/src/nss/lib/freebl/ecdecode.c

Source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif

#include "blapi.h"
#include "secoid.h"
#include "secitem.h"
#include "secerr.h"
#include "ec.h"
#include "ecl-curve.h"

#define CHECK_OK(func) \
    if (func == NULL)  \
    goto cleanup
#define CHECK_SEC_OK(func)         \
    if (SECSuccess != (rv = func)) \
    goto cleanup

/* Copy all of the fields from srcParams into dstParams
 */
SECStatus
EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
              const ECParams *srcParams)
{
    SECStatus rv = SECFailure;

    dstParams->arena = arena;
    dstParams->type = srcParams->type;
    dstParams->fieldID.size = srcParams->fieldID.size;
    dstParams->fieldID.type = srcParams->fieldID.type;
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
                                  &srcParams->fieldID.u.prime));
    dstParams->fieldID.k1 = srcParams->fieldID.k1;
    dstParams->fieldID.k2 = srcParams->fieldID.k2;
    dstParams->fieldID.k3 = srcParams->fieldID.k3;
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
                                  &srcParams->curve.a));
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
                                  &srcParams->curve.b));
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
                                  &srcParams->curve.seed));
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
                                  &srcParams->base));
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
                                  &srcParams->order));
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
                                  &srcParams->DEREncoding));
    dstParams->name = srcParams->name;
    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
                                  &srcParams->curveOID));
    dstParams->cofactor = srcParams->cofactor;

    return SECSuccess;

cleanup:
    return SECFailure;
}

static SECStatus
gf_populate_params_bytes(ECCurveName name, ECFieldType field_type, ECParams *params)
{
    SECStatus rv = SECFailure;
    const ECCurveBytes *curveParams;

    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve))
        goto cleanup;
    params->name = name;
    curveParams = ecCurve_map[params->name];
    CHECK_OK(curveParams);
    params->fieldID.size = curveParams->size;
    params->fieldID.type = field_type;
    if (field_type != ec_field_plain) {
        return SECFailure;
    }
    params->fieldID.u.prime.len = curveParams->scalarSize;
    params->fieldID.u.prime.data = (unsigned char *)curveParams->irr;
    params->curve.a.len = curveParams->scalarSize;
    params->curve.a.data = (unsigned char *)curveParams->curvea;
    params->curve.b.len = curveParams->scalarSize;
    params->curve.b.data = (unsigned char *)curveParams->curveb;
    params->base.len = curveParams->pointSize;
    params->base.data = (unsigned char *)curveParams->base;
    params->order.len = curveParams->scalarSize;
    params->order.data = (unsigned char *)curveParams->order;
    params->cofactor = curveParams->cofactor;

    rv = SECSuccess;

cleanup:
    return rv;
}

SECStatus
EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
              ECParams *params)
{
    SECStatus rv = SECFailure;
    SECOidTag tag;
    SECItem oid = { siBuffer, NULL, 0 };

#if EC_DEBUG
    int i;

    printf("Encoded params in EC_DecodeParams: ");
    for (i = 0; i < encodedParams->len; i++) {
        printf("%02x:", encodedParams->data[i]);
    }
    printf("\n");
#endif

    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
        (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN) &&
        (encodedParams->len != PKIX_NEWCURVES_OID_TOTAL_LEN) &&
        (encodedParams->len != ED25519_OID_TOTAL_LEN)) {
        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
        return SECFailure;
    };

    oid.len = encodedParams->len - 2;
    oid.data = encodedParams->data + 2;
    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
        ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
        return SECFailure;
    }

    params->arena = arena;
    params->cofactor = 0;
    params->type = ec_params_named;
    params->name = ECCurve_noName;

    /* Fill out curveOID */
    params->curveOID.len = oid.len;
    params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
    if (params->curveOID.data == NULL)
        goto cleanup;
    memcpy(params->curveOID.data, oid.data, oid.len);

#if EC_DEBUG
    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
#endif

    switch (tag) {
        case SEC_OID_ANSIX962_EC_PRIME256V1:
            /* Populate params for prime256v1 aka secp256r1
             * (the NIST P-256 curve)
             */
            CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_X9_62_PRIME_256V1,
                                                  ec_field_plain, params));
            break;

        case SEC_OID_SECG_EC_SECP384R1:
            /* Populate params for secp384r1
             * (the NIST P-384 curve)
             */
            CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_384R1,
                                                  ec_field_plain, params));
            break;

        case SEC_OID_SECG_EC_SECP521R1:
            /* Populate params for secp521r1
             * (the NIST P-521 curve)
             */
            CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_521R1,
                                                  ec_field_plain, params));
            break;

        case SEC_OID_ED25519_PUBLIC_KEY:
            params->type = ec_params_edwards_named;
            CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_Ed25519,
                                                  ec_field_plain, params));

            break;

        case SEC_OID_X25519:
        case SEC_OID_CURVE25519:
            /* Populate params for Curve25519 */
            params->type = ec_params_montgomery_named;
            CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519,
                                                  ec_field_plain,
                                                  params));
            break;

        default:
            break;
    };

cleanup:
    if (!params->cofactor) {
        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
#if EC_DEBUG
        printf("Unrecognized curve, returning NULL params\n");
#endif
    }

    return rv;
}

SECStatus
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
{
    PLArenaPool *arena;
    ECParams *params;
    SECStatus rv = SECFailure;

    /* Initialize an arena for the ECParams structure */
    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
        return SECFailure;

    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
    if (!params) {
        PORT_FreeArena(arena, PR_TRUE);
        return SECFailure;
    }

    /* Copy the encoded params */
    SECITEM_AllocItem(arena, &(params->DEREncoding),
                      encodedParams->len);
    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);

    /* Fill out the rest of the ECParams structure based on
     * the encoded params
     */
    rv = EC_FillParams(arena, encodedParams, params);
    if (rv == SECFailure) {
        PORT_FreeArena(arena, PR_TRUE);
        return SECFailure;
    } else {
        *ecparams = params;
        ;
        return SECSuccess;
    }
}

int
EC_GetPointSize(const ECParams *params)
{
    ECCurveName name = params->name;
    const ECCurveBytes *curveParams;

    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve) ||
        ((curveParams = ecCurve_map[name]) == NULL)) {
        /* unknown curve, calculate point size from params. assume standard curves with 2 points
         * and a point compression indicator byte */
        int sizeInBytes = (params->fieldID.size + 7) / 8;
        return sizeInBytes * 2 + 1;
    }

    if (params->type == ec_params_edwards_named || params->type == ec_params_montgomery_named) {
        return curveParams->scalarSize;
    }

    return curveParams->pointSize - 1;
}

int
EC_GetScalarSize(const ECParams *params)
{
    ECCurveName name = params->name;
    const ECCurveBytes *curveParams;

    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve) ||
        ((curveParams = ecCurve_map[name]) == NULL)) {
        /* unknown curve, calculate scalar size from field size in params */
        int sizeInBytes = (params->fieldID.size + 7) / 8;
        return sizeInBytes;
    }
    return curveParams->scalarSize;
}

Coverage Report

Created: 2025-11-05 06:16

Line	Count	Source
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#ifdef FREEBL_NO_DEPEND
6		#include "stubs.h"
7		#endif
8
9		#include "blapi.h"
10		#include "secoid.h"
11		#include "secitem.h"
12		#include "secerr.h"
13		#include "ec.h"
14		#include "ecl-curve.h"
15
16		#define CHECK_OK(func) \
17	257k	if (func == NULL) \
18	257k	goto cleanup
19		#define CHECK_SEC_OK(func) \
20	260k	if (SECSuccess != (rv = func)) \
21	260k	goto cleanup
22
23		/* Copy all of the fields from srcParams into dstParams
24		*/
25		SECStatus
26		EC_CopyParams(PLArenaPool arena, ECParams dstParams,
27		const ECParams *srcParams)
28	365	{
29	365	SECStatus rv = SECFailure;
30
31	365	dstParams->arena = arena;
32	365	dstParams->type = srcParams->type;
33	365	dstParams->fieldID.size = srcParams->fieldID.size;
34	365	dstParams->fieldID.type = srcParams->fieldID.type;
35	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
36	365	&srcParams->fieldID.u.prime));
37	365	dstParams->fieldID.k1 = srcParams->fieldID.k1;
38	365	dstParams->fieldID.k2 = srcParams->fieldID.k2;
39	365	dstParams->fieldID.k3 = srcParams->fieldID.k3;
40	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
41	365	&srcParams->curve.a));
42	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
43	365	&srcParams->curve.b));
44	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
45	365	&srcParams->curve.seed));
46	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
47	365	&srcParams->base));
48	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
49	365	&srcParams->order));
50	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
51	365	&srcParams->DEREncoding));
52	365	dstParams->name = srcParams->name;
53	365	CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
54	365	&srcParams->curveOID));
55	365	dstParams->cofactor = srcParams->cofactor;
56
57	365	return SECSuccess;
58
59	0	cleanup:
60	0	return SECFailure;
61	365	}
62
63		static SECStatus
64		gf_populate_params_bytes(ECCurveName name, ECFieldType field_type, ECParams *params)
65	257k	{
66	257k	SECStatus rv = SECFailure;
67	257k	const ECCurveBytes *curveParams;
68
69	257k	if ((name < ECCurve_noName) \|\| (name > ECCurve_pastLastCurve))
70	0	goto cleanup;
71	257k	params->name = name;
72	257k	curveParams = ecCurve_map[params->name];
73	257k	CHECK_OK(curveParams);
74	257k	params->fieldID.size = curveParams->size;
75	257k	params->fieldID.type = field_type;
76	257k	if (field_type != ec_field_plain) {
77	0	return SECFailure;
78	0	}
79	257k	params->fieldID.u.prime.len = curveParams->scalarSize;
80	257k	params->fieldID.u.prime.data = (unsigned char *)curveParams->irr;
81	257k	params->curve.a.len = curveParams->scalarSize;
82	257k	params->curve.a.data = (unsigned char *)curveParams->curvea;
83	257k	params->curve.b.len = curveParams->scalarSize;
84	257k	params->curve.b.data = (unsigned char *)curveParams->curveb;
85	257k	params->base.len = curveParams->pointSize;
86	257k	params->base.data = (unsigned char *)curveParams->base;
87	257k	params->order.len = curveParams->scalarSize;
88	257k	params->order.data = (unsigned char *)curveParams->order;
89	257k	params->cofactor = curveParams->cofactor;
90
91	257k	rv = SECSuccess;
92
93	257k	cleanup:
94	257k	return rv;
95	257k	}
96
97		SECStatus
98		EC_FillParams(PLArenaPool arena, const SECItem encodedParams,
99		ECParams *params)
100	258k	{
101	258k	SECStatus rv = SECFailure;
102	258k	SECOidTag tag;
103	258k	SECItem oid = { siBuffer, NULL, 0 };
104
105		#if EC_DEBUG
106		int i;
107
108		printf("Encoded params in EC_DecodeParams: ");
109		for (i = 0; i < encodedParams->len; i++) {
110		printf("%02x:", encodedParams->data[i]);
111		}
112		printf("\n");
113		#endif
114
115	258k	if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
116	76.5k	(encodedParams->len != SECG_CURVE_OID_TOTAL_LEN) &&
117	60.0k	(encodedParams->len != PKIX_NEWCURVES_OID_TOTAL_LEN) &&
118	75	(encodedParams->len != ED25519_OID_TOTAL_LEN)) {
119	1	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
120	1	return SECFailure;
121	258k	};
122
123	258k	oid.len = encodedParams->len - 2;
124	258k	oid.data = encodedParams->data + 2;
125	258k	if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) \|\|
126	258k	((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
127	19	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
128	19	return SECFailure;
129	19	}
130
131	258k	params->arena = arena;
132	258k	params->cofactor = 0;
133	258k	params->type = ec_params_named;
134	258k	params->name = ECCurve_noName;
135
136		/* Fill out curveOID */
137	258k	params->curveOID.len = oid.len;
138	258k	params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
139	258k	if (params->curveOID.data == NULL)
140	0	goto cleanup;
141	258k	memcpy(params->curveOID.data, oid.data, oid.len);
142
143		#if EC_DEBUG
144		printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
145		#endif
146
147	258k	switch (tag) {
148	181k	case SEC_OID_ANSIX962_EC_PRIME256V1:
149		/* Populate params for prime256v1 aka secp256r1
150		* (the NIST P-256 curve)
151		*/
152	181k	CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_X9_62_PRIME_256V1,
153	181k	ec_field_plain, params));
154	181k	break;
155
156	181k	case SEC_OID_SECG_EC_SECP384R1:
157		/* Populate params for secp384r1
158		* (the NIST P-384 curve)
159		*/
160	13.9k	CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_384R1,
161	13.9k	ec_field_plain, params));
162	13.9k	break;
163
164	13.9k	case SEC_OID_SECG_EC_SECP521R1:
165		/* Populate params for secp521r1
166		* (the NIST P-521 curve)
167		*/
168	1.95k	CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_521R1,
169	1.95k	ec_field_plain, params));
170	1.95k	break;
171
172	1.95k	case SEC_OID_ED25519_PUBLIC_KEY:
173	54	params->type = ec_params_edwards_named;
174	54	CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_Ed25519,
175	54	ec_field_plain, params));
176
177	54	break;
178
179	54	case SEC_OID_X25519:
180	59.9k	case SEC_OID_CURVE25519:
181		/* Populate params for Curve25519 */
182	59.9k	params->type = ec_params_montgomery_named;
183	59.9k	CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519,
184	59.9k	ec_field_plain,
185	59.9k	params));
186	59.9k	break;
187
188	59.9k	default:
189	786	break;
190	258k	};
191
192	258k	cleanup:
193	258k	if (!params->cofactor) {
194	786	PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
195		#if EC_DEBUG
196		printf("Unrecognized curve, returning NULL params\n");
197		#endif
198	786	}
199
200	258k	return rv;
201	258k	}
202
203		SECStatus
204		EC_DecodeParams(const SECItem encodedParams, ECParams *ecparams)
205	87.4k	{
206	87.4k	PLArenaPool *arena;
207	87.4k	ECParams *params;
208	87.4k	SECStatus rv = SECFailure;
209
210		/* Initialize an arena for the ECParams structure */
211	87.4k	if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
212	0	return SECFailure;
213
214	87.4k	params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
215	87.4k	if (!params) {
216	0	PORT_FreeArena(arena, PR_TRUE);
217	0	return SECFailure;
218	0	}
219
220		/* Copy the encoded params */
221	87.4k	SECITEM_AllocItem(arena, &(params->DEREncoding),
222	87.4k	encodedParams->len);
223	87.4k	memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
224
225		/* Fill out the rest of the ECParams structure based on
226		* the encoded params
227		*/
228	87.4k	rv = EC_FillParams(arena, encodedParams, params);
229	87.4k	if (rv == SECFailure) {
230	424	PORT_FreeArena(arena, PR_TRUE);
231	424	return SECFailure;
232	86.9k	} else {
233	86.9k	*ecparams = params;
234	86.9k	;
235	86.9k	return SECSuccess;
236	86.9k	}
237	87.4k	}
238
239		int
240		EC_GetPointSize(const ECParams *params)
241	256k	{
242	256k	ECCurveName name = params->name;
243	256k	const ECCurveBytes *curveParams;
244
245	256k	if ((name < ECCurve_noName) \|\| (name > ECCurve_pastLastCurve) \|\|
246	256k	((curveParams = ecCurve_map[name]) == NULL)) {
247		/* unknown curve, calculate point size from params. assume standard curves with 2 points
248		* and a point compression indicator byte */
249	0	int sizeInBytes = (params->fieldID.size + 7) / 8;
250	0	return sizeInBytes * 2 + 1;
251	0	}
252
253	256k	if (params->type == ec_params_edwards_named \|\| params->type == ec_params_montgomery_named) {
254	49.3k	return curveParams->scalarSize;
255	49.3k	}
256
257	207k	return curveParams->pointSize - 1;
258	256k	}
259
260		int
261		EC_GetScalarSize(const ECParams *params)
262	264k	{
263	264k	ECCurveName name = params->name;
264	264k	const ECCurveBytes *curveParams;
265
266	264k	if ((name < ECCurve_noName) \|\| (name > ECCurve_pastLastCurve) \|\|
267	264k	((curveParams = ecCurve_map[name]) == NULL)) {
268		/* unknown curve, calculate scalar size from field size in params */
269	0	int sizeInBytes = (params->fieldID.size + 7) / 8;
270	0	return sizeInBytes;
271	0	}
272	264k	return curveParams->scalarSize;
273	264k	}