Skip to content

Commit 2c5b44e

Browse files
ya-mouseya-mouse
committed
Support for EC keys, fix Attributes processing
1 parent d625823 commit 2c5b44e

2 files changed

Lines changed: 36 additions & 31 deletions

File tree

native-pkcs11-core/Cargo.toml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@ license.workspace = true
1212
der = "0.7.9"
1313
native-pkcs11-traits = { version = "0.2.0", path = "../native-pkcs11-traits" }
1414
spki = "0.7"
15-
der = "0.7"
1615
pkcs1 = { version = "0.7.5", default-features = false }
1716
pkcs11-sys = { version = "0.2.24", path = "../pkcs11-sys" }
1817
pkcs8 = "0.10.2"

native-pkcs11-core/src/object.rs

Lines changed: 36 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,10 @@
1414

1515
use std::{ffi::CString, fmt::Debug, sync::Arc};
1616

17-
use der::{asn1::OctetString, Encode};
17+
use der::{
18+
asn1::{ObjectIdentifier, OctetString},
19+
Encode,
20+
};
1821
use native_pkcs11_traits::{
1922
backend,
2023
Certificate,
@@ -23,11 +26,7 @@ use native_pkcs11_traits::{
2326
PrivateKey,
2427
PublicKey,
2528
};
26-
27-
use spki::SubjectPublicKeyInfoRef;
2829
use pkcs1::{der::Decode, RsaPublicKey};
29-
use der::{asn1::OctetString, asn1::ObjectIdentifier, Encode};
30-
3130
use pkcs11_sys::{
3231
CKC_X_509,
3332
CKK_EC,
@@ -39,6 +38,7 @@ use pkcs11_sys::{
3938
CK_CERTIFICATE_CATEGORY_UNSPECIFIED,
4039
CK_PROFILE_ID,
4140
};
41+
use spki::SubjectPublicKeyInfoRef;
4242
use tracing::debug;
4343

4444
use crate::attribute::{Attribute, AttributeType, Attributes};
@@ -83,8 +83,14 @@ fn extract_ec_params(der_bytes: &[u8]) -> Option<(Vec<u8>, Vec<u8>)> {
8383
// For EC keys, the algorithm parameters contain the curve OID
8484
// For EC keys, the subject public key is the EC point
8585
Some((
86-
ObjectIdentifier::from_bytes(spki.algorithm.parameters.unwrap().value()).unwrap().to_der().unwrap(),
87-
OctetString::new(spki.subject_public_key.raw_bytes()).unwrap().to_der().unwrap(),
86+
ObjectIdentifier::from_bytes(spki.algorithm.parameters.unwrap().value())
87+
.unwrap()
88+
.to_der()
89+
.unwrap(),
90+
OctetString::new(spki.subject_public_key.raw_bytes())
91+
.unwrap()
92+
.to_der()
93+
.unwrap(),
8894
))
8995
}
9096

@@ -140,12 +146,10 @@ impl Object {
140146
.flatten()
141147
.and_then(|public_key| {
142148
let der_bytes = public_key.to_der();
143-
extract_ec_params(&der_bytes).map(|(params, point)| {
144-
match type_ {
145-
AttributeType::EcParams => Attribute::EcParams(params),
146-
AttributeType::EcPoint => Attribute::EcPoint(point),
147-
_ => unreachable!()
148-
}
149+
extract_ec_params(&der_bytes).map(|(params, point)| match type_ {
150+
AttributeType::EcParams => Attribute::EcParams(params),
151+
AttributeType::EcPoint => Attribute::EcPoint(point),
152+
_ => unreachable!(),
149153
})
150154
})
151155
}
@@ -157,7 +161,9 @@ impl Object {
157161
})),
158162
AttributeType::Label => Some(Attribute::Label(private_key.label())),
159163
AttributeType::Local => Some(Attribute::Local(false)),
160-
AttributeType::Modulus | AttributeType::ModulusBits | AttributeType::PublicExponent => {
164+
AttributeType::Modulus
165+
| AttributeType::ModulusBits
166+
| AttributeType::PublicExponent => {
161167
if private_key.algorithm() != KeyAlgorithm::Rsa {
162168
return None;
163169
}
@@ -171,8 +177,10 @@ impl Object {
171177
match type_ {
172178
AttributeType::Modulus => Attribute::Modulus(modulus),
173179
AttributeType::ModulusBits => Attribute::ModulusBits(bits),
174-
AttributeType::PublicExponent => Attribute::PublicExponent(exponent),
175-
_ => unreachable!()
180+
AttributeType::PublicExponent => {
181+
Attribute::PublicExponent(exponent)
182+
}
183+
_ => unreachable!(),
176184
}
177185
})
178186
})
@@ -207,18 +215,18 @@ impl Object {
207215
AttributeType::Derive => Some(Attribute::Derive(false)),
208216
AttributeType::Label => Some(Attribute::Label(pk.label())),
209217
AttributeType::Local => Some(Attribute::Local(false)),
210-
AttributeType::Modulus | AttributeType::ModulusBits | AttributeType::PublicExponent => {
218+
AttributeType::Modulus
219+
| AttributeType::ModulusBits
220+
| AttributeType::PublicExponent => {
211221
if pk.algorithm() != KeyAlgorithm::Rsa {
212222
return None;
213223
}
214224
let der_bytes = pk.to_der();
215-
extract_rsa_params(&der_bytes).map(|(modulus, exponent, bits)| {
216-
match type_ {
217-
AttributeType::Modulus => Attribute::Modulus(modulus),
218-
AttributeType::ModulusBits => Attribute::ModulusBits(bits),
219-
AttributeType::PublicExponent => Attribute::PublicExponent(exponent),
220-
_ => unreachable!()
221-
}
225+
extract_rsa_params(&der_bytes).map(|(modulus, exponent, bits)| match type_ {
226+
AttributeType::Modulus => Attribute::Modulus(modulus),
227+
AttributeType::ModulusBits => Attribute::ModulusBits(bits),
228+
AttributeType::PublicExponent => Attribute::PublicExponent(exponent),
229+
_ => unreachable!(),
222230
})
223231
}
224232
AttributeType::KeyType => Some(Attribute::KeyType(match pk.algorithm() {
@@ -231,12 +239,10 @@ impl Object {
231239
return None;
232240
}
233241
let der_bytes = pk.to_der();
234-
extract_ec_params(&der_bytes).map(|(params, point)| {
235-
match type_ {
236-
AttributeType::EcParams => Attribute::EcParams(params),
237-
AttributeType::EcPoint => Attribute::EcPoint(point),
238-
_ => unreachable!()
239-
}
242+
extract_ec_params(&der_bytes).map(|(params, point)| match type_ {
243+
AttributeType::EcParams => Attribute::EcParams(params),
244+
AttributeType::EcPoint => Attribute::EcPoint(point),
245+
_ => unreachable!(),
240246
})
241247
}
242248
_ => {

0 commit comments

Comments
 (0)