diff options
Diffstat (limited to 'key.c')
-rw-r--r-- | key.c | 47 |
1 files changed, 35 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.92 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.93 2010/09/09 10:45:45 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -978,17 +978,7 @@ key_size(const Key *k) | |||
978 | return BN_num_bits(k->dsa->p); | 978 | return BN_num_bits(k->dsa->p); |
979 | case KEY_ECDSA: | 979 | case KEY_ECDSA: |
980 | case KEY_ECDSA_CERT: | 980 | case KEY_ECDSA_CERT: |
981 | switch (k->ecdsa_nid) { | 981 | return key_curve_nid_to_bits(k->ecdsa_nid); |
982 | case NID_X9_62_prime256v1: | ||
983 | return 256; | ||
984 | case NID_secp384r1: | ||
985 | return 384; | ||
986 | case NID_secp521r1: | ||
987 | return 521; | ||
988 | default: | ||
989 | break; | ||
990 | } | ||
991 | break; | ||
992 | } | 982 | } |
993 | return 0; | 983 | return 0; |
994 | } | 984 | } |
@@ -1961,6 +1951,7 @@ key_cert_is_legacy(Key *k) | |||
1961 | } | 1951 | } |
1962 | } | 1952 | } |
1963 | 1953 | ||
1954 | /* XXX: these are really begging for a table-driven approach */ | ||
1964 | int | 1955 | int |
1965 | key_curve_name_to_nid(const char *name) | 1956 | key_curve_name_to_nid(const char *name) |
1966 | { | 1957 | { |
@@ -1975,6 +1966,22 @@ key_curve_name_to_nid(const char *name) | |||
1975 | return -1; | 1966 | return -1; |
1976 | } | 1967 | } |
1977 | 1968 | ||
1969 | u_int | ||
1970 | key_curve_nid_to_bits(int nid) | ||
1971 | { | ||
1972 | switch (nid) { | ||
1973 | case NID_X9_62_prime256v1: | ||
1974 | return 256; | ||
1975 | case NID_secp384r1: | ||
1976 | return 384; | ||
1977 | case NID_secp521r1: | ||
1978 | return 521; | ||
1979 | default: | ||
1980 | error("%s: unsupported EC curve nid %d", __func__, nid); | ||
1981 | return 0; | ||
1982 | } | ||
1983 | } | ||
1984 | |||
1978 | const char * | 1985 | const char * |
1979 | key_curve_nid_to_name(int nid) | 1986 | key_curve_nid_to_name(int nid) |
1980 | { | 1987 | { |
@@ -1989,6 +1996,22 @@ key_curve_nid_to_name(int nid) | |||
1989 | return NULL; | 1996 | return NULL; |
1990 | } | 1997 | } |
1991 | 1998 | ||
1999 | const EVP_MD * | ||
2000 | key_ec_nid_to_evpmd(int nid) | ||
2001 | { | ||
2002 | int kbits = key_curve_nid_to_bits(nid); | ||
2003 | |||
2004 | if (kbits == 0) | ||
2005 | fatal("%s: invalid nid %d", __func__, nid); | ||
2006 | /* RFC5656 section 6.2.1 */ | ||
2007 | if (kbits <= 256) | ||
2008 | return EVP_sha256(); | ||
2009 | else if (kbits <= 384) | ||
2010 | return EVP_sha384(); | ||
2011 | else | ||
2012 | return EVP_sha512(); | ||
2013 | } | ||
2014 | |||
1992 | int | 2015 | int |
1993 | key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) | 2016 | key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) |
1994 | { | 2017 | { |