diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-28 14:10:35 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-28 23:37:34 +0300 |
| commit | 6de555791519e598054d1f6ee3088ce3f9675c96 (patch) | |
| tree | 51942c94e35064da439c20b2fed987fc7d6edf3c | |
| parent | 5640b8665feebed66db25268d588cd233c2fab6e (diff) | |
| download | gnutls-ckm-eddsa.tar.gz | |
lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSAckm-eddsa
pkcs11 support code uses several definitions from forthcoming PKCS#11
standard version. Older p11-kit versions do not provide these
definitions. Detect and disable code supporting EdDSA if compiling
GnuTLS with older p11-kit library.
Closes #626
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/pkcs11_int.h | 13 | ||||
| -rw-r--r-- | lib/pkcs11_write.c | 2 |
2 files changed, 15 insertions, 0 deletions
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 9c81f4e19d..8facfa8686 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -28,6 +28,11 @@ #include <gnutls/pkcs11.h> #include <x509/x509_int.h> +/* Part of PKCS#11 3.0 interface, which was added in p11-kit 0.23.14 */ +#ifdef CKM_EDDSA +#define HAVE_CKM_EDDSA +#endif + #define PKCS11_ID_SIZE 128 #define PKCS11_LABEL_SIZE 128 @@ -226,8 +231,10 @@ static inline int pk_to_mech(gnutls_pk_algorithm_t pk) return CKM_RSA_PKCS; else if (pk == GNUTLS_PK_RSA_PSS) return CKM_RSA_PKCS_PSS; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKM_EDDSA; +#endif else return -1; } @@ -240,8 +247,10 @@ static inline int pk_to_key_type(gnutls_pk_algorithm_t pk) return CKK_ECDSA; else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) return CKK_RSA; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKK_EC_EDWARDS; +#endif else return -1; } @@ -254,8 +263,10 @@ static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m) return GNUTLS_PK_DSA; else if (m == CKK_ECDSA) return GNUTLS_PK_EC; +#ifdef HAVE_CKM_EDDSA else if (m == CKK_EC_EDWARDS) return GNUTLS_PK_EDDSA_ED25519; +#endif else return GNUTLS_PK_UNKNOWN; } @@ -271,9 +282,11 @@ static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type) } else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) { *type = CKK_RSA; return CKM_RSA_PKCS_KEY_PAIR_GEN; +#ifdef HAVE_CKM_EDDSA } else if (pk == GNUTLS_PK_EDDSA_ED25519) { *type = CKK_EC_EDWARDS; return CKM_EDDSA; +#endif } else { *type = -1; return -1; diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 07dd98e9c6..98afd169c7 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -943,6 +943,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#ifdef HAVE_CKM_EDDSA case GNUTLS_PK_EDDSA_ED25519: { ret = @@ -967,6 +968,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#endif default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; |