[crypto] Allow ecPublicKey to be identified as a public-key algorithm

Add a public-key algorithm to the definition of the "ecPublicKey"
OID-identified algorithm, and move this definition to ecdsa.c to avoid
unconditionally dragging in ECDSA support.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/asn1.c

@@ -83,19 +83,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define EINFO_ENOTTY_ALGORITHM \
 	__einfo_uniqify ( EINFO_ENOTTY, 0x01, "Inappropriate algorithm" )
 
-/** "ecPublicKey" object identifier */
-static uint8_t oid_ecpublickey[] = { ASN1_OID_ECPUBLICKEY };
-
-/** Generic elliptic curve container algorithm
- *
- * The actual curve to be used is identified via the algorithm
- * parameters, rather than the top-level OID.
- */
-struct asn1_algorithm ecpubkey_algorithm __asn1_algorithm = {
-	.name = "ecPublicKey",
-	.oid = ASN1_CURSOR ( oid_ecpublickey ),
-};
-
 /**
  * Start parsing ASN.1 object
  *
@@ -664,22 +651,24 @@ int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
  * Parse ASN.1 OID-identified elliptic curve algorithm
  *
  * @v cursor		ASN.1 object cursor
+ * @v wrapper		Optional wrapper algorithm, or NULL
  * @ret algorithm	Algorithm
  * @ret rc		Return status code
  */
 int asn1_curve_algorithm ( const struct asn1_cursor *cursor,
+			   struct asn1_algorithm *wrapper,
 			   struct asn1_algorithm **algorithm ) {
 	struct asn1_cursor curve;
 
 	/* Elliptic curves are identified as either:
 	 *
-	 * - the algorithm "id-ecPublicKey" with the actual curve
+	 * - a wrapper algorithm "id-ecPublicKey" with the actual
-	 *   specified in the algorithm parameters, or
+	 *   curve specified in the algorithm parameters, or
 	 *
 	 * - a standalone object identifier for the curve
 	 */
-	if ( asn1_check_algorithm ( cursor, &ecpubkey_algorithm,
+	if ( wrapper && asn1_check_algorithm ( cursor, wrapper,
-				    &curve ) != 0 ) {
+					       &curve ) != 0 ) {
 		memcpy ( &curve, cursor, sizeof ( curve ) );
 	}
 

src/crypto/ecdsa.c

@@ -63,6 +63,20 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define EINFO_EINVAL_SIGNATURE \
 	__einfo_uniqify ( EINFO_EINVAL, 0x05, "Invalid signature" )
 
+/** "ecPublicKey" object identifier */
+static uint8_t oid_ecpublickey[] = { ASN1_OID_ECPUBLICKEY };
+
+/** Generic elliptic curve container algorithm
+ *
+ * The actual curve to be used is identified via the algorithm
+ * parameters, rather than the top-level OID.
+ */
+struct asn1_algorithm ecpubkey_algorithm __asn1_algorithm = {
+	.name = "ecPublicKey",
+	.oid = ASN1_CURSOR ( oid_ecpublickey ),
+	.pubkey = &ecdsa_algorithm,
+};
+
 /** An ECDSA key */
 struct ecdsa_key {
 	/** Elliptic curve */
@@ -197,7 +211,8 @@ static int ecdsa_parse_key ( struct ecdsa_key *key,
 	asn1_enter_bits ( &cursor, NULL );
 
 	/* Identify curve */
-	if ( ( rc = asn1_curve_algorithm ( &curve, &algorithm ) ) != 0 ) {
+	if ( ( rc = asn1_curve_algorithm ( &curve, &ecpubkey_algorithm,
+					   &algorithm ) ) != 0 ) {
 		DBGC ( key, "ECDSA %p unknown curve: %s\n",
 		       key, strerror ( rc ) );
 		DBGC_HDA ( key, 0, raw->data, raw->len );

src/include/ipxe/asn1.h

@@ -506,6 +506,7 @@ extern int asn1_cipher_algorithm ( const struct asn1_cursor *cursor,
 extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
 				      struct asn1_algorithm **algorithm );
 extern int asn1_curve_algorithm ( const struct asn1_cursor *cursor,
+				  struct asn1_algorithm *wrapper,
 				  struct asn1_algorithm **algorithm );
 extern int asn1_check_algorithm ( const struct asn1_cursor *cursor,
 				  struct asn1_algorithm *expected,