luna - wolfssl/src/pk

   1/* pk_ec.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
  23
  24#include <wolfssl/internal.h>
  25#ifndef WC_NO_RNG
  26    #include <wolfssl/wolfcrypt/random.h>
  27#endif
  28
  29#ifdef HAVE_ECC
  30    #include <wolfssl/wolfcrypt/ecc.h>
  31    #ifdef HAVE_SELFTEST
  32        /* point compression types. */
  33        #define ECC_POINT_COMP_EVEN 0x02
  34        #define ECC_POINT_COMP_ODD  0x03
  35        #define ECC_POINT_UNCOMP    0x04
  36    #endif
  37#endif
  38#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
  39    /* FIPS build has replaced ecc.h. */
  40    #define wc_ecc_key_get_priv(key) (&((key)->k))
  41    #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
  42#endif
  43
  44#if !defined(WOLFSSL_PK_EC_INCLUDED)
  45    #ifndef WOLFSSL_IGNORE_FILE_WARN
  46        #warning pk_ec.c does not need to be compiled separately from ssl.c
  47    #endif
  48#else
  49
  50/*******************************************************************************
  51 * START OF EC API
  52 ******************************************************************************/
  53
  54#ifdef HAVE_ECC
  55
  56#if defined(OPENSSL_EXTRA)
  57
  58/* Start EC_curve */
  59
  60/* Get the NIST name for the numeric ID.
  61 *
  62 * @param [in] nid  Numeric ID of an EC curve.
  63 * @return  String representing NIST name of EC curve on success.
  64 * @return  NULL on error.
  65 */
  66const char* wolfSSL_EC_curve_nid2nist(int nid)
  67{
  68    const char* name = NULL;
  69    const WOLF_EC_NIST_NAME* nist_name;
  70
  71    /* Attempt to find the curve info matching the NID passed in. */
  72    for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
  73        if (nist_name->nid == nid) {
  74            /* NID found - return name. */
  75            name = nist_name->name;
  76            break;
  77        }
  78    }
  79
  80    return name;
  81}
  82
  83/* Get the numeric ID for the NIST name.
  84 *
  85 * @param [in] name  NIST name of EC curve.
  86 * @return  NID matching NIST name on success.
  87 * @return  0 on error.
  88 */
  89int wolfSSL_EC_curve_nist2nid(const char* name)
  90{
  91    int nid = 0;
  92    const WOLF_EC_NIST_NAME* nist_name;
  93
  94    /* Attempt to find the curve info matching the NIST name passed in. */
  95    for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
  96        if (XSTRCMP(nist_name->name, name) == 0) {
  97            /* Name found - return NID. */
  98            nid = nist_name->nid;
  99            break;
 100        }
 101    }
 102
 103    return nid;
 104}
 105
 106#endif /* OPENSSL_EXTRA */
 107
 108/* End EC_curve */
 109
 110/* Start EC_METHOD */
 111
 112#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 113/* Get the EC method of the EC group object.
 114 *
 115 * wolfSSL doesn't use method tables. Implementation used is dependent upon
 116 * the NID.
 117 *
 118 * @param [in] group  EC group object.
 119 * @return  EC method.
 120 */
 121const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of(
 122    const WOLFSSL_EC_GROUP *group)
 123{
 124    /* No method table used so just return the same object. */
 125    return group;
 126}
 127
 128/* Get field type for method.
 129 *
 130 * Only prime fields are supported.
 131 *
 132 * @param [in] meth  EC method.
 133 * @return  X9.63 prime field NID on success.
 134 * @return  0 on error.
 135 */
 136int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
 137{
 138    int nid = 0;
 139
 140    if (meth != NULL) {
 141        /* Only field type supported by code base. */
 142        nid = WC_NID_X9_62_prime_field;
 143    }
 144
 145    return nid;
 146}
 147#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 148
 149/* End EC_METHOD */
 150
 151/* Start EC_GROUP */
 152
 153#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 154/* Converts ECC curve enum values in ecc_curve_id to the associated OpenSSL NID
 155 * value.
 156 *
 157 * @param [in] n  ECC curve id.
 158 * @return  ECC curve NID (OpenSSL compatible value).
 159 */
 160int EccEnumToNID(int n)
 161{
 162    WOLFSSL_ENTER("EccEnumToNID");
 163
 164    switch(n) {
 165        case ECC_SECP192R1:
 166            return WC_NID_X9_62_prime192v1;
 167        case ECC_PRIME192V2:
 168            return WC_NID_X9_62_prime192v2;
 169        case ECC_PRIME192V3:
 170            return WC_NID_X9_62_prime192v3;
 171        case ECC_PRIME239V1:
 172            return WC_NID_X9_62_prime239v1;
 173        case ECC_PRIME239V2:
 174            return WC_NID_X9_62_prime239v2;
 175        case ECC_PRIME239V3:
 176            return WC_NID_X9_62_prime239v3;
 177        case ECC_SECP256R1:
 178            return WC_NID_X9_62_prime256v1;
 179        case ECC_SECP112R1:
 180            return WC_NID_secp112r1;
 181        case ECC_SECP112R2:
 182            return WC_NID_secp112r2;
 183        case ECC_SECP128R1:
 184            return WC_NID_secp128r1;
 185        case ECC_SECP128R2:
 186            return WC_NID_secp128r2;
 187        case ECC_SECP160R1:
 188            return WC_NID_secp160r1;
 189        case ECC_SECP160R2:
 190            return WC_NID_secp160r2;
 191        case ECC_SECP224R1:
 192            return WC_NID_secp224r1;
 193        case ECC_SECP384R1:
 194            return WC_NID_secp384r1;
 195        case ECC_SECP521R1:
 196            return WC_NID_secp521r1;
 197        case ECC_SECP160K1:
 198            return WC_NID_secp160k1;
 199        case ECC_SECP192K1:
 200            return WC_NID_secp192k1;
 201        case ECC_SECP224K1:
 202            return WC_NID_secp224k1;
 203        case ECC_SECP256K1:
 204            return WC_NID_secp256k1;
 205        case ECC_BRAINPOOLP160R1:
 206            return WC_NID_brainpoolP160r1;
 207        case ECC_BRAINPOOLP192R1:
 208            return WC_NID_brainpoolP192r1;
 209        case ECC_BRAINPOOLP224R1:
 210            return WC_NID_brainpoolP224r1;
 211        case ECC_BRAINPOOLP256R1:
 212            return WC_NID_brainpoolP256r1;
 213        case ECC_BRAINPOOLP320R1:
 214            return WC_NID_brainpoolP320r1;
 215        case ECC_BRAINPOOLP384R1:
 216            return WC_NID_brainpoolP384r1;
 217        case ECC_BRAINPOOLP512R1:
 218            return WC_NID_brainpoolP512r1;
 219    #ifdef WOLFSSL_SM2
 220        case ECC_SM2P256V1:
 221            return WC_NID_sm2;
 222    #endif
 223        default:
 224            WOLFSSL_MSG("NID not found");
 225            return WOLFSSL_FATAL_ERROR;
 226    }
 227}
 228#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 229
 230#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 231/* Converts OpenSSL NID of EC curve to the enum value in ecc_curve_id
 232 *
 233 * Used by ecc_sets[].
 234 *
 235 * @param [in] n  OpenSSL NID of EC curve.
 236 * @return  wolfCrypt EC curve id.
 237 * @return  -1 on error.
 238 */
 239int NIDToEccEnum(int nid)
 240{
 241    int id;
 242
 243    WOLFSSL_ENTER("NIDToEccEnum");
 244
 245    switch (nid) {
 246        case WC_NID_X9_62_prime192v1:
 247            id = ECC_SECP192R1;
 248            break;
 249        case WC_NID_X9_62_prime192v2:
 250            id = ECC_PRIME192V2;
 251            break;
 252        case WC_NID_X9_62_prime192v3:
 253            id = ECC_PRIME192V3;
 254            break;
 255        case WC_NID_X9_62_prime239v1:
 256            id = ECC_PRIME239V1;
 257            break;
 258        case WC_NID_X9_62_prime239v2:
 259            id = ECC_PRIME239V2;
 260            break;
 261        case WC_NID_X9_62_prime239v3:
 262            id = ECC_PRIME239V3;
 263            break;
 264        case WC_NID_X9_62_prime256v1:
 265            id = ECC_SECP256R1;
 266            break;
 267        case WC_NID_secp112r1:
 268            id = ECC_SECP112R1;
 269            break;
 270        case WC_NID_secp112r2:
 271            id = ECC_SECP112R2;
 272            break;
 273        case WC_NID_secp128r1:
 274            id = ECC_SECP128R1;
 275            break;
 276        case WC_NID_secp128r2:
 277            id = ECC_SECP128R2;
 278            break;
 279        case WC_NID_secp160r1:
 280            id = ECC_SECP160R1;
 281            break;
 282        case WC_NID_secp160r2:
 283            id = ECC_SECP160R2;
 284            break;
 285        case WC_NID_secp224r1:
 286            id = ECC_SECP224R1;
 287            break;
 288        case WC_NID_secp384r1:
 289            id = ECC_SECP384R1;
 290            break;
 291        case WC_NID_secp521r1:
 292            id = ECC_SECP521R1;
 293            break;
 294        case WC_NID_secp160k1:
 295            id = ECC_SECP160K1;
 296            break;
 297        case WC_NID_secp192k1:
 298            id = ECC_SECP192K1;
 299            break;
 300        case WC_NID_secp224k1:
 301            id = ECC_SECP224K1;
 302            break;
 303        case WC_NID_secp256k1:
 304            id = ECC_SECP256K1;
 305            break;
 306        case WC_NID_brainpoolP160r1:
 307            id = ECC_BRAINPOOLP160R1;
 308            break;
 309        case WC_NID_brainpoolP192r1:
 310            id = ECC_BRAINPOOLP192R1;
 311            break;
 312        case WC_NID_brainpoolP224r1:
 313            id = ECC_BRAINPOOLP224R1;
 314            break;
 315        case WC_NID_brainpoolP256r1:
 316            id = ECC_BRAINPOOLP256R1;
 317            break;
 318        case WC_NID_brainpoolP320r1:
 319            id = ECC_BRAINPOOLP320R1;
 320            break;
 321        case WC_NID_brainpoolP384r1:
 322            id = ECC_BRAINPOOLP384R1;
 323            break;
 324        case WC_NID_brainpoolP512r1:
 325            id = ECC_BRAINPOOLP512R1;
 326            break;
 327        default:
 328            WOLFSSL_MSG("NID not found");
 329            /* -1 on error. */
 330            id = WOLFSSL_FATAL_ERROR;
 331    }
 332
 333    return id;
 334}
 335
 336/* Set the fields of the EC group based on numeric ID.
 337 *
 338 * @param [in, out] group  EC group.
 339 * @param [in]      nid    Numeric ID of an EC curve.
 340 */
 341static void ec_group_set_nid(WOLFSSL_EC_GROUP* group, int nid)
 342{
 343    int eccEnum;
 344    int realNid;
 345
 346    /* Convert ecc_curve_id enum to NID. */
 347    if ((realNid = EccEnumToNID(nid)) != -1) {
 348        /* ecc_curve_id enum passed in - have real NID value set. */
 349        eccEnum = nid;
 350    }
 351    else {
 352        /* NID passed in is OpenSSL type. */
 353        realNid = nid;
 354        /* Convert NID to ecc_curve_id enum. */
 355        eccEnum = NIDToEccEnum(nid);
 356    }
 357
 358    /* Set the numeric ID of the curve */
 359    group->curve_nid = realNid;
 360    /* Initialize index to -1 (i.e. wolfCrypt doesn't support curve). */
 361    group->curve_idx = -1;
 362
 363    /* Find index and OID sum for curve if wolfCrypt supports it. */
 364    if (eccEnum != -1) {
 365        int i;
 366
 367        /* Find id and set the internal curve idx and OID sum. */
 368        for (i = 0; ecc_sets[i].size != 0; i++) {
 369            if (ecc_sets[i].id == eccEnum) {
 370                /* Found id in wolfCrypt supported EC curves. */
 371                group->curve_idx = i;
 372                group->curve_oid = (int)ecc_sets[i].oidSum;
 373                break;
 374            }
 375        }
 376    }
 377}
 378
 379/* Create a new EC group with the numeric ID for an EC curve.
 380 *
 381 * @param [in] nid  Numeric ID of an EC curve.
 382 * @return  New, allocated EC group on success.
 383 * @return  NULL on error.
 384 */
 385WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_new_by_curve_name(int nid)
 386{
 387    int err = 0;
 388    WOLFSSL_EC_GROUP* group;
 389
 390    WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
 391
 392    /* Allocate EC group. */
 393    group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
 394        DYNAMIC_TYPE_ECC);
 395    if (group == NULL) {
 396        WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
 397        err = 1;
 398    }
 399
 400    if (!err) {
 401        /* Reset all fields. */
 402        XMEMSET(group, 0, sizeof(WOLFSSL_EC_GROUP));
 403
 404        /* Set the fields of group based on the numeric ID. */
 405        ec_group_set_nid(group, nid);
 406    }
 407
 408    return group;
 409}
 410#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 411
 412#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 413/* Dispose of the EC group.
 414 *
 415 * Cannot use group after this call.
 416 *
 417 * @param [in] group  EC group to free.
 418 */
 419void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
 420{
 421    WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
 422
 423    /* Dispose of EC group. */
 424    XFREE(group, NULL, DYNAMIC_TYPE_ECC);
 425}
 426#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 427
 428#ifdef OPENSSL_EXTRA
 429#ifndef NO_BIO
 430
 431/* Creates an EC group from the DER encoding.
 432 *
 433 * Only named curves supported.
 434 *
 435 * @param [out] group  Reference to EC group object.
 436 * @param [in]  in     Buffer holding DER encoding of curve.
 437 * @param [in]  inSz   Length of data in buffer.
 438 * @return  EC group on success.
 439 * @return  NULL on error.
 440 */
 441static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
 442    const unsigned char** in_pp, long inSz)
 443{
 444    int err = 0;
 445    WOLFSSL_EC_GROUP* ret = NULL;
 446    word32 idx = 0;
 447    word32 oid = 0;
 448    int id = 0;
 449    const unsigned char* in;
 450
 451    if (in_pp == NULL || *in_pp == NULL)
 452        return NULL;
 453
 454    in = *in_pp;
 455
 456    /* Use the group passed in. */
 457    if ((group != NULL) && (*group != NULL)) {
 458        ret = *group;
 459    }
 460
 461    /* Only support named curves. */
 462    if (in[0] != ASN_OBJECT_ID) {
 463        WOLFSSL_ERROR_MSG("Invalid or unsupported encoding");
 464        err = 1;
 465    }
 466    /* Decode the OBJECT ID - expecting an EC curve OID. */
 467    if ((!err) && (GetObjectId(in, &idx, &oid, oidCurveType, (word32)inSz) !=
 468            0)) {
 469        err = 1;
 470    }
 471    if (!err) {
 472        /* Get the internal ID for OID. */
 473        id = wc_ecc_get_oid(oid, NULL, NULL);
 474        if (id < 0) {
 475            err = 1;
 476        }
 477    }
 478    if (!err) {
 479        /* Get the NID for the internal ID. */
 480        int nid = EccEnumToNID(id);
 481        if (ret == NULL) {
 482            /* Create a new EC group with the numeric ID. */
 483            ret = wolfSSL_EC_GROUP_new_by_curve_name(nid);
 484            if (ret == NULL) {
 485                err = 1;
 486            }
 487        }
 488        else {
 489            ec_group_set_nid(ret, nid);
 490        }
 491    }
 492    if ((!err) && (group != NULL)) {
 493        /* Return the EC group through reference. */
 494        *group = ret;
 495    }
 496
 497    if (err) {
 498        if ((ret != NULL) && (ret != *group)) {
 499            wolfSSL_EC_GROUP_free(ret);
 500        }
 501        ret = NULL;
 502    }
 503    else {
 504        *in_pp += idx;
 505    }
 506    return ret;
 507}
 508
 509/* Creates a new EC group from the PEM encoding in the BIO.
 510 *
 511 * @param [in]  bio    BIO to read PEM encoding from.
 512 * @param [out] group  Reference to EC group object.
 513 * @param [in]  cb     Password callback when PEM encrypted.
 514 * @param [in]  pass   NUL terminated string for passphrase when PEM encrypted.
 515 * @return  EC group on success.
 516 * @return  NULL on error.
 517 */
 518WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
 519    WOLFSSL_EC_GROUP** group, wc_pem_password_cb* cb, void* pass)
 520{
 521    int err = 0;
 522    WOLFSSL_EC_GROUP* ret = NULL;
 523    DerBuffer*        der = NULL;
 524    int               keyFormat = 0;
 525
 526     if (bio == NULL) {
 527         err = 1;
 528     }
 529
 530    /* Read parameters from BIO and convert PEM to DER. */
 531    if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PARAM_TYPE,
 532            &keyFormat, &der) < 0)) {
 533        err = 1;
 534    }
 535    if (!err) {
 536        /* Create EC group from DER encoding. */
 537        const byte** p = (const byte**)&der->buffer;
 538        ret = wolfssl_ec_group_d2i(group, p, der->length);
 539        if (ret == NULL) {
 540            WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
 541        }
 542    }
 543
 544    /* Dispose of any allocated data. */
 545    FreeDer(&der);
 546    return ret;
 547}
 548
 549WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
 550        const unsigned char **in, long len)
 551{
 552    return wolfssl_ec_group_d2i(out, in, len);
 553}
 554
 555int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
 556{
 557    unsigned char* out = NULL;
 558    int len = 0;
 559    int idx;
 560    const byte* oid = NULL;
 561    word32 oidSz = 0;
 562
 563    if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) ||
 564            grp->curve_idx < 0)
 565        return WOLFSSL_FATAL_ERROR;
 566
 567    /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid
 568     * is just the numerical representation. */
 569    if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0)
 570        return WOLFSSL_FATAL_ERROR;
 571
 572    len = SetObjectId((int)oidSz, NULL) + (int)oidSz;
 573
 574    if (pp == NULL)
 575        return len;
 576
 577    if (*pp == NULL) {
 578        out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
 579        if (out == NULL)
 580            return WOLFSSL_FATAL_ERROR;
 581    }
 582    else {
 583        out = *pp;
 584    }
 585
 586    idx = SetObjectId((int)oidSz, out);
 587    XMEMCPY(out + idx, oid, oidSz);
 588    if (*pp == NULL)
 589        *pp = out;
 590    else
 591        *pp += len;
 592
 593    return len;
 594}
 595#endif /* !NO_BIO */
 596
 597#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
 598/* Copy an EC group.
 599 *
 600 * Only used by wolfSSL_EC_KEY_dup at this time.
 601 *
 602 * @param [in, out] dst  Destination EC group.
 603 * @param [in]      src  Source EC group.
 604 * @return  0 on success.
 605 */
 606static int wolfssl_ec_group_copy(WOLFSSL_EC_GROUP* dst,
 607    const WOLFSSL_EC_GROUP* src)
 608{
 609    /* Copy the fields. */
 610    dst->curve_idx = src->curve_idx;
 611    dst->curve_nid = src->curve_nid;
 612    dst->curve_oid = src->curve_oid;
 613
 614    return 0;
 615}
 616#endif /* OPENSSL_ALL && !NO_CERTS */
 617
 618/* Copies ecc_key into new WOLFSSL_EC_GROUP object
 619 *
 620 * @param [in] src  EC group to duplicate.
 621 *
 622 * @return  EC group on success.
 623 * @return  NULL on error.
 624 */
 625WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src)
 626{
 627    WOLFSSL_EC_GROUP* newGroup = NULL;
 628
 629    if (src != NULL) {
 630        /* Create new group base on NID in original EC group. */
 631        newGroup = wolfSSL_EC_GROUP_new_by_curve_name(src->curve_nid);
 632     }
 633
 634    return newGroup;
 635}
 636
 637/* Compare two EC groups.
 638 *
 639 * Return code compliant with OpenSSL.
 640 *
 641 * @param [in] a    First EC group.
 642 * @param [in] b    Second EC group.
 643 * @param [in] ctx  Big number context to use when comparing fields. Unused.
 644 *
 645 * @return  0 if equal.
 646 * @return  1 if not equal.
 647 * @return  -1 on error.
 648 */
 649int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
 650                         WOLFSSL_BN_CTX *ctx)
 651{
 652    int ret;
 653
 654    /* No BN operations performed. */
 655    (void)ctx;
 656
 657    WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
 658
 659    /* Validate parameters. */
 660    if ((a == NULL) || (b == NULL)) {
 661        WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
 662        /* Return error value. */
 663        ret = WOLFSSL_FATAL_ERROR;
 664    }
 665    /* Compare NID and wolfSSL curve index. */
 666    else {
 667        /* 0 when same, 1 when not. */
 668        ret = ((a->curve_nid == b->curve_nid) &&
 669               (a->curve_idx == b->curve_idx)) ? 0 : 1;
 670    }
 671
 672    return ret;
 673}
 674
 675#ifndef NO_WOLFSSL_STUB
 676/* Set the ASN.1 flag that indicate encoding of curve.
 677 *
 678 * Stub function - flag not used elsewhere.
 679 * Always encoded as named curve.
 680 *
 681 * @param [in] group  EC group to modify.
 682 * @param [in] flag   ASN.1 flag to set. Valid values:
 683 *                    OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE
 684 */
 685void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
 686{
 687    (void)group;
 688    (void)flag;
 689
 690    WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
 691    WOLFSSL_STUB("EC_GROUP_set_asn1_flag");
 692}
 693#endif
 694
 695/* Get the curve NID of the group.
 696 *
 697 * Return code compliant with OpenSSL.
 698 *
 699 * @param [in] group  EC group.
 700 * @return  Curve NID on success.
 701 * @return  0 on error.
 702 */
 703int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
 704{
 705    int nid = 0;
 706    WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
 707
 708    if (group == NULL) {
 709        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
 710    }
 711    else {
 712        nid = group->curve_nid;
 713    }
 714
 715    return nid;
 716}
 717
 718/* Get the degree (curve size in bits) of the EC group.
 719 *
 720 * Return code compliant with OpenSSL.
 721 *
 722 * @return  Degree of the curve on success.
 723 * @return  0 on error.
 724 */
 725int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
 726{
 727    int degree = 0;
 728
 729    WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
 730
 731    if (group == NULL) {
 732        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
 733    }
 734    else {
 735        switch (group->curve_nid) {
 736            case WC_NID_secp112r1:
 737            case WC_NID_secp112r2:
 738                degree = 112;
 739                break;
 740            case WC_NID_secp128r1:
 741            case WC_NID_secp128r2:
 742                degree = 128;
 743                break;
 744            case WC_NID_secp160k1:
 745            case WC_NID_secp160r1:
 746            case WC_NID_secp160r2:
 747            case WC_NID_brainpoolP160r1:
 748                degree = 160;
 749                break;
 750            case WC_NID_secp192k1:
 751            case WC_NID_brainpoolP192r1:
 752            case WC_NID_X9_62_prime192v1:
 753            case WC_NID_X9_62_prime192v2:
 754            case WC_NID_X9_62_prime192v3:
 755                degree = 192;
 756                break;
 757            case WC_NID_secp224k1:
 758            case WC_NID_secp224r1:
 759            case WC_NID_brainpoolP224r1:
 760                degree = 224;
 761                break;
 762            case WC_NID_X9_62_prime239v1:
 763            case WC_NID_X9_62_prime239v2:
 764            case WC_NID_X9_62_prime239v3:
 765                degree = 239;
 766                break;
 767            case WC_NID_secp256k1:
 768            case WC_NID_brainpoolP256r1:
 769            case WC_NID_X9_62_prime256v1:
 770                degree = 256;
 771                break;
 772            case WC_NID_brainpoolP320r1:
 773                degree = 320;
 774                break;
 775            case WC_NID_secp384r1:
 776            case WC_NID_brainpoolP384r1:
 777                degree = 384;
 778                break;
 779            case WC_NID_brainpoolP512r1:
 780                degree = 512;
 781                break;
 782            case WC_NID_secp521r1:
 783                degree = 521;
 784                break;
 785        }
 786    }
 787
 788    return degree;
 789}
 790#endif /* OPENSSL_EXTRA */
 791
 792#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 793/* Get the length of the order in bits of the EC group.
 794 *
 795 * TODO: consider switch statement or calculating directly from hex string
 796 * array instead of using mp_int.
 797 *
 798 * @param [in] group  EC group.
 799 * @return  Length of order in bits on success.
 800 * @return  0 on error.
 801 */
 802int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
 803{
 804    int ret = 0;
 805    WC_DECLARE_VAR(order, mp_int, 1, 0);
 806
 807    /* Validate parameter. */
 808    if ((group == NULL) || (group->curve_idx < 0)) {
 809        WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
 810        ret = WOLFSSL_FATAL_ERROR;
 811    }
 812
 813#ifdef WOLFSSL_SMALL_STACK
 814    if (ret == 0) {
 815        /* Allocate memory for mp_int that will hold order value. */
 816        order = (mp_int *)XMALLOC(sizeof(*order), NULL,
 817            DYNAMIC_TYPE_TMP_BUFFER);
 818        if (order == NULL) {
 819            ret = WOLFSSL_FATAL_ERROR;
 820        }
 821    }
 822#endif
 823
 824    if (ret == 0) {
 825        /* Initialize mp_int. */
 826        ret = mp_init(order);
 827    }
 828
 829    if (ret == 0) {
 830        /* Read hex string of order from wolfCrypt array of curves. */
 831        ret = mp_read_radix(order, ecc_sets[group->curve_idx].order,
 832            MP_RADIX_HEX);
 833        if (ret == 0) {
 834            /* Get bits of order. */
 835            ret = mp_count_bits(order);
 836        }
 837        /* Clear and free mp_int. */
 838        mp_clear(order);
 839    }
 840
 841    WC_FREE_VAR_EX(order, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 842
 843    /* Convert error code to length of 0. */
 844    if (ret < 0) {
 845        ret = 0;
 846    }
 847
 848    return ret;
 849}
 850#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 851
 852#if defined(OPENSSL_EXTRA)
 853/* Get the order of the group as a BN.
 854 *
 855 * Return code compliant with OpenSSL.
 856 *
 857 * @param [in]      group  EC group.
 858 * @param [in, out] order  BN to hold order value.
 859 * @param [in]      ctx    Context to use for BN operations. Unused.
 860 * @return  1 on success.
 861 * @return  0 on error.
 862 */
 863int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
 864    WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
 865{
 866    int ret = 1;
 867    mp_int* mp = NULL;
 868
 869    /* No BN operations performed - done with mp_int in BN. */
 870    (void)ctx;
 871
 872    /* Validate parameters. */
 873    if ((group == NULL) || (order == NULL) || (order->internal == NULL)) {
 874        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
 875        ret = 0;
 876    }
 877
 878    if (ret == 1 &&
 879            (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) {
 880        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx");
 881        ret = 0;
 882    }
 883
 884    if (ret == 1) {
 885        mp = (mp_int*)order->internal;
 886    }
 887    /* Initialize */
 888    if ((ret == 1) && (mp_init(mp) != MP_OKAY)) {
 889        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
 890        ret = 0;
 891    }
 892    /* Read hex string of order from wolfCrypt array of curves. */
 893    if ((ret == 1) && (mp_read_radix(mp, ecc_sets[group->curve_idx].order,
 894            MP_RADIX_HEX) != MP_OKAY)) {
 895        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
 896        /* Zero out any partial value but don't free. */
 897        mp_zero(mp);
 898        ret = 0;
 899    }
 900
 901    return ret;
 902}
 903
 904#endif /* OPENSSL_EXTRA */
 905
 906/* End EC_GROUP */
 907
 908/* Start EC_POINT */
 909
 910#if defined(OPENSSL_EXTRA)
 911
 912/* Set data of EC point into internal, wolfCrypt EC point object.
 913 *
 914 * EC_POINT Openssl -> WolfSSL
 915 *
 916 * @param [in, out] p  EC point to update.
 917 * @return  1 on success.
 918 * @return  -1 on failure.
 919 */
 920static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
 921{
 922    int ret = 1;
 923
 924    WOLFSSL_ENTER("ec_point_internal_set");
 925
 926    /* Validate parameter. */
 927    if ((p == NULL) || (p->internal == NULL)) {
 928        WOLFSSL_MSG("ECPoint NULL error");
 929        ret = WOLFSSL_FATAL_ERROR;
 930    }
 931    else {
 932        /* Get internal point as a wolfCrypt EC point. */
 933        ecc_point* point = (ecc_point*)p->internal;
 934
 935        /* Set X ordinate if available. */
 936        if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) {
 937            WOLFSSL_MSG("ecc point X error");
 938            ret = WOLFSSL_FATAL_ERROR;
 939        }
 940        /* Set Y ordinate if available. */
 941        if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y,
 942                point->y) != 1)) {
 943            WOLFSSL_MSG("ecc point Y error");
 944            ret = WOLFSSL_FATAL_ERROR;
 945        }
 946        /* Set Z ordinate if available. */
 947        if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z,
 948                point->z) != 1)) {
 949            WOLFSSL_MSG("ecc point Z error");
 950            ret = WOLFSSL_FATAL_ERROR;
 951        }
 952        /* Internal values set when operations succeeded. */
 953        p->inSet = (ret == 1);
 954    }
 955
 956    return ret;
 957}
 958
 959/* Set data of internal, wolfCrypt EC point object into EC point.
 960 *
 961 * EC_POINT WolfSSL -> OpenSSL
 962 *
 963 * @param [in, out] p  EC point to update.
 964 * @return  1 on success.
 965 * @return  -1 on failure.
 966 */
 967static int ec_point_external_set(WOLFSSL_EC_POINT *p)
 968{
 969    int ret = 1;
 970
 971    WOLFSSL_ENTER("ec_point_external_set");
 972
 973    /* Validate parameter. */
 974    if ((p == NULL) || (p->internal == NULL)) {
 975        WOLFSSL_MSG("ECPoint NULL error");
 976        ret = WOLFSSL_FATAL_ERROR;
 977    }
 978    else {
 979        /* Get internal point as a wolfCrypt EC point. */
 980        ecc_point* point = (ecc_point*)p->internal;
 981
 982        /* Set X ordinate. */
 983        if (wolfssl_bn_set_value(&p->X, point->x) != 1) {
 984            WOLFSSL_MSG("ecc point X error");
 985            ret = WOLFSSL_FATAL_ERROR;
 986        }
 987        /* Set Y ordinate. */
 988        if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) {
 989            WOLFSSL_MSG("ecc point Y error");
 990            ret = WOLFSSL_FATAL_ERROR;
 991        }
 992        /* Set Z ordinate. */
 993        if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) {
 994            WOLFSSL_MSG("ecc point Z error");
 995            ret = WOLFSSL_FATAL_ERROR;
 996        }
 997        /* External values set when operations succeeded. */
 998        p->exSet = (ret == 1);
 999    }
1000
1001    return ret;
1002}
1003
1004/* Setup internals of EC point.
1005 *
1006 * Assumes point is not NULL.
1007 *
1008 * @param [in, out] point  EC point to update.
1009 * @return  1 on success.
1010 * @return  0 on failure.
1011 */
1012static int ec_point_setup(const WOLFSSL_EC_POINT *point) {
1013    int ret = 1;
1014
1015    /* Check if internal values need setting. */
1016    if (!point->inSet) {
1017        WOLFSSL_MSG("No ECPoint internal set, do it");
1018
1019        /* Forcing to non-constant type to update internals. */
1020        if (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1) {
1021            WOLFSSL_MSG("ec_point_internal_set failed");
1022            ret = 0;
1023        }
1024    }
1025
1026    return ret;
1027}
1028
1029/* Create a new EC point from the group.
1030 *
1031 * @param [in] group  EC group.
1032 * @return  EC point on success.
1033 * @return  NULL on error.
1034 */
1035WOLFSSL_EC_POINT* wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP* group)
1036{
1037    int err = 0;
1038    WOLFSSL_EC_POINT* point = NULL;
1039
1040    WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
1041
1042    /* Validate parameter. */
1043    if (group == NULL) {
1044        WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
1045        err = 1;
1046    }
1047
1048    if (!err) {
1049        /* Allocate memory for new EC point. */
1050        point = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
1051            DYNAMIC_TYPE_ECC);
1052        if (point == NULL) {
1053            WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
1054            err = 1;
1055        }
1056    }
1057    if (!err) {
1058        /* Clear fields of EC point. */
1059        XMEMSET(point, 0, sizeof(WOLFSSL_EC_POINT));
1060
1061        /* Allocate internal EC point. */
1062        point->internal = wc_ecc_new_point();
1063        if (point->internal == NULL) {
1064            WOLFSSL_MSG("ecc_new_point failure");
1065            err = 1;
1066        }
1067    }
1068
1069    if (err) {
1070        XFREE(point, NULL, DYNAMIC_TYPE_ECC);
1071        point = NULL;
1072    }
1073    return point;
1074}
1075
1076#endif /* OPENSSL_EXTRA */
1077
1078#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1079/* Dispose of the EC point.
1080 *
1081 * Cannot use point after this call.
1082 *
1083 * @param [in, out] point  EC point to free.
1084 */
1085void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point)
1086{
1087    WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
1088
1089    if (point != NULL) {
1090        if (point->internal != NULL) {
1091            wc_ecc_del_point((ecc_point*)point->internal);
1092            point->internal = NULL;
1093        }
1094
1095        /* Free ordinates. */
1096        wolfSSL_BN_free(point->X);
1097        wolfSSL_BN_free(point->Y);
1098        wolfSSL_BN_free(point->Z);
1099        /* Clear fields. */
1100        point->X = NULL;
1101        point->Y = NULL;
1102        point->Z = NULL;
1103        point->inSet = 0;
1104        point->exSet = 0;
1105
1106        /* Dispose of EC point. */
1107        XFREE(point, NULL, DYNAMIC_TYPE_ECC);
1108    }
1109}
1110#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
1111
1112#ifdef OPENSSL_EXTRA
1113
1114/* Clear and dispose of the EC point.
1115 *
1116 * Cannot use point after this call.
1117 *
1118 * @param [in, out] point  EC point to free.
1119 */
1120void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point)
1121{
1122    WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
1123
1124    if (point != NULL) {
1125        if (point->internal != NULL) {
1126            /* Force internal point to be zeros. */
1127    #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1128            wc_ecc_forcezero_point((ecc_point*)point->internal);
1129    #else
1130            ecc_point* p = (ecc_point*)point->internal;
1131            mp_forcezero(p->x);
1132            mp_forcezero(p->y);
1133            mp_forcezero(p->z);
1134    #endif
1135            wc_ecc_del_point((ecc_point*)point->internal);
1136            point->internal = NULL;
1137        }
1138
1139        /* Clear the ordinates before freeing. */
1140        wolfSSL_BN_clear_free(point->X);
1141        wolfSSL_BN_clear_free(point->Y);
1142        wolfSSL_BN_clear_free(point->Z);
1143        /* Clear fields. */
1144        point->X = NULL;
1145        point->Y = NULL;
1146        point->Z = NULL;
1147        point->inSet = 0;
1148        point->exSet = 0;
1149
1150        /* Dispose of EC point. */
1151        XFREE(point, NULL, DYNAMIC_TYPE_ECC);
1152    }
1153}
1154
1155/* Print out the internals of EC point in debug and when logging callback set.
1156 *
1157 * Not an OpenSSL API.
1158 *
1159 * TODO: Use WOLFSSL_MSG_EX()?
1160 *
1161 * @param [in] msg    Message to prepend.
1162 * @param [in] point  EC point to print.
1163 */
1164void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point)
1165{
1166#if defined(DEBUG_WOLFSSL)
1167    char *num;
1168
1169    WOLFSSL_ENTER("wolfSSL_EC_POINT_dump");
1170
1171    /* Only print when debugging on. */
1172    if (WOLFSSL_IS_DEBUG_ON()) {
1173        if (point == NULL) {
1174            /* No point passed in so just put out "NULL". */
1175            WOLFSSL_MSG_EX("%s = NULL\n", msg);
1176        }
1177        else {
1178            /* Put out message and status of internal/external data set. */
1179            WOLFSSL_MSG_EX("%s:\n\tinSet=%d, exSet=%d\n", msg, point->inSet,
1180                point->exSet);
1181            /* Get x-ordinate as a hex string and print. */
1182            num = wolfSSL_BN_bn2hex(point->X);
1183            WOLFSSL_MSG_EX("\tX = %s\n", num);
1184            XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
1185            /* Get x-ordinate as a hex string and print. */
1186            num = wolfSSL_BN_bn2hex(point->Y);
1187            WOLFSSL_MSG_EX("\tY = %s\n", num);
1188            XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
1189            /* Get z-ordinate as a hex string and print. */
1190            num = wolfSSL_BN_bn2hex(point->Z);
1191            WOLFSSL_MSG_EX("\tZ = %s\n", num);
1192            XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
1193        }
1194    }
1195#else
1196    (void)msg;
1197    (void)point;
1198#endif
1199}
1200
1201/* Convert EC point to hex string that as either uncompressed or compressed.
1202 *
1203 * ECC point compression types were not included in selftest ecc.h
1204 *
1205 * @param [in] group  EC group for point.
1206 * @param [in] point  EC point to encode.
1207 * @param [in] form   Format of encoding. Valid values:
1208 *                    POINT_CONVERSION_UNCOMPRESSED, POINT_CONVERSION_COMPRESSED
1209 * @param [in] ctx    Context to use for BN operations. Unused.
1210 * @return  Allocated hex string on success.
1211 * @return  NULL on error.
1212 */
1213char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
1214    const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BN_CTX* ctx)
1215{
1216    static const char* hexDigit = "0123456789ABCDEF";
1217    char* hex = NULL;
1218    int i;
1219    int sz = 0;
1220    int len = 0;
1221    int err = 0;
1222
1223    /* No BN operations performed. */
1224    (void)ctx;
1225
1226    /* Validate parameters. */
1227    if ((group == NULL) || (point == NULL)) {
1228        err = 1;
1229    }
1230    /* Get curve id expects a positive index. */
1231    if ((!err) && (group->curve_idx < 0)) {
1232        err = 1;
1233    }
1234
1235    if (!err) {
1236        /* Get curve id to look up ordinate size. */
1237        int id = wc_ecc_get_curve_id(group->curve_idx);
1238        /* Get size of ordinate. */
1239        if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) {
1240            err = 1;
1241        }
1242    }
1243    if (!err) {
1244        /* <format byte> <x-ordinate> [<y-ordinate>] */
1245        len = sz + 1;
1246        if (form == WC_POINT_CONVERSION_UNCOMPRESSED) {
1247            /* Include y ordinate when uncompressed. */
1248            len += sz;
1249        }
1250
1251        /* Hex string: allocate 2 bytes to represent each byte plus 1 for '\0'.
1252         */
1253        hex = (char*)XMALLOC((size_t)(2 * len + 1), NULL, DYNAMIC_TYPE_ECC);
1254        if (hex == NULL) {
1255            err = 1;
1256        }
1257    }
1258    if (!err) {
1259        /* Make bytes all zeros to allow for ordinate values less than max size.
1260         */
1261        XMEMSET(hex, 0, (size_t)(2 * len + 1));
1262
1263        /* Calculate offset as leading zeros not encoded. */
1264        i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1;
1265        /* Put in x-ordinate after format byte. */
1266        if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) <
1267                0) {
1268            err = 1;
1269        }
1270    }
1271    if (!err) {
1272        if (form == WC_POINT_CONVERSION_COMPRESSED) {
1273            /* Compressed format byte value dependent on whether y-ordinate is
1274             * odd.
1275             */
1276            hex[0] = mp_isodd((mp_int*)point->Y->internal) ?
1277                ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;
1278            /* No y-ordinate. */
1279        }
1280        else {
1281            /* Put in uncompressed format byte. */
1282            hex[0] = ECC_POINT_UNCOMP;
1283            /* Calculate offset as leading zeros not encoded. */
1284            i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal);
1285            /* Put in y-ordinate after x-ordinate. */
1286            if (mp_to_unsigned_bin((mp_int*)point->Y->internal,
1287                    (byte*)(hex + i)) < 0) {
1288                err = 1;
1289            }
1290        }
1291    }
1292    if (!err) {
1293        /* Convert binary encoding to hex string. */
1294        /* Start at end so as not to overwrite. */
1295        for (i = len-1; i >= 0; i--) {
1296            /* Get byte value and store has hex string. */
1297            byte b = (byte)hex[i];
1298            hex[i * 2 + 1] = hexDigit[b  & 0xf];
1299            hex[i * 2    ] = hexDigit[b >>   4];
1300        }
1301        /* Memset put trailing zero or '\0' on end of string. */
1302    }
1303
1304    if (err && (hex != NULL)) {
1305        /* Dispose of allocated data not being returned. */
1306        XFREE(hex,  NULL, DYNAMIC_TYPE_ECC);
1307        hex = NULL;
1308    }
1309    /* Return hex string encoding. */
1310    return hex;
1311}
1312
1313static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz)
1314{
1315    word32 i;
1316    for (i = 0; i < sz; i++) {
1317        signed char ch1, ch2;
1318        ch1 = HexCharToByte(hex[i * 2]);
1319        ch2 = HexCharToByte(hex[i * 2 + 1]);
1320        if ((ch1 < 0) || (ch2 < 0)) {
1321            WOLFSSL_MSG("hex_to_bytes: syntax error");
1322            return 0;
1323        }
1324        output[i] = (unsigned char)((ch1 << 4) + ch2);
1325    }
1326    return sz;
1327}
1328
1329WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group,
1330            const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx)
1331{
1332    /* for uncompressed mode */
1333    size_t str_sz;
1334    WOLFSSL_BIGNUM *Gx  = NULL;
1335    WOLFSSL_BIGNUM *Gy  = NULL;
1336    char   strGx[MAX_ECC_BYTES * 2 + 1];
1337
1338    /* for compressed mode */
1339    int    key_sz;
1340    byte   *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */
1341
1342    int p_alloc = 0;
1343    int ret;
1344
1345    WOLFSSL_ENTER("wolfSSL_EC_POINT_hex2point");
1346
1347    if (group == NULL || hex == NULL || ctx == NULL)
1348        return NULL;
1349
1350    if (p == NULL) {
1351        if ((p = wolfSSL_EC_POINT_new(group)) == NULL) {
1352            WOLFSSL_MSG("wolfSSL_EC_POINT_new");
1353            goto err;
1354        }
1355        p_alloc = 1;
1356    }
1357
1358    key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8;
1359    if (key_sz <= 0 || (size_t)key_sz > MAX_ECC_BYTES)
1360        goto err;
1361
1362    if (hex[0] ==  '0' && hex[1] == '4') { /* uncompressed mode */
1363        str_sz = (size_t)key_sz * 2;
1364
1365        /* The uncompressed encoding is exactly 2 + 4*key_sz hex chars
1366         * ("04" prefix plus X and Y as 2*key_sz hex chars each). Reject
1367         * any other length so XMEMCPY/BN_hex2bn cannot read past the end
1368         * of the input and trailing garbage is not silently absorbed. */
1369        if (XSTRLEN(hex + 2) != str_sz * 2)
1370            goto err;
1371
1372        XMEMSET(strGx, 0x0, str_sz + 1);
1373        XMEMCPY(strGx, hex + 2, str_sz);
1374
1375        if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0)
1376            goto err;
1377
1378        if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0)
1379            goto err;
1380
1381        ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp
1382                                            (group, p, Gx, Gy, ctx);
1383
1384        if (ret != WOLFSSL_SUCCESS) {
1385            WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp");
1386            goto err;
1387        }
1388    }
1389    else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) {
1390        /* The SEC 1 compressed encoding is exactly 1 + key_sz bytes, so
1391         * the hex payload after the "02"/"03" prefix must be exactly
1392         * 2*key_sz hex chars. Compare the input length directly (rather
1393         * than XSTRLEN/2) so that odd-length inputs cannot slip past via
1394         * integer truncation. The exact-match rejects oversized inputs
1395         * (preventing a hex_to_bytes() write past strGx) and undersized
1396         * inputs (preventing wolfSSL_ECPoint_d2i() from reading
1397         * uninitialized stack bytes as the X coordinate). */
1398        if (XSTRLEN(hex + 2) != (size_t)key_sz * 2)
1399            goto err;
1400        octGx[0] = (hex[1] == '2') ? ECC_POINT_COMP_EVEN
1401                                   : ECC_POINT_COMP_ODD;
1402        if (hex_to_bytes(hex + 2, octGx + 1, (size_t)key_sz)
1403                                            != (size_t)key_sz) {
1404            goto err;
1405        }
1406        if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p)
1407                                            != WOLFSSL_SUCCESS) {
1408            goto err;
1409        }
1410    }
1411    else
1412        goto err;
1413
1414    wolfSSL_BN_free(Gx);
1415    wolfSSL_BN_free(Gy);
1416    return p;
1417
1418err:
1419    wolfSSL_BN_free(Gx);
1420    wolfSSL_BN_free(Gy);
1421    if (p_alloc) {
1422        wolfSSL_EC_POINT_free(p);
1423    }
1424    return NULL;
1425
1426}
1427
1428/* Encode the EC point as an uncompressed point in DER.
1429 *
1430 * Return code compliant with OpenSSL.
1431 * Not OpenSSL API.
1432 *
1433 * @param [in]      group  EC group point belongs to.
1434 * @param [in]      point  EC point to encode.
1435 * @param [out]     out    Buffer to encode into. May be NULL.
1436 * @param [in, out] len    On in, length of buffer in bytes.
1437 *                         On out, length of encoding in bytes.
1438 * @return  1 on success.
1439 * @return  0 on error.
1440 */
1441int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
1442    const WOLFSSL_EC_POINT *point, unsigned char *out, unsigned int *len)
1443{
1444    int res = 1;
1445
1446    WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
1447
1448    /* Validate parameters. */
1449    if ((group == NULL) || (point == NULL) || (len == NULL)) {
1450        WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
1451        res = 0;
1452    }
1453
1454    /* Ensure points internals are set up. */
1455    if ((res == 1) && (ec_point_setup(point) != 1)) {
1456        res = 0;
1457    }
1458
1459    /* Dump the point if encoding. */
1460    if ((res == 1) && (out != NULL)) {
1461        wolfSSL_EC_POINT_dump("i2d p", point);
1462    }
1463
1464    if (res == 1) {
1465        /* DER encode point in uncompressed format. */
1466        int ret = wc_ecc_export_point_der(group->curve_idx,
1467            (ecc_point*)point->internal, out, len);
1468        /* Check return. When out is NULL, return will be length only error. */
1469        if ((ret != MP_OKAY) && ((out != NULL) ||
1470                                 (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)))) {
1471            WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
1472            res = 0;
1473        }
1474    }
1475
1476    return res;
1477}
1478
1479/* Decode the uncompressed point in DER into EC point.
1480 *
1481 * Return code compliant with OpenSSL.
1482 * Not OpenSSL API.
1483 *
1484 * @param [in]      in     Buffer containing DER encoded point.
1485 * @param [in]      len    Length of data in bytes.
1486 * @param [in]      group  EC group associated with point.
1487 * @param [in, out] point  EC point to set data into.
1488 * @return  1 on success.
1489 * @return  0 on error.
1490 */
1491int wolfSSL_ECPoint_d2i(const unsigned char *in, unsigned int len,
1492    const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *point)
1493{
1494    int ret = 1;
1495    WOLFSSL_BIGNUM* x = NULL;
1496    WOLFSSL_BIGNUM* y = NULL;
1497
1498    WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
1499
1500    /* Validate parameters. */
1501    if ((in == NULL) || (group == NULL) || (point == NULL) ||
1502            (point->internal == NULL)) {
1503        WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
1504        ret = 0;
1505    }
1506
1507    if (ret == 1) {
1508    #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1509        /* Import point into internal EC point. */
1510        if (wc_ecc_import_point_der_ex(in, len, group->curve_idx,
1511                (ecc_point*)point->internal, 0) != MP_OKAY) {
1512            WOLFSSL_MSG("wc_ecc_import_point_der_ex failed");
1513            ret = 0;
1514        }
1515    #else
1516        /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */
1517        if (in[0] == 0x04) {
1518            /* Import point into internal EC point. */
1519            if (wc_ecc_import_point_der((unsigned char *)in, len,
1520                    group->curve_idx, (ecc_point*)point->internal) != MP_OKAY) {
1521                WOLFSSL_MSG("wc_ecc_import_point_der failed");
1522                ret = 0;
1523            }
1524        }
1525        else {
1526            WOLFSSL_MSG("Only uncompressed points supported with "
1527                        "HAVE_SELFTEST");
1528            ret = 0;
1529        }
1530    #endif
1531    }
1532
1533    if (ret == 1)
1534        point->inSet = 1;
1535
1536    /* Set new external point. */
1537    if (ret == 1 && ec_point_external_set(point) != 1) {
1538        WOLFSSL_MSG("ec_point_external_set failed");
1539        ret = 0;
1540    }
1541
1542    if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) {
1543#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
1544        x = wolfSSL_BN_new();
1545        y = wolfSSL_BN_new();
1546        if (x == NULL || y == NULL)
1547            ret = 0;
1548
1549        if (ret == 1 && wolfSSL_EC_POINT_get_affine_coordinates_GFp(group,
1550                point, x, y, NULL) != 1) {
1551            WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp failed");
1552            ret = 0;
1553        }
1554
1555        /* wolfSSL_EC_POINT_set_affine_coordinates_GFp checks that the point is
1556         * on the curve. */
1557        if (ret == 1 && wolfSSL_EC_POINT_set_affine_coordinates_GFp(group,
1558                point, x, y, NULL) != 1) {
1559            WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp failed");
1560            ret = 0;
1561        }
1562#else
1563        WOLFSSL_MSG("Importing non-affine point. This may cause issues in math "
1564                    "operations later on.");
1565#endif
1566    }
1567#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1568    /* Validate that the imported point lies on the curve.  The Z!=1 path
1569     * above validates via set_affine_coordinates_GFp, but for affine
1570     * imports (Z==1), the common case for uncompressed points, that
1571     * block is skipped.  Check unconditionally so no import path can
1572     * bypass validation. */
1573    if (ret == 1 && wolfSSL_EC_POINT_is_on_curve(group,
1574            (WOLFSSL_EC_POINT *)point, NULL) != 1) {
1575        WOLFSSL_MSG("wolfSSL_ECPoint_d2i: point not on curve");
1576        ret = 0;
1577    }
1578#endif
1579
1580    if (ret == 1) {
1581        /* Dump new point. */
1582        wolfSSL_EC_POINT_dump("d2i p", point);
1583    }
1584
1585    wolfSSL_BN_free(x);
1586    wolfSSL_BN_free(y);
1587
1588    return ret;
1589}
1590
1591/* Encode point as octet string.
1592 *
1593 * HYBRID not supported.
1594 *
1595 * @param [in]  group  EC group that point belongs to.
1596 * @param [in]  point  EC point to encode.
1597 * @param [in]  form   Format of encoding. Valid values:
1598 *                     POINT_CONVERSION_UNCOMPRESSED,POINT_CONVERSION_COMPRESSED
1599 * @param [out] buf    Buffer to write encoding into.
1600 * @param [in]  len    Length of buffer.
1601 * @param [in]  ctx    Context to use for BN operations. Unused.
1602 * @return  Length of encoded data on success.
1603 * @return  0 on error.
1604 */
1605size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
1606   const WOLFSSL_EC_POINT *point, int form, byte *buf, size_t len,
1607   WOLFSSL_BN_CTX *ctx)
1608{
1609    int err = 0;
1610    word32 enc_len = (word32)len;
1611#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1612    int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0);
1613#endif /* !HAVE_SELFTEST */
1614
1615    WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct");
1616
1617    /* No BN operations performed. */
1618    (void)ctx;
1619
1620    /* Validate parameters. */
1621    if ((group == NULL) || (point == NULL)) {
1622        err = 1;
1623    }
1624
1625    /* Ensure points internals are set up. */
1626    if ((!err) && (ec_point_setup(point) != 1)) {
1627        err = 1;
1628    }
1629
1630    /* Special case when point is infinity. */
1631    if ((!err) && wolfSSL_EC_POINT_is_at_infinity(group, point)) {
1632        /* Encoding is a single octet: 0x00. */
1633        enc_len = 1;
1634        if (buf != NULL) {
1635            /* Check whether buffer has space. */
1636            if (len < 1) {
1637                wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E);
1638                err = 1;
1639            }
1640            else {
1641                /* Put in encoding of infinity. */
1642                buf[0] = 0x00;
1643            }
1644        }
1645    }
1646    /* Not infinity. */
1647    else if (!err) {
1648        /* Validate format. */
1649        if (form != WC_POINT_CONVERSION_UNCOMPRESSED
1650        #ifndef HAVE_SELFTEST
1651                && form != WC_POINT_CONVERSION_COMPRESSED
1652        #endif /* !HAVE_SELFTEST */
1653            ) {
1654            WOLFSSL_MSG("Unsupported point form");
1655            err = 1;
1656        }
1657
1658        if (!err) {
1659            int ret;
1660
1661    #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1662            /* Encode as compressed or uncompressed. */
1663            ret = wc_ecc_export_point_der_ex(group->curve_idx,
1664                (ecc_point*)point->internal, buf, &enc_len, compressed);
1665    #else
1666            /* Encode uncompressed point in DER format. */
1667            ret = wc_ecc_export_point_der(group->curve_idx,
1668                (ecc_point*)point->internal, buf, &enc_len);
1669    #endif /* !HAVE_SELFTEST */
1670            /* Check return. When buf is NULL, return will be length only
1671             * error.
1672             */
1673            if (ret != ((buf != NULL) ? MP_OKAY :
1674                                        WC_NO_ERR_TRACE(LENGTH_ONLY_E))) {
1675                err = 1;
1676            }
1677        }
1678    }
1679
1680#if defined(DEBUG_WOLFSSL)
1681    if (!err) {
1682        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_point2oct point", point);
1683        WOLFSSL_MSG("\twolfSSL_EC_POINT_point2oct output:");
1684        WOLFSSL_BUFFER(buf, enc_len);
1685    }
1686#endif
1687
1688    /* On error, return encoding length of 0. */
1689    if (err) {
1690        enc_len = 0;
1691    }
1692    return (size_t)enc_len;
1693}
1694
1695
1696/* Convert octet string to EC point.
1697 *
1698 * @param [in]      group  EC group.
1699 * @param [in, out] point  EC point to set data into.
1700 * @param [in]      buf    Buffer holding octet string.
1701 * @param [in]      len    Length of data in buffer in bytes.
1702 * @param [in]      ctx    Context to use for BN operations. Unused.
1703 */
1704int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
1705    WOLFSSL_EC_POINT *point, const unsigned char *buf, size_t len,
1706    WOLFSSL_BN_CTX *ctx)
1707{
1708    int ret;
1709
1710    WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
1711
1712    /* No BN operations performed. */
1713    (void)ctx;
1714
1715    /* Validate parameters. */
1716    if ((group == NULL) || (point == NULL)) {
1717        ret = 0;
1718    }
1719    else {
1720        /* Decode DER encoding into EC point. */
1721        ret = wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group,
1722            point);
1723    }
1724
1725    return ret;
1726}
1727
1728/* Convert an EC point to a single BN.
1729 *
1730 * @param [in]      group  EC group.
1731 * @param [in]      point  EC point.
1732 * @param [in]      form   Format of encoding. Valid values:
1733 *                         WC_POINT_CONVERSION_UNCOMPRESSED,
1734 *                         WC_POINT_CONVERSION_COMPRESSED.
1735 * @param [in, out] bn     BN to hold point value.
1736 *                         When NULL a new BN is allocated otherwise this is
1737 *                         returned on success.
1738 * @param [in]      ctx    Context to use for BN operations. Unused.
1739 * @return  BN object with point as a value on success.
1740 * @return  NULL on error.
1741 */
1742WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP* group,
1743    const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BIGNUM* bn,
1744    WOLFSSL_BN_CTX* ctx)
1745{
1746    int err = 0;
1747    size_t len = 0;
1748    byte *buf = NULL;
1749    WOLFSSL_BIGNUM *ret = NULL;
1750
1751    WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
1752
1753    /* Validate parameters. */
1754    if ((group == NULL) || (point == NULL)) {
1755        err = 1;
1756    }
1757
1758    /* Calculate length of octet encoding. */
1759    if ((!err) && ((len = wolfSSL_EC_POINT_point2oct(group, point, form, NULL,
1760            0, ctx)) == 0)) {
1761        err = 1;
1762    }
1763    /* Allocate buffer to hold octet encoding. */
1764    if ((!err) && ((buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)) ==
1765            NULL)) {
1766        WOLFSSL_MSG("malloc failed");
1767        err = 1;
1768    }
1769    /* Encode EC point as an octet string. */
1770    if ((!err) && (wolfSSL_EC_POINT_point2oct(group, point, form, buf, len,
1771            ctx) != len)) {
1772        err = 1;
1773    }
1774    /* Load BN with octet string data. */
1775    if (!err) {
1776        ret = wolfSSL_BN_bin2bn(buf, (int)len, bn);
1777    }
1778
1779    /* Dispose of any allocated data. */
1780    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
1781
1782    return ret;
1783}
1784
1785#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
1786/* Check if EC point is on the the curve defined by the EC group.
1787 *
1788 * @param [in] group  EC group defining curve.
1789 * @param [in] point  EC point to check.
1790 * @param [in] ctx    Context to use for BN operations. Unused.
1791 * @return  1 when point is on curve.
1792 * @return  0 when point is not on curve or error.
1793 */
1794int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
1795    const WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx)
1796{
1797    int err = 0;
1798
1799    WOLFSSL_ENTER("wolfSSL_EC_POINT_is_on_curve");
1800
1801    /* No BN operations performed. */
1802    (void)ctx;
1803
1804    /* Validate parameters. */
1805    if ((group == NULL) || (point == NULL)) {
1806        WOLFSSL_MSG("Invalid arguments");
1807        err = 1;
1808    }
1809
1810    /* Ensure internal EC point set. */
1811    if ((!err) && (!point->inSet) && ec_point_internal_set(
1812            (WOLFSSL_EC_POINT*)point) != 1) {
1813        WOLFSSL_MSG("ec_point_internal_set error");
1814        err = 1;
1815    }
1816
1817    /* Check point is on curve from group. */
1818    if ((!err) && (wc_ecc_point_is_on_curve((ecc_point*)point->internal,
1819            group->curve_idx) != MP_OKAY)) {
1820        err = 1;
1821    }
1822
1823    /* Return boolean of on curve. No error means on curve. */
1824    return !err;
1825}
1826#endif /* !HAVE_SELFTEST && !(HAVE_FIPS && FIPS_VERSION <= 2) */
1827
1828#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
1829/* Convert Jacobian ordinates to affine.
1830 *
1831 * @param [in]      group  EC group.
1832 * @param [in]      point  EC point to get coordinates from.
1833 * @return  1 on success.
1834 * @return  0 on error.
1835 */
1836int ec_point_convert_to_affine(const WOLFSSL_EC_GROUP *group,
1837    WOLFSSL_EC_POINT *point)
1838{
1839    int err = 0;
1840    mp_digit mp = 0;
1841    WC_DECLARE_VAR(modulus, mp_int, 1, 0);
1842
1843    /* Allocate memory for curve's prime modulus. */
1844    WC_ALLOC_VAR_EX(modulus, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, err=1);
1845    /* Initialize the MP integer. */
1846    if ((!err) && (mp_init(modulus) != MP_OKAY)) {
1847        WOLFSSL_MSG("mp_init failed");
1848        err = 1;
1849    }
1850
1851    if (!err) {
1852        /* Get the modulus from the hex string in the EC curve set. */
1853        if (mp_read_radix(modulus, ecc_sets[group->curve_idx].prime,
1854                MP_RADIX_HEX) != MP_OKAY) {
1855            WOLFSSL_MSG("mp_read_radix failed");
1856            err = 1;
1857        }
1858        /* Get Montgomery multiplier for the modulus as ordinates in
1859         * Montgomery form.
1860         */
1861        if ((!err) && (mp_montgomery_setup(modulus, &mp) != MP_OKAY)) {
1862            WOLFSSL_MSG("mp_montgomery_setup failed");
1863            err = 1;
1864        }
1865        /* Map internal EC point from Jacobian to affine. */
1866        if ((!err) && (ecc_map((ecc_point*)point->internal, modulus, mp) !=
1867                MP_OKAY)) {
1868            WOLFSSL_MSG("ecc_map failed");
1869            err = 1;
1870        }
1871        /* Set new ordinates into external EC point. */
1872        if ((!err) && (ec_point_external_set((WOLFSSL_EC_POINT *)point) != 1)) {
1873            WOLFSSL_MSG("ec_point_external_set failed");
1874            err = 1;
1875        }
1876
1877        point->exSet = !err;
1878        mp_clear(modulus);
1879    }
1880
1881    WC_FREE_VAR_EX(modulus, NULL, DYNAMIC_TYPE_BIGINT);
1882
1883    return err;
1884}
1885
1886/* Get the affine coordinates of the EC point on a Prime curve.
1887 *
1888 * When z-ordinate is not one then coordinates are Jacobian and need to be
1889 * converted to affine before storing in BNs.
1890 *
1891 * Return code compliant with OpenSSL.
1892 *
1893 * TODO: OpenSSL doesn't change point when Jacobian. Do the same?
1894 *
1895 * @param [in]      group  EC group.
1896 * @param [in]      point  EC point to get coordinates from.
1897 * @param [in, out] x      BN to hold x-ordinate.
1898 * @param [in, out] y      BN to hold y-ordinate.
1899 * @param [in]      ctx    Context to use for BN operations. Unused.
1900 * @return  1 on success.
1901 * @return  0 on error.
1902 */
1903int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
1904    const WOLFSSL_EC_POINT* point, WOLFSSL_BIGNUM* x, WOLFSSL_BIGNUM* y,
1905    WOLFSSL_BN_CTX* ctx)
1906{
1907    int ret = 1;
1908
1909    /* BN operations don't need context. */
1910    (void)ctx;
1911
1912    WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
1913
1914    /* Validate parameters. */
1915    if ((group == NULL) || (point == NULL) || (point->internal == NULL) ||
1916            (x == NULL) || (y == NULL)) {
1917        WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
1918        ret = 0;
1919    }
1920    /* Don't return point at infinity. */
1921    if ((ret == 1) && wolfSSL_EC_POINT_is_at_infinity(group, point)) {
1922        ret = 0;
1923    }
1924
1925    /* Ensure internal EC point has values of external EC point. */
1926    if ((ret == 1) && (ec_point_setup(point) != 1)) {
1927        ret = 0;
1928    }
1929
1930    /* Check whether ordinates are in Jacobian form. */
1931    if ((ret == 1) && (!wolfSSL_BN_is_one(point->Z))) {
1932        /* Convert from Jacobian to affine. */
1933        if (ec_point_convert_to_affine(group, (WOLFSSL_EC_POINT*)point) == 1) {
1934            ret = 0;
1935        }
1936    }
1937
1938    /* Copy the externally set x and y ordinates. */
1939    if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) {
1940        ret = 0;
1941    }
1942    if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) {
1943        ret = 0;
1944    }
1945
1946    return ret;
1947}
1948#endif /* !WOLFSSL_SP_MATH && !WOLF_CRYPTO_CB_ONLY_ECC */
1949
1950/* Sets the affine coordinates that belong on a prime curve.
1951 *
1952 * @param [in]      group  EC group.
1953 * @param [in, out] point  EC point to set coordinates into.
1954 * @param [in]      x      BN holding x-ordinate.
1955 * @param [in]      y      BN holding y-ordinate.
1956 * @param [in]      ctx    Context to use for BN operations. Unused.
1957 * @return  1 on success.
1958 * @return  0 on error.
1959 */
1960int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
1961    WOLFSSL_EC_POINT* point, const WOLFSSL_BIGNUM* x, const WOLFSSL_BIGNUM* y,
1962    WOLFSSL_BN_CTX* ctx)
1963{
1964    int ret = 1;
1965
1966    /* BN operations don't need context. */
1967    (void)ctx;
1968
1969    WOLFSSL_ENTER("wolfSSL_EC_POINT_set_affine_coordinates_GFp");
1970
1971    /* Validate parameters. */
1972    if ((group == NULL) || (point == NULL) || (point->internal == NULL) ||
1973            (x == NULL) || (y == NULL)) {
1974        WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp NULL error");
1975        ret = 0;
1976    }
1977
1978    /* Ensure we have a object for x-ordinate. */
1979    if ((ret == 1) && (point->X == NULL) &&
1980            ((point->X = wolfSSL_BN_new()) == NULL)) {
1981        WOLFSSL_MSG("wolfSSL_BN_new failed");
1982        ret = 0;
1983    }
1984    /* Ensure we have a object for y-ordinate. */
1985    if ((ret == 1) && (point->Y == NULL) &&
1986            ((point->Y = wolfSSL_BN_new()) == NULL)) {
1987        WOLFSSL_MSG("wolfSSL_BN_new failed");
1988        ret = 0;
1989    }
1990    /* Ensure we have a object for z-ordinate. */
1991    if ((ret == 1) && (point->Z == NULL) &&
1992            ((point->Z = wolfSSL_BN_new()) == NULL)) {
1993        WOLFSSL_MSG("wolfSSL_BN_new failed");
1994        ret = 0;
1995    }
1996
1997    /* Copy the x-ordinate. */
1998    if ((ret == 1) && ((wolfSSL_BN_copy(point->X, x)) == NULL)) {
1999        WOLFSSL_MSG("wolfSSL_BN_copy failed");
2000        ret = 0;
2001    }
2002    /* Copy the y-ordinate. */
2003    if ((ret == 1) && ((wolfSSL_BN_copy(point->Y, y)) == NULL)) {
2004        WOLFSSL_MSG("wolfSSL_BN_copy failed");
2005        ret = 0;
2006    }
2007    /* z-ordinate is one for affine coordinates. */
2008    if ((ret == 1) && ((wolfSSL_BN_one(point->Z)) == 0)) {
2009        WOLFSSL_MSG("wolfSSL_BN_one failed");
2010        ret = 0;
2011    }
2012
2013    /* Copy the new point data to internal object. */
2014    if ((ret == 1) && (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1)) {
2015        WOLFSSL_MSG("ec_point_internal_set failed");
2016        ret = 0;
2017    }
2018
2019#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
2020    /* Check that the point is valid. */
2021    if ((ret == 1) && (wolfSSL_EC_POINT_is_on_curve(group,
2022            (WOLFSSL_EC_POINT *)point, ctx) != 1)) {
2023        WOLFSSL_MSG("EC_POINT_is_on_curve failed");
2024        ret = 0;
2025    }
2026#endif
2027
2028    return ret;
2029}
2030
2031#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
2032    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
2033    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
2034/* Add two points on the same together.
2035 *
2036 * @param [in]  curveIdx  Index of curve in ecc_set.
2037 * @param [out] r         Result point.
2038 * @param [in]  p1        First point to add.
2039 * @param [in]  p2        Second point to add.
2040 * @return  1 on success.
2041 * @return  0 on error.
2042 */
2043static int wolfssl_ec_point_add(int curveIdx, ecc_point* r, ecc_point* p1,
2044    ecc_point* p2)
2045{
2046    int ret = 1;
2047#ifdef WOLFSSL_SMALL_STACK
2048    mp_int* a = NULL;
2049    mp_int* prime = NULL;
2050    mp_int* mu = NULL;
2051#else
2052    mp_int a[1];
2053    mp_int prime[1];
2054    mp_int mu[1];
2055#endif
2056    mp_digit mp = 0;
2057    ecc_point* montP1 = NULL;
2058    ecc_point* montP2 = NULL;
2059
2060#ifdef WOLFSSL_SMALL_STACK
2061    if (ret == 1) {
2062        /* Allocate memory for curve parameter: a. */
2063        a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
2064        if (a == NULL) {
2065            WOLFSSL_MSG("Failed to allocate memory for mp_int a");
2066            ret = 0;
2067        }
2068    }
2069    if (ret == 1) {
2070        /* Allocate memory for curve parameter: prime. */
2071        prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
2072        if (prime == NULL) {
2073            WOLFSSL_MSG("Failed to allocate memory for mp_int prime");
2074            ret = 0;
2075        }
2076    }
2077    if (ret == 1) {
2078        /* Allocate memory for mu (Montgomery normalizer). */
2079        mu = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
2080        if (mu == NULL) {
2081            WOLFSSL_MSG("Failed to allocate memory for mp_int mu");
2082            ret = 0;
2083        }
2084    }
2085    if (ret == 1) {
2086        /* Zero out all MP int data in case initialization fails. */
2087        XMEMSET(a, 0, sizeof(mp_int));
2088        XMEMSET(prime, 0, sizeof(mp_int));
2089        XMEMSET(mu, 0, sizeof(mp_int));
2090    }
2091#endif
2092
2093    /* Initialize the MP ints. */
2094    if ((ret == 1) && (mp_init_multi(prime, a, mu, NULL, NULL, NULL) !=
2095            MP_OKAY)) {
2096        WOLFSSL_MSG("mp_init_multi error");
2097        ret = 0;
2098    }
2099
2100    /* Read the curve parameter: a. */
2101    if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, MP_RADIX_HEX) !=
2102            MP_OKAY)) {
2103        WOLFSSL_MSG("mp_read_radix a error");
2104        ret = 0;
2105    }
2106
2107    /* Read the curve parameter: prime. */
2108    if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
2109            MP_RADIX_HEX) != MP_OKAY)) {
2110        WOLFSSL_MSG("mp_read_radix prime error");
2111        ret = 0;
2112    }
2113
2114    /* Calculate the Montgomery product. */
2115    if ((ret == 1) && (mp_montgomery_setup(prime, &mp) != MP_OKAY)) {
2116        WOLFSSL_MSG("mp_montgomery_setup nqm error");
2117        ret = 0;
2118    }
2119
2120    /* TODO: use the heap filed of one of the points? */
2121    /* Allocate new points to hold the Montgomery form values. */
2122    if ((ret == 1) && (((montP1 = wc_ecc_new_point_h(NULL)) == NULL) ||
2123            ((montP2 = wc_ecc_new_point_h(NULL)) == NULL))) {
2124        WOLFSSL_MSG("wc_ecc_new_point_h nqm error");
2125        ret = 0;
2126    }
2127
2128    /* Calculate the Montgomery normalizer. */
2129    if ((ret == 1) && (mp_montgomery_calc_normalization(mu, prime) !=
2130            MP_OKAY)) {
2131        WOLFSSL_MSG("mp_montgomery_calc_normalization error");
2132        ret = 0;
2133    }
2134
2135    /* Convert to Montgomery form. */
2136    if ((ret == 1) && (mp_cmp_d(mu, 1) == MP_EQ)) {
2137        /* Copy the points if the normalizer is 1.  */
2138        if ((wc_ecc_copy_point(p1, montP1) != MP_OKAY) ||
2139                (wc_ecc_copy_point(p2, montP2) != MP_OKAY)) {
2140            WOLFSSL_MSG("wc_ecc_copy_point error");
2141            ret = 0;
2142        }
2143    }
2144    else if (ret == 1) {
2145        /* Multiply each ordinate by the Montgomery normalizer.  */
2146        if ((mp_mulmod(p1->x, mu, prime, montP1->x) != MP_OKAY) ||
2147                (mp_mulmod(p1->y, mu, prime, montP1->y) != MP_OKAY) ||
2148                (mp_mulmod(p1->z, mu, prime, montP1->z) != MP_OKAY)) {
2149            WOLFSSL_MSG("mp_mulmod error");
2150            ret = 0;
2151        }
2152        /* Multiply each ordinate by the Montgomery normalizer.  */
2153        if ((mp_mulmod(p2->x, mu, prime, montP2->x) != MP_OKAY) ||
2154                (mp_mulmod(p2->y, mu, prime, montP2->y) != MP_OKAY) ||
2155                (mp_mulmod(p2->z, mu, prime, montP2->z) != MP_OKAY)) {
2156            WOLFSSL_MSG("mp_mulmod error");
2157            ret = 0;
2158        }
2159    }
2160
2161    /* Perform point addition with internal EC point objects - Jacobian form
2162     * result.
2163     */
2164    if ((ret == 1) && (ecc_projective_add_point(montP1, montP2, r, a, prime,
2165            mp) != MP_OKAY)) {
2166        WOLFSSL_MSG("ecc_projective_add_point error");
2167        ret = 0;
2168    }
2169
2170    /* Map point back to affine coordinates. Converts from Montogomery form. */
2171    if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) {
2172        WOLFSSL_MSG("ecc_map error");
2173        ret = 0;
2174    }
2175
2176    /* Dispose of allocated memory. */
2177    mp_clear(a);
2178    mp_clear(prime);
2179    mp_clear(mu);
2180    wc_ecc_del_point_h(montP1, NULL);
2181    wc_ecc_del_point_h(montP2, NULL);
2182    WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
2183    WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT);
2184    WC_FREE_VAR_EX(mu, NULL, DYNAMIC_TYPE_BIGINT);
2185    return ret;
2186}
2187
2188/* Add two points on the same curve together.
2189 *
2190 * @param [in]  group  EC group.
2191 * @param [out] r      EC point that is result of point addition.
2192 * @param [in]  p1     First EC point to add.
2193 * @param [in]  p2     Second EC point to add.
2194 * @param [in]  ctx    Context to use for BN operations. Unused.
2195 * @return  1 on success.
2196 * @return  0 on error.
2197 */
2198int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP* group, WOLFSSL_EC_POINT* r,
2199    const WOLFSSL_EC_POINT* p1, const WOLFSSL_EC_POINT* p2, WOLFSSL_BN_CTX* ctx)
2200{
2201    int ret = 1;
2202
2203    /* No BN operations performed. */
2204    (void)ctx;
2205
2206    /* Validate parameters. */
2207    if ((group == NULL) || (r == NULL) || (p1 == NULL) || (p2 == NULL)) {
2208        WOLFSSL_MSG("wolfSSL_EC_POINT_add error");
2209        ret = 0;
2210    }
2211
2212    /* Ensure the internal objects of the EC points are setup. */
2213    if ((ret == 1) && ((ec_point_setup(r) != 1) || (ec_point_setup(p1) != 1) ||
2214            (ec_point_setup(p2) != 1))) {
2215        WOLFSSL_MSG("ec_point_setup error");
2216        ret = 0;
2217    }
2218
2219#ifdef DEBUG_WOLFSSL
2220    if (ret == 1) {
2221        int nid = wolfSSL_EC_GROUP_get_curve_name(group);
2222        const char* curve = wolfSSL_OBJ_nid2ln(nid);
2223        const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
2224        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p1", p1);
2225        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p2", p2);
2226        if (curve != NULL)
2227            WOLFSSL_MSG_EX("curve name: %s", curve);
2228        if (nistName != NULL)
2229            WOLFSSL_MSG_EX("nist curve name: %s", nistName);
2230    }
2231#endif
2232
2233    if (ret == 1) {
2234        /* Add points using wolfCrypt objects. */
2235        ret = wolfssl_ec_point_add(group->curve_idx, (ecc_point*)r->internal,
2236            (ecc_point*)p1->internal, (ecc_point*)p2->internal);
2237    }
2238
2239    /* Copy internal EC point values out to external EC point. */
2240    if ((ret == 1) && (ec_point_external_set(r) != 1)) {
2241        WOLFSSL_MSG("ec_point_external_set error");
2242        ret = 0;
2243    }
2244
2245#ifdef DEBUG_WOLFSSL
2246    if (ret == 1) {
2247        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add result", r);
2248    }
2249#endif
2250
2251    return ret;
2252}
2253
2254/* Sum the scalar multiplications of the base point and n, and q and m.
2255 *
2256 * r = base point * n + q * m
2257 *
2258 * @param [out] r      EC point that is result of operation.
2259 * @param [in]  b      Base point of curve.
2260 * @param [in]  n      Scalar to multiply by base point.
2261 * @param [in]  q      EC point to be scalar multiplied.
2262 * @param [in]  m      Scalar to multiply q by.
2263 * @param [in]  a      Parameter A of curve.
2264 * @param [in]  prime  Prime (modulus) of curve.
2265 * @return  1 on success.
2266 * @return  0 on error.
2267 */
2268static int ec_mul2add(ecc_point* r, ecc_point* b, mp_int* n, ecc_point* q,
2269    mp_int* m, mp_int* a, mp_int* prime)
2270{
2271    int ret = 1;
2272#if defined(ECC_SHAMIR) && !defined(WOLFSSL_KCAPI_ECC)
2273    if (ecc_mul2add(b, n, q, m, r, a, prime, NULL) != MP_OKAY) {
2274        WOLFSSL_MSG("ecc_mul2add error");
2275        ret = 0;
2276    }
2277#else
2278    ecc_point* tmp = NULL;
2279    mp_digit mp = 0;
2280
2281    /* Calculate Montgomery product. */
2282    if (mp_montgomery_setup(prime, &mp) != MP_OKAY) {
2283        WOLFSSL_MSG("mp_montgomery_setup nqm error");
2284        ret = 0;
2285    }
2286    /* Create temporary point to hold: q * m */
2287    if ((ret == 1) && ((tmp = wc_ecc_new_point()) == NULL)) {
2288        WOLFSSL_MSG("wolfSSL_EC_POINT_new nqm error");
2289        ret = 0;
2290    }
2291    /* r = base point * n */
2292    if ((ret == 1) && (wc_ecc_mulmod(n, b, r, a, prime, 0) !=
2293            MP_OKAY)) {
2294        WOLFSSL_MSG("wc_ecc_mulmod nqm error");
2295        ret = 0;
2296    }
2297    /* tmp = q * m */
2298    if ((ret == 1) && (wc_ecc_mulmod(m, q, tmp, a, prime, 0) != MP_OKAY)) {
2299        WOLFSSL_MSG("wc_ecc_mulmod nqm error");
2300        ret = 0;
2301    }
2302    /* r = r + tmp */
2303    if ((ret == 1) && (ecc_projective_add_point(tmp, r, r, a, prime, mp) !=
2304            MP_OKAY)) {
2305        WOLFSSL_MSG("wc_ecc_mulmod nqm error");
2306        ret = 0;
2307    }
2308    /* Map point back to affine coordinates. Converts from Montogomery
2309     * form. */
2310    if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) {
2311        WOLFSSL_MSG("ecc_map nqm error");
2312        ret = 0;
2313    }
2314
2315    /* Dispose of allocated temporary point. */
2316    wc_ecc_del_point(tmp);
2317#endif
2318
2319    return ret;
2320}
2321
2322/* Sum the scalar multiplications of the base point and n, and q and m.
2323 *
2324 * r = base point * n + q * m
2325 *
2326 * @param [in]  curveIdx  Index of curve in ecc_set.
2327 * @param [out] r         EC point that is result of operation.
2328 * @param [in]  n         Scalar to multiply by base point. May be NULL.
2329 * @param [in]  q         EC point to be scalar multiplied. May be NULL.
2330 * @param [in]  m         Scalar to multiply q by. May be NULL.
2331 * @return  1 on success.
2332 * @return  0 on error.
2333 */
2334static int wolfssl_ec_point_mul(int curveIdx, ecc_point* r, mp_int* n,
2335    ecc_point* q, mp_int* m)
2336{
2337    int ret = 1;
2338#ifdef WOLFSSL_SMALL_STACK
2339    mp_int* a = NULL;
2340    mp_int* prime = NULL;
2341#else
2342    mp_int a[1], prime[1];
2343#endif
2344
2345#ifdef WOLFSSL_SMALL_STACK
2346    /* Allocate MP integer for curve parameter: a. */
2347    a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
2348    if (a == NULL) {
2349        ret = 0;
2350    }
2351    if (ret == 1) {
2352        /* Allocate MP integer for curve parameter: prime. */
2353        prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
2354        if (prime == NULL)  {
2355            ret = 0;
2356        }
2357    }
2358#endif
2359
2360    /* Initialize the MP ints. */
2361    if ((ret == 1) && (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) !=
2362             MP_OKAY)) {
2363        WOLFSSL_MSG("mp_init_multi error");
2364        ret = 0;
2365    }
2366
2367    /* Read the curve parameter: prime. */
2368    if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
2369            MP_RADIX_HEX) != MP_OKAY)) {
2370        WOLFSSL_MSG("mp_read_radix prime error");
2371        ret = 0;
2372    }
2373
2374    /* Read the curve parameter: a. */
2375    if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af,
2376            MP_RADIX_HEX) != MP_OKAY)) {
2377        WOLFSSL_MSG("mp_read_radix a error");
2378        ret = 0;
2379    }
2380
2381    if ((ret == 1) && (n != NULL)) {
2382        /* Get generator - base point. */
2383    #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
2384        if ((ret == 1) && (wc_ecc_get_generator(r, curveIdx) != MP_OKAY)) {
2385            WOLFSSL_MSG("wc_ecc_get_generator error");
2386            ret = 0;
2387        }
2388    #else
2389        /* wc_ecc_get_generator is not defined in the FIPS v2 module. */
2390        /* Read generator (base point) x-ordinate. */
2391        if ((ret == 1) && (mp_read_radix(r->x, ecc_sets[curveIdx].Gx,
2392                MP_RADIX_HEX) != MP_OKAY)) {
2393            WOLFSSL_MSG("mp_read_radix Gx error");
2394            ret = 0;
2395        }
2396        /* Read generator (base point) y-ordinate. */
2397        if ((ret == 1) && (mp_read_radix(r->y, ecc_sets[curveIdx].Gy,
2398                MP_RADIX_HEX) != MP_OKAY)) {
2399            WOLFSSL_MSG("mp_read_radix Gy error");
2400            ret = 0;
2401        }
2402        /* z-ordinate is one as point is affine. */
2403        if ((ret == 1) && (mp_set(r->z, 1) != MP_OKAY)) {
2404            WOLFSSL_MSG("mp_set Gz error");
2405            ret = 0;
2406        }
2407    #endif /* NOPT_FIPS_VERSION == 2 */
2408    }
2409
2410    if ((ret == 1) && (n != NULL) && (q != NULL) && (m != NULL)) {
2411        /* r = base point * n + q * m */
2412        ret = ec_mul2add(r, r, n, q, m, a, prime);
2413    }
2414    /* Not all values present, see if we are only doing base point * n. */
2415    else if ((ret == 1) && (n != NULL)) {
2416        /* r = base point * n */
2417        if (wc_ecc_mulmod(n, r, r, a, prime, 1) != MP_OKAY) {
2418            WOLFSSL_MSG("wc_ecc_mulmod gn error");
2419            ret = 0;
2420        }
2421    }
2422    /* Not all values present, see if we are only doing q * m. */
2423    else if ((ret == 1) && (q != NULL) && (m != NULL)) {
2424        /* r = q * m */
2425        if (wc_ecc_mulmod(m, q, r, a, prime, 1) != MP_OKAY) {
2426            WOLFSSL_MSG("wc_ecc_mulmod qm error");
2427            ret = 0;
2428        }
2429    }
2430    /* No values to use. */
2431    else if (ret == 1) {
2432        /* Set result to infinity as no values passed in. */
2433        mp_zero(r->x);
2434        mp_zero(r->y);
2435        mp_zero(r->z);
2436    }
2437
2438    mp_clear(a);
2439    mp_clear(prime);
2440    WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
2441    WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT);
2442    return ret;
2443}
2444
2445/* Sum the scalar multiplications of the base point and n, and q and m.
2446 *
2447 * r = base point * n + q * m
2448 *
2449 * Return code compliant with OpenSSL.
2450 *
2451 * @param [in]  group  EC group.
2452 * @param [out] r      EC point that is result of operation.
2453 * @param [in]  n      Scalar to multiply by base point. May be NULL.
2454 * @param [in]  q      EC point to be scalar multiplied. May be NULL.
2455 * @param [in]  m      Scalar to multiply q by. May be NULL.
2456 * @param [in]  ctx    Context to use for BN operations. Unused.
2457 * @return  1 on success.
2458 * @return  0 on error.
2459 */
2460int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
2461    const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
2462    WOLFSSL_BN_CTX *ctx)
2463{
2464    int ret = 1;
2465
2466    /* No BN operations performed. */
2467    (void)ctx;
2468
2469    WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
2470
2471    /* Validate parameters. */
2472    if ((group == NULL) || (r == NULL)) {
2473        WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
2474        ret = 0;
2475    }
2476
2477    /* Ensure the internal representation of the EC point q is setup. */
2478    if ((ret == 1) && (q != NULL) && (ec_point_setup(q) != 1)) {
2479        WOLFSSL_MSG("ec_point_setup error");
2480        ret = 0;
2481    }
2482
2483#ifdef DEBUG_WOLFSSL
2484    if (ret == 1) {
2485        int nid = wolfSSL_EC_GROUP_get_curve_name(group);
2486        const char* curve = wolfSSL_OBJ_nid2ln(nid);
2487        const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
2488        char* num;
2489        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul input q", q);
2490        num = wolfSSL_BN_bn2hex(n);
2491        WOLFSSL_MSG_EX("\tn = %s", num);
2492        XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
2493        num = wolfSSL_BN_bn2hex(m);
2494        WOLFSSL_MSG_EX("\tm = %s", num);
2495        XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
2496        if (curve != NULL)
2497            WOLFSSL_MSG_EX("curve name: %s", curve);
2498        if (nistName != NULL)
2499            WOLFSSL_MSG_EX("nist curve name: %s", nistName);
2500    }
2501#endif
2502
2503    if (ret == 1) {
2504        mp_int* ni = (n != NULL) ? (mp_int*)n->internal : NULL;
2505        ecc_point* qi = (q != NULL) ? (ecc_point*)q->internal : NULL;
2506        mp_int* mi = (m != NULL) ? (mp_int*)m->internal : NULL;
2507
2508        /* Perform multiplication with wolfCrypt objects. */
2509        ret = wolfssl_ec_point_mul(group->curve_idx, (ecc_point*)r->internal,
2510            ni, qi, mi);
2511    }
2512
2513    /* Only on success is the internal point guaranteed to be set. */
2514    if (r != NULL) {
2515        r->inSet = (ret == 1);
2516    }
2517    /* Copy internal EC point values out to external EC point. */
2518    if ((ret == 1) && (ec_point_external_set(r) != 1)) {
2519        WOLFSSL_MSG("ec_point_external_set error");
2520        ret = 0;
2521    }
2522
2523#ifdef DEBUG_WOLFSSL
2524    if (ret == 1) {
2525        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul result", r);
2526    }
2527#endif
2528
2529    return ret;
2530}
2531#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST &&
2532        * !WOLFSSL_SP_MATH */
2533
2534/* Invert the point on the curve.
2535 * (x, y) -> (x, -y) = (x, (prime - y) % prime)
2536 *
2537 * @param [in]      curveIdx  Index of curve in ecc_set.
2538 * @param [in, out] point     EC point to invert.
2539 * @return  1 on success.
2540 * @return  0 on error.
2541 */
2542static int wolfssl_ec_point_invert(int curveIdx, ecc_point* point)
2543{
2544    int ret = 1;
2545    WC_DECLARE_VAR(prime, mp_int, 1, 0);
2546
2547    /* Allocate memory for an MP int to hold the prime of the curve. */
2548    WC_ALLOC_VAR_EX(prime, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, ret=0);
2549
2550    /* Initialize MP int. */
2551    if ((ret == 1) && (mp_init(prime) != MP_OKAY)) {
2552        WOLFSSL_MSG("mp_init_multi error");
2553        ret = 0;
2554    }
2555
2556    /* Read the curve parameter: prime. */
2557    if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
2558            MP_RADIX_HEX) != MP_OKAY)) {
2559        WOLFSSL_MSG("mp_read_radix prime error");
2560        ret = 0;
2561    }
2562
2563    /* y = (prime - y) mod prime. */
2564    if ((ret == 1) && (!mp_iszero(point->y)) && (mp_sub(prime, point->y,
2565            point->y) != MP_OKAY)) {
2566        WOLFSSL_MSG("mp_sub error");
2567        ret = 0;
2568    }
2569
2570    /* Dispose of memory associated with MP. */
2571    mp_free(prime);
2572    WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT);
2573    return ret;
2574}
2575
2576/* Invert the point on the curve.
2577 * (x, y) -> (x, -y) = (x, (prime - y) % prime)
2578 *
2579 * @param [in]      group  EC group.
2580 * @param [in, out] point  EC point to invert.
2581 * @param [in]      ctx    Context to use for BN operations. Unused.
2582 * @return  1 on success.
2583 * @return  0 on error.
2584 */
2585int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group,
2586    WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx)
2587{
2588    int ret = 1;
2589
2590    /* No BN operations performed. */
2591    (void)ctx;
2592
2593    WOLFSSL_ENTER("wolfSSL_EC_POINT_invert");
2594
2595    /* Validate parameters. */
2596    if ((group == NULL) || (point == NULL) || (point->internal == NULL)) {
2597        ret = 0;
2598    }
2599
2600    /* Ensure internal representation of point is setup. */
2601    if ((ret == 1) && (ec_point_setup(point) != 1)) {
2602        ret = 0;
2603    }
2604
2605#ifdef DEBUG_WOLFSSL
2606    if (ret == 1) {
2607        int nid = wolfSSL_EC_GROUP_get_curve_name(group);
2608        const char* curve = wolfSSL_OBJ_nid2ln(nid);
2609        const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
2610        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert input", point);
2611        if (curve != NULL)
2612            WOLFSSL_MSG_EX("curve name: %s", curve);
2613        if (nistName != NULL)
2614            WOLFSSL_MSG_EX("nist curve name: %s", nistName);
2615
2616    }
2617#endif
2618
2619    if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) {
2620#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
2621        if (ec_point_convert_to_affine(group, point) != 0)
2622            ret = 0;
2623#else
2624        WOLFSSL_MSG("wolfSSL_EC_POINT_invert called on non-affine point");
2625        ret = 0;
2626#endif
2627    }
2628
2629    if (ret == 1) {
2630        /* Perform inversion using wolfCrypt objects. */
2631        ret = wolfssl_ec_point_invert(group->curve_idx,
2632            (ecc_point*)point->internal);
2633    }
2634
2635    /* Set the external EC point representation based on internal. */
2636    if ((ret == 1) && (ec_point_external_set(point) != 1)) {
2637        WOLFSSL_MSG("ec_point_external_set error");
2638        ret = 0;
2639    }
2640
2641#ifdef DEBUG_WOLFSSL
2642    if (ret == 1) {
2643        wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert result", point);
2644    }
2645#endif
2646
2647    return ret;
2648}
2649
2650#ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
2651/* Compare two points on a the same curve.
2652 *
2653 * (Ax, Ay, Az) => (Ax / (Az ^ 2), Ay / (Az ^ 3))
2654 * (Bx, By, Bz) => (Bx / (Bz ^ 2), By / (Bz ^ 3))
2655 * When equal:
2656 *      (Ax / (Az ^ 2), Ay / (Az ^ 3)) = (Bx / (Bz ^ 2), By / (Bz ^ 3))
2657 *   => (Ax * (Bz ^ 2), Ay * (Bz ^ 3)) = (Bx * (Az ^ 2), By * (Az ^ 3))
2658 *
2659 * @param [in] group  EC group.
2660 * @param [in] a      EC point to compare.
2661 * @param [in] b      EC point to compare.
2662 * @return  0 when equal.
2663 * @return  1 when different.
2664 * @return  -1 on error.
2665 */
2666static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
2667    const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
2668{
2669    int ret = 0;
2670    BIGNUM* at = BN_new();
2671    BIGNUM* bt = BN_new();
2672    BIGNUM* az = BN_new();
2673    BIGNUM* bz = BN_new();
2674    BIGNUM* mod = BN_new();
2675
2676    /* Check that the big numbers were allocated. */
2677    if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) ||
2678            (mod == NULL)) {
2679        ret = WOLFSSL_FATAL_ERROR;
2680    }
2681    /* Get the modulus for the curve. */
2682    if ((ret == 0) &&
2683            (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) {
2684        ret = WOLFSSL_FATAL_ERROR;
2685    }
2686    if (ret == 0) {
2687        /* bt = Bx * (Az ^ 2). When Az is one then just copy. */
2688        if (BN_is_one(a->Z)) {
2689            if (BN_copy(bt, b->X) == NULL) {
2690                ret = WOLFSSL_FATAL_ERROR;
2691            }
2692        }
2693        /* az = Az ^ 2 */
2694        else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) {
2695            ret = WOLFSSL_FATAL_ERROR;
2696        }
2697        /* bt = Bx * az = Bx * (Az ^ 2) */
2698        else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) {
2699            ret = WOLFSSL_FATAL_ERROR;
2700        }
2701    }
2702    if (ret == 0) {
2703        /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */
2704        if (BN_is_one(b->Z)) {
2705            if (BN_copy(at, a->X) == NULL) {
2706                ret = WOLFSSL_FATAL_ERROR;
2707            }
2708        }
2709        /* bz = Bz ^ 2 */
2710        else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) {
2711            ret = WOLFSSL_FATAL_ERROR;
2712        }
2713        /* at = Ax * bz = Ax * (Bz ^ 2) */
2714        else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) {
2715            ret = WOLFSSL_FATAL_ERROR;
2716        }
2717    }
2718    /* Compare x-ordinates. */
2719    if ((ret == 0) && (BN_cmp(at, bt) != 0)) {
2720        ret = 1;
2721    }
2722    if (ret == 0) {
2723        /* bt = By * (Az ^ 3). When Az is one then just copy. */
2724        if (BN_is_one(a->Z)) {
2725            if (BN_copy(bt, b->Y) == NULL) {
2726                ret = WOLFSSL_FATAL_ERROR;
2727            }
2728        }
2729        /* az = az * Az = Az ^ 3 */
2730        else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) {
2731            ret = WOLFSSL_FATAL_ERROR;
2732        }
2733        /* bt = By * az = By * (Az ^ 3) */
2734        else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) {
2735            ret = WOLFSSL_FATAL_ERROR;
2736        }
2737    }
2738    if (ret == 0) {
2739        /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */
2740        if (BN_is_one(b->Z)) {
2741            if (BN_copy(at, a->Y) == NULL) {
2742                ret = WOLFSSL_FATAL_ERROR;
2743            }
2744        }
2745        /* bz = bz * Bz = Bz ^ 3 */
2746        else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) {
2747            ret = WOLFSSL_FATAL_ERROR;
2748        }
2749        /* at = Ay * bz = Ay * (Bz ^ 3) */
2750        else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) {
2751            ret = WOLFSSL_FATAL_ERROR;
2752        }
2753    }
2754    /* Compare y-ordinates. */
2755    if ((ret == 0) && (BN_cmp(at, bt) != 0)) {
2756        ret = 1;
2757    }
2758
2759    BN_free(mod);
2760    BN_free(bz);
2761    BN_free(az);
2762    BN_free(bt);
2763    BN_free(at);
2764    return ret;
2765}
2766#endif
2767
2768/* Compare two points on a the same curve.
2769 *
2770 * Return code compliant with OpenSSL.
2771 *
2772 * @param [in] group  EC group.
2773 * @param [in] a      EC point to compare.
2774 * @param [in] b      EC point to compare.
2775 * @param [in] ctx    Context to use for BN operations. Unused.
2776 * @return  0 when equal.
2777 * @return  1 when different.
2778 * @return  -1 on error.
2779 */
2780int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
2781    const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
2782{
2783    int ret = 0;
2784
2785    WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
2786
2787    /* Validate parameters. */
2788    if ((group == NULL) || (a == NULL) || (a->internal == NULL) ||
2789            (b == NULL) || (b->internal == NULL)) {
2790        WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
2791        ret = WOLFSSL_FATAL_ERROR;
2792    }
2793    if (ret != -1) {
2794    #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
2795        /* If same Z ordinate then no need to convert to affine. */
2796        if (BN_cmp(a->Z, b->Z) == 0) {
2797            /* Compare */
2798            ret = ((BN_cmp(a->X, b->X) != 0) || (BN_cmp(a->Y, b->Y) != 0));
2799        }
2800        else {
2801            ret = ec_point_cmp_jacobian(group, a, b, ctx);
2802        }
2803    #else
2804        /* No BN operations performed. */
2805        (void)ctx;
2806
2807        ret = (wc_ecc_cmp_point((ecc_point*)a->internal,
2808            (ecc_point*)b->internal) != MP_EQ);
2809    #endif
2810    }
2811
2812    return ret;
2813}
2814
2815/* Copy EC point.
2816 *
2817 * @param [out] dest  EC point to copy into.
2818 * @param [in]  src   EC point to copy.
2819 * @return  1 on success.
2820 * @return  0 on error.
2821 */
2822int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src)
2823{
2824    int ret = 1;
2825
2826    WOLFSSL_ENTER("wolfSSL_EC_POINT_copy");
2827
2828    /* Validate parameters. */
2829    if ((dest == NULL) || (src == NULL)) {
2830        ret = 0;
2831    }
2832
2833    /* Ensure internal EC point of src is setup. */
2834    if ((ret == 1) && (ec_point_setup(src) != 1)) {
2835        ret = 0;
2836    }
2837
2838    /* Copy internal EC points. */
2839    if ((ret == 1) && (wc_ecc_copy_point((ecc_point*)src->internal,
2840            (ecc_point*)dest->internal) != MP_OKAY)) {
2841        ret = 0;
2842    }
2843
2844    if (ret == 1) {
2845        /* Destinatation internal point is set. */
2846        dest->inSet = 1;
2847
2848        /* Set the external EC point of dest based on internal. */
2849        if (ec_point_external_set(dest) != 1) {
2850            ret = 0;
2851        }
2852    }
2853
2854    return ret;
2855}
2856
2857/* Duplicates an EC point.
2858 *
2859 * @param [in] src    EC point to duplicate.
2860 * @param [in] group  EC group for the new point.
2861 * @return  New EC point on success.
2862 * @return  NULL on failure.
2863 */
2864WOLFSSL_EC_POINT *wolfSSL_EC_POINT_dup(const WOLFSSL_EC_POINT *src,
2865    const WOLFSSL_EC_GROUP *group)
2866{
2867    WOLFSSL_EC_POINT *dest;
2868
2869    WOLFSSL_ENTER("wolfSSL_EC_POINT_dup");
2870
2871    if ((src == NULL) || (group == NULL)) {
2872        return NULL;
2873    }
2874
2875    dest = wolfSSL_EC_POINT_new(group);
2876    if (dest == NULL) {
2877        return NULL;
2878    }
2879
2880    if (wolfSSL_EC_POINT_copy(dest, src) != 1) {
2881        wolfSSL_EC_POINT_free(dest);
2882        return NULL;
2883    }
2884
2885    return dest;
2886}
2887
2888/* Checks whether point is at infinity.
2889 *
2890 * Return code compliant with OpenSSL.
2891 *
2892 * @param [in] group  EC group.
2893 * @param [in] point  EC point to check.
2894 * @return  1 when at infinity.
2895 * @return  0 when not at infinity.
2896 */
2897int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
2898    const WOLFSSL_EC_POINT *point)
2899{
2900    int ret = 1;
2901
2902    WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
2903
2904    /* Validate parameters. */
2905    if ((group == NULL) || (point == NULL) || (point->internal == NULL)) {
2906        WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
2907        ret = 0;
2908    }
2909
2910    /* Ensure internal EC point is setup. */
2911    if ((ret == 1) && (ec_point_setup(point) != 1)) {
2912        ret = 0;
2913    }
2914    if (ret == 1) {
2915    #ifndef WOLF_CRYPTO_CB_ONLY_ECC
2916        /* Check for infinity. */
2917        ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
2918        if (ret < 0) {
2919            WOLFSSL_MSG("ecc_point_is_at_infinity failure");
2920            /* Error return is 0 by OpenSSL. */
2921            ret = 0;
2922        }
2923    #else
2924        WOLFSSL_MSG("ecc_point_is_at_infinitiy compiled out");
2925        ret = 0;
2926    #endif
2927    }
2928
2929    return ret;
2930}
2931
2932#endif /* OPENSSL_EXTRA */
2933
2934/* End EC_POINT */
2935
2936/* Start EC_KEY */
2937
2938#ifdef OPENSSL_EXTRA
2939
2940/*
2941 * EC key constructor/deconstructor APIs
2942 */
2943
2944/* Allocate a new EC key.
2945 *
2946 * Not OpenSSL API.
2947 *
2948 * @param [in] heap   Heap hint for dynamic memory allocation.
2949 * @param [in] devId  Device identifier value.
2950 * @return  New, allocated EC key on success.
2951 * @return  NULL on error.
2952 */
2953WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
2954{
2955    WOLFSSL_EC_KEY *key = NULL;
2956    int err = 0;
2957
2958    WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
2959
2960    /* Allocate memory for EC key. */
2961    key = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), heap,
2962        DYNAMIC_TYPE_ECC);
2963    if (key == NULL) {
2964        WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
2965        err = 1;
2966    }
2967    if (!err) {
2968        /* Reset all fields to 0. */
2969        XMEMSET(key, 0, sizeof(WOLFSSL_EC_KEY));
2970        /* Cache heap hint. */
2971        key->heap = heap;
2972        /* Initialize fields to defaults. */
2973        key->form     = WC_POINT_CONVERSION_UNCOMPRESSED;
2974
2975        /* Initialize reference count. */
2976        wolfSSL_RefInit(&key->ref, &err);
2977#ifdef WOLFSSL_REFCNT_ERROR_RETURN
2978    }
2979    if (!err) {
2980#endif
2981        /* Allocate memory for internal EC key representation. */
2982        key->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), heap,
2983            DYNAMIC_TYPE_ECC);
2984        if (key->internal == NULL) {
2985            WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
2986            err = 1;
2987        }
2988    }
2989    if (!err) {
2990        /* Initialize wolfCrypt EC key. */
2991        if (wc_ecc_init_ex((ecc_key*)key->internal, heap, devId) != 0) {
2992            WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure");
2993            err = 1;
2994        }
2995    }
2996
2997    if (!err) {
2998        /* Group unknown at creation */
2999        key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef);
3000        if (key->group == NULL) {
3001            WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
3002            err = 1;
3003        }
3004    }
3005
3006    if (!err) {
3007        /* Allocate a point as public key. */
3008        key->pub_key = wolfSSL_EC_POINT_new(key->group);
3009        if (key->pub_key == NULL) {
3010            WOLFSSL_MSG("wolfSSL_EC_POINT_new failure");
3011            err = 1;
3012        }
3013    }
3014
3015    if (!err) {
3016        /* Allocate a BN as private key. */
3017        key->priv_key = wolfSSL_BN_new();
3018        if (key->priv_key == NULL) {
3019            WOLFSSL_MSG("wolfSSL_BN_new failure");
3020            err = 1;
3021        }
3022    }
3023
3024    if (err) {
3025        /* Dispose of EC key on error. */
3026        wolfSSL_EC_KEY_free(key);
3027        key = NULL;
3028    }
3029    /* Return new EC key object. */
3030    return key;
3031}
3032
3033/* Allocate a new EC key.
3034 *
3035 * @return  New, allocated EC key on success.
3036 * @return  NULL on error.
3037 */
3038WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
3039{
3040    return wolfSSL_EC_KEY_new_ex(NULL, INVALID_DEVID);
3041}
3042
3043/* Create new EC key with the group having the specified numeric ID.
3044 *
3045 * @param [in] nid  Numeric ID.
3046 * @return  New, allocated EC key on success.
3047 * @return  NULL on error.
3048 */
3049WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
3050{
3051    WOLFSSL_EC_KEY *key;
3052    int err = 0;
3053
3054    WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
3055
3056    /* Allocate empty, EC key. */
3057    key = wolfSSL_EC_KEY_new();
3058    if (key == NULL) {
3059        WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
3060        err = 1;
3061    }
3062
3063    if (!err) {
3064        /* Set group to be nid. */
3065        ec_group_set_nid(key->group, nid);
3066        if (key->group->curve_idx == -1) {
3067            wolfSSL_EC_KEY_free(key);
3068            key = NULL;
3069        }
3070    }
3071
3072    /* Return the new EC key object. */
3073    return key;
3074}
3075
3076/* Dispose of the EC key and allocated data.
3077 *
3078 * Cannot use key after this call.
3079 *
3080 * @param [in] key  EC key to free.
3081 */
3082void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
3083{
3084    int doFree = 0;
3085    int err;
3086
3087    (void)err;
3088
3089    WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
3090
3091    if (key != NULL) {
3092        void* heap = key->heap;
3093
3094        /* Decrement reference count. */
3095        wolfSSL_RefDec(&key->ref, &doFree, &err);
3096        if (doFree) {
3097            /* Dispose of allocated reference counting data. */
3098            wolfSSL_RefFree(&key->ref);
3099
3100            /* Dispose of private key. */
3101            wolfSSL_BN_free(key->priv_key);
3102            wolfSSL_EC_POINT_free(key->pub_key);
3103            wolfSSL_EC_GROUP_free(key->group);
3104            if (key->internal != NULL) {
3105                /* Dispose of wolfCrypt representation of EC key. */
3106                wc_ecc_free((ecc_key*)key->internal);
3107                XFREE(key->internal, heap, DYNAMIC_TYPE_ECC);
3108            }
3109
3110            /* Set back to NULLs for safety. */
3111            ForceZero(key, sizeof(*key));
3112
3113            /* Dispose of the memory associated with the EC key. */
3114            XFREE(key, heap, DYNAMIC_TYPE_ECC);
3115            (void)heap;
3116        }
3117    }
3118}
3119
3120/* Increments ref count of EC key.
3121 *
3122 * @param [in, out] key  EC key.
3123 * @return  1 on success
3124 * @return  0 on error
3125 */
3126int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key)
3127{
3128    int err = 1;
3129
3130    if (key != NULL) {
3131        wolfSSL_RefInc(&key->ref, &err);
3132    }
3133
3134    return !err;
3135}
3136
3137#ifndef NO_CERTS
3138
3139#if defined(OPENSSL_ALL)
3140/* Copy the internal, wolfCrypt EC key.
3141 *
3142 * @param [in, out] dst  Destination wolfCrypt EC key.
3143 * @param [in]      src  Source wolfCrypt EC key.
3144 * @return  0 on success.
3145 * @return  Negative on error.
3146 */
3147static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src)
3148{
3149    int ret;
3150
3151    /* Copy public key. */
3152#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
3153    ret = wc_ecc_copy_point(&src->pubkey, &dst->pubkey);
3154#else
3155    ret = wc_ecc_copy_point((ecc_point*)&src->pubkey, &dst->pubkey);
3156#endif
3157    if (ret != MP_OKAY) {
3158        WOLFSSL_MSG("wc_ecc_copy_point error");
3159    }
3160
3161    if (ret == 0) {
3162        /* Copy private key. */
3163        ret = mp_copy(wc_ecc_key_get_priv((ecc_key*)src),
3164            wc_ecc_key_get_priv(dst));
3165        if (ret != MP_OKAY) {
3166            WOLFSSL_MSG("mp_copy error");
3167        }
3168    }
3169
3170    if (ret == 0) {
3171        /* Copy domain parameters. */
3172        if (src->dp) {
3173            ret = wc_ecc_set_curve(dst, 0, src->dp->id);
3174            if (ret != 0) {
3175                WOLFSSL_MSG("wc_ecc_set_curve error");
3176            }
3177        }
3178    }
3179
3180    if (ret == 0) {
3181        /* Copy the other components. */
3182        dst->type  = src->type;
3183        dst->idx   = src->idx;
3184        dst->state = src->state;
3185        dst->flags = src->flags;
3186    }
3187
3188    return ret;
3189}
3190
3191/* Copies ecc_key into new WOLFSSL_EC_KEY object
3192 *
3193 * Copies the internal representation as well.
3194 *
3195 * @param [in] src  EC key to duplicate.
3196 *
3197 * @return  EC key on success.
3198 * @return  NULL on error.
3199 */
3200WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src)
3201{
3202    int err = 0;
3203    WOLFSSL_EC_KEY* newKey = NULL;
3204
3205    WOLFSSL_ENTER("wolfSSL_EC_KEY_dup");
3206
3207    /* Validate EC key. */
3208    if ((src == NULL) || (src->internal == NULL) || (src->group == NULL) ||
3209         (src->pub_key == NULL) || (src->priv_key == NULL)) {
3210        WOLFSSL_MSG("src NULL error");
3211        err = 1;
3212    }
3213
3214    if (!err) {
3215        /* Create a new, empty key. */
3216        newKey = wolfSSL_EC_KEY_new();
3217        if (newKey == NULL) {
3218            WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
3219            err = 1;
3220        }
3221    }
3222
3223    if (!err) {
3224        /* Copy internal EC key. */
3225        if (wolfssl_ec_key_int_copy((ecc_key*)newKey->internal,
3226                (ecc_key*)src->internal) != 0) {
3227            WOLFSSL_MSG("Copying internal EC key error");
3228            err = 1;
3229        }
3230    }
3231    if (!err) {
3232        /* Internal key set. */
3233        newKey->inSet = 1;
3234
3235        /* Copy group */
3236        err = wolfssl_ec_group_copy(newKey->group, src->group);
3237    }
3238    /* Copy public key. */
3239    if ((!err) && (wolfSSL_EC_POINT_copy(newKey->pub_key, src->pub_key) != 1)) {
3240        WOLFSSL_MSG("Copying EC public key error");
3241        err = 1;
3242    }
3243
3244    if (!err) {
3245        /* Set header size of private key in PKCS#8 format.*/
3246        newKey->pkcs8HeaderSz = src->pkcs8HeaderSz;
3247
3248        /* Copy private key. */
3249        if (wolfSSL_BN_copy(newKey->priv_key, src->priv_key) == NULL) {
3250            WOLFSSL_MSG("Copying EC private key error");
3251            err = 1;
3252        }
3253    }
3254
3255    if (err) {
3256        /* Dispose of EC key on error. */
3257        wolfSSL_EC_KEY_free(newKey);
3258        newKey = NULL;
3259    }
3260    /* Return the new EC key. */
3261    return newKey;
3262}
3263
3264#endif /* OPENSSL_ALL */
3265
3266#endif /* !NO_CERTS */
3267
3268/*
3269 * EC key to/from bin/octet APIs
3270 */
3271
3272/* Create an EC key from the octet encoded public key.
3273 *
3274 * Behaviour checked against OpenSSL.
3275 *
3276 * @param [out]     key  Reference to EC key. Must pass in a valid object with
3277 *                       group set.
3278 * @param [in, out] in   On in, reference to buffer that contains data.
3279 *                       On out, reference to buffer after public key data.
3280 * @param [in]      len  Length of data in the buffer. Must be length of the
3281 *                       encoded public key.
3282 * @return  Allocated EC key on success.
3283 * @return  NULL on error.
3284 */
3285WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **key,
3286   const unsigned char **in, long len)
3287{
3288    int err = 0;
3289    WOLFSSL_EC_KEY* ret = NULL;
3290
3291    WOLFSSL_ENTER("wolfSSL_o2i_ECPublicKey");
3292
3293    /* Validate parameters: EC group needed to perform import. */
3294    if ((key == NULL) || (*key == NULL) || ((*key)->group == NULL) ||
3295            (in == NULL) || (*in == NULL) || (len <= 0)) {
3296        WOLFSSL_MSG("wolfSSL_o2i_ECPublicKey Bad arguments");
3297        err = 1;
3298    }
3299
3300    if (!err) {
3301        /* Return the EC key object passed in. */
3302        ret = *key;
3303
3304        /* Import point into public key field. */
3305        if (wolfSSL_EC_POINT_oct2point(ret->group, ret->pub_key, *in,
3306                (size_t)len, NULL) != 1) {
3307            WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point error");
3308            ret = NULL;
3309            err = 1;
3310        }
3311    }
3312    if (!err) {
3313        /* Assumed length passed in is all the data. */
3314        *in += len;
3315    }
3316
3317    return ret;
3318}
3319
3320/* Puts the encoded public key into out.
3321 *
3322 * Passing in NULL for out returns length only.
3323 * Passing in NULL for *out has buffer allocated, encoded into and passed back.
3324 * Passing non-NULL for *out has it encoded into and pointer moved past.
3325 *
3326 * @param [in]      key  EC key to encode.
3327 * @param [in, out] out  Reference to buffer to encode into. May be NULL or
3328 *                       point to NULL.
3329 * @return  Length of encoding in bytes on success.
3330 * @return  0 on error.
3331 */
3332int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
3333{
3334    int ret = 1;
3335    size_t len = 0;
3336    int form = WC_POINT_CONVERSION_UNCOMPRESSED;
3337
3338    WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
3339
3340    /* Validate parameters. */
3341    if (key == NULL) {
3342        WOLFSSL_MSG("wolfSSL_i2o_ECPublicKey Bad arguments");
3343        ret = 0;
3344    }
3345
3346    /* Ensure the external key data is set from the internal EC key. */
3347    if ((ret == 1) && (!key->exSet) && (SetECKeyExternal((WOLFSSL_EC_KEY*)
3348            key) != 1)) {
3349        WOLFSSL_MSG("SetECKeyExternal failure");
3350        ret = 0;
3351    }
3352
3353    if (ret == 1) {
3354    #ifdef HAVE_COMP_KEY
3355        /* Default to compressed form if not set */
3356        form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ?
3357               WC_POINT_CONVERSION_UNCOMPRESSED :
3358               WC_POINT_CONVERSION_COMPRESSED;
3359    #endif
3360
3361        /* Calculate length of point encoding. */
3362        len = wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, form, NULL,
3363            0, NULL);
3364    }
3365    /* Encode if length calculated and pointer supplied to update. */
3366    if ((ret == 1) && (len != 0) && (out != NULL)) {
3367        unsigned char *tmp = NULL;
3368
3369        /* Allocate buffer for encoding if no buffer supplied. */
3370        if (*out == NULL) {
3371            tmp = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
3372            if (tmp == NULL) {
3373                WOLFSSL_MSG("malloc failed");
3374                ret = 0;
3375            }
3376        }
3377        else {
3378            /* Get buffer to encode into. */
3379            tmp = *out;
3380        }
3381
3382        /* Encode public key into buffer. */
3383        if ((ret == 1) && (wolfSSL_EC_POINT_point2oct(key->group, key->pub_key,
3384                form, tmp, len, NULL) == 0)) {
3385            ret = 0;
3386        }
3387
3388        if (ret == 1) {
3389            /* Return buffer if allocated. */
3390            if (*out == NULL) {
3391                *out = tmp;
3392            }
3393            else {
3394                /* Step over encoded data if not allocated. */
3395                *out += len;
3396            }
3397        }
3398        else if (*out == NULL) {
3399            /* Dispose of allocated buffer. */
3400            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
3401        }
3402    }
3403
3404    if (ret == 1) {
3405        /* Return length on success. */
3406        ret = (int)len;
3407    }
3408    return ret;
3409}
3410
3411#ifdef HAVE_ECC_KEY_IMPORT
3412/* Create a EC key from the DER encoded private key.
3413 *
3414 * @param [out]     key   Reference to EC key.
3415 * @param [in, out] in    On in, reference to buffer that contains DER data.
3416 *                        On out, reference to buffer after private key data.
3417 * @param [in]      long  Length of data in the buffer. May be larger than the
3418 *                        length of the encoded private key.
3419 * @return  Allocated EC key on success.
3420 * @return  NULL on error.
3421 */
3422WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key,
3423    const unsigned char** in, long len)
3424{
3425    int err = 0;
3426    word32 idx = 0;
3427    WOLFSSL_EC_KEY* ret = NULL;
3428
3429    WOLFSSL_ENTER("wolfSSL_d2i_ECPrivateKey");
3430
3431    /* Validate parameters. */
3432    if ((in == NULL) || (*in == NULL) || (len <= 0)) {
3433        WOLFSSL_MSG("wolfSSL_d2i_ECPrivateKey Bad arguments");
3434        err = 1;
3435    }
3436
3437    /* Create a new, empty EC key.  */
3438    if ((!err) && ((ret = wolfSSL_EC_KEY_new()) == NULL)) {
3439        WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
3440        err = 1;
3441    }
3442
3443    /* Decode the private key DER data into internal EC key. */
3444    if ((!err) && (wc_EccPrivateKeyDecode(*in, &idx, (ecc_key*)ret->internal,
3445            (word32)len) != 0)) {
3446        WOLFSSL_MSG("wc_EccPrivateKeyDecode error");
3447        err = 1;
3448    }
3449
3450    if (!err) {
3451        /* Internal EC key setup. */
3452        ret->inSet = 1;
3453
3454        /* Set the EC key from the internal values. */
3455        if (SetECKeyExternal(ret) != 1) {
3456            WOLFSSL_MSG("SetECKeyExternal error");
3457            err = 1;
3458        }
3459    }
3460
3461    if (!err) {
3462        /* Move buffer on to next byte after data used. */
3463        *in += idx;
3464        if (key) {
3465            /* Return new EC key through reference. */
3466            *key = ret;
3467        }
3468    }
3469
3470    if (err && (ret != NULL)) {
3471        /* Dispose of allocated EC key. */
3472        wolfSSL_EC_KEY_free(ret);
3473        ret = NULL;
3474    }
3475    return ret;
3476}
3477#endif /* HAVE_ECC_KEY_IMPORT */
3478
3479/* Enecode the private key of the EC key into the buffer as DER.
3480 *
3481 * @param [in]      key  EC key to encode.
3482 * @param [in, out] out  On in, reference to buffer to place DER encoding into.
3483 *                       On out, reference to buffer after the encoding.
3484 *                       May be NULL.
3485 * @return  Length of DER encoding on success.
3486 * @return  0 on error.
3487 */
3488int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
3489{
3490    int err = 0;
3491    word32 len = 0;
3492
3493    WOLFSSL_ENTER("wolfSSL_i2d_ECPrivateKey");
3494
3495    /* Validate parameters. */
3496    if (key == NULL) {
3497        WOLFSSL_MSG("wolfSSL_i2d_ECPrivateKey Bad arguments");
3498        err = 1;
3499    }
3500
3501    /* Update the internal EC key if not set. */
3502    if ((!err) && (!key->inSet) && (SetECKeyInternal((WOLFSSL_EC_KEY*)key) !=
3503            1)) {
3504        WOLFSSL_MSG("SetECKeyInternal error");
3505        err = 1;
3506    }
3507
3508    /* Calculate the length of the private key DER encoding using internal EC
3509     * key. */
3510    if ((!err) && ((int)(len = (word32)wc_EccKeyDerSize((ecc_key*)key->internal,
3511           0)) <= 0)) {
3512        WOLFSSL_MSG("wc_EccKeyDerSize error");
3513        err = 1;
3514    }
3515
3516    /* Only return length when out is NULL. */
3517    if ((!err) && (out != NULL)) {
3518        unsigned char* buf = NULL;
3519
3520        /* Must have a buffer to encode into. */
3521        if (*out == NULL) {
3522            /* Allocate a new buffer of appropriate length. */
3523            buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3524            if (buf == NULL) {
3525                /* Error and return 0. */
3526                err = 1;
3527                len = 0;
3528            }
3529            else {
3530                /* Return the allocated buffer. */
3531                *out = buf;
3532            }
3533        }
3534        /* Encode the internal EC key as a private key in DER format. */
3535        if ((!err) && wc_EccPrivateKeyToDer((ecc_key*)key->internal, *out,
3536                len) < 0) {
3537            WOLFSSL_MSG("wc_EccPrivateKeyToDer error");
3538            err = 1;
3539        }
3540        else if (buf != *out) {
3541            /* Move the reference to byte past encoded private key. */
3542            *out += len;
3543        }
3544
3545        /* Dispose of any allocated buffer on error. */
3546        if (err && (*out == buf)) {
3547            if (buf != NULL) {
3548                ForceZero(buf, len);
3549            }
3550            XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3551            *out = NULL;
3552        }
3553    }
3554
3555    return (int)len;
3556}
3557
3558/* Load private key into EC key from DER encoding.
3559 *
3560 * Not an OpenSSL compatibility API.
3561 *
3562 * @param [in, out] key     EC key to put private key values into.
3563 * @param [in]      derBuf  Buffer holding DER encoding.
3564 * @param [in]      derSz   Size of DER encoding in bytes.
3565 * @return  1 on success.
3566 * @return  -1 on error.
3567 */
3568int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
3569                           int derSz)
3570{
3571    return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz,
3572        WOLFSSL_EC_KEY_LOAD_PRIVATE);
3573}
3574
3575/* Load private/public key into EC key from DER encoding.
3576 *
3577 * Not an OpenSSL compatibility API.
3578 *
3579 * @param [in, out] key     EC key to put private/public key values into.
3580 * @param [in]      derBuf  Buffer holding DER encoding.
3581 * @param [in]      derSz   Size of DER encoding in bytes.
3582 * @param [in]      opt     Key type option. Valid values:
3583 *                            WOLFSSL_EC_KEY_LOAD_PRIVATE,
3584 *                            WOLFSSL_EC_KEY_LOAD_PUBLIC.
3585 * @return  1 on success.
3586 * @return  -1 on error.
3587 */
3588int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
3589                              int derSz, int opt)
3590{
3591    int res = 1;
3592    int ret;
3593    word32 idx = 0;
3594    word32 algId;
3595
3596    WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
3597
3598    /* Validate parameters. */
3599    if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) ||
3600            (derSz <= 0)) {
3601        WOLFSSL_MSG("Bad function arguments");
3602        res = WOLFSSL_FATAL_ERROR;
3603    }
3604    if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) &&
3605            (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) {
3606        res = WOLFSSL_FATAL_ERROR;
3607    }
3608
3609    if (res == 1) {
3610        /* Assume no PKCS#8 header. */
3611        key->pkcs8HeaderSz = 0;
3612
3613        /* Check if input buffer has PKCS8 header. In the case that it does not
3614         * have a PKCS8 header then do not error out.
3615         */
3616        if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx,
3617                (word32)derSz, &algId)) >= 0) {
3618            WOLFSSL_MSG("Found PKCS8 header");
3619            key->pkcs8HeaderSz = (word16)idx;
3620            res = 1;
3621        }
3622        /* Error out on parsing error. */
3623        else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
3624            WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
3625            res = WOLFSSL_FATAL_ERROR;
3626        }
3627    }
3628
3629    if (res == 1) {
3630        /* Load into internal EC key based on key type option. */
3631        if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
3632            ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
3633                (word32)derSz);
3634        }
3635        else {
3636            ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
3637                (word32)derSz);
3638            if (ret < 0) {
3639                ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key),
3640                    ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC);
3641                if (tmp == NULL) {
3642                    ret = WOLFSSL_FATAL_ERROR;
3643                }
3644                else {
3645                    /* We now try again as x.963 [point type][x][opt y]. */
3646                    ret = wc_ecc_init_ex(tmp, ((ecc_key*)key->internal)->heap,
3647                                         INVALID_DEVID);
3648                    if (ret == 0) {
3649                        ret = wc_ecc_import_x963(derBuf, (word32)derSz, tmp);
3650                        if (ret == 0) {
3651                            /* Take ownership of new key - set tmp to the old
3652                             * key which will then be freed below. */
3653                            ecc_key *old = (ecc_key *)key->internal;
3654                            key->internal = tmp;
3655                            tmp = old;
3656
3657                            idx = (word32)derSz;
3658                        }
3659                        wc_ecc_free(tmp);
3660                    }
3661                    XFREE(tmp, ((ecc_key*)key->internal)->heap,
3662                          DYNAMIC_TYPE_ECC);
3663                }
3664            }
3665        }
3666        if (ret < 0) {
3667            /* Error returned from wolfSSL. */
3668            if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
3669                WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
3670            }
3671            else {
3672                WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
3673            }
3674            res = WOLFSSL_FATAL_ERROR;
3675        }
3676
3677        /* Internal key updated - update whether it is a valid key. */
3678        key->inSet = (res == 1);
3679    }
3680
3681    /* Set the external EC key based on value in internal. */
3682    if ((res == 1) && (SetECKeyExternal(key) != 1)) {
3683        WOLFSSL_MSG("SetECKeyExternal failed");
3684        res = WOLFSSL_FATAL_ERROR;
3685    }
3686
3687    return res;
3688}
3689
3690
3691#ifndef NO_BIO
3692
3693WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
3694        WOLFSSL_EC_KEY **out)
3695{
3696    char* data = NULL;
3697    int dataSz = 0;
3698    int memAlloced = 0;
3699    WOLFSSL_EC_KEY* ec = NULL;
3700    int err = 0;
3701
3702    WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
3703
3704    if (bio == NULL)
3705        return NULL;
3706
3707    if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
3708        WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
3709        err = 1;
3710    }
3711
3712    if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
3713        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
3714        err = 1;
3715    }
3716
3717    /* Load the EC key with the public key from the DER encoding. */
3718    if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
3719            dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
3720        WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
3721        err = 1;
3722    }
3723
3724    if (memAlloced)
3725        XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3726    if (err) { /* on error */
3727        wolfSSL_EC_KEY_free(ec);
3728        ec = NULL;
3729    }
3730    else { /* on success */
3731        if (out != NULL)
3732            *out = ec;
3733    }
3734
3735    return ec;
3736}
3737
3738#endif /* !NO_BIO */
3739
3740/*
3741 * EC key PEM APIs
3742 */
3743
3744#ifdef HAVE_ECC_KEY_EXPORT
3745#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_FILESYSTEM) || !defined(NO_BIO))
3746/* Encode the EC public key as DER.
3747 *
3748 * @param [in]  key   EC key to encode.
3749 * @param [out] der   Pointer through which buffer is returned.
3750 * @param [in]  heap  Heap hint.
3751 * @return  Size of encoding on success.
3752 * @return  0 on error.
3753 */
3754static int wolfssl_ec_key_to_pubkey_der(WOLFSSL_EC_KEY* key,
3755    unsigned char** der, void* heap)
3756{
3757    int sz;
3758    unsigned char* buf = NULL;
3759
3760    (void)heap;
3761
3762    /* Calculate encoded size to allocate. */
3763    sz = wc_EccPublicKeyDerSize((ecc_key*)key->internal, 1);
3764    if (sz <= 0) {
3765        WOLFSSL_MSG("wc_EccPublicKeyDerSize failed");
3766        sz = 0;
3767    }
3768    if (sz > 0) {
3769        /* Allocate memory to hold encoding. */
3770        buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
3771        if (buf == NULL) {
3772            WOLFSSL_MSG("malloc failed");
3773            sz = 0;
3774        }
3775    }
3776    if (sz > 0) {
3777        /* Encode public key to DER using wolfSSL.  */
3778        sz = wc_EccPublicKeyToDer((ecc_key*)key->internal, buf, (word32)sz, 1);
3779        if (sz < 0) {
3780            WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
3781            sz = 0;
3782        }
3783    }
3784
3785    /* Return buffer on success. */
3786    if (sz > 0) {
3787        *der = buf;
3788    }
3789    else {
3790        /* Dispose of any dynamically allocated data not returned. */
3791        XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
3792    }
3793
3794    return sz;
3795}
3796#endif
3797
3798#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_KEY_GEN)
3799/*
3800 * Return code compliant with OpenSSL.
3801 *
3802 * @param [in] fp   File pointer to write PEM encoding to.
3803 * @param [in] key  EC key to encode and write.
3804 * @return  1 on success.
3805 * @return  0 on error.
3806 */
3807int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key)
3808{
3809    int ret = 1;
3810    unsigned char* derBuf = NULL;
3811    int derSz = 0;
3812
3813    WOLFSSL_ENTER("wolfSSL_PEM_write_EC_PUBKEY");
3814
3815    /* Validate parameters. */
3816    if ((fp == XBADFILE) || (key == NULL)) {
3817        WOLFSSL_MSG("Bad argument.");
3818        return 0;
3819    }
3820
3821    /* Encode public key in EC key as DER. */
3822    derSz = wolfssl_ec_key_to_pubkey_der(key, &derBuf, key->heap);
3823    if (derSz == 0) {
3824        ret = 0;
3825    }
3826
3827    /* Write out to file the PEM encoding of the DER. */
3828    if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp,
3829            ECC_PUBLICKEY_TYPE, key->heap) != 1)) {
3830        ret = 0;
3831    }
3832
3833    /* Dispose of any dynamically allocated data. */
3834    XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
3835
3836    WOLFSSL_LEAVE("wolfSSL_PEM_write_EC_PUBKEY", ret);
3837
3838    return ret;
3839}
3840#endif
3841#endif
3842
3843#ifndef NO_BIO
3844/* Read a PEM encoded EC public key from a BIO.
3845 *
3846 * @param [in]  bio   BIO to read EC public key from.
3847 * @param [out] out   Pointer to return EC key object through. May be NULL.
3848 * @param [in]  cb    Password callback when PEM encrypted.
3849 * @param [in]  pass  NUL terminated string for passphrase when PEM
3850 *                    encrypted.
3851 * @return  New EC key object on success.
3852 * @return  NULL on error.
3853 */
3854WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
3855    WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass)
3856{
3857    int             err = 0;
3858    WOLFSSL_EC_KEY* ec = NULL;
3859    DerBuffer*      der = NULL;
3860    int             keyFormat = 0;
3861
3862    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY");
3863
3864    /* Validate parameters. */
3865    if (bio == NULL) {
3866        err = 1;
3867    }
3868
3869    if (!err) {
3870        /* Create an empty EC key. */
3871        ec = wolfSSL_EC_KEY_new();
3872        if (ec == NULL) {
3873            err = 1;
3874        }
3875    }
3876    /* Read a PEM key in to a new DER buffer. */
3877    if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PUBLICKEY_TYPE,
3878            &keyFormat, &der) <= 0)) {
3879        err = 1;
3880    }
3881    /* Load the EC key with the public key from the DER encoding. */
3882    if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length,
3883            WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1)) {
3884        WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY");
3885        err = 1;
3886    }
3887
3888    /* Dispose of dynamically allocated data not needed anymore. */
3889    FreeDer(&der);
3890    if (err) {
3891        wolfSSL_EC_KEY_free(ec);
3892        ec = NULL;
3893    }
3894
3895    /* Return EC key through out if required. */
3896    if ((out != NULL) && (ec != NULL)) {
3897        *out = ec;
3898    }
3899    return ec;
3900}
3901
3902/* Read a PEM encoded EC private key from a BIO.
3903 *
3904 * @param [in]  bio   BIO to read EC private key from.
3905 * @param [out] out   Pointer to return EC key object through. May be NULL.
3906 * @param [in]  cb    Password callback when PEM encrypted.
3907 * @param [in]  pass  NUL terminated string for passphrase when PEM
3908 *                    encrypted.
3909 * @return  New EC key object on success.
3910 * @return  NULL on error.
3911 */
3912WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
3913   WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass)
3914{
3915    int             err = 0;
3916    WOLFSSL_EC_KEY* ec = NULL;
3917    DerBuffer*      der = NULL;
3918    int             keyFormat = 0;
3919
3920    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey");
3921
3922    /* Validate parameters. */
3923    if (bio == NULL) {
3924        err = 1;
3925    }
3926
3927    if (!err) {
3928        /* Create an empty EC key. */
3929        ec = wolfSSL_EC_KEY_new();
3930        if (ec == NULL) {
3931            err = 1;
3932        }
3933    }
3934    /* Read a PEM key in to a new DER buffer.
3935     * To check ENC EC PRIVATE KEY, it uses PRIVATEKEY_TYPE to call
3936     * pem_read_bio_key(), and then check key format if it is EC.
3937     */
3938    if ((!err) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE,
3939            &keyFormat, &der) <= 0)) {
3940        err = 1;
3941    }
3942    if (keyFormat != ECDSAk) {
3943        WOLFSSL_ERROR_MSG("Error not EC key format");
3944        err = 1;
3945    }
3946    /* Load the EC key with the private key from the DER encoding. */
3947    if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length,
3948            WOLFSSL_EC_KEY_LOAD_PRIVATE) != 1)) {
3949        WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY");
3950        err = 1;
3951    }
3952
3953    /* Dispose of dynamically allocated data not needed anymore. */
3954    FreeDer(&der);
3955    if (err) {
3956        wolfSSL_EC_KEY_free(ec);
3957        ec = NULL;
3958    }
3959
3960    /* Return EC key through out if required. */
3961    if ((out != NULL) && (ec != NULL)) {
3962        *out = ec;
3963    }
3964    return ec;
3965}
3966#endif /* !NO_BIO */
3967
3968#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC_KEY_EXPORT)
3969#ifndef NO_BIO
3970/* Write out the EC public key as PEM to the BIO.
3971 *
3972 * @param [in] bio  BIO to write PEM encoding to.
3973 * @param [in] ec   EC public key to encode.
3974 * @return  1 on success.
3975 * @return  0 on error.
3976 */
3977int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
3978{
3979    int ret = 1;
3980    unsigned char* derBuf = NULL;
3981    int derSz = 0;
3982
3983    WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY");
3984
3985    /* Validate parameters. */
3986    if ((bio == NULL) || (ec == NULL)) {
3987        WOLFSSL_MSG("Bad Function Arguments");
3988        return 0;
3989    }
3990
3991    /* Encode public key in EC key as DER. */
3992    derSz = wolfssl_ec_key_to_pubkey_der(ec, &derBuf, ec->heap);
3993    if (derSz == 0) {
3994        ret = 0;
3995    }
3996
3997    /* Write out to BIO the PEM encoding of the EC public key. */
3998    if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
3999            ECC_PUBLICKEY_TYPE) != 1)) {
4000        ret = 0;
4001    }
4002
4003    /* Dispose of any dynamically allocated data. */
4004    XFREE(derBuf, ec->heap, DYNAMIC_TYPE_TMP_BUFFER);
4005
4006    return ret;
4007}
4008
4009/* Write out the EC private key as PEM to the BIO.
4010 *
4011 * Return code compliant with OpenSSL.
4012 *
4013 * @param [in] bio       BIO to write PEM encoding to.
4014 * @param [in] ec        EC private key to encode.
4015 * @param [in] cipher    Cipher to use when PEM encrypted. May be NULL.
4016 * @param [in] passwd    Password string when PEM encrypted. May be NULL.
4017 * @param [in] passwdSz  Length of password string when PEM encrypted.
4018 * @param [in] cb        Password callback when PEM encrypted. Unused.
4019 * @param [in] pass      NUL terminated string for passphrase when PEM
4020 *                       encrypted. Unused.
4021 * @return  1 on success.
4022 * @return  0 on error.
4023 */
4024int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
4025    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
4026    wc_pem_password_cb* cb, void* arg)
4027{
4028    int ret = 1;
4029    unsigned char* pem = NULL;
4030    int pLen = 0;
4031
4032    (void)cb;
4033    (void)arg;
4034
4035    /* Validate parameters. */
4036    if ((bio == NULL) || (ec == NULL)) {
4037        ret = 0;
4038    }
4039
4040    /* Write EC private key to PEM. */
4041    if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd,
4042            passwdSz, &pem, &pLen) != 1)) {
4043       ret = 0;
4044    }
4045    /* Write PEM to BIO. */
4046    if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) {
4047        WOLFSSL_ERROR_MSG("EC private key BIO write failed");
4048        ret = 0;
4049    }
4050
4051    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
4052
4053    return ret;
4054}
4055
4056#endif /* !NO_BIO */
4057
4058/* Encode the EC private key as PEM into buffer.
4059 *
4060 * Return code compliant with OpenSSL.
4061 * Not an OpenSSL API.
4062 *
4063 * @param [in]  ec        EC private key to encode.
4064 * @param [in]  cipher    Cipher to use when PEM encrypted. May be NULL.
4065 * @param [in]  passwd    Password string when PEM encrypted. May be NULL.
4066 * @param [in]  passwdSz  Length of password string when PEM encrypted.
4067 * @param [out] pem       Newly allocated buffer holding PEM encoding.
4068 * @param [out] pLen      Length of PEM encoding in bytes.
4069 * @return  1 on success.
4070 * @return  0 on error.
4071 */
4072int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
4073    const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
4074    unsigned char **pem, int *pLen)
4075{
4076#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
4077    int ret = 1;
4078    byte* derBuf = NULL;
4079    word32 der_max_len = 0;
4080    int derSz = 0;
4081
4082    WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
4083
4084    /* Validate parameters. */
4085    if ((pem == NULL) || (pLen == NULL) || (ec == NULL) ||
4086            (ec->internal == NULL)) {
4087        WOLFSSL_MSG("Bad function arguments");
4088        ret = 0;
4089    }
4090
4091    /* Ensure internal EC key is set from external. */
4092    if ((ret == 1) && (ec->inSet == 0)) {
4093        WOLFSSL_MSG("No ECC internal set, do it");
4094
4095        if (SetECKeyInternal(ec) != 1) {
4096            WOLFSSL_MSG("SetECKeyInternal failed");
4097            ret = 0;
4098        }
4099    }
4100
4101    if (ret == 1) {
4102        /* Calculate maximum size of DER encoding.
4103         * 4 > size of pub, priv + ASN.1 additional information */
4104        der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) +
4105                      WC_AES_BLOCK_SIZE;
4106
4107        /* Allocate buffer big enough to hold encoding. */
4108        derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL,
4109            DYNAMIC_TYPE_TMP_BUFFER);
4110        if (derBuf == NULL) {
4111            WOLFSSL_MSG("malloc failed");
4112            ret = 0;
4113        }
4114    }
4115
4116    if (ret == 1) {
4117        /* Encode EC private key as DER. */
4118        derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len);
4119        if (derSz < 0) {
4120            WOLFSSL_MSG("wc_EccKeyToDer failed");
4121            ForceZero(derBuf, der_max_len);
4122            XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
4123            ret = 0;
4124        }
4125    }
4126
4127    /* Convert DER to PEM - possibly encrypting. */
4128    if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd,
4129            passwdSz, ECC_PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) {
4130        WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed");
4131        ret = 0;
4132    }
4133
4134    return ret;
4135#else
4136    (void)ec;
4137    (void)cipher;
4138    (void)passwd;
4139    (void)passwdSz;
4140    (void)pem;
4141    (void)pLen;
4142    return 0;
4143#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
4144}
4145
4146#ifndef NO_FILESYSTEM
4147/* Write out the EC private key as PEM to file.
4148 *
4149 * Return code compliant with OpenSSL.
4150 *
4151 * @param [in] fp        File pointer to write PEM encoding to.
4152 * @param [in] ec        EC private key to encode.
4153 * @param [in] cipher    Cipher to use when PEM encrypted. May be NULL.
4154 * @param [in] passwd    Password string when PEM encrypted. May be NULL.
4155 * @param [in] passwdSz  Length of password string when PEM encrypted.
4156 * @param [in] cb        Password callback when PEM encrypted. Unused.
4157 * @param [in] pass      NUL terminated string for passphrase when PEM
4158 *                       encrypted. Unused.
4159 * @return  1 on success.
4160 * @return  0 on error.
4161 */
4162int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
4163    const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
4164    wc_pem_password_cb *cb, void *pass)
4165{
4166    int ret = 1;
4167    byte *pem = NULL;
4168    int pLen = 0;
4169
4170    (void)cb;
4171    (void)pass;
4172
4173    WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
4174
4175    /* Validate parameters. */
4176    if ((fp == XBADFILE) || (ec == NULL) || (ec->internal == NULL)) {
4177        WOLFSSL_MSG("Bad function arguments");
4178        ret = 0;
4179    }
4180
4181    /* Write EC private key to PEM. */
4182    if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd,
4183            passwdSz, &pem, &pLen) != 1)) {
4184        WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
4185        ret = 0;
4186    }
4187
4188    /* Write out to file the PEM encoding of the EC private key. */
4189    if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) {
4190        WOLFSSL_MSG("ECC private key file write failed");
4191        ret = 0;
4192    }
4193
4194    /* Dispose of any dynamically allocated data. */
4195    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
4196
4197    return ret;
4198}
4199
4200#endif /* NO_FILESYSTEM */
4201#endif /* WOLFSSL_KEY_GEN && HAVE_ECC_KEY_EXPORT */
4202
4203/*
4204 * EC key print APIs
4205 */
4206
4207#ifndef NO_CERTS
4208
4209#if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
4210    !defined(NO_STDIO_FILESYSTEM)
4211/* Print the EC key to a file pointer as text.
4212 *
4213 * @param [in] fp      File pointer.
4214 * @param [in] key     EC key to print.
4215 * @param [in] indent  Number of spaces to place before each line printed.
4216 * @return  1 on success.
4217 * @return  0 on failure.
4218 */
4219int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent)
4220{
4221    int ret = 1;
4222    int bits = 0;
4223    int priv = 0;
4224
4225    WOLFSSL_ENTER("wolfSSL_EC_KEY_print_fp");
4226
4227    /* Validate parameters. */
4228    if ((fp == XBADFILE) || (key == NULL) || (key->group == NULL) ||
4229            (indent < 0)) {
4230        ret = 0;
4231    }
4232
4233    if (ret == 1) {
4234        /* Get EC groups order size in bits. */
4235        bits = wolfSSL_EC_GROUP_order_bits(key->group);
4236        if (bits <= 0) {
4237            WOLFSSL_MSG("Failed to get group order bits.");
4238            ret = 0;
4239        }
4240    }
4241    if (ret == 1) {
4242        const char* keyType;
4243
4244        /* Determine whether this is a private or public key. */
4245        if ((key->priv_key != NULL) && (!wolfSSL_BN_is_zero(key->priv_key))) {
4246            keyType = "Private-Key";
4247            priv = 1;
4248        }
4249        else {
4250            keyType = "Public-Key";
4251        }
4252
4253        /* Print key header. */
4254        if (XFPRINTF(fp, "%*s%s: (%d bit)\n", indent, "", keyType, bits) < 0) {
4255            ret = 0;
4256        }
4257    }
4258    if ((ret == 1) && priv) {
4259        /* Print the private key BN. */
4260        ret = pk_bn_field_print_fp(fp, indent, "priv", key->priv_key);
4261    }
4262    /* Check for public key data in EC key. */
4263    if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) {
4264        /* Get the public key point as one BN. */
4265        WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group,
4266            key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
4267        if (pubBn == NULL) {
4268            WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed.");
4269            ret = 0;
4270        }
4271        else {
4272            /* Print the public key in a BN. */
4273            ret = pk_bn_field_print_fp(fp, indent, "pub", pubBn);
4274            wolfSSL_BN_free(pubBn);
4275        }
4276    }
4277    if (ret == 1) {
4278        /* Get the NID of the group. */
4279        int nid = wolfSSL_EC_GROUP_get_curve_name(key->group);
4280        if (nid > 0) {
4281            /* Convert the NID into a long name and NIST name. */
4282            const char* curve = wolfSSL_OBJ_nid2ln(nid);
4283            const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
4284
4285            /* Print OID name if known. */
4286            if ((curve != NULL) &&
4287                (XFPRINTF(fp, "%*sASN1 OID: %s\n", indent, "", curve) < 0)) {
4288                ret = 0;
4289            }
4290            /* Print NIST curve name if known. */
4291            if ((nistName != NULL) &&
4292                (XFPRINTF(fp, "%*sNIST CURVE: %s\n", indent, "",
4293                    nistName) < 0)) {
4294                ret = 0;
4295            }
4296        }
4297    }
4298
4299
4300    WOLFSSL_LEAVE("wolfSSL_EC_KEY_print_fp", ret);
4301
4302    return ret;
4303}
4304#endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
4305
4306#endif /* !NO_CERTS */
4307
4308/*
4309 * EC_KEY get/set/test APIs
4310 */
4311
4312/* Set data of internal, wolfCrypt EC key object into EC key.
4313 *
4314 * EC_KEY wolfSSL -> OpenSSL
4315 *
4316 * @param [in, out] p  EC key to update.
4317 * @return  1 on success.
4318 * @return  -1 on failure.
4319 */
4320int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
4321{
4322    int ret = 1;
4323
4324    WOLFSSL_ENTER("SetECKeyExternal");
4325
4326    /* Validate parameter. */
4327    if ((eckey == NULL) || (eckey->internal == NULL)) {
4328        WOLFSSL_MSG("ec key NULL error");
4329        ret = WOLFSSL_FATAL_ERROR;
4330    }
4331    else {
4332        ecc_key* key = (ecc_key*)eckey->internal;
4333
4334        /* Set group (OID, nid and idx) from wolfCrypt EC key. */
4335        eckey->group->curve_oid = (int)key->dp->oidSum;
4336        eckey->group->curve_nid = EccEnumToNID(key->dp->id);
4337        eckey->group->curve_idx = key->idx;
4338
4339        if (eckey->pub_key->internal != NULL) {
4340            /* Copy internal public point from internal key's public point. */
4341            if (wc_ecc_copy_point(&key->pubkey,
4342                    (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
4343                WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
4344                ret = WOLFSSL_FATAL_ERROR;
4345            }
4346
4347            /* Set external public key from internal wolfCrypt, public key. */
4348            if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) {
4349                WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed");
4350                ret = WOLFSSL_FATAL_ERROR;
4351            }
4352        }
4353
4354        /* set the external privkey */
4355        if ((ret == 1) && (key->type == ECC_PRIVATEKEY) &&
4356                (wolfssl_bn_set_value(&eckey->priv_key,
4357                wc_ecc_key_get_priv(key)) != 1)) {
4358            WOLFSSL_MSG("ec priv key error");
4359            ret = WOLFSSL_FATAL_ERROR;
4360        }
4361
4362        /* External values set when operations succeeded. */
4363        eckey->exSet = (ret == 1);
4364    }
4365
4366    return ret;
4367}
4368
4369/* Set data of EC key into internal, wolfCrypt EC key object.
4370 *
4371 * EC_KEY Openssl -> WolfSSL
4372 *
4373 * @param [in, out] p  EC key to update.
4374 * @return  1 on success.
4375 * @return  -1 on failure.
4376 */
4377int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
4378{
4379    int ret = 1;
4380
4381    WOLFSSL_ENTER("SetECKeyInternal");
4382
4383    /* Validate parameter. */
4384    if ((eckey == NULL) || (eckey->internal == NULL) ||
4385            (eckey->group == NULL)) {
4386        WOLFSSL_MSG("ec key NULL error");
4387        ret = WOLFSSL_FATAL_ERROR;
4388    }
4389    else {
4390        ecc_key* key = (ecc_key*)eckey->internal;
4391        int pubSet = 0;
4392
4393        /* Validate group. */
4394        if ((eckey->group->curve_idx < 0) ||
4395            (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
4396            WOLFSSL_MSG("invalid curve idx");
4397            ret = WOLFSSL_FATAL_ERROR;
4398        }
4399
4400        if (ret == 1) {
4401            /* Set group (idx of curve and corresponding domain parameters). */
4402            key->idx = eckey->group->curve_idx;
4403            key->dp = &ecc_sets[key->idx];
4404            pubSet = (eckey->pub_key != NULL);
4405        }
4406        /* Set public key (point). */
4407        if ((ret == 1) && pubSet) {
4408            if (ec_point_internal_set(eckey->pub_key) != 1) {
4409                WOLFSSL_MSG("ec key pub error");
4410                ret = WOLFSSL_FATAL_ERROR;
4411            }
4412            /* Copy public point to key. */
4413            if ((ret == 1) && (wc_ecc_copy_point(
4414                    (ecc_point*)eckey->pub_key->internal, &key->pubkey) !=
4415                    MP_OKAY)) {
4416                WOLFSSL_MSG("wc_ecc_copy_point error");
4417                ret = WOLFSSL_FATAL_ERROR;
4418            }
4419
4420            if (ret == 1) {
4421                /* Set that the internal key is a public key */
4422                key->type = ECC_PUBLICKEY;
4423            }
4424        }
4425
4426        /* set privkey */
4427        if ((ret == 1) && (eckey->priv_key != NULL)) {
4428            if (wolfssl_bn_get_value(eckey->priv_key,
4429                    wc_ecc_key_get_priv(key)) != 1) {
4430                WOLFSSL_MSG("ec key priv error");
4431                ret = WOLFSSL_FATAL_ERROR;
4432            }
4433            /* private key */
4434            if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) {
4435                if (pubSet) {
4436                    key->type = ECC_PRIVATEKEY;
4437                }
4438                else {
4439                    key->type = ECC_PRIVATEKEY_ONLY;
4440                }
4441            }
4442        }
4443
4444        /* Internal values set when operations succeeded. */
4445        eckey->inSet = (ret == 1);
4446    }
4447
4448    return ret;
4449}
4450
4451/* Get point conversion format of EC key.
4452 *
4453 * @param [in] key  EC key.
4454 * @return  Point conversion format on success.
4455 * @return  -1 on error.
4456 */
4457wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(
4458    const WOLFSSL_EC_KEY* key)
4459{
4460    if (key == NULL)
4461        return WOLFSSL_FATAL_ERROR;
4462    return key->form;
4463}
4464
4465/* Set point conversion format into EC key.
4466 *
4467 * @param [in, out] key   EC key to set format into.
4468 * @param [in]      form  Point conversion format. Valid values:
4469 *                          WC_POINT_CONVERSION_UNCOMPRESSED,
4470 *                          WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
4471 */
4472void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form)
4473{
4474    if (key == NULL) {
4475        WOLFSSL_MSG("Key passed in NULL");
4476    }
4477    else if (form == WC_POINT_CONVERSION_UNCOMPRESSED
4478#ifdef HAVE_COMP_KEY
4479          || form == WC_POINT_CONVERSION_COMPRESSED
4480#endif
4481             ) {
4482        key->form = (unsigned char)form;
4483    }
4484    else {
4485        WOLFSSL_MSG("Incorrect form or HAVE_COMP_KEY not compiled in");
4486    }
4487}
4488
4489/* Get the EC group object that is in EC key.
4490 *
4491 * @param [in] key  EC key.
4492 * @return  EC group object on success.
4493 * @return  NULL when key is NULL.
4494 */
4495const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
4496{
4497    WOLFSSL_EC_GROUP* group = NULL;
4498
4499    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
4500
4501    if (key != NULL) {
4502        group = key->group;
4503    }
4504
4505    return group;
4506}
4507
4508/* Set the group in WOLFSSL_EC_KEY
4509 *
4510 * @param [in, out] key    EC key to update.
4511 * @param [in]      group  EC group to copy.
4512 * @return  1 on success
4513 * @return  0 on failure.
4514 */
4515int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
4516{
4517    int ret = 1;
4518
4519    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
4520
4521    /* Validate parameters. */
4522    if ((key == NULL) || (group == NULL)) {
4523        ret = 0;
4524    }
4525
4526    if (ret == 1) {
4527        /* Dispose of the current group. */
4528        if (key->group != NULL) {
4529            wolfSSL_EC_GROUP_free(key->group);
4530        }
4531        /* Duplicate the passed in group into EC key. */
4532        key->group = wolfSSL_EC_GROUP_dup(group);
4533        if (key->group == NULL) {
4534            ret = 0;
4535        }
4536    }
4537
4538    return ret;
4539}
4540
4541/* Get the BN object that is the private key in the EC key.
4542 *
4543 * @param [in] key  EC key.
4544 * @return  BN object on success.
4545 * @return  NULL when key is NULL or private key is not set.
4546 */
4547WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
4548{
4549    WOLFSSL_BIGNUM* priv_key = NULL;
4550
4551    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
4552
4553    /* Validate parameter. */
4554    if (key == NULL) {
4555        WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
4556    }
4557    /* Only return private key if it is not 0. */
4558    else if (!wolfSSL_BN_is_zero(key->priv_key)) {
4559        priv_key = key->priv_key;
4560    }
4561
4562    return priv_key;
4563}
4564
4565/* Sets the private key value into EC key.
4566 *
4567 * Return code compliant with OpenSSL.
4568 *
4569 * @param [in, out] key       EC key to set.
4570 * @param [in]      priv_key  Private key value in a BN.
4571 * @return  1 on success
4572 * @return  0 on failure.
4573 */
4574int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
4575    const WOLFSSL_BIGNUM *priv_key)
4576{
4577    int ret = 1;
4578
4579    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
4580
4581    /* Validate parameters. */
4582    if ((key == NULL) || (priv_key == NULL)) {
4583        WOLFSSL_MSG("Bad arguments");
4584        ret = 0;
4585    }
4586
4587    /* Check for obvious invalid values. */
4588    if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) ||
4589            wolfSSL_BN_is_one(priv_key)) {
4590        WOLFSSL_MSG("Invalid private key value");
4591        ret = 0;
4592    }
4593
4594    if (ret == 1) {
4595        /* Free key if previously set. */
4596        if (key->priv_key != NULL) {
4597            wolfSSL_BN_free(key->priv_key);
4598        }
4599
4600        /* Duplicate the BN passed in. */
4601        key->priv_key = wolfSSL_BN_dup(priv_key);
4602        if (key->priv_key == NULL) {
4603            WOLFSSL_MSG("key ecc priv key NULL");
4604            ret = 0;
4605        }
4606    }
4607    /* Set the external values into internal EC key. */
4608    if ((ret == 1) && (SetECKeyInternal(key) != 1)) {
4609        WOLFSSL_MSG("SetECKeyInternal failed");
4610        /* Dispose of new private key on error. */
4611        wolfSSL_BN_free(key->priv_key);
4612        key->priv_key = NULL;
4613        ret = 0;
4614    }
4615
4616    return ret;
4617}
4618
4619/* Get the public key EC point object that is in EC key.
4620 *
4621 * @param [in] key  EC key.
4622 * @return  EC point object that is the public key on success.
4623 * @return  NULL when key is NULL.
4624 */
4625WOLFSSL_EC_POINT* wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
4626{
4627    WOLFSSL_EC_POINT* pub_key = NULL;
4628
4629    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
4630
4631    if (key != NULL) {
4632        pub_key = key->pub_key;
4633    }
4634
4635    return pub_key;
4636}
4637
4638/*
4639 * Return code compliant with OpenSSL.
4640 *
4641 * @param [in, out] key  EC key.
4642 * @param [in]      pub  Public key as an EC point.
4643 * @return  1 on success
4644 * @return  0 on failure.
4645 */
4646int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
4647    const WOLFSSL_EC_POINT *pub)
4648{
4649    int ret = 1;
4650    ecc_point *pub_p = NULL;
4651    ecc_point *key_p = NULL;
4652
4653    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
4654
4655    /* Validate parameters. */
4656    if ((key == NULL) || (key->internal == NULL) || (pub == NULL) ||
4657            (pub->internal == NULL)) {
4658        WOLFSSL_MSG("wolfSSL_EC_KEY_set_public_key Bad arguments");
4659        ret = 0;
4660    }
4661
4662    /* Ensure the internal EC key is set. */
4663    if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(key) != 1)) {
4664        WOLFSSL_MSG("SetECKeyInternal failed");
4665        ret = 0;
4666    }
4667
4668    /* Ensure the internal EC point of pub is setup. */
4669    if ((ret == 1) && (ec_point_setup(pub) != 1)) {
4670        ret = 0;
4671    }
4672
4673    if (ret == 1) {
4674        /* Get the internal point of pub and the public key in key. */
4675        pub_p = (ecc_point*)pub->internal;
4676        key_p = (ecc_point*)key->pub_key->internal;
4677
4678        /* Create new point if required. */
4679        if (key_p == NULL) {
4680            key_p = wc_ecc_new_point();
4681            key->pub_key->internal = (void*)key_p;
4682        }
4683        /* Check point available. */
4684        if (key_p == NULL) {
4685            WOLFSSL_MSG("key ecc point NULL");
4686            ret = 0;
4687        }
4688    }
4689
4690    /* Copy the internal pub point into internal key point. */
4691    if ((ret == 1) && (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY)) {
4692        WOLFSSL_MSG("ecc_copy_point failure");
4693        ret = 0;
4694    }
4695
4696    /* Copy the internal point data into external. */
4697    if ((ret == 1) && (ec_point_external_set(key->pub_key) != 1)) {
4698        WOLFSSL_MSG("SetECKeyInternal failed");
4699        ret = 0;
4700    }
4701
4702    /* Copy the internal key into external. */
4703    if ((ret == 1) && (SetECKeyInternal(key) != 1)) {
4704        WOLFSSL_MSG("SetECKeyInternal failed");
4705        ret = 0;
4706    }
4707
4708    if (ret == 1) {
4709        /* Dump out the point and the key's public key for debug. */
4710        wolfSSL_EC_POINT_dump("pub", pub);
4711        wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key);
4712    }
4713
4714    return ret;
4715}
4716
4717#ifndef NO_WOLFSSL_STUB
4718/* Set the ASN.1 encoding flag against the EC key.
4719 *
4720 * No implementation as only named curves supported for encoding.
4721 *
4722 * @param [in, out] key   EC key.
4723 * @param [in]      flag  ASN.1 flag to set. Valid values:
4724 *                        OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE
4725 */
4726void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
4727{
4728    (void)key;
4729    (void)asn1_flag;
4730
4731    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
4732    WOLFSSL_STUB("EC_KEY_set_asn1_flag");
4733}
4734#endif
4735
4736/*
4737 * EC key generate key APIs
4738 */
4739
4740/* Generate an EC key.
4741 *
4742 * Uses the internal curve index set in the EC key or the default.
4743 *
4744 * @param [in, out] key  EC key.
4745 * @return  1 on success
4746 * @return  0 on failure.
4747 */
4748int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
4749{
4750    int res = 1;
4751    int initTmpRng = 0;
4752    WC_RNG* rng = NULL;
4753    WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0);
4754
4755    WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
4756
4757    /* Validate parameters. */
4758    if ((key == NULL) || (key->internal == NULL) || (key->group == NULL)) {
4759        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
4760        res = 0;
4761    }
4762    if (res == 1) {
4763        /* Check if we know which internal curve index to use. */
4764        if (key->group->curve_idx < 0) {
4765            /* Generate key using the default curve. */
4766#if FIPS_VERSION3_GE(6,0,0)
4767            key->group->curve_idx = ECC_SECP256R1; /* FIPS default to 256 */
4768#else
4769            key->group->curve_idx = ECC_CURVE_DEF;
4770#endif
4771        }
4772
4773        /* Create a random number generator. */
4774        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
4775        if (rng == NULL) {
4776            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG");
4777            res = 0;
4778        }
4779    }
4780    if (res == 1) {
4781        /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid
4782         * is 0 then pass ECC_CURVE_DEF as arg */
4783        int eccEnum = key->group->curve_nid ?
4784#if FIPS_VERSION3_GE(6,0,0)
4785            NIDToEccEnum(key->group->curve_nid) : ECC_SECP256R1;
4786#else
4787            NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF;
4788#endif
4789        /* Get the internal EC key. */
4790        ecc_key* ecKey = (ecc_key*)key->internal;
4791        /* Make the key using internal API. */
4792        int ret = 0;
4793
4794#if FIPS_VERSION3_GE(6,0,0)
4795        /* In the case of FIPS only allow key generation with approved curves */
4796        if (eccEnum != ECC_SECP256R1 && eccEnum != ECC_SECP224R1 &&
4797            eccEnum != ECC_SECP384R1 && eccEnum != ECC_SECP521R1) {
4798            WOLFSSL_MSG("Unsupported curve selected in FIPS mode");
4799            res = 0;
4800        }
4801        if (res == 1) {
4802#endif
4803        ret  = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum);
4804#if FIPS_VERSION3_GE(6,0,0)
4805        }
4806#endif
4807
4808    #if defined(WOLFSSL_ASYNC_CRYPT)
4809        /* Wait on asynchronouse operation. */
4810        ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE);
4811    #endif
4812        if (ret != 0) {
4813            WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
4814            res = 0;
4815        }
4816    }
4817
4818    /* Dispose of local random number generator if initialized. */
4819    if (initTmpRng) {
4820        wc_FreeRng(rng);
4821        WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG);
4822    }
4823
4824    /* Set the external key from new internal key values. */
4825    if ((res == 1) && (SetECKeyExternal(key) != 1)) {
4826        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
4827        res = 0;
4828    }
4829
4830    return res;
4831}
4832
4833/*
4834 * EC key check key APIs
4835 */
4836
4837/* Check that the EC key is valid.
4838 *
4839 * @param [in] key  EC key.
4840 * @return  1 on valid.
4841 * @return  0 on invalid or error.
4842 */
4843int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key)
4844{
4845    int ret = 1;
4846
4847    WOLFSSL_ENTER("wolfSSL_EC_KEY_check_key");
4848
4849    /* Validate parameter. */
4850    if ((key == NULL) || (key->internal == NULL)) {
4851        WOLFSSL_MSG("Bad parameter");
4852        ret = 0;
4853    }
4854
4855    /* Set the external EC key values into internal if not already. */
4856    if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(
4857            (WOLFSSL_EC_KEY*)key) != 1)) {
4858        WOLFSSL_MSG("SetECKeyInternal failed");
4859        ret = 0;
4860    }
4861
4862    if (ret == 1) {
4863        /* Have internal EC implementation check key. */
4864        ret = wc_ecc_check_key((ecc_key*)key->internal) == 0;
4865    }
4866
4867    return ret;
4868}
4869
4870/* End EC_KEY */
4871
4872#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
4873/* Get the supported, built-in EC curves
4874 *
4875 * @param [in, out] curves  Pre-allocated list to put supported curves into.
4876 * @param [in]      len     Maximum number of items to place in list.
4877 * @return  Number of built-in EC curves when curves is NULL or len is 0.
4878 * @return  Number of items placed in list otherwise.
4879 */
4880size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *curves,
4881    size_t len)
4882{
4883    size_t i;
4884    size_t cnt;
4885#ifdef HAVE_SELFTEST
4886    /* Defined in ecc.h when available. */
4887    size_t ecc_sets_count;
4888
4889    /* Count the pre-defined curves since global not available. */
4890    for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) {
4891        /* Do nothing. */
4892    }
4893    ecc_sets_count = i;
4894#endif
4895
4896    /* Assume we are going to return total count. */
4897    cnt = ecc_sets_count;
4898    /* Check we have a list that can hold data. */
4899    if ((curves != NULL) && (len != 0)) {
4900        /* Limit count to length of list. */
4901        if (cnt > len) {
4902            cnt = len;
4903        }
4904
4905        /* Put in built-in EC curve nid and short name. */
4906        for (i = 0; i < cnt; i++) {
4907            curves[i].nid = EccEnumToNID(ecc_sets[i].id);
4908            curves[i].comment = wolfSSL_OBJ_nid2sn(curves[i].nid);
4909        }
4910    }
4911
4912    return cnt;
4913}
4914#endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
4915
4916/* Start ECDSA_SIG */
4917
4918/* Allocate a new ECDSA signature object.
4919 *
4920 * @return  New, allocated ECDSA signature object on success.
4921 * @return  NULL on error.
4922 */
4923WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
4924{
4925    int err = 0;
4926    WOLFSSL_ECDSA_SIG *sig;
4927
4928    WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
4929
4930    /* Allocate memory for ECDSA signature object. */
4931    sig = (WOLFSSL_ECDSA_SIG*)XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
4932        DYNAMIC_TYPE_ECC);
4933    if (sig == NULL) {
4934        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
4935        return NULL;
4936    }
4937
4938    /* Set s to NULL in case of error. */
4939    sig->s = NULL;
4940    /* Allocate BN into r. */
4941    sig->r = wolfSSL_BN_new();
4942    if (sig->r == NULL) {
4943        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
4944        err = 1;
4945    }
4946    if (!err) {
4947        /* Allocate BN into s. */
4948        sig->s = wolfSSL_BN_new();
4949        if (sig->s == NULL) {
4950            WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
4951            err = 1;
4952        }
4953    }
4954
4955    if (err) {
4956        /* Dispose of allocated memory. */
4957        wolfSSL_ECDSA_SIG_free(sig);
4958        sig = NULL;
4959    }
4960    return sig;
4961}
4962
4963/* Dispose of ECDSA signature object.
4964 *
4965 * Cannot use object after this call.
4966 *
4967 * @param [in] sig  ECDSA signature object to free.
4968 */
4969void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
4970{
4971    WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
4972
4973    if (sig != NULL) {
4974        /* Dispose of BNs allocated for r and s. */
4975        wolfSSL_BN_free(sig->r);
4976        wolfSSL_BN_free(sig->s);
4977
4978        /* Dispose of memory associated with ECDSA signature object. */
4979        XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
4980    }
4981}
4982
4983/* Create an ECDSA signature from the DER encoding.
4984 *
4985 * @param [in, out] sig  Reference to ECDSA signature object. May be NULL.
4986 * @param [in, out] pp   On in, reference to buffer containing DER encoding.
4987 *                       On out, reference to buffer after signature data.
4988 * @param [in]      len  Length of the data in the buffer. May be more than
4989 *                       the length of the signature.
4990 * @return  ECDSA signature object on success.
4991 * @return  NULL on error.
4992 */
4993WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig,
4994    const unsigned char** pp, long len)
4995{
4996    int err = 0;
4997    /* ECDSA signature object to return. */
4998    WOLFSSL_ECDSA_SIG *s = NULL;
4999
5000    /* Validate parameter. */
5001    if (pp == NULL) {
5002        err = 1;
5003    }
5004    if (!err) {
5005        if (sig != NULL) {
5006            /* Use the ECDSA signature object passed in. */
5007            s = *sig;
5008        }
5009        if (s == NULL) {
5010            /* No ECDSA signature object passed in - create a new one. */
5011            s = wolfSSL_ECDSA_SIG_new();
5012            if (s == NULL) {
5013                err = 1;
5014            }
5015        }
5016    }
5017    if (!err) {
5018        /* DecodeECC_DSA_Sig calls mp_init, so free these. */
5019        mp_free((mp_int*)s->r->internal);
5020        mp_free((mp_int*)s->s->internal);
5021
5022        /* Decode the signature into internal r and s fields. */
5023        if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
5024                (mp_int*)s->s->internal) != MP_OKAY) {
5025            err = 1;
5026        }
5027    }
5028
5029    if (!err) {
5030        /* Move pointer passed signature data successfully decoded. */
5031        *pp += wolfssl_der_length(*pp, (int)len);
5032        if (sig != NULL) {
5033            /* Update reference to ECDSA signature object. */
5034            *sig = s;
5035        }
5036    }
5037
5038    /* Dispose of newly allocated object on error. */
5039    if (err) {
5040        if ((s != NULL) && ((sig == NULL) || (*sig != s))) {
5041            wolfSSL_ECDSA_SIG_free(s);
5042        }
5043        /* Return NULL for object on error. */
5044        s = NULL;
5045    }
5046    return s;
5047}
5048
5049/* Encode the ECDSA signature as DER.
5050 *
5051 * @param [in]      sig  ECDSA signature object.
5052 * @param [in, out] pp   On in, reference to buffer in which to place encoding.
5053 *                       On out, reference to buffer after encoding.
5054 *                       May be NULL or point to NULL in which case no encoding
5055 *                       is done.
5056 * @return  Length of encoding on success.
5057 * @return  0 on error.
5058 */
5059int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
5060{
5061    word32 len = 0;
5062    int    update_p = 1;
5063
5064    /* Validate parameter. */
5065    if (sig != NULL) {
5066        /* ASN.1: SEQ + INT + INT
5067         *   ASN.1 Integer must be a positive value - prepend zero if number has
5068         *   top bit set.
5069         */
5070        /* Get total length of r including any prepended zero. */
5071        word32 rLen = (word32)(mp_leading_bit((mp_int*)sig->r->internal) +
5072               mp_unsigned_bin_size((mp_int*)sig->r->internal));
5073        /* Get total length of s including any prepended zero. */
5074        word32 sLen = (word32)(mp_leading_bit((mp_int*)sig->s->internal) +
5075               mp_unsigned_bin_size((mp_int*)sig->s->internal));
5076        /* Calculate length of data in sequence. */
5077        len = (word32)1 + ASN_LEN_SIZE(rLen) + rLen +
5078              (word32)1 + ASN_LEN_SIZE(sLen) + sLen;
5079        /* Add in the length of the SEQUENCE. */
5080        len += (word32)1 + ASN_LEN_SIZE(len);
5081
5082        #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC
5083        if ((pp != NULL) && (*pp == NULL)) {
5084            *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
5085            if (*pp == NULL) {
5086                WOLFSSL_MSG("malloc error");
5087                return 0;
5088            }
5089            update_p = 0;
5090        }
5091        #endif
5092
5093        /* Encode only if there is a buffer to encode into. */
5094        if ((pp != NULL) && (*pp != NULL)) {
5095            /* Encode using the internal representations of r and s. */
5096            if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal,
5097                    (mp_int*)sig->s->internal) != MP_OKAY) {
5098                /* No bytes encoded. */
5099                len = 0;
5100            }
5101            else if (update_p) {
5102                /* Update pointer to after encoding. */
5103                *pp += len;
5104            }
5105        }
5106    }
5107
5108    return (int)len;
5109}
5110
5111/* Get the pointer to the fields of the ECDSA signature.
5112 *
5113 * r and s untouched when sig is NULL.
5114 *
5115 * @param [in]  sig  ECDSA signature object.
5116 * @param [out] r    R field of ECDSA signature as a BN. May be NULL.
5117 * @param [out] s    S field of ECDSA signature as a BN. May be NULL.
5118 */
5119void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig,
5120    const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s)
5121{
5122    /* Validate parameter. */
5123    if (sig != NULL) {
5124        /* Return the r BN when pointer to return through. */
5125        if (r != NULL) {
5126            *r = sig->r;
5127        }
5128        /* Return the s BN when pointer to return through. */
5129        if (s != NULL) {
5130            *s = sig->s;
5131        }
5132    }
5133}
5134
5135/* Set the pointers to the fields of the ECDSA signature.
5136 *
5137 * @param [in, out] sig  ECDSA signature object to update.
5138 * @param [in]      r    R field of ECDSA signature as a BN.
5139 * @param [in]      s    S field of ECDSA signature as a BN.
5140 * @return  1 on success.
5141 * @return  0 on error.
5142 */
5143int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r,
5144    WOLFSSL_BIGNUM* s)
5145{
5146    int ret = 1;
5147
5148    /* Validate parameters. */
5149    if ((sig == NULL) || (r == NULL) || (s == NULL)) {
5150        ret = 0;
5151    }
5152
5153    if (ret == 1) {
5154        /* Dispose of old BN objects. */
5155        wolfSSL_BN_free(sig->r);
5156        wolfSSL_BN_free(sig->s);
5157
5158        /* Assign new BN objects. */
5159        sig->r = r;
5160        sig->s = s;
5161    }
5162
5163    return ret;
5164}
5165
5166/* End ECDSA_SIG */
5167
5168/* Start ECDSA */
5169
5170/* Calculate maximum size of the DER encoded ECDSA signature for the curve.
5171 *
5172 * @param [in] key  EC key.
5173 * @return  Size of DER encoded signature on success.
5174 * @return  0 on error.
5175 */
5176int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
5177{
5178    int err = 0;
5179    int len = 0;
5180    const WOLFSSL_EC_GROUP *group = NULL;
5181    int bits = 0;
5182
5183    /* Validate parameter. */
5184    if (key == NULL) {
5185        err = 1;
5186    }
5187
5188    /* Get group from key to get order bits. */
5189    if ((!err) && ((group = wolfSSL_EC_KEY_get0_group(key)) == NULL)) {
5190        err = 1;
5191    }
5192    /* Get order bits of group. */
5193    if ((!err) && ((bits = wolfSSL_EC_GROUP_order_bits(group)) == 0)) {
5194        /* Group is not set. */
5195        err = 1;
5196    }
5197
5198    if (!err) {
5199        /* r and s are mod order. */
5200        int bytes = (bits + 7) / 8;  /* Bytes needed to hold bits. */
5201        len = SIG_HEADER_SZ + /* 2*ASN_TAG + 2*LEN(ENUM) */
5202            ECC_MAX_PAD_SZ +  /* possible leading zeroes in r and s */
5203            bytes + bytes;    /* max r and s in bytes */
5204    }
5205
5206    return len;
5207}
5208
5209/* Create ECDSA signature by signing digest with key.
5210 *
5211 * @param [in] dgst  Digest to sign.
5212 * @param [in] dLen  Length of digest in bytes.
5213 * @param [in] key   EC key to sign with.
5214 * @return  ECDSA signature object on success.
5215 * @return  NULL on error.
5216 */
5217WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dLen,
5218    WOLFSSL_EC_KEY *key)
5219{
5220    int err = 0;
5221    WOLFSSL_ECDSA_SIG *sig = NULL;
5222    WC_DECLARE_VAR(out, byte, ECC_BUFSIZE, 0);
5223    unsigned int outLen = ECC_BUFSIZE;
5224
5225    WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
5226
5227    /* Validate parameters. */
5228    if ((dgst == NULL) || (key == NULL) || (key->internal == NULL)) {
5229        WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
5230        err = 1;
5231    }
5232
5233    /* Ensure internal EC key is set from external. */
5234    if ((!err) && (key->inSet == 0)) {
5235        WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
5236
5237        if (SetECKeyInternal(key) != 1) {
5238            WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
5239            err = 1;
5240        }
5241    }
5242
5243#ifdef WOLFSSL_SMALL_STACK
5244    if (!err) {
5245        /* Allocate buffer to hold encoded signature. */
5246        out = (byte*)XMALLOC(outLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5247        if (out == NULL) {
5248            err = 1;
5249        }
5250    }
5251#endif
5252
5253    /* Sign the digest with the key to create encoded ECDSA signature. */
5254    if ((!err) && (wolfSSL_ECDSA_sign(0, dgst, dLen, out, &outLen, key) != 1)) {
5255        err = 1;
5256    }
5257
5258    if (!err) {
5259        const byte* p = out;
5260        /* Decode the ECDSA signature into a new object. */
5261        sig = wolfSSL_d2i_ECDSA_SIG(NULL, &p, outLen);
5262    }
5263
5264    WC_FREE_VAR_EX(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5265
5266    return sig;
5267}
5268
5269/* Verify ECDSA signature in the object using digest and key.
5270 *
5271 * Return code compliant with OpenSSL.
5272 *
5273 * @param [in] dgst  Digest to verify.
5274 * @param [in] dLen  Length of the digest in bytes.
5275 * @param [in] sig   ECDSA signature object.
5276 * @param [in] key   EC key containing public key.
5277 * @return  1 when signature is valid.
5278 * @return  0 when signature is invalid.
5279 * @return  -1 on error.
5280 */
5281int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
5282    const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
5283{
5284    int ret = 1;
5285    int verified = 0;
5286#ifdef WOLF_CRYPTO_CB_ONLY_ECC
5287    byte signature[ECC_MAX_SIG_SIZE];
5288    int signatureLen;
5289    byte* p = signature;
5290#endif
5291
5292    WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
5293
5294    /* Validate parameters. */
5295    if ((dgst == NULL) || (sig == NULL) || (key == NULL) ||
5296            (key->internal == NULL)) {
5297        WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
5298        ret = WOLFSSL_FATAL_ERROR;
5299    }
5300
5301    /* Check hash length */
5302    if ((ret == 1) &&
5303        ((dLen > WC_MAX_DIGEST_SIZE) ||
5304         (dLen < WC_MIN_DIGEST_SIZE))) {
5305        WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad digest size");
5306        ret = WOLFSSL_FATAL_ERROR;
5307    }
5308
5309    /* Ensure internal EC key is set from external. */
5310    if ((ret == 1) && (key->inSet == 0)) {
5311        WOLFSSL_MSG("No EC key internal set, do it");
5312
5313        if (SetECKeyInternal(key) != 1) {
5314            WOLFSSL_MSG("SetECKeyInternal failed");
5315            ret = WOLFSSL_FATAL_ERROR;
5316        }
5317    }
5318
5319    if (ret == 1) {
5320#ifndef WOLF_CRYPTO_CB_ONLY_ECC
5321        /* Verify hash using digest, r and s as MP ints and internal EC key. */
5322        if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
5323                (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified,
5324                (ecc_key *)key->internal) != MP_OKAY) {
5325            WOLFSSL_MSG("wc_ecc_verify_hash failed");
5326            ret = WOLFSSL_FATAL_ERROR;
5327        }
5328        else if (verified == 0) {
5329            WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
5330            ret = 0;
5331        }
5332#else
5333        signatureLen = i2d_ECDSA_SIG(sig, &p);
5334        if (signatureLen > 0) {
5335            /* verify hash. expects to call wc_CryptoCb_EccVerify internally */
5336            ret = wc_ecc_verify_hash(signature, signatureLen, dgst,
5337                (word32)dLen, &verified, (ecc_key*)key->internal);
5338            if (ret != MP_OKAY) {
5339                WOLFSSL_MSG("wc_ecc_verify_hash failed");
5340                ret = WOLFSSL_FATAL_ERROR;
5341            }
5342            else if (verified == 0) {
5343                WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
5344                ret = 0;
5345            }
5346        }
5347#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
5348    }
5349
5350    return ret;
5351}
5352
5353/* Sign the digest with the key to produce a DER encode signature.
5354 *
5355 * @param [in]      type      Digest algorithm used to create digest. Unused.
5356 * @param [in]      digest    Digest of the message to sign.
5357 * @param [in]      digestSz  Size of the digest in bytes.
5358 * @param [out]     sig       Buffer to hold signature.
5359 * @param [in, out] sigSz     On in, size of buffer in bytes.
5360 *                            On out, size of signatre in bytes.
5361 * @param [in]      key       EC key containing private key.
5362 * @return  1 on success.
5363 * @return  0 on error.
5364 */
5365int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz,
5366    unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key)
5367{
5368    int ret = 1;
5369    WC_RNG* rng = NULL;
5370    WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0);
5371    int initTmpRng = 0;
5372
5373    WOLFSSL_ENTER("wolfSSL_ECDSA_sign");
5374
5375    /* Digest algorithm not used in DER encoding. */
5376    (void)type;
5377
5378    /* Validate parameters. */
5379    if (key == NULL) {
5380        ret = 0;
5381    }
5382
5383    if (ret == 1) {
5384        /* Make an RNG - create local or get global. */
5385        rng = wolfssl_make_rng(tmpRng, &initTmpRng);
5386        if (rng == NULL) {
5387            ret = 0;
5388        }
5389    }
5390    /* Sign the digest with the key using the RNG and put signature into buffer
5391     * update sigSz to be actual length.
5392     */
5393    if ((ret == 1) && (wc_ecc_sign_hash(digest, (word32)digestSz, sig, sigSz,
5394            rng, (ecc_key*)key->internal) != 0)) {
5395        ret = 0;
5396    }
5397
5398    if (initTmpRng) {
5399        wc_FreeRng(rng);
5400        WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG);
5401    }
5402
5403    return ret;
5404}
5405
5406/* Verify the signature with the digest and key.
5407 *
5408 * @param [in] type      Digest algorithm used to create digest. Unused.
5409 * @param [in] digest    Digest of the message to verify.
5410 * @param [in] digestSz  Size of the digest in bytes.
5411 * @param [in] sig       Buffer holding signature.
5412 * @param [in] sigSz     Size of signature data in bytes.
5413 * @param [in] key       EC key containing public key.
5414 * @return  1 when signature is valid.
5415 * @return  0 when signature is invalid or error.
5416 */
5417int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz,
5418    const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key)
5419{
5420    int ret = 1;
5421    int verify = 0;
5422
5423    WOLFSSL_ENTER("wolfSSL_ECDSA_verify");
5424
5425    /* Digest algorithm not used in DER encoding. */
5426    (void)type;
5427
5428    /* Validate parameters. */
5429    if (key == NULL) {
5430        ret = 0;
5431    }
5432
5433    /* Check hash length */
5434    if ((ret == 1) &&
5435        ((digestSz > WC_MAX_DIGEST_SIZE) ||
5436         (digestSz < WC_MIN_DIGEST_SIZE))) {
5437        WOLFSSL_MSG("wolfSSL_ECDSA_verify Bad digest size");
5438        ret = 0;
5439    }
5440
5441    /* Verify signature using digest and key. */
5442    if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest,
5443            (word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) {
5444        ret = 0;
5445    }
5446    /* When no error, verification may still have failed - check now. */
5447    if ((ret == 1) && (verify != 1)) {
5448        WOLFSSL_MSG("wolfSSL_ECDSA_verify failed");
5449        ret = 0;
5450    }
5451
5452    return ret;
5453}
5454
5455/* End ECDSA */
5456
5457/* Start ECDH */
5458
5459#ifndef WOLF_CRYPTO_CB_ONLY_ECC
5460/* Compute the shared secret (key) using ECDH.
5461 *
5462 * KDF not supported.
5463 *
5464 * Return code compliant with OpenSSL.
5465 *
5466 * @param [out] out      Buffer to hold key.
5467 * @param [in]  outLen   Length of buffer in bytes.
5468 * @param [in]  pubKey   Public key as an EC point.
5469 * @param [in]  privKey  EC key holding a private key.
5470 * @param [in]  kdf      Key derivation function to apply to secret.
5471 * @return  Length of computed key on success
5472 * @return  0 on error.
5473 */
5474int wolfSSL_ECDH_compute_key(void *out, size_t outLen,
5475    const WOLFSSL_EC_POINT *pubKey, WOLFSSL_EC_KEY *privKey,
5476    void *(*kdf) (const void *in, size_t inlen, void *out, size_t *outLen))
5477{
5478    int err = 0;
5479    word32 len = 0;
5480    ecc_key* key = NULL;
5481#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
5482    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
5483    int setGlobalRNG = 0;
5484#endif
5485
5486    /* TODO: support using the KDF. */
5487    (void)kdf;
5488
5489    WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
5490
5491    /* Validate parameters. */
5492    if ((out == NULL) || (pubKey == NULL) || (pubKey->internal == NULL) ||
5493        (privKey == NULL) || (privKey->internal == NULL)) {
5494        WOLFSSL_MSG("Bad function arguments");
5495        err = 1;
5496    }
5497
5498    /* Ensure internal EC key is set from external. */
5499    if ((!err) && (privKey->inSet == 0)) {
5500        WOLFSSL_MSG("No EC key internal set, do it");
5501
5502        if (SetECKeyInternal(privKey) != 1) {
5503            WOLFSSL_MSG("SetECKeyInternal failed");
5504            err = 1;
5505        }
5506    }
5507
5508    if (!err) {
5509        int ret;
5510
5511        /* Get the internal key. */
5512        key = (ecc_key*)privKey->internal;
5513        /* Set length into variable of type suitable for wolfSSL API. */
5514        len = (word32)outLen;
5515
5516    #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
5517        (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
5518        /* An RNG is needed. */
5519        if (key->rng == NULL) {
5520            key->rng = wolfssl_make_global_rng();
5521            /* RNG set and needs to be unset. */
5522            setGlobalRNG = 1;
5523        }
5524    #endif
5525
5526        PRIVATE_KEY_UNLOCK();
5527        /* Create secret using wolfSSL. */
5528        ret = wc_ecc_shared_secret_ex(key, (ecc_point*)pubKey->internal,
5529            (byte *)out, &len);
5530        PRIVATE_KEY_LOCK();
5531        if (ret != MP_OKAY) {
5532            WOLFSSL_MSG("wc_ecc_shared_secret failed");
5533            err = 1;
5534        }
5535    }
5536
5537#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
5538    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
5539    /* Remove global from key. */
5540    if (setGlobalRNG) {
5541        key->rng = NULL;
5542    }
5543#endif
5544
5545    if (err) {
5546        /* Make returned value zero. */
5547        len = 0;
5548    }
5549    return (int)len;
5550}
5551#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
5552
5553/* End ECDH */
5554
5555#ifndef NO_WOLFSSL_STUB
5556const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void)
5557{
5558    WOLFSSL_STUB("wolfSSL_EC_KEY_OpenSSL");
5559
5560    return NULL;
5561}
5562
5563WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new(
5564        const WOLFSSL_EC_KEY_METHOD *meth)
5565{
5566    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_new");
5567
5568    (void)meth;
5569
5570    return NULL;
5571}
5572
5573void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth)
5574{
5575    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_free");
5576
5577    (void)meth;
5578}
5579
5580void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth,
5581        void* a1, void* a2, void* a3, void* a4, void* a5, void* a6)
5582{
5583    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_init");
5584
5585    (void)meth;
5586    (void)a1;
5587    (void)a2;
5588    (void)a3;
5589    (void)a4;
5590    (void)a5;
5591    (void)a6;
5592}
5593
5594void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth,
5595        void* a1, void* a2, void* a3)
5596{
5597    WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_sign");
5598
5599    (void)meth;
5600    (void)a1;
5601    (void)a2;
5602    (void)a3;
5603}
5604
5605const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method(
5606        const WOLFSSL_EC_KEY *key)
5607{
5608    WOLFSSL_STUB("wolfSSL_EC_KEY_get_method");
5609
5610    (void)key;
5611
5612    return NULL;
5613}
5614
5615int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key,
5616        const WOLFSSL_EC_KEY_METHOD *meth)
5617{
5618    WOLFSSL_STUB("wolfSSL_EC_KEY_set_method");
5619
5620    (void)key;
5621    (void)meth;
5622
5623    return 0;
5624}
5625
5626#endif /* !NO_WOLFSSL_STUB */
5627
5628#endif /* OPENSSL_EXTRA */
5629
5630#endif /* HAVE_ECC */
5631
5632/*******************************************************************************
5633 * END OF EC API
5634 ******************************************************************************/
5635
5636#endif /* !WOLFSSL_PK_EC_INCLUDED */
5637