2
0

ec_key.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744
  1. /*
  2. * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. /*
  11. * ECDSA low level APIs are deprecated for public use, but still ok for
  12. * internal use.
  13. */
  14. #include "internal/deprecated.h"
  15. #include "internal/cryptlib.h"
  16. #include <string.h>
  17. #include "ec_local.h"
  18. #include "internal/refcount.h"
  19. #include <openssl/err.h>
  20. #include <openssl/engine.h>
  21. #ifndef FIPS_MODE
  22. EC_KEY *EC_KEY_new(void)
  23. {
  24. return ec_key_new_method_int(NULL, NULL);
  25. }
  26. #endif
  27. EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx)
  28. {
  29. return ec_key_new_method_int(ctx, NULL);
  30. }
  31. EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid)
  32. {
  33. EC_KEY *ret = EC_KEY_new_ex(ctx);
  34. if (ret == NULL)
  35. return NULL;
  36. ret->group = EC_GROUP_new_by_curve_name_ex(ctx, nid);
  37. if (ret->group == NULL) {
  38. EC_KEY_free(ret);
  39. return NULL;
  40. }
  41. if (ret->meth->set_group != NULL
  42. && ret->meth->set_group(ret, ret->group) == 0) {
  43. EC_KEY_free(ret);
  44. return NULL;
  45. }
  46. return ret;
  47. }
  48. #ifndef FIPS_MODE
  49. EC_KEY *EC_KEY_new_by_curve_name(int nid)
  50. {
  51. return EC_KEY_new_by_curve_name_ex(NULL, nid);
  52. }
  53. #endif
  54. void EC_KEY_free(EC_KEY *r)
  55. {
  56. int i;
  57. if (r == NULL)
  58. return;
  59. CRYPTO_DOWN_REF(&r->references, &i, r->lock);
  60. REF_PRINT_COUNT("EC_KEY", r);
  61. if (i > 0)
  62. return;
  63. REF_ASSERT_ISNT(i < 0);
  64. if (r->meth != NULL && r->meth->finish != NULL)
  65. r->meth->finish(r);
  66. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
  67. ENGINE_finish(r->engine);
  68. #endif
  69. if (r->group && r->group->meth->keyfinish)
  70. r->group->meth->keyfinish(r);
  71. #ifndef FIPS_MODE
  72. CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
  73. #endif
  74. CRYPTO_THREAD_lock_free(r->lock);
  75. EC_GROUP_free(r->group);
  76. EC_POINT_free(r->pub_key);
  77. BN_clear_free(r->priv_key);
  78. OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
  79. }
  80. EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
  81. {
  82. if (dest == NULL || src == NULL) {
  83. ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
  84. return NULL;
  85. }
  86. if (src->meth != dest->meth) {
  87. if (dest->meth->finish != NULL)
  88. dest->meth->finish(dest);
  89. if (dest->group && dest->group->meth->keyfinish)
  90. dest->group->meth->keyfinish(dest);
  91. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
  92. if (ENGINE_finish(dest->engine) == 0)
  93. return 0;
  94. dest->engine = NULL;
  95. #endif
  96. }
  97. dest->libctx = src->libctx;
  98. /* copy the parameters */
  99. if (src->group != NULL) {
  100. const EC_METHOD *meth = EC_GROUP_method_of(src->group);
  101. /* clear the old group */
  102. EC_GROUP_free(dest->group);
  103. dest->group = EC_GROUP_new_ex(src->libctx, meth);
  104. if (dest->group == NULL)
  105. return NULL;
  106. if (!EC_GROUP_copy(dest->group, src->group))
  107. return NULL;
  108. /* copy the public key */
  109. if (src->pub_key != NULL) {
  110. EC_POINT_free(dest->pub_key);
  111. dest->pub_key = EC_POINT_new(src->group);
  112. if (dest->pub_key == NULL)
  113. return NULL;
  114. if (!EC_POINT_copy(dest->pub_key, src->pub_key))
  115. return NULL;
  116. }
  117. /* copy the private key */
  118. if (src->priv_key != NULL) {
  119. if (dest->priv_key == NULL) {
  120. dest->priv_key = BN_new();
  121. if (dest->priv_key == NULL)
  122. return NULL;
  123. }
  124. if (!BN_copy(dest->priv_key, src->priv_key))
  125. return NULL;
  126. if (src->group->meth->keycopy
  127. && src->group->meth->keycopy(dest, src) == 0)
  128. return NULL;
  129. }
  130. }
  131. /* copy the rest */
  132. dest->enc_flag = src->enc_flag;
  133. dest->conv_form = src->conv_form;
  134. dest->version = src->version;
  135. dest->flags = src->flags;
  136. #ifndef FIPS_MODE
  137. if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
  138. &dest->ex_data, &src->ex_data))
  139. return NULL;
  140. #endif
  141. if (src->meth != dest->meth) {
  142. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
  143. if (src->engine != NULL && ENGINE_init(src->engine) == 0)
  144. return NULL;
  145. dest->engine = src->engine;
  146. #endif
  147. dest->meth = src->meth;
  148. }
  149. if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
  150. return NULL;
  151. return dest;
  152. }
  153. EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
  154. {
  155. EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->engine);
  156. if (ret == NULL)
  157. return NULL;
  158. if (EC_KEY_copy(ret, ec_key) == NULL) {
  159. EC_KEY_free(ret);
  160. return NULL;
  161. }
  162. return ret;
  163. }
  164. int EC_KEY_up_ref(EC_KEY *r)
  165. {
  166. int i;
  167. if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
  168. return 0;
  169. REF_PRINT_COUNT("EC_KEY", r);
  170. REF_ASSERT_ISNT(i < 2);
  171. return ((i > 1) ? 1 : 0);
  172. }
  173. ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey)
  174. {
  175. return eckey->engine;
  176. }
  177. int EC_KEY_generate_key(EC_KEY *eckey)
  178. {
  179. if (eckey == NULL || eckey->group == NULL) {
  180. ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
  181. return 0;
  182. }
  183. if (eckey->meth->keygen != NULL)
  184. return eckey->meth->keygen(eckey);
  185. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
  186. return 0;
  187. }
  188. int ossl_ec_key_gen(EC_KEY *eckey)
  189. {
  190. return eckey->group->meth->keygen(eckey);
  191. }
  192. /*
  193. * ECC Key generation.
  194. * See SP800-56AR3 5.6.1.2.2 "Key Pair Generation by Testing Candidates"
  195. *
  196. * Params:
  197. * eckey An EC key object that contains domain params. The generated keypair
  198. * is stored in this object.
  199. * Returns 1 if the keypair was generated or 0 otherwise.
  200. */
  201. int ec_key_simple_generate_key(EC_KEY *eckey)
  202. {
  203. int ok = 0;
  204. BIGNUM *priv_key = NULL;
  205. const BIGNUM *order = NULL;
  206. EC_POINT *pub_key = NULL;
  207. const EC_GROUP *group = eckey->group;
  208. BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx);
  209. if (ctx == NULL)
  210. goto err;
  211. if (eckey->priv_key == NULL) {
  212. priv_key = BN_secure_new();
  213. if (priv_key == NULL)
  214. goto err;
  215. } else
  216. priv_key = eckey->priv_key;
  217. /*
  218. * Steps (1-2): Check domain parameters and security strength.
  219. * These steps must be done by the user. This would need to be
  220. * stated in the security policy.
  221. */
  222. order = EC_GROUP_get0_order(group);
  223. if (order == NULL)
  224. goto err;
  225. /*
  226. * Steps (3-7): priv_key = DRBG_RAND(order_n_bits) (range [1, n-1]).
  227. * Although this is slightly different from the standard, it is effectively
  228. * equivalent as it gives an unbiased result ranging from 1..n-1. It is also
  229. * faster as the standard needs to retry more often. Also doing
  230. * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into
  231. * rand so the simpler backward compatible method has been used here.
  232. */
  233. do
  234. if (!BN_priv_rand_range_ex(priv_key, order, ctx))
  235. goto err;
  236. while (BN_is_zero(priv_key)) ;
  237. if (eckey->pub_key == NULL) {
  238. pub_key = EC_POINT_new(group);
  239. if (pub_key == NULL)
  240. goto err;
  241. } else
  242. pub_key = eckey->pub_key;
  243. /* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */
  244. if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
  245. goto err;
  246. eckey->priv_key = priv_key;
  247. eckey->pub_key = pub_key;
  248. priv_key = NULL;
  249. pub_key = NULL;
  250. ok = 1;
  251. err:
  252. /* Step (9): If there is an error return an invalid keypair. */
  253. if (!ok) {
  254. BN_clear(eckey->priv_key);
  255. if (eckey->pub_key != NULL)
  256. EC_POINT_set_to_infinity(group, eckey->pub_key);
  257. }
  258. EC_POINT_free(pub_key);
  259. BN_clear_free(priv_key);
  260. BN_CTX_free(ctx);
  261. return ok;
  262. }
  263. int ec_key_simple_generate_public_key(EC_KEY *eckey)
  264. {
  265. /*
  266. * See SP800-56AR3 5.6.1.2.2: Step (8)
  267. * pub_key = priv_key * G (where G is a point on the curve)
  268. */
  269. return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
  270. NULL, NULL);
  271. }
  272. int EC_KEY_check_key(const EC_KEY *eckey)
  273. {
  274. if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
  275. ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
  276. return 0;
  277. }
  278. if (eckey->group->meth->keycheck == NULL) {
  279. ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  280. return 0;
  281. }
  282. return eckey->group->meth->keycheck(eckey);
  283. }
  284. /*
  285. * Check the range of the EC public key.
  286. * See SP800-56A R3 Section 5.6.2.3.3 (Part 2)
  287. * i.e.
  288. * - If q = odd prime p: Verify that xQ and yQ are integers in the
  289. * interval[0, p - 1], OR
  290. * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits.
  291. * Returns 1 if the public key has a valid range, otherwise it returns 0.
  292. */
  293. static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key)
  294. {
  295. int ret = 0;
  296. BIGNUM *x, *y;
  297. BN_CTX_start(ctx);
  298. x = BN_CTX_get(ctx);
  299. y = BN_CTX_get(ctx);
  300. if (y == NULL)
  301. goto err;
  302. if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx))
  303. goto err;
  304. if (EC_METHOD_get_field_type(key->group->meth) == NID_X9_62_prime_field) {
  305. if (BN_is_negative(x)
  306. || BN_cmp(x, key->group->field) >= 0
  307. || BN_is_negative(y)
  308. || BN_cmp(y, key->group->field) >= 0) {
  309. goto err;
  310. }
  311. } else {
  312. int m = EC_GROUP_get_degree(key->group);
  313. if (BN_num_bits(x) > m || BN_num_bits(y) > m) {
  314. goto err;
  315. }
  316. }
  317. ret = 1;
  318. err:
  319. BN_CTX_end(ctx);
  320. return ret;
  321. }
  322. /*
  323. * ECC Key validation as specified in SP800-56A R3.
  324. * Section 5.6.2.3.3 ECC Full Public-Key Validation
  325. * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity
  326. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
  327. * NOTES:
  328. * Before calling this method in fips mode, there should be an assurance that
  329. * an approved elliptic-curve group is used.
  330. * Returns 1 if the key is valid, otherwise it returns 0.
  331. */
  332. int ec_key_simple_check_key(const EC_KEY *eckey)
  333. {
  334. int ok = 0;
  335. BN_CTX *ctx = NULL;
  336. const BIGNUM *order = NULL;
  337. EC_POINT *point = NULL;
  338. if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
  339. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
  340. return 0;
  341. }
  342. /* 5.6.2.3.3 (Step 1): Q != infinity */
  343. if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
  344. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
  345. goto err;
  346. }
  347. if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL)
  348. goto err;
  349. if ((point = EC_POINT_new(eckey->group)) == NULL)
  350. goto err;
  351. /* 5.6.2.3.3 (Step 2) Test if the public key is in range */
  352. if (!ec_key_public_range_check(ctx, eckey)) {
  353. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_COORDINATES_OUT_OF_RANGE);
  354. goto err;
  355. }
  356. /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */
  357. if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
  358. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
  359. goto err;
  360. }
  361. order = eckey->group->order;
  362. if (BN_is_zero(order)) {
  363. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
  364. goto err;
  365. }
  366. /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */
  367. if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
  368. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
  369. goto err;
  370. }
  371. if (!EC_POINT_is_at_infinity(eckey->group, point)) {
  372. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
  373. goto err;
  374. }
  375. if (eckey->priv_key != NULL) {
  376. /*
  377. * 5.6.2.1.2 Owner Assurance of Private-Key Validity
  378. * The private key is in the range [1, order-1]
  379. */
  380. if (BN_cmp(eckey->priv_key, BN_value_one()) < 0
  381. || BN_cmp(eckey->priv_key, order) >= 0) {
  382. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
  383. goto err;
  384. }
  385. /*
  386. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b)
  387. * Check if generator * priv_key = pub_key
  388. */
  389. if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
  390. NULL, NULL, ctx)) {
  391. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
  392. goto err;
  393. }
  394. if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
  395. ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
  396. goto err;
  397. }
  398. }
  399. ok = 1;
  400. err:
  401. BN_CTX_free(ctx);
  402. EC_POINT_free(point);
  403. return ok;
  404. }
  405. int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
  406. BIGNUM *y)
  407. {
  408. BN_CTX *ctx = NULL;
  409. BIGNUM *tx, *ty;
  410. EC_POINT *point = NULL;
  411. int ok = 0;
  412. if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
  413. ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
  414. ERR_R_PASSED_NULL_PARAMETER);
  415. return 0;
  416. }
  417. ctx = BN_CTX_new_ex(key->libctx);
  418. if (ctx == NULL)
  419. return 0;
  420. BN_CTX_start(ctx);
  421. point = EC_POINT_new(key->group);
  422. if (point == NULL)
  423. goto err;
  424. tx = BN_CTX_get(ctx);
  425. ty = BN_CTX_get(ctx);
  426. if (ty == NULL)
  427. goto err;
  428. if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
  429. goto err;
  430. if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
  431. goto err;
  432. /*
  433. * Check if retrieved coordinates match originals. The range check is done
  434. * inside EC_KEY_check_key().
  435. */
  436. if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
  437. ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
  438. EC_R_COORDINATES_OUT_OF_RANGE);
  439. goto err;
  440. }
  441. if (!EC_KEY_set_public_key(key, point))
  442. goto err;
  443. if (EC_KEY_check_key(key) == 0)
  444. goto err;
  445. ok = 1;
  446. err:
  447. BN_CTX_end(ctx);
  448. BN_CTX_free(ctx);
  449. EC_POINT_free(point);
  450. return ok;
  451. }
  452. const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
  453. {
  454. return key->group;
  455. }
  456. int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
  457. {
  458. if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
  459. return 0;
  460. EC_GROUP_free(key->group);
  461. key->group = EC_GROUP_dup(group);
  462. return (key->group == NULL) ? 0 : 1;
  463. }
  464. const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
  465. {
  466. return key->priv_key;
  467. }
  468. int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
  469. {
  470. if (key->group == NULL || key->group->meth == NULL)
  471. return 0;
  472. if (key->group->meth->set_private != NULL
  473. && key->group->meth->set_private(key, priv_key) == 0)
  474. return 0;
  475. if (key->meth->set_private != NULL
  476. && key->meth->set_private(key, priv_key) == 0)
  477. return 0;
  478. BN_clear_free(key->priv_key);
  479. key->priv_key = BN_dup(priv_key);
  480. return (key->priv_key == NULL) ? 0 : 1;
  481. }
  482. const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
  483. {
  484. return key->pub_key;
  485. }
  486. int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
  487. {
  488. if (key->meth->set_public != NULL
  489. && key->meth->set_public(key, pub_key) == 0)
  490. return 0;
  491. EC_POINT_free(key->pub_key);
  492. key->pub_key = EC_POINT_dup(pub_key, key->group);
  493. return (key->pub_key == NULL) ? 0 : 1;
  494. }
  495. unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
  496. {
  497. return key->enc_flag;
  498. }
  499. void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
  500. {
  501. key->enc_flag = flags;
  502. }
  503. point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
  504. {
  505. return key->conv_form;
  506. }
  507. void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
  508. {
  509. key->conv_form = cform;
  510. if (key->group != NULL)
  511. EC_GROUP_set_point_conversion_form(key->group, cform);
  512. }
  513. void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
  514. {
  515. if (key->group != NULL)
  516. EC_GROUP_set_asn1_flag(key->group, flag);
  517. }
  518. int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
  519. {
  520. if (key->group == NULL)
  521. return 0;
  522. return EC_GROUP_precompute_mult(key->group, ctx);
  523. }
  524. int EC_KEY_get_flags(const EC_KEY *key)
  525. {
  526. return key->flags;
  527. }
  528. void EC_KEY_set_flags(EC_KEY *key, int flags)
  529. {
  530. key->flags |= flags;
  531. }
  532. void EC_KEY_clear_flags(EC_KEY *key, int flags)
  533. {
  534. key->flags &= ~flags;
  535. }
  536. size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
  537. unsigned char **pbuf, BN_CTX *ctx)
  538. {
  539. if (key == NULL || key->pub_key == NULL || key->group == NULL)
  540. return 0;
  541. return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx);
  542. }
  543. int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
  544. BN_CTX *ctx)
  545. {
  546. if (key == NULL || key->group == NULL)
  547. return 0;
  548. if (key->pub_key == NULL)
  549. key->pub_key = EC_POINT_new(key->group);
  550. if (key->pub_key == NULL)
  551. return 0;
  552. if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
  553. return 0;
  554. /*
  555. * Save the point conversion form.
  556. * For non-custom curves the first octet of the buffer (excluding
  557. * the last significant bit) contains the point conversion form.
  558. * EC_POINT_oct2point() has already performed sanity checking of
  559. * the buffer so we know it is valid.
  560. */
  561. if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
  562. key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
  563. return 1;
  564. }
  565. size_t EC_KEY_priv2oct(const EC_KEY *eckey,
  566. unsigned char *buf, size_t len)
  567. {
  568. if (eckey->group == NULL || eckey->group->meth == NULL)
  569. return 0;
  570. if (eckey->group->meth->priv2oct == NULL) {
  571. ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  572. return 0;
  573. }
  574. return eckey->group->meth->priv2oct(eckey, buf, len);
  575. }
  576. size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
  577. unsigned char *buf, size_t len)
  578. {
  579. size_t buf_len;
  580. buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
  581. if (eckey->priv_key == NULL)
  582. return 0;
  583. if (buf == NULL)
  584. return buf_len;
  585. else if (len < buf_len)
  586. return 0;
  587. /* Octetstring may need leading zeros if BN is to short */
  588. if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
  589. ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
  590. return 0;
  591. }
  592. return buf_len;
  593. }
  594. int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
  595. {
  596. if (eckey->group == NULL || eckey->group->meth == NULL)
  597. return 0;
  598. if (eckey->group->meth->oct2priv == NULL) {
  599. ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  600. return 0;
  601. }
  602. return eckey->group->meth->oct2priv(eckey, buf, len);
  603. }
  604. int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
  605. {
  606. if (eckey->priv_key == NULL)
  607. eckey->priv_key = BN_secure_new();
  608. if (eckey->priv_key == NULL) {
  609. ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
  610. return 0;
  611. }
  612. eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
  613. if (eckey->priv_key == NULL) {
  614. ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
  615. return 0;
  616. }
  617. return 1;
  618. }
  619. size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
  620. {
  621. size_t len;
  622. unsigned char *buf;
  623. len = EC_KEY_priv2oct(eckey, NULL, 0);
  624. if (len == 0)
  625. return 0;
  626. if ((buf = OPENSSL_malloc(len)) == NULL) {
  627. ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
  628. return 0;
  629. }
  630. len = EC_KEY_priv2oct(eckey, buf, len);
  631. if (len == 0) {
  632. OPENSSL_free(buf);
  633. return 0;
  634. }
  635. *pbuf = buf;
  636. return len;
  637. }
  638. int EC_KEY_can_sign(const EC_KEY *eckey)
  639. {
  640. if (eckey->group == NULL || eckey->group->meth == NULL
  641. || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
  642. return 0;
  643. return 1;
  644. }