} catch (const std::exception& exc) {
isc_throw(BadKey, "ECDSA_PrivateKey: " << exc.what());
}
+ priv_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if (kind_ == PRIVATE) {
isc_throw(UnsupportedAlgorithm,
"Unknown ECDSA Private Key format: " <<
if (pub_->domain() != group_) {
isc_throw(BadKey, "ECDSA Public Key not for the right curve");
}
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if ((kind_ == PUBLIC) && (key_format == DNS)) {
// RFC 6605 DNS wire format
// key_len == 0 was already checked
} catch (const std::exception& exc) {
isc_throw(BadKey, "ECDSA_PublicKey: " << exc.what());
}
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if (kind_ == PUBLIC) {
isc_throw(UnsupportedAlgorithm,
"Unknown ECDSA Public Key format: " <<
if (!pub_) {
pub_.reset(new Botan::ECDSA_PublicKey(group_,
priv_->public_point()));
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
}
} catch (const std::exception& exc) {
isc_throw(BadKey, "priv to pub: " << exc.what());
} catch (const std::exception& exc) {
isc_throw(BadKey, "ECDSA_PrivateKey" << exc.what());
}
+ priv_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if (kind_ == PRIVATE) {
isc_throw(UnsupportedAlgorithm,
"Unknown ECDSA Private Key format: " <<
if (pub_->domain() != group_) {
isc_throw(BadKey, "ECDSA Public Key not for the right curve");
}
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if ((kind_ == PUBLIC) && (key_format == DNS)) {
// bind9 .key file (RDATA)
// warn when password not empty
} catch (const std::exception& exc) {
isc_throw(BadKey, "ECDSA_PublicKey: " << exc.what());
}
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
} else if (kind_ == PUBLIC) {
isc_throw(UnsupportedAlgorithm,
"Unknown ECDSA Public Key format: " <<
if (!pub_) {
pub_.reset(new Botan::ECDSA_PublicKey(group_,
priv_->public_point()));
+ pub_->set_parameter_encoding(Botan::EC_DOMPAR_ENC_OID);
}
} catch (const std::exception& exc) {
isc_throw(BadKey, "priv to pub: " << exc.what());
static_cast<int>(key_format));
} else if ((key_kind == PUBLIC) && (key_format == ASN1)) {
// SubjectPublicKeyInfo
- // Expand encoding to force namedCurve and uncompressed
+ // Expand encoding to force uncompressed point
+ // @note this is critical for secure DHCPv6
Botan::MemoryVector<Botan::byte> ber;
try {
// ber = Botan::X509::BER_encode(*pub_);
- const Botan::MemoryVector<Botan::byte> parameters =
- pub_->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
- const Botan::AlgorithmIdentifier alg_id(pub_->get_oid(),
- parameters);
const Botan::MemoryVector<Botan::byte> pubkey =
Botan::EC2OSP(pub_->public_point(),
Botan::PointGFp::UNCOMPRESSED);
ber = Botan::DER_Encoder()
.start_cons(Botan::SEQUENCE)
- .encode(alg_id)
+ .encode(pub_->algorithm_identifier())
.encode(pubkey, Botan::BIT_STRING)
.end_cons()
.get_contents();
} else if ((key_kind == PUBLIC) && (key_format == ASN1)) {
// SubjectPublicKeyInfo PEM file
// warn when password not empty
- // Expand encoding to force namedCurve
+ // Expand encoding to force uncompressed point
std::string pem;
try {
// pem = Botan::X509::PEM_encode(*pub_);
Botan::MemoryVector<Botan::byte> ber;
// ber = Botan::X509::BER_encode(*pub_);
- const Botan::MemoryVector<Botan::byte> parameters =
- pub_->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
- const Botan::AlgorithmIdentifier alg_id(pub_->get_oid(),
- parameters);
const Botan::MemoryVector<Botan::byte> pubkey =
Botan::EC2OSP(pub_->public_point(),
Botan::PointGFp::UNCOMPRESSED);
ber = Botan::DER_Encoder()
.start_cons(Botan::SEQUENCE)
- .encode(alg_id)
+ .encode(pub_->algorithm_identifier())
.encode(pubkey, Botan::BIT_STRING)
.end_cons()
.get_contents();
projects / thirdparty / kea.git / commitdiff
