/src/openssl/crypto/evp/ec_support.c

Source
/*
 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include "crypto/ec.h"
#include "internal/nelem.h"

typedef struct ec_name2nid_st {
    const char *name;
    int nid;
} EC_NAME2NID;

static const EC_NAME2NID curve_list[] = {
    /* prime field curves */
    /* secg curves */
    { "secp112r1", NID_secp112r1 },
    { "secp112r2", NID_secp112r2 },
    { "secp128r1", NID_secp128r1 },
    { "secp128r2", NID_secp128r2 },
    { "secp160k1", NID_secp160k1 },
    { "secp160r1", NID_secp160r1 },
    { "secp160r2", NID_secp160r2 },
    { "secp192k1", NID_secp192k1 },
    { "secp224k1", NID_secp224k1 },
    { "secp224r1", NID_secp224r1 },
    { "secp256k1", NID_secp256k1 },
    { "secp384r1", NID_secp384r1 },
    { "secp521r1", NID_secp521r1 },
    /* X9.62 curves */
    { "prime192v1", NID_X9_62_prime192v1 },
    { "prime192v2", NID_X9_62_prime192v2 },
    { "prime192v3", NID_X9_62_prime192v3 },
    { "prime239v1", NID_X9_62_prime239v1 },
    { "prime239v2", NID_X9_62_prime239v2 },
    { "prime239v3", NID_X9_62_prime239v3 },
    { "prime256v1", NID_X9_62_prime256v1 },
    /* characteristic two field curves */
    /* NIST/SECG curves */
    { "sect113r1", NID_sect113r1 },
    { "sect113r2", NID_sect113r2 },
    { "sect131r1", NID_sect131r1 },
    { "sect131r2", NID_sect131r2 },
    { "sect163k1", NID_sect163k1 },
    { "sect163r1", NID_sect163r1 },
    { "sect163r2", NID_sect163r2 },
    { "sect193r1", NID_sect193r1 },
    { "sect193r2", NID_sect193r2 },
    { "sect233k1", NID_sect233k1 },
    { "sect233r1", NID_sect233r1 },
    { "sect239k1", NID_sect239k1 },
    { "sect283k1", NID_sect283k1 },
    { "sect283r1", NID_sect283r1 },
    { "sect409k1", NID_sect409k1 },
    { "sect409r1", NID_sect409r1 },
    { "sect571k1", NID_sect571k1 },
    { "sect571r1", NID_sect571r1 },
    /* X9.62 curves */
    { "c2pnb163v1", NID_X9_62_c2pnb163v1 },
    { "c2pnb163v2", NID_X9_62_c2pnb163v2 },
    { "c2pnb163v3", NID_X9_62_c2pnb163v3 },
    { "c2pnb176v1", NID_X9_62_c2pnb176v1 },
    { "c2tnb191v1", NID_X9_62_c2tnb191v1 },
    { "c2tnb191v2", NID_X9_62_c2tnb191v2 },
    { "c2tnb191v3", NID_X9_62_c2tnb191v3 },
    { "c2pnb208w1", NID_X9_62_c2pnb208w1 },
    { "c2tnb239v1", NID_X9_62_c2tnb239v1 },
    { "c2tnb239v2", NID_X9_62_c2tnb239v2 },
    { "c2tnb239v3", NID_X9_62_c2tnb239v3 },
    { "c2pnb272w1", NID_X9_62_c2pnb272w1 },
    { "c2pnb304w1", NID_X9_62_c2pnb304w1 },
    { "c2tnb359v1", NID_X9_62_c2tnb359v1 },
    { "c2pnb368w1", NID_X9_62_c2pnb368w1 },
    { "c2tnb431r1", NID_X9_62_c2tnb431r1 },
    /*
     * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
     * from X9.62]
     */
    { "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
    { "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
    { "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
    { "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
    { "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
    { "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
    { "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
    { "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
    { "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
    { "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
    { "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
    /* IPSec curves */
    { "Oakley-EC2N-3", NID_ipsec3 },
    { "Oakley-EC2N-4", NID_ipsec4 },
    /* brainpool curves */
    { "brainpoolP160r1", NID_brainpoolP160r1 },
    { "brainpoolP160t1", NID_brainpoolP160t1 },
    { "brainpoolP192r1", NID_brainpoolP192r1 },
    { "brainpoolP192t1", NID_brainpoolP192t1 },
    { "brainpoolP224r1", NID_brainpoolP224r1 },
    { "brainpoolP224t1", NID_brainpoolP224t1 },
    { "brainpoolP256r1", NID_brainpoolP256r1 },
    { "brainpoolP256t1", NID_brainpoolP256t1 },
    { "brainpoolP320r1", NID_brainpoolP320r1 },
    { "brainpoolP320t1", NID_brainpoolP320t1 },
    { "brainpoolP384r1", NID_brainpoolP384r1 },
    { "brainpoolP384t1", NID_brainpoolP384t1 },
    { "brainpoolP512r1", NID_brainpoolP512r1 },
    { "brainpoolP512t1", NID_brainpoolP512t1 },
    /* SM2 curve */
    { "SM2", NID_sm2 },
};

const char *OSSL_EC_curve_nid2name(int nid)
{
    size_t i;

    if (nid <= 0)
        return NULL;

    for (i = 0; i < OSSL_NELEM(curve_list); i++) {
        if (curve_list[i].nid == nid)
            return curve_list[i].name;
    }
    return NULL;
}

int ossl_ec_curve_name2nid(const char *name)
{
    size_t i;
    int nid;

    if (name != NULL) {
        if ((nid = ossl_ec_curve_nist2nid_int(name)) != NID_undef)
            return nid;

        for (i = 0; i < OSSL_NELEM(curve_list); i++) {
            if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0)
                return curve_list[i].nid;
        }
    }

    return NID_undef;
}

/* Functions to translate between common NIST curve names and NIDs */

static const EC_NAME2NID nist_curves[] = {
    { "B-163", NID_sect163r2 },
    { "B-233", NID_sect233r1 },
    { "B-283", NID_sect283r1 },
    { "B-409", NID_sect409r1 },
    { "B-571", NID_sect571r1 },
    { "K-163", NID_sect163k1 },
    { "K-233", NID_sect233k1 },
    { "K-283", NID_sect283k1 },
    { "K-409", NID_sect409k1 },
    { "K-571", NID_sect571k1 },
    { "P-192", NID_X9_62_prime192v1 },
    { "P-224", NID_secp224r1 },
    { "P-256", NID_X9_62_prime256v1 },
    { "P-384", NID_secp384r1 },
    { "P-521", NID_secp521r1 }
};

const char *ossl_ec_curve_nid2nist_int(int nid)
{
    size_t i;
    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
        if (nist_curves[i].nid == nid)
            return nist_curves[i].name;
    }
    return NULL;
}

int ossl_ec_curve_nist2nid_int(const char *name)
{
    size_t i;
    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
        if (strcmp(nist_curves[i].name, name) == 0)
            return nist_curves[i].nid;
    }
    return NID_undef;
}

int EVP_EC_affine2oct(const BIGNUM *x, const BIGNUM *y, size_t field_len,
    unsigned char **pbuf, size_t *pbsize)
{
    unsigned char *buf = NULL;
    size_t buflen = 0;

    if (x == NULL || y == NULL || pbuf == NULL || pbsize == NULL) {
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if (field_len > 2048) {
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
            "The value of field_len is unreasonably large");
        return 0;
    }

    /* Checking if affine coordinates are not too long */
    if (BN_num_bytes(x) > (int)field_len || BN_num_bytes(y) > (int)field_len) {
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
            "EC affine coordinate exceeds field length");
        return 0;
    }

    /* Converting (X,Y) to the SEC1 uncompressed point encoding blob */
    buflen = 1 + 2 * field_len;
    buf = OPENSSL_malloc(buflen);
    if (buf == NULL)
        return 0;
    buf[0] = POINT_CONVERSION_UNCOMPRESSED;
    if (BN_bn2binpad(x, buf + 1, (int)field_len) < 0) {
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
            "failed to encode X coordinate");
        OPENSSL_free(buf);
        return 0;
    }
    if (BN_bn2binpad(y, buf + 1 + field_len, (int)field_len) < 0) {
        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
            "failed to encode Y coordinate");
        OPENSSL_free(buf);
        return 0;
    }

    *pbuf = buf;
    *pbsize = buflen;
    return 1;
}

Coverage Report

Created: 2026-05-20 07:05

Line	Count	Source
1		/*
2		* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <string.h>
11		#include <openssl/ec.h>
12		#include <openssl/err.h>
13		#include "crypto/ec.h"
14		#include "internal/nelem.h"
15
16		typedef struct ec_name2nid_st {
17		const char *name;
18		int nid;
19		} EC_NAME2NID;
20
21		static const EC_NAME2NID curve_list[] = {
22		/* prime field curves */
23		/* secg curves */
24		{ "secp112r1", NID_secp112r1 },
25		{ "secp112r2", NID_secp112r2 },
26		{ "secp128r1", NID_secp128r1 },
27		{ "secp128r2", NID_secp128r2 },
28		{ "secp160k1", NID_secp160k1 },
29		{ "secp160r1", NID_secp160r1 },
30		{ "secp160r2", NID_secp160r2 },
31		{ "secp192k1", NID_secp192k1 },
32		{ "secp224k1", NID_secp224k1 },
33		{ "secp224r1", NID_secp224r1 },
34		{ "secp256k1", NID_secp256k1 },
35		{ "secp384r1", NID_secp384r1 },
36		{ "secp521r1", NID_secp521r1 },
37		/* X9.62 curves */
38		{ "prime192v1", NID_X9_62_prime192v1 },
39		{ "prime192v2", NID_X9_62_prime192v2 },
40		{ "prime192v3", NID_X9_62_prime192v3 },
41		{ "prime239v1", NID_X9_62_prime239v1 },
42		{ "prime239v2", NID_X9_62_prime239v2 },
43		{ "prime239v3", NID_X9_62_prime239v3 },
44		{ "prime256v1", NID_X9_62_prime256v1 },
45		/* characteristic two field curves */
46		/* NIST/SECG curves */
47		{ "sect113r1", NID_sect113r1 },
48		{ "sect113r2", NID_sect113r2 },
49		{ "sect131r1", NID_sect131r1 },
50		{ "sect131r2", NID_sect131r2 },
51		{ "sect163k1", NID_sect163k1 },
52		{ "sect163r1", NID_sect163r1 },
53		{ "sect163r2", NID_sect163r2 },
54		{ "sect193r1", NID_sect193r1 },
55		{ "sect193r2", NID_sect193r2 },
56		{ "sect233k1", NID_sect233k1 },
57		{ "sect233r1", NID_sect233r1 },
58		{ "sect239k1", NID_sect239k1 },
59		{ "sect283k1", NID_sect283k1 },
60		{ "sect283r1", NID_sect283r1 },
61		{ "sect409k1", NID_sect409k1 },
62		{ "sect409r1", NID_sect409r1 },
63		{ "sect571k1", NID_sect571k1 },
64		{ "sect571r1", NID_sect571r1 },
65		/* X9.62 curves */
66		{ "c2pnb163v1", NID_X9_62_c2pnb163v1 },
67		{ "c2pnb163v2", NID_X9_62_c2pnb163v2 },
68		{ "c2pnb163v3", NID_X9_62_c2pnb163v3 },
69		{ "c2pnb176v1", NID_X9_62_c2pnb176v1 },
70		{ "c2tnb191v1", NID_X9_62_c2tnb191v1 },
71		{ "c2tnb191v2", NID_X9_62_c2tnb191v2 },
72		{ "c2tnb191v3", NID_X9_62_c2tnb191v3 },
73		{ "c2pnb208w1", NID_X9_62_c2pnb208w1 },
74		{ "c2tnb239v1", NID_X9_62_c2tnb239v1 },
75		{ "c2tnb239v2", NID_X9_62_c2tnb239v2 },
76		{ "c2tnb239v3", NID_X9_62_c2tnb239v3 },
77		{ "c2pnb272w1", NID_X9_62_c2pnb272w1 },
78		{ "c2pnb304w1", NID_X9_62_c2pnb304w1 },
79		{ "c2tnb359v1", NID_X9_62_c2tnb359v1 },
80		{ "c2pnb368w1", NID_X9_62_c2pnb368w1 },
81		{ "c2tnb431r1", NID_X9_62_c2tnb431r1 },
82		/*
83		* the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
84		* from X9.62]
85		*/
86		{ "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
87		{ "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
88		{ "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
89		{ "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
90		{ "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
91		{ "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
92		{ "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
93		{ "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
94		{ "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
95		{ "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
96		{ "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
97		/* IPSec curves */
98		{ "Oakley-EC2N-3", NID_ipsec3 },
99		{ "Oakley-EC2N-4", NID_ipsec4 },
100		/* brainpool curves */
101		{ "brainpoolP160r1", NID_brainpoolP160r1 },
102		{ "brainpoolP160t1", NID_brainpoolP160t1 },
103		{ "brainpoolP192r1", NID_brainpoolP192r1 },
104		{ "brainpoolP192t1", NID_brainpoolP192t1 },
105		{ "brainpoolP224r1", NID_brainpoolP224r1 },
106		{ "brainpoolP224t1", NID_brainpoolP224t1 },
107		{ "brainpoolP256r1", NID_brainpoolP256r1 },
108		{ "brainpoolP256t1", NID_brainpoolP256t1 },
109		{ "brainpoolP320r1", NID_brainpoolP320r1 },
110		{ "brainpoolP320t1", NID_brainpoolP320t1 },
111		{ "brainpoolP384r1", NID_brainpoolP384r1 },
112		{ "brainpoolP384t1", NID_brainpoolP384t1 },
113		{ "brainpoolP512r1", NID_brainpoolP512r1 },
114		{ "brainpoolP512t1", NID_brainpoolP512t1 },
115		/* SM2 curve */
116		{ "SM2", NID_sm2 },
117		};
118
119		const char *OSSL_EC_curve_nid2name(int nid)
120	0	{
121	0	size_t i;
122
123	0	if (nid <= 0)
124	0	return NULL;
125
126	0	for (i = 0; i < OSSL_NELEM(curve_list); i++) {
127	0	if (curve_list[i].nid == nid)
128	0	return curve_list[i].name;
129	0	}
130	0	return NULL;
131	0	}
132
133		int ossl_ec_curve_name2nid(const char *name)
134	0	{
135	0	size_t i;
136	0	int nid;
137
138	0	if (name != NULL) {
139	0	if ((nid = ossl_ec_curve_nist2nid_int(name)) != NID_undef)
140	0	return nid;
141
142	0	for (i = 0; i < OSSL_NELEM(curve_list); i++) {
143	0	if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0)
144	0	return curve_list[i].nid;
145	0	}
146	0	}
147
148	0	return NID_undef;
149	0	}
150
151		/* Functions to translate between common NIST curve names and NIDs */
152
153		static const EC_NAME2NID nist_curves[] = {
154		{ "B-163", NID_sect163r2 },
155		{ "B-233", NID_sect233r1 },
156		{ "B-283", NID_sect283r1 },
157		{ "B-409", NID_sect409r1 },
158		{ "B-571", NID_sect571r1 },
159		{ "K-163", NID_sect163k1 },
160		{ "K-233", NID_sect233k1 },
161		{ "K-283", NID_sect283k1 },
162		{ "K-409", NID_sect409k1 },
163		{ "K-571", NID_sect571k1 },
164		{ "P-192", NID_X9_62_prime192v1 },
165		{ "P-224", NID_secp224r1 },
166		{ "P-256", NID_X9_62_prime256v1 },
167		{ "P-384", NID_secp384r1 },
168		{ "P-521", NID_secp521r1 }
169		};
170
171		const char *ossl_ec_curve_nid2nist_int(int nid)
172	0	{
173	0	size_t i;
174	0	for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
175	0	if (nist_curves[i].nid == nid)
176	0	return nist_curves[i].name;
177	0	}
178	0	return NULL;
179	0	}
180
181		int ossl_ec_curve_nist2nid_int(const char *name)
182	0	{
183	0	size_t i;
184	0	for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
185	0	if (strcmp(nist_curves[i].name, name) == 0)
186	0	return nist_curves[i].nid;
187	0	}
188	0	return NID_undef;
189	0	}
190
191		int EVP_EC_affine2oct(const BIGNUM x, const BIGNUM y, size_t field_len,
192		unsigned char *pbuf, size_t pbsize)
193	0	{
194	0	unsigned char *buf = NULL;
195	0	size_t buflen = 0;
196
197	0	if (x == NULL \|\| y == NULL \|\| pbuf == NULL \|\| pbsize == NULL) {
198	0	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
199	0	return 0;
200	0	}
201
202	0	if (field_len > 2048) {
203	0	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
204	0	"The value of field_len is unreasonably large");
205	0	return 0;
206	0	}
207
208		/* Checking if affine coordinates are not too long */
209	0	if (BN_num_bytes(x) > (int)field_len \|\| BN_num_bytes(y) > (int)field_len) {
210	0	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
211	0	"EC affine coordinate exceeds field length");
212	0	return 0;
213	0	}
214
215		/* Converting (X,Y) to the SEC1 uncompressed point encoding blob */
216	0	buflen = 1 + 2 * field_len;
217	0	buf = OPENSSL_malloc(buflen);
218	0	if (buf == NULL)
219	0	return 0;
220	0	buf[0] = POINT_CONVERSION_UNCOMPRESSED;
221	0	if (BN_bn2binpad(x, buf + 1, (int)field_len) < 0) {
222	0	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
223	0	"failed to encode X coordinate");
224	0	OPENSSL_free(buf);
225	0	return 0;
226	0	}
227	0	if (BN_bn2binpad(y, buf + 1 + field_len, (int)field_len) < 0) {
228	0	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
229	0	"failed to encode Y coordinate");
230	0	OPENSSL_free(buf);
231	0	return 0;
232	0	}
233
234	0	*pbuf = buf;
235	0	*pbsize = buflen;
236	0	return 1;
237	0	}