Generalize ECDSA functions to EC.

libreswan · Aug 7, 2021 · a312e7b · a312e7b
1 parent cf0dca3
commit a312e7b
Show file tree

Hide file tree

Showing 10 changed files with 51 additions and 51 deletions.
diff --git a/include/ckaid.h b/include/ckaid.h
@@ -54,7 +54,7 @@ const char *str_ckaid(const ckaid_t *ckaid, ckaid_buf *buf);
 size_t jam_ckaid(struct jambuf *buf, const ckaid_t *ckaid);
 
 err_t form_ckaid_rsa(chunk_t modulus, ckaid_t *ckaid);
-err_t form_ckaid_ecdsa(chunk_t pub_value, ckaid_t *ckaid);
+err_t form_ckaid_ecKey(chunk_t pub_value, ckaid_t *ckaid);
 bool ckaid_eq_nss(const ckaid_t *l, const SECItem *r);
 
 ckaid_t ckaid_from_secitem(const SECItem *const nss_ckaid);

diff --git a/include/pluto_constants.h b/include/pluto_constants.h
@@ -1058,7 +1058,7 @@ enum PrivateKeyKind {
 	PKK_RSA,
 	PKK_XAUTH,
 	PKK_PPK,
-	PKK_ECDSA, /* should not be needed */
+	PKK_EC, /* should not be needed */
 	PKK_NULL,
 	PKK_INVALID,
 };

diff --git a/include/secrets.h b/include/secrets.h
@@ -53,13 +53,13 @@ struct RSA_private_key {
 	struct RSA_public_key pub;
 };
 
-struct ECDSA_public_key {
+struct EC_public_key {
 	chunk_t ecParams;
 	chunk_t pub; /* publicValue */
 };
 
-struct ECDSA_private_key {
-	struct ECDSA_public_key pub;
+struct EC_private_key {
+	struct EC_public_key pub;
 	chunk_t ecParams;
 	chunk_t pub_val; /* publicValue */
 	chunk_t privateValue;
@@ -71,7 +71,7 @@ err_t rsa_pubkey_to_base64(chunk_t exponent, chunk_t modulus, char **rr);
 err_t unpack_RSA_public_key(struct RSA_public_key *rsa,
 			    keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 			    const chunk_t *pubkey);
-err_t unpack_ECDSA_public_key(struct ECDSA_public_key *ecdsa,
+err_t unpack_EC_public_key(struct EC_public_key *ecKey,
 			      keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 			      const chunk_t *pubkey);
 
@@ -86,7 +86,7 @@ struct private_key_stuff {
 	union {
 		chunk_t preshared_secret;
 		struct RSA_private_key RSA_private_key;
-		struct ECDSA_private_key ECDSA_private_key;
+		struct EC_private_key EC_private_key;
 		/* struct smartcard *smartcard; */
 	} u;
 
@@ -140,7 +140,7 @@ struct hash_signature {
 
 union pubkey_content {
 	struct RSA_public_key rsa;
-	struct ECDSA_public_key ecdsa;
+	struct EC_public_key ecPub;
 };
 
 struct pubkey_type {

diff --git a/lib/libswan/base64_pubkey.c b/lib/libswan/base64_pubkey.c
@@ -218,13 +218,13 @@ err_t unpack_RSA_public_key(struct RSA_public_key *rsa,
 	return NULL;
 }
 
-err_t unpack_ECDSA_public_key(struct ECDSA_public_key *ecdsa,
+err_t unpack_EC_public_key(struct EC_public_key *ecKey,
 			      keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 			      const chunk_t *pubkey)
 {
 	err_t e;
 
-	e = form_ckaid_ecdsa(*pubkey, ckaid);
+	e = form_ckaid_ecKey(*pubkey, ckaid);
 	if (e != NULL) {
 		return e;
 	}
@@ -236,13 +236,13 @@ err_t unpack_ECDSA_public_key(struct ECDSA_public_key *ecdsa,
 	}
 
 	*size = pubkey->len;
-	ecdsa->pub = clone_hunk(*pubkey, "public value");
+	ecKey->pub = clone_hunk(*pubkey, "public value");
 
 	if (DBGP(DBG_BASE)) {
 		/* pubkey information isn't DBG_PRIVATE */
 		DBG_log("keyid: *%s", str_keyid(*keyid));
 		DBG_log("  size: %zu", *size);
-		DBG_dump_hunk("  pub", ecdsa->pub);
+		DBG_dump_hunk("  pub", ecKey->pub);
 		DBG_dump_hunk("  CKAID", *ckaid);
 	}
 

diff --git a/lib/libswan/ckaid.c b/lib/libswan/ckaid.c
@@ -113,7 +113,7 @@ err_t form_ckaid_rsa(chunk_t modulus, ckaid_t *ckaid)
 	return NULL;
 }
 
-err_t form_ckaid_ecdsa(chunk_t pub_value, ckaid_t *ckaid)
+err_t form_ckaid_ecKey(chunk_t pub_value, ckaid_t *ckaid)
 {
 	/*
 	 * Compute the CKAID directly using the public value. - keep old
@@ -125,7 +125,7 @@ err_t form_ckaid_ecdsa(chunk_t pub_value, ckaid_t *ckaid)
 		return "unable to compute 'CKAID' from public value";
 	}
 	if (DBGP(DBG_BASE)) {
-		DBG_dump("computed ecdsa CKAID",
+		DBG_dump("computed ecKey CKAID",
 			 nss_ckaid->data, nss_ckaid->len);
 	}
 	*ckaid = ckaid_from_secitem(nss_ckaid);

diff --git a/lib/libswan/constants.c b/lib/libswan/constants.c
@@ -2164,7 +2164,7 @@ static const char *const pkk_name[] = {
 	"PKK_RSA",
 	"PKK_XAUTH",
 	"PKK_PPK",
-	"PKK_ECDSA",
+	"PKK_EC",
 	"PKK_NULL",
 	"PKK_INVALID",
 };

diff --git a/lib/libswan/secrets.c b/lib/libswan/secrets.c
@@ -347,17 +347,17 @@ const struct pubkey_type pubkey_type_rsa = {
 	.sign_hash = RSA_sign_hash,
 };
 
-static err_t ECDSA_unpack_pubkey_content(union pubkey_content *u,
+static err_t EC_unpack_pubkey_content(union pubkey_content *u,
 					 keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 					 chunk_t pubkey)
 {
-	return unpack_ECDSA_public_key(&u->ecdsa, keyid, ckaid, size, &pubkey);
+	return unpack_EC_public_key(&u->ecPub, keyid, ckaid, size, &pubkey);
 }
 
-static void ECDSA_free_public_content(struct ECDSA_public_key *ecdsa)
+static void EC_free_public_content(struct EC_public_key *ecKey)
 {
-	free_chunk_content(&ecdsa->pub);
-	free_chunk_content(&ecdsa->ecParams);
+	free_chunk_content(&ecKey->pub);
+	free_chunk_content(&ecKey->ecParams);
 	/* ckaid is an embedded struct (no pointer) */
 	/*
 	 * ??? what about ecdsa->pub.{version,ckaid}?
@@ -367,18 +367,18 @@ static void ECDSA_free_public_content(struct ECDSA_public_key *ecdsa)
 	 */
 }
 
-static void ECDSA_free_pubkey_content(union pubkey_content *u)
+static void EC_free_pubkey_content(union pubkey_content *u)
 {
-	ECDSA_free_public_content(&u->ecdsa);
+	EC_free_public_content(&u->ecPub);
 }
 
-static void ECDSA_extract_public_key(struct ECDSA_public_key *pub,
+static void EC_extract_public_key(struct EC_public_key *pub,
 				     keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 				     SECKEYPublicKey *pubkey_nss,
 				     SECItem *ckaid_nss)
 {
-	pub->pub = clone_secitem_as_chunk(pubkey_nss->u.ec.publicValue, "ECDSA pub");
-	pub->ecParams = clone_secitem_as_chunk(pubkey_nss->u.ec.DEREncodedParams, "ECDSA ecParams");
+	pub->pub = clone_secitem_as_chunk(pubkey_nss->u.ec.publicValue, "EC pub");
+	pub->ecParams = clone_secitem_as_chunk(pubkey_nss->u.ec.DEREncodedParams, "EC ecParams");
 	*size = pubkey_nss->u.ec.publicValue.len;
 	*ckaid = ckaid_from_secitem(ckaid_nss);
 	/* keyid */
@@ -394,39 +394,39 @@ static void ECDSA_extract_public_key(struct ECDSA_public_key *pub,
 	}
 }
 
-static void ECDSA_extract_pubkey_content(union pubkey_content *pkc,
+static void EC_extract_pubkey_content(union pubkey_content *pkc,
 					 keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 					 SECKEYPublicKey *pubkey_nss,
 					 SECItem *ckaid_nss)
 {
-	ECDSA_extract_public_key(&pkc->ecdsa, keyid, ckaid, size, pubkey_nss, ckaid_nss);
+	EC_extract_public_key(&pkc->ecPub, keyid, ckaid, size, pubkey_nss, ckaid_nss);
 }
 
-static void ECDSA_extract_private_key_pubkey_content(struct private_key_stuff *pks,
+static void EC_extract_private_key_pubkey_content(struct private_key_stuff *pks,
 						     keyid_t *keyid, ckaid_t *ckaid, size_t *size,
 						     SECKEYPublicKey *pubkey_nss,
 						     SECItem *ckaid_nss)
 {
-	struct ECDSA_private_key *ecdsak = &pks->u.ECDSA_private_key;
-	ECDSA_extract_public_key(&ecdsak->pub, keyid, ckaid, size,
+	struct EC_private_key *ecKey = &pks->u.EC_private_key;
+	EC_extract_public_key(&ecKey->pub, keyid, ckaid, size,
 				 pubkey_nss, ckaid_nss);
 }
 
-static void ECDSA_free_secret_content(struct private_key_stuff *pks)
+static void EC_free_secret_content(struct private_key_stuff *pks)
 {
 	SECKEY_DestroyPrivateKey(pks->private_key);
-	struct ECDSA_private_key *ecdsak = &pks->u.ECDSA_private_key;
-	ECDSA_free_public_content(&ecdsak->pub);
+	struct EC_private_key *ecKey = &pks->u.EC_private_key;
+	EC_free_public_content(&ecKey->pub);
 }
 
 /*
  * The only unsafe (according to FIPS) curve is p192, and NSS does not
  * implement this, so there is no ECDSA curve that libreswan needs to
  * disallow for security reasons
  */
-static err_t ECDSA_secret_sane(struct private_key_stuff *pks_unused UNUSED)
+static err_t EC_secret_sane(struct private_key_stuff *pks_unused UNUSED)
 {
-	dbg("ECDSA is assumed to be sane");
+	dbg("EC Algorithms are assumed to be sane");
 	return NULL;
 }
 
@@ -494,14 +494,14 @@ static struct hash_signature ECDSA_sign_hash(const struct private_key_stuff *pks
 const struct pubkey_type pubkey_type_ecdsa = {
 	.alg = PUBKEY_ALG_ECDSA,
 	.name = "ECDSA",
-	.private_key_kind = PKK_ECDSA,
-	.unpack_pubkey_content = ECDSA_unpack_pubkey_content,
-	.free_pubkey_content = ECDSA_free_pubkey_content,
-	.extract_private_key_pubkey_content = ECDSA_extract_private_key_pubkey_content,
-	.free_secret_content = ECDSA_free_secret_content,
-	.secret_sane = ECDSA_secret_sane,
+	.private_key_kind = PKK_EC,
+	.unpack_pubkey_content = EC_unpack_pubkey_content,
+	.free_pubkey_content = EC_free_pubkey_content,
+	.extract_private_key_pubkey_content = EC_extract_private_key_pubkey_content,
+	.free_secret_content = EC_free_secret_content,
+	.secret_sane = EC_secret_sane,
 	.sign_hash = ECDSA_sign_hash,
-	.extract_pubkey_content = ECDSA_extract_pubkey_content,
+	.extract_pubkey_content = EC_extract_pubkey_content,
 };
 
 const struct pubkey_type *pubkey_alg_type(enum pubkey_alg alg)
@@ -754,7 +754,7 @@ struct secret *lsw_find_secret_by_id(struct secret *secrets,
 							&s->pks.u.RSA_private_key.pub,
 							&best->pks.u.RSA_private_key.pub);
 						break;
-					case PKK_ECDSA:
+					case PKK_EC:
 						/* there are no ECDSA kind of secrets */
 						/* ??? this seems not to be the case */
 						break;
@@ -1504,7 +1504,7 @@ void lsw_free_preshared_secrets(struct secret **psecrets, struct logger *logger)
 				pfree(s->pks.u.preshared_secret.ptr);
 				break;
 			case PKK_RSA:
-			case PKK_ECDSA:
+			case PKK_EC:
 				/* Note: pub is all there is */
 				s->pks.pubkey_type->free_secret_content(&s->pks);
 				break;

diff --git a/programs/pluto/ikev2_ecdsa.c b/programs/pluto/ikev2_ecdsa.c
@@ -73,7 +73,7 @@ bool authsig_using_ECDSA_ikev2_pubkey(const struct crypt_mac *hash, shunk_t sign
 	 */
 
 	/* allocate the pubkey */
-	const struct ECDSA_public_key *k = &kr->u.ecdsa;
+	const struct EC_public_key *k = &kr->u.ecPub;
 	SECKEYPublicKey *publicKey = (SECKEYPublicKey *)
 		PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
 	if (publicKey == NULL) {

diff --git a/programs/pluto/keys.c b/programs/pluto/keys.c
@@ -99,8 +99,8 @@ static int print_secrets(struct secret *secret,
 	case PKK_XAUTH:
 		kind = "XAUTH";
 		break;
-	case PKK_ECDSA:
-		kind = "ECDSA";
+	case PKK_EC:
+		kind = "EC";
 		break;
 	default:
 		return 1;

diff --git a/programs/showhostkey/showhostkey.c b/programs/showhostkey/showhostkey.c
@@ -147,7 +147,7 @@ static void print(struct private_key_stuff *pks,
 	}
 
 	// this never has a secret entry so shouldn't ne needed
-	case PKK_ECDSA: {
+	case PKK_EC: {
 		break;
 	}
 
@@ -224,7 +224,7 @@ static int pick_by_ckaid(struct secret *secret UNUSED,
 			 void *uservoid)
 {
 	char *start = (char *)uservoid;
-	if ((pks->kind == PKK_RSA || pks->kind == PKK_ECDSA) &&
+	if ((pks->kind == PKK_RSA || pks->kind == PKK_EC) &&
 	    ckaid_starts_with(&pks->ckaid, start)) {
 		/* stop */
 		return 0;
@@ -295,7 +295,7 @@ static int show_dnskey(struct private_key_stuff *pks,
 static int show_confkey(struct private_key_stuff *pks,
 			char *side)
 {
-	if (pks->kind != PKK_RSA && pks->kind != PKK_ECDSA) {
+	if (pks->kind != PKK_RSA && pks->kind != PKK_EC) {
 		char *enumstr = "gcc is crazy";
 		switch (pks->kind) {
 		case PKK_PSK:
@@ -325,7 +325,7 @@ static int show_confkey(struct private_key_stuff *pks,
 		       base64);
 		pfree(base64);
 		break;
-	case PKK_ECDSA:
+	case PKK_EC:
 		printf("\t# ecdsakey %s\n",
 		       pks->keyid.keyid);
 		printf("\t%secdsasigkey=%s\n", side,