|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include <algorithms.h>
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <x509/common.h>
|
|
Packit Service |
4684c1 |
#include <pk.h>
|
|
Packit Service |
4684c1 |
#include "c-strcase.h"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Supported ECC curves
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static SYSTEM_CONFIG_OR_CONST
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_entry_st ecc_curves[] = {
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_NON_SUITEB_CURVES
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "SECP192R1",
|
|
Packit Service |
4684c1 |
.oid = "1.2.840.10045.3.1.1",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_SECP192R1,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_SECP192R1,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit Service |
4684c1 |
.size = 24,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "SECP224R1",
|
|
Packit Service |
4684c1 |
.oid = "1.3.132.0.33",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_SECP224R1,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_SECP224R1,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit Service |
4684c1 |
.size = 28,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "SECP256R1",
|
|
Packit Service |
4684c1 |
.oid = "1.2.840.10045.3.1.7",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_SECP256R1,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_SECP256R1,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "SECP384R1",
|
|
Packit Service |
4684c1 |
.oid = "1.3.132.0.34",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_SECP384R1,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_SECP384R1,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit Service |
4684c1 |
.size = 48,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "SECP521R1",
|
|
Packit Service |
4684c1 |
.oid = "1.3.132.0.35",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_SECP521R1,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_SECP521R1,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit Service |
4684c1 |
.size = 66,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "X25519",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_X25519,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_X25519,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDH_X25519,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "Ed25519",
|
|
Packit Service |
4684c1 |
.oid = SIG_EDDSA_SHA512_OID,
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_ED25519,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_EDDSA_ED25519,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.sig_size = 64,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "X448",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_X448,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_ECDH_X448,
|
|
Packit Service |
4684c1 |
.size = 56,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "Ed448",
|
|
Packit Service |
4684c1 |
.oid = SIG_ED448_OID,
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_ED448,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_EDDSA_ED448,
|
|
Packit Service |
4684c1 |
.size = 57,
|
|
Packit Service |
4684c1 |
.sig_size = 114,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
#if ENABLE_GOST
|
|
Packit Service |
4684c1 |
/* Curves for usage in GOST digital signature algorithm (GOST R
|
|
Packit Service |
4684c1 |
* 34.10-2001/-2012) and key agreement (VKO GOST R 34.10-2001/-2012).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Historically CryptoPro has defined three 256-bit curves for use with
|
|
Packit Service |
4684c1 |
* digital signature algorithm (CryptoPro-A, -B, -C).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Also it has reissues two of them with different OIDs for key
|
|
Packit Service |
4684c1 |
* exchange (CryptoPro-XchA = CryptoPro-A and CryptoPro-XchB =
|
|
Packit Service |
4684c1 |
* CryptoPro-C).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Then TC26 (Standard comitee working on cryptographic standards) has
|
|
Packit Service |
4684c1 |
* defined one 256-bit curve (TC26-256-A) and three 512-bit curves
|
|
Packit Service |
4684c1 |
* (TC26-512-A, -B, -C).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* And finally TC26 has reissues original CryptoPro curves under their
|
|
Packit Service |
4684c1 |
* own OID namespace (TC26-256-B = CryptoPro-A, TC26-256-C =
|
|
Packit Service |
4684c1 |
* CryptoPro-B and TC26-256-D = CryptoPro-C).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* CryptoPro OIDs are usable for both GOST R 34.10-2001 and
|
|
Packit Service |
4684c1 |
* GOST R 34.10-2012 keys (thus they have GNUTLS_PK_UNKNOWN in this
|
|
Packit Service |
4684c1 |
* table).
|
|
Packit Service |
4684c1 |
* TC26 OIDs are usable only for GOST R 34.10-2012 keys.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "CryptoPro-A",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.2.2.35.1",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256CPA,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256B,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_UNKNOWN,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "CryptoPro-B",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.2.2.35.2",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256CPB,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256C,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_UNKNOWN,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "CryptoPro-C",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.2.2.35.3",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256CPC,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256D,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_UNKNOWN,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "CryptoPro-XchA",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.2.2.36.0",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256CPXA,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256B,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_UNKNOWN,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "CryptoPro-XchB",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.2.2.36.1",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256CPXB,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256D,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_UNKNOWN,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-256-A",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.1.1",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256A,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256A,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_256,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-256-B",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.1.2",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256B,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256B,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_256,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-256-C",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.1.3",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256C,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256C,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_256,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-256-D",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.1.4",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST256D,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC256D,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_256,
|
|
Packit Service |
4684c1 |
.size = 32,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-512-A",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.2.1",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST512A,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC512A,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_512,
|
|
Packit Service |
4684c1 |
.size = 64,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-512-B",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.2.2",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST512B,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC512B,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_512,
|
|
Packit Service |
4684c1 |
.size = 64,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
.name = "TC26-512-C",
|
|
Packit Service |
4684c1 |
.oid = "1.2.643.7.1.2.1.2.3",
|
|
Packit Service |
4684c1 |
.id = GNUTLS_ECC_CURVE_GOST512C,
|
|
Packit Service |
4684c1 |
.group = GNUTLS_GROUP_GC512C,
|
|
Packit Service |
4684c1 |
.pk = GNUTLS_PK_GOST_12_512,
|
|
Packit Service |
4684c1 |
.size = 64,
|
|
Packit Service |
4684c1 |
.gost_curve = 1,
|
|
Packit Service |
4684c1 |
.supported = 1,
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
{0, 0, 0}
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define GNUTLS_ECC_CURVE_LOOP(b) \
|
|
Packit Service |
4684c1 |
{ const gnutls_ecc_curve_entry_st *p; \
|
|
Packit Service |
4684c1 |
for(p = ecc_curves; p->name != NULL; p++) { b ; } }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_list:
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Get the list of supported elliptic curves.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function is not thread safe.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
|
|
Packit Service |
4684c1 |
* integers indicating the available curves.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (supported_curves[0] == 0) {
|
|
Packit Service |
4684c1 |
int i = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->supported && _gnutls_pk_curve_exists(p->id))
|
|
Packit Service |
4684c1 |
supported_curves[i++] = p->id;
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
supported_curves[i++] = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return supported_curves;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve && p->supported && _gnutls_pk_curve_exists(p->id))
|
|
Packit Service |
4684c1 |
return 1;
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_oid_to_ecc_curve:
|
|
Packit Service |
4684c1 |
* @oid: is a curve's OID
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: return a #gnutls_ecc_curve_t value corresponding to
|
|
Packit Service |
4684c1 |
* the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.4.3
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const char *oid)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->oid != NULL && c_strcasecmp(p->oid, oid) == 0 && p->supported &&
|
|
Packit Service |
4684c1 |
_gnutls_pk_curve_exists(p->id)) {
|
|
Packit Service |
4684c1 |
ret = p->id;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_get_id:
|
|
Packit Service |
4684c1 |
* @name: is a curve name
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The names are compared in a case insensitive way.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: return a #gnutls_ecc_curve_t value corresponding to
|
|
Packit Service |
4684c1 |
* the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.4.3
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (c_strcasecmp(p->name, name) == 0 && p->supported &&
|
|
Packit Service |
4684c1 |
_gnutls_pk_curve_exists(p->id)) {
|
|
Packit Service |
4684c1 |
ret = p->id;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_ecc_curve_mark_disabled(const char *name)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_entry_st *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for(p = ecc_curves; p->name != NULL; p++) {
|
|
Packit Service |
4684c1 |
if (c_strcasecmp(p->name, name) == 0) {
|
|
Packit Service |
4684c1 |
p->supported = 0;
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int _gnutls_ecc_pk_compatible(const gnutls_ecc_curve_entry_st *p,
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (!p->supported || !_gnutls_pk_curve_exists(p->id))
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_GOST_01 ||
|
|
Packit Service |
4684c1 |
pk == GNUTLS_PK_GOST_12_256)
|
|
Packit Service |
4684c1 |
return p->gost_curve && p->size == 32;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return pk == p->pk;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/*-
|
|
Packit Service |
4684c1 |
* _gnutls_ecc_bits_to_curve:
|
|
Packit Service |
4684c1 |
* @bits: is a security parameter in bits
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: return a #gnutls_ecc_curve_t value corresponding to
|
|
Packit Service |
4684c1 |
* the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error.
|
|
Packit Service |
4684c1 |
-*/
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_ECDSA)
|
|
Packit Service |
4684c1 |
ret = GNUTLS_ECC_CURVE_SECP256R1;
|
|
Packit Service |
4684c1 |
else if (pk == GNUTLS_PK_GOST_01 ||
|
|
Packit Service |
4684c1 |
pk == GNUTLS_PK_GOST_12_256)
|
|
Packit Service |
4684c1 |
ret = GNUTLS_ECC_CURVE_GOST256CPA;
|
|
Packit Service |
4684c1 |
else if (pk == GNUTLS_PK_GOST_12_512)
|
|
Packit Service |
4684c1 |
ret = GNUTLS_ECC_CURVE_GOST512A;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
ret = GNUTLS_ECC_CURVE_ED25519;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (_gnutls_ecc_pk_compatible(p, pk) && 8 * p->size >= (unsigned)bits) {
|
|
Packit Service |
4684c1 |
ret = p->id;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_get_name:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Convert a #gnutls_ecc_curve_t value to a string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: a string that contains the name of the specified
|
|
Packit Service |
4684c1 |
* curve or %NULL.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.0
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char *ret = NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve) {
|
|
Packit Service |
4684c1 |
ret = p->name;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_get_oid:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Convert a #gnutls_ecc_curve_t value to its object identifier.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: a string that contains the OID of the specified
|
|
Packit Service |
4684c1 |
* curve or %NULL.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.4.3
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
const char *gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char *ret = NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve) {
|
|
Packit Service |
4684c1 |
ret = p->oid;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/*-
|
|
Packit Service |
4684c1 |
* _gnutls_ecc_curve_get_params:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns the information on a curve.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL.
|
|
Packit Service |
4684c1 |
-*/
|
|
Packit Service |
4684c1 |
const gnutls_ecc_curve_entry_st
|
|
Packit Service |
4684c1 |
*_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const gnutls_ecc_curve_entry_st *ret = NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve) {
|
|
Packit Service |
4684c1 |
ret = p;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_get_size:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: the size in bytes of the curve or 0 on failure.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.0
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve) {
|
|
Packit Service |
4684c1 |
ret = p->size;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_ecc_curve_get_pk:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: the public key algorithm associated with the named curve or %GNUTLS_PK_UNKNOWN.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.5.0
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret = GNUTLS_PK_UNKNOWN;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve && p->supported) {
|
|
Packit Service |
4684c1 |
ret = p->pk;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* _gnutls_ecc_curve_get_group:
|
|
Packit Service |
4684c1 |
* @curve: is an ECC curve
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: the group associated with the named curve or %GNUTLS_GROUP_INVALID.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.6.11
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_group_t _gnutls_ecc_curve_get_group(gnutls_ecc_curve_t curve)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_group_t ret = GNUTLS_GROUP_INVALID;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GNUTLS_ECC_CURVE_LOOP(
|
|
Packit Service |
4684c1 |
if (p->id == curve && p->supported && _gnutls_pk_curve_exists(p->id)) {
|
|
Packit Service |
4684c1 |
ret = p->group;
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|