ECDSA support

Submitted by: Nils Larsch <nla@trustcenter.de>
author: Bodo Möller <bodo@openssl.org> 2002-02-13 18:21:51 +0000
committer: Bodo Möller <bodo@openssl.org> 2002-02-13 18:21:51 +0000
commit: 4d94ae00d5614d64d4dd065860c4b00161a81f82 (patch)
tree: e993aa323ea753b3c0782439eb78f4f8c896a67e /apps/req.c
parent: 60d8bae30d1040a4f955e3247443b2dd4c674cde (diff)
download: openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.zip
openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.tar.gz
openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.tar.bz2
1 files changed, 77 insertions, 4 deletions
diff --git a/apps/req.c b/apps/req.c
index c406b64..27a7bba 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -142,6 +142,7 @@ static int batch=0;
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
+#define TYPE_ECDSA	4
 
 int MAIN(int, char **);
 
@@ -151,6 +152,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
 #endif
+#ifndef OPENSSL_NO_ECDSA
+	ECDSA *ecdsa_params = NULL;
+#endif
 	unsigned long nmflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
@@ -317,11 +321,63 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				BIO_free(in);
-				newkey=BN_num_bits(dsa_params->p);
 				in=NULL;
+				newkey=BN_num_bits(dsa_params->p);
 				}
 			else 
 #endif
+#ifndef OPENSSL_NO_ECDSA
+				if (strncmp("ecdsa:",p,4) == 0)
+				{
+				X509 *xtmp=NULL;
+				EVP_PKEY *dtmp;
+
+				pkey_type=TYPE_ECDSA;
+				p+=6;
+				if ((in=BIO_new_file(p,"r")) == NULL)
+					{
+					perror(p);
+					goto end;
+					}
+				if ((ecdsa_params = PEM_read_bio_ECDSAParameters(in, NULL, NULL, NULL)) == NULL)
+					{
+					ERR_clear_error();
+					(void)BIO_reset(in);
+					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
+						{	
+						BIO_printf(bio_err,"unable to load ECDSA parameters from file\n");
+						goto end;
+						}
+
+					dtmp=X509_get_pubkey(xtmp);
+					if (dtmp->type == EVP_PKEY_ECDSA)
+						ecdsa_params = ECDSAParameters_dup(dtmp->pkey.ecdsa);
+					EVP_PKEY_free(dtmp);
+					X509_free(xtmp);
+					if (ecdsa_params == NULL)
+						{
+						BIO_printf(bio_err,"Certificate does not contain ECDSA parameters\n");
+						goto end;
+						}
+					}
+
+				BIO_free(in);
+				in=NULL;
+				
+				{
+				BIGNUM *order = BN_new();
+				
+				if (!order)
+					goto end;
+				if (!EC_GROUP_get_order(ecdsa_params->group, order, NULL))
+					goto end;
+				newkey = BN_num_bits(order);
+				BN_free(order);
+				}
+
+				}
+			else
+#endif
 #ifndef OPENSSL_NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
@@ -433,6 +489,7 @@ bad:
 		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+		BIO_printf(bio_err," -newkey ecdsa:file generate a new ECDSA key, parameters taken from CA in 'file'\n");
 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
 		BIO_printf(bio_err," -config file   request template file.\n");
 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
@@ -626,7 +683,7 @@ bad:
 			   message */
 			goto end;
 			}
-		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || EVP_PKEY_type(pkey->type) == EVP_PKEY_ECDSA)
 			{
 			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 			if (randfile == NULL)
@@ -650,14 +707,15 @@ bad:
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
-		if (newkey < MIN_KEY_LENGTH)
+		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
+		/* TODO: appropriate minimal keylength for the different algorithm (esp. ECDSA) */
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
 			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
 		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
+			newkey,(pkey_type == TYPE_RSA)?"RSA":(pkey_type == TYPE_DSA)?"DSA":"ECDSA");
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
@@ -679,6 +737,14 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
+#ifndef OPENSSL_NO_ECDSA
+			if (pkey_type == TYPE_ECDSA)
+			{
+			if (!ECDSA_generate_key(ecdsa_params)) goto end;
+			if (!EVP_PKEY_assign_ECDSA(pkey, ecdsa_params)) goto end;
+			ecdsa_params = NULL;
+			}
+#endif
 
 		app_RAND_write_file(randfile, bio_err);
 
@@ -785,6 +851,10 @@ loop:
 		if (pkey->type == EVP_PKEY_DSA)
 			digest=EVP_dss1();
 #endif
+#ifndef OPENSSL_NO_ECDSA
+		if (pkey->type == EVP_PKEY_ECDSA)
+			digest=EVP_ecdsa();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -1065,6 +1135,9 @@ end:
 #ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
+#ifndef OPENSSL_NO_ECDSA
+	if (ecdsa_params != NULL) ECDSA_free(ecdsa_params);
+#endif
 	apps_shutdown();
 	EXIT(ex);
 	}
author	Bodo Möller <bodo@openssl.org>	2002-02-13 18:21:51 +0000
committer	Bodo Möller <bodo@openssl.org>	2002-02-13 18:21:51 +0000
commit	4d94ae00d5614d64d4dd065860c4b00161a81f82 (patch)
tree	e993aa323ea753b3c0782439eb78f4f8c896a67e /apps/req.c
parent	60d8bae30d1040a4f955e3247443b2dd4c674cde (diff)
download	openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.zip openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.tar.gz openssl-4d94ae00d5614d64d4dd065860c4b00161a81f82.tar.bz2