diff options
Diffstat (limited to 'security/nss/cmd/lib/basicutil.c')
| -rw-r--r-- | security/nss/cmd/lib/basicutil.c | 191 |
1 files changed, 114 insertions, 77 deletions
diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c index dcd039391..de56fbdd9 100644 --- a/security/nss/cmd/lib/basicutil.c +++ b/security/nss/cmd/lib/basicutil.c @@ -25,7 +25,6 @@ #endif #include "secoid.h" -#include "sslt.h" extern long DER_GetInteger(const SECItem *src); @@ -733,97 +732,135 @@ SECU_SECItemHexStringToBinary(SECItem *srcdest) return SECSuccess; } -SSLNamedGroup -groupNameToNamedGroup(char *name) +SECItem * +SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) { - if (PL_strlen(name) == 4) { - if (!strncmp(name, "P256", 4)) { - return ssl_grp_ec_secp256r1; - } - if (!strncmp(name, "P384", 4)) { - return ssl_grp_ec_secp384r1; - } - if (!strncmp(name, "P521", 4)) { - return ssl_grp_ec_secp521r1; - } + int i = 0; + int byteval = 0; + int tmp = PORT_Strlen(str); + + PORT_Assert(arena); + PORT_Assert(item); + + if ((tmp % 2) != 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; } - if (PL_strlen(name) == 6) { - if (!strncmp(name, "x25519", 6)) { - return ssl_grp_ec_curve25519; - } - if (!strncmp(name, "FF2048", 6)) { - return ssl_grp_ffdhe_2048; - } - if (!strncmp(name, "FF3072", 6)) { - return ssl_grp_ffdhe_3072; - } - if (!strncmp(name, "FF4096", 6)) { - return ssl_grp_ffdhe_4096; - } - if (!strncmp(name, "FF6144", 6)) { - return ssl_grp_ffdhe_6144; + + item = SECITEM_AllocItem(arena, item, tmp / 2); + if (item == NULL) { + return NULL; + } + + while (str[i]) { + if ((str[i] >= '0') && (str[i] <= '9')) { + tmp = str[i] - '0'; + } else if ((str[i] >= 'a') && (str[i] <= 'f')) { + tmp = str[i] - 'a' + 10; + } else if ((str[i] >= 'A') && (str[i] <= 'F')) { + tmp = str[i] - 'A' + 10; + } else { + /* item is in arena and gets freed by the caller */ + return NULL; } - if (!strncmp(name, "FF8192", 6)) { - return ssl_grp_ffdhe_8192; + + byteval = byteval * 16 + tmp; + if ((i % 2) != 0) { + item->data[i / 2] = byteval; + byteval = 0; } + i++; } - return ssl_grp_none; + return item; } +/* mapping between ECCurveName enum and SECOidTags */ +static SECOidTag ecCurve_oid_map[] = { + SEC_OID_UNKNOWN, /* ECCurve_noName */ + SEC_OID_ANSIX962_EC_PRIME192V1, /* ECCurve_NIST_P192 */ + SEC_OID_SECG_EC_SECP224R1, /* ECCurve_NIST_P224 */ + SEC_OID_ANSIX962_EC_PRIME256V1, /* ECCurve_NIST_P256 */ + SEC_OID_SECG_EC_SECP384R1, /* ECCurve_NIST_P384 */ + SEC_OID_SECG_EC_SECP521R1, /* ECCurve_NIST_P521 */ + SEC_OID_SECG_EC_SECT163K1, /* ECCurve_NIST_K163 */ + SEC_OID_SECG_EC_SECT163R1, /* ECCurve_NIST_B163 */ + SEC_OID_SECG_EC_SECT233K1, /* ECCurve_NIST_K233 */ + SEC_OID_SECG_EC_SECT233R1, /* ECCurve_NIST_B233 */ + SEC_OID_SECG_EC_SECT283K1, /* ECCurve_NIST_K283 */ + SEC_OID_SECG_EC_SECT283R1, /* ECCurve_NIST_B283 */ + SEC_OID_SECG_EC_SECT409K1, /* ECCurve_NIST_K409 */ + SEC_OID_SECG_EC_SECT409R1, /* ECCurve_NIST_B409 */ + SEC_OID_SECG_EC_SECT571K1, /* ECCurve_NIST_K571 */ + SEC_OID_SECG_EC_SECT571R1, /* ECCurve_NIST_B571 */ + SEC_OID_ANSIX962_EC_PRIME192V2, + SEC_OID_ANSIX962_EC_PRIME192V3, + SEC_OID_ANSIX962_EC_PRIME239V1, + SEC_OID_ANSIX962_EC_PRIME239V2, + SEC_OID_ANSIX962_EC_PRIME239V3, + SEC_OID_ANSIX962_EC_C2PNB163V1, + SEC_OID_ANSIX962_EC_C2PNB163V2, + SEC_OID_ANSIX962_EC_C2PNB163V3, + SEC_OID_ANSIX962_EC_C2PNB176V1, + SEC_OID_ANSIX962_EC_C2TNB191V1, + SEC_OID_ANSIX962_EC_C2TNB191V2, + SEC_OID_ANSIX962_EC_C2TNB191V3, + SEC_OID_ANSIX962_EC_C2PNB208W1, + SEC_OID_ANSIX962_EC_C2TNB239V1, + SEC_OID_ANSIX962_EC_C2TNB239V2, + SEC_OID_ANSIX962_EC_C2TNB239V3, + SEC_OID_ANSIX962_EC_C2PNB272W1, + SEC_OID_ANSIX962_EC_C2PNB304W1, + SEC_OID_ANSIX962_EC_C2TNB359V1, + SEC_OID_ANSIX962_EC_C2PNB368W1, + SEC_OID_ANSIX962_EC_C2TNB431R1, + SEC_OID_SECG_EC_SECP112R1, + SEC_OID_SECG_EC_SECP112R2, + SEC_OID_SECG_EC_SECP128R1, + SEC_OID_SECG_EC_SECP128R2, + SEC_OID_SECG_EC_SECP160K1, + SEC_OID_SECG_EC_SECP160R1, + SEC_OID_SECG_EC_SECP160R2, + SEC_OID_SECG_EC_SECP192K1, + SEC_OID_SECG_EC_SECP224K1, + SEC_OID_SECG_EC_SECP256K1, + SEC_OID_SECG_EC_SECT113R1, + SEC_OID_SECG_EC_SECT113R2, + SEC_OID_SECG_EC_SECT131R1, + SEC_OID_SECG_EC_SECT131R2, + SEC_OID_SECG_EC_SECT163R1, + SEC_OID_SECG_EC_SECT193R1, + SEC_OID_SECG_EC_SECT193R2, + SEC_OID_SECG_EC_SECT239K1, + SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */ + SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */ + SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */ + SEC_OID_CURVE25519, + SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */ +}; + SECStatus -parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, - unsigned int *enabledGroupsCount) +SECU_ecName2params(ECCurveName curve, SECItem *params) { - SSLNamedGroup *groups; - char *str; - char *p; - unsigned int numValues = 0; - unsigned int count = 0; - - /* Count the number of groups. */ - str = PORT_Strdup(arg); - if (!str) { + SECOidData *oidData = NULL; + + if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve) || + ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) { + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } - p = strtok(str, ","); - while (p) { - ++numValues; - p = strtok(NULL, ","); - } - PORT_Free(str); - str = NULL; - groups = PORT_ZNewArray(SSLNamedGroup, numValues); - if (!groups) { - goto done; - } - - /* Get group names. */ - str = PORT_Strdup(arg); - if (!str) { - goto done; - } - p = strtok(str, ","); - while (p) { - SSLNamedGroup group = groupNameToNamedGroup(p); - if (group == ssl_grp_none) { - count = 0; - goto done; - } - groups[count++] = group; - p = strtok(NULL, ","); - } -done: - if (str) { - PORT_Free(str); - } - if (!count) { - PORT_Free(groups); + if (SECITEM_AllocItem(NULL, params, (2 + oidData->oid.len)) == NULL) { return SECFailure; } + /* + * params->data needs to contain the ASN encoding of an object ID (OID) + * representing the named curve. The actual OID is in + * oidData->oid.data so we simply prepend 0x06 and OID length + */ + params->data[0] = SEC_ASN1_OBJECT_ID; + params->data[1] = oidData->oid.len; + memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); - *enabledGroupsCount = count; - *enabledGroups = groups; return SECSuccess; } |