set CKA_EC_PARAMS when generating an ECDSA key

diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index dff3bb38a53f434603dadb7657722d8c18668f8f..99d5f24a5e3ec8dc1d01a07a319bb11165b18449 100644 (file)
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -969,7 +969,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
        if (ret < 0)
                return gnutls_assert_val(ret);
 
-       ret = _gnutls_x509_write_ecc_params(&key->params, parameters);
+       ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters);
        if (ret < 0) {
                _gnutls_free_datum(ecpoint);
                return gnutls_assert_val(ret);

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 434e4a67244b505d4527531235508bba570a04d3..725dcd4c60b6a5da141b3a41b0f8793a9887ba75 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1287,7 +1287,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
        uint8_t *tmp2 = NULL;
        size_t tmp1_size, tmp2_size;
        int ret;
-       
+       ck_rv_t rv;
+
        tmp1_size = tmp2_size = MAX_PK_PARAM_SIZE;
        tmp1 = gnutls_malloc(tmp1_size);
        if (tmp1 == NULL)
@@ -1330,7 +1331,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
                a[1].value = tmp2;
                a[1].value_len = tmp2_size;
 
-               if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+               if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
                    CKR_OK) {
                        ret =
                            _gnutls_set_datum(&pubkey[0], a[0].value,
@@ -1351,7 +1352,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
                        }
                } else {
                        gnutls_assert();
-                       ret = GNUTLS_E_PKCS11_ERROR;
+                       ret = pkcs11_rv_to_err(rv);
                        goto cleanup;
                }
 
@@ -1362,7 +1363,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
                a[1].value = tmp2;
                a[1].value_len = tmp2_size;
 
-               if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+               if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
                    CKR_OK) {
                        pubkey[2].data = a[0].value;
                        pubkey[2].size = a[0].value_len;
@@ -1372,7 +1373,7 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
 
                } else {
                        gnutls_assert();
-                       ret = GNUTLS_E_PKCS11_ERROR;
+                       ret = pkcs11_rv_to_err(rv);
                        goto cleanup;
                }
                break;
@@ -1380,11 +1381,12 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
                a[0].type = CKA_EC_PARAMS;
                a[0].value = tmp1;
                a[0].value_len = tmp1_size;
+
                a[1].type = CKA_EC_POINT;
                a[1].value = tmp2;
                a[1].value_len = tmp2_size;
 
-               if (pkcs11_get_attribute_value(module, pks, obj, a, 2) ==
+               if ((rv = pkcs11_get_attribute_value(module, pks, obj, a, 2)) ==
                    CKR_OK) {
 
                        pubkey[0].data = a[0].value;
@@ -1394,7 +1396,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module,
                        pubkey[1].size = a[1].value_len;
                } else {
                        gnutls_assert();
-                       ret = GNUTLS_E_PKCS11_ERROR;
+
+                       ret = pkcs11_rv_to_err(rv);
                        goto cleanup;
                }
 

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 20a05f5c7f559784a084b8f7145733ff742f90c3..a9c473e711550d39eed8ef04ad821aa3292a5a13 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -624,6 +624,10 @@ gnutls_pkcs11_privkey_generate(const char *url, gnutls_pk_algorithm_t pk,
  * store the DER-encoded public key in the SubjectPublicKeyInfo format 
  * in @pubkey. The @pubkey should be deinitialized using gnutls_free().
  *
+ * Note that when generating an elliptic curve key, the curve
+ * can be substituted in the place of the bits parameter using the
+ * GNUTLS_CURVE_TO_BITS() macro.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
@@ -649,6 +653,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
        struct ck_mechanism mech;
        gnutls_pubkey_t pkey = NULL;
        gnutls_pkcs11_obj_t obj = NULL;
+       gnutls_datum_t der = {NULL, 0};
        ck_key_type_t key_type;
 
        PKCS11_CHECK_INIT;
@@ -733,9 +738,21 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
                a[a_val].value_len = sizeof(tval);
                a_val++;
 
-               a[a_val].type = CKA_MODULUS_BITS;
-               a[a_val].value = &_bits;
-               a[a_val].value_len = sizeof(_bits);
+               if (GNUTLS_BITS_ARE_CURVE(bits)) {
+                       bits = GNUTLS_BITS_TO_CURVE(bits);
+               } else {
+                       bits = _gnutls_ecc_bits_to_curve(bits);
+               }
+
+               ret = _gnutls_x509_write_ecc_params(bits, &der);
+               if (ret < 0) {
+                       gnutls_assert();
+                       goto cleanup;
+               }
+
+               a[a_val].type = CKA_EC_PARAMS;
+               a[a_val].value = der.data;
+               a[a_val].value_len = der.size;
                a_val++;
                break;
        default:
@@ -842,6 +859,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
 
        if (sinfo.pks != 0)
                pkcs11_close_session(&sinfo);
+       gnutls_free(der.data);
 
        return ret;
 }

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index e507215c9204ef610608cae69ffe190633ecd743..cf4bd1a11ee0240f51ba35f3adb21be3b72bad8e 100644 (file)
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -435,7 +435,7 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
        case GNUTLS_PK_EC:
                {
                        ret =
-                           _gnutls_x509_write_ecc_params(&key->params,
+                           _gnutls_x509_write_ecc_params(key->params.flags,
                                                          &p);
                        if (ret < 0) {
                                gnutls_assert();

diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 5036de716482b7eb1440d9669925d24e7882e2f6..d59a0605b0f61b394f85c24d4371009063e8eaf7 100644 (file)
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -145,7 +145,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
                der->size = ASN1_NULL_SIZE;
                return 0;
        case GNUTLS_PK_EC:
-               return _gnutls_x509_write_ecc_params(params, der);
+               return _gnutls_x509_write_ecc_params(params->flags, der);
        default:
                return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
        }
@@ -235,7 +235,7 @@ _gnutls_x509_write_dsa_params(gnutls_pk_params_st * params,
  * Allocates the space used to store the DER data.
  */
 int
-_gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
                              gnutls_datum_t * der)
 {
        int result;
@@ -245,13 +245,7 @@ _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
        der->data = NULL;
        der->size = 0;
 
-       if (params->params_nr < ECC_PUBLIC_PARAMS) {
-               gnutls_assert();
-               result = GNUTLS_E_INVALID_REQUEST;
-               goto cleanup;
-       }
-
-       oid = _gnutls_ecc_curve_get_oid(params->flags);
+       oid = _gnutls_ecc_curve_get_oid(curve);
        if (oid == NULL)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 

diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index de8ec7efa1f0a667987438d494ed2c19a32eb90e..90352ff4f36858ae9ba18525d31428c77af6d524 100644 (file)
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -254,7 +254,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
 int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
                             int dersize, gnutls_pk_params_st * params);
 
-int _gnutls_x509_write_ecc_params(gnutls_pk_params_st * params,
+int _gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
                                  gnutls_datum_t * der);
 int _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params,
                                  gnutls_datum_t * der);