oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Support parsing keys that have the group parameter include in the

Browse Source 
EC_PrivateKey block. PKCS8's -- PRIVATE KEY -- vs PEM's -- EC PRIVATE KEY --

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25221 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-05-25 23:43:26 +00:00
parent 1eca860a46
commit 6dc1f7bb98
1 changed files with 47 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
lib/hx509/crypto.c
View File

@@ -296,26 +296,41 @@ heim_oid2ecnid(heim_oid *oid)
} }
static int static int
parse_ECParameters(heim_octet_string *parameters, int *nid) parse_ECParameters(hx509_context context,
heim_octet_string *parameters, int *nid)
{ {
ECParameters ecparam; ECParameters ecparam;
size_t size; size_t size;
int ret; int ret;
if (parameters == NULL) {
hx509_set_error_string(context, 0, ret,
"EC parameters missing");
return HX509_PARSING_KEY_FAILED;
}
ret = decode_ECParameters(parameters->data, parameters->length, ret = decode_ECParameters(parameters->data, parameters->length,
&ecparam, &size); &ecparam, &size);
if (ret) if (ret) {
hx509_set_error_string(context, 0, ret,
"Failed to decode EC parameters");
return ret; return ret;
}
if (ecparam.element != choice_ECParameters_namedCurve) { if (ecparam.element != choice_ECParameters_namedCurve) {
free_ECParameters(&ecparam); free_ECParameters(&ecparam);
hx509_set_error_string(context, 0, ret,
"EC parameters is not a named curve");
return HX509_CRYPTO_SIG_INVALID_FORMAT; return HX509_CRYPTO_SIG_INVALID_FORMAT;
} }
*nid = heim_oid2ecnid(&ecparam.u.namedCurve); *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
free_ECParameters(&ecparam); free_ECParameters(&ecparam);
if (*nid == -1) if (*nid == -1) {
hx509_set_error_string(context, 0, ret,
"Failed to find matcing NID for EC curve");
return HX509_CRYPTO_SIG_INVALID_FORMAT; return HX509_CRYPTO_SIG_INVALID_FORMAT;
}
return 0; return 0;
} }
@@ -357,8 +372,7 @@ ecdsa_verify_signature(hx509_context context,
/* set up EC KEY */ /* set up EC KEY */
spi = &signer->tbsCertificate.subjectPublicKeyInfo; spi = &signer->tbsCertificate.subjectPublicKeyInfo;
if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0 || if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0)
spi->algorithm.parameters == NULL)
return HX509_CRYPTO_SIG_INVALID_FORMAT; return HX509_CRYPTO_SIG_INVALID_FORMAT;
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
@@ -366,7 +380,7 @@ ecdsa_verify_signature(hx509_context context,
* Find the group id * Find the group id
*/ */
ret = parse_ECParameters(spi->algorithm.parameters, &groupnid); ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
if (ret) { if (ret) {
der_free_octet_string(&digest); der_free_octet_string(&digest);
return ret; return ret;
@@ -936,15 +950,15 @@ ecdsa_private_key_import(hx509_context context,
hx509_private_key private_key) hx509_private_key private_key)
{ {
const unsigned char *p = data; const unsigned char *p = data;
EC_KEY **pkey = NULL;
if (keyai->parameters) {
EC_GROUP *group; EC_GROUP *group;
EC_KEY *key;
int groupnid; int groupnid;
EC_KEY *key;
int ret; int ret;
if (keyai->parameters == NULL) ret = parse_ECParameters(context, keyai->parameters, &groupnid);
return HX509_PARSING_KEY_FAILED;
ret = parse_ECParameters(keyai->parameters, &groupnid);
if (ret) if (ret)
return ret; return ret;
@@ -964,9 +978,10 @@ ecdsa_private_key_import(hx509_context context,
return ENOMEM; return ENOMEM;
} }
EC_GROUP_free(group); EC_GROUP_free(group);
pkey = &key;
}
private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
private_key->private_key.ecdsa = d2i_ECPrivateKey(&key, &p, len);
if (private_key->private_key.ecdsa == NULL) { if (private_key->private_key.ecdsa == NULL) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
"Failed to parse EC private key"); "Failed to parse EC private key");