used_ffdhe = 1;
_gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]);
- session->key.dh_params.flags = *session->internals.priorities->groups.entry[j]->q_bits;
+ session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
break;
}
}
gnutls_buffer_st * data)
{
int ret;
- unsigned q_bits = session->key.dh_params.flags;
+ unsigned q_bits = session->key.dh_params.qbits;
if (q_bits < 192 && q_bits != 0) {
gnutls_assert();
pub.params[ECC_Y] = session->key.ecdh_y;
pub.raw_pub.data = session->key.ecdhx.data;
pub.raw_pub.size = session->key.ecdhx.size;
- pub.flags = ecurve->id;
+ pub.curve = ecurve->id;
ret =
_gnutls_pk_derive(ecurve->pk, &tmp_dh_key,
typedef struct {
bigint_t params[GNUTLS_MAX_PK_PARAMS];
unsigned int params_nr; /* the number of parameters */
- unsigned int flags; /* curve */
+ unsigned int pkflags; /* gnutls_pk_flag_t */
+ unsigned int qbits; /* GNUTLS_PK_DH */
+ gnutls_ecc_curve_t curve; /* GNUTLS_PK_EC, GNUTLS_PK_ED25519 */
gnutls_datum_t raw_pub; /* used by x25519 */
gnutls_datum_t raw_priv;
gnutls_pk_params_init(&priv);
gnutls_pk_params_init(&pub);
- priv.flags = GNUTLS_ECC_CURVE_SECP256R1;
- pub.flags = GNUTLS_ECC_CURVE_SECP256R1;
+ priv.curve = GNUTLS_ECC_CURVE_SECP256R1;
+ pub.curve = GNUTLS_ECC_CURVE_SECP256R1;
priv.algo = pub.algo = GNUTLS_PK_EC;
session->key.dh_params.params_nr = 3; /* include empty q */
session->key.dh_params.algo = GNUTLS_PK_DH;
- session->key.dh_params.flags = q_bits;
+ session->key.dh_params.qbits = q_bits;
return 0;
}
out->data = NULL;
- curve = get_supported_nist_curve(priv->flags);
+ curve = get_supported_nist_curve(priv->curve);
if (curve == NULL)
return
gnutls_assert_val
return gnutls_assert_val(ret);
}
- out->size = gnutls_ecc_curve_get_size(priv->flags);
+ out->size = gnutls_ecc_curve_get_size(priv->curve);
/*ecc_size(curve)*sizeof(mp_limb_t); */
out->data = gnutls_malloc(out->size);
if (out->data == NULL) {
}
case GNUTLS_PK_ECDH_X25519:
{
- unsigned size = gnutls_ecc_curve_get_size(priv->flags);
+ unsigned size = gnutls_ecc_curve_get_size(priv->curve);
/* The point is in pub, while the private part (scalar) in priv. */
if (IS_EC(algo)) {
/* check if the curve relates to the algorithm used */
- if (gnutls_ecc_curve_get_pk(pk_params->flags) != algo)
+ if (gnutls_ecc_curve_get_pk(pk_params->curve) != algo)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
}
{
const gnutls_ecc_curve_entry_st *e;
- if (pk_params->flags != GNUTLS_ECC_CURVE_ED25519)
+ if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
- e = _gnutls_ecc_curve_get_params(pk_params->flags);
+ e = _gnutls_ecc_curve_get_params(pk_params->curve);
if (e == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
struct ecc_scalar priv;
struct dsa_signature sig;
- int curve_id = pk_params->flags;
+ int curve_id = pk_params->curve;
const struct ecc_curve *curve;
curve = get_supported_nist_curve(curve_id);
if (IS_EC(algo)) {
/* check if the curve relates to the algorithm used */
- if (gnutls_ecc_curve_get_pk(pk_params->flags) != algo)
+ if (gnutls_ecc_curve_get_pk(pk_params->curve) != algo)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
}
{
const gnutls_ecc_curve_entry_st *e;
- if (pk_params->flags != GNUTLS_ECC_CURVE_ED25519)
+ if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
- e = _gnutls_ecc_curve_get_params(pk_params->flags);
+ e = _gnutls_ecc_curve_get_params(pk_params->curve);
if (e == NULL)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
{
struct ecc_point pub;
struct dsa_signature sig;
- int curve_id = pk_params->flags;
+ int curve_id = pk_params->curve;
const struct ecc_curve *curve;
curve = get_supported_nist_curve(curve_id);
if (q_bits == 0)
return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- if (_gnutls_fips_mode_enabled() != 0 || params->flags & GNUTLS_PK_FLAG_PROVABLE) {
+ if (_gnutls_fips_mode_enabled() != 0 || params->pkflags & GNUTLS_PK_FLAG_PROVABLE) {
if (algo==GNUTLS_PK_DSA)
index = 1;
else
int ret;
gnutls_pk_params_init(¶ms);
- params.flags = curve;
+ params.curve = curve;
params.algo = GNUTLS_PK_ECDSA;
x->data = NULL;
gnutls_pk_params_init(&priv);
pub.algo = GNUTLS_PK_ECDSA;
- pub.flags = curve;
+ pub.curve = curve;
if (_gnutls_mpi_init_scan_nz
(&pub.params[ECC_Y], peer_y->data,
priv.params_nr = 3;
priv.algo = GNUTLS_PK_ECDSA;
- priv.flags = curve;
+ priv.curve = curve;
Z->data = NULL;
mpz_set_ui(pub.e, 65537);
- if ((params->flags & GNUTLS_PK_FLAG_PROVABLE) || _gnutls_fips_mode_enabled() != 0) {
- params->flags |= GNUTLS_PK_FLAG_PROVABLE;
+ if ((params->pkflags & GNUTLS_PK_FLAG_PROVABLE) || _gnutls_fips_mode_enabled() != 0) {
+ params->pkflags |= GNUTLS_PK_FLAG_PROVABLE;
if (params->palgo != 0 && params->palgo != GNUTLS_DIG_SHA384) {
ret = GNUTLS_E_INVALID_REQUEST;
goto rsa_fail;
{
unsigned size = gnutls_ecc_curve_get_size(level);
- if (params->flags & GNUTLS_PK_FLAG_PROVABLE)
+ if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (level != GNUTLS_ECC_CURVE_ED25519)
if (size == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- params->flags = level;
+ params->curve = level;
params->raw_priv.data = gnutls_malloc(size);
if (params->raw_priv.data == NULL)
break;
}
case GNUTLS_PK_ECDSA:
- if (params->flags & GNUTLS_PK_FLAG_PROVABLE)
+ if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
{
goto ecc_fail;
}
- params->flags = level;
+ params->curve = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
if (size == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- params->flags = level;
+ params->curve = level;
params->raw_priv.data = gnutls_malloc(size);
if (params->raw_priv.data == NULL)
gnutls_assert_val
(GNUTLS_E_INVALID_REQUEST);
- curve = get_supported_nist_curve(params->flags);
+ curve = get_supported_nist_curve(params->curve);
if (curve == NULL)
return
gnutls_assert_val
gnutls_assert_val
(GNUTLS_E_INVALID_REQUEST);
- curve = get_supported_nist_curve(params->flags);
+ curve = get_supported_nist_curve(params->curve);
if (curve == NULL)
return
gnutls_assert_val
return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY);
}
} else if (algo == GNUTLS_PK_EDDSA_ED25519) {
- if (params->flags != GNUTLS_ECC_CURVE_ED25519)
+ if (params->curve != GNUTLS_ECC_CURVE_ED25519)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
if (params->raw_priv.data == NULL)
return GNUTLS_E_INVALID_REQUEST;
}
- dst->flags = src->flags;
+ dst->pkflags = src->pkflags;
+ dst->curve = src->curve;
+ dst->qbits = src->qbits;
dst->algo = src->algo;
for (i = 0; i < src->params_nr; i++) {
}
if (curve)
- *curve = params->flags;
+ *curve = params->curve;
- if (curve_is_eddsa(params->flags)) {
+ if (curve_is_eddsa(params->curve)) {
if (x) {
ret = _gnutls_set_datum(x, params->raw_pub.data, params->raw_pub.size);
if (ret < 0) {
case GNUTLS_PK_EC:
{
ret =
- _gnutls_x509_write_ecc_params(key->params.flags,
+ _gnutls_x509_write_ecc_params(key->params.curve,
&p);
if (ret < 0) {
gnutls_assert();
int ret;
pub->algo = priv->algo;
- pub->flags = priv->flags;
+ pub->pkflags = priv->pkflags;
+ pub->curve = priv->curve;
+ pub->qbits = priv->qbits;
memcpy(&pub->spki, &priv->spki, sizeof(gnutls_x509_spki_st));
switch (pk) {
return _gnutls_mpi_get_nbits(params->params[DSA_P]);
case GNUTLS_PK_ECDSA:
case GNUTLS_PK_EDDSA_ED25519:
- return gnutls_ecc_curve_get_size(params->flags) * 8;
+ return gnutls_ecc_curve_get_size(params->curve) * 8;
default:
return 0;
}
}
if (curve)
- *curve = key->params.flags;
+ *curve = key->params.curve;
if (key->params.algo == GNUTLS_PK_EDDSA_ED25519) {
if (x) {
goto cleanup;
}
- ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters);
+ ret = _gnutls_x509_write_ecc_params(key->params.curve, parameters);
if (ret < 0) {
_gnutls_free_datum(ecpoint);
gnutls_assert();
*/
key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL);
- key->params.flags = curve;
+ key->params.curve = curve;
key->bits = pubkey_to_bits(&key->params);
result = 0;
}
key->params.algo = GNUTLS_PK_EDDSA_ED25519;
- key->params.flags = curve;
+ key->params.curve = curve;
return 0;
}
/* ECDSA */
- key->params.flags = curve;
+ key->params.curve = curve;
if (_gnutls_mpi_init_scan_nz
(&key->params.params[ECC_X], x->data, x->size)) {
ret =
_gnutls_x509_read_ecc_params(parameters->data,
- parameters->size, &key->params.flags);
+ parameters->size, &key->params.curve);
if (ret < 0) {
gnutls_assert();
goto cleanup;
if (params->algo == GNUTLS_PK_DSA)
bits = _gnutls_mpi_get_nbits(params->params[1]);
else if (params->algo == GNUTLS_PK_EC)
- bits = gnutls_ecc_curve_get_size(params->flags) * 8;
+ bits = gnutls_ecc_curve_get_size(params->curve) * 8;
if (bits <= 160) {
if (hash_len)
case GNUTLS_PK_DSA:
return _gnutls_x509_read_dsa_params(der, dersize, params);
case GNUTLS_PK_EC:
- return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->flags);
+ return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->curve);
default:
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
result =
- _gnutls_ecc_ansi_x962_export(params->flags,
+ _gnutls_ecc_ansi_x962_export(params->curve,
params->params[ECC_X],
params->params[ECC_Y], /*&out */
der);
if (params->raw_pub.size == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (params->flags != GNUTLS_ECC_CURVE_ED25519)
+ if (params->curve != GNUTLS_ECC_CURVE_ED25519)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size);
case GNUTLS_PK_RSA_PSS:
return _gnutls_x509_write_rsa_pss_params(¶ms->spki, der);
case GNUTLS_PK_ECDSA:
- return _gnutls_x509_write_ecc_params(params->flags, der);
+ return _gnutls_x509_write_ecc_params(params->curve, der);
case GNUTLS_PK_EDDSA_ED25519:
der->data = NULL;
der->size = 0;
gnutls_datum_t pubkey = { NULL, 0 };
const char *oid;
- oid = gnutls_ecc_curve_get_oid(params->flags);
+ oid = gnutls_ecc_curve_get_oid(params->curve);
if (oid == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
- if (curve_is_eddsa(params->flags)) {
+ if (curve_is_eddsa(params->curve)) {
if (params->raw_pub.size == 0 || params->raw_priv.size == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
ret =
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
ret =
- _gnutls_ecc_ansi_x962_export(params->flags,
+ _gnutls_ecc_ansi_x962_export(params->curve,
params->params[ECC_X],
params->params[ECC_Y], &pubkey);
if (ret < 0)
}
pk_algorithm = result;
- params->flags = curve;
+ params->curve = curve;
params->algo = pk_algorithm;
/* Read the algorithm's parameters
goto error;
}
- pkey->params.flags = gnutls_oid_to_ecc_curve(oid);
+ pkey->params.curve = gnutls_oid_to_ecc_curve(oid);
- if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID) {
+ if (pkey->params.curve == GNUTLS_ECC_CURVE_INVALID) {
_gnutls_debug_log("Curve %s is not supported\n", oid);
gnutls_assert();
ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
goto error;
}
} else {
- pkey->params.flags = curve;
+ pkey->params.curve = curve;
}
gnutls_pk_params_init(&key->params);
- key->params.flags = curve;
+ key->params.curve = curve;
if (curve_is_eddsa(curve)) {
key->params.algo = GNUTLS_PK_EDDSA_ED25519;
}
if (flags & GNUTLS_PRIVKEY_FLAG_PROVABLE) {
- key->params.flags |= GNUTLS_PK_FLAG_PROVABLE;
+ key->params.pkflags |= GNUTLS_PK_FLAG_PROVABLE;
}
key->params.algo = algo;
goto error;
}
- if ((pkey->params.flags & GNUTLS_PK_FLAG_PROVABLE) && pkey->params.seed_size > 0) {
+ if ((pkey->params.pkflags & GNUTLS_PK_FLAG_PROVABLE) && pkey->params.seed_size > 0) {
gnutls_datum_t seed_info;
result = _x509_encode_provable_seed(pkey, &seed_info);
pkey->params.algo = GNUTLS_PK_EDDSA_ED25519;
pkey->params.raw_priv.data = tmp.data;
pkey->params.raw_priv.size = tmp.size;
- pkey->params.flags = curve;
+ pkey->params.curve = curve;
tmp.data = NULL;
return 0;
}
pkey->params.palgo = gnutls_oid_to_digest(oid);
- pkey->params.flags |= GNUTLS_PK_FLAG_PROVABLE;
+ pkey->params.pkflags |= GNUTLS_PK_FLAG_PROVABLE;
ret = 0;
return gnutls_assert_val(0);
}
- curve = params.flags;
+ curve = params.curve;
gnutls_pk_params_release(¶ms);
if (curve != GNUTLS_ECC_CURVE_SECP256R1 &&
return gnutls_assert_val(0);
}
- issuer_curve = params.flags;
+ issuer_curve = params.curve;
gnutls_pk_params_release(¶ms);
if (issuer_curve != GNUTLS_ECC_CURVE_SECP256R1 &&
projects / thirdparty / gnutls.git / commitdiff
