summaryrefslogtreecommitdiff
path: root/lib/pkcs11_write.c
Commit message (Collapse)AuthorAgeFilesLines
* gnutls_pk_params_st: separate flags/qbits and curveNikos Mavrogiannopoulos2017-08-081-1/+1
| | | | | | | | | | Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: added support for signatures with RSA-PSSNikos Mavrogiannopoulos2017-08-031-0/+3
| | | | | | Relates #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: do not set leading zeros on integersNikos Mavrogiannopoulos2017-06-121-13/+14
| | | | | | | | | | PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. Resolves: #215 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* pkcs11: forbid PKCS#11 extensions to be used in other than trust modulesNikos Mavrogiannopoulos2016-09-271-20/+12
| | | | | | That is, only use the CKA_X_DISTRUSTED and the extension override in p11-kit trust modules, to avoid conflicts with potentially other PKCS#11 extensions.
* pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTEDNikos Mavrogiannopoulos2016-09-261-0/+7
| | | | | This allows to mark objects as distrusted, as well as to be able to list distrusted objects.
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-111-5/+5
|
* Corrected the writing of serial number in PKCS#11 modulesNikos Mavrogiannopoulos2016-06-161-4/+9
| | | | | | That is previously the serial number was written in raw format, but in PKCS#11 the serial number must be set encoded as integer. Report and fix by Stanislav Zidek.
* pkcs11: use ctx as variable name for ck_object_handle_t for clarityNikos Mavrogiannopoulos2016-06-031-11/+11
|
* gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private keyNikos Mavrogiannopoulos2015-12-311-1/+1
|
* gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written objectNikos Mavrogiannopoulos2015-12-311-5/+5
| | | | Previously only RSA objects were correctly written.
* pkcs11: introduced gnutls_pkcs11_copy_pubkeyNikos Mavrogiannopoulos2015-10-161-0/+259
| | | | That allows copying a public key to a PKCS #11 module.
* pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificateNikos Mavrogiannopoulos2015-10-151-2/+16
| | | | | That allows NSS to read and use the written certificate. Relates #43
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-3/+3
|
* Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_infoNikos Mavrogiannopoulos2015-07-101-4/+4
| | | | That allows to obtain the shared module name of a token URL.
* doc updatesNikos Mavrogiannopoulos2015-04-041-7/+13
|
* pkcs11: use key_usage to set the appropriate flagsNikos Mavrogiannopoulos2015-04-041-2/+53
|
* enhanced copy functions to allow specifying a CKA_IDNikos Mavrogiannopoulos2015-03-301-33/+48
|
* gnutls_pkcs11_copy_x509_privkey: increase size for attributesNikos Mavrogiannopoulos2015-03-281-1/+1
|
* pkcs11: added flags to mark keys as not-being signable or decryptableNikos Mavrogiannopoulos2015-03-261-4/+14
| | | | | That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during generation or write of keys.
* pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private keyNikos Mavrogiannopoulos2015-03-261-1/+14
|
* Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIsNikos Mavrogiannopoulos2014-12-231-7/+7
|
* pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flagsNikos Mavrogiannopoulos2014-11-071-0/+12
|
* pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTHNikos Mavrogiannopoulos2014-11-071-1/+8
|
* pkcs11: eliminated the need for struct token_infoNikos Mavrogiannopoulos2014-11-061-4/+4
|
* added gnutls_pkcs11_copy_attached_extension()Nikos Mavrogiannopoulos2014-09-121-35/+147
|
* set CKA_EC_PARAMS when generating an ECDSA keyNikos Mavrogiannopoulos2014-07-071-1/+1
|
* Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.Nikos Mavrogiannopoulos2014-06-161-0/+9
| | | | That flag allows to mark a certificate in the token as a CA (category==CA)
* initialize the size valueNikos Mavrogiannopoulos2014-04-281-0/+1
|
* unified PKCS#11 debug messagesNikos Mavrogiannopoulos2014-01-021-8/+8
|
* do not specify a default class when searching for objects to deleteNikos Mavrogiannopoulos2013-12-231-5/+5
| | | | | This fixed issue when trying to delete all the keys in a token by using the token URL.
* pkcs11_get_random was renamedNikos Mavrogiannopoulos2013-12-211-1/+1
|
* ensure that all the exported pkcs11 functions initialize PKCS #11.Nikos Mavrogiannopoulos2013-12-091-0/+12
|
* Improvements in PKCS #11 support.Nikos Mavrogiannopoulos2013-11-091-3/+7
| | | | | | | | Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer. The latter function allows to obtain the issuer of a certificate stored in a token. While traversing tokens, use the URL provided by the user, to avoid looking for objects in unrelated tokens.
* simplified gnutls_pkcs11_copy_x509_crt()Nikos Mavrogiannopoulos2013-11-091-10/+2
|
* reindented codeNikos Mavrogiannopoulos2013-11-081-736/+694
|
* simplified codeNikos Mavrogiannopoulos2013-10-301-4/+1
|
* get random data from pkcs#11 tokensWolfgang Meyer zu Bergsten2013-10-251-0/+61
| | | | Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
* Use LGPLv2.1 in the files their author's agreed to.Nikos Mavrogiannopoulos2013-02-031-1/+1
|
* GNUTLS_PKCS11_PIN -> GNUTLS_PINNikos Mavrogiannopoulos2012-07-211-2/+2
|
* Added PIN callbacks in structures that may require PIN access to override ↵Nikos Mavrogiannopoulos2012-07-161-4/+4
| | | | the global callbacks.
* PIN callback function was made more generic than PKCS #11.Nikos Mavrogiannopoulos2012-07-161-1/+1
|
* In tokens that allow multiple sessions make the private key session persistent.Nikos Mavrogiannopoulos2012-06-091-24/+25
| | | | This prevents asking for PIN on every private key operation.
* Fixed signed/unsigned warnings.Nikos Mavrogiannopoulos2012-01-211-10/+10
| | | | Dropped opaque type (replaced with uint8_t)
* Add/fix copyright headers.Simon Josefsson2012-01-201-1/+1
|
* GNUTLS_PK_ECC -> GNUTLS_PK_ECNikos Mavrogiannopoulos2012-01-021-2/+2
|
* Corrected ECC key generation.Nikos Mavrogiannopoulos2011-11-101-1/+1
|
* Verify that received ECDH public key lies on the curve.Nikos Mavrogiannopoulos2011-11-051-1/+1
|
* Added Stef to authors of pkcs11.Nikos Mavrogiannopoulos2011-10-201-1/+1
|
* Fix possible infloop and build warning about uninitialied variable.Simon Josefsson2011-09-091-2/+2
|
* Added support to read elliptic curve public keys from PKCS #11 tokens ↵Nikos Mavrogiannopoulos2011-09-061-5/+49
| | | | (untested).
View Lorry Controller Status