예제 #1
0
static krb5_error_code
get_ecdh_param(krb5_context context,
               krb5_kdc_configuration *config,
               SubjectPublicKeyInfo *dh_key_info,
               EC_KEY **out)
{
    ECParameters ecp;
    EC_KEY *public = NULL;
    krb5_error_code ret;
    const unsigned char *p;
    size_t len;
    int nid;

    if (dh_key_info->algorithm.parameters == NULL) {
	krb5_set_error_message(context, KRB5_BADMSGTYPE,
			       "PKINIT missing algorithm parameter "
			       "in clientPublicValue");
	return KRB5_BADMSGTYPE;
    }

    memset(&ecp, 0, sizeof(ecp));

    ret = decode_ECParameters(dh_key_info->algorithm.parameters->data,
			      dh_key_info->algorithm.parameters->length, &ecp, &len);
    if (ret)
	goto out;

    if (ecp.element != choice_ECParameters_namedCurve) {
	ret = KRB5_BADMSGTYPE;
	goto out;
    }

    if (der_heim_oid_cmp(&ecp.u.namedCurve, &asn1_oid_id_ec_group_secp256r1) == 0)
	nid = NID_X9_62_prime256v1;
    else {
	ret = KRB5_BADMSGTYPE;
	goto out;
    }

    /* XXX verify group is ok */

    public = EC_KEY_new_by_curve_name(nid);
예제 #2
0
파일: crypto-ec.c 프로젝트: heimdal/heimdal
static int
parse_ECParameters(hx509_context context,
                   heim_octet_string *parameters, int *nid)
{
    ECParameters ecparam;
    size_t size;
    int ret;

    if (parameters == NULL) {
        ret = HX509_PARSING_KEY_FAILED;
        hx509_set_error_string(context, 0, ret,
                               "EC parameters missing");
        return ret;
    }

    ret = decode_ECParameters(parameters->data, parameters->length,
                              &ecparam, &size);
    if (ret) {
        hx509_set_error_string(context, 0, ret,
                               "Failed to decode EC parameters");
        return ret;
    }

    if (ecparam.element != choice_ECParameters_namedCurve) {
        free_ECParameters(&ecparam);
        hx509_set_error_string(context, 0, ret,
                               "EC parameters is not a named curve");
        return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }

    *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
    free_ECParameters(&ecparam);
    if (*nid == NID_undef) {
        hx509_set_error_string(context, 0, ret,
                               "Failed to find matcing NID for EC curve");
        return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }
    return 0;
}