diff options
| author | Simo Sorce <simo@redhat.com> | 2018-10-25 10:03:01 -0400 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-11-19 16:50:13 +0100 |
| commit | 88377775a3eff679a9ec60ab9bfc6b3c683a0407 (patch) | |
| tree | 758b81f44c5884106aec82eb93b074d69871b80a /lib | |
| parent | a853e12076f66154d893a1b97de44d91c5269d68 (diff) | |
| download | gnutls-88377775a3eff679a9ec60ab9bfc6b3c683a0407.tar.gz | |
Add support for EDDSA/Ed25519 object support via PKCS#11
Tested with softHSM 2.5.0
Resolves #417
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pkcs11_int.h | 9 | ||||
| -rw-r--r-- | lib/pkcs11_privkey.c | 23 | ||||
| -rw-r--r-- | lib/pkcs11_write.c | 48 |
3 files changed, 80 insertions, 0 deletions
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 76c09b460a..9c81f4e19d 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -226,6 +226,8 @@ static inline int pk_to_mech(gnutls_pk_algorithm_t pk) return CKM_RSA_PKCS; else if (pk == GNUTLS_PK_RSA_PSS) return CKM_RSA_PKCS_PSS; + else if (pk == GNUTLS_PK_EDDSA_ED25519) + return CKM_EDDSA; else return -1; } @@ -238,6 +240,8 @@ static inline int pk_to_key_type(gnutls_pk_algorithm_t pk) return CKK_ECDSA; else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) return CKK_RSA; + else if (pk == GNUTLS_PK_EDDSA_ED25519) + return CKK_EC_EDWARDS; else return -1; } @@ -250,6 +254,8 @@ static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m) return GNUTLS_PK_DSA; else if (m == CKK_ECDSA) return GNUTLS_PK_EC; + else if (m == CKK_EC_EDWARDS) + return GNUTLS_PK_EDDSA_ED25519; else return GNUTLS_PK_UNKNOWN; } @@ -265,6 +271,9 @@ static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type) } else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) { *type = CKK_RSA; return CKM_RSA_PKCS_KEY_PAIR_GEN; + } else if (pk == GNUTLS_PK_EDDSA_ED25519) { + *type = CKK_EC_EDWARDS; + return CKM_EDDSA; } else { *type = -1; return -1; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index b721ed1252..f643a69a66 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -1075,6 +1075,29 @@ gnutls_pkcs11_privkey_generate3(const char *url, gnutls_pk_algorithm_t pk, a[a_val].value = der.data; a[a_val].value_len = der.size; a_val++; + + break; + case GNUTLS_PK_EDDSA_ED25519: + p[p_val].type = CKA_SIGN; + p[p_val].value = (void *) &tval; + p[p_val].value_len = sizeof(tval); + p_val++; + + a[a_val].type = CKA_VERIFY; + a[a_val].value = (void *) &tval; + a[a_val].value_len = sizeof(tval); + a_val++; + + ret = _gnutls_x509_write_ecc_params(GNUTLS_ECC_CURVE_ED25519, &der); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + a[a_val].type = CKA_EC_PARAMS; + a[a_val].value = der.data; + a[a_val].value_len = der.size; + a_val++; break; default: ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index cb5b65d508..07dd98e9c6 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -357,6 +357,29 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a, unsigned * (*a_val)++; break; } + case GNUTLS_PK_EDDSA_ED25519: { + gnutls_datum_t params; + + ret = + _gnutls_x509_write_ecc_params(pubkey->params.curve, + ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + a[*a_val].type = CKA_EC_PARAMS; + a[*a_val].value = params.data; + a[*a_val].value_len = params.size; + (*a_val)++; + + a[*a_val].type = CKA_EC_POINT; + a[*a_val].value = pubkey->params.raw_pub.data; + a[*a_val].value_len = pubkey->params.raw_pub.size; + (*a_val)++; + break; + } + default: _gnutls_debug_log("requested writing public key of unsupported type %u\n", (unsigned)pk); return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -920,6 +943,30 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } + case GNUTLS_PK_EDDSA_ED25519: + { + ret = + _gnutls_x509_write_ecc_params(key->params.curve, + &p); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + type = CKK_EC_EDWARDS; + + a[a_val].type = CKA_EC_PARAMS; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; + + a[a_val].type = CKA_VALUE; + a[a_val].value = key->params.raw_priv.data; + a[a_val].value_len = key->params.raw_priv.size; + a_val++; + + break; + } default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; @@ -966,6 +1013,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } case GNUTLS_PK_EC: + case GNUTLS_PK_EDDSA_ED25519: { gnutls_free(p.data); gnutls_free(x.data); |