set CKA_EC_PARAMS when generating an ECDSA key

Conflicts: lib/pkcs11.c
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-07 14:37:00 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-07 14:39:10 +0200
commit: 0ee960594caa714070a38d138d7d3fab72b5202d (patch)
tree: 9a7fe9f3ce02b4a8b60a239fcc4eb22baa213895
parent: 01cb158459d293671a9e037da0e48439d51e7fcc (diff)
download: gnutls-0ee960594caa714070a38d138d7d3fab72b5202d.tar.gz
6 files changed, 35 insertions, 21 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 6866d8c4c5..a38505b53b 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -965,7 +965,7 @@ int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
+	ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters);
 	if (ret < 0) {
 		_gnutls_free_datum(ecpoint);
 		return gnutls_assert_val(ret);
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index defe59c284..72fc22823f 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1199,6 +1199,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 	uint8_t tmp1[2048];
 	uint8_t tmp2[2048];
 	int ret;
+	ck_rv_t rv;
 
 	switch (key_type) {
 	case CKK_RSA:
@@ -1241,7 +1242,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		a[1].value = tmp2;
 		a[1].value_len = sizeof(tmp2);
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 			ret =
 			    _gnutls_set_datum(&pubkey[0], a[0].value,
@@ -1261,7 +1262,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 			}
 		} else {
 			gnutls_assert();
-			return GNUTLS_E_PKCS11_ERROR;
+			return pkcs11_rv_to_err(rv);
 		}
 
 		a[0].type = CKA_BASE;
@@ -1271,7 +1272,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		a[1].value = tmp2;
 		a[1].value_len = sizeof(tmp2);
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 			ret =
 			    _gnutls_set_datum(&pubkey[2], a[0].value,
@@ -1293,18 +1294,19 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 			}
 		} else {
 			gnutls_assert();
-			return GNUTLS_E_PKCS11_ERROR;
+			return pkcs11_rv_to_err(rv);
 		}
 		break;
 	case CKK_ECDSA:
 		a[0].type = CKA_EC_PARAMS;
 		a[0].value = tmp1;
 		a[0].value_len = sizeof(tmp1);
+
 		a[1].type = CKA_EC_POINT;
 		a[1].value = tmp2;
 		a[1].value_len = sizeof(tmp2);
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 			ret =
 			    _gnutls_set_datum(&pubkey[0], a[0].value,
@@ -1324,7 +1326,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 			}
 		} else {
 			gnutls_assert();
-			return GNUTLS_E_PKCS11_ERROR;
+			return pkcs11_rv_to_err(rv);
 		}
 
 		break;
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index c5877d5d7e..1da31739d3 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -585,6 +585,10 @@ gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
  * store the DER-encoded public key in the SubjectPublicKeyInfo format 
  * in @pubkey. The @pubkey should be deinitialized using gnutls_free().
  *
+ * Note that when generating an elliptic curve key, the curve
+ * can be substituted in the place of the bits parameter using the
+ * GNUTLS_CURVE_TO_BITS() macro.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
@@ -610,6 +614,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 	struct ck_mechanism mech;
 	gnutls_pubkey_t pkey = NULL;
 	gnutls_pkcs11_obj_t obj = NULL;
+	gnutls_datum_t der = {NULL, 0};
 	ck_key_type_t key_type;
 
 	memset(&sinfo, 0, sizeof(sinfo));
@@ -692,9 +697,21 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 		a[a_val].value_len = sizeof(tval);
 		a_val++;
 
-		a[a_val].type = CKA_MODULUS_BITS;
-		a[a_val].value = &_bits;
-		a[a_val].value_len = sizeof(_bits);
+		if (GNUTLS_BITS_ARE_CURVE(bits)) {
+			bits = GNUTLS_BITS_TO_CURVE(bits);
+		} else {
+			bits = _gnutls_ecc_bits_to_curve(bits);
+		}
+
+		ret = _gnutls_x509_write_ecc_params(bits, &der);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
+		a[a_val].type = CKA_EC_PARAMS;
+		a[a_val].value = der.data;
+		a[a_val].value_len = der.size;
 		a_val++;
 		break;
 	default:
@@ -800,6 +817,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 		gnutls_pubkey_deinit(pkey);
 	if (sinfo.pks != 0)
 		pkcs11_close_session(&sinfo);
+	gnutls_free(der.data);
 
 	return ret;
 }
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 844bbb94bc..3af02ce4ed 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -421,7 +421,7 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 	case GNUTLS_PK_EC:
 		{
 			ret =
-			    _gnutls_x509_write_ecc_params(&key->params,
+			    _gnutls_x509_write_ecc_params(key->params.flags,
 							  &p);
 			if (ret < 0) {
 				gnutls_assert();
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index b22c1b860a..7ca0049f7a 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -144,7 +144,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
 		der->size = ASN1_NULL_SIZE;
 		return 0;
 	case GNUTLS_PK_EC:
-		return _gnutls_x509_write_ecc_params(params, der);
+		return _gnutls_x509_write_ecc_params(params->flags, der);
 	default:
 		return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 	}
@@ -234,7 +234,7 @@ _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
  * Allocates the space used to store the DER data.
  */
 int
-_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
 			      gnutls_datum_t * der)
 {
 	int result;
@@ -244,13 +244,7 @@ _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
 	der->data = NULL;
 	der->size = 0;
 
-	if (params->params_nr < ECC_PUBLIC_PARAMS) {
-		gnutls_assert();
-		result = GNUTLS_E_INVALID_REQUEST;
-		goto cleanup;
-	}
-
-	oid = _gnutls_ecc_curve_get_oid(params->flags);
+	oid = _gnutls_ecc_curve_get_oid(curve);
 	if (oid == NULL)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index ae6d7c3e55..9011869b8e 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -253,7 +253,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
 int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
 			     int dersize, gnutls_pk_params_st * params);
 
-int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+int _gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
 				  gnutls_datum_t * der);
 int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
 				  gnutls_datum_t * der);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-07 14:37:00 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-07 14:39:10 +0200
commit	0ee960594caa714070a38d138d7d3fab72b5202d (patch)
tree	9a7fe9f3ce02b4a8b60a239fcc4eb22baa213895
parent	01cb158459d293671a9e037da0e48439d51e7fcc (diff)
download	gnutls-0ee960594caa714070a38d138d7d3fab72b5202d.tar.gz