diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h index e63c169a6..d9a1f8f79 100644 --- a/include/polarssl/oid.h +++ b/include/polarssl/oid.h @@ -61,6 +61,9 @@ #define OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ #define OID_RSA_COMPANY OID_ISO_MEMBER_BODIES OID_COUNTRY_US \ OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ +#define OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ +#define OID_ANSI_X9_62 OID_ISO_MEMBER_BODIES OID_COUNTRY_US \ + OID_ORG_ANSI_X9_62 /* * ISO Identified organization OID parts @@ -70,6 +73,8 @@ #define OID_OIW_SECSIG OID_ORG_OIW "\x03" #define OID_OIW_SECSIG_ALG OID_OIW_SECSIG "\x02" #define OID_OIW_SECSIG_SHA1 OID_OIW_SECSIG_ALG "\x1a" +#define OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ +#define OID_CERTICOM OID_ISO_IDENTIFIED_ORG OID_ORG_CERTICOM /* * ISO ITU OID parts @@ -235,6 +240,19 @@ #define OID_PKCS12_PBE_SHA1_RC2_128_CBC OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ #define OID_PKCS12_PBE_SHA1_RC2_40_CBC OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ +/* + * EC key algorithms from RFC 5420 + */ + +/* id-ecPublicKey OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ +#define OID_EC_ALG_UNRESTRICTED OID_ANSI_X9_62 "\x02\01" + +/* id-ecDH OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) + * schemes(1) ecdh(12) } */ +#define OID_EC_ALG_ECDH OID_CERTICOM "\x01\x0c" + #ifdef __cplusplus extern "C" { #endif diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index d9639eeed..169753de4 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -38,6 +38,8 @@ typedef enum { POLARSSL_PK_NONE=0, POLARSSL_PK_RSA, POLARSSL_PK_ECDSA, + POLARSSL_PK_ECKEY, + POLARSSL_PK_ECKEY_DH, } pk_type_t; #ifdef __cplusplus diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 9f4fc9f8a..62c8a931c 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -59,7 +59,7 @@ #define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< The extension tag or value is invalid. */ #define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Certificate or CRL has an unsupported version number. */ #define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Signature algorithm (oid) is unsupported. */ -#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Key algorithm is unsupported (only RSA is supported). */ +#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Key algorithm is unsupported (only RSA and EC are supported). */ #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */ #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */ diff --git a/library/oid.c b/library/oid.c index 2de7806d2..3f7857d0a 100644 --- a/library/oid.c +++ b/library/oid.c @@ -313,7 +313,7 @@ FN_OID_GET_OID_BY_ATTR2(oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, pk_t #endif /* POLARSSL_MD_C */ /* - * For PublicKeyInfo + * For PublicKeyInfo (PKCS1, RFC 5480) */ typedef struct { oid_descriptor_t descriptor; @@ -326,6 +326,14 @@ static const oid_pk_alg_t oid_pk_alg[] = { OID_PKCS1_RSA, "rsaEncryption", "RSA" }, POLARSSL_PK_RSA, }, + { + { OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" }, + POLARSSL_PK_ECKEY, + }, + { + { OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" }, + POLARSSL_PK_ECKEY_DH, + }, { { NULL, NULL, NULL }, 0,