From 647dde211f8c515045066f9e46a10f789b8b665a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 9 Feb 2009 17:16:14 +0000 Subject: [PATCH] more bits for ecdsa signing git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24660 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/crypto.c | 55 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index aeb3231d0..f21429619 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -308,6 +308,9 @@ ecdsa_create_signature(hx509_context context, unsigned int siglen; int ret; + if (der_heim_oid_cmp((signer->ops->key_oid)(), oid_id_ecPublicKey()) != 0) + return HX509_ALG_NOT_SUPP; + sig_oid = (*sig_alg->sig_oid)(); if (der_heim_oid_cmp(sig_oid, oid_id_ecdsa_with_SHA256()) == 0) { @@ -499,6 +502,9 @@ rsa_create_signature(hx509_context context, size_t size; int ret; + if (der_heim_oid_cmp((signer->ops->key_oid)(), oid_id_pkcs1_rsaEncryption()) != 0) + return HX509_ALG_NOT_SUPP; + if (alg) sig_oid = &alg->algorithm; else @@ -765,7 +771,18 @@ ecdsa_private_key_import(hx509_context context, size_t len, hx509_private_key private_key) { - return ENOMEM; + const unsigned char *p = data; + + private_key->private_key.ecdsa = + d2i_ECPrivateKey(NULL, &p, len); + if (private_key->private_key.ecdsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse EC private key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = oid_id_ecdsa_with_SHA256(); + + return 0; } static int @@ -787,7 +804,7 @@ ecdsa_get_internal(hx509_context context, static hx509_private_key_ops ecdsa_private_key_ops = { "EC PRIVATE KEY", - oid_id_pkcs1_rsaEncryption, + oid_id_ecPublicKey, ecdsa_private_key2SPKI, ecdsa_private_key_export, ecdsa_private_key_import, @@ -1729,6 +1746,11 @@ const AlgorithmIdentifier _hx509_signature_md2_data = { { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid) }; +static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 }; +const AlgorithmIdentifier _hx509_signature_ecPublicKey = { + { 6, rk_UNCONST(ecPublicKey) }, NULL +}; + static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 }; const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = { { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL @@ -1818,6 +1840,10 @@ const AlgorithmIdentifier * hx509_signature_md2(void) { return &_hx509_signature_md2_data; } +const AlgorithmIdentifier * +hx509_signature_ecPublicKey(void) +{ return &_hx509_signature_ecPublicKey; } + const AlgorithmIdentifier * hx509_signature_ecdsa_with_sha256(void) { return &_hx509_signature_ecdsa_with_sha256_data; } @@ -1927,8 +1953,13 @@ _hx509_private_key_free(hx509_private_key *key) if (--(*key)->ref > 0) return 0; - if ((*key)->private_key.rsa) - RSA_free((*key)->private_key.rsa); + if (der_heim_oid_cmp(((*key)->ops->key_oid)(), oid_id_pkcs1_rsaEncryption()) == 0) { + if ((*key)->private_key.rsa) + RSA_free((*key)->private_key.rsa); + } else if (der_heim_oid_cmp(((*key)->ops->key_oid)(), oid_id_ecPublicKey()) == 0) { + if ((*key)->private_key.ecdsa) + EC_KEY_free((*key)->private_key.ecdsa); + } (*key)->private_key.rsa = NULL; free(*key); *key = NULL; @@ -2777,8 +2808,8 @@ out: */ -int -_hx509_match_keys(hx509_cert c, hx509_private_key private_key) +static int +match_keys_rsa(hx509_cert c, hx509_private_key private_key) { const Certificate *cert; const SubjectPublicKeyInfo *spi; @@ -2833,6 +2864,18 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key) return ret == 1; } +int +_hx509_match_keys(hx509_cert c, hx509_private_key key) +{ + if (der_heim_oid_cmp((key->ops->key_oid)(), oid_id_pkcs1_rsaEncryption()) == 0) + return match_keys_rsa(c, key); + if (der_heim_oid_cmp((key->ops->key_oid)(), oid_id_ecPublicKey()) == 0) + return 1; /* XXX */ + return 0; + +} + + static const heim_oid * find_keytype(const hx509_private_key key) {