struct gnutls_privkey_st {
gnutls_privkey_type_t type;
gnutls_pk_algorithm_t pk_algorithm;
-
+
union {
gnutls_x509_privkey_t x509;
gnutls_pkcs11_privkey_t pkcs11;
gnutls_openpgp_privkey_t openpgp;
} key;
-
+
unsigned int flags;
};
* Returns: a member of the #gnutls_privkey_type_t enumeration on
* success, or a negative value on error.
**/
-gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key)
+gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
{
return key->type;
}
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int* bits)
+int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
+ unsigned int *bits)
{
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_get_pk_algorithm(key->key.openpgp, bits);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.pkcs11, bits);
- case GNUTLS_PRIVKEY_X509:
- if (bits)
- *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]);
- return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm(key->key.
+ openpgp,
+ bits);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.
+ pkcs11,
+ bits);
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits =
+ _gnutls_mpi_get_nbits(key->key.x509->
+ params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
return 0;
}
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_deinit(key->key.openpgp);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
- case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_deinit(key->key.x509);
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_deinit(key->key.
+ openpgp);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_deinit(key->key.
+ pkcs11);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_deinit(key->key.x509);
}
gnutls_free(key);
}
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags)
+int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags)
{
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
- pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
+ pkey->pk_algorithm =
+ gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
pkey->flags = flags;
return 0;
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags)
+int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags)
{
- pkey->key.x509 = key;
+ pkey->key.x509 = key;
pkey->type = GNUTLS_PRIVKEY_X509;
pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
pkey->flags = flags;
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags)
+int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
pkey->flags = flags;
-
+
return 0;
}
**/
int
gnutls_privkey_sign_data(gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_sign_hash (gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+int gnutls_privkey_sign_hash(gnutls_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_sign_hash(key->key.openpgp, hash, signature);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11, hash, signature);
- case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_sign_hash(key->key.x509, hash, signature);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash(key->key.openpgp,
+ hash, signature);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
+ hash, signature);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_sign_hash(key->key.x509, hash,
+ signature);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
-
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return gnutls_openpgp_privkey_decrypt_data(key->key.openpgp, flags, ciphertext, plaintext);
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, key->key.x509->params, key->key.x509->params_size, 2);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11, flags, ciphertext, plaintext);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_decrypt_data(key->key.
+ openpgp, flags,
+ ciphertext,
+ plaintext);
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pkcs1_rsa_decrypt(plaintext, ciphertext,
+ key->key.x509->params,
+ key->key.x509->
+ params_size, 2);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11,
+ flags,
+ ciphertext,
+ plaintext);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
-
* Since: 2.11.0
**/
int
-gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t * hash, unsigned int *mand)
+gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
- key->params, key->params_size, hash, mand);
+ ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
+ key->params, key->params_size,
+ hash, mand);
- return ret;
+ return ret;
}
**/
int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+ unsigned int flags)
{
gnutls_pkcs11_obj_t pcrt;
int ret;
* success.
**/
int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret =
- pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
- key->params, key->params_size);
+ ret =
+ pubkey_verify_sig(NULL, hash, signature, key->pk_algorithm,
+ key->params, key->params_size);
- return ret;
+ return ret;
}
/**
* returned on error.
**/
int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
- signature, key->pk_algorithm, key->params,
- key->params_size);
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_verify_algorithm((gnutls_mac_algorithm_t *)
+ hash, signature,
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
}
memset(&plist, 0, sizeof(plist));
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
- ret = pkcs11_login(pks, info, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
ret = find_privkeys(pks, info, &plist);
if (ret < 0) {
gnutls_assert();
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL ||
- find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
- ret = pkcs11_login(pks, info, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
}
cert_data = gnutls_malloc(MAX_CERT_SIZE);
#define PKCS11_LABEL_SIZE 128
typedef struct token_creds {
- char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
- size_t pin_size;
+ char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
+ size_t pin_size;
} token_creds_st;
struct token_info {
- struct ck_token_info tinfo;
- struct ck_slot_info sinfo;
- ck_slot_id_t sid;
- struct gnutls_pkcs11_provider_s* prov;
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
};
-struct pkcs11_url_info
-{
- /* everything here is null terminated strings */
- opaque id[PKCS11_ID_SIZE*3+1]; /* hex with delimiters */
- opaque type[16]; /* cert/key etc. */
- opaque manufacturer[sizeof (((struct ck_token_info *)NULL)->manufacturer_id)+1];
- opaque token[sizeof (((struct ck_token_info *)NULL)->label)+1];
- opaque serial[sizeof (((struct ck_token_info *)NULL)->serial_number)+1];
- opaque model[sizeof (((struct ck_token_info *)NULL)->model)+1];
- opaque label[PKCS11_LABEL_SIZE+1];
-
- opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
- size_t certid_raw_size;
+struct pkcs11_url_info {
+ /* everything here is null terminated strings */
+ opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
+ opaque type[16]; /* cert/key etc. */
+ opaque
+ manufacturer[sizeof
+ (((struct ck_token_info *) NULL)->
+ manufacturer_id) + 1];
+ opaque token[sizeof(((struct ck_token_info *) NULL)->label) + 1];
+ opaque
+ serial[sizeof(((struct ck_token_info *) NULL)->serial_number) +
+ 1];
+ opaque model[sizeof(((struct ck_token_info *) NULL)->model) + 1];
+ opaque label[PKCS11_LABEL_SIZE + 1];
+
+ opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
+ size_t certid_raw_size;
};
struct gnutls_pkcs11_obj_st {
- gnutls_datum_t raw;
- gnutls_pkcs11_obj_type_t type;
- struct pkcs11_url_info info;
-
- /* only when pubkey */
- gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm pk_algorithm;
- unsigned int key_usage;
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct pkcs11_url_info info;
+
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm pk_algorithm;
+ unsigned int key_usage;
};
/* thus function is called for every token in the traverse_tokens
* function. Once everything is traversed it is called with NULL tinfo.
* It should return 0 if found what it was looking for.
*/
-typedef int (*find_func_t)(pakchois_session_t *pks, struct token_info* tinfo, void* input);
+typedef int (*find_func_t) (pakchois_session_t * pks,
+ struct token_info * tinfo, void *input);
int pkcs11_rv_to_err(ck_rv_t rv);
-int pkcs11_url_to_info(const char* url, struct pkcs11_url_info* info);
+int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info);
-int pkcs11_get_info(struct pkcs11_url_info *info, gnutls_pkcs11_obj_info_t itype,
- void* output, size_t* output_size);
-int pkcs11_login(pakchois_session_t *pks, struct token_info *info, token_creds_st *);
+int pkcs11_get_info(struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login(pakchois_session_t * pks, struct token_info *info,
+ token_creds_st *);
extern gnutls_pkcs11_token_callback_t token_func;
-extern void* token_data;
+extern void *token_data;
void pkcs11_rescan_slots(void);
-int pkcs11_info_to_url(const struct pkcs11_url_info* info, char** url);
+int pkcs11_info_to_url(const struct pkcs11_url_info *info, char **url);
#define SESSION_WRITE 1
#define SESSION_LOGIN 2
-int pkcs11_open_session (pakchois_session_t** _pks, struct pkcs11_url_info *info,
- token_creds_st * creds, unsigned int flags);
-int _pkcs11_traverse_tokens (find_func_t find_func, void* input, unsigned int flags);
-ck_object_class_t pkcs11_strtype_to_class(const char* type);
+int pkcs11_open_session(pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info,
+ token_creds_st * creds, unsigned int flags);
+int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class(const char *type);
-int pkcs11_token_matches_info( struct pkcs11_url_info* info, struct ck_token_info* tinfo);
+int pkcs11_token_matches_info(struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo);
/* flags are SESSION_* */
-int pkcs11_find_object (pakchois_session_t** _pks, ck_object_handle_t* _obj,
- struct pkcs11_url_info *info, token_creds_st*, unsigned int flags);
+int pkcs11_find_object(pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, token_creds_st *,
+ unsigned int flags);
#endif
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
return 0;
}
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, unsigned int *bits)
+int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
{
- if (bits)
- *bits = 0; /* FIXME */
+ if (bits)
+ *bits = 0; /* FIXME */
return key->pk_algorithm;
}
gnutls_assert(); \
return ret; \
} \
- } while (ret < 0);
+ } while (ret < 0);
/**
* gnutls_pkcs11_privkey_sign_hash:
}
/* Work out how long the signature must be: */
- rv = pakchois_sign(pks, hash->data, hash->size, NULL,
- &siglen);
+ rv = pakchois_sign(pks, hash->data, hash->size, NULL, &siglen);
if (rv != CKR_OK) {
gnutls_assert();
ret = pkcs11_rv_to_err(rv);
ret = 0;
-cleanup:
+ cleanup:
pakchois_close_session(pks);
return ret;
pkey->flags = flags;
- if (pkey->info.type[0] != 0 && strcmp(pkey->info.type, "private") != 0) {
+ if (pkey->info.type[0] != 0
+ && strcmp(pkey->info.type, "private") != 0) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
**/
int
gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
- unsigned int flags, const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
ck_rv_t rv;
int ret;
ck_object_handle_t obj;
FIND_OBJECT(pks, obj, key);
-
+
mech.mechanism =
key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
mech.parameter = NULL;
}
/* Work out how long the plaintext must be: */
- rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, NULL,
- &siglen);
+ rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
+ NULL, &siglen);
if (rv != CKR_OK) {
gnutls_assert();
ret = pkcs11_rv_to_err(rv);
plaintext->size = siglen;
rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
+ plaintext->data, &siglen);
if (rv != CKR_OK) {
gnutls_free(plaintext->data);
gnutls_assert();
ret = 0;
-cleanup:
+ cleanup:
pakchois_close_session(pks);
return ret;
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, char ** url)
+int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ char **url)
{
-int ret;
+ int ret;
- ret = pkcs11_info_to_url(&key->info, url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_info_to_url(&key->info, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt,
- const char* label, unsigned int flags)
+int gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t der_size, id_size;
- opaque* der = NULL;
- opaque id[20];
- struct ck_attribute a[8];
- ck_object_class_t class = CKO_CERTIFICATE;
- ck_certificate_type_t type = CKC_X_509;
- ck_object_handle_t obj;
- unsigned int tval = 1;
- int a_val;
-
- ret = pkcs11_url_to_info(token_url, &info);
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ opaque *der = NULL;
+ opaque id[20];
+ struct ck_attribute a[8];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ unsigned int tval = 1;
+ int a_val;
+
+ ret = pkcs11_url_to_info(token_url, &info);
if (ret < 0) {
gnutls_assert();
return ret;
}
-
- ret = pkcs11_open_session (&pks, &info, NULL, SESSION_WRITE|SESSION_LOGIN);
+
+ ret =
+ pkcs11_open_session(&pks, &info, NULL,
+ SESSION_WRITE | SESSION_LOGIN);
if (ret < 0) {
gnutls_assert();
return ret;
}
-
- ret = gnutls_x509_crt_export (crt,
- GNUTLS_X509_FMT_DER, NULL,
- &der_size);
+
+ ret = gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_DER, NULL, &der_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
gnutls_assert();
goto cleanup;
}
-
+
der = gnutls_malloc(der_size);
if (der == NULL) {
gnutls_assert();
goto cleanup;
}
- ret = gnutls_x509_crt_export (crt,
- GNUTLS_X509_FMT_DER, der,
- &der_size);
+ ret = gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_DER, der, &der_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
+
id_size = sizeof(id);
- ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
+ ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof(class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_VALUE;
- a[2].value = der;
- a[2].value_len = der_size;
- a[3].type = CKA_TOKEN;
- a[3].value = &tval;
- a[3].value_len = sizeof(tval);
- a[4].type = CKA_CERTIFICATE_TYPE;
- a[4].value = &type;
- a[4].value_len = sizeof(type);
-
- a_val = 5;
-
- if (label) {
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof(type);
+
+ a_val = 5;
+
+ if (label) {
a[a_val].type = CKA_LABEL;
- a[a_val].value = (void*)label;
+ a[a_val].value = (void *) label;
a[a_val].value_len = strlen(label);
a_val++;
}
-
+
if (flags & GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED) {
a[a_val].type = CKA_TRUSTED;
a[a_val].value = &tval;
a[a_val].value_len = sizeof(tval);
a_val++;
}
-
+
rv = pakchois_create_object(pks, a, a_val, &obj);
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
ret = pkcs11_rv_to_err(rv);
- goto cleanup;
+ goto cleanup;
}
-
+
/* generated!
*/
ret = 0;
-
-cleanup:
+
+ cleanup:
gnutls_free(der);
pakchois_close_session(pks);
-
+
return ret;
-
+
}
/**
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
- gnutls_x509_privkey_t key, const char* label, unsigned int key_usage,
- unsigned int flags)
+int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage,
+ unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t id_size;
- opaque id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_PRIVATE_KEY;
- ck_object_handle_t obj;
- ck_key_type_t type;
- unsigned int tval = 1;
- int a_val;
- gnutls_pk_algorithm_t pk;
- gnutls_datum_t p, q, g, y, x;
- gnutls_datum_t m, e, d, u, exp1, exp2;
-
-
- ret = pkcs11_url_to_info(token_url, &info);
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t id_size;
+ opaque id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ unsigned int tval = 1;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+
+
+ ret = pkcs11_url_to_info(token_url, &info);
if (ret < 0) {
gnutls_assert();
return ret;
}
id_size = sizeof(id);
- ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
+ ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = pkcs11_open_session (&pks, &info, NULL, SESSION_WRITE|SESSION_LOGIN);
+ ret =
+ pkcs11_open_session(&pks, &info, NULL,
+ SESSION_WRITE | SESSION_LOGIN);
if (ret < 0) {
gnutls_assert();
return ret;
}
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof(class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_KEY_TYPE;
- a[2].value = &type;
- a[2].value_len = sizeof(type);
- a[3].type = CKA_SENSITIVE;
- a[3].value = &tval;
- a[3].value_len = sizeof(tval);
-
- a_val = 4;
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_KEY_TYPE;
+ a[2].value = &type;
+ a[2].value_len = sizeof(type);
+ a[3].type = CKA_SENSITIVE;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+
+ a_val = 4;
pk = gnutls_x509_privkey_get_pk_algorithm(key);
- switch(pk) {
- case GNUTLS_PK_RSA: {
-
- ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e,
- &d, &p, &q, &u, &exp1, &exp2);
+ switch (pk) {
+ case GNUTLS_PK_RSA:{
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2(key, &m,
+ &e, &d, &p,
+ &q, &u,
+ &exp1,
+ &exp2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
+
type = CKK_RSA;
-
+
a[a_val].type = CKA_MODULUS;
a[a_val].value = m.data;
a[a_val].value_len = m.size;
break;
}
- case GNUTLS_PK_DSA: {
- ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
- &g, &y, &x);
+ case GNUTLS_PK_DSA:{
+ ret =
+ gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
+ &g, &y, &x);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
type = CKK_DSA;
-
+
a[a_val].type = CKA_PRIME;
a[a_val].value = p.data;
a[a_val].value_len = p.size;
break;
}
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
-
+
rv = pakchois_create_object(pks, a, a_val, &obj);
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
ret = pkcs11_rv_to_err(rv);
- goto cleanup;
+ goto cleanup;
}
/* generated!
*/
- switch(pk) {
- case GNUTLS_PK_RSA: {
- gnutls_free(m.data);
- gnutls_free(e.data);
- gnutls_free(d.data);
- gnutls_free(p.data);
- gnutls_free(q.data);
- gnutls_free(u.data);
- gnutls_free(exp1.data);
- gnutls_free(exp2.data);
+ switch (pk) {
+ case GNUTLS_PK_RSA:{
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ gnutls_free(d.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(u.data);
+ gnutls_free(exp1.data);
+ gnutls_free(exp2.data);
break;
}
- case GNUTLS_PK_DSA: {
+ case GNUTLS_PK_DSA:{
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(g.data);
gnutls_free(x.data);
break;
}
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
ret = 0;
-
-cleanup:
+
+ cleanup:
pakchois_close_session(pks);
-
+
return ret;
-
+
}
struct delete_data_st {
struct pkcs11_url_info info;
- unsigned int deleted; /* how many */
+ unsigned int deleted; /* how many */
};
-static int delete_obj_url(pakchois_session_t *pks, struct token_info *info, void* input)
+static int delete_obj_url(pakchois_session_t * pks,
+ struct token_info *info, void *input)
{
- struct delete_data_st* find_data = input;
- struct ck_attribute a[4];
- ck_object_class_t class;
- ck_certificate_type_t type = -1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
-
-
- if (info == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info( &find_data->info, &info->tinfo) < 0) {
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+
+ if (info == NULL) { /* we don't support multiple calls */
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) {
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- class = CKO_CERTIFICATE; /* default */
+ class = CKO_CERTIFICATE; /* default */
- if (find_data->info.type[0] != 0) {
- class = pkcs11_strtype_to_class(find_data->info.type);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
+ if (find_data->info.type[0] != 0) {
+ class = pkcs11_strtype_to_class(find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
+ if (class == -1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
ret = pkcs11_login(pks, info, NULL);
if (ret < 0) {
}
a_vals = 0;
-
- /* Find objects with given class and type */
+
+ /* Find objects with given class and type */
if (find_data->info.certid_raw_size > 0) {
a[a_vals].type = CKA_ID;
a[a_vals].value = find_data->info.certid_raw;
a[a_vals].type = CKA_CLASS;
a[a_vals].value = &class;
a[a_vals].value_len = sizeof class;
- a_vals++;
+ a_vals++;
+ }
+
+ if (type != -1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
}
- if (type != -1) {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- if (find_data->info.label[0] != 0) {
- a[a_vals].type = CKA_LABEL;
- a[a_vals].value = find_data->info.label;
- a[a_vals].value_len = strlen(find_data->info.label);
- a_vals++;
+ if (find_data->info.label[0] != 0) {
+ a[a_vals].type = CKA_LABEL;
+ a[a_vals].value = find_data->info.label;
+ a[a_vals].value_len = strlen(find_data->info.label);
+ a_vals++;
}
- rv = pakchois_find_objects_init(pks, a, a_vals);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- rv = pakchois_destroy_object(pks, obj);
+ rv = pakchois_find_objects_init(pks, a, a_vals);
if (rv != CKR_OK) {
- _gnutls_debug_log("pkcs11: Cannot destroy object: %s\n", pakchois_error(rv));
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ rv = pakchois_destroy_object(pks, obj);
+ if (rv != CKR_OK) {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n",
+ pakchois_error(rv));
+ } else {
+ find_data->deleted++;
+ }
+
+ found = 1;
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
} else {
- find_data->deleted++;
+ ret = 0;
}
-
- found = 1;
- }
-
- if (found == 0) {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- ret = 0;
- }
-
-cleanup:
- pakchois_find_objects_final(pks);
-
- return ret;
+
+ cleanup:
+ pakchois_find_objects_final(pks);
+
+ return ret;
}
* Returns: On success, the number of objects deleted is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_delete_url(const char* object_url)
+int gnutls_pkcs11_delete_url(const char *object_url)
{
- int ret;
- struct delete_data_st find_data;
+ int ret;
+ struct delete_data_st find_data;
memset(&find_data, 0, sizeof(find_data));
- ret = pkcs11_url_to_info(object_url, &find_data.info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _pkcs11_traverse_tokens(delete_obj_url, &find_data, SESSION_WRITE);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return find_data.deleted;
-
+ ret = pkcs11_url_to_info(object_url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens(delete_obj_url, &find_data,
+ SESSION_WRITE);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return find_data.deleted;
+
}
-