static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
{
const EC_GROUP *group;
int nid;
if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
{
ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
return 0;
}
if (EC_GROUP_get_asn1_flag(group)
&& (nid = EC_GROUP_get_curve_name(group)))
/* we have a 'named curve' => just set the OID */
{
*ppval = OBJ_nid2obj(nid);
*pptype = V_ASN1_OBJECT;
}
else /* explicit parameters */
{
ASN1_STRING *pstr = NULL;
pstr = ASN1_STRING_new();
if (!pstr)
return 0;
pstr->length = i2d_ECParameters(ec_key, &pstr->data);
if (pstr->length <= 0)
{
ASN1_STRING_free(pstr);
ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
return 0;
}
*ppval = pstr;
*pptype = V_ASN1_SEQUENCE;
}
return 1;
}
static int openssl_ec_group_asn1_flag(lua_State*L)
{
EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
int asn1_flag = 0;
if (lua_isnone(L, 2))
{
asn1_flag = EC_GROUP_get_asn1_flag(group);
if (asn1_flag == 0)
lua_pushstring(L, "explicit");
else if (asn1_flag == OPENSSL_EC_NAMED_CURVE)
lua_pushstring(L, "named_curve");
else
lua_pushnil(L);
lua_pushinteger(L, asn1_flag);
return 2;
} else if (lua_isstring(L, 2))
{ /* OPENSSL_EC_NAMED_CURVE, 0 */
const char* const options[] = {"named_curve", "explicit", NULL};
asn1_flag = luaL_checkoption(L, 2, NULL, options);
EC_GROUP_set_asn1_flag(group, asn1_flag);
} else if (lua_isnumber(L, 2))
{
asn1_flag = luaL_checkint(L, 2);
EC_GROUP_set_asn1_flag(group, asn1_flag);
} else
luaL_argerror(L, 2, "not accept type of asn1 flag");
return 0;
}
static int openssl_ec_group_parse(lua_State*L)
{
const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
const EC_POINT *generator = EC_GROUP_get0_generator(group);
BN_CTX* ctx = BN_CTX_new();
BIGNUM *a, *b, *p, *order, *cofactor;
lua_newtable(L);
if (generator)
{
generator = EC_POINT_dup(generator, group);
AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");
}
order = BN_new();
EC_GROUP_get_order(group, order, ctx);
AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");
cofactor = BN_new();
EC_GROUP_get_cofactor(group, cofactor, ctx);
AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");
AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);
AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);
AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));
a = BN_new();
b = BN_new();
p = BN_new();
EC_GROUP_get_curve_GFp(group, p, a, b, ctx);
lua_newtable(L);
{
AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");
AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");
AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");
}
lua_setfield(L, -2, "curve");
BN_CTX_free(ctx);
return 1;
}
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
X509_PUBKEY *pk=NULL;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p = NULL;
int i;
if (x == NULL) return(0);
if ((pk=X509_PUBKEY_new()) == NULL) goto err;
a=pk->algor;
/* set the algorithm id */
if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=o;
/* Set the parameter list */
if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
{
if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
if (!(a->parameter=ASN1_TYPE_new()))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_NULL;
}
}
#ifndef OPENSSL_NO_DSA
else if (pkey->type == EVP_PKEY_DSA)
{
unsigned char *pp;
DSA *dsa;
dsa=pkey->pkey.dsa;
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
goto err;
if (!(p=(unsigned char *)OPENSSL_malloc(i)))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
pp=p;
i2d_DSAparams(dsa,&pp);
if (!(a->parameter=ASN1_TYPE_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_SEQUENCE;
if (!(a->parameter->value.sequence=ASN1_STRING_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_free(p);
}
#endif
#ifndef OPENSSL_NO_EC
else if (pkey->type == EVP_PKEY_EC)
{
int nid=0;
unsigned char *pp;
EC_KEY *ec_key;
const EC_GROUP *group;
ec_key = pkey->pkey.ec;
ASN1_TYPE_free(a->parameter);
if ((a->parameter = ASN1_TYPE_new()) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
goto err;
}
group = EC_KEY_get0_group(ec_key);
if (EC_GROUP_get_asn1_flag(group)
&& (nid = EC_GROUP_get_curve_name(group)))
{
/* just set the OID */
a->parameter->type = V_ASN1_OBJECT;
a->parameter->value.object = OBJ_nid2obj(nid);
}
else /* explicit parameters */
{
if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
goto err;
}
if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
goto err;
}
pp = p;
if (!i2d_ECParameters(ec_key, &pp))
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
OPENSSL_free(p);
goto err;
}
a->parameter->type = V_ASN1_SEQUENCE;
if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
OPENSSL_free(p);
goto err;
}
ASN1_STRING_set(a->parameter->value.sequence, p, i);
OPENSSL_free(p);
}
}
#endif
else if (1)
{
X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
goto err;
}
if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
p=s;
i2d_PublicKey(pkey,&p);
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
/* Set number of unused bits to zero */
pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
OPENSSL_free(s);
#if 0
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
pk->pkey=pkey;
#endif
if (*x != NULL)
X509_PUBKEY_free(*x);
*x=pk;
return 1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
return 0;
}
static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
{
EC_KEY *ec_key;
const EC_GROUP *group;
unsigned char *p, *pp;
int nid, i, ret = 0;
unsigned int tmp_flags, old_flags;
ec_key = pkey->pkey.ec;
if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
return 0;
}
/* set the ec parameters OID */
if (p8->pkeyalg->algorithm)
ASN1_OBJECT_free(p8->pkeyalg->algorithm);
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
/* set the ec parameters */
if (p8->pkeyalg->parameter)
{
ASN1_TYPE_free(p8->pkeyalg->parameter);
p8->pkeyalg->parameter = NULL;
}
if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
return 0;
}
if (EC_GROUP_get_asn1_flag(group)
&& (nid = EC_GROUP_get_curve_name(group)))
{
/* we have a 'named curve' => just set the OID */
p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
}
else /* explicit parameters */
{
if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
return 0;
}
if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
return 0;
}
pp = p;
if (!i2d_ECParameters(ec_key, &pp))
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
OPENSSL_free(p);
return 0;
}
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
if ((p8->pkeyalg->parameter->value.sequence
= ASN1_STRING_new()) == NULL)
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
OPENSSL_free(p);
return 0;
}
ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
OPENSSL_free(p);
}
/* set the private key */
/* do not include the parameters in the SEC1 private key
* see PKCS#11 12.11 */
old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
if (!i)
{
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
return 0;
}
p = (unsigned char *) OPENSSL_malloc(i);
if (!p)
{
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
return 0;
}
pp = p;
if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
{
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
OPENSSL_free(p);
return 0;
}
/* restore old encoding flags */
EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
switch(p8->broken) {
case PKCS8_OK:
p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
if (!p8->pkey->value.octet_string ||
!M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
(const void *)p, i))
{
EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
}
else
ret = 1;
break;
case PKCS8_NO_OCTET: /* RSA specific */
case PKCS8_NS_DB: /* DSA specific */
case PKCS8_EMBEDDED_PARAM: /* DSA specific */
default:
EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
}
OPENSSL_cleanse(p, (size_t)i);
OPENSSL_free(p);
return ret;
}
int
ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
{
unsigned char *buffer = NULL;
size_t buf_len = 0, i;
int ret = 0, reason = ERR_R_BIO_LIB;
BN_CTX *ctx = NULL;
const EC_POINT *point = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL,
*cofactor = NULL;
const unsigned char *seed;
size_t seed_len = 0;
const char *nname;
static const char *gen_compressed = "Generator (compressed):";
static const char *gen_uncompressed = "Generator (uncompressed):";
static const char *gen_hybrid = "Generator (hybrid):";
if (!x) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
if (EC_GROUP_get_asn1_flag(x)) {
/* the curve parameter are given by an asn1 OID */
int nid;
if (!BIO_indent(bp, off, 128))
goto err;
nid = EC_GROUP_get_curve_name(x);
if (nid == 0)
goto err;
if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
goto err;
if (BIO_printf(bp, "\n") <= 0)
goto err;
nname = EC_curve_nid2nist(nid);
if (nname) {
if (!BIO_indent(bp, off, 128))
goto err;
if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
goto err;
}
} else {
/* explicit parameters */
int is_char_two = 0;
point_conversion_form_t form;
int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
(cofactor = BN_new()) == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
} else /* prime field */
#endif
{
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
}
if ((point = EC_GROUP_get0_generator(x)) == NULL) {
reason = ERR_R_EC_LIB;
goto err;
}
if (!EC_GROUP_get_order(x, order, NULL) ||
!EC_GROUP_get_cofactor(x, cofactor, NULL)) {
reason = ERR_R_EC_LIB;
goto err;
}
form = EC_GROUP_get_point_conversion_form(x);
if ((gen = EC_POINT_point2bn(x, point,
form, NULL, ctx)) == NULL) {
reason = ERR_R_EC_LIB;
goto err;
}
buf_len = (size_t) BN_num_bytes(p);
if (buf_len < (i = (size_t) BN_num_bytes(a)))
buf_len = i;
if (buf_len < (i = (size_t) BN_num_bytes(b)))
buf_len = i;
if (buf_len < (i = (size_t) BN_num_bytes(gen)))
buf_len = i;
if (buf_len < (i = (size_t) BN_num_bytes(order)))
buf_len = i;
if (buf_len < (i = (size_t) BN_num_bytes(cofactor)))
buf_len = i;
if ((seed = EC_GROUP_get0_seed(x)) != NULL)
seed_len = EC_GROUP_get_seed_len(x);
buf_len += 10;
if ((buffer = malloc(buf_len)) == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
if (!BIO_indent(bp, off, 128))
goto err;
/* print the 'short name' of the field type */
if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
<= 0)
goto err;
if (is_char_two) {
/* print the 'short name' of the base type OID */
int basis_type = EC_GROUP_get_basis_type(x);
if (basis_type == 0)
goto err;
if (!BIO_indent(bp, off, 128))
goto err;
if (BIO_printf(bp, "Basis Type: %s\n",
OBJ_nid2sn(basis_type)) <= 0)
goto err;
/* print the polynomial */
if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
off))
goto err;
} else {
if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
goto err;
}
if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off))
goto err;
if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off))
goto err;
if (form == POINT_CONVERSION_COMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
buffer, off))
goto err;
} else if (form == POINT_CONVERSION_UNCOMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
buffer, off))
goto err;
} else { /* form == POINT_CONVERSION_HYBRID */
if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
buffer, off))
goto err;
}
if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
buffer, off))
goto err;
if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
buffer, off))
goto err;
if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
goto err;
}
ret = 1;
err:
if (!ret)
ECerror(reason);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(gen);
BN_free(order);
BN_free(cofactor);
BN_CTX_free(ctx);
free(buffer);
return (ret);
}
