diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-20 10:11:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-20 10:13:23 +0200 |
commit | 8ee1fb73c8284bfd2105d7258d217d1f6fbb3696 (patch) | |
tree | ef96b953a3e34b00e15a6aeb362922dd776cf747 | |
parent | 96f2e1923a8c32dcfe21e6a7b64b5861f4f31bdf (diff) | |
download | gnutls-8ee1fb73c8284bfd2105d7258d217d1f6fbb3696.tar.gz |
ECC export/import: updated documentation on EdDSA curves
This clarifies the format that parameters in the EdDSA curves
will be returned, and also ensures that the import/export
functions fail on unsupported curves.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms.h | 3 | ||||
-rw-r--r-- | lib/pk.c | 7 | ||||
-rw-r--r-- | lib/privkey_raw.c | 17 | ||||
-rw-r--r-- | lib/pubkey.c | 13 | ||||
-rw-r--r-- | lib/x509/privkey.c | 9 |
5 files changed, 36 insertions, 13 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 46faa8d378..880e6b9c90 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -426,9 +426,8 @@ gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid, gnutls_ecc_cu inline static int _curve_is_eddsa(const gnutls_ecc_curve_entry_st * e) { - size_t ret = 0; if (unlikely(e == NULL)) - return ret; + return 0; if (e->pk == GNUTLS_PK_EDDSA_ED25519) return 1; return 0; @@ -1014,6 +1014,7 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; + const gnutls_ecc_curve_entry_st *e; if (flags & GNUTLS_EXPORT_FLAG_NO_LZ) dprint = _gnutls_mpi_dprint; @@ -1026,7 +1027,9 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, if (curve) *curve = params->curve; - if (curve_is_eddsa(params->curve)) { + e = _gnutls_ecc_curve_get_params(params->curve); + + if (_curve_is_eddsa(e)) { if (x) { ret = _gnutls_set_datum(x, params->raw_pub.data, params->raw_pub.size); if (ret < 0) { @@ -1050,6 +1053,8 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, return 0; } + if (unlikely(e == NULL || e->pk != GNUTLS_PK_ECDSA)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); /* X */ if (x) { diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c index c78c6b71f8..4db22d84b4 100644 --- a/lib/privkey_raw.c +++ b/lib/privkey_raw.c @@ -199,6 +199,9 @@ int ret; * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.3.0 @@ -226,6 +229,9 @@ gnutls_privkey_export_ecc_raw(gnutls_privkey_t key, * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.0 @@ -430,6 +436,9 @@ error: * native #gnutls_privkey_t format. The output will be stored * in @key. * + * In EdDSA curves the @y parameter should be %NULL and the @x parameter must + * be the value in the native format for the curve. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -437,10 +446,10 @@ error: **/ int gnutls_privkey_import_ecc_raw(gnutls_privkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, - const gnutls_datum_t * y, - const gnutls_datum_t * k) + gnutls_ecc_curve_t curve, + const gnutls_datum_t * x, + const gnutls_datum_t * y, + const gnutls_datum_t * k) { int ret; gnutls_x509_privkey_t xkey; diff --git a/lib/pubkey.c b/lib/pubkey.c index 34aea10ad8..8959fe1c10 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -827,7 +827,9 @@ gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, * This function will export the ECC public key's parameters found in * the given key. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. - * For EdDSA public keys, @y will be set to %NULL. + * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. * * This function allows for %NULL parameters since 3.4.1. * @@ -855,6 +857,9 @@ gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, * the given key. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. + * * This function allows for %NULL parameters since 3.4.1. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. @@ -1385,8 +1390,10 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, * @y: holds the y * * This function will convert the given elliptic curve parameters to a - * #gnutls_pubkey_t. The output will be stored in @key. For EdDSA - * keys the @y parameter should be %NULL. + * #gnutls_pubkey_t. The output will be stored in @key. + * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index c018f6dc97..562ad418d0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1088,7 +1088,8 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, * * This function will convert the given elliptic curve parameters to the * native #gnutls_x509_privkey_t format. The output will be stored - * in @key. For EdDSA keys, the @x and @k values will be read. + * in @key. For EdDSA keys, the @x and @k values must be in the + * native to curve format. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -1530,7 +1531,9 @@ gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key) * This function will export the ECC private key's parameters found * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. - * For EdDSA keys, the @y value should be %NULL. + * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -1552,7 +1555,7 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, } /** - * gnutls_x509_privkey_export_ecc_raw: + * gnutls_x509_privkey_export_gost_raw: * @key: a key * @curve: will hold the curve * @digest: will hold the digest |