diff options
-rw-r--r-- | lib/gnutls_pubkey.c | 2 | ||||
-rw-r--r-- | lib/pkcs11.c | 17 | ||||
-rw-r--r-- | lib/pkcs11_privkey.c | 24 | ||||
-rw-r--r-- | lib/pkcs11_write.c | 2 | ||||
-rw-r--r-- | lib/x509/key_encode.c | 12 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 2 |
6 files changed, 37 insertions, 22 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index dff3bb38a5..99d5f24a5e 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -969,7 +969,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_x509_write_ecc_params(&key->params, parameters); + ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters); if (ret < 0) { _gnutls_free_datum(ecpoint); return gnutls_assert_val(ret); diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 434e4a6724..725dcd4c60 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1287,7 +1287,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module, uint8_t *tmp2 = NULL; size_t tmp1_size, tmp2_size; int ret; - + ck_rv_t rv; + tmp1_size = tmp2_size = MAX_PK_PARAM_SIZE; tmp1 = gnutls_malloc(tmp1_size); if (tmp1 == NULL) @@ -1330,7 +1331,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, a[1].value = tmp2; a[1].value_len = tmp2_size; - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { ret = _gnutls_set_datum(&pubkey[0], a[0].value, @@ -1351,7 +1352,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, } } else { gnutls_assert(); - ret = GNUTLS_E_PKCS11_ERROR; + ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -1362,7 +1363,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, a[1].value = tmp2; a[1].value_len = tmp2_size; - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { pubkey[2].data = a[0].value; pubkey[2].size = a[0].value_len; @@ -1372,7 +1373,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module, } else { gnutls_assert(); - ret = GNUTLS_E_PKCS11_ERROR; + ret = pkcs11_rv_to_err(rv); goto cleanup; } break; @@ -1380,11 +1381,12 @@ int pkcs11_read_pubkey(struct ck_function_list *module, a[0].type = CKA_EC_PARAMS; a[0].value = tmp1; a[0].value_len = tmp1_size; + a[1].type = CKA_EC_POINT; a[1].value = tmp2; a[1].value_len = tmp2_size; - if (pkcs11_get_attribute_value(module, pks, obj, a, 2) == + if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) == CKR_OK) { pubkey[0].data = a[0].value; @@ -1394,7 +1396,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module, pubkey[1].size = a[1].value_len; } else { gnutls_assert(); - ret = GNUTLS_E_PKCS11_ERROR; + + ret = pkcs11_rv_to_err(rv); goto cleanup; } diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 20a05f5c7f..a9c473e711 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -624,6 +624,10 @@ gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk, * store the DER-encoded public key in the SubjectPublicKeyInfo format * in @pubkey. The @pubkey should be deinitialized using gnutls_free(). * + * Note that when generating an elliptic curve key, the curve + * can be substituted in the place of the bits parameter using the + * GNUTLS_CURVE_TO_BITS() macro. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -649,6 +653,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, struct ck_mechanism mech; gnutls_pubkey_t pkey = NULL; gnutls_pkcs11_obj_t obj = NULL; + gnutls_datum_t der = {NULL, 0}; ck_key_type_t key_type; PKCS11_CHECK_INIT; @@ -733,9 +738,21 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, a[a_val].value_len = sizeof(tval); a_val++; - a[a_val].type = CKA_MODULUS_BITS; - a[a_val].value = &_bits; - a[a_val].value_len = sizeof(_bits); + if (GNUTLS_BITS_ARE_CURVE(bits)) { + bits = GNUTLS_BITS_TO_CURVE(bits); + } else { + bits = _gnutls_ecc_bits_to_curve(bits); + } + + ret = _gnutls_x509_write_ecc_params(bits, &der); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + a[a_val].type = CKA_EC_PARAMS; + a[a_val].value = der.data; + a[a_val].value_len = der.size; a_val++; break; default: @@ -842,6 +859,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, if (sinfo.pks != 0) pkcs11_close_session(&sinfo); + gnutls_free(der.data); return ret; } diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index e507215c92..cf4bd1a11e 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -435,7 +435,7 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url, case GNUTLS_PK_EC: { ret = - _gnutls_x509_write_ecc_params(&key->params, + _gnutls_x509_write_ecc_params(key->params.flags, &p); if (ret < 0) { gnutls_assert(); diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 5036de7164..d59a0605b0 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -145,7 +145,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo, der->size = ASN1_NULL_SIZE; return 0; case GNUTLS_PK_EC: - return _gnutls_x509_write_ecc_params(params, der); + return _gnutls_x509_write_ecc_params(params->flags, der); default: return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } @@ -235,7 +235,7 @@ _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params, * Allocates the space used to store the DER data. */ int -_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, +_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve, gnutls_datum_t * der) { int result; @@ -245,13 +245,7 @@ _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, der->data = NULL; der->size = 0; - if (params->params_nr < ECC_PUBLIC_PARAMS) { - gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } - - oid = _gnutls_ecc_curve_get_oid(params->flags); + oid = _gnutls_ecc_curve_get_oid(curve); if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index de8ec7efa1..90352ff4f3 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -254,7 +254,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der, int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der, int dersize, gnutls_pk_params_st * params); -int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params, +int _gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve, gnutls_datum_t * der); int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params, gnutls_datum_t * der); |