version 1.93, 2010/09/09 10:45:45 |
version 1.94, 2010/10/28 11:22:09 |
|
|
} |
} |
} |
} |
|
|
/* |
|
* This is horrid, but OpenSSL's PEM_read_PrivateKey seems not to restore |
|
* the EC_GROUP nid when loading a key... |
|
*/ |
|
int |
int |
key_ecdsa_group_to_nid(const EC_GROUP *g) |
key_ecdsa_key_to_nid(EC_KEY *k) |
{ |
{ |
EC_GROUP *eg; |
EC_GROUP *eg; |
int nids[] = { |
int nids[] = { |
|
|
NID_secp521r1, |
NID_secp521r1, |
-1 |
-1 |
}; |
}; |
|
int nid; |
u_int i; |
u_int i; |
BN_CTX *bnctx; |
BN_CTX *bnctx; |
|
const EC_GROUP *g = EC_KEY_get0_group(k); |
|
|
|
/* |
|
* The group may be stored in a ASN.1 encoded private key in one of two |
|
* ways: as a "named group", which is reconstituted by ASN.1 object ID |
|
* or explicit group parameters encoded into the key blob. Only the |
|
* "named group" case sets the group NID for us, but we can figure |
|
* it out for the other case by comparing against all the groups that |
|
* are supported. |
|
*/ |
|
if ((nid = EC_GROUP_get_curve_name(g)) > 0) |
|
return nid; |
if ((bnctx = BN_CTX_new()) == NULL) |
if ((bnctx = BN_CTX_new()) == NULL) |
fatal("%s: BN_CTX_new() failed", __func__); |
fatal("%s: BN_CTX_new() failed", __func__); |
for (i = 0; nids[i] != -1; i++) { |
for (i = 0; nids[i] != -1; i++) { |
if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) |
if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL) |
fatal("%s: EC_GROUP_new_by_curve_name failed", |
fatal("%s: EC_GROUP_new_by_curve_name failed", |
__func__); |
__func__); |
if (EC_GROUP_cmp(g, eg, bnctx) == 0) { |
if (EC_GROUP_cmp(g, eg, bnctx) == 0) |
EC_GROUP_free(eg); |
|
break; |
break; |
} |
|
EC_GROUP_free(eg); |
EC_GROUP_free(eg); |
} |
} |
BN_CTX_free(bnctx); |
BN_CTX_free(bnctx); |
debug3("%s: nid = %d", __func__, nids[i]); |
debug3("%s: nid = %d", __func__, nids[i]); |
|
if (nids[i] != -1) { |
|
/* Use the group with the NID attached */ |
|
EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE); |
|
if (EC_KEY_set_group(k, eg) != 1) |
|
fatal("%s: EC_KEY_set_group", __func__); |
|
} |
return nids[i]; |
return nids[i]; |
} |
} |
|
|
|
|
fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
if (EC_KEY_generate_key(private) != 1) |
if (EC_KEY_generate_key(private) != 1) |
fatal("%s: EC_KEY_generate_key failed", __func__); |
fatal("%s: EC_KEY_generate_key failed", __func__); |
|
EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); |
return private; |
return private; |
} |
} |
|
|