8c47a14da6f8d9f2e197ba32314b066f98a10d04
[openssl.git] / crypto / ecdsa / ecs_asn1.c
1 /* crypto/ecdsa/ecs_asn1.c */
2 /* ====================================================================
3  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer. 
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. All advertising materials mentioning features or use of this
18  *    software must display the following acknowledgment:
19  *    "This product includes software developed by the OpenSSL Project
20  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21  *
22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23  *    endorse or promote products derived from this software without
24  *    prior written permission. For written permission, please contact
25  *    licensing@OpenSSL.org.
26  *
27  * 5. Products derived from this software may not be called "OpenSSL"
28  *    nor may "OpenSSL" appear in their names without prior written
29  *    permission of the OpenSSL Project.
30  *
31  * 6. Redistributions of any form whatsoever must retain the following
32  *    acknowledgment:
33  *    "This product includes software developed by the OpenSSL Project
34  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35  *
36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47  * OF THE POSSIBILITY OF SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This product includes cryptographic software written by Eric Young
51  * (eay@cryptsoft.com).  This product includes software written by Tim
52  * Hudson (tjh@cryptsoft.com).
53  *
54  */
55
56 #include "cryptlib.h"
57 #include "ecs_locl.h"
58 #include <openssl/asn1.h>
59 #include <openssl/asn1t.h>
60 #include <openssl/objects.h>
61
62 static point_conversion_form_t POINT_CONVERSION_FORM = POINT_CONVERSION_COMPRESSED;
63
64 ASN1_SEQUENCE(ECDSA_SIG) = {
65         ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
66         ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
67 } ASN1_SEQUENCE_END(ECDSA_SIG)
68
69 IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
70
71 ASN1_SEQUENCE(X9_62_FIELDID) = {
72         ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
73         ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY)
74 } ASN1_SEQUENCE_END(X9_62_FIELDID)
75
76 DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID)
77 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID)
78 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID)
79
80 ASN1_SEQUENCE(X9_62_CURVE) = {
81         ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
82         ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
83         ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
84 } ASN1_SEQUENCE_END(X9_62_CURVE)
85
86 DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE)
87 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE)
88 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE)
89
90 ASN1_SEQUENCE(X9_62_EC_PARAMETERS) = {
91         ASN1_OPT(X9_62_EC_PARAMETERS, version, ASN1_INTEGER),
92         ASN1_SIMPLE(X9_62_EC_PARAMETERS, fieldID, X9_62_FIELDID),
93         ASN1_SIMPLE(X9_62_EC_PARAMETERS, curve, X9_62_CURVE),
94         ASN1_SIMPLE(X9_62_EC_PARAMETERS, base, ASN1_OCTET_STRING),
95         ASN1_SIMPLE(X9_62_EC_PARAMETERS, order, ASN1_INTEGER),
96         ASN1_SIMPLE(X9_62_EC_PARAMETERS, cofactor, ASN1_INTEGER)
97 } ASN1_SEQUENCE_END(X9_62_EC_PARAMETERS)
98
99 DECLARE_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS)
100 DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_EC_PARAMETERS, X9_62_EC_PARAMETERS)
101 IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_EC_PARAMETERS)
102
103 ASN1_CHOICE(EC_PARAMETERS) = {
104         ASN1_SIMPLE(EC_PARAMETERS, value.named_curve, ASN1_OBJECT),
105         ASN1_SIMPLE(EC_PARAMETERS, value.parameters, X9_62_EC_PARAMETERS),
106         ASN1_SIMPLE(EC_PARAMETERS, value.implicitlyCA, ASN1_NULL)
107 } ASN1_CHOICE_END(EC_PARAMETERS)
108
109 DECLARE_ASN1_FUNCTIONS_const(EC_PARAMETERS)
110 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PARAMETERS, EC_PARAMETERS)
111 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PARAMETERS)
112              
113 ASN1_SEQUENCE(ECDSAPrivateKey) = {
114         ASN1_SIMPLE(ECDSAPrivateKey, version, LONG),
115         ASN1_SIMPLE(ECDSAPrivateKey, parameters, EC_PARAMETERS),
116         ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
117         ASN1_SIMPLE(ECDSAPrivateKey, priv_key, BIGNUM)
118 } ASN1_SEQUENCE_END(ECDSAPrivateKey)
119
120 DECLARE_ASN1_FUNCTIONS_const(ECDSAPrivateKey)
121 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPrivateKey)
122 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(ECDSAPrivateKey, ECDSAPrivateKey, ECDSAPrivateKey)
123 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPrivateKey, ecdsaPrivateKey)
124
125 ASN1_SEQUENCE(ecdsa_pub_internal) = {
126         ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
127         ASN1_SIMPLE(ECDSAPrivateKey, parameters, EC_PARAMETERS),
128 } ASN1_SEQUENCE_END_name(ECDSAPrivateKey, ecdsa_pub_internal)
129
130 ASN1_CHOICE(ECDSAPublicKey) = {
131         ASN1_SIMPLE(ECDSAPrivateKey, pub_key, ASN1_OCTET_STRING),
132         ASN1_EX_COMBINE(0, 0, ecdsa_pub_internal)
133 } ASN1_CHOICE_END_selector(ECDSAPrivateKey, ECDSAPublicKey, write_params)
134
135 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSAPrivateKey, ecdsaPublicKey)
136 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSAPrivateKey, ECDSAPublicKey, ecdsaPublicKey)
137
138
139 X9_62_FIELDID   *ECDSA_get_X9_62_FIELDID(const ECDSA *ecdsa, X9_62_FIELDID *field)
140 {
141         /* TODO : characteristic two */
142         int     ok=0, reason=ERR_R_ASN1_LIB;
143         X9_62_FIELDID *ret=NULL;
144         BIGNUM  *tmp=NULL;
145         
146         if (!ecdsa || !ecdsa->group)
147                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
148         if (field == NULL)
149         {
150                 if ((ret = X9_62_FIELDID_new()) == NULL) return NULL;
151         }
152         else
153         {       
154                 ret = field;
155                 if (ret->fieldType != NULL)     ASN1_OBJECT_free(ret->fieldType);
156                 if (ret->parameters != NULL)    ASN1_TYPE_free(ret->parameters);
157         }
158         if ((tmp = BN_new()) == NULL) 
159                 OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
160         if ((ret->fieldType = OBJ_nid2obj(NID_X9_62_prime_field)) == NULL)
161                 OPENSSL_ECDSA_ABORT(ERR_R_OBJ_LIB)
162         if ((ret->parameters = ASN1_TYPE_new()) == NULL) goto err;
163         ret->parameters->type = V_ASN1_INTEGER;
164         if (!EC_GROUP_get_curve_GFp(ecdsa->group, tmp, NULL, NULL, NULL))
165                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
166         if ((ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL)) == NULL) goto err;
167         ok = 1;
168 err :   if (!ok)
169         {
170                 if (ret && !field) X9_62_FIELDID_free(ret);
171                 ret = NULL;
172                 ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_FIELDID, reason);
173         }
174         if (tmp) BN_free(tmp);
175         return(ret);
176 }
177
178 X9_62_CURVE   *ECDSA_get_X9_62_CURVE(const ECDSA *ecdsa, X9_62_CURVE *curve)
179 {
180         int     ok=0, reason=ERR_R_BN_LIB, len1=0, len2=0;
181         X9_62_CURVE *ret=NULL;
182         BIGNUM      *tmp1=NULL, *tmp2=NULL;
183         unsigned char *buffer=NULL;
184         unsigned char char_buf = 0;
185
186         if (!ecdsa || !ecdsa->group)
187                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
188         if ((tmp1 = BN_new()) == NULL || (tmp2 = BN_new()) == NULL) goto err;
189         if (curve == NULL)
190         {
191                 if ((ret = X9_62_CURVE_new()) == NULL)
192                         OPENSSL_ECDSA_ABORT(ECDSA_R_X9_62_CURVE_NEW_FAILURE)
193         }
194         else
195         {
196                 ret = curve;
197                 if (ret->a)     ASN1_OCTET_STRING_free(ret->a);
198                 if (ret->b)     ASN1_OCTET_STRING_free(ret->b);
199                 if (ret->seed)  ASN1_BIT_STRING_free(ret->seed);
200         }
201         if (!EC_GROUP_get_curve_GFp(ecdsa->group, NULL, tmp1, tmp2, NULL))
202                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
203
204         if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || 
205             (ret->b = M_ASN1_OCTET_STRING_new()) == NULL )
206                 OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
207
208         len1 = BN_num_bytes(tmp1);
209         len2 = BN_num_bytes(tmp2);
210
211         if ((buffer = OPENSSL_malloc(len1 > len2 ? len1 : len2)) == NULL)
212                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
213
214         if (len1 == 0) /* => a == 0 */
215         {
216                 if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1))
217                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
218         }
219         else
220         {
221                 if ((len1 = BN_bn2bin(tmp1, buffer)) == 0) goto err;
222                 if (!M_ASN1_OCTET_STRING_set(ret->a, buffer, len1))
223                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
224         }
225         if (len2 == 0) /* => b == 0 */
226         {
227                 if (!M_ASN1_OCTET_STRING_set(ret->a, &char_buf, 1))
228                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
229         }
230         else
231         {
232                 if ((len2 = BN_bn2bin(tmp2, buffer)) == 0) goto err;
233                 if (!M_ASN1_OCTET_STRING_set(ret->b, buffer, len2))
234                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
235         }
236
237         if (ecdsa->seed)
238         {       
239                 if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err;
240                 if (!ASN1_BIT_STRING_set(ret->seed, ecdsa->seed, (int)ecdsa->seed_len))
241                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
242         }
243         else
244                 ret->seed = NULL;
245
246         ok = 1;
247 err :   if (!ok)
248         {
249                 if (ret && !curve) X9_62_CURVE_free(ret);
250                 ret = NULL;
251                 ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_CURVE, reason);
252         }
253         if (buffer) OPENSSL_free(buffer);
254         if (tmp1)   BN_free(tmp1);
255         if (tmp2)   BN_free(tmp2);
256         return(ret);
257 }
258
259 X9_62_EC_PARAMETERS *ECDSA_get_X9_62_EC_PARAMETERS(const ECDSA *ecdsa, X9_62_EC_PARAMETERS *param)
260 {
261         int     ok=0, reason=ERR_R_ASN1_LIB;
262         size_t  len=0;
263         X9_62_EC_PARAMETERS *ret=NULL;
264         BIGNUM        *tmp=NULL;
265         unsigned char *buffer=NULL;
266         EC_POINT      *point=NULL;
267
268         if (!ecdsa || !ecdsa->group)
269                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
270         if ((tmp = BN_new()) == NULL)
271                 OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
272         if (param == NULL)
273         {
274                 if ((ret = X9_62_EC_PARAMETERS_new()) == NULL)
275                         OPENSSL_ECDSA_ABORT(ECDSA_R_X9_62_EC_PARAMETERS_NEW_FAILURE)
276         }
277         else
278                 ret = param;
279         if (ecdsa->version == 1)
280                 ret->version = NULL;
281         else
282         {
283                 if (ret->version == NULL && (ret->version = ASN1_INTEGER_new()) == NULL)
284                         OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
285                 if (!ASN1_INTEGER_set(ret->version, (long)ecdsa->version)) goto err;
286         }
287         if ((ret->fieldID = ECDSA_get_X9_62_FIELDID(ecdsa, ret->fieldID)) == NULL)
288                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_FIELDID_FAILURE)
289         if ((ret->curve = ECDSA_get_X9_62_CURVE(ecdsa, ret->curve)) == NULL)
290                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_CURVE_FAILURE)
291         if ((point = EC_GROUP_get0_generator(ecdsa->group)) == NULL)
292                 OPENSSL_ECDSA_ABORT(ECDSA_R_CAN_NOT_GET_GENERATOR)
293         if (!(len = EC_POINT_point2oct(ecdsa->group, point, POINT_CONVERSION_COMPRESSED, NULL, len, NULL)))
294                 OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER_LENGTH)
295         if ((buffer = OPENSSL_malloc(len)) == NULL)
296                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
297         if (!EC_POINT_point2oct(ecdsa->group, point, POINT_CONVERSION_COMPRESSED, buffer, len, NULL)) 
298                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
299         if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
300                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
301         if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) goto err;
302         if (!EC_GROUP_get_order(ecdsa->group, tmp, NULL))
303                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
304         if ((ret->order = BN_to_ASN1_INTEGER(tmp, ret->order)) == NULL) goto err;
305         if (!EC_GROUP_get_cofactor(ecdsa->group, tmp, NULL))
306                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
307         if ((ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor)) == NULL) goto err;
308         ok = 1;
309
310 err :   if(!ok)
311         {
312                 ECDSAerr(ECDSA_F_ECDSA_GET_X9_62_EC_PARAMETERS, reason);
313                 if (ret && !param) X9_62_EC_PARAMETERS_free(ret);
314                 ret = NULL;
315         }
316         if (tmp)    BN_free(tmp);
317         if (buffer) OPENSSL_free(buffer);
318         return(ret);
319 }
320
321 EC_PARAMETERS *ECDSA_get_EC_PARAMETERS(const ECDSA *ecdsa, EC_PARAMETERS *params)
322 {
323         int ok = 1;
324         int tmp = 0;
325         EC_PARAMETERS *ret = params;
326         if (ret == NULL)
327                 if ((ret = EC_PARAMETERS_new()) == NULL)
328                 {
329                         ECDSAerr(ECDSA_F_ECDSA_GET_EC_PARAMETERS, ERR_R_MALLOC_FAILURE);
330                         return NULL;
331                 }
332         if (ecdsa == NULL)
333         {       /* missing parameter */
334                 ECDSAerr(ECDSA_F_ECDSA_GET_EC_PARAMETERS, ECDSA_R_MISSING_PARAMETERS);
335                 EC_PARAMETERS_free(params);
336                 return NULL;
337         }
338         if (ecdsa->parameter_flags & ECDSA_FLAG_NAMED_CURVE)
339         {       /* use a named curve */
340                 tmp = EC_GROUP_get_nid(ecdsa->group);
341                 if (tmp)
342                 {
343                         ret->type = 0;
344                         if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
345                                 ok = 0;
346                 }
347                 else
348                 {
349                         /* use the x9_64 ec_parameters structure */
350                         ret->type = 1;
351                         if ((ret->value.parameters = ECDSA_get_X9_62_EC_PARAMETERS(ecdsa, NULL)) == NULL)
352                                 ok = 0;
353                 }
354         }
355         else if (ecdsa->parameter_flags & ECDSA_FLAG_IMPLICITLYCA)
356         {       /* use implicitlyCA */
357                 ret->type = 2;
358                 if ((ret->value.implicitlyCA = ASN1_NULL_new()) == NULL)
359                         ok = 0;
360         }
361         else
362         {       /* use the x9_64 ec_parameters structure */
363                 ret->type = 1;
364                 if ((ret->value.parameters = ECDSA_get_X9_62_EC_PARAMETERS(ecdsa, NULL)) == NULL)
365                         ok = 0;
366         }
367         if (!ok)
368         {
369                 EC_PARAMETERS_free(ret);
370                 return NULL;
371         }
372                 return ret;
373 }
374
375 ECDSA         *ECDSA_x9_62parameters2ecdsa(const X9_62_EC_PARAMETERS *params, ECDSA *ecdsa)
376 {
377         int       ok=0, reason=ERR_R_EC_LIB, tmp;
378         ECDSA     *ret=NULL;
379         const EC_METHOD *meth=NULL;
380         BIGNUM    *tmp_1=NULL, *tmp_2=NULL, *tmp_3=NULL;
381         EC_POINT  *point=NULL;
382
383         if (!params) 
384                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
385         if (ecdsa == NULL)
386         {
387                 if ((ret = ECDSA_new()) == NULL) 
388                         OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_NEW_FAILURE)
389         }
390         else
391         {
392                 if (ecdsa->group)       EC_GROUP_free(ecdsa->group);
393                 if (ecdsa->pub_key)     EC_POINT_free(ecdsa->pub_key);
394                 ecdsa->pub_key = NULL;
395                 if (ecdsa->priv_key)    BN_clear_free(ecdsa->priv_key);
396                 ecdsa->priv_key = NULL;
397                 if (ecdsa->seed)        OPENSSL_free(ecdsa->seed);
398                 ecdsa->seed = NULL;
399                 if (ecdsa->kinv)        
400                 {
401                         BN_clear_free(ecdsa->kinv);
402                         ecdsa->kinv = NULL;
403                 }
404                 if (ecdsa->r)
405                 {
406                         BN_clear_free(ecdsa->r);
407                         ecdsa->r = NULL;
408                 }
409                 ret = ecdsa;
410         }
411         /* TODO : characteristic two */
412         if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->parameters)
413                 OPENSSL_ECDSA_ABORT(ECDSA_R_NO_FIELD_SPECIFIED)
414         tmp = OBJ_obj2nid(params->fieldID->fieldType); 
415         if (tmp == NID_X9_62_characteristic_two_field)
416         {
417                 OPENSSL_ECDSA_ABORT(ECDSA_R_NOT_SUPPORTED)
418         }
419         else if (tmp == NID_X9_62_prime_field)
420         {
421                 /* TODO : optimal method for the curve */
422                 meth = EC_GFp_mont_method();
423                 if ((ret->group = EC_GROUP_new(meth)) == NULL) goto err;
424                 if (params->fieldID->parameters->type != V_ASN1_INTEGER)
425                         OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_ASN1_TYPE)
426                 if (!params->fieldID->parameters->value.integer)
427                         OPENSSL_ECDSA_ABORT(ECDSA_R_PRIME_MISSING)
428                 if ((tmp_1 = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL)) == NULL)
429                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
430                 if (!params->curve)
431                         OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_SPECIFIED)
432                 if (!params->curve->a || !params->curve->a->data)
433                         OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_PARAMETER_A_SPECIFIED)
434                 if ((tmp_2 = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL)) == NULL)
435                         OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
436                 if (!params->curve->b || !params->curve->b->data)
437                         OPENSSL_ECDSA_ABORT(ECDSA_R_NO_CURVE_PARAMETER_B_SPECIFIED)
438                 if ((tmp_3 = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL)) == NULL)
439                         OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
440                 if (!EC_GROUP_set_curve_GFp(ret->group, tmp_1, tmp_2, tmp_3, NULL)) goto err;
441                 if ((point = EC_POINT_new(ret->group)) == NULL) goto err;
442         }
443         else OPENSSL_ECDSA_ABORT(ECDSA_R_WRONG_FIELD_IDENTIFIER)
444         if (params->curve->seed != NULL)
445         {
446                 if (ret->seed != NULL)
447                         OPENSSL_free(ret->seed);
448                 if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL)
449                         OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
450                 memcpy(ret->seed, params->curve->seed->data, params->curve->seed->length);
451                 ret->seed_len = params->curve->seed->length;
452         }
453         if (params->version)
454         {
455                 if ((ret->version = (int)ASN1_INTEGER_get(params->version)) < 0)
456                         OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_VERSION_NUMER)
457         }
458         else
459                 ret->version  = 1;
460         if (params->order && params->cofactor && params->base && params->base->data)
461         {
462                 if ((tmp_1 = ASN1_INTEGER_to_BN(params->order, tmp_1)) == NULL)
463                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
464                 if ((tmp_2 = ASN1_INTEGER_to_BN(params->cofactor, tmp_2)) == NULL)
465                         OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
466                 if (!EC_POINT_oct2point(ret->group, point, params->base->data, 
467                                 params->base->length, NULL)) goto err;
468                 if (!EC_GROUP_set_generator(ret->group, point, tmp_1, tmp_2)) goto err;
469         }
470         ok = 1;
471
472 err:    if (!ok)
473         {
474                 ECDSAerr(ECDSA_F_ECDSA_GET, reason);
475                 if (ret && !ecdsa) ECDSA_free(ret);
476                 ret = NULL;
477         }
478         if (tmp_1)      BN_free(tmp_1);
479         if (tmp_2)      BN_free(tmp_2);
480         if (tmp_3)      BN_free(tmp_3);
481         if (point)      EC_POINT_free(point);
482         return(ret);
483 }
484
485 ECDSA *ECDSA_ecparameters2ecdsa(const EC_PARAMETERS *params, ECDSA *ecdsa)
486 {
487         ECDSA *ret = ecdsa;
488         int tmp = 0;
489         if (ret == NULL)
490                 if ((ret = ECDSA_new()) == NULL)
491                 {
492                         ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ERR_R_MALLOC_FAILURE);
493                         return NULL;
494                 }
495         if (params == NULL)
496         {
497                 ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_MISSING_PARAMETERS);
498                 ECDSA_free(ret);
499                 return NULL;
500         }
501         if (params->type == 0)
502         {
503                 if (ret->group)
504                         EC_GROUP_free(ret->group);
505                 tmp = OBJ_obj2nid(params->value.named_curve);
506                 ret->parameter_flags |= ECDSA_FLAG_NAMED_CURVE;
507                 if ((ret->group = EC_GROUP_new_by_name(tmp)) == NULL)
508                 {
509                         ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_EC_GROUP_NID2CURVE_FAILURE);
510                         ECDSA_free(ret);
511                         return NULL;
512                 }
513         }
514         else if (params->type == 1)
515         {
516                 ret = ECDSA_x9_62parameters2ecdsa(params->value.parameters, ret);
517         }
518         else if (params->type == 2)
519         {
520                 if (ret->group)
521                         EC_GROUP_free(ret->group);
522                 ret->group = NULL;
523                 ret->parameter_flags |= ECDSA_FLAG_IMPLICITLYCA;                
524         }
525         else
526         {
527                 ECDSAerr(ECDSA_F_ECDSA_GET_ECDSA, ECDSA_R_UNKNOWN_PARAMETERS_TYPE);
528                 ECDSA_free(ret);
529                 ret = NULL;
530         }
531         return ret;
532 }
533
534 ECDSA   *d2i_ECDSAParameters(ECDSA **a, const unsigned char **in, long len)
535 {
536         ECDSA           *ecdsa = (a && *a)? *a : NULL;
537         EC_PARAMETERS   *params = NULL;
538
539         if ((params = d2i_EC_PARAMETERS(NULL, in, len)) == NULL)
540         {
541                 ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, ECDSA_R_D2I_EC_PARAMETERS_FAILURE);
542                 EC_PARAMETERS_free(params);
543                 return NULL;
544         }
545         if ((ecdsa = ECDSA_ecparameters2ecdsa(params, ecdsa)) == NULL)
546         {
547                 ECDSAerr(ECDSA_F_D2I_ECDSAPARAMETERS, ECDSA_R_ECPARAMETERS2ECDSA_FAILURE);
548                 return NULL; 
549         }
550         EC_PARAMETERS_free(params);
551         return(ecdsa);  
552 }
553
554 int     i2d_ECDSAParameters(ECDSA *a, unsigned char **out)
555 {
556         int             ret=0;
557         EC_PARAMETERS   *tmp = ECDSA_get_EC_PARAMETERS(a, NULL);
558         if (tmp == NULL)
559         {
560                 ECDSAerr(ECDSA_F_I2D_ECDSAPARAMETERS, ECDSA_R_ECDSA_GET_EC_PARAMETERS_FAILURE);
561                 return 0;
562         }
563         if ((ret = i2d_EC_PARAMETERS(tmp, out)) == 0)
564         {
565                 ECDSAerr(ECDSA_F_I2D_ECDSAPARAMETERS, ECDSA_R_ECDSA_R_D2I_EC_PARAMETERS_FAILURE);
566                 EC_PARAMETERS_free(tmp);
567                 return 0;
568         }       
569         EC_PARAMETERS_free(tmp);
570         return(ret);
571 }
572
573 ECDSA   *d2i_ECDSAPrivateKey(ECDSA **a, const unsigned char **in, long len)
574 {
575         int reason=ERR_R_BN_LIB, ok=0;
576         ECDSA *ret=NULL;
577         ECDSAPrivateKey *priv_key=NULL;
578
579         if ((priv_key = ECDSAPrivateKey_new()) == NULL)
580                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
581         if ((priv_key = d2i_ecdsaPrivateKey(&priv_key, in, len)) == NULL)
582                 OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE)
583         if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, NULL)) == NULL)
584                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE)
585         ret->version = priv_key->version;
586         ret->write_params = priv_key->write_params;
587         if (priv_key->priv_key)
588         {
589                 if ((ret->priv_key = BN_dup(priv_key->priv_key)) == NULL)
590                         OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
591         }
592         else
593                 OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSAPRIVATEKEY_MISSING_PRIVATE_KEY)
594         if ((ret->pub_key = EC_POINT_new(ret->group)) == NULL)
595                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
596         if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, priv_key->pub_key->length, NULL))
597                 OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
598         ok = 1;
599 err :   if (!ok)
600         {
601                 if (ret) ECDSA_free(ret);
602                 ret = NULL;
603                 ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, reason);
604         }
605         if (priv_key)   ECDSAPrivateKey_free(priv_key);
606         return(ret);
607 }
608
609 int     i2d_ECDSAPrivateKey(ECDSA *a, unsigned char **out)
610 {
611         int ret=0, ok=0, reason=ERR_R_EC_LIB;
612         unsigned char   *buffer=NULL;
613         size_t          buf_len=0;
614         ECDSAPrivateKey *priv_key=NULL;
615
616         if (a == NULL || a->group == NULL)
617                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
618         if ((priv_key = ECDSAPrivateKey_new()) == NULL)
619                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
620         if ((priv_key->parameters = ECDSA_get_EC_PARAMETERS(a, priv_key->parameters)) == NULL)
621                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE)
622         priv_key->version      = a->version;
623         if (BN_copy(priv_key->priv_key, a->priv_key) == NULL)
624                 OPENSSL_ECDSA_ABORT(ERR_R_BN_LIB)
625         buf_len = EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL);
626         if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
627                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
628         if (!EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_COMPRESSED,
629                                 buffer, buf_len, NULL)) goto err;
630         if (!M_ASN1_OCTET_STRING_set(priv_key->pub_key, buffer, buf_len))
631                 OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
632         if ((ret = i2d_ecdsaPrivateKey(priv_key, out)) == 0)
633                 OPENSSL_ECDSA_ABORT(ECDSA_R_I2D_ECDSA_PRIVATEKEY)
634         ok=1;
635         
636 err:    if (!ok)
637                 ECDSAerr(ECDSA_F_I2D_ECDSAPRIVATEKEY, reason);
638         if (buffer)   OPENSSL_free(buffer);
639         if (priv_key) ECDSAPrivateKey_free(priv_key);   
640         return(ok?ret:0);
641 }
642
643
644 ECDSA   *d2i_ECDSAPublicKey(ECDSA **a, const unsigned char **in, long len)
645 {
646         int reason=ERR_R_BN_LIB, ok=0, ecdsa_new=1;
647         ECDSA *ret=NULL;
648         ECDSAPrivateKey *priv_key=NULL;
649
650         if (a && *a)
651         {
652                 ecdsa_new = 0;
653                 ret = *a;
654         }
655         else if ((ret = ECDSA_new()) == NULL)
656                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE); 
657         if ((priv_key = ECDSAPrivateKey_new()) == NULL)
658                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
659         if ((priv_key = d2i_ecdsaPublicKey(&priv_key, in, len)) == NULL)
660                 OPENSSL_ECDSA_ABORT(ECDSA_R_D2I_ECDSA_PRIVATEKEY_FAILURE)
661         if (priv_key->write_params == 0)
662         {
663                 if (ecdsa_new || !ret->group)
664                         OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
665                 if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
666                         OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
667                 if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data,
668                                         priv_key->pub_key->length, NULL))
669                         OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
670         }
671         else if (priv_key->write_params == 1)
672         {
673                 if ((ret = ECDSA_ecparameters2ecdsa(priv_key->parameters, ret)) == NULL)
674                         OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_FAILURE)
675                 if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
676                         OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
677                 if (!EC_POINT_oct2point(ret->group, ret->pub_key, priv_key->pub_key->data, 
678                                 priv_key->pub_key->length, NULL))
679                         OPENSSL_ECDSA_ABORT(ERR_R_EC_LIB)
680         }
681         else    OPENSSL_ECDSA_ABORT(ECDSA_R_UNEXPECTED_PARAMETER)
682         ret->write_params = 1;
683         ok = 1;
684 err :   if (!ok)
685         {
686                 if (ret && ecdsa_new) ECDSA_free(ret);
687                 ret = NULL;
688                 ECDSAerr(ECDSA_F_D2I_ECDSAPRIVATEKEY, reason);
689         }
690         if (priv_key)   ECDSAPrivateKey_free(priv_key);
691         return(ret);
692 }
693
694 int     i2d_ECDSAPublicKey(ECDSA *a, unsigned char **out)
695 {
696         int     ret=0, reason=ERR_R_EC_LIB, ok=0;
697         unsigned char   *buffer=NULL;
698         size_t          buf_len=0;
699         ECDSAPrivateKey *priv_key=NULL;
700
701         if (a == NULL) 
702                 OPENSSL_ECDSA_ABORT(ECDSA_R_MISSING_PARAMETERS)
703         if ((priv_key = ECDSAPrivateKey_new()) == NULL) 
704                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSAPRIVATEKEY_NEW_FAILURE)
705         if ((priv_key->parameters = ECDSA_get_EC_PARAMETERS(a, priv_key->parameters)) == NULL)
706                 OPENSSL_ECDSA_ABORT(ECDSA_R_ECDSA_GET_X9_62_EC_PARAMETERS_FAILURE)
707         priv_key->version = a->version;
708         priv_key->write_params = a->write_params;
709         buf_len = EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM, NULL, 0, NULL);
710         if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL)
711                 OPENSSL_ECDSA_ABORT(ERR_R_MALLOC_FAILURE)
712         if (!EC_POINT_point2oct(a->group, a->pub_key, POINT_CONVERSION_FORM,
713                                 buffer, buf_len, NULL)) goto err;
714         if (!M_ASN1_OCTET_STRING_set(priv_key->pub_key, buffer, buf_len))
715                 OPENSSL_ECDSA_ABORT(ERR_R_ASN1_LIB)
716         if ((ret = i2d_ecdsaPublicKey(priv_key, out)) == 0)
717                 OPENSSL_ECDSA_ABORT(ECDSA_R_I2D_ECDSA_PUBLICKEY)
718         ok = 1;
719
720 err:    if (!ok)
721                 ECDSAerr(ECDSA_F_I2D_ECDSAPUBLICKEY, reason);
722         if (buffer)   OPENSSL_free(buffer);
723         if (priv_key) ECDSAPrivateKey_free(priv_key);
724         return(ok?ret:0);
725 }