#include <sys/types.h>
#include <sys/systm.h>
#include <sys/param.h>
#ifdef _KERNEL
#include <sys/kmem.h>
#else
#include <string.h>
#endif
#include "ec.h"
#include "ecl-curve.h"
#include "ecc_impl.h"
#define MAX_ECKEY_LEN 72
#define SEC_ASN1_OBJECT_ID 0x06
static SECItem *
hexString2SECItem(PRArenaPool *arena, SECItem *item, const char *str,
int kmflag)
{
int i = 0;
int byteval = 0;
int tmp = strlen(str);
if ((tmp % 2) != 0) return NULL;
while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
str += 2;
tmp -= 2;
}
item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2, kmflag);
if (item->data == NULL) return NULL;
item->len = tmp/2;
while (str[i]) {
if ((str[i] >= '0') && (str[i] <= '9'))
tmp = str[i] - '0';
else if ((str[i] >= 'a') && (str[i] <= 'f'))
tmp = str[i] - 'a' + 10;
else if ((str[i] >= 'A') && (str[i] <= 'F'))
tmp = str[i] - 'A' + 10;
else
return NULL;
byteval = byteval * 16 + tmp;
if ((i % 2) != 0) {
item->data[i/2] = byteval;
byteval = 0;
}
i++;
}
return item;
}
static SECStatus
gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params,
int kmflag)
{
SECStatus rv = SECFailure;
const ECCurveParams *curveParams;
char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup;
params->name = name;
curveParams = ecCurve_map[params->name];
CHECK_OK(curveParams);
params->fieldID.size = curveParams->size;
params->fieldID.type = field_type;
if (field_type == ec_field_GFp) {
CHECK_OK(hexString2SECItem(NULL, ¶ms->fieldID.u.prime,
curveParams->irr, kmflag));
} else {
CHECK_OK(hexString2SECItem(NULL, ¶ms->fieldID.u.poly,
curveParams->irr, kmflag));
}
CHECK_OK(hexString2SECItem(NULL, ¶ms->curve.a,
curveParams->curvea, kmflag));
CHECK_OK(hexString2SECItem(NULL, ¶ms->curve.b,
curveParams->curveb, kmflag));
genenc[0] = '0';
genenc[1] = '4';
genenc[2] = '\0';
strcat(genenc, curveParams->genx);
strcat(genenc, curveParams->geny);
CHECK_OK(hexString2SECItem(NULL, ¶ms->base, genenc, kmflag));
CHECK_OK(hexString2SECItem(NULL, ¶ms->order,
curveParams->order, kmflag));
params->cofactor = curveParams->cofactor;
rv = SECSuccess;
cleanup:
return rv;
}
ECCurveName SECOID_FindOIDTag(const SECItem *);
SECStatus
EC_FillParams(PRArenaPool *arena, const SECItem *encodedParams,
ECParams *params, int kmflag)
{
SECStatus rv = SECFailure;
ECCurveName tag;
SECItem oid = { siBuffer, NULL, 0};
#if EC_DEBUG
int i;
printf("Encoded params in EC_DecodeParams: ");
for (i = 0; i < encodedParams->len; i++) {
printf("%02x:", encodedParams->data[i]);
}
printf("\n");
#endif
if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
};
oid.len = encodedParams->len - 2;
oid.data = encodedParams->data + 2;
if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
((tag = SECOID_FindOIDTag(&oid)) == ECCurve_noName)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
return SECFailure;
}
params->arena = arena;
params->cofactor = 0;
params->type = ec_params_named;
params->name = ECCurve_noName;
params->curveOID.len = oid.len;
params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(NULL, oid.len,
kmflag);
if (params->curveOID.data == NULL) goto cleanup;
memcpy(params->curveOID.data, oid.data, oid.len);
#if EC_DEBUG
printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
#endif
switch (tag) {
case ECCurve_X9_62_CHAR2_PNB163V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB163V2:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB163V3:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB176V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB191V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB191V2:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB191V3:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB208W1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB239V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB239V2:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB239V3:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB272W1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB304W1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB359V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_PNB368W1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_CHAR2_TNB431R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_113R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_113R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_131R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_131R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_163K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_163R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_163R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_193R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_193R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_233K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_233R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_239K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_283K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_283R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_409K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_409R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_571K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_SECG_CHAR2_571R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_192V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_192V2:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_192V3:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_239V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_239V2:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_239V3:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_X9_62_PRIME_256V1:
CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_112R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_112R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_128R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_128R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_160K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_160R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_160R2:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_192K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_224K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_224R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_256K1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_384R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
params, kmflag) );
break;
case ECCurve_SECG_PRIME_521R1:
CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
params, kmflag) );
break;
default:
break;
};
cleanup:
if (!params->cofactor) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
#if EC_DEBUG
printf("Unrecognized curve, returning NULL params\n");
#endif
}
return rv;
}
SECStatus
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams, int kmflag)
{
PRArenaPool *arena;
ECParams *params;
SECStatus rv = SECFailure;
if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
return SECFailure;
params = (ECParams *)PORT_ArenaZAlloc(NULL, sizeof(ECParams), kmflag);
if (!params) {
PORT_FreeArena(NULL, B_TRUE);
return SECFailure;
}
SECITEM_AllocItem(arena, &(params->DEREncoding), encodedParams->len,
kmflag);
memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
rv = EC_FillParams(NULL, encodedParams, params, kmflag);
if (rv == SECFailure) {
PORT_FreeArena(NULL, B_TRUE);
return SECFailure;
} else {
*ecparams = params;;
return SECSuccess;
}
}
