diff options
author | Simo Sorce <simo@redhat.com> | 2018-10-25 10:03:01 -0400 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-19 16:50:13 +0100 |
commit | 88377775a3eff679a9ec60ab9bfc6b3c683a0407 (patch) | |
tree | 758b81f44c5884106aec82eb93b074d69871b80a /lib/pkcs11_write.c | |
parent | a853e12076f66154d893a1b97de44d91c5269d68 (diff) | |
download | gnutls-88377775a3eff679a9ec60ab9bfc6b3c683a0407.tar.gz |
Add support for EDDSA/Ed25519 object support via PKCS#11
Tested with softHSM 2.5.0
Resolves #417
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/pkcs11_write.c')
-rw-r--r-- | lib/pkcs11_write.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index cb5b65d508..07dd98e9c6 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -357,6 +357,29 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned * (*a_val)++; break; } + case GNUTLS_PK_EDDSA_ED25519: { + gnutls_datum_t params; + + ret = + _gnutls_x509_write_ecc_params(pubkey->params.curve, + ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + a[*a_val].type = CKA_EC_PARAMS; + a[*a_val].value = params.data; + a[*a_val].value_len = params.size; + (*a_val)++; + + a[*a_val].type = CKA_EC_POINT; + a[*a_val].value = pubkey->params.raw_pub.data; + a[*a_val].value_len = pubkey->params.raw_pub.size; + (*a_val)++; + break; + } + default: _gnutls_debug_log("requested writing public key of unsupported type %u\n", (unsigned)pk); return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -920,6 +943,30 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } + case GNUTLS_PK_EDDSA_ED25519: + { + ret = + _gnutls_x509_write_ecc_params(key->params.curve, + &p); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + type = CKK_EC_EDWARDS; + + a[a_val].type = CKA_EC_PARAMS; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; + + a[a_val].type = CKA_VALUE; + a[a_val].value = key->params.raw_priv.data; + a[a_val].value_len = key->params.raw_priv.size; + a_val++; + + break; + } default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; @@ -966,6 +1013,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } case GNUTLS_PK_EC: + case GNUTLS_PK_EDDSA_ED25519: { gnutls_free(p.data); gnutls_free(x.data); |