2 * Written by Nils Larsch for the OpenSSL project.
4 /* ====================================================================
5 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * openssl-core@openssl.org.
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
33 * 6. Redistributions of any form whatsoever must retain the following
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
57 /* ====================================================================
58 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
59 * Portions originally developed by SUN MICROSYSTEMS, INC., and
60 * contributed to the OpenSSL project.
63 #include <internal/cryptlib.h>
66 #include <openssl/err.h>
67 #ifndef OPENSSL_NO_ENGINE
68 # include <openssl/engine.h>
71 EC_KEY
*EC_KEY_new(void)
73 return EC_KEY_new_method(NULL
);
76 EC_KEY
*EC_KEY_new_by_curve_name(int nid
)
78 EC_KEY
*ret
= EC_KEY_new();
81 ret
->group
= EC_GROUP_new_by_curve_name(nid
);
82 if (ret
->group
== NULL
) {
86 if (ret
->meth
->set_group
!= NULL
87 && ret
->meth
->set_group(ret
, ret
->group
) == 0) {
94 void EC_KEY_free(EC_KEY
*r
)
101 i
= CRYPTO_add(&r
->references
, -1, CRYPTO_LOCK_EC
);
103 REF_PRINT("EC_KEY", r
);
109 fprintf(stderr
, "EC_KEY_free, bad reference count\n");
114 if (r
->meth
->finish
!= NULL
)
117 #ifndef OPENSSL_NO_ENGINE
118 if (r
->engine
!= NULL
)
119 ENGINE_finish(r
->engine
);
122 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY
, r
, &r
->ex_data
);
123 EC_GROUP_free(r
->group
);
124 EC_POINT_free(r
->pub_key
);
125 BN_clear_free(r
->priv_key
);
127 OPENSSL_clear_free((void *)r
, sizeof(EC_KEY
));
130 EC_KEY
*EC_KEY_copy(EC_KEY
*dest
, EC_KEY
*src
)
132 if (dest
== NULL
|| src
== NULL
) {
133 ECerr(EC_F_EC_KEY_COPY
, ERR_R_PASSED_NULL_PARAMETER
);
136 if (src
->meth
!= dest
->meth
) {
137 if (dest
->meth
->finish
!= NULL
)
138 dest
->meth
->finish(dest
);
139 #ifndef OPENSSL_NO_ENGINE
140 if (dest
->engine
!= NULL
&& ENGINE_finish(dest
->engine
) == 0)
145 /* copy the parameters */
146 if (src
->group
!= NULL
) {
147 const EC_METHOD
*meth
= EC_GROUP_method_of(src
->group
);
148 /* clear the old group */
149 EC_GROUP_free(dest
->group
);
150 dest
->group
= EC_GROUP_new(meth
);
151 if (dest
->group
== NULL
)
153 if (!EC_GROUP_copy(dest
->group
, src
->group
))
156 /* copy the public key */
157 if (src
->pub_key
!= NULL
&& src
->group
!= NULL
) {
158 EC_POINT_free(dest
->pub_key
);
159 dest
->pub_key
= EC_POINT_new(src
->group
);
160 if (dest
->pub_key
== NULL
)
162 if (!EC_POINT_copy(dest
->pub_key
, src
->pub_key
))
165 /* copy the private key */
166 if (src
->priv_key
!= NULL
) {
167 if (dest
->priv_key
== NULL
) {
168 dest
->priv_key
= BN_new();
169 if (dest
->priv_key
== NULL
)
172 if (!BN_copy(dest
->priv_key
, src
->priv_key
))
177 dest
->enc_flag
= src
->enc_flag
;
178 dest
->conv_form
= src
->conv_form
;
179 dest
->version
= src
->version
;
180 dest
->flags
= src
->flags
;
181 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY
,
182 &dest
->ex_data
, &src
->ex_data
))
185 if (src
->meth
!= dest
->meth
) {
186 #ifndef OPENSSL_NO_ENGINE
187 if (src
->engine
!= NULL
&& ENGINE_init(src
->engine
) == 0)
189 dest
->engine
= src
->engine
;
191 dest
->meth
= src
->meth
;
194 if (src
->meth
->copy
!= NULL
&& src
->meth
->copy(dest
, src
) == 0)
200 EC_KEY
*EC_KEY_dup(EC_KEY
*ec_key
)
202 EC_KEY
*ret
= EC_KEY_new_method(ec_key
->engine
);
206 if (EC_KEY_copy(ret
, ec_key
) == NULL
) {
213 int EC_KEY_up_ref(EC_KEY
*r
)
215 int i
= CRYPTO_add(&r
->references
, 1, CRYPTO_LOCK_EC
);
217 REF_PRINT("EC_KEY", r
);
221 fprintf(stderr
, "EC_KEY_up, bad reference count\n");
225 return ((i
> 1) ? 1 : 0);
228 int EC_KEY_generate_key(EC_KEY
*eckey
)
230 if (eckey
== NULL
|| eckey
->group
== NULL
) {
231 ECerr(EC_F_EC_KEY_GENERATE_KEY
, ERR_R_PASSED_NULL_PARAMETER
);
234 if (eckey
->meth
->keygen
!= NULL
)
235 return eckey
->meth
->keygen(eckey
);
236 ECerr(EC_F_EC_KEY_GENERATE_KEY
, EC_R_OPERATION_NOT_SUPPORTED
);
240 int ossl_ec_key_gen(EC_KEY
*eckey
)
244 BIGNUM
*priv_key
= NULL
;
245 const BIGNUM
*order
= NULL
;
246 EC_POINT
*pub_key
= NULL
;
248 if ((ctx
= BN_CTX_new()) == NULL
)
251 if (eckey
->priv_key
== NULL
) {
253 if (priv_key
== NULL
)
256 priv_key
= eckey
->priv_key
;
258 order
= EC_GROUP_get0_order(eckey
->group
);
263 if (!BN_rand_range(priv_key
, order
))
265 while (BN_is_zero(priv_key
)) ;
267 if (eckey
->pub_key
== NULL
) {
268 pub_key
= EC_POINT_new(eckey
->group
);
272 pub_key
= eckey
->pub_key
;
274 if (!EC_POINT_mul(eckey
->group
, pub_key
, priv_key
, NULL
, NULL
, ctx
))
277 eckey
->priv_key
= priv_key
;
278 eckey
->pub_key
= pub_key
;
283 if (eckey
->pub_key
== NULL
)
284 EC_POINT_free(pub_key
);
285 if (eckey
->priv_key
!= priv_key
)
291 int EC_KEY_check_key(const EC_KEY
*eckey
)
295 const BIGNUM
*order
= NULL
;
296 EC_POINT
*point
= NULL
;
298 if (eckey
== NULL
|| eckey
->group
== NULL
|| eckey
->pub_key
== NULL
) {
299 ECerr(EC_F_EC_KEY_CHECK_KEY
, ERR_R_PASSED_NULL_PARAMETER
);
303 if (EC_POINT_is_at_infinity(eckey
->group
, eckey
->pub_key
)) {
304 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_POINT_AT_INFINITY
);
308 if ((ctx
= BN_CTX_new()) == NULL
)
310 if ((point
= EC_POINT_new(eckey
->group
)) == NULL
)
313 /* testing whether the pub_key is on the elliptic curve */
314 if (EC_POINT_is_on_curve(eckey
->group
, eckey
->pub_key
, ctx
) <= 0) {
315 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_POINT_IS_NOT_ON_CURVE
);
318 /* testing whether pub_key * order is the point at infinity */
319 order
= eckey
->group
->order
;
320 if (BN_is_zero(order
)) {
321 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_INVALID_GROUP_ORDER
);
324 if (!EC_POINT_mul(eckey
->group
, point
, NULL
, eckey
->pub_key
, order
, ctx
)) {
325 ECerr(EC_F_EC_KEY_CHECK_KEY
, ERR_R_EC_LIB
);
328 if (!EC_POINT_is_at_infinity(eckey
->group
, point
)) {
329 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_WRONG_ORDER
);
333 * in case the priv_key is present : check if generator * priv_key ==
336 if (eckey
->priv_key
!= NULL
) {
337 if (BN_cmp(eckey
->priv_key
, order
) >= 0) {
338 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_WRONG_ORDER
);
341 if (!EC_POINT_mul(eckey
->group
, point
, eckey
->priv_key
,
343 ECerr(EC_F_EC_KEY_CHECK_KEY
, ERR_R_EC_LIB
);
346 if (EC_POINT_cmp(eckey
->group
, point
, eckey
->pub_key
, ctx
) != 0) {
347 ECerr(EC_F_EC_KEY_CHECK_KEY
, EC_R_INVALID_PRIVATE_KEY
);
354 EC_POINT_free(point
);
358 int EC_KEY_set_public_key_affine_coordinates(EC_KEY
*key
, BIGNUM
*x
,
363 EC_POINT
*point
= NULL
;
365 #ifndef OPENSSL_NO_EC2M
366 int tmp_nid
, is_char_two
= 0;
369 if (key
== NULL
|| key
->group
== NULL
|| x
== NULL
|| y
== NULL
) {
370 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES
,
371 ERR_R_PASSED_NULL_PARAMETER
);
378 point
= EC_POINT_new(key
->group
);
383 tx
= BN_CTX_get(ctx
);
384 ty
= BN_CTX_get(ctx
);
388 #ifndef OPENSSL_NO_EC2M
389 tmp_nid
= EC_METHOD_get_field_type(EC_GROUP_method_of(key
->group
));
391 if (tmp_nid
== NID_X9_62_characteristic_two_field
)
395 if (!EC_POINT_set_affine_coordinates_GF2m(key
->group
, point
,
398 if (!EC_POINT_get_affine_coordinates_GF2m(key
->group
, point
,
404 if (!EC_POINT_set_affine_coordinates_GFp(key
->group
, point
,
407 if (!EC_POINT_get_affine_coordinates_GFp(key
->group
, point
,
412 * Check if retrieved coordinates match originals and are less than field
413 * order: if not values are out of range.
415 if (BN_cmp(x
, tx
) || BN_cmp(y
, ty
)
416 || (BN_cmp(x
, key
->group
->field
) >= 0)
417 || (BN_cmp(y
, key
->group
->field
) >= 0)) {
418 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES
,
419 EC_R_COORDINATES_OUT_OF_RANGE
);
423 if (!EC_KEY_set_public_key(key
, point
))
426 if (EC_KEY_check_key(key
) == 0)
433 EC_POINT_free(point
);
438 const EC_GROUP
*EC_KEY_get0_group(const EC_KEY
*key
)
443 int EC_KEY_set_group(EC_KEY
*key
, const EC_GROUP
*group
)
445 if (key
->meth
->set_group
!= NULL
&& key
->meth
->set_group(key
, group
) == 0)
447 EC_GROUP_free(key
->group
);
448 key
->group
= EC_GROUP_dup(group
);
449 return (key
->group
== NULL
) ? 0 : 1;
452 const BIGNUM
*EC_KEY_get0_private_key(const EC_KEY
*key
)
454 return key
->priv_key
;
457 int EC_KEY_set_private_key(EC_KEY
*key
, const BIGNUM
*priv_key
)
459 if (key
->meth
->set_private
!= NULL
460 && key
->meth
->set_private(key
, priv_key
) == 0)
462 BN_clear_free(key
->priv_key
);
463 key
->priv_key
= BN_dup(priv_key
);
464 return (key
->priv_key
== NULL
) ? 0 : 1;
467 const EC_POINT
*EC_KEY_get0_public_key(const EC_KEY
*key
)
472 int EC_KEY_set_public_key(EC_KEY
*key
, const EC_POINT
*pub_key
)
474 if (key
->meth
->set_public
!= NULL
475 && key
->meth
->set_public(key
, pub_key
) == 0)
477 EC_POINT_free(key
->pub_key
);
478 key
->pub_key
= EC_POINT_dup(pub_key
, key
->group
);
479 return (key
->pub_key
== NULL
) ? 0 : 1;
482 unsigned int EC_KEY_get_enc_flags(const EC_KEY
*key
)
484 return key
->enc_flag
;
487 void EC_KEY_set_enc_flags(EC_KEY
*key
, unsigned int flags
)
489 key
->enc_flag
= flags
;
492 point_conversion_form_t
EC_KEY_get_conv_form(const EC_KEY
*key
)
494 return key
->conv_form
;
497 void EC_KEY_set_conv_form(EC_KEY
*key
, point_conversion_form_t cform
)
499 key
->conv_form
= cform
;
500 if (key
->group
!= NULL
)
501 EC_GROUP_set_point_conversion_form(key
->group
, cform
);
504 void EC_KEY_set_asn1_flag(EC_KEY
*key
, int flag
)
506 if (key
->group
!= NULL
)
507 EC_GROUP_set_asn1_flag(key
->group
, flag
);
510 int EC_KEY_precompute_mult(EC_KEY
*key
, BN_CTX
*ctx
)
512 if (key
->group
== NULL
)
514 return EC_GROUP_precompute_mult(key
->group
, ctx
);
517 int EC_KEY_get_flags(const EC_KEY
*key
)
522 void EC_KEY_set_flags(EC_KEY
*key
, int flags
)
527 void EC_KEY_clear_flags(EC_KEY
*key
, int flags
)
529 key
->flags
&= ~flags
;
532 size_t EC_KEY_key2buf(const EC_KEY
*key
, point_conversion_form_t form
,
533 unsigned char **pbuf
, BN_CTX
*ctx
)
535 if (key
== NULL
|| key
->pub_key
== NULL
|| key
->group
== NULL
)
537 return EC_POINT_point2buf(key
->group
, key
->pub_key
, form
, pbuf
, ctx
);
540 int EC_KEY_oct2key(EC_KEY
*key
, const unsigned char *buf
, size_t len
,
543 if (key
== NULL
|| key
->group
== NULL
)
545 if (key
->pub_key
== NULL
)
546 key
->pub_key
= EC_POINT_new(key
->group
);
547 if (key
->pub_key
== NULL
)
549 return EC_POINT_oct2point(key
->group
, key
->pub_key
, buf
, len
, ctx
);
552 size_t EC_KEY_priv2oct(const EC_KEY
*eckey
, unsigned char *buf
, size_t len
)
554 size_t buf_len
, bn_len
;
555 if (eckey
->group
== NULL
|| eckey
->group
->meth
== NULL
)
558 buf_len
= (EC_GROUP_get_degree(eckey
->group
) + 7) / 8;
559 if (eckey
->priv_key
== NULL
)
563 else if (len
< buf_len
)
566 bn_len
= (size_t)BN_num_bytes(eckey
->priv_key
);
568 /* Octetstring may need leading zeros if BN is to short */
570 if (bn_len
> buf_len
) {
571 ECerr(EC_F_EC_KEY_PRIV2OCT
, EC_R_BUFFER_TOO_SMALL
);
575 if (!BN_bn2bin(eckey
->priv_key
, buf
+ buf_len
- bn_len
)) {
576 ECerr(EC_F_EC_KEY_PRIV2OCT
, ERR_R_BN_LIB
);
580 if (buf_len
- bn_len
> 0)
581 memset(buf
, 0, buf_len
- bn_len
);
586 int EC_KEY_oct2priv(EC_KEY
*eckey
, unsigned char *buf
, size_t len
)
588 if (eckey
->group
== NULL
|| eckey
->group
->meth
== NULL
)
591 if (eckey
->priv_key
== NULL
)
592 eckey
->priv_key
= BN_secure_new();
593 if (eckey
->priv_key
== NULL
) {
594 ECerr(EC_F_EC_KEY_OCT2PRIV
, ERR_R_MALLOC_FAILURE
);
597 eckey
->priv_key
= BN_bin2bn(buf
, len
, eckey
->priv_key
);
598 if (eckey
->priv_key
== NULL
) {
599 ECerr(EC_F_EC_KEY_OCT2PRIV
, ERR_R_BN_LIB
);