Add functions returning security bits.

Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.
author: Dr. Stephen Henson <steve@openssl.org> 2014-01-18 14:51:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-28 14:49:04 +0000
commit: 2514fa79acba998c2a8d4e5a8288a5b3ae990377 (patch)
tree: 28f4391dc3e8fc22197e53b75360800f182d9b19 /crypto/ec/ec_ameth.c
parent: 4563da1d7c53e969e8d092d018795179bb648a7c (diff)
download: openssl-2514fa79acba998c2a8d4e5a8288a5b3ae990377.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index f024f90497..ae9d5319a3 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -395,6 +395,22 @@ static int ec_bits(const EVP_PKEY *pkey)
 	return ret;
 	}
 
+static int ec_security_bits(const EVP_PKEY *pkey)
+	{
+	int ecbits = ec_bits(pkey);
+	if (ecbits >= 512)
+		return 256;
+	if (ecbits >= 384)
+		return 192;
+	if (ecbits >= 256)
+		return 128;
+	if (ecbits >= 224)
+		return 112;
+	if (ecbits >= 160)
+		return 80;
+	return ecbits / 2;
+	}
+
 static int ec_missing_parameters(const EVP_PKEY *pkey)
 	{
 	if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
@@ -659,6 +675,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth =
 
 	int_ec_size,
 	ec_bits,
+	ec_security_bits,
 
 	eckey_param_decode,
 	eckey_param_encode,
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-18 14:51:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-28 14:49:04 +0000
commit	2514fa79acba998c2a8d4e5a8288a5b3ae990377 (patch)
tree	28f4391dc3e8fc22197e53b75360800f182d9b19 /crypto/ec/ec_ameth.c
parent	4563da1d7c53e969e8d092d018795179bb648a7c (diff)
download	openssl-2514fa79acba998c2a8d4e5a8288a5b3ae990377.tar.gz