GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/ec/ec_asn1.c Lines: 314 591 53.1 %
Date: 2017-11-07 Branches: 212 442 48.0 %

Line Branch Exec Source
1
/* $OpenBSD: ec_asn1.c,v 1.24 2017/05/26 16:32:14 jsing Exp $ */
2
/*
3
 * Written by Nils Larsch for the OpenSSL project.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <string.h>
60
61
#include <openssl/opensslconf.h>
62
63
#include "ec_lcl.h"
64
#include <openssl/err.h>
65
#include <openssl/asn1t.h>
66
#include <openssl/objects.h>
67
68
int
69
EC_GROUP_get_basis_type(const EC_GROUP * group)
70
{
71
	int i = 0;
72
73
1176
	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
74
	    NID_X9_62_characteristic_two_field)
75
		/* everything else is currently not supported */
76
		return 0;
77
78
4004
	while (group->poly[i] != 0)
79
1708
		i++;
80
81
588
	if (i == 4)
82
266
		return NID_X9_62_ppBasis;
83
322
	else if (i == 2)
84
322
		return NID_X9_62_tpBasis;
85
	else
86
		/* everything else is currently not supported */
87
		return 0;
88
588
}
89
#ifndef OPENSSL_NO_EC2M
90
int
91
EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k)
92
{
93
552
	if (group == NULL)
94
		return 0;
95
96
552
	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
97
	    NID_X9_62_characteristic_two_field
98

1104
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
99
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
100
		return 0;
101
	}
102
276
	if (k)
103
276
		*k = group->poly[1];
104
105
276
	return 1;
106
276
}
107
int
108
EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
109
    unsigned int *k2, unsigned int *k3)
110
{
111
456
	if (group == NULL)
112
		return 0;
113
114
456
	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
115
	    NID_X9_62_characteristic_two_field
116


1368
	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
117
		ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
118
		return 0;
119
	}
120
228
	if (k1)
121
228
		*k1 = group->poly[3];
122
228
	if (k2)
123
228
		*k2 = group->poly[2];
124
228
	if (k3)
125
228
		*k3 = group->poly[1];
126
127
228
	return 1;
128
228
}
129
#endif
130
131
132
/* some structures needed for the asn1 encoding */
133
typedef struct x9_62_pentanomial_st {
134
	long k1;
135
	long k2;
136
	long k3;
137
} X9_62_PENTANOMIAL;
138
139
typedef struct x9_62_characteristic_two_st {
140
	long m;
141
	ASN1_OBJECT *type;
142
	union {
143
		char *ptr;
144
		/* NID_X9_62_onBasis */
145
		ASN1_NULL *onBasis;
146
		/* NID_X9_62_tpBasis */
147
		ASN1_INTEGER *tpBasis;
148
		/* NID_X9_62_ppBasis */
149
		X9_62_PENTANOMIAL *ppBasis;
150
		/* anything else */
151
		ASN1_TYPE *other;
152
	} p;
153
} X9_62_CHARACTERISTIC_TWO;
154
155
typedef struct x9_62_fieldid_st {
156
	ASN1_OBJECT *fieldType;
157
	union {
158
		char *ptr;
159
		/* NID_X9_62_prime_field */
160
		ASN1_INTEGER *prime;
161
		/* NID_X9_62_characteristic_two_field */
162
		X9_62_CHARACTERISTIC_TWO *char_two;
163
		/* anything else */
164
		ASN1_TYPE *other;
165
	} p;
166
} X9_62_FIELDID;
167
168
typedef struct x9_62_curve_st {
169
	ASN1_OCTET_STRING *a;
170
	ASN1_OCTET_STRING *b;
171
	ASN1_BIT_STRING *seed;
172
} X9_62_CURVE;
173
174
typedef struct ec_parameters_st {
175
	long version;
176
	X9_62_FIELDID *fieldID;
177
	X9_62_CURVE *curve;
178
	ASN1_OCTET_STRING *base;
179
	ASN1_INTEGER *order;
180
	ASN1_INTEGER *cofactor;
181
} ECPARAMETERS;
182
183
struct ecpk_parameters_st {
184
	int type;
185
	union {
186
		ASN1_OBJECT *named_curve;
187
		ECPARAMETERS *parameters;
188
		ASN1_NULL *implicitlyCA;
189
	} value;
190
} /* ECPKPARAMETERS */ ;
191
192
/* SEC1 ECPrivateKey */
193
typedef struct ec_privatekey_st {
194
	long version;
195
	ASN1_OCTET_STRING *privateKey;
196
	ECPKPARAMETERS *parameters;
197
	ASN1_BIT_STRING *publicKey;
198
} EC_PRIVATEKEY;
199
200
/* the OpenSSL ASN.1 definitions */
201
static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = {
202
	{
203
		.flags = 0,
204
		.tag = 0,
205
		.offset = offsetof(X9_62_PENTANOMIAL, k1),
206
		.field_name = "k1",
207
		.item = &LONG_it,
208
	},
209
	{
210
		.flags = 0,
211
		.tag = 0,
212
		.offset = offsetof(X9_62_PENTANOMIAL, k2),
213
		.field_name = "k2",
214
		.item = &LONG_it,
215
	},
216
	{
217
		.flags = 0,
218
		.tag = 0,
219
		.offset = offsetof(X9_62_PENTANOMIAL, k3),
220
		.field_name = "k3",
221
		.item = &LONG_it,
222
	},
223
};
224
225
const ASN1_ITEM X9_62_PENTANOMIAL_it = {
226
	.itype = ASN1_ITYPE_SEQUENCE,
227
	.utype = V_ASN1_SEQUENCE,
228
	.templates = X9_62_PENTANOMIAL_seq_tt,
229
	.tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE),
230
	.funcs = NULL,
231
	.size = sizeof(X9_62_PENTANOMIAL),
232
	.sname = "X9_62_PENTANOMIAL",
233
};
234
235
X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void);
236
void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a);
237
238
X9_62_PENTANOMIAL *
239
X9_62_PENTANOMIAL_new(void)
240
{
241
456
	return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it);
242
}
243
244
void
245
X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a)
246
{
247
	ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it);
248
}
249
250
static const ASN1_TEMPLATE char_two_def_tt = {
251
	.flags = 0,
252
	.tag = 0,
253
	.offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other),
254
	.field_name = "p.other",
255
	.item = &ASN1_ANY_it,
256
};
257
258
static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = {
259
	{
260
		.value = NID_X9_62_onBasis,
261
		.tt = {
262
			.flags = 0,
263
			.tag = 0,
264
			.offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis),
265
			.field_name = "p.onBasis",
266
			.item = &ASN1_NULL_it,
267
		},
268
269
	},
270
	{
271
		.value = NID_X9_62_tpBasis,
272
		.tt = {
273
			.flags = 0,
274
			.tag = 0,
275
			.offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis),
276
			.field_name = "p.tpBasis",
277
			.item = &ASN1_INTEGER_it,
278
		},
279
280
	},
281
	{
282
		.value = NID_X9_62_ppBasis,
283
		.tt = {
284
			.flags = 0,
285
			.tag = 0,
286
			.offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis),
287
			.field_name = "p.ppBasis",
288
			.item = &X9_62_PENTANOMIAL_it,
289
		},
290
291
	},
292
};
293
294
static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = {
295
	.flags = 0,
296
	.offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
297
	.app_items = 0,
298
	.tbl = X9_62_CHARACTERISTIC_TWO_adbtbl,
299
	.tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE),
300
	.default_tt = &char_two_def_tt,
301
	.null_tt = NULL,
302
};
303
304
static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = {
305
	{
306
		.flags = 0,
307
		.tag = 0,
308
		.offset = offsetof(X9_62_CHARACTERISTIC_TWO, m),
309
		.field_name = "m",
310
		.item = &LONG_it,
311
	},
312
	{
313
		.flags = 0,
314
		.tag = 0,
315
		.offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
316
		.field_name = "type",
317
		.item = &ASN1_OBJECT_it,
318
	},
319
	{
320
		.flags = ASN1_TFLG_ADB_OID,
321
		.tag = -1,
322
		.offset = 0,
323
		.field_name = "X9_62_CHARACTERISTIC_TWO",
324
		.item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb,
325
	},
326
};
327
328
const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = {
329
	.itype = ASN1_ITYPE_SEQUENCE,
330
	.utype = V_ASN1_SEQUENCE,
331
	.templates = X9_62_CHARACTERISTIC_TWO_seq_tt,
332
	.tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE),
333
	.funcs = NULL,
334
	.size = sizeof(X9_62_CHARACTERISTIC_TWO),
335
	.sname = "X9_62_CHARACTERISTIC_TWO",
336
};
337
X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void);
338
void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a);
339
340
X9_62_CHARACTERISTIC_TWO *
341
X9_62_CHARACTERISTIC_TWO_new(void)
342
{
343
1008
	return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it);
344
}
345
346
void
347
X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a)
348
{
349
	ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it);
350
}
351
static const ASN1_TEMPLATE fieldID_def_tt = {
352
	.flags = 0,
353
	.tag = 0,
354
	.offset = offsetof(X9_62_FIELDID, p.other),
355
	.field_name = "p.other",
356
	.item = &ASN1_ANY_it,
357
};
358
359
static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = {
360
	{
361
		.value = NID_X9_62_prime_field,
362
		.tt = {
363
			.flags = 0,
364
			.tag = 0,
365
			.offset = offsetof(X9_62_FIELDID, p.prime),
366
			.field_name = "p.prime",
367
			.item = &ASN1_INTEGER_it,
368
		},
369
370
	},
371
	{
372
		.value = NID_X9_62_characteristic_two_field,
373
		.tt = {
374
			.flags = 0,
375
			.tag = 0,
376
			.offset = offsetof(X9_62_FIELDID, p.char_two),
377
			.field_name = "p.char_two",
378
			.item = &X9_62_CHARACTERISTIC_TWO_it,
379
		},
380
381
	},
382
};
383
384
static const ASN1_ADB X9_62_FIELDID_adb = {
385
	.flags = 0,
386
	.offset = offsetof(X9_62_FIELDID, fieldType),
387
	.app_items = 0,
388
	.tbl = X9_62_FIELDID_adbtbl,
389
	.tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE),
390
	.default_tt = &fieldID_def_tt,
391
	.null_tt = NULL,
392
};
393
394
static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = {
395
	{
396
		.flags = 0,
397
		.tag = 0,
398
		.offset = offsetof(X9_62_FIELDID, fieldType),
399
		.field_name = "fieldType",
400
		.item = &ASN1_OBJECT_it,
401
	},
402
	{
403
		.flags = ASN1_TFLG_ADB_OID,
404
		.tag = -1,
405
		.offset = 0,
406
		.field_name = "X9_62_FIELDID",
407
		.item = (const ASN1_ITEM *)&X9_62_FIELDID_adb,
408
	},
409
};
410
411
const ASN1_ITEM X9_62_FIELDID_it = {
412
	.itype = ASN1_ITYPE_SEQUENCE,
413
	.utype = V_ASN1_SEQUENCE,
414
	.templates = X9_62_FIELDID_seq_tt,
415
	.tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE),
416
	.funcs = NULL,
417
	.size = sizeof(X9_62_FIELDID),
418
	.sname = "X9_62_FIELDID",
419
};
420
421
static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = {
422
	{
423
		.flags = 0,
424
		.tag = 0,
425
		.offset = offsetof(X9_62_CURVE, a),
426
		.field_name = "a",
427
		.item = &ASN1_OCTET_STRING_it,
428
	},
429
	{
430
		.flags = 0,
431
		.tag = 0,
432
		.offset = offsetof(X9_62_CURVE, b),
433
		.field_name = "b",
434
		.item = &ASN1_OCTET_STRING_it,
435
	},
436
	{
437
		.flags = ASN1_TFLG_OPTIONAL,
438
		.tag = 0,
439
		.offset = offsetof(X9_62_CURVE, seed),
440
		.field_name = "seed",
441
		.item = &ASN1_BIT_STRING_it,
442
	},
443
};
444
445
const ASN1_ITEM X9_62_CURVE_it = {
446
	.itype = ASN1_ITYPE_SEQUENCE,
447
	.utype = V_ASN1_SEQUENCE,
448
	.templates = X9_62_CURVE_seq_tt,
449
	.tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE),
450
	.funcs = NULL,
451
	.size = sizeof(X9_62_CURVE),
452
	.sname = "X9_62_CURVE",
453
};
454
455
static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = {
456
	{
457
		.flags = 0,
458
		.tag = 0,
459
		.offset = offsetof(ECPARAMETERS, version),
460
		.field_name = "version",
461
		.item = &LONG_it,
462
	},
463
	{
464
		.flags = 0,
465
		.tag = 0,
466
		.offset = offsetof(ECPARAMETERS, fieldID),
467
		.field_name = "fieldID",
468
		.item = &X9_62_FIELDID_it,
469
	},
470
	{
471
		.flags = 0,
472
		.tag = 0,
473
		.offset = offsetof(ECPARAMETERS, curve),
474
		.field_name = "curve",
475
		.item = &X9_62_CURVE_it,
476
	},
477
	{
478
		.flags = 0,
479
		.tag = 0,
480
		.offset = offsetof(ECPARAMETERS, base),
481
		.field_name = "base",
482
		.item = &ASN1_OCTET_STRING_it,
483
	},
484
	{
485
		.flags = 0,
486
		.tag = 0,
487
		.offset = offsetof(ECPARAMETERS, order),
488
		.field_name = "order",
489
		.item = &ASN1_INTEGER_it,
490
	},
491
	{
492
		.flags = ASN1_TFLG_OPTIONAL,
493
		.tag = 0,
494
		.offset = offsetof(ECPARAMETERS, cofactor),
495
		.field_name = "cofactor",
496
		.item = &ASN1_INTEGER_it,
497
	},
498
};
499
500
const ASN1_ITEM ECPARAMETERS_it = {
501
	.itype = ASN1_ITYPE_SEQUENCE,
502
	.utype = V_ASN1_SEQUENCE,
503
	.templates = ECPARAMETERS_seq_tt,
504
	.tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE),
505
	.funcs = NULL,
506
	.size = sizeof(ECPARAMETERS),
507
	.sname = "ECPARAMETERS",
508
};
509
ECPARAMETERS *ECPARAMETERS_new(void);
510
void ECPARAMETERS_free(ECPARAMETERS *a);
511
512
ECPARAMETERS *
513
ECPARAMETERS_new(void)
514
{
515
2184
	return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it);
516
}
517
518
void
519
ECPARAMETERS_free(ECPARAMETERS *a)
520
{
521
	ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it);
522
}
523
524
static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = {
525
	{
526
		.flags = 0,
527
		.tag = 0,
528
		.offset = offsetof(ECPKPARAMETERS, value.named_curve),
529
		.field_name = "value.named_curve",
530
		.item = &ASN1_OBJECT_it,
531
	},
532
	{
533
		.flags = 0,
534
		.tag = 0,
535
		.offset = offsetof(ECPKPARAMETERS, value.parameters),
536
		.field_name = "value.parameters",
537
		.item = &ECPARAMETERS_it,
538
	},
539
	{
540
		.flags = 0,
541
		.tag = 0,
542
		.offset = offsetof(ECPKPARAMETERS, value.implicitlyCA),
543
		.field_name = "value.implicitlyCA",
544
		.item = &ASN1_NULL_it,
545
	},
546
};
547
548
const ASN1_ITEM ECPKPARAMETERS_it = {
549
	.itype = ASN1_ITYPE_CHOICE,
550
	.utype = offsetof(ECPKPARAMETERS, type),
551
	.templates = ECPKPARAMETERS_ch_tt,
552
	.tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE),
553
	.funcs = NULL,
554
	.size = sizeof(ECPKPARAMETERS),
555
	.sname = "ECPKPARAMETERS",
556
};
557
558
ECPKPARAMETERS *ECPKPARAMETERS_new(void);
559
void ECPKPARAMETERS_free(ECPKPARAMETERS *a);
560
ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len);
561
int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out);
562
563
ECPKPARAMETERS *
564
d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len)
565
{
566
12
	return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
567
	    &ECPKPARAMETERS_it);
568
}
569
570
int
571
i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out)
572
{
573
744
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it);
574
}
575
576
ECPKPARAMETERS *
577
ECPKPARAMETERS_new(void)
578
{
579
2188
	return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it);
580
}
581
582
void
583
ECPKPARAMETERS_free(ECPKPARAMETERS *a)
584
{
585
756
	ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it);
586
378
}
587
588
static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = {
589
	{
590
		.flags = 0,
591
		.tag = 0,
592
		.offset = offsetof(EC_PRIVATEKEY, version),
593
		.field_name = "version",
594
		.item = &LONG_it,
595
	},
596
	{
597
		.flags = 0,
598
		.tag = 0,
599
		.offset = offsetof(EC_PRIVATEKEY, privateKey),
600
		.field_name = "privateKey",
601
		.item = &ASN1_OCTET_STRING_it,
602
	},
603
	{
604
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
605
		.tag = 0,
606
		.offset = offsetof(EC_PRIVATEKEY, parameters),
607
		.field_name = "parameters",
608
		.item = &ECPKPARAMETERS_it,
609
	},
610
	{
611
		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
612
		.tag = 1,
613
		.offset = offsetof(EC_PRIVATEKEY, publicKey),
614
		.field_name = "publicKey",
615
		.item = &ASN1_BIT_STRING_it,
616
	},
617
};
618
619
const ASN1_ITEM EC_PRIVATEKEY_it = {
620
	.itype = ASN1_ITYPE_SEQUENCE,
621
	.utype = V_ASN1_SEQUENCE,
622
	.templates = EC_PRIVATEKEY_seq_tt,
623
	.tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
624
	.funcs = NULL,
625
	.size = sizeof(EC_PRIVATEKEY),
626
	.sname = "EC_PRIVATEKEY",
627
};
628
629
EC_PRIVATEKEY *EC_PRIVATEKEY_new(void);
630
void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a);
631
EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len);
632
int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out);
633
634
EC_PRIVATEKEY *
635
d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len)
636
{
637
364
	return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
638
	    &EC_PRIVATEKEY_it);
639
}
640
641
int
642
i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out)
643
{
644
1460
	return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it);
645
}
646
647
EC_PRIVATEKEY *
648
EC_PRIVATEKEY_new(void)
649
{
650
1824
	return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it);
651
}
652
653
void
654
EC_PRIVATEKEY_free(EC_PRIVATEKEY *a)
655
{
656
1824
	ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it);
657
912
}
658
/* some declarations of internal function */
659
660
/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
661
static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
662
/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
663
static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
664
/* ec_asn1_parameters2group() creates a EC_GROUP object from a
665
 * ECPARAMETERS object */
666
static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
667
/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
668
 * EC_GROUP object */
669
static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *);
670
/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
671
 * ECPKPARAMETERS object */
672
static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
673
/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
674
 * EC_GROUP object */
675
static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
676
    ECPKPARAMETERS *);
677
678
679
/* the function definitions */
680
681
static int
682
ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
683
{
684
	int ok = 0, nid;
685
	BIGNUM *tmp = NULL;
686
687
2184
	if (group == NULL || field == NULL)
688
		return 0;
689
690
	/* clear the old values (if necessary) */
691
1092
	if (field->fieldType != NULL)
692
		ASN1_OBJECT_free(field->fieldType);
693
1092
	if (field->p.other != NULL)
694
		ASN1_TYPE_free(field->p.other);
695
696
1092
	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
697
	/* set OID for the field */
698
1092
	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
699
		ECerror(ERR_R_OBJ_LIB);
700
		goto err;
701
	}
702
1092
	if (nid == NID_X9_62_prime_field) {
703
588
		if ((tmp = BN_new()) == NULL) {
704
			ECerror(ERR_R_MALLOC_FAILURE);
705
			goto err;
706
		}
707
		/* the parameters are specified by the prime number p */
708
588
		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
709
			ECerror(ERR_R_EC_LIB);
710
			goto err;
711
		}
712
		/* set the prime number */
713
588
		field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
714
588
		if (field->p.prime == NULL) {
715
			ECerror(ERR_R_ASN1_LIB);
716
			goto err;
717
		}
718
	} else			/* nid == NID_X9_62_characteristic_two_field */
719
#ifdef OPENSSL_NO_EC2M
720
	{
721
		ECerror(EC_R_GF2M_NOT_SUPPORTED);
722
		goto err;
723
	}
724
#else
725
	{
726
		int field_type;
727
		X9_62_CHARACTERISTIC_TWO *char_two;
728
729
504
		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
730
		char_two = field->p.char_two;
731
732
504
		if (char_two == NULL) {
733
			ECerror(ERR_R_MALLOC_FAILURE);
734
			goto err;
735
		}
736
504
		char_two->m = (long) EC_GROUP_get_degree(group);
737
738
504
		field_type = EC_GROUP_get_basis_type(group);
739
740
504
		if (field_type == 0) {
741
			ECerror(ERR_R_EC_LIB);
742
			goto err;
743
		}
744
		/* set base type OID */
745
504
		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
746
			ECerror(ERR_R_OBJ_LIB);
747
			goto err;
748
		}
749
504
		if (field_type == NID_X9_62_tpBasis) {
750
276
			unsigned int k;
751
752
276
			if (!EC_GROUP_get_trinomial_basis(group, &k))
753
				goto err;
754
755
276
			char_two->p.tpBasis = ASN1_INTEGER_new();
756
276
			if (!char_two->p.tpBasis) {
757
				ECerror(ERR_R_MALLOC_FAILURE);
758
				goto err;
759
			}
760
276
			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
761
				ECerror(ERR_R_ASN1_LIB);
762
				goto err;
763
			}
764

780
		} else if (field_type == NID_X9_62_ppBasis) {
765
228
			unsigned int k1, k2, k3;
766
767
228
			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
768
				goto err;
769
770
228
			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
771
228
			if (!char_two->p.ppBasis) {
772
				ECerror(ERR_R_MALLOC_FAILURE);
773
				goto err;
774
			}
775
			/* set k? values */
776
228
			char_two->p.ppBasis->k1 = (long) k1;
777
228
			char_two->p.ppBasis->k2 = (long) k2;
778
228
			char_two->p.ppBasis->k3 = (long) k3;
779
456
		} else {	/* field_type == NID_X9_62_onBasis */
780
			/* for ONB the parameters are (asn1) NULL */
781
			char_two->p.onBasis = ASN1_NULL_new();
782
			if (!char_two->p.onBasis) {
783
				ECerror(ERR_R_MALLOC_FAILURE);
784
				goto err;
785
			}
786
		}
787
504
	}
788
#endif
789
790
1092
	ok = 1;
791
792
err:
793
1092
	BN_free(tmp);
794
1092
	return (ok);
795
1092
}
796
797
static int
798
ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
799
{
800
	int ok = 0, nid;
801
	BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
802
	unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL,
803
	*b_buf = NULL;
804
	size_t len_1, len_2;
805
2184
	unsigned char char_zero = 0;
806
807

3276
	if (!group || !curve || !curve->a || !curve->b)
808
		return 0;
809
810

2184
	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
811
		ECerror(ERR_R_MALLOC_FAILURE);
812
		goto err;
813
	}
814
1092
	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
815
816
	/* get a and b */
817
1092
	if (nid == NID_X9_62_prime_field) {
818
588
		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
819
			ECerror(ERR_R_EC_LIB);
820
			goto err;
821
		}
822
	}
823
#ifndef OPENSSL_NO_EC2M
824
	else {			/* nid == NID_X9_62_characteristic_two_field */
825
504
		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
826
			ECerror(ERR_R_EC_LIB);
827
			goto err;
828
		}
829
	}
830
#endif
831
1092
	len_1 = (size_t) BN_num_bytes(tmp_1);
832
1092
	len_2 = (size_t) BN_num_bytes(tmp_2);
833
834
1092
	if (len_1 == 0) {
835
		/* len_1 == 0 => a == 0 */
836
		a_buf = &char_zero;
837
		len_1 = 1;
838
180
	} else {
839
912
		if ((buffer_1 = malloc(len_1)) == NULL) {
840
			ECerror(ERR_R_MALLOC_FAILURE);
841
			goto err;
842
		}
843
912
		if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
844
			ECerror(ERR_R_BN_LIB);
845
			goto err;
846
		}
847
		a_buf = buffer_1;
848
	}
849
850
1092
	if (len_2 == 0) {
851
		/* len_2 == 0 => b == 0 */
852
		b_buf = &char_zero;
853
		len_2 = 1;
854
	} else {
855
1092
		if ((buffer_2 = malloc(len_2)) == NULL) {
856
			ECerror(ERR_R_MALLOC_FAILURE);
857
			goto err;
858
		}
859
1092
		if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
860
			ECerror(ERR_R_BN_LIB);
861
			goto err;
862
		}
863
		b_buf = buffer_2;
864
	}
865
866
	/* set a and b */
867

2184
	if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
868
1092
	    !ASN1_STRING_set(curve->b, b_buf, len_2)) {
869
		ECerror(ERR_R_ASN1_LIB);
870
		goto err;
871
	}
872
	/* set the seed (optional) */
873
1092
	if (group->seed) {
874
504
		if (!curve->seed)
875
504
			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
876
				ECerror(ERR_R_MALLOC_FAILURE);
877
				goto err;
878
			}
879
504
		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
880
504
		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
881
1008
		if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
882
504
			(int) group->seed_len)) {
883
			ECerror(ERR_R_ASN1_LIB);
884
			goto err;
885
		}
886
	} else {
887
588
		if (curve->seed) {
888
			ASN1_BIT_STRING_free(curve->seed);
889
			curve->seed = NULL;
890
		}
891
	}
892
893
1092
	ok = 1;
894
895
err:
896
1092
	free(buffer_1);
897
1092
	free(buffer_2);
898
1092
	BN_free(tmp_1);
899
1092
	BN_free(tmp_2);
900
1092
	return (ok);
901
1092
}
902
903
static ECPARAMETERS *
904
ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
905
{
906
	int ok = 0;
907
	size_t len = 0;
908
	ECPARAMETERS *ret = NULL;
909
	BIGNUM *tmp = NULL;
910
	unsigned char *buffer = NULL;
911
	const EC_POINT *point = NULL;
912
	point_conversion_form_t form;
913
914
2184
	if ((tmp = BN_new()) == NULL) {
915
		ECerror(ERR_R_MALLOC_FAILURE);
916
		goto err;
917
	}
918
1092
	if (param == NULL) {
919
1092
		if ((ret = ECPARAMETERS_new()) == NULL) {
920
			ECerror(ERR_R_MALLOC_FAILURE);
921
			goto err;
922
		}
923
	} else
924
		ret = param;
925
926
	/* set the version (always one) */
927
1092
	ret->version = (long) 0x1;
928
929
	/* set the fieldID */
930
1092
	if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
931
		ECerror(ERR_R_EC_LIB);
932
		goto err;
933
	}
934
	/* set the curve */
935
1092
	if (!ec_asn1_group2curve(group, ret->curve)) {
936
		ECerror(ERR_R_EC_LIB);
937
		goto err;
938
	}
939
	/* set the base point */
940
1092
	if ((point = EC_GROUP_get0_generator(group)) == NULL) {
941
		ECerror(EC_R_UNDEFINED_GENERATOR);
942
		goto err;
943
	}
944
1092
	form = EC_GROUP_get_point_conversion_form(group);
945
946
1092
	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
947
1092
	if (len == 0) {
948
		ECerror(ERR_R_EC_LIB);
949
		goto err;
950
	}
951
1092
	if ((buffer = malloc(len)) == NULL) {
952
		ECerror(ERR_R_MALLOC_FAILURE);
953
		goto err;
954
	}
955
1092
	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
956
		ECerror(ERR_R_EC_LIB);
957
		goto err;
958
	}
959

1092
	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
960
		ECerror(ERR_R_MALLOC_FAILURE);
961
		goto err;
962
	}
963
1092
	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
964
		ECerror(ERR_R_ASN1_LIB);
965
		goto err;
966
	}
967
	/* set the order */
968
1092
	if (!EC_GROUP_get_order(group, tmp, NULL)) {
969
		ECerror(ERR_R_EC_LIB);
970
		goto err;
971
	}
972
1092
	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
973
1092
	if (ret->order == NULL) {
974
		ECerror(ERR_R_ASN1_LIB);
975
		goto err;
976
	}
977
	/* set the cofactor (optional) */
978
1092
	if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
979
1092
		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
980
1092
		if (ret->cofactor == NULL) {
981
			ECerror(ERR_R_ASN1_LIB);
982
			goto err;
983
		}
984
	}
985
1092
	ok = 1;
986
987
1092
err:	if (!ok) {
988
		if (ret && !param)
989
			ECPARAMETERS_free(ret);
990
		ret = NULL;
991
	}
992
1092
	BN_free(tmp);
993
1092
	free(buffer);
994
1092
	return (ret);
995
}
996
997
ECPKPARAMETERS *
998
ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
999
{
1000
	int ok = 1, tmp;
1001
	ECPKPARAMETERS *ret = params;
1002
1003
2188
	if (ret == NULL) {
1004
1094
		if ((ret = ECPKPARAMETERS_new()) == NULL) {
1005
			ECerror(ERR_R_MALLOC_FAILURE);
1006
			return NULL;
1007
		}
1008
	} else {
1009
		if (ret->type == 0 && ret->value.named_curve)
1010
			ASN1_OBJECT_free(ret->value.named_curve);
1011
		else if (ret->type == 1 && ret->value.parameters)
1012
			ECPARAMETERS_free(ret->value.parameters);
1013
	}
1014
1015
1094
	if (EC_GROUP_get_asn1_flag(group)) {
1016
		/*
1017
		 * use the asn1 OID to describe the elliptic curve
1018
		 * parameters
1019
		 */
1020
2
		tmp = EC_GROUP_get_curve_name(group);
1021
2
		if (tmp) {
1022
2
			ret->type = 0;
1023
2
			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
1024
				ok = 0;
1025
		} else
1026
			/* we don't kmow the nid => ERROR */
1027
			ok = 0;
1028
	} else {
1029
		/* use the ECPARAMETERS structure */
1030
1092
		ret->type = 1;
1031
2184
		if ((ret->value.parameters = ec_asn1_group2parameters(
1032
1092
			    group, NULL)) == NULL)
1033
			ok = 0;
1034
	}
1035
1036
1094
	if (!ok) {
1037
		ECPKPARAMETERS_free(ret);
1038
		return NULL;
1039
	}
1040
1094
	return ret;
1041
1094
}
1042
1043
static EC_GROUP *
1044
ec_asn1_parameters2group(const ECPARAMETERS * params)
1045
{
1046
	int ok = 0, tmp;
1047
	EC_GROUP *ret = NULL;
1048
	BIGNUM *p = NULL, *a = NULL, *b = NULL;
1049
	EC_POINT *point = NULL;
1050
	long field_bits;
1051
1052

744
	if (!params->fieldID || !params->fieldID->fieldType ||
1053
186
	    !params->fieldID->p.ptr) {
1054
		ECerror(EC_R_ASN1_ERROR);
1055
		goto err;
1056
	}
1057
	/* now extract the curve parameters a and b */
1058

558
	if (!params->curve || !params->curve->a ||
1059

372
	    !params->curve->a->data || !params->curve->b ||
1060
186
	    !params->curve->b->data) {
1061
		ECerror(EC_R_ASN1_ERROR);
1062
		goto err;
1063
	}
1064
186
	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
1065
186
	if (a == NULL) {
1066
		ECerror(ERR_R_BN_LIB);
1067
		goto err;
1068
	}
1069
186
	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
1070
186
	if (b == NULL) {
1071
		ECerror(ERR_R_BN_LIB);
1072
		goto err;
1073
	}
1074
	/* get the field parameters */
1075
186
	tmp = OBJ_obj2nid(params->fieldID->fieldType);
1076
186
	if (tmp == NID_X9_62_characteristic_two_field)
1077
#ifdef OPENSSL_NO_EC2M
1078
	{
1079
		ECerror(EC_R_GF2M_NOT_SUPPORTED);
1080
		goto err;
1081
	}
1082
#else
1083
	{
1084
		X9_62_CHARACTERISTIC_TWO *char_two;
1085
1086
84
		char_two = params->fieldID->p.char_two;
1087
1088
84
		field_bits = char_two->m;
1089
84
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1090
			ECerror(EC_R_FIELD_TOO_LARGE);
1091
			goto err;
1092
		}
1093
84
		if ((p = BN_new()) == NULL) {
1094
			ECerror(ERR_R_MALLOC_FAILURE);
1095
			goto err;
1096
		}
1097
		/* get the base type */
1098
84
		tmp = OBJ_obj2nid(char_two->type);
1099
1100
84
		if (tmp == NID_X9_62_tpBasis) {
1101
			long tmp_long;
1102
1103
46
			if (!char_two->p.tpBasis) {
1104
				ECerror(EC_R_ASN1_ERROR);
1105
				goto err;
1106
			}
1107
46
			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
1108
1109
46
			if (!(char_two->m > tmp_long && tmp_long > 0)) {
1110
				ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
1111
				goto err;
1112
			}
1113
			/* create the polynomial */
1114
46
			if (!BN_set_bit(p, (int) char_two->m))
1115
				goto err;
1116
46
			if (!BN_set_bit(p, (int) tmp_long))
1117
				goto err;
1118
46
			if (!BN_set_bit(p, 0))
1119
				goto err;
1120

84
		} else if (tmp == NID_X9_62_ppBasis) {
1121
			X9_62_PENTANOMIAL *penta;
1122
1123
38
			penta = char_two->p.ppBasis;
1124
38
			if (!penta) {
1125
				ECerror(EC_R_ASN1_ERROR);
1126
				goto err;
1127
			}
1128


152
			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
1129
				ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
1130
				goto err;
1131
			}
1132
			/* create the polynomial */
1133
38
			if (!BN_set_bit(p, (int) char_two->m))
1134
				goto err;
1135
38
			if (!BN_set_bit(p, (int) penta->k1))
1136
				goto err;
1137
38
			if (!BN_set_bit(p, (int) penta->k2))
1138
				goto err;
1139
38
			if (!BN_set_bit(p, (int) penta->k3))
1140
				goto err;
1141
38
			if (!BN_set_bit(p, 0))
1142
				goto err;
1143

38
		} else if (tmp == NID_X9_62_onBasis) {
1144
			ECerror(EC_R_NOT_IMPLEMENTED);
1145
			goto err;
1146
		} else {	/* error */
1147
			ECerror(EC_R_ASN1_ERROR);
1148
			goto err;
1149
		}
1150
1151
		/* create the EC_GROUP structure */
1152
84
		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
1153
84
	}
1154
#endif
1155
102
	else if (tmp == NID_X9_62_prime_field) {
1156
		/* we have a curve over a prime field */
1157
		/* extract the prime number */
1158
102
		if (!params->fieldID->p.prime) {
1159
			ECerror(EC_R_ASN1_ERROR);
1160
			goto err;
1161
		}
1162
102
		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
1163
102
		if (p == NULL) {
1164
			ECerror(ERR_R_ASN1_LIB);
1165
			goto err;
1166
		}
1167

204
		if (BN_is_negative(p) || BN_is_zero(p)) {
1168
			ECerror(EC_R_INVALID_FIELD);
1169
			goto err;
1170
		}
1171
102
		field_bits = BN_num_bits(p);
1172
102
		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1173
			ECerror(EC_R_FIELD_TOO_LARGE);
1174
			goto err;
1175
		}
1176
		/* create the EC_GROUP structure */
1177
102
		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
1178
	} else {
1179
		ECerror(EC_R_INVALID_FIELD);
1180
		goto err;
1181
	}
1182
1183
186
	if (ret == NULL) {
1184
		ECerror(ERR_R_EC_LIB);
1185
		goto err;
1186
	}
1187
	/* extract seed (optional) */
1188
186
	if (params->curve->seed != NULL) {
1189
88
		free(ret->seed);
1190
88
		if (!(ret->seed = malloc(params->curve->seed->length))) {
1191
			ECerror(ERR_R_MALLOC_FAILURE);
1192
			goto err;
1193
		}
1194
176
		memcpy(ret->seed, params->curve->seed->data,
1195
88
		    params->curve->seed->length);
1196
88
		ret->seed_len = params->curve->seed->length;
1197
88
	}
1198

558
	if (!params->order || !params->base || !params->base->data) {
1199
		ECerror(EC_R_ASN1_ERROR);
1200
		goto err;
1201
	}
1202
186
	if ((point = EC_POINT_new(ret)) == NULL)
1203
		goto err;
1204
1205
	/* set the point conversion form */
1206
186
	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
1207
186
	    (params->base->data[0] & ~0x01));
1208
1209
	/* extract the ec point */
1210
372
	if (!EC_POINT_oct2point(ret, point, params->base->data,
1211
186
		params->base->length, NULL)) {
1212
		ECerror(ERR_R_EC_LIB);
1213
		goto err;
1214
	}
1215
	/* extract the order */
1216
186
	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
1217
		ECerror(ERR_R_ASN1_LIB);
1218
		goto err;
1219
	}
1220

372
	if (BN_is_negative(a) || BN_is_zero(a)) {
1221
		ECerror(EC_R_INVALID_GROUP_ORDER);
1222
		goto err;
1223
	}
1224
186
	if (BN_num_bits(a) > (int) field_bits + 1) {	/* Hasse bound */
1225
		ECerror(EC_R_INVALID_GROUP_ORDER);
1226
		goto err;
1227
	}
1228
	/* extract the cofactor (optional) */
1229
186
	if (params->cofactor == NULL) {
1230
		BN_free(b);
1231
		b = NULL;
1232
186
	} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
1233
		ECerror(ERR_R_ASN1_LIB);
1234
		goto err;
1235
	}
1236
	/* set the generator, order and cofactor (if present) */
1237
186
	if (!EC_GROUP_set_generator(ret, point, a, b)) {
1238
		ECerror(ERR_R_EC_LIB);
1239
		goto err;
1240
	}
1241
186
	ok = 1;
1242
1243
186
err:	if (!ok) {
1244
		EC_GROUP_clear_free(ret);
1245
		ret = NULL;
1246
	}
1247
186
	BN_free(p);
1248
186
	BN_free(a);
1249
186
	BN_free(b);
1250
186
	EC_POINT_free(point);
1251
186
	return (ret);
1252
186
}
1253
1254
EC_GROUP *
1255
ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
1256
{
1257
	EC_GROUP *ret = NULL;
1258
	int tmp = 0;
1259
1260
372
	if (params == NULL) {
1261
		ECerror(EC_R_MISSING_PARAMETERS);
1262
		return NULL;
1263
	}
1264
186
	if (params->type == 0) {/* the curve is given by an OID */
1265
		tmp = OBJ_obj2nid(params->value.named_curve);
1266
		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
1267
			ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1268
			return NULL;
1269
		}
1270
		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
1271
186
	} else if (params->type == 1) {	/* the parameters are given by a
1272
					 * ECPARAMETERS structure */
1273
186
		ret = ec_asn1_parameters2group(params->value.parameters);
1274
186
		if (!ret) {
1275
			ECerror(ERR_R_EC_LIB);
1276
			return NULL;
1277
		}
1278
186
		EC_GROUP_set_asn1_flag(ret, 0x0);
1279
	} else if (params->type == 2) {	/* implicitlyCA */
1280
		return NULL;
1281
	} else {
1282
		ECerror(EC_R_ASN1_ERROR);
1283
		return NULL;
1284
	}
1285
1286
186
	return ret;
1287
186
}
1288
1289
/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1290
1291
EC_GROUP *
1292
d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
1293
{
1294
	EC_GROUP *group = NULL;
1295
	ECPKPARAMETERS *params = NULL;
1296
1297
12
	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
1298
		ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
1299
		goto err;
1300
	}
1301
6
	if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
1302
		ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE);
1303
		goto err;
1304
	}
1305
1306
6
	if (a != NULL) {
1307
6
		EC_GROUP_clear_free(*a);
1308
6
		*a = group;
1309
6
	}
1310
1311
err:
1312
6
	ECPKPARAMETERS_free(params);
1313
6
	return (group);
1314
}
1315
1316
int
1317
i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
1318
{
1319
	int ret = 0;
1320
744
	ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1321
372
	if (tmp == NULL) {
1322
		ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE);
1323
		return 0;
1324
	}
1325
372
	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
1326
		ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE);
1327
		ECPKPARAMETERS_free(tmp);
1328
		return 0;
1329
	}
1330
372
	ECPKPARAMETERS_free(tmp);
1331
372
	return (ret);
1332
372
}
1333
1334
/* some EC_KEY functions */
1335
1336
EC_KEY *
1337
d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1338
{
1339
	EC_KEY *ret = NULL;
1340
364
	EC_PRIVATEKEY *priv_key = NULL;
1341
1342
182
	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1343
		ECerror(ERR_R_MALLOC_FAILURE);
1344
		return NULL;
1345
	}
1346
182
	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
1347
		ECerror(ERR_R_EC_LIB);
1348
		EC_PRIVATEKEY_free(priv_key);
1349
		return NULL;
1350
	}
1351

184
	if (a == NULL || *a == NULL) {
1352
180
		if ((ret = EC_KEY_new()) == NULL) {
1353
			ECerror(ERR_R_MALLOC_FAILURE);
1354
			goto err;
1355
		}
1356
	} else
1357
		ret = *a;
1358
1359
182
	if (priv_key->parameters) {
1360
180
		EC_GROUP_clear_free(ret->group);
1361
180
		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1362
180
	}
1363
182
	if (ret->group == NULL) {
1364
		ECerror(ERR_R_EC_LIB);
1365
		goto err;
1366
	}
1367
182
	ret->version = priv_key->version;
1368
1369
182
	if (priv_key->privateKey) {
1370
182
		ret->priv_key = BN_bin2bn(
1371
182
		    ASN1_STRING_data(priv_key->privateKey),
1372
182
		    ASN1_STRING_length(priv_key->privateKey),
1373
182
		    ret->priv_key);
1374
182
		if (ret->priv_key == NULL) {
1375
			ECerror(ERR_R_BN_LIB);
1376
			goto err;
1377
		}
1378
	} else {
1379
		ECerror(EC_R_MISSING_PRIVATE_KEY);
1380
		goto err;
1381
	}
1382
1383
182
	if (priv_key->publicKey) {
1384
		const unsigned char *pub_oct;
1385
		size_t pub_oct_len;
1386
1387
182
		EC_POINT_clear_free(ret->pub_key);
1388
182
		ret->pub_key = EC_POINT_new(ret->group);
1389
182
		if (ret->pub_key == NULL) {
1390
			ECerror(ERR_R_EC_LIB);
1391
			goto err;
1392
		}
1393
1394
182
		pub_oct = ASN1_STRING_data(priv_key->publicKey);
1395
182
		pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
1396
182
		if (pub_oct == NULL || pub_oct_len <= 0) {
1397
			ECerror(EC_R_BUFFER_TOO_SMALL);
1398
			goto err;
1399
		}
1400
1401
		/* save the point conversion form */
1402
182
		ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
1403
182
		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1404
			pub_oct, pub_oct_len, NULL)) {
1405
			ECerror(ERR_R_EC_LIB);
1406
			goto err;
1407
		}
1408
182
	}
1409
1410
182
	EC_PRIVATEKEY_free(priv_key);
1411
182
	if (a != NULL)
1412
2
		*a = ret;
1413
182
	return (ret);
1414
1415
err:
1416
	if (a == NULL || *a != ret)
1417
		EC_KEY_free(ret);
1418
	if (priv_key)
1419
		EC_PRIVATEKEY_free(priv_key);
1420
1421
	return (NULL);
1422
182
}
1423
1424
int
1425
i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1426
{
1427
	int ret = 0, ok = 0;
1428
	unsigned char *buffer = NULL;
1429
	size_t buf_len = 0, tmp_len;
1430
	EC_PRIVATEKEY *priv_key = NULL;
1431
1432

2920
	if (a == NULL || a->group == NULL || a->priv_key == NULL) {
1433
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
1434
		goto err;
1435
	}
1436
730
	if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1437
		ECerror(ERR_R_MALLOC_FAILURE);
1438
		goto err;
1439
	}
1440
730
	priv_key->version = a->version;
1441
1442
730
	buf_len = (size_t) BN_num_bytes(a->priv_key);
1443
730
	buffer = malloc(buf_len);
1444
730
	if (buffer == NULL) {
1445
		ECerror(ERR_R_MALLOC_FAILURE);
1446
		goto err;
1447
	}
1448
730
	if (!BN_bn2bin(a->priv_key, buffer)) {
1449
		ECerror(ERR_R_BN_LIB);
1450
		goto err;
1451
	}
1452
730
	if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
1453
		ECerror(ERR_R_ASN1_LIB);
1454
		goto err;
1455
	}
1456
730
	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1457
1444
		if ((priv_key->parameters = ec_asn1_group2pkparameters(
1458
1444
			    a->group, priv_key->parameters)) == NULL) {
1459
			ECerror(ERR_R_EC_LIB);
1460
			goto err;
1461
		}
1462
	}
1463

1460
	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
1464
730
		priv_key->publicKey = ASN1_BIT_STRING_new();
1465
730
		if (priv_key->publicKey == NULL) {
1466
			ECerror(ERR_R_MALLOC_FAILURE);
1467
			goto err;
1468
		}
1469
1460
		tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
1470
730
		    a->conv_form, NULL, 0, NULL);
1471
1472
730
		if (tmp_len > buf_len) {
1473
730
			unsigned char *tmp_buffer = realloc(buffer, tmp_len);
1474
730
			if (!tmp_buffer) {
1475
				ECerror(ERR_R_MALLOC_FAILURE);
1476
				goto err;
1477
			}
1478
			buffer = tmp_buffer;
1479
			buf_len = tmp_len;
1480
730
		}
1481
1460
		if (!EC_POINT_point2oct(a->group, a->pub_key,
1482
730
			a->conv_form, buffer, buf_len, NULL)) {
1483
			ECerror(ERR_R_EC_LIB);
1484
			goto err;
1485
		}
1486
730
		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1487
730
		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1488
1460
		if (!ASN1_STRING_set(priv_key->publicKey, buffer,
1489
730
			buf_len)) {
1490
			ECerror(ERR_R_ASN1_LIB);
1491
			goto err;
1492
		}
1493
	}
1494
730
	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1495
		ECerror(ERR_R_EC_LIB);
1496
		goto err;
1497
	}
1498
730
	ok = 1;
1499
err:
1500
730
	free(buffer);
1501
730
	if (priv_key)
1502
730
		EC_PRIVATEKEY_free(priv_key);
1503
730
	return (ok ? ret : 0);
1504
730
}
1505
1506
int
1507
i2d_ECParameters(EC_KEY * a, unsigned char **out)
1508
{
1509
24
	if (a == NULL) {
1510
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
1511
		return 0;
1512
	}
1513
12
	return i2d_ECPKParameters(a->group, out);
1514
12
}
1515
1516
EC_KEY *
1517
d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
1518
{
1519
	EC_KEY *ret;
1520
1521

18
	if (in == NULL || *in == NULL) {
1522
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
1523
		return NULL;
1524
	}
1525

6
	if (a == NULL || *a == NULL) {
1526
6
		if ((ret = EC_KEY_new()) == NULL) {
1527
			ECerror(ERR_R_MALLOC_FAILURE);
1528
			return NULL;
1529
		}
1530
	} else
1531
		ret = *a;
1532
1533
6
	if (!d2i_ECPKParameters(&ret->group, in, len)) {
1534
		ECerror(ERR_R_EC_LIB);
1535
		if (a == NULL || *a != ret)
1536
			EC_KEY_free(ret);
1537
		return NULL;
1538
	}
1539
1540
6
	if (a != NULL)
1541
		*a = ret;
1542
6
	return ret;
1543
6
}
1544
1545
EC_KEY *
1546
o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
1547
{
1548
	EC_KEY *ret = NULL;
1549
1550
	if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
1551
		/*
1552
		 * sorry, but a EC_GROUP-structur is necessary to set the
1553
		 * public key
1554
		 */
1555
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
1556
		return 0;
1557
	}
1558
	ret = *a;
1559
	if (ret->pub_key == NULL &&
1560
	    (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
1561
		ECerror(ERR_R_MALLOC_FAILURE);
1562
		return 0;
1563
	}
1564
	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
1565
		ECerror(ERR_R_EC_LIB);
1566
		return 0;
1567
	}
1568
	/* save the point conversion form */
1569
	ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
1570
	*in += len;
1571
	return ret;
1572
}
1573
1574
int
1575
i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
1576
{
1577
	size_t buf_len = 0;
1578
	int new_buffer = 0;
1579
1580
	if (a == NULL) {
1581
		ECerror(ERR_R_PASSED_NULL_PARAMETER);
1582
		return 0;
1583
	}
1584
	buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1585
	    a->conv_form, NULL, 0, NULL);
1586
1587
	if (out == NULL || buf_len == 0)
1588
		/* out == NULL => just return the length of the octet string */
1589
		return buf_len;
1590
1591
	if (*out == NULL) {
1592
		if ((*out = malloc(buf_len)) == NULL) {
1593
			ECerror(ERR_R_MALLOC_FAILURE);
1594
			return 0;
1595
		}
1596
		new_buffer = 1;
1597
	}
1598
	if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1599
		*out, buf_len, NULL)) {
1600
		ECerror(ERR_R_EC_LIB);
1601
		if (new_buffer) {
1602
			free(*out);
1603
			*out = NULL;
1604
		}
1605
		return 0;
1606
	}
1607
	if (!new_buffer)
1608
		*out += buf_len;
1609
	return buf_len;
1610
}