1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/ec/ec_check.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "ec_lcl.h" 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 0; 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *order; 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *new_ctx = NULL; 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT *point = NULL; 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx = new_ctx = BN_CTX_new(); 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((order = BN_CTX_get(ctx)) == NULL) goto err; 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check the discriminant */ 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_check_discriminant(group, ctx)) 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check the generator */ 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (group->generator == NULL) 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_on_curve(group, group->generator, ctx)) 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check the order of the generator */ 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((point = EC_POINT_new(group)) == NULL) goto err; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_GROUP_get_order(group, order, ctx)) goto err; 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(order)) 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!EC_POINT_is_at_infinity(group, point)) 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (new_ctx != NULL) 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(new_ctx); 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (point) 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_POINT_free(point); 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 124