diff options
-rw-r--r-- | lib/gnutls_pubkey.c | 2 | ||||
-rw-r--r-- | lib/pkcs11.c | 14 | ||||
-rw-r--r-- | lib/pkcs11_privkey.c | 24 | ||||
-rw-r--r-- | lib/pkcs11_write.c | 2 | ||||
-rw-r--r-- | lib/x509/key_encode.c | 12 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 2 |
6 files changed, 35 insertions, 21 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 6866d8c4c5..a38505b53b 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -965,7 +965,7 @@ int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_x509_write_ecc_params(&key->params, parameters); + ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters); if (ret < 0) { _gnutls_free_datum(ecpoint); return gnutls_assert_val(ret); diff --git a/lib/pkcs11.c b/lib/pkcs11.c index defe59c284..72fc22823f 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1199,6 +1199,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, uint8_t tmp1[2048]; uint8_t tmp2[2048]; int ret; + ck_rv_t rv; switch (key_type) { case CKK_RSA: @@ -1241,7 +1242,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, a[1].value = tmp2; a[1].value_len = sizeof(tmp2); - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { ret = _gnutls_set_datum(&pubkey[0], a[0].value, @@ -1261,7 +1262,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, } } else { gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; + return pkcs11_rv_to_err(rv); } a[0].type = CKA_BASE; @@ -1271,7 +1272,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, a[1].value = tmp2; a[1].value_len = sizeof(tmp2); - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { ret = _gnutls_set_datum(&pubkey[2], a[0].value, @@ -1293,18 +1294,19 @@ int pkcs11_read_pubkey(struct ck_function_list *module, } } else { gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; + return pkcs11_rv_to_err(rv); } break; case CKK_ECDSA: a[0].type = CKA_EC_PARAMS; a[0].value = tmp1; a[0].value_len = sizeof(tmp1); + a[1].type = CKA_EC_POINT; a[1].value = tmp2; a[1].value_len = sizeof(tmp2); - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { ret = _gnutls_set_datum(&pubkey[0], a[0].value, @@ -1324,7 +1326,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, } } else { gnutls_assert(); - return GNUTLS_E_PKCS11_ERROR; + return pkcs11_rv_to_err(rv); } break; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index c5877d5d7e..1da31739d3 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -585,6 +585,10 @@ gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk, * store the DER-encoded public key in the SubjectPublicKeyInfo format * in @pubkey. The @pubkey should be deinitialized using gnutls_free(). * + * Note that when generating an elliptic curve key, the curve + * can be substituted in the place of the bits parameter using the + * GNUTLS_CURVE_TO_BITS() macro. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -610,6 +614,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, struct ck_mechanism mech; gnutls_pubkey_t pkey = NULL; gnutls_pkcs11_obj_t obj = NULL; + gnutls_datum_t der = {NULL, 0}; ck_key_type_t key_type; memset(&sinfo, 0, sizeof(sinfo)); @@ -692,9 +697,21 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, a[a_val].value_len = sizeof(tval); a_val++; - a[a_val].type = CKA_MODULUS_BITS; - a[a_val].value = &_bits; - a[a_val].value_len = sizeof(_bits); + if (GNUTLS_BITS_ARE_CURVE(bits)) { + bits = GNUTLS_BITS_TO_CURVE(bits); + } else { + bits = _gnutls_ecc_bits_to_curve(bits); + } + + ret = _gnutls_x509_write_ecc_params(bits, &der); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + a[a_val].type = CKA_EC_PARAMS; + a[a_val].value = der.data; + a[a_val].value_len = der.size; a_val++; break; default: @@ -800,6 +817,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, gnutls_pubkey_deinit(pkey); if (sinfo.pks != 0) pkcs11_close_session(&sinfo); + gnutls_free(der.data); return ret; } diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 844bbb94bc..3af02ce4ed 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -421,7 +421,7 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url, case GNUTLS_PK_EC: { ret = - _gnutls_x509_write_ecc_params(&key->params, + _gnutls_x509_write_ecc_params(key->params.flags, &p); if (ret < 0) { gnutls_assert(); diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index b22c1b860a..7ca0049f7a 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -144,7 +144,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo, der->size = ASN1_NULL_SIZE; return 0; case GNUTLS_PK_EC: - return _gnutls_x509_write_ecc_params(params, der); + return _gnutls_x509_write_ecc_params(params->flags, der); default: return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } @@ -234,7 +234,7 @@ _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params, * Allocates the space used to store the DER data. */ int -_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, +_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve, gnutls_datum_t * der) { int result; @@ -244,13 +244,7 @@ _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, der->data = NULL; der->size = 0; - if (params->params_nr < ECC_PUBLIC_PARAMS) { - gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } - - oid = _gnutls_ecc_curve_get_oid(params->flags); + oid = _gnutls_ecc_curve_get_oid(curve); if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index ae6d7c3e55..9011869b8e 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -253,7 +253,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der, int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der, int dersize, gnutls_pk_params_st * params); -int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, +int _gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve, gnutls_datum_t * der); int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params, gnutls_datum_t * der); |