[riot-notifications] [RIOT-OS/RIOT] sys/credman: add key load functions (#16263)

Aiman Ismail notifications at github.com
Tue Apr 6 16:51:18 CEST 2021


@pokgak commented on this pull request.



> +
+    /* point to version, it SHALL be 1 */
+    asn1_tree *node = priv_key.child;
+    if (!node || node->type != ASN1_TYPE_INTEGER || node->data[0] != 0x01) {
+        DEBUG("credman: invalid private key version\n");
+        return CREDMAN_INVALID;
+    }
+
+    /* point to privateKey */
+    node = node->next;
+    if (!node || node->type != ASN1_TYPE_OCTET_STRING || !node->data || !node->length) {
+        DEBUG("credman: invalid private key\n");
+        return CREDMAN_INVALID;
+    }
+
+    cred->type = CREDMAN_TYPE_ECDSA;

Thinking from the side of integrating with other (D)TLS libraries, I think it makes sense to have it along with the keys. Then when loading the key, we can use it to check if the currently used library supports the curve. For example here, tinydtls only support one curve but wolfssl supports [multiple curves][1]. Bonus point, this is also how it's done in [BearSSL][2].

[1]: https://www.wolfssl.com/using-supported-elliptic-curves-extension-with-wolfssl/
[2]: https://www.bearssl.org/gitweb/?p=BearSSL;a=blob;f=inc/bearssl_ec.h;h=acd3a2bf5a5550fe99130d9e4b99f7db2169c69d;hb=HEAD#l248

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/16263#discussion_r607921716
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210406/9483110a/attachment-0001.htm>


More information about the notifications mailing list