diff options
Diffstat (limited to 'lib/algorithms')
-rw-r--r-- | lib/algorithms/ecc.c | 21 | ||||
-rw-r--r-- | lib/algorithms/publickey.c | 1 | ||||
-rw-r--r-- | lib/algorithms/sign.c | 3 |
3 files changed, 21 insertions, 4 deletions
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 9d0c584b0a..bac5466c99 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -77,6 +77,14 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .pk = GNUTLS_PK_ECDHX, .size = 32, }, + { + .name = "Ed25519ph", + .oid = "1.3.101.112", + .id = GNUTLS_ECC_CURVE_ED25519PH, + .pk = GNUTLS_PK_EDDSA, + .size = 32, + .sig_size = 64 + }, {0, 0, 0} }; @@ -159,7 +167,7 @@ gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const char *oid) gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; GNUTLS_ECC_CURVE_LOOP( - if (strcasecmp(p->oid, oid) == 0 && _gnutls_pk_curve_exists(p->id)) { + if (p->oid != NULL && strcasecmp(p->oid, oid) == 0 && _gnutls_pk_curve_exists(p->id)) { ret = p->id; break; } @@ -200,12 +208,17 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) * Returns: return a #gnutls_ecc_curve_t value corresponding to * the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error. -*/ -gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits) +gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits) { - gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP256R1; + gnutls_ecc_curve_t ret; + + if (pk == GNUTLS_PK_ECDSA) + ret = GNUTLS_ECC_CURVE_SECP256R1; + else + ret = GNUTLS_ECC_CURVE_ED25519PH; GNUTLS_ECC_CURVE_LOOP( - if (8 * p->size >= bits && _gnutls_pk_curve_exists(p->id)) { + if (pk == p->pk && 8 * p->size >= (unsigned)bits && _gnutls_pk_curve_exists(p->id)) { ret = p->id; break; } diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index c70187736f..2f0bc6b501 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -97,6 +97,7 @@ static const gnutls_pk_entry pk_algorithms[] = { {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, {"EC/ECDSA", "1.2.840.10045.2.1", GNUTLS_PK_ECDSA}, + {"EdDSA", "1.3.101.100", GNUTLS_PK_EDDSA}, {"DH", NULL, GNUTLS_PK_DH}, {"ECDHX", NULL, GNUTLS_PK_ECDHX}, {0, 0, 0} diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 6107c44435..5d62ab643b 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -106,6 +106,9 @@ static const gnutls_sign_entry sign_algorithms[] = { {"ECDSA-SHA3-512", SIG_ECDSA_SHA3_512_OID, GNUTLS_SIGN_ECDSA_SHA3_512, GNUTLS_PK_EC, GNUTLS_DIG_SHA3_512, TLS_SIGN_AID_UNKNOWN}, + {"EdDSA-SHA2-512", SIG_EDDSA_SHA512_OID, GNUTLS_SIGN_EDDSA_SHA512, + GNUTLS_PK_EDDSA, GNUTLS_DIG_SHA512, TLS_SIGN_AID_UNKNOWN}, + {"RSA-SHA3-224", SIG_RSA_SHA3_224_OID, GNUTLS_SIGN_RSA_SHA3_224, GNUTLS_PK_RSA, GNUTLS_DIG_SHA3_224, TLS_SIGN_AID_UNKNOWN}, {"RSA-SHA3-256", SIG_RSA_SHA3_256_OID, GNUTLS_SIGN_RSA_SHA3_256, |