diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h --- a/lib/freebl/blapit.h +++ b/lib/freebl/blapit.h @@ -387,17 +387,18 @@ typedef struct DHPrivateKeyStr DHPrivate */ /* ** The ECParams data structures can encode elliptic curve ** parameters for both GFp and GF2m curves. */ typedef enum { ec_params_explicit, - ec_params_named + ec_params_named, + ec_params_edwards_named } ECParamsType; typedef enum { ec_field_GFp = 1, ec_field_GF2m, ec_field_plain } ECFieldType; struct ECFieldIDStr { diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c --- a/lib/freebl/ecdecode.c +++ b/lib/freebl/ecdecode.c @@ -171,16 +171,17 @@ EC_FillParams(PLArenaPool *arena, const * (the NIST P-521 curve) */ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_SECG_PRIME_521R1, ec_field_GFp, params)); break; case SEC_OID_CURVE25519: /* Populate params for Curve25519 */ + params->type = ec_params_edwards_named; CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519, ec_field_plain, params)); break; default: break; }; diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -1921,17 +1921,17 @@ sftk_GetPubKey(SFTKObject *object, CK_KE /* special note: We can't just use the first byte to distinguish * between EC_POINT_FORM_UNCOMPRESSED and SEC_ASN1_OCTET_STRING. * Both are 0x04. */ /* Handle the non-DER encoded case. * Some curves are always pressumed to be non-DER. */ if (pubKey->u.ec.publicValue.len == keyLen && - (pubKey->u.ec.ecParams.fieldID.type == ec_field_plain || + (pubKey->u.ec.ecParams.type == ec_params_edwards_named || pubKey->u.ec.publicValue.data[0] == EC_POINT_FORM_UNCOMPRESSED)) { break; /* key was not DER encoded, no need to unwrap */ } /* handle the encoded case */ if ((pubKey->u.ec.publicValue.data[0] == SEC_ASN1_OCTET_STRING) && pubKey->u.ec.publicValue.len > keyLen) { SECItem publicValue; @@ -1941,17 +1941,17 @@ sftk_GetPubKey(SFTKObject *object, CK_KE SEC_ASN1_GET(SEC_OctetStringTemplate), &pubKey->u.ec.publicValue); /* nope, didn't decode correctly */ if ((rv != SECSuccess) || (publicValue.len != keyLen)) { crv = CKR_ATTRIBUTE_VALUE_INVALID; break; } /* we don't handle compressed points except in the case of ECCurve25519 */ - if ((pubKey->u.ec.ecParams.fieldID.type != ec_field_plain) && + if ((pubKey->u.ec.ecParams.type != ec_params_edwards_named) && (publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED)) { crv = CKR_ATTRIBUTE_VALUE_INVALID; break; } /* replace our previous with the decoded key */ pubKey->u.ec.publicValue = publicValue; break; } diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -5655,17 +5655,17 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS sftk_fatalError = PR_TRUE; } PORT_FreeArena(ecParams->arena, PR_TRUE); crv = sftk_MapCryptError(PORT_GetError()); break; } if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT") || - ecParams->fieldID.type == ec_field_plain) { + ecParams->type == ec_params_edwards_named) { PORT_FreeArena(ecParams->arena, PR_TRUE); crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, sftk_item_expand(&ecPriv->publicValue)); } else { PORT_FreeArena(ecParams->arena, PR_TRUE); SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, &ecPriv->publicValue, SEC_ASN1_GET(SEC_OctetStringTemplate));