pkcs11: Unbreak importing EdDSA keys with curve name in parameters

Fixes: #1515
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index c46d1f7e61ab27194a30370c0e4a64ba1f044784..47a7cb6a97df0bee98be0b32a4f4519efb667e59 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1909,9 +1909,8 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
 
                        pobj->pubkey_size = 2;
 
-                       ret = _gnutls_x509_read_ecc_params(pobj->pubkey[0].data,
-                                                          pobj->pubkey[0].size,
-                                                          &curve);
+                       ret = _gnutls_pubkey_parse_ecc_eddsa_params(
+                               &pobj->pubkey[0], &curve);
                        if (ret < 0) {
                                ret = GNUTLS_E_INVALID_REQUEST;
                                goto cleanup;

diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 891e98f96263bfc3b29da544e39652d79fcb406a..b3a046c30be5e839aad5ee49e4218d828e4d0d7a 100644 (file)
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -236,6 +236,9 @@ int _gnutls_pkcs11_privkey_decrypt_data2(gnutls_pkcs11_privkey_t key,
 int _pkcs11_privkey_get_pubkey(gnutls_pkcs11_privkey_t pkey,
                               gnutls_pubkey_t *pub, unsigned flags);
 
+int _gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters,
+                                         gnutls_ecc_curve_t *outcurve);
+
 static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
 {
        if (pk == GNUTLS_PK_DSA)

diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index b9f36c0a625ccf9136bd03e2cc6496ed2197c2db..5093a6d569e7f4b06bb41be97cedda69116acf56 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -515,12 +515,15 @@ key_type_to_pk(struct ck_function_list *module, ck_session_handle_t pks,
 
                if (pkcs11_get_attribute_value(module, pks, ctx, a, 1) ==
                    CKR_OK) {
+                       const gnutls_datum_t pubkey = {
+                               .data = a[0].value, .size = a[0].value_len
+                       };
                        gnutls_ecc_curve_t curve;
                        const gnutls_ecc_curve_entry_st *ce;
                        int ret;
 
-                       ret = _gnutls_x509_read_ecc_params(
-                               a[0].value, a[0].value_len, &curve);
+                       ret = _gnutls_pubkey_parse_ecc_eddsa_params(&pubkey,
+                                                                   &curve);
                        if (ret < 0) {
                                goto edwards_cleanup;
                        }

diff --git a/lib/pubkey.c b/lib/pubkey.c
index 1139ad99fcdb42a6b72dad244a509a96f72eab65..c3e4168b1f87f2d3de4e7ace8a0967f75a5f2075 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -363,9 +363,8 @@ int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
 
 /* The EC_PARAMS attribute can contain either printable string with curve name
  * or OID defined in RFC 8410 */
-static int
-gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters,
-                                    gnutls_ecc_curve_t *outcurve)
+int _gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters,
+                                         gnutls_ecc_curve_t *outcurve)
 {
        gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
        asn1_node asn1 = NULL;
@@ -475,7 +474,7 @@ static int gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
        gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
        gnutls_datum_t raw_point = { NULL, 0 };
 
-       ret = gnutls_pubkey_parse_ecc_eddsa_params(parameters, &curve);
+       ret = _gnutls_pubkey_parse_ecc_eddsa_params(parameters, &curve);
        if (ret < 0) {
                return gnutls_assert_val(ret);
        }