summaryrefslogtreecommitdiff
path: root/bufec.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2011-01-24 11:46:57 +0000
committerColin Watson <cjwatson@debian.org>2011-01-24 11:46:57 +0000
commit0970072c89b079b022538e3c366fbfa2c53fc821 (patch)
treeb7024712d74234bb5a8b036ccbc9109e2e211296 /bufec.c
parent4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff)
parent478ff799463ca926a8dfbabf058f4e84aaffc65a (diff)
merge 5.7p1
Diffstat (limited to 'bufec.c')
-rw-r--r--bufec.c146
1 files changed, 146 insertions, 0 deletions
diff --git a/bufec.c b/bufec.c
new file mode 100644
index 000000000..3dcb49477
--- /dev/null
+++ b/bufec.c
@@ -0,0 +1,146 @@
1/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */
2/*
3 * Copyright (c) 2010 Damien Miller <djm@mindrot.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#ifdef OPENSSL_HAS_ECC
21
22#include <sys/types.h>
23
24#include <openssl/bn.h>
25#include <openssl/ec.h>
26
27#include <string.h>
28#include <stdarg.h>
29
30#include "xmalloc.h"
31#include "buffer.h"
32#include "log.h"
33#include "misc.h"
34
35/*
36 * Maximum supported EC GFp field length is 528 bits. SEC1 uncompressed
37 * encoding represents this as two bitstring points that should each
38 * be no longer than the field length, SEC1 specifies a 1 byte
39 * point type header.
40 * Being paranoid here may insulate us to parsing problems in
41 * EC_POINT_oct2point.
42 */
43#define BUFFER_MAX_ECPOINT_LEN ((528*2 / 8) + 1)
44
45/*
46 * Append an EC_POINT to the buffer as a string containing a SEC1 encoded
47 * uncompressed point. Fortunately OpenSSL handles the gory details for us.
48 */
49int
50buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
51 const EC_POINT *point)
52{
53 u_char *buf = NULL;
54 size_t len;
55 BN_CTX *bnctx;
56 int ret = -1;
57
58 /* Determine length */
59 if ((bnctx = BN_CTX_new()) == NULL)
60 fatal("%s: BN_CTX_new failed", __func__);
61 len = EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
62 NULL, 0, bnctx);
63 if (len > BUFFER_MAX_ECPOINT_LEN) {
64 error("%s: giant EC point: len = %lu (max %u)",
65 __func__, (u_long)len, BUFFER_MAX_ECPOINT_LEN);
66 goto out;
67 }
68 /* Convert */
69 buf = xmalloc(len);
70 if (EC_POINT_point2oct(curve, point, POINT_CONVERSION_UNCOMPRESSED,
71 buf, len, bnctx) != len) {
72 error("%s: EC_POINT_point2oct length mismatch", __func__);
73 goto out;
74 }
75 /* Append */
76 buffer_put_string(buffer, buf, len);
77 ret = 0;
78 out:
79 if (buf != NULL) {
80 bzero(buf, len);
81 xfree(buf);
82 }
83 BN_CTX_free(bnctx);
84 return ret;
85}
86
87void
88buffer_put_ecpoint(Buffer *buffer, const EC_GROUP *curve,
89 const EC_POINT *point)
90{
91 if (buffer_put_ecpoint_ret(buffer, curve, point) == -1)
92 fatal("%s: buffer error", __func__);
93}
94
95int
96buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
97 EC_POINT *point)
98{
99 u_char *buf;
100 u_int len;
101 BN_CTX *bnctx;
102 int ret = -1;
103
104 if ((buf = buffer_get_string_ret(buffer, &len)) == NULL) {
105 error("%s: invalid point", __func__);
106 return -1;
107 }
108 if ((bnctx = BN_CTX_new()) == NULL)
109 fatal("%s: BN_CTX_new failed", __func__);
110 if (len > BUFFER_MAX_ECPOINT_LEN) {
111 error("%s: EC_POINT too long: %u > max %u", __func__,
112 len, BUFFER_MAX_ECPOINT_LEN);
113 goto out;
114 }
115 if (len == 0) {
116 error("%s: EC_POINT buffer is empty", __func__);
117 goto out;
118 }
119 if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) {
120 error("%s: EC_POINT is in an incorrect form: "
121 "0x%02x (want 0x%02x)", __func__, buf[0],
122 POINT_CONVERSION_UNCOMPRESSED);
123 goto out;
124 }
125 if (EC_POINT_oct2point(curve, point, buf, len, bnctx) != 1) {
126 error("buffer_get_bignum2_ret: BN_bin2bn failed");
127 goto out;
128 }
129 /* EC_POINT_oct2point verifies that the point is on the curve for us */
130 ret = 0;
131 out:
132 BN_CTX_free(bnctx);
133 bzero(buf, len);
134 xfree(buf);
135 return ret;
136}
137
138void
139buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve,
140 EC_POINT *point)
141{
142 if (buffer_get_ecpoint_ret(buffer, curve, point) == -1)
143 fatal("%s: buffer error", __func__);
144}
145
146#endif /* OPENSSL_HAS_ECC */