diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-29 03:00:30 +0000 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-29 03:00:30 +0000 |
commit | 6f33bd8864e6a065534e2ac26748d8c792bc0b9c (patch) | |
tree | 51942c94e35064da439c20b2fed987fc7d6edf3c | |
parent | 5640b8665feebed66db25268d588cd233c2fab6e (diff) | |
parent | 6de555791519e598054d1f6ee3088ce3f9675c96 (diff) | |
download | gnutls-6f33bd8864e6a065534e2ac26748d8c792bc0b9c.tar.gz |
Merge branch 'ckm-eddsa' into 'master'
lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA
Closes #626
See merge request gnutls/gnutls!823
-rw-r--r-- | lib/pkcs11_int.h | 13 | ||||
-rw-r--r-- | lib/pkcs11_write.c | 2 |
2 files changed, 15 insertions, 0 deletions
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 9c81f4e19d..8facfa8686 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -28,6 +28,11 @@ #include <gnutls/pkcs11.h> #include <x509/x509_int.h> +/* Part of PKCS#11 3.0 interface, which was added in p11-kit 0.23.14 */ +#ifdef CKM_EDDSA +#define HAVE_CKM_EDDSA +#endif + #define PKCS11_ID_SIZE 128 #define PKCS11_LABEL_SIZE 128 @@ -226,8 +231,10 @@ static inline int pk_to_mech(gnutls_pk_algorithm_t pk) return CKM_RSA_PKCS; else if (pk == GNUTLS_PK_RSA_PSS) return CKM_RSA_PKCS_PSS; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKM_EDDSA; +#endif else return -1; } @@ -240,8 +247,10 @@ static inline int pk_to_key_type(gnutls_pk_algorithm_t pk) return CKK_ECDSA; else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) return CKK_RSA; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKK_EC_EDWARDS; +#endif else return -1; } @@ -254,8 +263,10 @@ static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m) return GNUTLS_PK_DSA; else if (m == CKK_ECDSA) return GNUTLS_PK_EC; +#ifdef HAVE_CKM_EDDSA else if (m == CKK_EC_EDWARDS) return GNUTLS_PK_EDDSA_ED25519; +#endif else return GNUTLS_PK_UNKNOWN; } @@ -271,9 +282,11 @@ static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type) } else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) { *type = CKK_RSA; return CKM_RSA_PKCS_KEY_PAIR_GEN; +#ifdef HAVE_CKM_EDDSA } else if (pk == GNUTLS_PK_EDDSA_ED25519) { *type = CKK_EC_EDWARDS; return CKM_EDDSA; +#endif } else { *type = -1; return -1; diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 07dd98e9c6..98afd169c7 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -943,6 +943,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#ifdef HAVE_CKM_EDDSA case GNUTLS_PK_EDDSA_ED25519: { ret = @@ -967,6 +968,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#endif default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; |