diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-03-02 23:40:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-03-02 23:45:12 +0100 |
commit | 991b9daffd32e470372479f49a75f1bd83209e91 (patch) | |
tree | a8503d518e418e774eef46450239606d25942826 | |
parent | 8deb88e713dc3a5a0682d88bebd4e9a24707f184 (diff) | |
download | gnutls-tmp-rsa-pss-fix.tar.gz |
pkcs11: set the modulus bits on RSA keystmp-rsa-pss-fix
That value is necessary when using RSA-PSS keys.
Relates #402
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | lib/pkcs11_int.h | 1 | ||||
-rw-r--r-- | lib/pkcs11_privkey.c | 12 |
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 3ba9c55013..2b0b07ad2d 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -64,6 +64,7 @@ struct gnutls_pkcs11_obj_st { struct gnutls_pkcs11_privkey_st { gnutls_pk_algorithm_t pk_algorithm; unsigned int rsa_pss_ok; /* if it is an RSA key, it can do RSA-PSS */ + unsigned int bits; unsigned int flags; struct p11_kit_uri *uinfo; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index fd1997c8cc..48e4836ab2 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -156,7 +156,7 @@ gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, unsigned int *bits) { if (bits) - *bits = 0; /* FIXME */ + *bits = key->bits; return key->pk_algorithm; } @@ -567,7 +567,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, a[0].type = CKA_KEY_TYPE; a[0].value = &key_type; a[0].value_len = sizeof(key_type); - if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1) == CKR_OK) { pkey->pk_algorithm = key_type_to_pk(key_type); @@ -580,7 +579,16 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, goto cleanup; } + if (pkey->pk_algorithm == GNUTLS_PK_RSA) { /* determine whether it can do rsa-pss */ + a[0].type = CKA_MODULUS; + a[0].value = NULL; + a[0].value_len = 0; + if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1) + == CKR_OK) { + pkey->bits = a[0].value_len*8; + } + ret = gnutls_pkcs11_token_check_mechanism(url, CKM_RSA_PKCS_PSS, NULL, 0, 0); if (ret != 0) pkey->rsa_pss_ok = 1; |