From: Nikos Mavrogiannopoulos Date: Mon, 28 Jun 2010 16:51:29 +0000 (+0200) Subject: Indented code. X-Git-Tag: gnutls_2_11_3~140 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=283c5ff49d3eb59f57b89600967ee364ffc26040;p=thirdparty%2Fgnutls.git Indented code. --- diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 185a1e966e..c61567b073 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -38,13 +38,13 @@ struct gnutls_privkey_st { gnutls_privkey_type_t type; gnutls_pk_algorithm_t pk_algorithm; - + union { gnutls_x509_privkey_t x509; gnutls_pkcs11_privkey_t pkcs11; gnutls_openpgp_privkey_t openpgp; } key; - + unsigned int flags; }; @@ -58,7 +58,7 @@ struct gnutls_privkey_st { * Returns: a member of the #gnutls_privkey_type_t enumeration on * success, or a negative value on error. **/ -gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key) +gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key) { return key->type; } @@ -75,20 +75,27 @@ gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key) * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative value on error. **/ -int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int* bits) +int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, + unsigned int *bits) { - switch(key->type) { - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_get_pk_algorithm(key->key.openpgp, bits); - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.pkcs11, bits); - case GNUTLS_PRIVKEY_X509: - if (bits) - *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]); - return gnutls_x509_privkey_get_pk_algorithm(key->key.x509); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + switch (key->type) { + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_get_pk_algorithm(key->key. + openpgp, + bits); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_get_pk_algorithm(key->key. + pkcs11, + bits); + case GNUTLS_PRIVKEY_X509: + if (bits) + *bits = + _gnutls_mpi_get_nbits(key->key.x509-> + params[0]); + return gnutls_x509_privkey_get_pk_algorithm(key->key.x509); + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; } } @@ -109,7 +116,7 @@ int gnutls_privkey_init(gnutls_privkey_t * key) gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - + return 0; } @@ -122,13 +129,15 @@ int gnutls_privkey_init(gnutls_privkey_t * key) void gnutls_privkey_deinit(gnutls_privkey_t key) { if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE) - switch(key->type) { - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_deinit(key->key.openpgp); - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_deinit(key->key.pkcs11); - case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_deinit(key->key.x509); + switch (key->type) { + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_deinit(key->key. + openpgp); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_deinit(key->key. + pkcs11); + case GNUTLS_PRIVKEY_X509: + return gnutls_x509_privkey_deinit(key->key.x509); } gnutls_free(key); } @@ -145,11 +154,14 @@ void gnutls_privkey_deinit(gnutls_privkey_t key) * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags) +int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, + gnutls_pkcs11_privkey_t key, + unsigned int flags) { pkey->key.pkcs11 = key; pkey->type = GNUTLS_PRIVKEY_PKCS11; - pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL); + pkey->pk_algorithm = + gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL); pkey->flags = flags; return 0; @@ -167,9 +179,11 @@ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key, unsigned int flags) +int gnutls_privkey_import_x509(gnutls_privkey_t pkey, + gnutls_x509_privkey_t key, + unsigned int flags) { - pkey->key.x509 = key; + pkey->key.x509 = key; pkey->type = GNUTLS_PRIVKEY_X509; pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key); pkey->flags = flags; @@ -189,13 +203,16 @@ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t key * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags) +int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, + gnutls_openpgp_privkey_t key, + unsigned int flags) { pkey->key.openpgp = key; pkey->type = GNUTLS_PRIVKEY_OPENPGP; - pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL); + pkey->pk_algorithm = + gnutls_openpgp_privkey_get_pk_algorithm(key, NULL); pkey->flags = flags; - + return 0; } @@ -217,10 +234,10 @@ int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey **/ int gnutls_privkey_sign_data(gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; @@ -269,20 +286,23 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_privkey_sign_hash (gnutls_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) +int gnutls_privkey_sign_hash(gnutls_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { - switch(key->type) { - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_sign_hash(key->key.openpgp, hash, signature); - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11, hash, signature); - case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_sign_hash(key->key.x509, hash, signature); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + switch (key->type) { + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_sign_hash(key->key.openpgp, + hash, signature); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11, + hash, signature); + case GNUTLS_PRIVKEY_X509: + return gnutls_x509_privkey_sign_hash(key->key.x509, hash, + signature); + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; } } @@ -308,17 +328,25 @@ int gnutls_privkey_decrypt_data(gnutls_privkey_t key, gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - - switch(key->type) { - case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_decrypt_data(key->key.openpgp, flags, ciphertext, plaintext); - case GNUTLS_PRIVKEY_X509: - return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, key->key.x509->params, key->key.x509->params_size, 2); - case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11, flags, ciphertext, plaintext); - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + + switch (key->type) { + case GNUTLS_PRIVKEY_OPENPGP: + return gnutls_openpgp_privkey_decrypt_data(key->key. + openpgp, flags, + ciphertext, + plaintext); + case GNUTLS_PRIVKEY_X509: + return _gnutls_pkcs1_rsa_decrypt(plaintext, ciphertext, + key->key.x509->params, + key->key.x509-> + params_size, 2); + case GNUTLS_PRIVKEY_PKCS11: + return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11, + flags, + ciphertext, + plaintext); + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; } } - diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 46d846963a..f1740bb63d 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -199,21 +199,22 @@ int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, * Since: 2.11.0 **/ int -gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * hash, unsigned int *mand) +gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { - int ret; + int ret; - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm, - key->params, key->params_size, hash, mand); + ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm, + key->params, key->params_size, + hash, mand); - return ret; + return ret; } @@ -749,7 +750,7 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage) **/ int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, - unsigned int flags) + unsigned int flags) { gnutls_pkcs11_obj_t pcrt; int ret; @@ -903,23 +904,22 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, * success. **/ int -gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { - int ret; + int ret; - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = - pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm, - key->params, key->params_size); + ret = + pubkey_verify_sig(NULL, hash, signature, key->pk_algorithm, + key->params, key->params_size); - return ret; + return ret; } /** @@ -935,18 +935,19 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, * returned on error. **/ int -gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) +gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key, + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash, - signature, key->pk_algorithm, key->params, - key->params_size); + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_x509_verify_algorithm((gnutls_mac_algorithm_t *) + hash, signature, + key->pk_algorithm, + key->params, + key->params_size); } diff --git a/lib/pkcs11.c b/lib/pkcs11.c index ed70073df8..f4ae85d026 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1991,12 +1991,6 @@ static int find_objs(pakchois_session_t * pks, struct token_info *info, memset(&plist, 0, sizeof(plist)); if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) { - ret = pkcs11_login(pks, info, NULL); - if (ret < 0) { - gnutls_assert(); - return ret; - } - ret = find_privkeys(pks, info, &plist); if (ret < 0) { gnutls_assert(); @@ -2007,13 +2001,6 @@ static int find_objs(pakchois_session_t * pks, struct token_info *info, gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL || - find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) { - ret = pkcs11_login(pks, info, NULL); - if (ret < 0) { - gnutls_assert(); - return ret; - } } cert_data = gnutls_malloc(MAX_CERT_SIZE); diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 324da3441f..f177183b8f 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -8,73 +8,85 @@ #define PKCS11_LABEL_SIZE 128 typedef struct token_creds { - char pin[GNUTLS_PKCS11_MAX_PIN_LEN]; - size_t pin_size; + char pin[GNUTLS_PKCS11_MAX_PIN_LEN]; + size_t pin_size; } token_creds_st; struct token_info { - struct ck_token_info tinfo; - struct ck_slot_info sinfo; - ck_slot_id_t sid; - struct gnutls_pkcs11_provider_s* prov; + struct ck_token_info tinfo; + struct ck_slot_info sinfo; + ck_slot_id_t sid; + struct gnutls_pkcs11_provider_s *prov; }; -struct pkcs11_url_info -{ - /* everything here is null terminated strings */ - opaque id[PKCS11_ID_SIZE*3+1]; /* hex with delimiters */ - opaque type[16]; /* cert/key etc. */ - opaque manufacturer[sizeof (((struct ck_token_info *)NULL)->manufacturer_id)+1]; - opaque token[sizeof (((struct ck_token_info *)NULL)->label)+1]; - opaque serial[sizeof (((struct ck_token_info *)NULL)->serial_number)+1]; - opaque model[sizeof (((struct ck_token_info *)NULL)->model)+1]; - opaque label[PKCS11_LABEL_SIZE+1]; - - opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ - size_t certid_raw_size; +struct pkcs11_url_info { + /* everything here is null terminated strings */ + opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ + opaque type[16]; /* cert/key etc. */ + opaque + manufacturer[sizeof + (((struct ck_token_info *) NULL)-> + manufacturer_id) + 1]; + opaque token[sizeof(((struct ck_token_info *) NULL)->label) + 1]; + opaque + serial[sizeof(((struct ck_token_info *) NULL)->serial_number) + + 1]; + opaque model[sizeof(((struct ck_token_info *) NULL)->model) + 1]; + opaque label[PKCS11_LABEL_SIZE + 1]; + + opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ + size_t certid_raw_size; }; struct gnutls_pkcs11_obj_st { - gnutls_datum_t raw; - gnutls_pkcs11_obj_type_t type; - struct pkcs11_url_info info; - - /* only when pubkey */ - gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE]; - gnutls_pk_algorithm pk_algorithm; - unsigned int key_usage; + gnutls_datum_t raw; + gnutls_pkcs11_obj_type_t type; + struct pkcs11_url_info info; + + /* only when pubkey */ + gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE]; + gnutls_pk_algorithm pk_algorithm; + unsigned int key_usage; }; /* thus function is called for every token in the traverse_tokens * function. Once everything is traversed it is called with NULL tinfo. * It should return 0 if found what it was looking for. */ -typedef int (*find_func_t)(pakchois_session_t *pks, struct token_info* tinfo, void* input); +typedef int (*find_func_t) (pakchois_session_t * pks, + struct token_info * tinfo, void *input); int pkcs11_rv_to_err(ck_rv_t rv); -int pkcs11_url_to_info(const char* url, struct pkcs11_url_info* info); +int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info); -int pkcs11_get_info(struct pkcs11_url_info *info, gnutls_pkcs11_obj_info_t itype, - void* output, size_t* output_size); -int pkcs11_login(pakchois_session_t *pks, struct token_info *info, token_creds_st *); +int pkcs11_get_info(struct pkcs11_url_info *info, + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size); +int pkcs11_login(pakchois_session_t * pks, struct token_info *info, + token_creds_st *); extern gnutls_pkcs11_token_callback_t token_func; -extern void* token_data; +extern void *token_data; void pkcs11_rescan_slots(void); -int pkcs11_info_to_url(const struct pkcs11_url_info* info, char** url); +int pkcs11_info_to_url(const struct pkcs11_url_info *info, char **url); #define SESSION_WRITE 1 #define SESSION_LOGIN 2 -int pkcs11_open_session (pakchois_session_t** _pks, struct pkcs11_url_info *info, - token_creds_st * creds, unsigned int flags); -int _pkcs11_traverse_tokens (find_func_t find_func, void* input, unsigned int flags); -ck_object_class_t pkcs11_strtype_to_class(const char* type); +int pkcs11_open_session(pakchois_session_t ** _pks, + struct pkcs11_url_info *info, + token_creds_st * creds, unsigned int flags); +int _pkcs11_traverse_tokens(find_func_t find_func, void *input, + unsigned int flags); +ck_object_class_t pkcs11_strtype_to_class(const char *type); -int pkcs11_token_matches_info( struct pkcs11_url_info* info, struct ck_token_info* tinfo); +int pkcs11_token_matches_info(struct pkcs11_url_info *info, + struct ck_token_info *tinfo); /* flags are SESSION_* */ -int pkcs11_find_object (pakchois_session_t** _pks, ck_object_handle_t* _obj, - struct pkcs11_url_info *info, token_creds_st*, unsigned int flags); +int pkcs11_find_object(pakchois_session_t ** _pks, + ck_object_handle_t * _obj, + struct pkcs11_url_info *info, token_creds_st *, + unsigned int flags); #endif diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index c0fe633c51..11b744ab79 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -54,7 +54,7 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - + return 0; } @@ -79,10 +79,11 @@ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key) * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative value on error. **/ -int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, unsigned int *bits) +int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key, + unsigned int *bits) { - if (bits) - *bits = 0; /* FIXME */ + if (bits) + *bits = 0; /* FIXME */ return key->pk_algorithm; } @@ -179,7 +180,7 @@ gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t signer, gnutls_assert(); \ return ret; \ } \ - } while (ret < 0); + } while (ret < 0); /** * gnutls_pkcs11_privkey_sign_hash: @@ -222,8 +223,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, } /* Work out how long the signature must be: */ - rv = pakchois_sign(pks, hash->data, hash->size, NULL, - &siglen); + rv = pakchois_sign(pks, hash->data, hash->size, NULL, &siglen); if (rv != CKR_OK) { gnutls_assert(); ret = pkcs11_rv_to_err(rv); @@ -246,7 +246,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, ret = 0; -cleanup: + cleanup: pakchois_close_session(pks); return ret; @@ -280,7 +280,8 @@ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, pkey->flags = flags; - if (pkey->info.type[0] != 0 && strcmp(pkey->info.type, "private") != 0) { + if (pkey->info.type[0] != 0 + && strcmp(pkey->info.type, "private") != 0) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -308,8 +309,9 @@ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, **/ int gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, - unsigned int flags, const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { ck_rv_t rv; int ret; @@ -319,7 +321,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, ck_object_handle_t obj; FIND_OBJECT(pks, obj, key); - + mech.mechanism = key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS; mech.parameter = NULL; @@ -335,8 +337,8 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, } /* Work out how long the plaintext must be: */ - rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, NULL, - &siglen); + rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, + NULL, &siglen); if (rv != CKR_OK) { gnutls_assert(); ret = pkcs11_rv_to_err(rv); @@ -347,7 +349,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, plaintext->size = siglen; rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, - plaintext->data, &siglen); + plaintext->data, &siglen); if (rv != CKR_OK) { gnutls_free(plaintext->data); gnutls_assert(); @@ -359,7 +361,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, ret = 0; -cleanup: + cleanup: pakchois_close_session(pks); return ret; @@ -375,15 +377,16 @@ cleanup: * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, char ** url) +int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key, + char **url) { -int ret; + int ret; - ret = pkcs11_info_to_url(&key->info, url); - if (ret < 0) { - gnutls_assert(); - return ret; - } + ret = pkcs11_info_to_url(&key->info, url); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return 0; + return 0; } diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index b41f9bbff8..09d32a7fb2 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -41,43 +41,45 @@ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt, - const char* label, unsigned int flags) +int gnutls_pkcs11_copy_x509_crt(const char *token_url, + gnutls_x509_crt_t crt, const char *label, + unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t der_size, id_size; - opaque* der = NULL; - opaque id[20]; - struct ck_attribute a[8]; - ck_object_class_t class = CKO_CERTIFICATE; - ck_certificate_type_t type = CKC_X_509; - ck_object_handle_t obj; - unsigned int tval = 1; - int a_val; - - ret = pkcs11_url_to_info(token_url, &info); + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t der_size, id_size; + opaque *der = NULL; + opaque id[20]; + struct ck_attribute a[8]; + ck_object_class_t class = CKO_CERTIFICATE; + ck_certificate_type_t type = CKC_X_509; + ck_object_handle_t obj; + unsigned int tval = 1; + int a_val; + + ret = pkcs11_url_to_info(token_url, &info); if (ret < 0) { gnutls_assert(); return ret; } - - ret = pkcs11_open_session (&pks, &info, NULL, SESSION_WRITE|SESSION_LOGIN); + + ret = + pkcs11_open_session(&pks, &info, NULL, + SESSION_WRITE | SESSION_LOGIN); if (ret < 0) { gnutls_assert(); return ret; } - - ret = gnutls_x509_crt_export (crt, - GNUTLS_X509_FMT_DER, NULL, - &der_size); + + ret = gnutls_x509_crt_export(crt, + GNUTLS_X509_FMT_DER, NULL, &der_size); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_assert(); goto cleanup; } - + der = gnutls_malloc(der_size); if (der == NULL) { gnutls_assert(); @@ -85,74 +87,73 @@ int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt, goto cleanup; } - ret = gnutls_x509_crt_export (crt, - GNUTLS_X509_FMT_DER, der, - &der_size); + ret = gnutls_x509_crt_export(crt, + GNUTLS_X509_FMT_DER, der, &der_size); if (ret < 0) { gnutls_assert(); goto cleanup; } - + id_size = sizeof(id); - ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size); + ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size); if (ret < 0) { gnutls_assert(); goto cleanup; } - - /* FIXME: copy key usage flags */ - - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof(class); - a[1].type = CKA_ID; - a[1].value = id; - a[1].value_len = id_size; - a[2].type = CKA_VALUE; - a[2].value = der; - a[2].value_len = der_size; - a[3].type = CKA_TOKEN; - a[3].value = &tval; - a[3].value_len = sizeof(tval); - a[4].type = CKA_CERTIFICATE_TYPE; - a[4].value = &type; - a[4].value_len = sizeof(type); - - a_val = 5; - - if (label) { + + /* FIXME: copy key usage flags */ + + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof(class); + a[1].type = CKA_ID; + a[1].value = id; + a[1].value_len = id_size; + a[2].type = CKA_VALUE; + a[2].value = der; + a[2].value_len = der_size; + a[3].type = CKA_TOKEN; + a[3].value = &tval; + a[3].value_len = sizeof(tval); + a[4].type = CKA_CERTIFICATE_TYPE; + a[4].value = &type; + a[4].value_len = sizeof(type); + + a_val = 5; + + if (label) { a[a_val].type = CKA_LABEL; - a[a_val].value = (void*)label; + a[a_val].value = (void *) label; a[a_val].value_len = strlen(label); a_val++; } - + if (flags & GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED) { a[a_val].type = CKA_TRUSTED; a[a_val].value = &tval; a[a_val].value_len = sizeof(tval); a_val++; } - + rv = pakchois_create_object(pks, a, a_val, &obj); if (rv != CKR_OK) { gnutls_assert(); _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); ret = pkcs11_rv_to_err(rv); - goto cleanup; + goto cleanup; } - + /* generated! */ ret = 0; - -cleanup: + + cleanup: gnutls_free(der); pakchois_close_session(pks); - + return ret; - + } /** @@ -169,76 +170,84 @@ cleanup: * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_privkey(const char* token_url, - gnutls_x509_privkey_t key, const char* label, unsigned int key_usage, - unsigned int flags) +int gnutls_pkcs11_copy_x509_privkey(const char *token_url, + gnutls_x509_privkey_t key, + const char *label, + unsigned int key_usage, + unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t id_size; - opaque id[20]; - struct ck_attribute a[16]; - ck_object_class_t class = CKO_PRIVATE_KEY; - ck_object_handle_t obj; - ck_key_type_t type; - unsigned int tval = 1; - int a_val; - gnutls_pk_algorithm_t pk; - gnutls_datum_t p, q, g, y, x; - gnutls_datum_t m, e, d, u, exp1, exp2; - - - ret = pkcs11_url_to_info(token_url, &info); + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t id_size; + opaque id[20]; + struct ck_attribute a[16]; + ck_object_class_t class = CKO_PRIVATE_KEY; + ck_object_handle_t obj; + ck_key_type_t type; + unsigned int tval = 1; + int a_val; + gnutls_pk_algorithm_t pk; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e, d, u, exp1, exp2; + + + ret = pkcs11_url_to_info(token_url, &info); if (ret < 0) { gnutls_assert(); return ret; } id_size = sizeof(id); - ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size); + ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = pkcs11_open_session (&pks, &info, NULL, SESSION_WRITE|SESSION_LOGIN); + ret = + pkcs11_open_session(&pks, &info, NULL, + SESSION_WRITE | SESSION_LOGIN); if (ret < 0) { gnutls_assert(); return ret; } - /* FIXME: copy key usage flags */ - - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof(class); - a[1].type = CKA_ID; - a[1].value = id; - a[1].value_len = id_size; - a[2].type = CKA_KEY_TYPE; - a[2].value = &type; - a[2].value_len = sizeof(type); - a[3].type = CKA_SENSITIVE; - a[3].value = &tval; - a[3].value_len = sizeof(tval); - - a_val = 4; + /* FIXME: copy key usage flags */ + + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof(class); + a[1].type = CKA_ID; + a[1].value = id; + a[1].value_len = id_size; + a[2].type = CKA_KEY_TYPE; + a[2].value = &type; + a[2].value_len = sizeof(type); + a[3].type = CKA_SENSITIVE; + a[3].value = &tval; + a[3].value_len = sizeof(tval); + + a_val = 4; pk = gnutls_x509_privkey_get_pk_algorithm(key); - switch(pk) { - case GNUTLS_PK_RSA: { - - ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, - &d, &p, &q, &u, &exp1, &exp2); + switch (pk) { + case GNUTLS_PK_RSA:{ + + ret = + gnutls_x509_privkey_export_rsa_raw2(key, &m, + &e, &d, &p, + &q, &u, + &exp1, + &exp2); if (ret < 0) { gnutls_assert(); goto cleanup; } - + type = CKK_RSA; - + a[a_val].type = CKA_MODULUS; a[a_val].value = m.data; a[a_val].value_len = m.size; @@ -281,16 +290,17 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url, break; } - case GNUTLS_PK_DSA: { - ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, - &g, &y, &x); + case GNUTLS_PK_DSA:{ + ret = + gnutls_x509_privkey_export_dsa_raw(key, &p, &q, + &g, &y, &x); if (ret < 0) { gnutls_assert(); goto cleanup; } type = CKK_DSA; - + a[a_val].type = CKA_PRIME; a[a_val].value = p.data; a[a_val].value_len = p.size; @@ -313,36 +323,36 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url, break; } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; + default: + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; } - + rv = pakchois_create_object(pks, a, a_val, &obj); if (rv != CKR_OK) { gnutls_assert(); _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); ret = pkcs11_rv_to_err(rv); - goto cleanup; + goto cleanup; } /* generated! */ - switch(pk) { - case GNUTLS_PK_RSA: { - gnutls_free(m.data); - gnutls_free(e.data); - gnutls_free(d.data); - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(u.data); - gnutls_free(exp1.data); - gnutls_free(exp2.data); + switch (pk) { + case GNUTLS_PK_RSA:{ + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(exp1.data); + gnutls_free(exp2.data); break; } - case GNUTLS_PK_DSA: { + case GNUTLS_PK_DSA:{ gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); @@ -350,62 +360,63 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url, gnutls_free(x.data); break; } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; + default: + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; } ret = 0; - -cleanup: + + cleanup: pakchois_close_session(pks); - + return ret; - + } struct delete_data_st { struct pkcs11_url_info info; - unsigned int deleted; /* how many */ + unsigned int deleted; /* how many */ }; -static int delete_obj_url(pakchois_session_t *pks, struct token_info *info, void* input) +static int delete_obj_url(pakchois_session_t * pks, + struct token_info *info, void *input) { - struct delete_data_st* find_data = input; - struct ck_attribute a[4]; - ck_object_class_t class; - ck_certificate_type_t type = -1; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count, a_vals; - int found = 0, ret; - - - if (info == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info( &find_data->info, &info->tinfo) < 0) { + struct delete_data_st *find_data = input; + struct ck_attribute a[4]; + ck_object_class_t class; + ck_certificate_type_t type = -1; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count, a_vals; + int found = 0, ret; + + + if (info == NULL) { /* we don't support multiple calls */ + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - class = CKO_CERTIFICATE; /* default */ + class = CKO_CERTIFICATE; /* default */ - if (find_data->info.type[0] != 0) { - class = pkcs11_strtype_to_class(find_data->info.type); - if (class == CKO_CERTIFICATE) - type = CKC_X_509; + if (find_data->info.type[0] != 0) { + class = pkcs11_strtype_to_class(find_data->info.type); + if (class == CKO_CERTIFICATE) + type = CKC_X_509; - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - } + if (class == -1) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + } ret = pkcs11_login(pks, info, NULL); if (ret < 0) { @@ -414,8 +425,8 @@ static int delete_obj_url(pakchois_session_t *pks, struct token_info *info, void } a_vals = 0; - - /* Find objects with given class and type */ + + /* Find objects with given class and type */ if (find_data->info.certid_raw_size > 0) { a[a_vals].type = CKA_ID; a[a_vals].value = find_data->info.certid_raw; @@ -427,54 +438,56 @@ static int delete_obj_url(pakchois_session_t *pks, struct token_info *info, void a[a_vals].type = CKA_CLASS; a[a_vals].value = &class; a[a_vals].value_len = sizeof class; - a_vals++; + a_vals++; + } + + if (type != -1) { + a[a_vals].type = CKA_CERTIFICATE_TYPE; + a[a_vals].value = &type; + a[a_vals].value_len = sizeof type; + a_vals++; } - if (type != -1) { - a[a_vals].type = CKA_CERTIFICATE_TYPE; - a[a_vals].value = &type; - a[a_vals].value_len = sizeof type; - a_vals++; - } - - if (find_data->info.label[0] != 0) { - a[a_vals].type = CKA_LABEL; - a[a_vals].value = find_data->info.label; - a[a_vals].value_len = strlen(find_data->info.label); - a_vals++; + if (find_data->info.label[0] != 0) { + a[a_vals].type = CKA_LABEL; + a[a_vals].value = find_data->info.label; + a[a_vals].value_len = strlen(find_data->info.label); + a_vals++; } - rv = pakchois_find_objects_init(pks, a, a_vals); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - rv = pakchois_destroy_object(pks, obj); + rv = pakchois_find_objects_init(pks, a, a_vals); if (rv != CKR_OK) { - _gnutls_debug_log("pkcs11: Cannot destroy object: %s\n", pakchois_error(rv)); + gnutls_assert(); + _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); + ret = pkcs11_rv_to_err(rv); + goto cleanup; + } + + while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK + && count == 1) { + rv = pakchois_destroy_object(pks, obj); + if (rv != CKR_OK) { + _gnutls_debug_log + ("pkcs11: Cannot destroy object: %s\n", + pakchois_error(rv)); + } else { + find_data->deleted++; + } + + found = 1; + } + + if (found == 0) { + gnutls_assert(); + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } else { - find_data->deleted++; + ret = 0; } - - found = 1; - } - - if (found == 0) { - gnutls_assert(); - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - ret = 0; - } - -cleanup: - pakchois_find_objects_final(pks); - - return ret; + + cleanup: + pakchois_find_objects_final(pks); + + return ret; } @@ -487,26 +500,27 @@ cleanup: * Returns: On success, the number of objects deleted is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_delete_url(const char* object_url) +int gnutls_pkcs11_delete_url(const char *object_url) { - int ret; - struct delete_data_st find_data; + int ret; + struct delete_data_st find_data; memset(&find_data, 0, sizeof(find_data)); - ret = pkcs11_url_to_info(object_url, &find_data.info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = _pkcs11_traverse_tokens(delete_obj_url, &find_data, SESSION_WRITE); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return find_data.deleted; - + ret = pkcs11_url_to_info(object_url, &find_data.info); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = + _pkcs11_traverse_tokens(delete_obj_url, &find_data, + SESSION_WRITE); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return find_data.deleted; + } -