTANOMIAL(NULL
,
904 (const unsigned char **) &pp
,
905 M_ASN1_STRING_length(
906 char_two
->parameters
->value
.sequence
));
909 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
913 /* create the polynomial */
914 if (!BN_set_bit(p
, (int)char_two
->m
)) goto err
;
915 if (!BN_set_bit(p
, (int)penta
->k1
)) goto err
;
916 if (!BN_set_bit(p
, (int)penta
->k2
)) goto err
;
917 if (!BN_set_bit(p
, (int)penta
->k3
)) goto err
;
918 if (!BN_set_bit(p
, 0)) goto err
;
920 else if (tmp
== NID_X9_62_onBasis
)
922 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
923 EC_R_NOT_IMPLEMENTED
);
928 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
932 /* create the EC_GROUP structure */
933 ret
= EC_GROUP_new_curve_GF2m(p
, a
, b
, NULL
);
936 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
940 else if (tmp
== NID_X9_62_prime_field
)
942 /* we have a curve over a prime field */
943 /* extract the prime number */
944 if (params
->fieldID
->parameters
->type
!= V_ASN1_INTEGER
||
945 !params
->fieldID
->parameters
->value
.integer
)
947 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
950 p
= ASN1_INTEGER_to_BN(params
->fieldID
->parameters
->value
.integer
, NULL
);
953 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
956 /* create the EC_GROUP structure */
957 ret
= EC_GROUP_new_curve_GFp(p
, a
, b
, NULL
);
960 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
965 /* extract seed (optional) */
966 if (params
->curve
->seed
!= NULL
)
968 if (ret
->seed
!= NULL
)
969 OPENSSL_free(ret
->seed
);
970 if (!(ret
->seed
= OPENSSL_malloc(params
->curve
->seed
->length
)))
972 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
,
973 ERR_R_MALLOC_FAILURE
);
976 memcpy(ret
->seed
, params
->curve
->seed
->data
,
977 params
->curve
->seed
->length
);
978 ret
->seed_len
= params
->curve
->seed
->length
;
981 /* extract the order, cofactor and generator */
982 if (!params
->order
|| !params
->cofactor
|| !params
->base
||
985 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
989 if ((point
= EC_POINT_new(ret
)) == NULL
) goto err
;
991 a
= ASN1_INTEGER_to_BN(params
->order
, a
);
992 b
= ASN1_INTEGER_to_BN(params
->cofactor
, b
);
995 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_ASN1_LIB
);
999 if (!EC_POINT_oct2point(ret
, point
, params
->base
->data
,
1000 params
->base
->length
, NULL
))
1002 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
1006 /* set the point conversion form */
1007 EC_GROUP_set_point_conversion_form(ret
, (point_conversion_form_t
)
1008 (params
->base
->data
[0] & ~0x01));
1010 if (!EC_GROUP_set_generator(ret
, point
, a
, b
))
1012 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, ERR_R_EC_LIB
);
1021 EC_GROUP_clear_free(ret
);
1032 EC_POINT_free(point
);
1034 X9_62_CHARACTERISTIC_TWO_free(char_two
);
1036 X9_62_PENTANOMIAL_free(penta
);
1040 EC_GROUP
*ec_asn1_pkparameters2group(const ECPKPARAMETERS
*params
)
1047 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
,
1048 EC_R_MISSING_PARAMETERS
);
1052 if (params
->type
== 0)
1053 { /* the curve is given by an OID */
1054 tmp
= OBJ_obj2nid(params
->value
.named_curve
);
1055 if ((ret
= EC_GROUP_new_by_nid(tmp
)) == NULL
)
1057 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
,
1058 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE
);
1061 EC_GROUP_set_asn1_flag(ret
, OPENSSL_EC_NAMED_CURVE
);
1063 else if (params
->type
== 1)
1064 { /* the parameters are given by a ECPARAMETERS
1066 ret
= ec_asn1_parameters2group(params
->value
.parameters
);
1069 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP
, ERR_R_EC_LIB
);
1072 EC_GROUP_set_asn1_flag(ret
, 0x0);
1074 else if (params
->type
== 2)
1075 { /* implicitlyCA */
1080 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP
, EC_R_ASN1_ERROR
);
1087 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1089 EC_GROUP
*d2i_ECPKParameters(EC_GROUP
**a
, const unsigned char **in
, long len
)
1091 EC_GROUP
*group
= NULL
;
1092 ECPKPARAMETERS
*params
= NULL
;
1094 if ((params
= d2i_ECPKPARAMETERS(NULL
, in
, len
)) == NULL
)
1096 ECerr(EC_F_D2I_ECPKPARAMETERS
, EC_R_D2I_ECPKPARAMETERS_FAILURE
);
1097 ECPKPARAMETERS_free(params
);
1101 if ((group
= ec_asn1_pkparameters2group(params
)) == NULL
)
1103 ECerr(EC_F_D2I_ECPKPARAMETERS
, EC_R_PKPARAMETERS2GROUP_FAILURE
);
1109 EC_GROUP_clear_free(*a
);
1113 ECPKPARAMETERS_free(params
);
1117 int i2d_ECPKParameters(const EC_GROUP
*a
, unsigned char **out
)
1120 ECPKPARAMETERS
*tmp
= ec_asn1_group2pkparameters(a
, NULL
);
1123 ECerr(EC_F_I2D_ECPKPARAMETERS
, EC_R_GROUP2PKPARAMETERS_FAILURE
);
1126 if ((ret
= i2d_ECPKPARAMETERS(tmp
, out
)) == 0)
1128 ECerr(EC_F_I2D_ECPKPARAMETERS
, EC_R_I2D_ECPKPARAMETERS_FAILURE
);
1129 ECPKPARAMETERS_free(tmp
);
1132 ECPKPARAMETERS_free(tmp
);
1136 /* some EC_KEY functions */
1138 EC_KEY
*d2i_ECPrivateKey(EC_KEY
**a
, const unsigned char **in
, long len
)
1142 EC_PRIVATEKEY
*priv_key
=NULL
;
1144 if ((priv_key
= EC_PRIVATEKEY_new()) == NULL
)
1146 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_MALLOC_FAILURE
);
1150 if ((priv_key
= d2i_EC_PRIVATEKEY(&priv_key
, in
, len
)) == NULL
)
1152 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1153 EC_PRIVATEKEY_free(priv_key
);
1157 if (a
== NULL
|| *a
== NULL
)
1159 if ((ret
= EC_KEY_new()) == NULL
)
1161 ECerr(EC_F_D2I_ECPRIVATEKEY
,
1162 ERR_R_MALLOC_FAILURE
);
1171 if (priv_key
->parameters
)
1174 EC_GROUP_clear_free(ret
->group
);
1175 ret
->group
= ec_asn1_pkparameters2group(priv_key
->parameters
);
1178 if (ret
->group
== NULL
)
1180 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1184 ret
->version
= priv_key
->version
;
1186 if (priv_key
->privateKey
)
1188 ret
->priv_key
= BN_bin2bn(
1189 M_ASN1_STRING_data(priv_key
->privateKey
),
1190 M_ASN1_STRING_length(priv_key
->privateKey
),
1192 if (ret
->priv_key
== NULL
)
1194 ECerr(EC_F_D2I_ECPRIVATEKEY
,
1201 ECerr(EC_F_D2I_ECPRIVATEKEY
,
1202 EC_R_MISSING_PRIVATE_KEY
);
1206 if (priv_key
->publicKey
)
1209 EC_POINT_clear_free(ret
->pub_key
);
1210 ret
->pub_key
= EC_POINT_new(ret
->group
);
1211 if (ret
->pub_key
== NULL
)
1213 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1216 if (!EC_POINT_oct2point(ret
->group
, ret
->pub_key
,
1217 M_ASN1_STRING_data(priv_key
->publicKey
),
1218 M_ASN1_STRING_length(priv_key
->publicKey
), NULL
))
1220 ECerr(EC_F_D2I_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1235 EC_PRIVATEKEY_free(priv_key
);
1240 int i2d_ECPrivateKey(EC_KEY
*a
, unsigned char **out
)
1243 unsigned char *buffer
=NULL
;
1244 size_t buf_len
=0, tmp_len
;
1245 EC_PRIVATEKEY
*priv_key
=NULL
;
1247 if (a
== NULL
|| a
->group
== NULL
|| a
->priv_key
== NULL
)
1249 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1250 ERR_R_PASSED_NULL_PARAMETER
);
1254 if ((priv_key
= EC_PRIVATEKEY_new()) == NULL
)
1256 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1257 ERR_R_MALLOC_FAILURE
);
1261 priv_key
->version
= a
->version
;
1263 buf_len
= (size_t)BN_num_bytes(a
->priv_key
);
1264 buffer
= OPENSSL_malloc(buf_len
);
1267 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1268 ERR_R_MALLOC_FAILURE
);
1272 if (!BN_bn2bin(a
->priv_key
, buffer
))
1274 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_BN_LIB
);
1278 if (!M_ASN1_OCTET_STRING_set(priv_key
->privateKey
, buffer
, buf_len
))
1280 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_ASN1_LIB
);
1284 if (!(a
->enc_flag
& EC_PKEY_NO_PARAMETERS
))
1286 if ((priv_key
->parameters
= ec_asn1_group2pkparameters(
1287 a
->group
, priv_key
->parameters
)) == NULL
)
1289 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1294 if (!(a
->enc_flag
& EC_PKEY_NO_PUBKEY
))
1296 priv_key
->publicKey
= M_ASN1_BIT_STRING_new();
1297 if (priv_key
->publicKey
== NULL
)
1299 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1300 ERR_R_MALLOC_FAILURE
);
1304 tmp_len
= EC_POINT_point2oct(a
->group
, a
->pub_key
,
1305 a
->conv_form
, NULL
, 0, NULL
);
1307 if (tmp_len
> buf_len
)
1308 buffer
= OPENSSL_realloc(buffer
, tmp_len
);
1311 ECerr(EC_F_I2D_ECPRIVATEKEY
,
1312 ERR_R_MALLOC_FAILURE
);
1318 if (!EC_POINT_point2oct(a
->group
, a
->pub_key
,
1319 a
->conv_form
, buffer
, buf_len
, NULL
))
1321 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1325 if (!M_ASN1_BIT_STRING_set(priv_key
->publicKey
, buffer
,
1328 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_ASN1_LIB
);
1333 if ((ret
= i2d_EC_PRIVATEKEY(priv_key
, out
)) == 0)
1335 ECerr(EC_F_I2D_ECPRIVATEKEY
, ERR_R_EC_LIB
);
1341 OPENSSL_free(buffer
);
1343 EC_PRIVATEKEY_free(priv_key
);
1347 int i2d_ECParameters(EC_KEY
*a
, unsigned char **out
)
1351 ECerr(EC_F_I2D_ECPARAMETERS
, ERR_R_PASSED_NULL_PARAMETER
);
1354 return i2d_ECPKParameters(a
->group
, out
);
1357 EC_KEY
*d2i_ECParameters(EC_KEY
**a
, const unsigned char **in
, long len
)
1362 if (in
== NULL
|| *in
== NULL
)
1364 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_PASSED_NULL_PARAMETER
);
1368 group
= d2i_ECPKParameters(NULL
, in
, len
);
1372 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_EC_LIB
);
1376 if (a
== NULL
|| *a
== NULL
)
1378 if ((ret
= EC_KEY_new()) == NULL
)
1380 ECerr(EC_F_D2I_ECPARAMETERS
, ERR_R_MALLOC_FAILURE
);
1390 EC_GROUP_clear_free(ret
->group
);
1397 EC_KEY
*ECPublicKey_set_octet_string(EC_KEY
**a
, const unsigned char **in
,
1402 if (a
== NULL
|| (*a
) == NULL
|| (*a
)->group
== NULL
)
1404 /* sorry, but a EC_GROUP-structur is necessary
1405 * to set the public key */
1406 ECerr(EC_F_ECPUBLICKEY_SET_OCTET
, ERR_R_PASSED_NULL_PARAMETER
);
1410 if (ret
->pub_key
== NULL
&&
1411 (ret
->pub_key
= EC_POINT_new(ret
->group
)) == NULL
)
1413 ECerr(EC_F_ECPUBLICKEY_SET_OCTET
, ERR_R_MALLOC_FAILURE
);
1416 if (!EC_POINT_oct2point(ret
->group
, ret
->pub_key
, *in
, len
, NULL
))
1418 ECerr(EC_F_ECPUBLICKEY_SET_OCTET
, ERR_R_EC_LIB
);
1421 /* save the point conversion form */
1422 ret
->conv_form
= (point_conversion_form_t
)(*in
[0] & ~0x01);
1426 int ECPublicKey_get_octet_string(EC_KEY
*a
, unsigned char **out
)
1432 ECerr(EC_F_ECPUBLICKEY_GET_OCTET
, ERR_R_PASSED_NULL_PARAMETER
);
1436 buf_len
= EC_POINT_point2oct(a
->group
, a
->pub_key
,
1437 a
->conv_form
, NULL
, 0, NULL
);
1439 if (out
== NULL
|| buf_len
== 0)
1440 /* out == NULL => just return the length of the octet string */
1444 if ((*out
= OPENSSL_malloc(buf_len
)) == NULL
)
1446 ECerr(EC_F_ECPUBLICKEY_GET_OCTET
,
1447 ERR_R_MALLOC_FAILURE
);
1450 if (!EC_POINT_point2oct(a
->group
, a
->pub_key
, a
->conv_form
,
1451 *out
, buf_len
, NULL
))
1453 ECerr(EC_F_ECPUBLICKEY_GET_OCTET
, ERR_R_EC_LIB
);