/[smecontribs]/rpms/openssl3/contribs10/ec_curve.c
ViewVC logotype

Contents of /rpms/openssl3/contribs10/ec_curve.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Jan 31 17:24:55 2024 UTC (9 months, 3 weeks ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Content type: text/plain
Initial import

1 /*
2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /*
12 * ECDSA low level APIs are deprecated for public use, but still ok for
13 * internal use.
14 */
15 #include "internal/deprecated.h"
16
17 #include <string.h>
18 #include "ec_local.h"
19 #include <openssl/err.h>
20 #include <openssl/obj_mac.h>
21 #include <openssl/objects.h>
22 #include <openssl/opensslconf.h>
23 #include "internal/nelem.h"
24
25 typedef struct {
26 int field_type, /* either NID_X9_62_prime_field or
27 * NID_X9_62_characteristic_two_field */
28 seed_len, param_len;
29 unsigned int cofactor; /* promoted to BN_ULONG */
30 } EC_CURVE_DATA;
31
32 /* the nist prime curves */
33 static const struct {
34 EC_CURVE_DATA h;
35 unsigned char data[20 + 28 * 6];
36 } _EC_NIST_PRIME_224 = {
37 {
38 NID_X9_62_prime_field, 20, 28, 1
39 },
40 {
41 /* seed */
42 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
43 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
44 /* p */
45 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
46 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
47 0x00, 0x00, 0x00, 0x01,
48 /* a */
49 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
50 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
51 0xFF, 0xFF, 0xFF, 0xFE,
52 /* b */
53 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
54 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
55 0x23, 0x55, 0xFF, 0xB4,
56 /* x */
57 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
58 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
59 0x11, 0x5C, 0x1D, 0x21,
60 /* y */
61 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
62 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
63 0x85, 0x00, 0x7e, 0x34,
64 /* order */
65 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
66 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
67 0x5C, 0x5C, 0x2A, 0x3D
68 }
69 };
70
71 static const struct {
72 EC_CURVE_DATA h;
73 unsigned char data[20 + 48 * 6];
74 } _EC_NIST_PRIME_384 = {
75 {
76 NID_X9_62_prime_field, 20, 48, 1
77 },
78 {
79 /* seed */
80 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
81 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
82 /* p */
83 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
84 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
85 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
86 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
87 /* a */
88 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
89 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
90 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
91 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
92 /* b */
93 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
94 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
95 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
96 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
97 /* x */
98 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
99 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
100 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
101 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
102 /* y */
103 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
104 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
105 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
106 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
107 /* order */
108 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
109 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
110 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
111 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
112 }
113 };
114
115 static const struct {
116 EC_CURVE_DATA h;
117 unsigned char data[20 + 66 * 6];
118 } _EC_NIST_PRIME_521 = {
119 {
120 NID_X9_62_prime_field, 20, 66, 1
121 },
122 {
123 /* seed */
124 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
125 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
126 /* p */
127 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
128 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
129 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
130 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
131 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
132 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
133 /* a */
134 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
135 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
136 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
137 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
139 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
140 /* b */
141 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
142 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
143 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
144 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
145 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
146 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
147 /* x */
148 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
149 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
150 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
151 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
152 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
153 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
154 /* y */
155 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
156 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
157 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
158 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
159 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
160 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
161 /* order */
162 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
163 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
164 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
165 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
166 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
167 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
168 }
169 };
170
171 static const struct {
172 EC_CURVE_DATA h;
173 unsigned char data[20 + 32 * 6];
174 } _EC_X9_62_PRIME_256V1 = {
175 {
176 NID_X9_62_prime_field, 20, 32, 1
177 },
178 {
179 /* seed */
180 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
181 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
182 /* p */
183 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
184 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
185 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
186 /* a */
187 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
188 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
189 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
190 /* b */
191 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
192 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
193 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
194 /* x */
195 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
196 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
197 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
198 /* y */
199 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
200 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
201 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
202 /* order */
203 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
204 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
205 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
206 }
207 };
208
209 static const struct {
210 EC_CURVE_DATA h;
211 unsigned char data[0 + 32 * 6];
212 } _EC_SECG_PRIME_256K1 = {
213 {
214 NID_X9_62_prime_field, 0, 32, 1
215 },
216 {
217 /* no seed */
218 /* p */
219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
221 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
222 /* a */
223 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226 /* b */
227 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
228 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
229 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
230 /* x */
231 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
232 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
233 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
234 /* y */
235 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
236 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
237 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
238 /* order */
239 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
240 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
241 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
242 }
243 };
244
245 typedef struct _ec_list_element_st {
246 int nid;
247 const EC_CURVE_DATA *data;
248 const EC_METHOD *(*meth) (void);
249 const char *comment;
250 } ec_list_element;
251
252 #ifdef FIPS_MODULE
253 static const ec_list_element curve_list[] = {
254 /* prime field curves */
255 /* secg curves */
256 {NID_secp224r1, &_EC_NIST_PRIME_224.h,
257 # if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
258 EC_GFp_nistp224_method,
259 # else
260 0,
261 # endif
262 "NIST/SECG curve over a 224 bit prime field"},
263 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
264 {NID_secp384r1, &_EC_NIST_PRIME_384.h,
265 # if defined(S390X_EC_ASM)
266 EC_GFp_s390x_nistp384_method,
267 # else
268 0,
269 # endif
270 "NIST/SECG curve over a 384 bit prime field"},
271
272 {NID_secp521r1, &_EC_NIST_PRIME_521.h,
273 # if defined(S390X_EC_ASM)
274 EC_GFp_s390x_nistp521_method,
275 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
276 EC_GFp_nistp521_method,
277 # else
278 0,
279 # endif
280 "NIST/SECG curve over a 521 bit prime field"},
281
282 /* X9.62 curves */
283 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
284 # if defined(ECP_NISTZ256_ASM)
285 EC_GFp_nistz256_method,
286 # elif defined(S390X_EC_ASM)
287 EC_GFp_s390x_nistp256_method,
288 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
289 EC_GFp_nistp256_method,
290 # else
291 0,
292 # endif
293 "X9.62/SECG curve over a 256 bit prime field"},
294 };
295
296 #else
297
298 static const ec_list_element curve_list[] = {
299 /* prime field curves */
300 /* secg curves */
301 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
302 {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
303 "NIST/SECG curve over a 224 bit prime field"},
304 # else
305 {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
306 "NIST/SECG curve over a 224 bit prime field"},
307 # endif
308 {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
309 "SECG curve over a 256 bit prime field"},
310 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
311 {NID_secp384r1, &_EC_NIST_PRIME_384.h,
312 # if defined(S390X_EC_ASM)
313 EC_GFp_s390x_nistp384_method,
314 # else
315 0,
316 # endif
317 "NIST/SECG curve over a 384 bit prime field"},
318 {NID_secp521r1, &_EC_NIST_PRIME_521.h,
319 # if defined(S390X_EC_ASM)
320 EC_GFp_s390x_nistp521_method,
321 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
322 EC_GFp_nistp521_method,
323 # else
324 0,
325 # endif
326 "NIST/SECG curve over a 521 bit prime field"},
327 /* X9.62 curves */
328 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
329 # if defined(ECP_NISTZ256_ASM)
330 EC_GFp_nistz256_method,
331 # elif defined(S390X_EC_ASM)
332 EC_GFp_s390x_nistp256_method,
333 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
334 EC_GFp_nistp256_method,
335 # else
336 0,
337 # endif
338 "X9.62/SECG curve over a 256 bit prime field"},
339 };
340 #endif /* FIPS_MODULE */
341
342 #define curve_list_length OSSL_NELEM(curve_list)
343
344 static const ec_list_element *ec_curve_nid2curve(int nid)
345 {
346 size_t i;
347
348 if (nid <= 0)
349 return NULL;
350
351 for (i = 0; i < curve_list_length; i++) {
352 if (curve_list[i].nid == nid)
353 return &curve_list[i];
354 }
355 return NULL;
356 }
357
358 static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
359 const char *propq,
360 const ec_list_element curve)
361 {
362 EC_GROUP *group = NULL;
363 EC_POINT *P = NULL;
364 BN_CTX *ctx = NULL;
365 BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
366 NULL;
367 int ok = 0;
368 int seed_len, param_len;
369 const EC_METHOD *meth;
370 const EC_CURVE_DATA *data;
371 const unsigned char *params;
372
373 /* If no curve data curve method must handle everything */
374 if (curve.data == NULL)
375 return ossl_ec_group_new_ex(libctx, propq,
376 curve.meth != NULL ? curve.meth() : NULL);
377
378 if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
379 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
380 goto err;
381 }
382
383 data = curve.data;
384 seed_len = data->seed_len;
385 param_len = data->param_len;
386 params = (const unsigned char *)(data + 1); /* skip header */
387 params += seed_len; /* skip seed */
388
389 if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
390 || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
391 || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
392 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
393 goto err;
394 }
395
396 if (curve.meth != 0) {
397 meth = curve.meth();
398 if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
399 (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
400 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
401 goto err;
402 }
403 } else if (data->field_type == NID_X9_62_prime_field) {
404 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
405 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
406 goto err;
407 }
408 }
409 #ifndef OPENSSL_NO_EC2M
410 else { /* field_type ==
411 * NID_X9_62_characteristic_two_field */
412
413 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
414 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
415 goto err;
416 }
417 }
418 #endif
419
420 EC_GROUP_set_curve_name(group, curve.nid);
421
422 if ((P = EC_POINT_new(group)) == NULL) {
423 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
424 goto err;
425 }
426
427 if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
428 || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
429 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
430 goto err;
431 }
432 if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
433 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
434 goto err;
435 }
436 if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
437 || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
438 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
439 goto err;
440 }
441 if (!EC_GROUP_set_generator(group, P, order, x)) {
442 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
443 goto err;
444 }
445 if (seed_len) {
446 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
447 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
448 goto err;
449 }
450 }
451 ok = 1;
452 err:
453 if (!ok) {
454 EC_GROUP_free(group);
455 group = NULL;
456 }
457 EC_POINT_free(P);
458 BN_CTX_free(ctx);
459 BN_free(p);
460 BN_free(a);
461 BN_free(b);
462 BN_free(order);
463 BN_free(x);
464 BN_free(y);
465 return group;
466 }
467
468 EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
469 int nid)
470 {
471 EC_GROUP *ret = NULL;
472 const ec_list_element *curve;
473
474 if ((curve = ec_curve_nid2curve(nid)) == NULL
475 || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
476 #ifndef FIPS_MODULE
477 ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
478 "name=%s", OBJ_nid2sn(nid));
479 #else
480 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
481 #endif
482 return NULL;
483 }
484
485 return ret;
486 }
487
488 #ifndef FIPS_MODULE
489 EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
490 {
491 return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
492 }
493 #endif
494
495 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
496 {
497 size_t i, min;
498
499 if (r == NULL || nitems == 0)
500 return curve_list_length;
501
502 min = nitems < curve_list_length ? nitems : curve_list_length;
503
504 for (i = 0; i < min; i++) {
505 r[i].nid = curve_list[i].nid;
506 r[i].comment = curve_list[i].comment;
507 }
508
509 return curve_list_length;
510 }
511
512 const char *EC_curve_nid2nist(int nid)
513 {
514 return ossl_ec_curve_nid2nist_int(nid);
515 }
516
517 int EC_curve_nist2nid(const char *name)
518 {
519 return ossl_ec_curve_nist2nid_int(name);
520 }
521
522 #define NUM_BN_FIELDS 6
523 /*
524 * Validates EC domain parameter data for known named curves.
525 * This can be used when a curve is loaded explicitly (without a curve
526 * name) or to validate that domain parameters have not been modified.
527 *
528 * Returns: The nid associated with the found named curve, or NID_undef
529 * if not found. If there was an error it returns -1.
530 */
531 int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
532 {
533 int ret = -1, nid, len, field_type, param_len;
534 size_t i, seed_len;
535 const unsigned char *seed, *params_seed, *params;
536 unsigned char *param_bytes = NULL;
537 const EC_CURVE_DATA *data;
538 const EC_POINT *generator = NULL;
539 const BIGNUM *cofactor = NULL;
540 /* An array of BIGNUMs for (p, a, b, x, y, order) */
541 BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
542
543 /* Use the optional named curve nid as a search field */
544 nid = EC_GROUP_get_curve_name(group);
545 field_type = EC_GROUP_get_field_type(group);
546 seed_len = EC_GROUP_get_seed_len(group);
547 seed = EC_GROUP_get0_seed(group);
548 cofactor = EC_GROUP_get0_cofactor(group);
549
550 BN_CTX_start(ctx);
551
552 /*
553 * The built-in curves contains data fields (p, a, b, x, y, order) that are
554 * all zero-padded to be the same size. The size of the padding is
555 * determined by either the number of bytes in the field modulus (p) or the
556 * EC group order, whichever is larger.
557 */
558 param_len = BN_num_bytes(group->order);
559 len = BN_num_bytes(group->field);
560 if (len > param_len)
561 param_len = len;
562
563 /* Allocate space to store the padded data for (p, a, b, x, y, order) */
564 param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
565 if (param_bytes == NULL)
566 goto end;
567
568 /* Create the bignums */
569 for (i = 0; i < NUM_BN_FIELDS; ++i) {
570 if ((bn[i] = BN_CTX_get(ctx)) == NULL)
571 goto end;
572 }
573 /*
574 * Fill in the bn array with the same values as the internal curves
575 * i.e. the values are p, a, b, x, y, order.
576 */
577 /* Get p, a & b */
578 if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
579 && ((generator = EC_GROUP_get0_generator(group)) != NULL)
580 /* Get x & y */
581 && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
582 /* Get order */
583 && EC_GROUP_get_order(group, bn[5], ctx)))
584 goto end;
585
586 /*
587 * Convert the bignum array to bytes that are joined together to form
588 * a single buffer that contains data for all fields.
589 * (p, a, b, x, y, order) are all zero padded to be the same size.
590 */
591 for (i = 0; i < NUM_BN_FIELDS; ++i) {
592 if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
593 goto end;
594 }
595
596 for (i = 0; i < curve_list_length; i++) {
597 const ec_list_element curve = curve_list[i];
598
599 data = curve.data;
600 /* Get the raw order byte data */
601 params_seed = (const unsigned char *)(data + 1); /* skip header */
602 params = params_seed + data->seed_len;
603
604 /* Look for unique fields in the fixed curve data */
605 if (data->field_type == field_type
606 && param_len == data->param_len
607 && (nid <= 0 || nid == curve.nid)
608 /* check the optional cofactor (ignore if its zero) */
609 && (BN_is_zero(cofactor)
610 || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
611 /* Check the optional seed (ignore if its not set) */
612 && (data->seed_len == 0 || seed_len == 0
613 || ((size_t)data->seed_len == seed_len
614 && memcmp(params_seed, seed, seed_len) == 0))
615 /* Check that the groups params match the built-in curve params */
616 && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
617 == 0) {
618 ret = curve.nid;
619 goto end;
620 }
621 }
622 /* Gets here if the group was not found */
623 ret = NID_undef;
624 end:
625 OPENSSL_free(param_bytes);
626 BN_CTX_end(ctx);
627 return ret;
628 }

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed