ec_key.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460
  1. /* crypto/ec/ec_key.c */
  2. /*
  3. * Written by Nils Larsch for the OpenSSL project.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * openssl-core@openssl.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * (eay@cryptsoft.com). This product includes software written by Tim
  55. * Hudson (tjh@cryptsoft.com).
  56. *
  57. */
  58. /* ====================================================================
  59. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  60. * Portions originally developed by SUN MICROSYSTEMS, INC., and
  61. * contributed to the OpenSSL project.
  62. */
  63. #include <string.h>
  64. #include "ec_lcl.h"
  65. #include <openssl/err.h>
  66. EC_KEY *EC_KEY_new(void)
  67. {
  68. EC_KEY *ret;
  69. ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
  70. if (ret == NULL) {
  71. ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
  72. return (NULL);
  73. }
  74. ret->version = 1;
  75. ret->group = NULL;
  76. ret->pub_key = NULL;
  77. ret->priv_key = NULL;
  78. ret->enc_flag = 0;
  79. ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
  80. ret->references = 1;
  81. ret->method_data = NULL;
  82. return (ret);
  83. }
  84. EC_KEY *EC_KEY_new_by_curve_name(int nid)
  85. {
  86. EC_KEY *ret = EC_KEY_new();
  87. if (ret == NULL)
  88. return NULL;
  89. ret->group = EC_GROUP_new_by_curve_name(nid);
  90. if (ret->group == NULL) {
  91. EC_KEY_free(ret);
  92. return NULL;
  93. }
  94. return ret;
  95. }
  96. void EC_KEY_free(EC_KEY *r)
  97. {
  98. int i;
  99. if (r == NULL)
  100. return;
  101. i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
  102. #ifdef REF_PRINT
  103. REF_PRINT("EC_KEY", r);
  104. #endif
  105. if (i > 0)
  106. return;
  107. #ifdef REF_CHECK
  108. if (i < 0) {
  109. fprintf(stderr, "EC_KEY_free, bad reference count\n");
  110. abort();
  111. }
  112. #endif
  113. if (r->group != NULL)
  114. EC_GROUP_free(r->group);
  115. if (r->pub_key != NULL)
  116. EC_POINT_free(r->pub_key);
  117. if (r->priv_key != NULL)
  118. BN_clear_free(r->priv_key);
  119. EC_EX_DATA_free_all_data(&r->method_data);
  120. OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
  121. OPENSSL_free(r);
  122. }
  123. EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
  124. {
  125. EC_EXTRA_DATA *d;
  126. if (dest == NULL || src == NULL) {
  127. ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
  128. return NULL;
  129. }
  130. /* copy the parameters */
  131. if (src->group) {
  132. const EC_METHOD *meth = EC_GROUP_method_of(src->group);
  133. /* clear the old group */
  134. if (dest->group)
  135. EC_GROUP_free(dest->group);
  136. dest->group = EC_GROUP_new(meth);
  137. if (dest->group == NULL)
  138. return NULL;
  139. if (!EC_GROUP_copy(dest->group, src->group))
  140. return NULL;
  141. }
  142. /* copy the public key */
  143. if (src->pub_key && src->group) {
  144. if (dest->pub_key)
  145. EC_POINT_free(dest->pub_key);
  146. dest->pub_key = EC_POINT_new(src->group);
  147. if (dest->pub_key == NULL)
  148. return NULL;
  149. if (!EC_POINT_copy(dest->pub_key, src->pub_key))
  150. return NULL;
  151. }
  152. /* copy the private key */
  153. if (src->priv_key) {
  154. if (dest->priv_key == NULL) {
  155. dest->priv_key = BN_new();
  156. if (dest->priv_key == NULL)
  157. return NULL;
  158. }
  159. if (!BN_copy(dest->priv_key, src->priv_key))
  160. return NULL;
  161. }
  162. /* copy method/extra data */
  163. EC_EX_DATA_free_all_data(&dest->method_data);
  164. for (d = src->method_data; d != NULL; d = d->next) {
  165. void *t = d->dup_func(d->data);
  166. if (t == NULL)
  167. return 0;
  168. if (!EC_EX_DATA_set_data
  169. (&dest->method_data, t, d->dup_func, d->free_func,
  170. d->clear_free_func))
  171. return 0;
  172. }
  173. /* copy the rest */
  174. dest->enc_flag = src->enc_flag;
  175. dest->conv_form = src->conv_form;
  176. dest->version = src->version;
  177. return dest;
  178. }
  179. EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
  180. {
  181. EC_KEY *ret = EC_KEY_new();
  182. if (ret == NULL)
  183. return NULL;
  184. if (EC_KEY_copy(ret, ec_key) == NULL) {
  185. EC_KEY_free(ret);
  186. return NULL;
  187. }
  188. return ret;
  189. }
  190. int EC_KEY_up_ref(EC_KEY *r)
  191. {
  192. int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
  193. #ifdef REF_PRINT
  194. REF_PRINT("EC_KEY", r);
  195. #endif
  196. #ifdef REF_CHECK
  197. if (i < 2) {
  198. fprintf(stderr, "EC_KEY_up, bad reference count\n");
  199. abort();
  200. }
  201. #endif
  202. return ((i > 1) ? 1 : 0);
  203. }
  204. int EC_KEY_generate_key(EC_KEY *eckey)
  205. {
  206. int ok = 0;
  207. BN_CTX *ctx = NULL;
  208. BIGNUM *priv_key = NULL, *order = NULL;
  209. EC_POINT *pub_key = NULL;
  210. if (!eckey || !eckey->group) {
  211. ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
  212. return 0;
  213. }
  214. if ((order = BN_new()) == NULL)
  215. goto err;
  216. if ((ctx = BN_CTX_new()) == NULL)
  217. goto err;
  218. if (eckey->priv_key == NULL) {
  219. priv_key = BN_new();
  220. if (priv_key == NULL)
  221. goto err;
  222. } else
  223. priv_key = eckey->priv_key;
  224. if (!EC_GROUP_get_order(eckey->group, order, ctx))
  225. goto err;
  226. do
  227. if (!BN_rand_range(priv_key, order))
  228. goto err;
  229. while (BN_is_zero(priv_key)) ;
  230. if (eckey->pub_key == NULL) {
  231. pub_key = EC_POINT_new(eckey->group);
  232. if (pub_key == NULL)
  233. goto err;
  234. } else
  235. pub_key = eckey->pub_key;
  236. if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
  237. goto err;
  238. eckey->priv_key = priv_key;
  239. eckey->pub_key = pub_key;
  240. ok = 1;
  241. err:
  242. if (order)
  243. BN_free(order);
  244. if (pub_key != NULL && eckey->pub_key == NULL)
  245. EC_POINT_free(pub_key);
  246. if (priv_key != NULL && eckey->priv_key == NULL)
  247. BN_free(priv_key);
  248. if (ctx != NULL)
  249. BN_CTX_free(ctx);
  250. return (ok);
  251. }
  252. int EC_KEY_check_key(const EC_KEY *eckey)
  253. {
  254. int ok = 0;
  255. BN_CTX *ctx = NULL;
  256. const BIGNUM *order = NULL;
  257. EC_POINT *point = NULL;
  258. if (!eckey || !eckey->group || !eckey->pub_key) {
  259. ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
  260. return 0;
  261. }
  262. if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
  263. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
  264. goto err;
  265. }
  266. if ((ctx = BN_CTX_new()) == NULL)
  267. goto err;
  268. if ((point = EC_POINT_new(eckey->group)) == NULL)
  269. goto err;
  270. /* testing whether the pub_key is on the elliptic curve */
  271. if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
  272. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
  273. goto err;
  274. }
  275. /* testing whether pub_key * order is the point at infinity */
  276. order = &eckey->group->order;
  277. if (BN_is_zero(order)) {
  278. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
  279. goto err;
  280. }
  281. if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
  282. ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
  283. goto err;
  284. }
  285. if (!EC_POINT_is_at_infinity(eckey->group, point)) {
  286. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
  287. goto err;
  288. }
  289. /*
  290. * in case the priv_key is present : check if generator * priv_key ==
  291. * pub_key
  292. */
  293. if (eckey->priv_key) {
  294. if (BN_cmp(eckey->priv_key, order) >= 0) {
  295. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
  296. goto err;
  297. }
  298. if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
  299. NULL, NULL, ctx)) {
  300. ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
  301. goto err;
  302. }
  303. if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
  304. ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
  305. goto err;
  306. }
  307. }
  308. ok = 1;
  309. err:
  310. if (ctx != NULL)
  311. BN_CTX_free(ctx);
  312. if (point != NULL)
  313. EC_POINT_free(point);
  314. return (ok);
  315. }
  316. const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
  317. {
  318. return key->group;
  319. }
  320. int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
  321. {
  322. if (key->group != NULL)
  323. EC_GROUP_free(key->group);
  324. key->group = EC_GROUP_dup(group);
  325. return (key->group == NULL) ? 0 : 1;
  326. }
  327. const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
  328. {
  329. return key->priv_key;
  330. }
  331. int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
  332. {
  333. if (key->priv_key)
  334. BN_clear_free(key->priv_key);
  335. key->priv_key = BN_dup(priv_key);
  336. return (key->priv_key == NULL) ? 0 : 1;
  337. }
  338. const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
  339. {
  340. return key->pub_key;
  341. }
  342. int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
  343. {
  344. if (key->pub_key != NULL)
  345. EC_POINT_free(key->pub_key);
  346. key->pub_key = EC_POINT_dup(pub_key, key->group);
  347. return (key->pub_key == NULL) ? 0 : 1;
  348. }
  349. unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
  350. {
  351. return key->enc_flag;
  352. }
  353. void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
  354. {
  355. key->enc_flag = flags;
  356. }
  357. point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
  358. {
  359. return key->conv_form;
  360. }
  361. void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
  362. {
  363. key->conv_form = cform;
  364. if (key->group != NULL)
  365. EC_GROUP_set_point_conversion_form(key->group, cform);
  366. }
  367. void *EC_KEY_get_key_method_data(EC_KEY *key,
  368. void *(*dup_func) (void *),
  369. void (*free_func) (void *),
  370. void (*clear_free_func) (void *))
  371. {
  372. void *ret;
  373. CRYPTO_r_lock(CRYPTO_LOCK_EC);
  374. ret =
  375. EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
  376. clear_free_func);
  377. CRYPTO_r_unlock(CRYPTO_LOCK_EC);
  378. return ret;
  379. }
  380. void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
  381. void *(*dup_func) (void *),
  382. void (*free_func) (void *),
  383. void (*clear_free_func) (void *))
  384. {
  385. EC_EXTRA_DATA *ex_data;
  386. CRYPTO_w_lock(CRYPTO_LOCK_EC);
  387. ex_data =
  388. EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
  389. clear_free_func);
  390. if (ex_data == NULL)
  391. EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func,
  392. clear_free_func);
  393. CRYPTO_w_unlock(CRYPTO_LOCK_EC);
  394. return ex_data;
  395. }
  396. void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
  397. {
  398. if (key->group != NULL)
  399. EC_GROUP_set_asn1_flag(key->group, flag);
  400. }
  401. int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
  402. {
  403. if (key->group == NULL)
  404. return 0;
  405. return EC_GROUP_precompute_mult(key->group, ctx);
  406. }