/* * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * Portions originally developed by SUN MICROSYSTEMS, INC., and * contributed to the OpenSSL project. */ #include #include #include "ec_lcl.h" #include #include EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_by_curve_name(int nid) { EC_KEY *ret = EC_KEY_new(); if (ret == NULL) return NULL; ret->group = EC_GROUP_new_by_curve_name(nid); if (ret->group == NULL) { EC_KEY_free(ret); return NULL; } if (ret->meth->set_group != NULL && ret->meth->set_group(ret, ret->group) == 0) { EC_KEY_free(ret); return NULL; } return ret; } void EC_KEY_free(EC_KEY *r) { int i; if (r == NULL) return; CRYPTO_atomic_add(&r->references, -1, &i, r->lock); REF_PRINT_COUNT("EC_KEY", r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); if (r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); #endif if (r->group && r->group->meth->keyfinish) r->group->meth->keyfinish(r); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); CRYPTO_THREAD_lock_free(r->lock); EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); } EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src) { if (dest == NULL || src == NULL) { ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (src->meth != dest->meth) { if (dest->meth->finish != NULL) dest->meth->finish(dest); if (dest->group && dest->group->meth->keyfinish) dest->group->meth->keyfinish(dest); #ifndef OPENSSL_NO_ENGINE if (ENGINE_finish(dest->engine) == 0) return 0; dest->engine = NULL; #endif } /* copy the parameters */ if (src->group != NULL) { const EC_METHOD *meth = EC_GROUP_method_of(src->group); /* clear the old group */ EC_GROUP_free(dest->group); dest->group = EC_GROUP_new(meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) return NULL; } /* copy the public key */ if (src->pub_key != NULL && src->group != NULL) { EC_POINT_free(dest->pub_key); dest->pub_key = EC_POINT_new(src->group); if (dest->pub_key == NULL) return NULL; if (!EC_POINT_copy(dest->pub_key, src->pub_key)) return NULL; } /* copy the private key */ if (src->priv_key != NULL) { if (dest->priv_key == NULL) { dest->priv_key = BN_new(); if (dest->priv_key == NULL) return NULL; } if (!BN_copy(dest->priv_key, src->priv_key)) return NULL; if (src->group->meth->keycopy && src->group->meth->keycopy(dest, src) == 0) return NULL; } /* copy the rest */ dest->enc_flag = src->enc_flag; dest->conv_form = src->conv_form; dest->version = src->version; dest->flags = src->flags; if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data, &src->ex_data)) return NULL; if (src->meth != dest->meth) { #ifndef OPENSSL_NO_ENGINE if (src->engine != NULL && ENGINE_init(src->engine) == 0) return NULL; dest->engine = src->engine; #endif dest->meth = src->meth; } if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) return NULL; return dest; } EC_KEY *EC_KEY_dup(EC_KEY *ec_key) { EC_KEY *ret = EC_KEY_new_method(ec_key->engine); if (ret == NULL) return NULL; if (EC_KEY_copy(ret, ec_key) == NULL) { EC_KEY_free(ret); return NULL; } return ret; } int EC_KEY_up_ref(EC_KEY *r) { int i; if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) return 0; REF_PRINT_COUNT("EC_KEY", r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } int EC_KEY_generate_key(EC_KEY *eckey) { if (eckey == NULL || eckey->group == NULL) { ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (eckey->meth->keygen != NULL) return eckey->meth->keygen(eckey); ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } int ossl_ec_key_gen(EC_KEY *eckey) { OPENSSL_assert(eckey->group->meth->keygen != NULL); return eckey->group->meth->keygen(eckey); } int ec_key_simple_generate_key(EC_KEY *eckey) { int ok = 0; BN_CTX *ctx = NULL; BIGNUM *priv_key = NULL; const BIGNUM *order = NULL; EC_POINT *pub_key = NULL; if ((ctx = BN_CTX_new()) == NULL) goto err; if (eckey->priv_key == NULL) { priv_key = BN_new(); if (priv_key == NULL) goto err; } else priv_key = eckey->priv_key; order = EC_GROUP_get0_order(eckey->group); if (order == NULL) goto err; do if (!BN_rand_range(priv_key, order)) goto err; while (BN_is_zero(priv_key)) ; if (eckey->pub_key == NULL) { pub_key = EC_POINT_new(eckey->group); if (pub_key == NULL) goto err; } else pub_key = eckey->pub_key; if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) goto err; eckey->priv_key = priv_key; eckey->pub_key = pub_key; ok = 1; err: if (eckey->pub_key == NULL) EC_POINT_free(pub_key); if (eckey->priv_key != priv_key) BN_free(priv_key); BN_CTX_free(ctx); return ok; } int ec_key_simple_generate_public_key(EC_KEY *eckey) { return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, NULL, NULL); } int EC_KEY_check_key(const EC_KEY *eckey) { if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (eckey->group->meth->keycheck == NULL) { ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return eckey->group->meth->keycheck(eckey); } int ec_key_simple_check_key(const EC_KEY *eckey) { int ok = 0; BN_CTX *ctx = NULL; const BIGNUM *order = NULL; EC_POINT *point = NULL; if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY); goto err; } if ((ctx = BN_CTX_new()) == NULL) goto err; if ((point = EC_POINT_new(eckey->group)) == NULL) goto err; /* testing whether the pub_key is on the elliptic curve */ if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } /* testing whether pub_key * order is the point at infinity */ order = eckey->group->order; if (BN_is_zero(order)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); goto err; } if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); goto err; } if (!EC_POINT_is_at_infinity(eckey->group, point)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); goto err; } /* * in case the priv_key is present : check if generator * priv_key == * pub_key */ if (eckey->priv_key != NULL) { if (BN_cmp(eckey->priv_key, order) >= 0) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); goto err; } if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); goto err; } if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); goto err; } } ok = 1; err: BN_CTX_free(ctx); EC_POINT_free(point); return ok; } int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y) { BN_CTX *ctx = NULL; BIGNUM *tx, *ty; EC_POINT *point = NULL; int ok = 0; #ifndef OPENSSL_NO_EC2M int tmp_nid, is_char_two = 0; #endif if (key == NULL || key->group == NULL || x == NULL || y == NULL) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); return 0; } ctx = BN_CTX_new(); if (ctx == NULL) goto err; point = EC_POINT_new(key->group); if (point == NULL) goto err; tx = BN_CTX_get(ctx); ty = BN_CTX_get(ctx); if (ty == NULL) goto err; #ifndef OPENSSL_NO_EC2M tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); if (tmp_nid == NID_X9_62_characteristic_two_field) is_char_two = 1; if (is_char_two) { if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, x, y, ctx)) goto err; if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point, tx, ty, ctx)) goto err; } else #endif { if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx)) goto err; if (!EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx)) goto err; } /* * Check if retrieved coordinates match originals and are less than field * order: if not values are out of range. */ if (BN_cmp(x, tx) || BN_cmp(y, ty) || (BN_cmp(x, key->group->field) >= 0) || (BN_cmp(y, key->group->field) >= 0)) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); goto err; } if (!EC_KEY_set_public_key(key, point)) goto err; if (EC_KEY_check_key(key) == 0) goto err; ok = 1; err: BN_CTX_free(ctx); EC_POINT_free(point); return ok; } const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; } int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) { if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0) return 0; EC_GROUP_free(key->group); key->group = EC_GROUP_dup(group); return (key->group == NULL) ? 0 : 1; } const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) { return key->priv_key; } int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { if (key->group == NULL || key->group->meth == NULL) return 0; if (key->group->meth->set_private != NULL && key->group->meth->set_private(key, priv_key) == 0) return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) return 0; BN_clear_free(key->priv_key); key->priv_key = BN_dup(priv_key); return (key->priv_key == NULL) ? 0 : 1; } const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) { return key->pub_key; } int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) { if (key->meth->set_public != NULL && key->meth->set_public(key, pub_key) == 0) return 0; EC_POINT_free(key->pub_key); key->pub_key = EC_POINT_dup(pub_key, key->group); return (key->pub_key == NULL) ? 0 : 1; } unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) { return key->enc_flag; } void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) { key->enc_flag = flags; } point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) { return key->conv_form; } void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) { key->conv_form = cform; if (key->group != NULL) EC_GROUP_set_point_conversion_form(key->group, cform); } void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) { if (key->group != NULL) EC_GROUP_set_asn1_flag(key->group, flag); } int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) { if (key->group == NULL) return 0; return EC_GROUP_precompute_mult(key->group, ctx); } int EC_KEY_get_flags(const EC_KEY *key) { return key->flags; } void EC_KEY_set_flags(EC_KEY *key, int flags) { key->flags |= flags; } void EC_KEY_clear_flags(EC_KEY *key, int flags) { key->flags &= ~flags; } size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, unsigned char **pbuf, BN_CTX *ctx) { if (key == NULL || key->pub_key == NULL || key->group == NULL) return 0; return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx); } int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, BN_CTX *ctx) { if (key == NULL || key->group == NULL) return 0; if (key->pub_key == NULL) key->pub_key = EC_POINT_new(key->group); if (key->pub_key == NULL) return 0; if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) return 0; /* * Save the point conversion form. * For non-custom curves the first octet of the buffer (excluding * the last significant bit) contains the point conversion form. * EC_POINT_oct2point() has already performed sanity checking of * the buffer so we know it is valid. */ if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01); return 1; } size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len) { if (eckey->group == NULL || eckey->group->meth == NULL) return 0; if (eckey->group->meth->priv2oct == NULL) { ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return eckey->group->meth->priv2oct(eckey, buf, len); } size_t ec_key_simple_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len) { size_t buf_len; buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8; if (eckey->priv_key == NULL) return 0; if (buf == NULL) return buf_len; else if (len < buf_len) return 0; /* Octetstring may need leading zeros if BN is to short */ if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) { ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL); return 0; } return buf_len; } int EC_KEY_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len) { if (eckey->group == NULL || eckey->group->meth == NULL) return 0; if (eckey->group->meth->oct2priv == NULL) { ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return eckey->group->meth->oct2priv(eckey, buf, len); } int ec_key_simple_oct2priv(EC_KEY *eckey, unsigned char *buf, size_t len) { if (eckey->priv_key == NULL) eckey->priv_key = BN_secure_new(); if (eckey->priv_key == NULL) { ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE); return 0; } eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); if (eckey->priv_key == NULL) { ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); return 0; } return 1; } size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf) { size_t len; unsigned char *buf; len = EC_KEY_priv2oct(eckey, NULL, 0); if (len == 0) return 0; buf = OPENSSL_malloc(len); if (buf == NULL) return 0; len = EC_KEY_priv2oct(eckey, buf, len); if (len == 0) { OPENSSL_free(buf); return 0; } *pbuf = buf; return len; } int EC_KEY_can_sign(const EC_KEY *eckey) { if (eckey->group == NULL || eckey->group->meth == NULL || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN)) return 0; return 1; }