/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef NSS_DISABLE_ECC #ifdef FREEBL_NO_DEPEND #include "stubs.h" #endif #include "blapi.h" #include "secoid.h" #include "secitem.h" #include "secerr.h" #include "ec.h" #include "ecl-curve.h" #define CHECK_OK(func) \ if (func == NULL) \ goto cleanup #define CHECK_SEC_OK(func) \ if (SECSuccess != (rv = func)) \ goto cleanup /* Copy all of the fields from srcParams into dstParams */ SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, const ECParams *srcParams) { SECStatus rv = SECFailure; dstParams->arena = arena; dstParams->type = srcParams->type; dstParams->fieldID.size = srcParams->fieldID.size; dstParams->fieldID.type = srcParams->fieldID.type; if (srcParams->fieldID.type == ec_field_GFp || srcParams->fieldID.type == ec_field_plain) { CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime, &srcParams->fieldID.u.prime)); } else { CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly, &srcParams->fieldID.u.poly)); } dstParams->fieldID.k1 = srcParams->fieldID.k1; dstParams->fieldID.k2 = srcParams->fieldID.k2; dstParams->fieldID.k3 = srcParams->fieldID.k3; CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a, &srcParams->curve.a)); CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b, &srcParams->curve.b)); CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed, &srcParams->curve.seed)); CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base, &srcParams->base)); CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order, &srcParams->order)); CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding, &srcParams->DEREncoding)); dstParams->name = srcParams->name; CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID, &srcParams->curveOID)); dstParams->cofactor = srcParams->cofactor; return SECSuccess; cleanup: return SECFailure; } static SECStatus gf_populate_params_bytes(ECCurveName name, ECFieldType field_type, ECParams *params) { SECStatus rv = SECFailure; const ECCurveBytes *curveParams; if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup; params->name = name; curveParams = ecCurve_map[params->name]; CHECK_OK(curveParams); params->fieldID.size = curveParams->size; params->fieldID.type = field_type; if (field_type != ec_field_GFp && field_type != ec_field_plain) { return SECFailure; } params->fieldID.u.prime.len = curveParams->scalarSize; params->fieldID.u.prime.data = (unsigned char *)curveParams->irr; params->curve.a.len = curveParams->scalarSize; params->curve.a.data = (unsigned char *)curveParams->curvea; params->curve.b.len = curveParams->scalarSize; params->curve.b.data = (unsigned char *)curveParams->curveb; params->base.len = curveParams->pointSize; params->base.data = (unsigned char *)curveParams->base; params->order.len = curveParams->scalarSize; params->order.data = (unsigned char *)curveParams->order; params->cofactor = curveParams->cofactor; rv = SECSuccess; cleanup: return rv; } SECStatus EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams, ECParams *params) { SECStatus rv = SECFailure; SECOidTag tag; SECItem oid = { siBuffer, NULL, 0 }; #if EC_DEBUG int i; printf("Encoded params in EC_DecodeParams: "); for (i = 0; i < encodedParams->len; i++) { printf("%02x:", encodedParams->data[i]); } printf("\n"); #endif if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) && (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN) && (encodedParams->len != PKIX_NEWCURVES_OID_TOTAL_LEN)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; }; oid.len = encodedParams->len - 2; oid.data = encodedParams->data + 2; if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) || ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } params->arena = arena; params->cofactor = 0; params->type = ec_params_named; params->name = ECCurve_noName; /* Fill out curveOID */ params->curveOID.len = oid.len; params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len); if (params->curveOID.data == NULL) goto cleanup; memcpy(params->curveOID.data, oid.data, oid.len); #if EC_DEBUG printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag)); #endif switch (tag) { case SEC_OID_ANSIX962_EC_PRIME256V1: /* Populate params for prime256v1 aka secp256r1 * (the NIST P-256 curve) */ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_X9_62_PRIME_256V1, ec_field_GFp, params)); break; case SEC_OID_SECG_EC_SECP384R1: /* Populate params for secp384r1 * (the NIST P-384 curve) */ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_384R1, ec_field_GFp, params)); break; case SEC_OID_SECG_EC_SECP521R1: /* Populate params for secp521r1 * (the NIST P-521 curve) */ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_521R1, ec_field_GFp, params)); break; case SEC_OID_CURVE25519: /* Populate params for Curve25519 */ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519, ec_field_plain, params)); break; default: break; }; cleanup: if (!params->cofactor) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); #if EC_DEBUG printf("Unrecognized curve, returning NULL params\n"); #endif } return rv; } SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams) { PLArenaPool *arena; ECParams *params; SECStatus rv = SECFailure; /* Initialize an arena for the ECParams structure */ if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE))) return SECFailure; params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams)); if (!params) { PORT_FreeArena(arena, PR_TRUE); return SECFailure; } /* Copy the encoded params */ SECITEM_AllocItem(arena, &(params->DEREncoding), encodedParams->len); memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len); /* Fill out the rest of the ECParams structure based on * the encoded params */ rv = EC_FillParams(arena, encodedParams, params); if (rv == SECFailure) { PORT_FreeArena(arena, PR_TRUE); return SECFailure; } else { *ecparams = params; ; return SECSuccess; } } int EC_GetPointSize(const ECParams *params) { ECCurveName name = params->name; const ECCurveBytes *curveParams; if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve) || ((curveParams = ecCurve_map[name]) == NULL)) { /* unknown curve, calculate point size from params. assume standard curves with 2 points * and a point compression indicator byte */ int sizeInBytes = (params->fieldID.size + 7) / 8; return sizeInBytes * 2 + 1; } if (name == ECCurve25519) { /* Only X here */ return curveParams->scalarSize; } return curveParams->pointSize - 1; } #endif /* NSS_DISABLE_ECC */