gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
- const char *srk_password);
+ const char *srk_password,
+ unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
gnutls_digest_algorithm_t *
int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
+/* The following flag disables call to PIN callbacks etc.
+ * Only works for TPM keys.
+ */
+#define GNUTLS_PUBKEY_DISABLE_CALLBACKS (1<<2)
int
gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
gnutls_sign_algorithm_t algo,
#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
+/* The following flag disables call to PIN callbacks etc.
+ * Only works for TPM keys.
+ */
+#define GNUTLS_PRIVKEY_DISABLE_CALLBACKS (1<<2)
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key,
unsigned int flags);
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
const char *srk_password,
- const char *tpm_password);
+ const char *tpm_password, unsigned int flags);
int
gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
* @key_password: A password for the key (optional)
*
* This function will import the given private key to the abstract
- * #gnutls_privkey_t structure. If a password is needed to access
- * TPM then or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned. If the key password
- * is wrong or not provided then %GNUTLS_E_TPM_KEY_PASSWORD_ERROR
- * is returned.
+ * #gnutls_privkey_t structure.
+ *
+ * With respect to passwords the same as in gnutls_privkey_import_tpm_url() apply.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
const char *srk_password,
- const char *key_password)
+ const char *key_password,
+ unsigned int flags)
{
- return import_tpm_key_cb(pkey, fdata, format, NULL, srk_password, key_password);
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ return import_tpm_key(pkey, fdata, format, NULL, srk_password, key_password);
+ else
+ return import_tpm_key_cb(pkey, fdata, format, NULL, srk_password, key_password);
}
struct tpmkey_url_st
* @url: The URL of the TPM key to be imported
* @srk_password: The password for the SRK key (optional)
* @key_password: A password for the key (optional)
- * @flags: should be zero
+ * @flags: One of the %GNUTLS_PRIVKEY flags
*
* This function will import the given private key to the abstract
- * #gnutls_privkey_t structure. If a password is needed to access
- * TPM then or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned. If the key password
+ * #gnutls_privkey_t structure.
+ *
+ * Note that unless %GNUTLS_PRIVKEY_DISABLE_CALLBACKS
+ * is specified, if incorrect (or NULL) passwords are given
+ * the PKCS11 callback functions will be used to obtain the
+ * correct passwords. Otherwise if the SRK password is wrong
+ * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned and if the key password
* is wrong or not provided then %GNUTLS_E_TPM_KEY_PASSWORD_ERROR
* is returned.
*
}
ret = gnutls_privkey_import_tpm_raw (pkey, &fdata, GNUTLS_X509_FMT_PEM,
- srk_password, key_password);
+ srk_password, key_password, flags);
if (ret < 0)
{
gnutls_assert();
}
else if (durl.uuid_set)
{
- ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, srk_password, key_password);
+ if (flags & GNUTLS_PRIVKEY_DISABLE_CALLBACKS)
+ ret = import_tpm_key (pkey, NULL, 0, &durl.uuid, srk_password, key_password);
+ else
+ ret = import_tpm_key_cb (pkey, NULL, 0, &durl.uuid, srk_password, key_password);
if (ret < 0)
{
gnutls_assert();
* @format: The format of the private key
* @srk_password: The password for the SRK key (optional)
* @key_password: A password for the key (optional)
+ * @flags: One of the %GNUTLS_PUBKEY flags
*
* This function will import the public key from the provided
- * TPM key structure. If a password is needed to decrypt
- * the provided key or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
+ * TPM key structure.
+ *
+ * With respect to passwords the same as in gnutls_pubkey_import_tpm_url() apply.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
- const char *srk_password)
+ const char *srk_password,
+ unsigned int flags)
{
- return import_tpm_pubkey_cb(pkey, fdata, format, NULL, srk_password);
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ return import_tpm_pubkey_cb(pkey, fdata, format, NULL, srk_password);
+ else
+ return import_tpm_pubkey(pkey, fdata, format, NULL, srk_password);
}
/**
* @flags: should be zero
*
* This function will import the given private key to the abstract
- * #gnutls_privkey_t structure. If a password is needed to access
- * TPM then or the provided password is wrong, then
- * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
+ * #gnutls_privkey_t structure.
+ *
+ * Note that unless %GNUTLS_PUBKEY_DISABLE_CALLBACKS
+ * is specified, if incorrect (or NULL) passwords are given
+ * the PKCS11 callback functions will be used to obtain the
+ * correct passwords. Otherwise if the SRK password is wrong
+ * %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
}
ret = gnutls_pubkey_import_tpm_raw (pkey, &fdata, GNUTLS_X509_FMT_PEM,
- srk_password);
+ srk_password, flags);
if (ret < 0)
{
gnutls_assert();
}
else if (durl.uuid_set)
{
- ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, srk_password);
+ if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
+ ret = import_tpm_pubkey (pkey, NULL, 0, &durl.uuid, srk_password);
+ else
+ ret = import_tpm_pubkey_cb (pkey, NULL, 0, &durl.uuid, srk_password);
if (ret < 0)
{
gnutls_assert();