int result = 0, need_free = 0;
gnutls_datum_t _data;
ASN1_TYPE spk;
- gnutls_ecc_curve_t curve;
if (key == NULL) {
gnutls_assert();
goto cleanup;
}
- /* this has already been called by get_asn_mpis() thus it cannot
- * fail.
- */
- key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL);
-
- key->params.curve = curve;
key->bits = pubkey_to_bits(&key->params);
-
result = 0;
cleanup:
data/bmpstring.pem data/template-utf8.pem templates/template-utf8.tmpl \
templates/template-dn.tmpl data/template-dn.pem data/complex-cert.pem \
data/template-overflow.pem templates/template-overflow.tmpl data/template-overflow2.pem \
- templates/template-overflow2.tmpl data/template-crq.pem \
+ templates/template-overflow2.tmpl data/template-crq.pem data/cert-ecc256-full.pem \
templates/template-date.tmpl data/template-date.pem templates/template-dn-err.tmpl \
templates/template-nc.tmpl data/template-nc.pem data/xmpp-othername.pem \
suppressions.valgrind data/csr-invalid.der data/invalid-sig2.pem data/invalid-sig3.pem \
data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \
data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \
data/template-rsa-sha3-384.pem data/long-oids.pem \
- data/name-constraints-ip2.pem data/chain-md5.pem \
+ data/name-constraints-ip2.pem data/chain-md5.pem data/pubkey-ecc256.pem \
templates/template-dates-after2038.tmpl data/template-dates-after2038.pem \
data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \
templates/template-tlsfeature.tmpl data/userid.pem data/cert-with-crl.p12 \
provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \
pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \
- smime cert-time alt-chain pkcs7-list-sign pkcs7-eddsa \
+ smime cert-time alt-chain pkcs7-list-sign pkcs7-eddsa certtool-ecdsa \
key-id pkcs8 pkcs8-decode ecdsa illegal-rsa pkcs8-invalid key-invalid \
pkcs8-eddsa
--- /dev/null
+#!/bin/sh
+
+# Copyright (C) 2014-2018 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+KEYFILE=ecdsa-privkey.$$.tmp
+TMPFILE=ecdsa.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+ exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+ exit 77
+fi
+
+
+${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-ecc256-full.pem" --outfile "${TMPFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "There was an issue parsing the certificate"
+ exit 1
+fi
+
+$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem"
+if test $? != 0;then
+ echo "Error in parsing ECDSA cert"
+ exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-ecc256.pem" --outfile "${TMPFILE}"
+rc=$?
+if test "${rc}" != "0"; then
+ echo "Could not read an ECDSA public key"
+ exit 1
+fi
+
+$DIFF ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem"
+if test $? != 0;then
+ echo "Error in parsing ECDSA public key"
+ exit 1
+fi
+
+
+# Create an ECDSA
+${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \
+ --ecdsa --outfile "$KEYFILE"
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "Could not generate an ECDSA key"
+ exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" >/dev/null
+rc=$?
+if test "${rc}" != "0"; then
+ echo "Could not read generated an ECDSA key"
+ exit 1
+fi
+
+rm -f "${TMPFILE}" "${KEYFILE}"
+
+exit 0
--- /dev/null
+X.509 Certificate Information:
+ Version: 3
+ Serial Number (hex): 07
+ Issuer: CN=GnuTLS certificate authority,ST=Leuven,OU=GnuTLS certificate authority,O=GnuTLS,C=BE
+ Validity:
+ Not Before: Sat Sep 01 09:22:36 UTC 2012
+ Not After: Sat Oct 05 09:22:36 UTC 2019
+ Subject: EMAIL=none@none.org,pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,ST=Attiki,OU=sleeping dept.,O=Koko inc.,C=GR
+ Subject Public Key Algorithm: EC/ECDSA
+ Algorithm Security Level: High (256 bits)
+ Curve: SECP256R1
+ X:
+ 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+ 5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+ Y:
+ 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+ 6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+ Extensions:
+ Basic Constraints (critical):
+ Certificate Authority (CA): FALSE
+ Subject Alternative Name (not critical):
+ DNSname: www.none.org
+ DNSname: www.morethanone.org
+ DNSname: localhost
+ IPAddress: 192.168.1.1
+ Key Purpose (not critical):
+ TLS WWW Server.
+ Key Usage (critical):
+ Digital signature.
+ Subject Key Identifier (not critical):
+ acfa4767c61b41791257f7ac05c150e28ed00e5b
+ Authority Key Identifier (not critical):
+ f0b481fe9812bfb528b9644003cbcc1f664e2803
+ Signature Algorithm: ECDSA-SHA256
+ Signature:
+ 30:45:02:20:28:2a:e0:24:c8:9e:44:50:d4:36:85:a0
+ 8f:30:9a:ed:8a:3f:ce:38:e4:d5:91:5c:aa:2e:6a:0d
+ 96:25:21:73:02:21:00:c7:82:b1:6a:86:49:35:57:c1
+ 05:27:38:6c:0f:57:4f:3f:f6:3a:7a:60:01:9b:ad:52
+ 88:4d:35:bf:ed:99:11
+Other Information:
+ Fingerprint:
+ sha1:8c6802792736a5ce00e75b2095626aa13ca0c0c0
+ sha256:222ddff7f65043153f439d4e2b74b87f9e366d96a1506b5ad3e8e0f1bb95da9e
+ Public Key ID:
+ sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+ sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+ Public Key PIN:
+ pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx
+ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV
+HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu
+b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC
+ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4
+bA9XTz/2OnpgAZutUohNNb/tmRE=
+-----END CERTIFICATE-----
--- /dev/null
+Public Key Information:
+ Public Key Algorithm: EC/ECDSA
+ Algorithm Security Level: High (256 bits)
+ Curve: SECP256R1
+ X:
+ 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+ 5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+ Y:
+ 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+ 6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+
+Public Key ID:
+ sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+ sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+Public Key PIN:
+ pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL
+2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwQ==
+-----END PUBLIC KEY-----
+
projects / thirdparty / gnutls.git / commitdiff
