set CKA_EC_PARAMS when generating an ECDSA key

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-07 14:37:00 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-07 14:37:00 +0200
commit: 66d2bde1cf2928388d2f2eec3c4cb0bd366bcd53 (patch)
tree: a9f9b7177a469dba5f3d5ba1d0352aaefc1d21e3
parent: a21a9bba32948860ac7e19b2969282c0abf5e9eb (diff)
download: gnutls-66d2bde1cf2928388d2f2eec3c4cb0bd366bcd53.tar.gz
6 files changed, 37 insertions, 22 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index dff3bb38a5..99d5f24a5e 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -969,7 +969,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
+	ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters);
 	if (ret < 0) {
 		_gnutls_free_datum(ecpoint);
 		return gnutls_assert_val(ret);
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 434e4a6724..725dcd4c60 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1287,7 +1287,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 	uint8_t *tmp2 = NULL;
 	size_t tmp1_size, tmp2_size;
 	int ret;
-	
+	ck_rv_t rv;
+
 	tmp1_size = tmp2_size = MAX_PK_PARAM_SIZE;
 	tmp1 = gnutls_malloc(tmp1_size);
 	if (tmp1 == NULL)
@@ -1330,7 +1331,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		a[1].value = tmp2;
 		a[1].value_len = tmp2_size;
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 			ret =
 			    _gnutls_set_datum(&pubkey[0], a[0].value,
@@ -1351,7 +1352,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 			}
 		} else {
 			gnutls_assert();
-			ret = GNUTLS_E_PKCS11_ERROR;
+			ret = pkcs11_rv_to_err(rv);
 			goto cleanup;
 		}
 
@@ -1362,7 +1363,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		a[1].value = tmp2;
 		a[1].value_len = tmp2_size;
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 			pubkey[2].data = a[0].value;
 			pubkey[2].size = a[0].value_len;
@@ -1372,7 +1373,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 
 		} else {
 			gnutls_assert();
-			ret = GNUTLS_E_PKCS11_ERROR;
+			ret = pkcs11_rv_to_err(rv);
 			goto cleanup;
 		}
 		break;
@@ -1380,11 +1381,12 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 		a[0].type = CKA_EC_PARAMS;
 		a[0].value = tmp1;
 		a[0].value_len = tmp1_size;
+
 		a[1].type = CKA_EC_POINT;
 		a[1].value = tmp2;
 		a[1].value_len = tmp2_size;
 
-		if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+		if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
 		    CKR_OK) {
 
 			pubkey[0].data = a[0].value;
@@ -1394,7 +1396,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 			pubkey[1].size = a[1].value_len;
 		} else {
 			gnutls_assert();
-			ret = GNUTLS_E_PKCS11_ERROR;
+
+			ret = pkcs11_rv_to_err(rv);
 			goto cleanup;
 		}
 
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 20a05f5c7f..a9c473e711 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -624,6 +624,10 @@ gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
  * store the DER-encoded public key in the SubjectPublicKeyInfo format 
  * in @pubkey. The @pubkey should be deinitialized using gnutls_free().
  *
+ * Note that when generating an elliptic curve key, the curve
+ * can be substituted in the place of the bits parameter using the
+ * GNUTLS_CURVE_TO_BITS() macro.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
@@ -649,6 +653,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 	struct ck_mechanism mech;
 	gnutls_pubkey_t pkey = NULL;
 	gnutls_pkcs11_obj_t obj = NULL;
+	gnutls_datum_t der = {NULL, 0};
 	ck_key_type_t key_type;
 
 	PKCS11_CHECK_INIT;
@@ -733,9 +738,21 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 		a[a_val].value_len = sizeof(tval);
 		a_val++;
 
-		a[a_val].type = CKA_MODULUS_BITS;
-		a[a_val].value = &_bits;
-		a[a_val].value_len = sizeof(_bits);
+		if (GNUTLS_BITS_ARE_CURVE(bits)) {
+			bits = GNUTLS_BITS_TO_CURVE(bits);
+		} else {
+			bits = _gnutls_ecc_bits_to_curve(bits);
+		}
+
+		ret = _gnutls_x509_write_ecc_params(bits, &der);
+		if (ret < 0) {
+			gnutls_assert();
+			goto cleanup;
+		}
+
+		a[a_val].type = CKA_EC_PARAMS;
+		a[a_val].value = der.data;
+		a[a_val].value_len = der.size;
 		a_val++;
 		break;
 	default:
@@ -842,6 +859,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 
 	if (sinfo.pks != 0)
 		pkcs11_close_session(&sinfo);
+	gnutls_free(der.data);
 
 	return ret;
 }
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index e507215c92..cf4bd1a11e 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -435,7 +435,7 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 	case GNUTLS_PK_EC:
 		{
 			ret =
-			    _gnutls_x509_write_ecc_params(&key->params,
+			    _gnutls_x509_write_ecc_params(key->params.flags,
 							  &p);
 			if (ret < 0) {
 				gnutls_assert();
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 5036de7164..d59a0605b0 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -145,7 +145,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
 		der->size = ASN1_NULL_SIZE;
 		return 0;
 	case GNUTLS_PK_EC:
-		return _gnutls_x509_write_ecc_params(params, der);
+		return _gnutls_x509_write_ecc_params(params->flags, der);
 	default:
 		return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 	}
@@ -235,7 +235,7 @@ _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
  * Allocates the space used to store the DER data.
  */
 int
-_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
 			      gnutls_datum_t * der)
 {
 	int result;
@@ -245,13 +245,7 @@ _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
 	der->data = NULL;
 	der->size = 0;
 
-	if (params->params_nr < ECC_PUBLIC_PARAMS) {
-		gnutls_assert();
-		result = GNUTLS_E_INVALID_REQUEST;
-		goto cleanup;
-	}
-
-	oid = _gnutls_ecc_curve_get_oid(params->flags);
+	oid = _gnutls_ecc_curve_get_oid(curve);
 	if (oid == NULL)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index de8ec7efa1..90352ff4f3 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -254,7 +254,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
 int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
 			     int dersize, gnutls_pk_params_st * params);
 
-int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+int _gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
 				  gnutls_datum_t * der);
 int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
 				  gnutls_datum_t * der);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-07 14:37:00 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-07 14:37:00 +0200
commit	66d2bde1cf2928388d2f2eec3c4cb0bd366bcd53 (patch)
tree	a9f9b7177a469dba5f3d5ba1d0352aaefc1d21e3
parent	a21a9bba32948860ac7e19b2969282c0abf5e9eb (diff)
download	gnutls-66d2bde1cf2928388d2f2eec3c4cb0bd366bcd53.tar.gz