1 /* crypto/ec/ec_asn1.c */
3 * Written by Nils Larsch for the OpenSSL project.
5 /* ====================================================================
6 * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
61 #include <openssl/err.h>
62 #include <openssl/asn1t.h>
63 #include <openssl/objects.h>
65 /* some structures needed for the asn1 encoding */
66 typedef struct x9_62_fieldid_st {
67 ASN1_OBJECT *fieldType;
68 ASN1_TYPE *parameters;
71 typedef struct x9_62_characteristic_two_st {
74 ASN1_TYPE *parameters;
75 } X9_62_CHARACTERISTIC_TWO;
77 typedef struct x9_62_pentanomial_st {
83 typedef struct x9_62_curve_st {
86 ASN1_BIT_STRING *seed;
89 typedef struct ec_parameters_st {
91 X9_62_FIELDID *fieldID;
93 ASN1_OCTET_STRING *base;
95 ASN1_INTEGER *cofactor;
98 struct ecpk_parameters_st {
101 ASN1_OBJECT *named_curve;
102 ECPARAMETERS *parameters;
103 ASN1_NULL *implicitlyCA;
105 }/* ECPKPARAMETERS */;
107 /* SEC1 ECPrivateKey */
108 typedef struct ec_privatekey_st {
110 ASN1_OCTET_STRING *privateKey;
111 ECPKPARAMETERS *parameters;
112 ASN1_BIT_STRING *publicKey;
115 /* the OpenSSL asn1 definitions */
117 ASN1_SEQUENCE(X9_62_FIELDID) = {
118 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
119 ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY)
120 } ASN1_SEQUENCE_END(X9_62_FIELDID)
122 DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID)
123 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID)
124 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID)
126 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
127 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
128 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, basis, ASN1_OBJECT),
129 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, parameters, ASN1_ANY)
130 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
132 DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO)
133 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO, X9_62_CHARACTERISTIC_TWO)
134 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO)
136 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
137 ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
138 ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
139 ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
140 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
142 DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL)
143 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL, X9_62_PENTANOMIAL)
144 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL)
146 ASN1_SEQUENCE(X9_62_CURVE) = {
147 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
148 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
149 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
150 } ASN1_SEQUENCE_END(X9_62_CURVE)
152 DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE)
153 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE)
154 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE)
156 ASN1_SEQUENCE(ECPARAMETERS) = {
157 ASN1_SIMPLE(ECPARAMETERS, version, LONG),
158 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
159 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
160 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
161 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
162 ASN1_SIMPLE(ECPARAMETERS, cofactor, ASN1_INTEGER)
163 } ASN1_SEQUENCE_END(ECPARAMETERS)
165 DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS)
166 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS, ECPARAMETERS)
167 IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS)
169 ASN1_CHOICE(ECPKPARAMETERS) = {
170 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
171 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
172 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
173 } ASN1_CHOICE_END(ECPKPARAMETERS)
175 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
176 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
177 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
179 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
180 ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
181 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
182 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
183 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
184 } ASN1_SEQUENCE_END(EC_PRIVATEKEY)
186 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
187 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
188 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
190 /* some declarations of internal function */
192 /* ec_asn1_group2field() creates a X9_62_FIELDID object from a
194 static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *, X9_62_FIELDID *);
195 /* ec_asn1_group2curve() creates a X9_62_CURVE object from a
197 static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
198 /* ec_asn1_parameters2group() creates a EC_GROUP object from a
199 * ECPARAMETERS object */
200 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
201 /* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
203 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
204 /* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
205 * ECPKPARAMETERS object */
206 static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
207 /* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
209 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
213 /* the function definitions */
215 static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group,
216 X9_62_FIELDID *field)
219 X9_62_FIELDID *ret = NULL;
220 X9_62_CHARACTERISTIC_TWO *char_two = NULL;
221 X9_62_PENTANOMIAL *penta = NULL;
223 unsigned char *buffer = NULL;
229 if ((ret = X9_62_FIELDID_new()) == NULL)
231 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
238 /* clear the old values */
239 if (ret->fieldType != NULL)
240 ASN1_OBJECT_free(ret->fieldType);
241 if (ret->parameters != NULL)
242 ASN1_TYPE_free(ret->parameters);
245 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
246 /* set OID for the field */
247 if ((ret->fieldType = OBJ_nid2obj(nid)) == NULL)
249 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
253 if ((ret->parameters = ASN1_TYPE_new()) == NULL)
255 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
259 if (nid == NID_X9_62_prime_field)
261 if ((tmp = BN_new()) == NULL)
263 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
266 /* the parameters are specified by the prime number p */
267 ret->parameters->type = V_ASN1_INTEGER;
268 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
270 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
273 /* set the prime number */
274 ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL);
275 if (ret->parameters->value.integer == NULL)
277 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
281 else /* nid == NID_X9_62_characteristic_two_field */
284 unsigned int k1, k2, k3;
286 char_two = X9_62_CHARACTERISTIC_TWO_new();
287 if (char_two == NULL)
289 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
293 char_two->m = (long)EC_GROUP_get_degree(group);
295 field_type = EC_GROUP_get_basis_type(group, &k1, &k2, &k3);
299 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
302 /* set base type OID */
303 if ((char_two->basis = OBJ_nid2obj(field_type)) == NULL)
305 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
309 if (field_type == NID_X9_62_tpBasis)
311 char_two->parameters->type = V_ASN1_INTEGER;
312 char_two->parameters->value.integer =
314 if (char_two->parameters->value.integer == NULL)
316 ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
320 if (!ASN1_INTEGER_set(char_two->parameters->value.integer, (long)k1))
322 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
327 else if (field_type == NID_X9_62_ppBasis)
329 penta = X9_62_PENTANOMIAL_new();
331 penta->k1 = (long)k1;
332 penta->k2 = (long)k2;
333 penta->k3 = (long)k3;
334 /* get the length of the encoded structure */
335 buf_len = i2d_X9_62_PENTANOMIAL(penta, NULL);
336 if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
338 ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
339 ERR_R_MALLOC_FAILURE);
343 i2d_X9_62_PENTANOMIAL(penta, &pp);
344 /* set the encoded pentanomial */
345 char_two->parameters->type=V_ASN1_SEQUENCE;
346 char_two->parameters->value.sequence=ASN1_STRING_new();
347 ASN1_STRING_set(char_two->parameters->value.sequence,
350 OPENSSL_free(buffer);
353 else /* field_type == NID_X9_62_onBasis */
355 /* for ONB the parameters are (asn1) NULL */
356 char_two->parameters->type = V_ASN1_NULL;
358 /* encoded the X9_62_CHARACTERISTIC_TWO structure */
359 buf_len = i2d_X9_62_CHARACTERISTIC_TWO(char_two, NULL);
361 if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
363 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
367 i2d_X9_62_CHARACTERISTIC_TWO(char_two, &pp);
368 /* set the encoded parameters */
369 ret->parameters->type = V_ASN1_SEQUENCE;
370 ret->parameters->value.sequence = ASN1_STRING_new();
371 ASN1_STRING_set(ret->parameters->value.sequence,
380 X9_62_FIELDID_free(ret);
386 X9_62_CHARACTERISTIC_TWO_free(char_two);
388 X9_62_PENTANOMIAL_free(penta);
390 OPENSSL_free(buffer);
394 static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group,
398 X9_62_CURVE *ret=NULL;
401 unsigned char *buffer_1=NULL,
406 unsigned char char_zero = 0;
408 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
410 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
416 if ((ret = X9_62_CURVE_new()) == NULL)
418 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
426 ASN1_OCTET_STRING_free(ret->a);
428 ASN1_OCTET_STRING_free(ret->b);
430 ASN1_BIT_STRING_free(ret->seed);
433 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
436 if (nid == NID_X9_62_prime_field)
438 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
440 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
444 else /* nid == NID_X9_62_characteristic_two_field */
446 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
448 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
453 len_1 = (size_t)BN_num_bytes(tmp_1);
454 len_2 = (size_t)BN_num_bytes(tmp_2);
458 /* len_1 == 0 => a == 0 */
464 if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
466 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
467 ERR_R_MALLOC_FAILURE);
470 if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
472 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
480 /* len_2 == 0 => b == 0 */
486 if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
488 ECerr(EC_F_EC_ASN1_GROUP2CURVE,
489 ERR_R_MALLOC_FAILURE);
492 if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
494 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
501 if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL ||
502 (ret->b = M_ASN1_OCTET_STRING_new()) == NULL )
504 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
507 if (!M_ASN1_OCTET_STRING_set(ret->a, a_buf, len_1) ||
508 !M_ASN1_OCTET_STRING_set(ret->b, b_buf, len_2))
510 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
514 /* set the seed (optional) */
517 if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err;
518 if (!ASN1_BIT_STRING_set(ret->seed, group->seed,
519 (int)group->seed_len))
521 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
533 X9_62_CURVE_free(ret);
537 OPENSSL_free(buffer_1);
539 OPENSSL_free(buffer_2);
547 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
552 ECPARAMETERS *ret=NULL;
554 unsigned char *buffer=NULL;
555 const EC_POINT *point=NULL;
556 point_conversion_form_t form;
558 if ((tmp = BN_new()) == NULL)
560 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
566 if ((ret = ECPARAMETERS_new()) == NULL)
568 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
569 ERR_R_MALLOC_FAILURE);
576 /* set the version (always one) */
577 ret->version = (long)0x1;
579 /* set the fieldID */
580 ret->fieldID = ec_asn1_group2field(group, ret->fieldID);
581 if (ret->fieldID == NULL)
583 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
588 ret->curve = ec_asn1_group2curve(group, ret->curve);
589 if (ret->curve == NULL)
591 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
595 /* set the base point */
596 if ((point = EC_GROUP_get0_generator(group)) == NULL)
598 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
602 form = EC_GROUP_get_point_conversion_form(group);
604 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
607 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
610 if ((buffer = OPENSSL_malloc(len)) == NULL)
612 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
615 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
617 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
620 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
622 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
625 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
627 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
632 if (!EC_GROUP_get_order(group, tmp, NULL))
634 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
637 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
638 if (ret->order == NULL)
640 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
644 /* set the cofactor */
645 if (!EC_GROUP_get_cofactor(group, tmp, NULL))
647 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
650 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
651 if (ret->cofactor == NULL)
653 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
662 ECPARAMETERS_free(ret);
668 OPENSSL_free(buffer);
672 ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
673 ECPKPARAMETERS *params)
676 ECPKPARAMETERS *ret = params;
680 if ((ret = ECPKPARAMETERS_new()) == NULL)
682 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
683 ERR_R_MALLOC_FAILURE);
689 if (ret->type == 0 && ret->value.named_curve)
690 ASN1_OBJECT_free(ret->value.named_curve);
691 else if (ret->type == 1 && ret->value.parameters)
692 ECPARAMETERS_free(ret->value.parameters);
695 if (EC_GROUP_get_asn1_flag(group))
697 /* use the asn1 OID to describe the
698 * the elliptic curve parameters
700 tmp = EC_GROUP_get_nid(group);
704 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
708 /* we don't kmow the nid => ERROR */
713 /* use the ECPARAMETERS structure */
715 if ((ret->value.parameters = ec_asn1_group2parameters(
716 group, NULL)) == NULL)
722 ECPKPARAMETERS_free(ret);
728 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
731 EC_GROUP *ret = NULL;
732 BIGNUM *p = NULL, *a = NULL, *b = NULL;
733 EC_POINT *point=NULL;
734 X9_62_CHARACTERISTIC_TWO *char_two = NULL;
735 X9_62_PENTANOMIAL *penta = NULL;
738 if (!params->fieldID || !params->fieldID->fieldType ||
739 !params->fieldID->parameters)
741 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
745 /* now extract the curve parameters a and b */
746 if (!params->curve || !params->curve->a ||
747 !params->curve->a->data || !params->curve->b ||
748 !params->curve->b->data)
750 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
753 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
756 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
759 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
762 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
766 /* get the field parameters */
767 tmp = OBJ_obj2nid(params->fieldID->fieldType);
769 if (tmp == NID_X9_62_characteristic_two_field)
771 ASN1_TYPE *parameters = params->fieldID->parameters;
773 if (parameters->type != V_ASN1_SEQUENCE)
775 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
779 if ((p = BN_new()) == NULL)
781 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
782 ERR_R_MALLOC_FAILURE);
786 /* extract the X9_62_CHARACTERISTIC_TWO object */
787 pp = M_ASN1_STRING_data(parameters->value.sequence);
788 char_two = d2i_X9_62_CHARACTERISTIC_TWO(NULL,
789 (const unsigned char **) &pp,
790 M_ASN1_STRING_length(parameters->value.sequence));
791 if (char_two == NULL)
793 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
796 /* get the base type */
797 tmp = OBJ_obj2nid(char_two->basis);
799 if (tmp == NID_X9_62_tpBasis)
803 if (char_two->parameters->type != V_ASN1_INTEGER ||
804 char_two->parameters->value.integer == NULL)
806 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
811 tmp_long = ASN1_INTEGER_get(char_two->parameters->value.integer);
812 /* create the polynomial */
813 if (!BN_set_bit(p, (int)char_two->m)) goto err;
814 if (!BN_set_bit(p, (int)tmp_long)) goto err;
815 if (!BN_set_bit(p, 0)) goto err;
817 else if (tmp == NID_X9_62_ppBasis)
819 if (char_two->parameters->type != V_ASN1_SEQUENCE ||
820 char_two->parameters->value.sequence == NULL)
822 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
826 /* extract the pentanomial data */
827 pp = M_ASN1_STRING_data(
828 char_two->parameters->value.sequence);
829 penta = d2i_X9_62_PENTANOMIAL(NULL,
830 (const unsigned char **) &pp,
831 M_ASN1_STRING_length(
832 char_two->parameters->value.sequence));
835 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
839 /* create the polynomial */
840 if (!BN_set_bit(p, (int)char_two->m)) goto err;
841 if (!BN_set_bit(p, (int)penta->k1)) goto err;
842 if (!BN_set_bit(p, (int)penta->k2)) goto err;
843 if (!BN_set_bit(p, (int)penta->k3)) goto err;
844 if (!BN_set_bit(p, 0)) goto err;
846 else if (tmp == NID_X9_62_onBasis)
848 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
849 EC_R_NOT_IMPLEMENTED);
854 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
858 /* create the EC_GROUP structure */
859 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
862 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
866 else if (tmp == NID_X9_62_prime_field)
868 /* we have a curve over a prime field */
869 /* extract the prime number */
870 if (params->fieldID->parameters->type != V_ASN1_INTEGER ||
871 !params->fieldID->parameters->value.integer)
873 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
876 p = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL);
879 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
882 /* create the EC_GROUP structure */
883 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
886 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
891 /* extract seed (optional) */
892 if (params->curve->seed != NULL)
894 if (ret->seed != NULL)
895 OPENSSL_free(ret->seed);
896 if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
898 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
899 ERR_R_MALLOC_FAILURE);
902 memcpy(ret->seed, params->curve->seed->data,
903 params->curve->seed->length);
904 ret->seed_len = params->curve->seed->length;
907 /* extract the order, cofactor and generator */
908 if (!params->order || !params->cofactor || !params->base ||
911 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
915 if ((point = EC_POINT_new(ret)) == NULL) goto err;
917 a = ASN1_INTEGER_to_BN(params->order, a);
918 b = ASN1_INTEGER_to_BN(params->cofactor, b);
921 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
925 if (!EC_POINT_oct2point(ret, point, params->base->data,
926 params->base->length, NULL))
928 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
932 /* set the point conversion form */
933 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
934 (params->base->data[0] & ~0x01));
936 if (!EC_GROUP_set_generator(ret, point, a, b))
938 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
947 EC_GROUP_clear_free(ret);
958 EC_POINT_free(point);
960 X9_62_CHARACTERISTIC_TWO_free(char_two);
962 X9_62_PENTANOMIAL_free(penta);
966 EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
973 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
974 EC_R_MISSING_PARAMETERS);
978 if (params->type == 0)
979 { /* the curve is given by an OID */
980 tmp = OBJ_obj2nid(params->value.named_curve);
981 if ((ret = EC_GROUP_new_by_nid(tmp)) == NULL)
983 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
984 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
987 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
989 else if (params->type == 1)
990 { /* the parameters are given by a ECPARAMETERS
992 ret = ec_asn1_parameters2group(params->value.parameters);
995 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
998 EC_GROUP_set_asn1_flag(ret, 0x0);
1000 else if (params->type == 2)
1001 { /* implicitlyCA */
1006 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
1013 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
1015 EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
1017 EC_GROUP *group = NULL;
1018 ECPKPARAMETERS *params = NULL;
1020 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
1022 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
1023 ECPKPARAMETERS_free(params);
1027 if ((group = ec_asn1_pkparameters2group(params)) == NULL)
1029 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
1035 EC_GROUP_clear_free(*a);
1039 ECPKPARAMETERS_free(params);
1043 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
1046 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1049 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
1052 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
1054 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
1055 ECPKPARAMETERS_free(tmp);
1058 ECPKPARAMETERS_free(tmp);
1062 /* some EC_KEY functions */
1064 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
1068 EC_PRIVATEKEY *priv_key=NULL;
1070 if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
1072 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1076 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
1078 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1079 EC_PRIVATEKEY_free(priv_key);
1083 if (a == NULL || *a == NULL)
1085 if ((ret = EC_KEY_new()) == NULL)
1087 ECerr(EC_F_D2I_ECPRIVATEKEY,
1088 ERR_R_MALLOC_FAILURE);
1097 if (priv_key->parameters)
1100 EC_GROUP_clear_free(ret->group);
1101 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1104 if (ret->group == NULL)
1106 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1110 ret->version = priv_key->version;
1112 if (priv_key->privateKey)
1114 ret->priv_key = BN_bin2bn(
1115 M_ASN1_STRING_data(priv_key->privateKey),
1116 M_ASN1_STRING_length(priv_key->privateKey),
1118 if (ret->priv_key == NULL)
1120 ECerr(EC_F_D2I_ECPRIVATEKEY,
1127 ECerr(EC_F_D2I_ECPRIVATEKEY,
1128 EC_R_MISSING_PRIVATE_KEY);
1132 if (priv_key->publicKey)
1135 EC_POINT_clear_free(ret->pub_key);
1136 ret->pub_key = EC_POINT_new(ret->group);
1137 if (ret->pub_key == NULL)
1139 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1142 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1143 M_ASN1_STRING_data(priv_key->publicKey),
1144 M_ASN1_STRING_length(priv_key->publicKey), NULL))
1146 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1161 EC_PRIVATEKEY_free(priv_key);
1166 int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
1169 unsigned char *buffer=NULL;
1170 size_t buf_len=0, tmp_len;
1171 EC_PRIVATEKEY *priv_key=NULL;
1173 if (a == NULL || a->group == NULL || a->priv_key == NULL)
1175 ECerr(EC_F_I2D_ECPRIVATEKEY,
1176 ERR_R_PASSED_NULL_PARAMETER);
1180 if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
1182 ECerr(EC_F_I2D_ECPRIVATEKEY,
1183 ERR_R_MALLOC_FAILURE);
1187 priv_key->version = a->version;
1189 buf_len = (size_t)BN_num_bytes(a->priv_key);
1190 buffer = OPENSSL_malloc(buf_len);
1193 ECerr(EC_F_I2D_ECPRIVATEKEY,
1194 ERR_R_MALLOC_FAILURE);
1198 if (!BN_bn2bin(a->priv_key, buffer))
1200 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
1204 if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
1206 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1210 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
1212 if ((priv_key->parameters = ec_asn1_group2pkparameters(
1213 a->group, priv_key->parameters)) == NULL)
1215 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1220 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
1222 priv_key->publicKey = M_ASN1_BIT_STRING_new();
1223 if (priv_key->publicKey == NULL)
1225 ECerr(EC_F_I2D_ECPRIVATEKEY,
1226 ERR_R_MALLOC_FAILURE);
1230 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
1231 a->conv_form, NULL, 0, NULL);
1233 if (tmp_len > buf_len)
1234 buffer = OPENSSL_realloc(buffer, tmp_len);
1237 ECerr(EC_F_I2D_ECPRIVATEKEY,
1238 ERR_R_MALLOC_FAILURE);
1244 if (!EC_POINT_point2oct(a->group, a->pub_key,
1245 a->conv_form, buffer, buf_len, NULL))
1247 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1251 if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer,
1254 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
1259 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
1261 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1267 OPENSSL_free(buffer);
1269 EC_PRIVATEKEY_free(priv_key);
1273 int i2d_ECParameters(EC_KEY *a, unsigned char **out)
1277 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1280 return i2d_ECPKParameters(a->group, out);
1283 EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
1288 if (in == NULL || *in == NULL)
1290 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1294 group = d2i_ECPKParameters(NULL, in, len);
1298 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
1302 if (a == NULL || *a == NULL)
1304 if ((ret = EC_KEY_new()) == NULL)
1306 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
1316 EC_GROUP_clear_free(ret->group);
1323 EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in,
1328 if (a == NULL || (*a) == NULL || (*a)->group == NULL)
1330 /* sorry, but a EC_GROUP-structur is necessary
1331 * to set the public key */
1332 ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_PASSED_NULL_PARAMETER);
1336 if (ret->pub_key == NULL &&
1337 (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
1339 ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_MALLOC_FAILURE);
1342 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
1344 ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_EC_LIB);
1347 /* save the point conversion form */
1348 ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
1352 int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out)
1358 ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_PASSED_NULL_PARAMETER);
1362 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1363 a->conv_form, NULL, 0, NULL);
1365 if (out == NULL || buf_len == 0)
1366 /* out == NULL => just return the length of the octet string */
1370 if ((*out = OPENSSL_malloc(buf_len)) == NULL)
1372 ECerr(EC_F_ECPUBLICKEY_GET_OCTET,
1373 ERR_R_MALLOC_FAILURE);
1376 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1377 *out, buf_len, NULL))
1379 ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_EC_LIB);