]>
Commit | Line | Data |
---|---|---|
14a7cfb3 | 1 | /* |
bb315ca7 | 2 | * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. |
aa8f3d76 | 3 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
14a7cfb3 | 4 | * |
a7f182b7 | 5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
aa6bb135 RS |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
14a7cfb3 | 9 | */ |
aa6bb135 | 10 | |
5f8dd0f8 | 11 | #include "internal/cryptlib.h" |
5454829a | 12 | #include <string.h> |
14a7cfb3 | 13 | #include "ec_lcl.h" |
cd420b0b | 14 | #include "internal/refcount.h" |
14a7cfb3 | 15 | #include <openssl/err.h> |
3c27208f | 16 | #include <openssl/engine.h> |
14a7cfb3 BM |
17 | |
18 | EC_KEY *EC_KEY_new(void) | |
0f113f3e | 19 | { |
28572b57 | 20 | return EC_KEY_new_method(NULL); |
0f113f3e | 21 | } |
14a7cfb3 | 22 | |
9dd84053 | 23 | EC_KEY *EC_KEY_new_by_curve_name(int nid) |
0f113f3e MC |
24 | { |
25 | EC_KEY *ret = EC_KEY_new(); | |
26 | if (ret == NULL) | |
27 | return NULL; | |
28 | ret->group = EC_GROUP_new_by_curve_name(nid); | |
29 | if (ret->group == NULL) { | |
30 | EC_KEY_free(ret); | |
31 | return NULL; | |
32 | } | |
91e7bcc2 DSH |
33 | if (ret->meth->set_group != NULL |
34 | && ret->meth->set_group(ret, ret->group) == 0) { | |
3475bc96 DSH |
35 | EC_KEY_free(ret); |
36 | return NULL; | |
37 | } | |
0f113f3e MC |
38 | return ret; |
39 | } | |
14a7cfb3 BM |
40 | |
41 | void EC_KEY_free(EC_KEY *r) | |
0f113f3e MC |
42 | { |
43 | int i; | |
14a7cfb3 | 44 | |
0f113f3e MC |
45 | if (r == NULL) |
46 | return; | |
14a7cfb3 | 47 | |
2f545ae4 | 48 | CRYPTO_DOWN_REF(&r->references, &i, r->lock); |
f3f1cf84 | 49 | REF_PRINT_COUNT("EC_KEY", r); |
0f113f3e MC |
50 | if (i > 0) |
51 | return; | |
f3f1cf84 | 52 | REF_ASSERT_ISNT(i < 0); |
14a7cfb3 | 53 | |
0c5d725e | 54 | if (r->meth != NULL && r->meth->finish != NULL) |
0d6ff6d3 DSH |
55 | r->meth->finish(r); |
56 | ||
51966416 | 57 | #ifndef OPENSSL_NO_ENGINE |
7c96dbcd | 58 | ENGINE_finish(r->engine); |
51966416 DSH |
59 | #endif |
60 | ||
6903e2e7 DSH |
61 | if (r->group && r->group->meth->keyfinish) |
62 | r->group->meth->keyfinish(r); | |
63 | ||
3aef36ff | 64 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); |
9b398ef2 | 65 | CRYPTO_THREAD_lock_free(r->lock); |
8fdc3734 RS |
66 | EC_GROUP_free(r->group); |
67 | EC_POINT_free(r->pub_key); | |
23a1d5e9 | 68 | BN_clear_free(r->priv_key); |
14a7cfb3 | 69 | |
4b45c6e5 | 70 | OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); |
0f113f3e | 71 | } |
14a7cfb3 | 72 | |
4a9a0d9b | 73 | EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) |
0f113f3e | 74 | { |
0f113f3e MC |
75 | if (dest == NULL || src == NULL) { |
76 | ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); | |
77 | return NULL; | |
78 | } | |
ea0392b9 | 79 | if (src->meth != dest->meth) { |
91e7bcc2 | 80 | if (dest->meth->finish != NULL) |
ea0392b9 | 81 | dest->meth->finish(dest); |
6903e2e7 DSH |
82 | if (dest->group && dest->group->meth->keyfinish) |
83 | dest->group->meth->keyfinish(dest); | |
ea0392b9 | 84 | #ifndef OPENSSL_NO_ENGINE |
7c96dbcd | 85 | if (ENGINE_finish(dest->engine) == 0) |
ea0392b9 DSH |
86 | return 0; |
87 | dest->engine = NULL; | |
88 | #endif | |
89 | } | |
0f113f3e | 90 | /* copy the parameters */ |
91e7bcc2 | 91 | if (src->group != NULL) { |
0f113f3e MC |
92 | const EC_METHOD *meth = EC_GROUP_method_of(src->group); |
93 | /* clear the old group */ | |
8fdc3734 | 94 | EC_GROUP_free(dest->group); |
0f113f3e MC |
95 | dest->group = EC_GROUP_new(meth); |
96 | if (dest->group == NULL) | |
97 | return NULL; | |
98 | if (!EC_GROUP_copy(dest->group, src->group)) | |
99 | return NULL; | |
40a8643a MC |
100 | |
101 | /* copy the public key */ | |
102 | if (src->pub_key != NULL) { | |
103 | EC_POINT_free(dest->pub_key); | |
104 | dest->pub_key = EC_POINT_new(src->group); | |
105 | if (dest->pub_key == NULL) | |
106 | return NULL; | |
107 | if (!EC_POINT_copy(dest->pub_key, src->pub_key)) | |
108 | return NULL; | |
109 | } | |
110 | /* copy the private key */ | |
111 | if (src->priv_key != NULL) { | |
112 | if (dest->priv_key == NULL) { | |
113 | dest->priv_key = BN_new(); | |
114 | if (dest->priv_key == NULL) | |
115 | return NULL; | |
116 | } | |
117 | if (!BN_copy(dest->priv_key, src->priv_key)) | |
118 | return NULL; | |
119 | if (src->group->meth->keycopy | |
120 | && src->group->meth->keycopy(dest, src) == 0) | |
0f113f3e MC |
121 | return NULL; |
122 | } | |
0f113f3e | 123 | } |
0f113f3e | 124 | |
6903e2e7 | 125 | |
0f113f3e MC |
126 | /* copy the rest */ |
127 | dest->enc_flag = src->enc_flag; | |
128 | dest->conv_form = src->conv_form; | |
129 | dest->version = src->version; | |
130 | dest->flags = src->flags; | |
3aef36ff RS |
131 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, |
132 | &dest->ex_data, &src->ex_data)) | |
133 | return NULL; | |
0f113f3e | 134 | |
ea0392b9 DSH |
135 | if (src->meth != dest->meth) { |
136 | #ifndef OPENSSL_NO_ENGINE | |
91e7bcc2 DSH |
137 | if (src->engine != NULL && ENGINE_init(src->engine) == 0) |
138 | return NULL; | |
ea0392b9 DSH |
139 | dest->engine = src->engine; |
140 | #endif | |
141 | dest->meth = src->meth; | |
142 | } | |
143 | ||
91e7bcc2 DSH |
144 | if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) |
145 | return NULL; | |
ea0392b9 | 146 | |
0f113f3e MC |
147 | return dest; |
148 | } | |
14a7cfb3 | 149 | |
4a9a0d9b | 150 | EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) |
0f113f3e | 151 | { |
ea0392b9 | 152 | EC_KEY *ret = EC_KEY_new_method(ec_key->engine); |
3aef36ff | 153 | |
0f113f3e MC |
154 | if (ret == NULL) |
155 | return NULL; | |
9b398ef2 | 156 | |
0f113f3e MC |
157 | if (EC_KEY_copy(ret, ec_key) == NULL) { |
158 | EC_KEY_free(ret); | |
159 | return NULL; | |
160 | } | |
161 | return ret; | |
162 | } | |
14a7cfb3 | 163 | |
e172d60d | 164 | int EC_KEY_up_ref(EC_KEY *r) |
0f113f3e | 165 | { |
9b398ef2 AG |
166 | int i; |
167 | ||
2f545ae4 | 168 | if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) |
9b398ef2 | 169 | return 0; |
f3f1cf84 RS |
170 | |
171 | REF_PRINT_COUNT("EC_KEY", r); | |
172 | REF_ASSERT_ISNT(i < 2); | |
0f113f3e MC |
173 | return ((i > 1) ? 1 : 0); |
174 | } | |
e172d60d | 175 | |
d1da335c RL |
176 | ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey) |
177 | { | |
178 | return eckey->engine; | |
179 | } | |
180 | ||
14a7cfb3 | 181 | int EC_KEY_generate_key(EC_KEY *eckey) |
0f113f3e | 182 | { |
91e7bcc2 | 183 | if (eckey == NULL || eckey->group == NULL) { |
0f113f3e MC |
184 | ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); |
185 | return 0; | |
186 | } | |
91e7bcc2 | 187 | if (eckey->meth->keygen != NULL) |
5a6a1029 DSH |
188 | return eckey->meth->keygen(eckey); |
189 | ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); | |
190 | return 0; | |
191 | } | |
192 | ||
193 | int ossl_ec_key_gen(EC_KEY *eckey) | |
77470e98 | 194 | { |
77470e98 DSH |
195 | return eckey->group->meth->keygen(eckey); |
196 | } | |
197 | ||
bb315ca7 SL |
198 | /* |
199 | * ECC Key generation. | |
200 | * See SP800-56AR3 5.6.1.2.2 "Key Pair Generation by Testing Candidates" | |
201 | * | |
202 | * Params: | |
203 | * eckey An EC key object that contains domain params. The generated keypair | |
204 | * is stored in this object. | |
205 | * Returns 1 if the keypair was generated or 0 otherwise. | |
206 | */ | |
77470e98 | 207 | int ec_key_simple_generate_key(EC_KEY *eckey) |
5a6a1029 DSH |
208 | { |
209 | int ok = 0; | |
be2e334f DSH |
210 | BIGNUM *priv_key = NULL; |
211 | const BIGNUM *order = NULL; | |
5a6a1029 | 212 | EC_POINT *pub_key = NULL; |
bb315ca7 | 213 | const EC_GROUP *group = eckey->group; |
0f113f3e MC |
214 | |
215 | if (eckey->priv_key == NULL) { | |
bb315ca7 | 216 | priv_key = BN_secure_new(); |
0f113f3e MC |
217 | if (priv_key == NULL) |
218 | goto err; | |
219 | } else | |
220 | priv_key = eckey->priv_key; | |
221 | ||
bb315ca7 SL |
222 | /* |
223 | * Steps (1-2): Check domain parameters and security strength. | |
224 | * These steps must be done by the user. This would need to be | |
225 | * stated in the security policy. | |
226 | */ | |
227 | ||
228 | order = EC_GROUP_get0_order(group); | |
be2e334f | 229 | if (order == NULL) |
0f113f3e MC |
230 | goto err; |
231 | ||
bb315ca7 SL |
232 | /* |
233 | * Steps (3-7): priv_key = DRBG_RAND(order_n_bits) (range [1, n-1]). | |
234 | * Although this is slightly different from the standard, it is effectively | |
235 | * equivalent as it gives an unbiased result ranging from 1..n-1. It is also | |
236 | * faster as the standard needs to retry more often. Also doing | |
237 | * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into | |
238 | * rand so the simpler backward compatible method has been used here. | |
239 | */ | |
0f113f3e | 240 | do |
ddc6a5c8 | 241 | if (!BN_priv_rand_range(priv_key, order)) |
0f113f3e MC |
242 | goto err; |
243 | while (BN_is_zero(priv_key)) ; | |
244 | ||
245 | if (eckey->pub_key == NULL) { | |
bb315ca7 | 246 | pub_key = EC_POINT_new(group); |
0f113f3e MC |
247 | if (pub_key == NULL) |
248 | goto err; | |
249 | } else | |
250 | pub_key = eckey->pub_key; | |
251 | ||
bb315ca7 SL |
252 | /* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */ |
253 | if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) | |
0f113f3e MC |
254 | goto err; |
255 | ||
256 | eckey->priv_key = priv_key; | |
257 | eckey->pub_key = pub_key; | |
bb315ca7 SL |
258 | priv_key = NULL; |
259 | pub_key = NULL; | |
0f113f3e MC |
260 | |
261 | ok = 1; | |
262 | ||
bb315ca7 SL |
263 | err: |
264 | /* Step (9): If there is an error return an invalid keypair. */ | |
265 | if (!ok) { | |
266 | BN_clear(eckey->priv_key); | |
267 | if (eckey->pub_key != NULL) | |
268 | EC_POINT_set_to_infinity(group, eckey->pub_key); | |
269 | } | |
270 | ||
271 | EC_POINT_free(pub_key); | |
272 | BN_clear_free(priv_key); | |
77470e98 DSH |
273 | return ok; |
274 | } | |
275 | ||
276 | int ec_key_simple_generate_public_key(EC_KEY *eckey) | |
277 | { | |
bb315ca7 SL |
278 | /* |
279 | * See SP800-56AR3 5.6.1.2.2: Step (8) | |
280 | * pub_key = priv_key * G (where G is a point on the curve) | |
281 | */ | |
77470e98 DSH |
282 | return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, |
283 | NULL, NULL); | |
0f113f3e | 284 | } |
14a7cfb3 BM |
285 | |
286 | int EC_KEY_check_key(const EC_KEY *eckey) | |
77470e98 DSH |
287 | { |
288 | if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { | |
289 | ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); | |
290 | return 0; | |
291 | } | |
292 | ||
293 | if (eckey->group->meth->keycheck == NULL) { | |
294 | ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
295 | return 0; | |
296 | } | |
297 | ||
298 | return eckey->group->meth->keycheck(eckey); | |
299 | } | |
300 | ||
5173cdde SL |
301 | /* |
302 | * Check the range of the EC public key. | |
303 | * See SP800-56A R3 Section 5.6.2.3.3 (Part 2) | |
304 | * i.e. | |
305 | * - If q = odd prime p: Verify that xQ and yQ are integers in the | |
7a228c39 | 306 | * interval[0, p - 1], OR |
5173cdde SL |
307 | * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits. |
308 | * Returns 1 if the public key has a valid range, otherwise it returns 0. | |
309 | */ | |
310 | static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key) | |
311 | { | |
312 | int ret = 0; | |
313 | BIGNUM *x, *y; | |
314 | ||
315 | BN_CTX_start(ctx); | |
316 | x = BN_CTX_get(ctx); | |
317 | y = BN_CTX_get(ctx); | |
318 | if (y == NULL) | |
319 | goto err; | |
320 | ||
321 | if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx)) | |
322 | goto err; | |
323 | ||
324 | if (EC_METHOD_get_field_type(key->group->meth) == NID_X9_62_prime_field) { | |
325 | if (BN_is_negative(x) | |
326 | || BN_cmp(x, key->group->field) >= 0 | |
327 | || BN_is_negative(y) | |
328 | || BN_cmp(y, key->group->field) >= 0) { | |
329 | goto err; | |
330 | } | |
331 | } else { | |
332 | int m = EC_GROUP_get_degree(key->group); | |
333 | if (BN_num_bits(x) > m || BN_num_bits(y) > m) { | |
334 | goto err; | |
335 | } | |
336 | } | |
337 | ret = 1; | |
338 | err: | |
339 | BN_CTX_end(ctx); | |
340 | return ret; | |
341 | } | |
342 | ||
343 | /* | |
344 | * ECC Key validation as specified in SP800-56A R3. | |
345 | * Section 5.6.2.3.3 ECC Full Public-Key Validation | |
346 | * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity | |
347 | * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency | |
348 | * NOTES: | |
349 | * Before calling this method in fips mode, there should be an assurance that | |
350 | * an approved elliptic-curve group is used. | |
351 | * Returns 1 if the key is valid, otherwise it returns 0. | |
352 | */ | |
77470e98 | 353 | int ec_key_simple_check_key(const EC_KEY *eckey) |
0f113f3e MC |
354 | { |
355 | int ok = 0; | |
356 | BN_CTX *ctx = NULL; | |
357 | const BIGNUM *order = NULL; | |
358 | EC_POINT *point = NULL; | |
359 | ||
91e7bcc2 | 360 | if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { |
77470e98 | 361 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); |
0f113f3e MC |
362 | return 0; |
363 | } | |
364 | ||
5173cdde | 365 | /* 5.6.2.3.3 (Step 1): Q != infinity */ |
0f113f3e | 366 | if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { |
77470e98 | 367 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY); |
0f113f3e MC |
368 | goto err; |
369 | } | |
370 | ||
371 | if ((ctx = BN_CTX_new()) == NULL) | |
372 | goto err; | |
5173cdde | 373 | |
0f113f3e MC |
374 | if ((point = EC_POINT_new(eckey->group)) == NULL) |
375 | goto err; | |
376 | ||
5173cdde SL |
377 | /* 5.6.2.3.3 (Step 2) Test if the public key is in range */ |
378 | if (!ec_key_public_range_check(ctx, eckey)) { | |
379 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_COORDINATES_OUT_OF_RANGE); | |
380 | goto err; | |
381 | } | |
382 | ||
383 | /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */ | |
68886be7 | 384 | if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { |
77470e98 | 385 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); |
0f113f3e MC |
386 | goto err; |
387 | } | |
5173cdde | 388 | |
0f113f3e MC |
389 | order = eckey->group->order; |
390 | if (BN_is_zero(order)) { | |
77470e98 | 391 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); |
0f113f3e MC |
392 | goto err; |
393 | } | |
5173cdde | 394 | /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */ |
0f113f3e | 395 | if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { |
77470e98 | 396 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); |
0f113f3e MC |
397 | goto err; |
398 | } | |
399 | if (!EC_POINT_is_at_infinity(eckey->group, point)) { | |
77470e98 | 400 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); |
0f113f3e MC |
401 | goto err; |
402 | } | |
5173cdde | 403 | |
91e7bcc2 | 404 | if (eckey->priv_key != NULL) { |
5173cdde SL |
405 | /* |
406 | * 5.6.2.1.2 Owner Assurance of Private-Key Validity | |
407 | * The private key is in the range [1, order-1] | |
408 | */ | |
409 | if (BN_cmp(eckey->priv_key, BN_value_one()) < 0 | |
410 | || BN_cmp(eckey->priv_key, order) >= 0) { | |
77470e98 | 411 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); |
0f113f3e MC |
412 | goto err; |
413 | } | |
5173cdde SL |
414 | /* |
415 | * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b) | |
416 | * Check if generator * priv_key = pub_key | |
417 | */ | |
0f113f3e MC |
418 | if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, |
419 | NULL, NULL, ctx)) { | |
77470e98 | 420 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); |
0f113f3e MC |
421 | goto err; |
422 | } | |
423 | if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { | |
77470e98 | 424 | ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); |
0f113f3e MC |
425 | goto err; |
426 | } | |
427 | } | |
428 | ok = 1; | |
429 | err: | |
23a1d5e9 | 430 | BN_CTX_free(ctx); |
8fdc3734 | 431 | EC_POINT_free(point); |
77470e98 | 432 | return ok; |
0f113f3e MC |
433 | } |
434 | ||
435 | int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, | |
436 | BIGNUM *y) | |
437 | { | |
438 | BN_CTX *ctx = NULL; | |
439 | BIGNUM *tx, *ty; | |
440 | EC_POINT *point = NULL; | |
8d11b7c7 | 441 | int ok = 0; |
0f113f3e | 442 | |
91e7bcc2 | 443 | if (key == NULL || key->group == NULL || x == NULL || y == NULL) { |
0f113f3e MC |
444 | ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, |
445 | ERR_R_PASSED_NULL_PARAMETER); | |
446 | return 0; | |
447 | } | |
448 | ctx = BN_CTX_new(); | |
90945fa3 | 449 | if (ctx == NULL) |
2ab851b7 | 450 | return 0; |
0f113f3e | 451 | |
2ab851b7 | 452 | BN_CTX_start(ctx); |
0f113f3e MC |
453 | point = EC_POINT_new(key->group); |
454 | ||
90945fa3 | 455 | if (point == NULL) |
0f113f3e MC |
456 | goto err; |
457 | ||
8d11b7c7 MC |
458 | tx = BN_CTX_get(ctx); |
459 | ty = BN_CTX_get(ctx); | |
dd67493c BB |
460 | if (ty == NULL) |
461 | goto err; | |
8d11b7c7 | 462 | |
9cc570d4 MC |
463 | if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx)) |
464 | goto err; | |
465 | if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx)) | |
466 | goto err; | |
0f113f3e | 467 | |
0f113f3e | 468 | /* |
5173cdde SL |
469 | * Check if retrieved coordinates match originals. The range check is done |
470 | * inside EC_KEY_check_key(). | |
0f113f3e | 471 | */ |
5173cdde | 472 | if (BN_cmp(x, tx) || BN_cmp(y, ty)) { |
0f113f3e MC |
473 | ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, |
474 | EC_R_COORDINATES_OUT_OF_RANGE); | |
475 | goto err; | |
476 | } | |
477 | ||
478 | if (!EC_KEY_set_public_key(key, point)) | |
479 | goto err; | |
480 | ||
481 | if (EC_KEY_check_key(key) == 0) | |
482 | goto err; | |
483 | ||
484 | ok = 1; | |
485 | ||
486 | err: | |
2ab851b7 | 487 | BN_CTX_end(ctx); |
23a1d5e9 | 488 | BN_CTX_free(ctx); |
8fdc3734 | 489 | EC_POINT_free(point); |
0f113f3e MC |
490 | return ok; |
491 | ||
492 | } | |
fef1c40b | 493 | |
9dd84053 | 494 | const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) |
0f113f3e MC |
495 | { |
496 | return key->group; | |
497 | } | |
9dd84053 NL |
498 | |
499 | int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) | |
0f113f3e | 500 | { |
91e7bcc2 | 501 | if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0) |
3475bc96 | 502 | return 0; |
8fdc3734 | 503 | EC_GROUP_free(key->group); |
0f113f3e MC |
504 | key->group = EC_GROUP_dup(group); |
505 | return (key->group == NULL) ? 0 : 1; | |
506 | } | |
9dd84053 NL |
507 | |
508 | const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) | |
0f113f3e MC |
509 | { |
510 | return key->priv_key; | |
511 | } | |
9dd84053 NL |
512 | |
513 | int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) | |
0f113f3e | 514 | { |
6903e2e7 DSH |
515 | if (key->group == NULL || key->group->meth == NULL) |
516 | return 0; | |
acde647f KY |
517 | if (key->group->meth->set_private != NULL |
518 | && key->group->meth->set_private(key, priv_key) == 0) | |
6903e2e7 | 519 | return 0; |
91e7bcc2 DSH |
520 | if (key->meth->set_private != NULL |
521 | && key->meth->set_private(key, priv_key) == 0) | |
3475bc96 | 522 | return 0; |
23a1d5e9 | 523 | BN_clear_free(key->priv_key); |
0f113f3e MC |
524 | key->priv_key = BN_dup(priv_key); |
525 | return (key->priv_key == NULL) ? 0 : 1; | |
526 | } | |
9dd84053 NL |
527 | |
528 | const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) | |
0f113f3e MC |
529 | { |
530 | return key->pub_key; | |
531 | } | |
9dd84053 NL |
532 | |
533 | int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) | |
0f113f3e | 534 | { |
91e7bcc2 DSH |
535 | if (key->meth->set_public != NULL |
536 | && key->meth->set_public(key, pub_key) == 0) | |
3475bc96 | 537 | return 0; |
8fdc3734 | 538 | EC_POINT_free(key->pub_key); |
0f113f3e MC |
539 | key->pub_key = EC_POINT_dup(pub_key, key->group); |
540 | return (key->pub_key == NULL) ? 0 : 1; | |
541 | } | |
9dd84053 NL |
542 | |
543 | unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) | |
0f113f3e MC |
544 | { |
545 | return key->enc_flag; | |
546 | } | |
9dd84053 NL |
547 | |
548 | void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) | |
0f113f3e MC |
549 | { |
550 | key->enc_flag = flags; | |
551 | } | |
9dd84053 NL |
552 | |
553 | point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) | |
0f113f3e MC |
554 | { |
555 | return key->conv_form; | |
556 | } | |
9dd84053 NL |
557 | |
558 | void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) | |
0f113f3e MC |
559 | { |
560 | key->conv_form = cform; | |
561 | if (key->group != NULL) | |
562 | EC_GROUP_set_point_conversion_form(key->group, cform); | |
563 | } | |
9dd84053 | 564 | |
9dd84053 | 565 | void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) |
0f113f3e MC |
566 | { |
567 | if (key->group != NULL) | |
568 | EC_GROUP_set_asn1_flag(key->group, flag); | |
569 | } | |
9dd84053 NL |
570 | |
571 | int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) | |
0f113f3e MC |
572 | { |
573 | if (key->group == NULL) | |
574 | return 0; | |
575 | return EC_GROUP_precompute_mult(key->group, ctx); | |
576 | } | |
cac4fb58 DSH |
577 | |
578 | int EC_KEY_get_flags(const EC_KEY *key) | |
0f113f3e MC |
579 | { |
580 | return key->flags; | |
581 | } | |
cac4fb58 DSH |
582 | |
583 | void EC_KEY_set_flags(EC_KEY *key, int flags) | |
0f113f3e MC |
584 | { |
585 | key->flags |= flags; | |
586 | } | |
cac4fb58 DSH |
587 | |
588 | void EC_KEY_clear_flags(EC_KEY *key, int flags) | |
0f113f3e MC |
589 | { |
590 | key->flags &= ~flags; | |
591 | } | |
981bd8a2 DSH |
592 | |
593 | size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, | |
594 | unsigned char **pbuf, BN_CTX *ctx) | |
595 | { | |
596 | if (key == NULL || key->pub_key == NULL || key->group == NULL) | |
597 | return 0; | |
598 | return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx); | |
599 | } | |
600 | ||
601 | int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, | |
602 | BN_CTX *ctx) | |
603 | { | |
604 | if (key == NULL || key->group == NULL) | |
605 | return 0; | |
606 | if (key->pub_key == NULL) | |
607 | key->pub_key = EC_POINT_new(key->group); | |
608 | if (key->pub_key == NULL) | |
609 | return 0; | |
6ea04154 DSH |
610 | if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) |
611 | return 0; | |
612 | /* | |
613 | * Save the point conversion form. | |
614 | * For non-custom curves the first octet of the buffer (excluding | |
615 | * the last significant bit) contains the point conversion form. | |
616 | * EC_POINT_oct2point() has already performed sanity checking of | |
617 | * the buffer so we know it is valid. | |
618 | */ | |
619 | if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) | |
620 | key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01); | |
621 | return 1; | |
981bd8a2 | 622 | } |
cf241395 | 623 | |
700b8145 | 624 | size_t EC_KEY_priv2oct(const EC_KEY *eckey, |
25d57dc7 | 625 | unsigned char *buf, size_t len) |
cf241395 | 626 | { |
cf241395 DSH |
627 | if (eckey->group == NULL || eckey->group->meth == NULL) |
628 | return 0; | |
77470e98 DSH |
629 | if (eckey->group->meth->priv2oct == NULL) { |
630 | ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
631 | return 0; | |
632 | } | |
633 | ||
634 | return eckey->group->meth->priv2oct(eckey, buf, len); | |
635 | } | |
636 | ||
637 | size_t ec_key_simple_priv2oct(const EC_KEY *eckey, | |
638 | unsigned char *buf, size_t len) | |
639 | { | |
640 | size_t buf_len; | |
cf241395 | 641 | |
fe56d8e8 | 642 | buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8; |
cf241395 DSH |
643 | if (eckey->priv_key == NULL) |
644 | return 0; | |
645 | if (buf == NULL) | |
646 | return buf_len; | |
647 | else if (len < buf_len) | |
648 | return 0; | |
649 | ||
cf241395 DSH |
650 | /* Octetstring may need leading zeros if BN is to short */ |
651 | ||
907e9500 | 652 | if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) { |
77470e98 | 653 | ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL); |
cf241395 DSH |
654 | return 0; |
655 | } | |
656 | ||
cf241395 DSH |
657 | return buf_len; |
658 | } | |
659 | ||
25d57dc7 | 660 | int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) |
cf241395 DSH |
661 | { |
662 | if (eckey->group == NULL || eckey->group->meth == NULL) | |
663 | return 0; | |
77470e98 DSH |
664 | if (eckey->group->meth->oct2priv == NULL) { |
665 | ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |
666 | return 0; | |
667 | } | |
668 | return eckey->group->meth->oct2priv(eckey, buf, len); | |
669 | } | |
cf241395 | 670 | |
25d57dc7 | 671 | int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) |
77470e98 | 672 | { |
cf241395 DSH |
673 | if (eckey->priv_key == NULL) |
674 | eckey->priv_key = BN_secure_new(); | |
675 | if (eckey->priv_key == NULL) { | |
77470e98 | 676 | ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE); |
cf241395 DSH |
677 | return 0; |
678 | } | |
679 | eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); | |
680 | if (eckey->priv_key == NULL) { | |
77470e98 | 681 | ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); |
cf241395 DSH |
682 | return 0; |
683 | } | |
684 | return 1; | |
685 | } | |
7fc7d1a7 DSH |
686 | |
687 | size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf) | |
688 | { | |
689 | size_t len; | |
690 | unsigned char *buf; | |
cdb10bae | 691 | |
7fc7d1a7 | 692 | len = EC_KEY_priv2oct(eckey, NULL, 0); |
afcee950 RS |
693 | if (len == 0) |
694 | return 0; | |
cdb10bae RS |
695 | if ((buf = OPENSSL_malloc(len)) == NULL) { |
696 | ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE); | |
7fc7d1a7 | 697 | return 0; |
cdb10bae | 698 | } |
7fc7d1a7 DSH |
699 | len = EC_KEY_priv2oct(eckey, buf, len); |
700 | if (len == 0) { | |
701 | OPENSSL_free(buf); | |
702 | return 0; | |
703 | } | |
704 | *pbuf = buf; | |
705 | return len; | |
706 | } | |
4b0555ec DSH |
707 | |
708 | int EC_KEY_can_sign(const EC_KEY *eckey) | |
709 | { | |
710 | if (eckey->group == NULL || eckey->group->meth == NULL | |
711 | || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN)) | |
712 | return 0; | |
713 | return 1; | |
714 | } |