/[smecontribs]/rpms/openssl3/contribs10/ec_curve.c
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/ec_curve.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:55 2024 UTC (10 months ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Content type: text/plain
Initial import

1 jpp 1.1 /*
2     * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
3     * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4     *
5     * Licensed under the Apache License 2.0 (the "License"). You may not use
6     * this file except in compliance with the License. You can obtain a copy
7     * in the file LICENSE in the source distribution or at
8     * https://www.openssl.org/source/license.html
9     */
10    
11     /*
12     * ECDSA low level APIs are deprecated for public use, but still ok for
13     * internal use.
14     */
15     #include "internal/deprecated.h"
16    
17     #include <string.h>
18     #include "ec_local.h"
19     #include <openssl/err.h>
20     #include <openssl/obj_mac.h>
21     #include <openssl/objects.h>
22     #include <openssl/opensslconf.h>
23     #include "internal/nelem.h"
24    
25     typedef struct {
26     int field_type, /* either NID_X9_62_prime_field or
27     * NID_X9_62_characteristic_two_field */
28     seed_len, param_len;
29     unsigned int cofactor; /* promoted to BN_ULONG */
30     } EC_CURVE_DATA;
31    
32     /* the nist prime curves */
33     static const struct {
34     EC_CURVE_DATA h;
35     unsigned char data[20 + 28 * 6];
36     } _EC_NIST_PRIME_224 = {
37     {
38     NID_X9_62_prime_field, 20, 28, 1
39     },
40     {
41     /* seed */
42     0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
43     0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
44     /* p */
45     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
46     0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
47     0x00, 0x00, 0x00, 0x01,
48     /* a */
49     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
50     0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
51     0xFF, 0xFF, 0xFF, 0xFE,
52     /* b */
53     0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
54     0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
55     0x23, 0x55, 0xFF, 0xB4,
56     /* x */
57     0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
58     0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
59     0x11, 0x5C, 0x1D, 0x21,
60     /* y */
61     0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
62     0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
63     0x85, 0x00, 0x7e, 0x34,
64     /* order */
65     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
66     0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
67     0x5C, 0x5C, 0x2A, 0x3D
68     }
69     };
70    
71     static const struct {
72     EC_CURVE_DATA h;
73     unsigned char data[20 + 48 * 6];
74     } _EC_NIST_PRIME_384 = {
75     {
76     NID_X9_62_prime_field, 20, 48, 1
77     },
78     {
79     /* seed */
80     0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
81     0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
82     /* p */
83     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
84     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
85     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
86     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
87     /* a */
88     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
89     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
90     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
91     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
92     /* b */
93     0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
94     0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
95     0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
96     0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
97     /* x */
98     0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
99     0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
100     0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
101     0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
102     /* y */
103     0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
104     0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
105     0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
106     0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
107     /* order */
108     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
109     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
110     0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
111     0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
112     }
113     };
114    
115     static const struct {
116     EC_CURVE_DATA h;
117     unsigned char data[20 + 66 * 6];
118     } _EC_NIST_PRIME_521 = {
119     {
120     NID_X9_62_prime_field, 20, 66, 1
121     },
122     {
123     /* seed */
124     0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
125     0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
126     /* p */
127     0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
129     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
131     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
132     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
133     /* a */
134     0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
135     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
136     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
137     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
138     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
139     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
140     /* b */
141     0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
142     0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
143     0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
144     0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
145     0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
146     0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
147     /* x */
148     0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
149     0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
150     0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
151     0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
152     0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
153     0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
154     /* y */
155     0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
156     0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
157     0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
158     0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
159     0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
160     0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
161     /* order */
162     0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
163     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
164     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
165     0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
166     0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
167     0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
168     }
169     };
170    
171     static const struct {
172     EC_CURVE_DATA h;
173     unsigned char data[20 + 32 * 6];
174     } _EC_X9_62_PRIME_256V1 = {
175     {
176     NID_X9_62_prime_field, 20, 32, 1
177     },
178     {
179     /* seed */
180     0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
181     0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
182     /* p */
183     0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
184     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
185     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
186     /* a */
187     0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
188     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
189     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
190     /* b */
191     0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
192     0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
193     0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
194     /* x */
195     0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
196     0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
197     0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
198     /* y */
199     0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
200     0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
201     0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
202     /* order */
203     0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
204     0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
205     0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
206     }
207     };
208    
209     static const struct {
210     EC_CURVE_DATA h;
211     unsigned char data[0 + 32 * 6];
212     } _EC_SECG_PRIME_256K1 = {
213     {
214     NID_X9_62_prime_field, 0, 32, 1
215     },
216     {
217     /* no seed */
218     /* p */
219     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
220     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
221     0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
222     /* a */
223     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
224     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226     /* b */
227     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
228     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
229     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
230     /* x */
231     0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
232     0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
233     0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
234     /* y */
235     0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
236     0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
237     0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
238     /* order */
239     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
240     0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
241     0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
242     }
243     };
244    
245     typedef struct _ec_list_element_st {
246     int nid;
247     const EC_CURVE_DATA *data;
248     const EC_METHOD *(*meth) (void);
249     const char *comment;
250     } ec_list_element;
251    
252     #ifdef FIPS_MODULE
253     static const ec_list_element curve_list[] = {
254     /* prime field curves */
255     /* secg curves */
256     {NID_secp224r1, &_EC_NIST_PRIME_224.h,
257     # if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
258     EC_GFp_nistp224_method,
259     # else
260     0,
261     # endif
262     "NIST/SECG curve over a 224 bit prime field"},
263     /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
264     {NID_secp384r1, &_EC_NIST_PRIME_384.h,
265     # if defined(S390X_EC_ASM)
266     EC_GFp_s390x_nistp384_method,
267     # else
268     0,
269     # endif
270     "NIST/SECG curve over a 384 bit prime field"},
271    
272     {NID_secp521r1, &_EC_NIST_PRIME_521.h,
273     # if defined(S390X_EC_ASM)
274     EC_GFp_s390x_nistp521_method,
275     # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
276     EC_GFp_nistp521_method,
277     # else
278     0,
279     # endif
280     "NIST/SECG curve over a 521 bit prime field"},
281    
282     /* X9.62 curves */
283     {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
284     # if defined(ECP_NISTZ256_ASM)
285     EC_GFp_nistz256_method,
286     # elif defined(S390X_EC_ASM)
287     EC_GFp_s390x_nistp256_method,
288     # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
289     EC_GFp_nistp256_method,
290     # else
291     0,
292     # endif
293     "X9.62/SECG curve over a 256 bit prime field"},
294     };
295    
296     #else
297    
298     static const ec_list_element curve_list[] = {
299     /* prime field curves */
300     /* secg curves */
301     # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
302     {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
303     "NIST/SECG curve over a 224 bit prime field"},
304     # else
305     {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
306     "NIST/SECG curve over a 224 bit prime field"},
307     # endif
308     {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
309     "SECG curve over a 256 bit prime field"},
310     /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
311     {NID_secp384r1, &_EC_NIST_PRIME_384.h,
312     # if defined(S390X_EC_ASM)
313     EC_GFp_s390x_nistp384_method,
314     # else
315     0,
316     # endif
317     "NIST/SECG curve over a 384 bit prime field"},
318     {NID_secp521r1, &_EC_NIST_PRIME_521.h,
319     # if defined(S390X_EC_ASM)
320     EC_GFp_s390x_nistp521_method,
321     # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
322     EC_GFp_nistp521_method,
323     # else
324     0,
325     # endif
326     "NIST/SECG curve over a 521 bit prime field"},
327     /* X9.62 curves */
328     {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
329     # if defined(ECP_NISTZ256_ASM)
330     EC_GFp_nistz256_method,
331     # elif defined(S390X_EC_ASM)
332     EC_GFp_s390x_nistp256_method,
333     # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
334     EC_GFp_nistp256_method,
335     # else
336     0,
337     # endif
338     "X9.62/SECG curve over a 256 bit prime field"},
339     };
340     #endif /* FIPS_MODULE */
341    
342     #define curve_list_length OSSL_NELEM(curve_list)
343    
344     static const ec_list_element *ec_curve_nid2curve(int nid)
345     {
346     size_t i;
347    
348     if (nid <= 0)
349     return NULL;
350    
351     for (i = 0; i < curve_list_length; i++) {
352     if (curve_list[i].nid == nid)
353     return &curve_list[i];
354     }
355     return NULL;
356     }
357    
358     static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
359     const char *propq,
360     const ec_list_element curve)
361     {
362     EC_GROUP *group = NULL;
363     EC_POINT *P = NULL;
364     BN_CTX *ctx = NULL;
365     BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
366     NULL;
367     int ok = 0;
368     int seed_len, param_len;
369     const EC_METHOD *meth;
370     const EC_CURVE_DATA *data;
371     const unsigned char *params;
372    
373     /* If no curve data curve method must handle everything */
374     if (curve.data == NULL)
375     return ossl_ec_group_new_ex(libctx, propq,
376     curve.meth != NULL ? curve.meth() : NULL);
377    
378     if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
379     ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
380     goto err;
381     }
382    
383     data = curve.data;
384     seed_len = data->seed_len;
385     param_len = data->param_len;
386     params = (const unsigned char *)(data + 1); /* skip header */
387     params += seed_len; /* skip seed */
388    
389     if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
390     || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
391     || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
392     ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
393     goto err;
394     }
395    
396     if (curve.meth != 0) {
397     meth = curve.meth();
398     if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
399     (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
400     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
401     goto err;
402     }
403     } else if (data->field_type == NID_X9_62_prime_field) {
404     if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
405     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
406     goto err;
407     }
408     }
409     #ifndef OPENSSL_NO_EC2M
410     else { /* field_type ==
411     * NID_X9_62_characteristic_two_field */
412    
413     if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
414     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
415     goto err;
416     }
417     }
418     #endif
419    
420     EC_GROUP_set_curve_name(group, curve.nid);
421    
422     if ((P = EC_POINT_new(group)) == NULL) {
423     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
424     goto err;
425     }
426    
427     if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
428     || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
429     ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
430     goto err;
431     }
432     if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
433     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
434     goto err;
435     }
436     if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
437     || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
438     ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
439     goto err;
440     }
441     if (!EC_GROUP_set_generator(group, P, order, x)) {
442     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
443     goto err;
444     }
445     if (seed_len) {
446     if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
447     ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
448     goto err;
449     }
450     }
451     ok = 1;
452     err:
453     if (!ok) {
454     EC_GROUP_free(group);
455     group = NULL;
456     }
457     EC_POINT_free(P);
458     BN_CTX_free(ctx);
459     BN_free(p);
460     BN_free(a);
461     BN_free(b);
462     BN_free(order);
463     BN_free(x);
464     BN_free(y);
465     return group;
466     }
467    
468     EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
469     int nid)
470     {
471     EC_GROUP *ret = NULL;
472     const ec_list_element *curve;
473    
474     if ((curve = ec_curve_nid2curve(nid)) == NULL
475     || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
476     #ifndef FIPS_MODULE
477     ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
478     "name=%s", OBJ_nid2sn(nid));
479     #else
480     ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
481     #endif
482     return NULL;
483     }
484    
485     return ret;
486     }
487    
488     #ifndef FIPS_MODULE
489     EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
490     {
491     return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
492     }
493     #endif
494    
495     size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
496     {
497     size_t i, min;
498    
499     if (r == NULL || nitems == 0)
500     return curve_list_length;
501    
502     min = nitems < curve_list_length ? nitems : curve_list_length;
503    
504     for (i = 0; i < min; i++) {
505     r[i].nid = curve_list[i].nid;
506     r[i].comment = curve_list[i].comment;
507     }
508    
509     return curve_list_length;
510     }
511    
512     const char *EC_curve_nid2nist(int nid)
513     {
514     return ossl_ec_curve_nid2nist_int(nid);
515     }
516    
517     int EC_curve_nist2nid(const char *name)
518     {
519     return ossl_ec_curve_nist2nid_int(name);
520     }
521    
522     #define NUM_BN_FIELDS 6
523     /*
524     * Validates EC domain parameter data for known named curves.
525     * This can be used when a curve is loaded explicitly (without a curve
526     * name) or to validate that domain parameters have not been modified.
527     *
528     * Returns: The nid associated with the found named curve, or NID_undef
529     * if not found. If there was an error it returns -1.
530     */
531     int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
532     {
533     int ret = -1, nid, len, field_type, param_len;
534     size_t i, seed_len;
535     const unsigned char *seed, *params_seed, *params;
536     unsigned char *param_bytes = NULL;
537     const EC_CURVE_DATA *data;
538     const EC_POINT *generator = NULL;
539     const BIGNUM *cofactor = NULL;
540     /* An array of BIGNUMs for (p, a, b, x, y, order) */
541     BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
542    
543     /* Use the optional named curve nid as a search field */
544     nid = EC_GROUP_get_curve_name(group);
545     field_type = EC_GROUP_get_field_type(group);
546     seed_len = EC_GROUP_get_seed_len(group);
547     seed = EC_GROUP_get0_seed(group);
548     cofactor = EC_GROUP_get0_cofactor(group);
549    
550     BN_CTX_start(ctx);
551    
552     /*
553     * The built-in curves contains data fields (p, a, b, x, y, order) that are
554     * all zero-padded to be the same size. The size of the padding is
555     * determined by either the number of bytes in the field modulus (p) or the
556     * EC group order, whichever is larger.
557     */
558     param_len = BN_num_bytes(group->order);
559     len = BN_num_bytes(group->field);
560     if (len > param_len)
561     param_len = len;
562    
563     /* Allocate space to store the padded data for (p, a, b, x, y, order) */
564     param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
565     if (param_bytes == NULL)
566     goto end;
567    
568     /* Create the bignums */
569     for (i = 0; i < NUM_BN_FIELDS; ++i) {
570     if ((bn[i] = BN_CTX_get(ctx)) == NULL)
571     goto end;
572     }
573     /*
574     * Fill in the bn array with the same values as the internal curves
575     * i.e. the values are p, a, b, x, y, order.
576     */
577     /* Get p, a & b */
578     if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
579     && ((generator = EC_GROUP_get0_generator(group)) != NULL)
580     /* Get x & y */
581     && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
582     /* Get order */
583     && EC_GROUP_get_order(group, bn[5], ctx)))
584     goto end;
585    
586     /*
587     * Convert the bignum array to bytes that are joined together to form
588     * a single buffer that contains data for all fields.
589     * (p, a, b, x, y, order) are all zero padded to be the same size.
590     */
591     for (i = 0; i < NUM_BN_FIELDS; ++i) {
592     if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
593     goto end;
594     }
595    
596     for (i = 0; i < curve_list_length; i++) {
597     const ec_list_element curve = curve_list[i];
598    
599     data = curve.data;
600     /* Get the raw order byte data */
601     params_seed = (const unsigned char *)(data + 1); /* skip header */
602     params = params_seed + data->seed_len;
603    
604     /* Look for unique fields in the fixed curve data */
605     if (data->field_type == field_type
606     && param_len == data->param_len
607     && (nid <= 0 || nid == curve.nid)
608     /* check the optional cofactor (ignore if its zero) */
609     && (BN_is_zero(cofactor)
610     || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
611     /* Check the optional seed (ignore if its not set) */
612     && (data->seed_len == 0 || seed_len == 0
613     || ((size_t)data->seed_len == seed_len
614     && memcmp(params_seed, seed, seed_len) == 0))
615     /* Check that the groups params match the built-in curve params */
616     && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
617     == 0) {
618     ret = curve.nid;
619     goto end;
620     }
621     }
622     /* Gets here if the group was not found */
623     ret = NID_undef;
624     end:
625     OPENSSL_free(param_bytes);
626     BN_CTX_end(ctx);
627     return ret;
628     }

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed