x509: handle X448 and X25519 in write_pubkey

This uses the same structure as _gnutls_x509_write_eddsa_pubkey.

Another way to write this would be to combine those two functions,
despite X448 and X25519 not being EdDSA at all.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index c3ff2a9b05c00cf35404f63c4b890bca3075edf3..a1abbe621caab721602b81d8a3314d998403bb1a 100644 (file)
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -161,6 +161,35 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params,
        return 0;
 }
 
+/*
+ * some x509 certificate functions that relate to MPI parameter
+ * setting. This writes a raw public key.
+ *
+ * Allocates the space used to store the data.
+ */
+static int
+_gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params,
+                                      gnutls_datum_t * raw)
+{
+       int ret;
+
+       raw->data = NULL;
+       raw->size = 0;
+
+       if (params->raw_pub.size == 0)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+       if (params->curve != GNUTLS_ECC_CURVE_X25519 &&
+           params->curve != GNUTLS_ECC_CURVE_X448)
+               return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
+
+       ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
+
+       return 0;
+}
+
 int
 _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params,
                              gnutls_datum_t * der)
@@ -282,6 +311,9 @@ _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params,
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
                return _gnutls_x509_write_eddsa_pubkey(params, der);
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
+               return _gnutls_x509_write_modern_ecdh_pubkey(params, der);
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:
        case GNUTLS_PK_GOST_12_512: