diff options
Diffstat (limited to 'key.c')
| -rw-r--r-- | key.c | 47 |
1 files changed, 35 insertions, 12 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: key.c,v 1.92 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.93 2010/09/09 10:45:45 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * read_bignum(): | 3 | * read_bignum(): |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -978,17 +978,7 @@ key_size(const Key *k) | |||
| 978 | return BN_num_bits(k->dsa->p); | 978 | return BN_num_bits(k->dsa->p); |
| 979 | case KEY_ECDSA: | 979 | case KEY_ECDSA: |
| 980 | case KEY_ECDSA_CERT: | 980 | case KEY_ECDSA_CERT: |
| 981 | switch (k->ecdsa_nid) { | 981 | return key_curve_nid_to_bits(k->ecdsa_nid); |
| 982 | case NID_X9_62_prime256v1: | ||
| 983 | return 256; | ||
| 984 | case NID_secp384r1: | ||
| 985 | return 384; | ||
| 986 | case NID_secp521r1: | ||
| 987 | return 521; | ||
| 988 | default: | ||
| 989 | break; | ||
| 990 | } | ||
| 991 | break; | ||
| 992 | } | 982 | } |
| 993 | return 0; | 983 | return 0; |
| 994 | } | 984 | } |
| @@ -1961,6 +1951,7 @@ key_cert_is_legacy(Key *k) | |||
| 1961 | } | 1951 | } |
| 1962 | } | 1952 | } |
| 1963 | 1953 | ||
| 1954 | /* XXX: these are really begging for a table-driven approach */ | ||
| 1964 | int | 1955 | int |
| 1965 | key_curve_name_to_nid(const char *name) | 1956 | key_curve_name_to_nid(const char *name) |
| 1966 | { | 1957 | { |
| @@ -1975,6 +1966,22 @@ key_curve_name_to_nid(const char *name) | |||
| 1975 | return -1; | 1966 | return -1; |
| 1976 | } | 1967 | } |
| 1977 | 1968 | ||
| 1969 | u_int | ||
| 1970 | key_curve_nid_to_bits(int nid) | ||
| 1971 | { | ||
| 1972 | switch (nid) { | ||
| 1973 | case NID_X9_62_prime256v1: | ||
| 1974 | return 256; | ||
| 1975 | case NID_secp384r1: | ||
| 1976 | return 384; | ||
| 1977 | case NID_secp521r1: | ||
| 1978 | return 521; | ||
| 1979 | default: | ||
| 1980 | error("%s: unsupported EC curve nid %d", __func__, nid); | ||
| 1981 | return 0; | ||
| 1982 | } | ||
| 1983 | } | ||
| 1984 | |||
| 1978 | const char * | 1985 | const char * |
| 1979 | key_curve_nid_to_name(int nid) | 1986 | key_curve_nid_to_name(int nid) |
| 1980 | { | 1987 | { |
| @@ -1989,6 +1996,22 @@ key_curve_nid_to_name(int nid) | |||
| 1989 | return NULL; | 1996 | return NULL; |
| 1990 | } | 1997 | } |
| 1991 | 1998 | ||
| 1999 | const EVP_MD * | ||
| 2000 | key_ec_nid_to_evpmd(int nid) | ||
| 2001 | { | ||
| 2002 | int kbits = key_curve_nid_to_bits(nid); | ||
| 2003 | |||
| 2004 | if (kbits == 0) | ||
| 2005 | fatal("%s: invalid nid %d", __func__, nid); | ||
| 2006 | /* RFC5656 section 6.2.1 */ | ||
| 2007 | if (kbits <= 256) | ||
| 2008 | return EVP_sha256(); | ||
| 2009 | else if (kbits <= 384) | ||
| 2010 | return EVP_sha384(); | ||
| 2011 | else | ||
| 2012 | return EVP_sha512(); | ||
| 2013 | } | ||
| 2014 | |||
| 1992 | int | 2015 | int |
| 1993 | key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) | 2016 | key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) |
| 1994 | { | 2017 | { |