Make oid_get_pk_alg handle EC algorithms

include/polarssl/oid.h

@@ -61,6 +61,9 @@
 #define OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
 #define OID_RSA_COMPANY                 OID_ISO_MEMBER_BODIES OID_COUNTRY_US    \
                                         OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define OID_ANSI_X9_62                  OID_ISO_MEMBER_BODIES OID_COUNTRY_US \
+                                        OID_ORG_ANSI_X9_62
 
 /*
  * ISO Identified organization OID parts
@@ -70,6 +73,8 @@
 #define OID_OIW_SECSIG                  OID_ORG_OIW "\x03"
 #define OID_OIW_SECSIG_ALG              OID_OIW_SECSIG "\x02"
 #define OID_OIW_SECSIG_SHA1             OID_OIW_SECSIG_ALG "\x1a"
+#define OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define OID_CERTICOM                    OID_ISO_IDENTIFIED_ORG OID_ORG_CERTICOM
 
 /*
  * ISO ITU OID parts
@@ -235,6 +240,19 @@
 #define OID_PKCS12_PBE_SHA1_RC2_128_CBC     OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
 #define OID_PKCS12_PBE_SHA1_RC2_40_CBC      OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
 
+/*
+ * EC key algorithms from RFC 5420
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define OID_EC_ALG_UNRESTRICTED         OID_ANSI_X9_62 "\x02\01"
+
+/*   id-ecDH OBJECT IDENTIFIER ::= {
+ *     iso(1) identified-organization(3) certicom(132)
+ *     schemes(1) ecdh(12) } */
+#define OID_EC_ALG_ECDH                 OID_CERTICOM "\x01\x0c"
+
 #ifdef __cplusplus
 extern "C" {
 #endif

include/polarssl/pk.h

@@ -38,6 +38,8 @@ typedef enum {
     POLARSSL_PK_NONE=0,
     POLARSSL_PK_RSA,
     POLARSSL_PK_ECDSA,
+    POLARSSL_PK_ECKEY,
+    POLARSSL_PK_ECKEY_DH,
 } pk_type_t;
 
 #ifdef __cplusplus

include/polarssl/x509.h

@@ -59,7 +59,7 @@
 #define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS          -0x2580  /**< The extension tag or value is invalid. */
 #define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION             -0x2600  /**< Certificate or CRL has an unsupported version number. */
 #define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG             -0x2680  /**< Signature algorithm (oid) is unsupported. */
-#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG                   -0x2700  /**< Key algorithm is unsupported (only RSA is supported). */
+#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG                   -0x2700  /**< Key algorithm is unsupported (only RSA and EC are supported). */
 #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH                -0x2780  /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
 #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED               -0x2800  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
 #define POLARSSL_ERR_X509_KEY_INVALID_VERSION              -0x2880  /**< Unsupported RSA key version */

library/oid.c

@@ -313,7 +313,7 @@ FN_OID_GET_OID_BY_ATTR2(oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, pk_t
 #endif /* POLARSSL_MD_C */
 
 /*
- * For PublicKeyInfo
+ * For PublicKeyInfo (PKCS1, RFC 5480)
  */
 typedef struct {
     oid_descriptor_t    descriptor;
@@ -326,6 +326,14 @@ static const oid_pk_alg_t oid_pk_alg[] =
         { OID_PKCS1_RSA,      "rsaEncryption",   "RSA" },
         POLARSSL_PK_RSA,
     },
+    {
+        { OID_EC_ALG_UNRESTRICTED,  "id-ecPublicKey",   "Generic EC key" },
+        POLARSSL_PK_ECKEY,
+    },
+    {
+        { OID_EC_ALG_ECDH,          "id-ecDH",          "EC key for ECDH" },
+        POLARSSL_PK_ECKEY_DH,
+    },
     {
         { NULL, NULL, NULL },
         0,