[gcr/ecc: 6/10] WIP OpenSSH support for ECDSA



commit 8018147498f5076a10f2634378a54c80bb3078fc
Author: Stef Walter <stefw redhat com>
Date:   Thu Apr 17 07:14:41 2014 +0200

    WIP OpenSSH support for ECDSA

 gcr/gcr-openssh.c |   64 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 64 insertions(+), 0 deletions(-)
---
diff --git a/gcr/gcr-openssh.c b/gcr/gcr-openssh.c
index b8a0b39..f4ca9dc 100644
--- a/gcr/gcr-openssh.c
+++ b/gcr/gcr-openssh.c
@@ -25,6 +25,10 @@
 #include "gcr-internal.h"
 #include "gcr-types.h"
 
+#include "gcr/gcr-oids.h"
+
+#include "egg/egg-asn1x.h"
+#include "egg/egg-asn1-defs.h"
 #include "egg/egg-buffer.h"
 #include "egg/egg-decimal.h"
 
@@ -116,6 +120,8 @@ keytype_to_algo (const gchar *algo,
                return CKK_RSA;
        else if (match_word (algo, length, "ssh-dss"))
                return CKK_DSA;
+       else if (match_word (algo, length, "ssh-ecdsa"))
+               return CKK_ECDSA;
        return G_MAXULONG;
 }
 
@@ -291,6 +297,61 @@ read_v2_public_rsa (EggBuffer *buffer,
 }
 
 static gboolean
+read_v2_public_ecdsa (EggBuffer *buffer,
+                      gsize *offset,
+                      GckBuilder *builder)
+{
+       gconstpointer data;
+       GBytes *bytes;
+       gboolean ret;
+       GNode *asn;
+       gchar *curve;
+       GQuark oid;
+       gsize len;
+
+       /* The named curve */
+       if (!egg_buffer_get_string (buffer, *offset, offset,
+                                   &curve, (EggBufferAllocator)g_realloc))
+               return FALSE;
+
+       if (g_strcmp0 (curve, "nistp256") == 0) {
+               oid = GCR_OID_EC_SECP256R1;
+       } else if (g_strcmp0 (curve, "nistp384") == 0) {
+               oid = GCR_OID_EC_SECP384R1;
+       } else if (g_strcmp0 (curve, "nistp521") == 0) {
+               oid = GCR_OID_EC_SECP521R1;
+       } else {
+               g_free (curve);
+               g_message ("unknown or unsupported curve in ssh public key");
+               return FALSE;
+       }
+
+       g_free (curve);
+
+       asn = egg_asn1x_create (pk_asn1_tab, "ECParameters");
+       g_return_val_if_fail (asn != NULL, FALSE);
+
+       ret = egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "namedCurve", NULL), oid);
+       g_return_val_if_fail (ret == TRUE, FALSE);
+
+       bytes = egg_asn1x_encode (asn, g_realloc);
+       g_return_val_if_fail (bytes != NULL, FALSE);
+       egg_asn1x_destroy (asn);
+
+       data = g_bytes_get_data (bytes, &len);
+       gck_builder_add_data (builder, CKA_EC_PARAMS, data, len);
+       g_bytes_unref (bytes);
+
+       if (!read_buffer_mpi (buffer, offset, builder, CKA_EC_POINT))
+               return FALSE;
+
+       gck_builder_add_ulong (builder, CKA_KEY_TYPE, CKK_ECDSA);
+       gck_builder_add_ulong (builder, CKA_CLASS, CKO_PUBLIC_KEY);
+
+       return TRUE;
+}
+
+static gboolean
 read_v2_public_key (gulong algo,
                     gconstpointer data,
                     gsize n_data,
@@ -326,6 +387,9 @@ read_v2_public_key (gulong algo,
        case CKK_DSA:
                ret = read_v2_public_dsa (&buffer, &offset, builder);
                break;
+       case CKK_ECDSA:
+               ret = read_v2_public_ecdsa (&buffer, &offset, builder);
+               break;
        default:
                g_assert_not_reached ();
                break;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]