pkcs11: set the modulus bits on RSA keys

That value is necessary when using RSA-PSS keys.

Relates #402

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 3ba9c550138c3e47c66eaa7a13d6e12ec458fe3d..2b0b07ad2d38ccd01bcb8f60c196214d16e82207 100644 (file)
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -64,6 +64,7 @@ struct gnutls_pkcs11_obj_st {
 struct gnutls_pkcs11_privkey_st {
        gnutls_pk_algorithm_t pk_algorithm;
        unsigned int rsa_pss_ok; /* if it is an RSA key, it can do RSA-PSS */
+       unsigned int bits;
 
        unsigned int flags;
        struct p11_kit_uri *uinfo;

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index fd1997c8cc3734a2033a0f07b2d2ba033ddfbcc7..48e4836ab20c42b3a9d2a8841091fc7c24a7748c 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -156,7 +156,7 @@ gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
                                       unsigned int *bits)
 {
        if (bits)
-               *bits = 0;      /* FIXME */
+               *bits = key->bits;
        return key->pk_algorithm;
 }
 
@@ -567,7 +567,6 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
        a[0].type = CKA_KEY_TYPE;
        a[0].value = &key_type;
        a[0].value_len = sizeof(key_type);
-
        if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1)
            == CKR_OK) {
                pkey->pk_algorithm = key_type_to_pk(key_type);
@@ -580,7 +579,16 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
                goto cleanup;
        }
 
+
        if (pkey->pk_algorithm == GNUTLS_PK_RSA) { /* determine whether it can do rsa-pss */
+               a[0].type = CKA_MODULUS;
+               a[0].value = NULL;
+               a[0].value_len = 0;
+               if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1)
+                   == CKR_OK) {
+                       pkey->bits = a[0].value_len*8;
+               }
+
                ret = gnutls_pkcs11_token_check_mechanism(url, CKM_RSA_PKCS_PSS, NULL, 0, 0);
                if (ret != 0)
                        pkey->rsa_pss_ok = 1;