Add support for loading EdDSA keys from PKCS#11 and using them

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Jakub Jelen <jjelen@redhat.com> 2020-02-28 16:18:58 +0100
committer: Jakub Jelen <jjelen@redhat.com> 2020-02-28 19:01:27 +0100
commit: 287f02228ed659ba0912e4359fb20171cd47ccb1 (patch)
tree: d4f7bd40ead3903bc5686e9caa09a6095ca595a7
parent: ad5b1569c6a5e143bee49c050645c32d6acb7708 (diff)
download: gnutls-287f02228ed659ba0912e4359fb20171cd47ccb1.tar.gz
2 files changed, 60 insertions, 0 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 2ef0e3e025..8b65212a50 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1897,6 +1897,35 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		}
 
 		break;
+#ifdef HAVE_CKM_EDDSA
+	case CKK_EC_EDWARDS:
+		a[0].type = CKA_EC_PARAMS;
+		a[0].value = tmp1;
+		a[0].value_len = tmp1_size;
+
+		a[1].type = CKA_EC_POINT;
+		a[1].value = tmp2;
+		a[1].value_len = tmp2_size;
+
+		if ((rv = pkcs11_get_attribute_value(module, pks, ctx, a, 2)) ==
+		    CKR_OK) {
+
+			pobj->pubkey[0].data = a[0].value;
+			pobj->pubkey[0].size = a[0].value_len;
+
+			pobj->pubkey[1].data = a[1].value;
+			pobj->pubkey[1].size = a[1].value_len;
+
+			pobj->pubkey_size = 2;
+		} else {
+			gnutls_assert();
+
+			ret = pkcs11_rv_to_err(rv);
+			goto cleanup;
+		}
+
+		break;
+#endif
 	default:
 		_gnutls_debug_log("requested reading public key of unsupported type %u\n", (unsigned)key_type);
 		ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
diff --git a/lib/pubkey.c b/lib/pubkey.c
index eb7fdbaa82..0e0d0ada47 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -362,6 +362,33 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
 
 #ifdef ENABLE_PKCS11
 
+
+static int
+gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
+			       const gnutls_datum_t * parameters,
+			       const gnutls_datum_t * ecpoint)
+{
+	int ret;
+	gnutls_datum_t raw_point = {NULL, 0};
+
+	/* TODO handle parameters containing curve name to figure
+	 * out if it is Ed25519, Ed448 or even something else */
+
+	ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
+					 ecpoint->data, ecpoint->size,
+					 &raw_point, 0);
+	if (ret < 0) {
+		gnutls_assert();
+		gnutls_free(raw_point.data);
+		return ret;
+	}
+	ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519,
+					   &raw_point, NULL);
+
+	gnutls_free(raw_point.data);
+	return ret;
+}
+
 /**
  * gnutls_pubkey_import_pkcs11:
  * @key: The public key
@@ -438,6 +465,10 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
 		ret = gnutls_pubkey_import_ecc_x962(key, &obj->pubkey[0],
 						    &obj->pubkey[1]);
 		break;
+	case GNUTLS_PK_EDDSA_ED25519:
+		ret = gnutls_pubkey_import_ecc_eddsa(key, &obj->pubkey[0],
+						     &obj->pubkey[1]);
+		break;
 	default:
 		gnutls_assert();
 		return GNUTLS_E_UNIMPLEMENTED_FEATURE;
author	Jakub Jelen <jjelen@redhat.com>	2020-02-28 16:18:58 +0100
committer	Jakub Jelen <jjelen@redhat.com>	2020-02-28 19:01:27 +0100
commit	287f02228ed659ba0912e4359fb20171cd47ccb1 (patch)
tree	d4f7bd40ead3903bc5686e9caa09a6095ca595a7
parent	ad5b1569c6a5e143bee49c050645c32d6acb7708 (diff)
download	gnutls-287f02228ed659ba0912e4359fb20171cd47ccb1.tar.gz