Enable X25519 and X448 everywhere that EdDSA is supported.

These are just trivial extension points where the codepath is the same
for the ECDH scheme as it is for the EdDSA scheme.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index a1642d0f350a348b8dc6edf235e76611afc4e87c..ec2f1e5df6c9df66b8bfcd0fdbf6f911f3451ac5 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1802,6 +1802,8 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
        case GNUTLS_PK_ECDSA:
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
 #if ENABLE_GOST
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:

diff --git a/lib/pk.c b/lib/pk.c
index fcf3af1989104c4761e304d233726a3b2aa675e9..1904f594535944cfff0b23067d601913390d3b42 100644 (file)
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -1216,6 +1216,8 @@ pk_prepare_hash(gnutls_pk_algorithm_t pk,
        case GNUTLS_PK_ECDSA:
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:
        case GNUTLS_PK_GOST_12_512:

diff --git a/lib/privkey.c b/lib/privkey.c
index 0e8d29561f7cb3d48bacb0a8c3f13e449125e137..7b983b145d1c47992541863150e716663cda08f2 100644 (file)
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -206,6 +206,8 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk,
                break;
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
                ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, priv->raw_pub.size);
                if (ret < 0)
                        return gnutls_assert_val(ret);

diff --git a/lib/pubkey.c b/lib/pubkey.c
index 6d00e87876fb6c312130e7bd3f92ae5037c0188e..14171f68d7bf8f32f774cd93d567bc45248d09cb 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -62,6 +62,8 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st * params)
        case GNUTLS_PK_ECDSA:
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:
        case GNUTLS_PK_GOST_12_512:
@@ -1175,7 +1177,9 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
                *curve = key->params.curve;
 
        if (key->params.algo == GNUTLS_PK_EDDSA_ED25519 ||
-           key->params.algo == GNUTLS_PK_EDDSA_ED448) {
+           key->params.algo == GNUTLS_PK_EDDSA_ED448 ||
+           key->params.algo == GNUTLS_PK_ECDH_X25519 ||
+           key->params.algo == GNUTLS_PK_ECDH_X448) {
                if (x) {
                        ret = _gnutls_set_datum(x, key->params.raw_pub.data, key->params.raw_pub.size);
                        if (ret < 0)

diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index c7e69d8e1f47509b2a4a3acefe2dbe483621e414..ea241163b99d26a73f3cc1bdb75c9a9ad9fa4e77 100644 (file)
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -635,6 +635,8 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params)
        case GNUTLS_PK_ECDSA:
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:
        case GNUTLS_PK_GOST_12_512:

diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index a1abbe621caab721602b81d8a3314d998403bb1a..8428cd17338b4cc478efbe193c4751f1385c72f7 100644 (file)
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -283,6 +283,8 @@ _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params,
                return _gnutls_x509_write_ecc_params(params->curve, der);
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
                der->data = NULL;
                der->size = 0;
 
@@ -867,7 +869,8 @@ _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params)
                goto cleanup;
        }
 
-       if (curve_is_eddsa(params->curve)) {
+       if (curve_is_eddsa(params->curve) ||
+            curve_is_modern_ecdh(params->curve)) {
                if (params->raw_pub.size == 0 || params->raw_priv.size == 0)
                        return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
                ret =
@@ -1071,6 +1074,8 @@ int _gnutls_asn1_encode_privkey(asn1_node * c2,
        case GNUTLS_PK_ECDSA:
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
                return _gnutls_asn1_encode_ecc(c2, params);
        case GNUTLS_PK_GOST_01:
        case GNUTLS_PK_GOST_12_256:

diff --git a/lib/x509/output.c b/lib/x509/output.c
index 70210847b8522a12a68701217dcd4112dbc32586..1e58c3ca922825a4c87d5265f7141beb03abe0de 100644 (file)
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1453,6 +1453,8 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name,
 
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
        case GNUTLS_PK_ECDSA:
                {
                        gnutls_datum_t x, y;

diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index c54ad4a8b2d77b2c82179641e3def431c2c229c8..3c7c9f8eee629a2922e729788d0b298ad5300bc5 100644 (file)
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -69,6 +69,8 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
        switch (pkey->params.algo) {
        case GNUTLS_PK_EDDSA_ED25519:
        case GNUTLS_PK_EDDSA_ED448:
+       case GNUTLS_PK_ECDH_X25519:
+       case GNUTLS_PK_ECDH_X448:
                /* we encode as octet string (which is going to be stored inside
                 * another octet string). No comments. */
                ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING,

diff --git a/src/certtool-common.c b/src/certtool-common.c
index 31e1c2619f158305a682852126d1185629bb2b1b..dba89df9a0451c3ea4cb955cf8422d80b6d3dde9 100644 (file)
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1289,7 +1289,9 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
                }
        } else if (key_type == GNUTLS_PK_ECDSA ||
                   key_type == GNUTLS_PK_EDDSA_ED25519 ||
-                  key_type == GNUTLS_PK_EDDSA_ED448) {
+                  key_type == GNUTLS_PK_EDDSA_ED448 ||
+                  key_type == GNUTLS_PK_ECDH_X25519 ||
+                  key_type == GNUTLS_PK_ECDH_X448) {
                gnutls_datum_t y, x, k;
                gnutls_ecc_curve_t curve;
 

diff --git a/src/certtool-common.h b/src/certtool-common.h
index 04c7a3e91a9f12d3741e1448982a6ffbd7d0a6d2..db7b1bde3afbce00c0927dc0dfd2ea95a4a3a579 100644 (file)
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -91,6 +91,7 @@ void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t ke
                return;
 
        if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || key_type == GNUTLS_PK_EDDSA_ED448 ||
+            key_type == GNUTLS_PK_ECDH_X25519 || key_type == GNUTLS_PK_ECDH_X448 ||
            key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 ||
            key_type == GNUTLS_PK_GOST_12_512) {
                if (cinfo->verbose)