diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-03-17 10:14:29 +0100 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-03-17 10:14:29 +0100 |
commit | 329e2fd992fa07561cc1b4847ab096f1b78071d6 (patch) | |
tree | 09db781035acd3d6635b3a303413e4774e059ca8 /cmd/lib | |
parent | 8451910f162ab2cf949fd2a7bc5c90700cf566f5 (diff) | |
download | nss-hg-329e2fd992fa07561cc1b4847ab096f1b78071d6.tar.gz |
Bug 1347975 - use bytes for curve parameter definitions, r=ttaubert
Diffstat (limited to 'cmd/lib')
-rw-r--r-- | cmd/lib/basicutil.c | 90 | ||||
-rw-r--r-- | cmd/lib/basicutil.h | 3 | ||||
-rw-r--r-- | cmd/lib/secutil.h | 6 |
3 files changed, 94 insertions, 5 deletions
diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c index 8b491d7cf..de56fbdd9 100644 --- a/cmd/lib/basicutil.c +++ b/cmd/lib/basicutil.c @@ -774,3 +774,93 @@ SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) return item; } + +/* mapping between ECCurveName enum and SECOidTags */ +static SECOidTag ecCurve_oid_map[] = { + SEC_OID_UNKNOWN, /* ECCurve_noName */ + SEC_OID_ANSIX962_EC_PRIME192V1, /* ECCurve_NIST_P192 */ + SEC_OID_SECG_EC_SECP224R1, /* ECCurve_NIST_P224 */ + SEC_OID_ANSIX962_EC_PRIME256V1, /* ECCurve_NIST_P256 */ + SEC_OID_SECG_EC_SECP384R1, /* ECCurve_NIST_P384 */ + SEC_OID_SECG_EC_SECP521R1, /* ECCurve_NIST_P521 */ + SEC_OID_SECG_EC_SECT163K1, /* ECCurve_NIST_K163 */ + SEC_OID_SECG_EC_SECT163R1, /* ECCurve_NIST_B163 */ + SEC_OID_SECG_EC_SECT233K1, /* ECCurve_NIST_K233 */ + SEC_OID_SECG_EC_SECT233R1, /* ECCurve_NIST_B233 */ + SEC_OID_SECG_EC_SECT283K1, /* ECCurve_NIST_K283 */ + SEC_OID_SECG_EC_SECT283R1, /* ECCurve_NIST_B283 */ + SEC_OID_SECG_EC_SECT409K1, /* ECCurve_NIST_K409 */ + SEC_OID_SECG_EC_SECT409R1, /* ECCurve_NIST_B409 */ + SEC_OID_SECG_EC_SECT571K1, /* ECCurve_NIST_K571 */ + SEC_OID_SECG_EC_SECT571R1, /* ECCurve_NIST_B571 */ + SEC_OID_ANSIX962_EC_PRIME192V2, + SEC_OID_ANSIX962_EC_PRIME192V3, + SEC_OID_ANSIX962_EC_PRIME239V1, + SEC_OID_ANSIX962_EC_PRIME239V2, + SEC_OID_ANSIX962_EC_PRIME239V3, + SEC_OID_ANSIX962_EC_C2PNB163V1, + SEC_OID_ANSIX962_EC_C2PNB163V2, + SEC_OID_ANSIX962_EC_C2PNB163V3, + SEC_OID_ANSIX962_EC_C2PNB176V1, + SEC_OID_ANSIX962_EC_C2TNB191V1, + SEC_OID_ANSIX962_EC_C2TNB191V2, + SEC_OID_ANSIX962_EC_C2TNB191V3, + SEC_OID_ANSIX962_EC_C2PNB208W1, + SEC_OID_ANSIX962_EC_C2TNB239V1, + SEC_OID_ANSIX962_EC_C2TNB239V2, + SEC_OID_ANSIX962_EC_C2TNB239V3, + SEC_OID_ANSIX962_EC_C2PNB272W1, + SEC_OID_ANSIX962_EC_C2PNB304W1, + SEC_OID_ANSIX962_EC_C2TNB359V1, + SEC_OID_ANSIX962_EC_C2PNB368W1, + SEC_OID_ANSIX962_EC_C2TNB431R1, + SEC_OID_SECG_EC_SECP112R1, + SEC_OID_SECG_EC_SECP112R2, + SEC_OID_SECG_EC_SECP128R1, + SEC_OID_SECG_EC_SECP128R2, + SEC_OID_SECG_EC_SECP160K1, + SEC_OID_SECG_EC_SECP160R1, + SEC_OID_SECG_EC_SECP160R2, + SEC_OID_SECG_EC_SECP192K1, + SEC_OID_SECG_EC_SECP224K1, + SEC_OID_SECG_EC_SECP256K1, + SEC_OID_SECG_EC_SECT113R1, + SEC_OID_SECG_EC_SECT113R2, + SEC_OID_SECG_EC_SECT131R1, + SEC_OID_SECG_EC_SECT131R2, + SEC_OID_SECG_EC_SECT163R1, + SEC_OID_SECG_EC_SECT193R1, + SEC_OID_SECG_EC_SECT193R2, + SEC_OID_SECG_EC_SECT239K1, + SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */ + SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */ + SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */ + SEC_OID_CURVE25519, + SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */ +}; + +SECStatus +SECU_ecName2params(ECCurveName curve, SECItem *params) +{ + SECOidData *oidData = NULL; + + if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve) || + ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + } + + if (SECITEM_AllocItem(NULL, params, (2 + oidData->oid.len)) == NULL) { + return SECFailure; + } + /* + * params->data needs to contain the ASN encoding of an object ID (OID) + * representing the named curve. The actual OID is in + * oidData->oid.data so we simply prepend 0x06 and OID length + */ + params->data[0] = SEC_ASN1_OBJECT_ID; + params->data[1] = oidData->oid.len; + memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); + + return SECSuccess; +} diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h index 4b3d5ff36..de8c1b01e 100644 --- a/cmd/lib/basicutil.h +++ b/cmd/lib/basicutil.h @@ -13,6 +13,7 @@ #include "base64.h" #include "secasn1.h" #include "secder.h" +#include "ecl-exp.h" #include <stdio.h> #ifdef SECUTIL_NEW @@ -86,6 +87,8 @@ SECU_SECItemHexStringToBinary(SECItem *srcdest); extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str); +extern SECStatus SECU_ecName2params(ECCurveName curve, SECItem *params); + /* * * Utilities for parsing security tools command lines diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h index c121c55a7..fe07aca60 100644 --- a/cmd/lib/secutil.h +++ b/cmd/lib/secutil.h @@ -18,6 +18,7 @@ #include "basicutil.h" #include "sslerr.h" #include "sslt.h" +#include "blapi.h" #define SEC_CT_PRIVATE_KEY "private-key" #define SEC_CT_PUBLIC_KEY "public-key" @@ -402,11 +403,6 @@ SECStatus SECU_ParseSSLVersionRangeString(const char *input, const SSLVersionRange defaultVersionRange, SSLVersionRange *vrange); -/* -** Read a hex string into a SecItem. -*/ -extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, - const char *str); SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, unsigned int *enabledGroupsCount); |