Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | gnutls_pk_params_st: separate flags/qbits and curve | Nikos Mavrogiannopoulos | 2017-08-08 | 1 | -1/+1 |
| | | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: added support for signatures with RSA-PSS | Nikos Mavrogiannopoulos | 2017-08-03 | 1 | -0/+3 |
| | | | | | | Relates #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: do not set leading zeros on integers | Nikos Mavrogiannopoulos | 2017-06-12 | 1 | -13/+14 |
| | | | | | | | | | | PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. Resolves: #215 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | pkcs11: forbid PKCS#11 extensions to be used in other than trust modules | Nikos Mavrogiannopoulos | 2016-09-27 | 1 | -20/+12 |
| | | | | | | That is, only use the CKA_X_DISTRUSTED and the extension override in p11-kit trust modules, to avoid conflicts with potentially other PKCS#11 extensions. | ||||
* | pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED | Nikos Mavrogiannopoulos | 2016-09-26 | 1 | -0/+7 |
| | | | | | This allows to mark objects as distrusted, as well as to be able to list distrusted objects. | ||||
* | several spacing fixes to keep syntax-check happy | Nikos Mavrogiannopoulos | 2016-09-11 | 1 | -5/+5 |
| | |||||
* | Corrected the writing of serial number in PKCS#11 modules | Nikos Mavrogiannopoulos | 2016-06-16 | 1 | -4/+9 |
| | | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek. | ||||
* | pkcs11: use ctx as variable name for ck_object_handle_t for clarity | Nikos Mavrogiannopoulos | 2016-06-03 | 1 | -11/+11 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key | Nikos Mavrogiannopoulos | 2015-12-31 | 1 | -1/+1 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object | Nikos Mavrogiannopoulos | 2015-12-31 | 1 | -5/+5 |
| | | | | Previously only RSA objects were correctly written. | ||||
* | pkcs11: introduced gnutls_pkcs11_copy_pubkey | Nikos Mavrogiannopoulos | 2015-10-16 | 1 | -0/+259 |
| | | | | That allows copying a public key to a PKCS #11 module. | ||||
* | pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate | Nikos Mavrogiannopoulos | 2015-10-15 | 1 | -2/+16 |
| | | | | | That allows NSS to read and use the written certificate. Relates #43 | ||||
* | Removed the 'gnutls_' prefix from files to simplify file naming | Nikos Mavrogiannopoulos | 2015-08-23 | 1 | -3/+3 |
| | |||||
* | Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info | Nikos Mavrogiannopoulos | 2015-07-10 | 1 | -4/+4 |
| | | | | That allows to obtain the shared module name of a token URL. | ||||
* | doc updates | Nikos Mavrogiannopoulos | 2015-04-04 | 1 | -7/+13 |
| | |||||
* | pkcs11: use key_usage to set the appropriate flags | Nikos Mavrogiannopoulos | 2015-04-04 | 1 | -2/+53 |
| | |||||
* | enhanced copy functions to allow specifying a CKA_ID | Nikos Mavrogiannopoulos | 2015-03-30 | 1 | -33/+48 |
| | |||||
* | gnutls_pkcs11_copy_x509_privkey: increase size for attributes | Nikos Mavrogiannopoulos | 2015-03-28 | 1 | -1/+1 |
| | |||||
* | pkcs11: added flags to mark keys as not-being signable or decryptable | Nikos Mavrogiannopoulos | 2015-03-26 | 1 | -4/+14 |
| | | | | | That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during generation or write of keys. | ||||
* | pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key | Nikos Mavrogiannopoulos | 2015-03-26 | 1 | -1/+14 |
| | |||||
* | Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs | Nikos Mavrogiannopoulos | 2014-12-23 | 1 | -7/+7 |
| | |||||
* | pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags | Nikos Mavrogiannopoulos | 2014-11-07 | 1 | -0/+12 |
| | |||||
* | pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH | Nikos Mavrogiannopoulos | 2014-11-07 | 1 | -1/+8 |
| | |||||
* | pkcs11: eliminated the need for struct token_info | Nikos Mavrogiannopoulos | 2014-11-06 | 1 | -4/+4 |
| | |||||
* | added gnutls_pkcs11_copy_attached_extension() | Nikos Mavrogiannopoulos | 2014-09-12 | 1 | -35/+147 |
| | |||||
* | set CKA_EC_PARAMS when generating an ECDSA key | Nikos Mavrogiannopoulos | 2014-07-07 | 1 | -1/+1 |
| | |||||
* | Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. | Nikos Mavrogiannopoulos | 2014-06-16 | 1 | -0/+9 |
| | | | | That flag allows to mark a certificate in the token as a CA (category==CA) | ||||
* | initialize the size value | Nikos Mavrogiannopoulos | 2014-04-28 | 1 | -0/+1 |
| | |||||
* | unified PKCS#11 debug messages | Nikos Mavrogiannopoulos | 2014-01-02 | 1 | -8/+8 |
| | |||||
* | do not specify a default class when searching for objects to delete | Nikos Mavrogiannopoulos | 2013-12-23 | 1 | -5/+5 |
| | | | | | This fixed issue when trying to delete all the keys in a token by using the token URL. | ||||
* | pkcs11_get_random was renamed | Nikos Mavrogiannopoulos | 2013-12-21 | 1 | -1/+1 |
| | |||||
* | ensure that all the exported pkcs11 functions initialize PKCS #11. | Nikos Mavrogiannopoulos | 2013-12-09 | 1 | -0/+12 |
| | |||||
* | Improvements in PKCS #11 support. | Nikos Mavrogiannopoulos | 2013-11-09 | 1 | -3/+7 |
| | | | | | | | | Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer. The latter function allows to obtain the issuer of a certificate stored in a token. While traversing tokens, use the URL provided by the user, to avoid looking for objects in unrelated tokens. | ||||
* | simplified gnutls_pkcs11_copy_x509_crt() | Nikos Mavrogiannopoulos | 2013-11-09 | 1 | -10/+2 |
| | |||||
* | reindented code | Nikos Mavrogiannopoulos | 2013-11-08 | 1 | -736/+694 |
| | |||||
* | simplified code | Nikos Mavrogiannopoulos | 2013-10-30 | 1 | -4/+1 |
| | |||||
* | get random data from pkcs#11 tokens | Wolfgang Meyer zu Bergsten | 2013-10-25 | 1 | -0/+61 |
| | | | | Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com> | ||||
* | Use LGPLv2.1 in the files their author's agreed to. | Nikos Mavrogiannopoulos | 2013-02-03 | 1 | -1/+1 |
| | |||||
* | GNUTLS_PKCS11_PIN -> GNUTLS_PIN | Nikos Mavrogiannopoulos | 2012-07-21 | 1 | -2/+2 |
| | |||||
* | Added PIN callbacks in structures that may require PIN access to override ↵ | Nikos Mavrogiannopoulos | 2012-07-16 | 1 | -4/+4 |
| | | | | the global callbacks. | ||||
* | PIN callback function was made more generic than PKCS #11. | Nikos Mavrogiannopoulos | 2012-07-16 | 1 | -1/+1 |
| | |||||
* | In tokens that allow multiple sessions make the private key session persistent. | Nikos Mavrogiannopoulos | 2012-06-09 | 1 | -24/+25 |
| | | | | This prevents asking for PIN on every private key operation. | ||||
* | Fixed signed/unsigned warnings. | Nikos Mavrogiannopoulos | 2012-01-21 | 1 | -10/+10 |
| | | | | Dropped opaque type (replaced with uint8_t) | ||||
* | Add/fix copyright headers. | Simon Josefsson | 2012-01-20 | 1 | -1/+1 |
| | |||||
* | GNUTLS_PK_ECC -> GNUTLS_PK_EC | Nikos Mavrogiannopoulos | 2012-01-02 | 1 | -2/+2 |
| | |||||
* | Corrected ECC key generation. | Nikos Mavrogiannopoulos | 2011-11-10 | 1 | -1/+1 |
| | |||||
* | Verify that received ECDH public key lies on the curve. | Nikos Mavrogiannopoulos | 2011-11-05 | 1 | -1/+1 |
| | |||||
* | Added Stef to authors of pkcs11. | Nikos Mavrogiannopoulos | 2011-10-20 | 1 | -1/+1 |
| | |||||
* | Fix possible infloop and build warning about uninitialied variable. | Simon Josefsson | 2011-09-09 | 1 | -2/+2 |
| | |||||
* | Added support to read elliptic curve public keys from PKCS #11 tokens ↵ | Nikos Mavrogiannopoulos | 2011-09-06 | 1 | -5/+49 |
| | | | | (untested). |