On Fri, Mar 18, 2016, Viktor Dukhovni wrote:
> On Fri, Mar 18, 2016 at 06:59:36PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
>
> > Answered my own question: should use EVP_PKEY_bits(pkey) instead.
>
> That's not the right way to determine the curve id.
>
> > >How do I determine what curve the above key is on?
>
> For that you need to determine the EVP_PKEY algorithm type:
>
> int type = EVP_PKEY_base_id(pkey);
>
> if (type == EVP_PKEY_EC) {
> EC_KEY *key = EVP_PKEY_get0_EC_KEY(pkey);
> EC_GROUP *group = EC_KEY_get0_group(key);
>
> /* Use that group to generate more points */
> }
>
> So you don't need code to specifically identify the group, but if
> you want to constrain the supported groups:
>
> switch (EC_GROUP_get_curve_name(group)) {
> case NID_undef:
> default:
> /* Unknown or not named group */
>
> case NID_X9_62_prime256v1:
> /* P-256 */
> ...
>
> case NID_secp384r1:
> /* P-384 */
>
> ...
> }
>
There is another way too. An EVP_PKEY can also be used to contain parameters
and it is permissible to pass a private or public key as a set of parameters.
In outline you call:
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(privkey, NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_keygen(pctx, &newkey);
EVP_PKEY_CTX_free(pctx);
This works with other algorithms like DSA/DH too so you'll probably want to
check the key is of the correct type first.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
