search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added gnutls_privkey_import_ext2()
[gnutls.git] / lib / gnutls_privkey.c
blobe87f1ab69fdfba10e1a5f75b1405581c9c346e01
1 /*
2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
19 */
20
21 #include <gnutls_int.h>
22 #include <gnutls/pkcs11.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <gnutls_errors.h>
26 #include <gnutls_datum.h>
27 #include <pkcs11_int.h>
28 #include <gnutls/abstract.h>
29 #include <gnutls_pk.h>
30 #include <x509_int.h>
31 #include <openpgp/openpgp_int.h>
32 #include <openpgp/gnutls_openpgp.h>
33 #include <gnutls_sig.h>
34 #include <abstract_int.h>
35
36 struct gnutls_privkey_st
37 {
38 gnutls_privkey_type_t type;
39 gnutls_pk_algorithm_t pk_algorithm;
40
41 union
42 {
43 gnutls_x509_privkey_t x509;
44 #ifdef ENABLE_PKCS11
45 gnutls_pkcs11_privkey_t pkcs11;
46 #endif
47 #ifdef ENABLE_OPENPGP
48 gnutls_openpgp_privkey_t openpgp;
49 #endif
50 struct {
51 gnutls_privkey_sign_func sign_func;
52 gnutls_privkey_decrypt_func decrypt_func;
53 gnutls_privkey_deinit_func deinit_func;
54 void* userdata;
55 } ext;
56 } key;
57
58 unsigned int flags;
59 };
60
61 /**
62 * gnutls_privkey_get_type:
63 * @key: should contain a #gnutls_privkey_t structure
64 *
65 * This function will return the type of the private key. This is
66 * actually the type of the subsystem used to set this private key.
67 *
68 * Returns: a member of the #gnutls_privkey_type_t enumeration on
69 * success, or a negative error code on error.
70 *
71 * Since: 2.12.0
72 **/
73 gnutls_privkey_type_t
74 gnutls_privkey_get_type (gnutls_privkey_t key)
75 {
76 return key->type;
77 }
78
79 /**
80 * gnutls_privkey_get_pk_algorithm:
81 * @key: should contain a #gnutls_privkey_t structure
82 * @bits: If set will return the number of bits of the parameters (may be NULL)
83 *
84 * This function will return the public key algorithm of a private
85 * key and if possible will return a number of bits that indicates
86 * the security parameter of the key.
87 *
88 * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
89 * success, or a negative error code on error.
90 *
91 * Since: 2.12.0
92 **/
93 int
94 gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits)
95 {
96 switch (key->type)
97 {
98 #ifdef ENABLE_OPENPGP
99 case GNUTLS_PRIVKEY_OPENPGP:
100 return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits);
101 #endif
102 #ifdef ENABLE_PKCS11
103 case GNUTLS_PRIVKEY_PKCS11:
104 return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
105 #endif
106 case GNUTLS_PRIVKEY_X509:
107 if (bits)
108 *bits = _gnutls_mpi_get_nbits (key->key.x509->params.params[0]);
109 return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
110 case GNUTLS_PRIVKEY_EXT:
111 if (bits)
112 *bits = 0;
113 return key->pk_algorithm;
114 default:
115 gnutls_assert ();
116 return GNUTLS_E_INVALID_REQUEST;
117 }
118
119 }
120
121 static int
122 privkey_to_pubkey (gnutls_pk_algorithm_t pk,
123 const gnutls_pk_params_st* priv,
124 gnutls_pk_params_st* pub)
125 {
126 int ret;
127
128 switch (pk)
129 {
130 case GNUTLS_PK_RSA:
131 pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
132 pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
133
134 pub->params_nr = RSA_PUBLIC_PARAMS;
135
136 if (pub->params[0] == NULL || pub->params[1] == NULL)
137 {
138 gnutls_assert ();
139 ret = GNUTLS_E_MEMORY_ERROR;
140 goto cleanup;
141 }
142
143 break;
144 case GNUTLS_PK_DSA:
145 pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
146 pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
147 pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
148 pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
149
150 pub->params_nr = DSA_PUBLIC_PARAMS;
151
152 if (pub->params[0] == NULL || pub->params[1] == NULL ||
153 pub->params[2] == NULL || pub->params[3] == NULL)
154 {
155 gnutls_assert ();
156 ret = GNUTLS_E_MEMORY_ERROR;
157 goto cleanup;
158 }
159
160 break;
161 case GNUTLS_PK_EC:
162 pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
163 pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
164 pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
165 pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
166 pub->params[4] = _gnutls_mpi_copy (priv->params[4]);
167 pub->params[5] = _gnutls_mpi_copy (priv->params[5]);
168 pub->params[6] = _gnutls_mpi_copy (priv->params[6]);
169 pub->params[7] = _gnutls_mpi_copy (priv->params[7]);
170
171 pub->params_nr = ECC_PUBLIC_PARAMS;
172 pub->flags = priv->flags;
173
174 if (pub->params[0] == NULL || pub->params[1] == NULL ||
175 pub->params[2] == NULL || pub->params[3] == NULL ||
176 pub->params[4] == NULL || pub->params[5] == NULL ||
177 pub->params[6] == NULL || pub->params[7] == NULL)
178 {
179 gnutls_assert ();
180 ret = GNUTLS_E_MEMORY_ERROR;
181 goto cleanup;
182 }
183
184 break;
185 default:
186 gnutls_assert ();
187 return GNUTLS_E_INVALID_REQUEST;
188 }
189
190 return 0;
191 cleanup:
192 gnutls_pk_params_release(pub);
193 return ret;
194 }
195
196
197 /* Returns the public key of the private key (if possible)
198 */
199 int
200 _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
201 gnutls_pk_params_st * params)
202 {
203 int ret;
204 gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL);
205
206 switch (key->type)
207 {
208 #ifdef ENABLE_OPENPGP
209 case GNUTLS_PRIVKEY_OPENPGP:
210 {
211 gnutls_pk_params_st tmp_params;
212 uint32_t kid[2];
213 uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
214
215 ret =
216 gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
217 keyid);
218 if (ret == 0)
219 {
220 KEYID_IMPORT (kid, keyid);
221 ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
222 &tmp_params);
223 }
224 else
225 ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
226 &tmp_params);
227
228 if (ret < 0)
229 {
230 gnutls_assert ();
231 return ret;
232 }
233
234 ret = privkey_to_pubkey (pk,
235 &tmp_params,
236 params);
237
238 gnutls_pk_params_release(&tmp_params);
239 }
240
241 break;
242 #endif
243 case GNUTLS_PRIVKEY_X509:
244 ret = privkey_to_pubkey (pk,
245 &key->key.x509->params,
246 params);
247 break;
248 default:
249 gnutls_assert ();
250 return GNUTLS_E_INVALID_REQUEST;
251 }
252
253 return ret;
254 }
255
256 /**
257 * gnutls_privkey_init:
258 * @key: The structure to be initialized
259 *
260 * This function will initialize an private key structure.
261 *
262 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
263 * negative error value.
264 *
265 * Since: 2.12.0
266 **/
267 int
268 gnutls_privkey_init (gnutls_privkey_t * key)
269 {
270 *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st));
271 if (*key == NULL)
272 {
273 gnutls_assert ();
274 return GNUTLS_E_MEMORY_ERROR;
275 }
276
277 return 0;
278 }
279
280 /**
281 * gnutls_privkey_deinit:
282 * @key: The structure to be deinitialized
283 *
284 * This function will deinitialize a private key structure.
285 *
286 * Since: 2.12.0
287 **/
288 void
289 gnutls_privkey_deinit (gnutls_privkey_t key)
290 {
291 if (key == NULL) return;
292
293 if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
294 switch (key->type)
295 {
296 #ifdef ENABLE_OPENPGP
297 case GNUTLS_PRIVKEY_OPENPGP:
298 gnutls_openpgp_privkey_deinit (key->key.openpgp);
299 break;
300 #endif
301 #ifdef ENABLE_PKCS11
302 case GNUTLS_PRIVKEY_PKCS11:
303 gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
304 break;
305 #endif
306 case GNUTLS_PRIVKEY_X509:
307 gnutls_x509_privkey_deinit (key->key.x509);
308 break;
309 case GNUTLS_PRIVKEY_EXT:
310 if (key->key.ext.deinit_func != NULL)
311 key->key.ext.deinit_func(key, key->key.ext.userdata);
312 break;
313 default:
314 break;
315 }
316 gnutls_free (key);
317 }
318
319 /* will fail if the private key contains an actual key.
320 */
321 static int check_if_clean(gnutls_privkey_t key)
322 {
323 if (key->type != 0)
324 return GNUTLS_E_INVALID_REQUEST;
325
326 return 0;
327 }
328
329 #ifdef ENABLE_PKCS11
330
331 /**
332 * gnutls_privkey_import_pkcs11:
333 * @pkey: The private key
334 * @key: The private key to be imported
335 * @flags: Flags for the import
336 *
337 * This function will import the given private key to the abstract
338 * #gnutls_privkey_t structure.
339 *
340 * The #gnutls_pkcs11_privkey_t object must not be deallocated
341 * during the lifetime of this structure.
342 *
343 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
344 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
345 *
346 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
347 * negative error value.
348 *
349 * Since: 2.12.0
350 **/
351 int
352 gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
353 gnutls_pkcs11_privkey_t key, unsigned int flags)
354 {
355 int ret;
356
357 ret = check_if_clean(pkey);
358 if (ret < 0)
359 {
360 gnutls_assert();
361 return ret;
362 }
363
364 if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
365 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
366
367 pkey->key.pkcs11 = key;
368 pkey->type = GNUTLS_PRIVKEY_PKCS11;
369 pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
370 pkey->flags = flags;
371
372 return 0;
373 }
374
375 #endif /* ENABLE_PKCS11 */
376
377 /**
378 * gnutls_privkey_import_ext:
379 * @pkey: The private key
380 * @pk: The public key algorithm
381 * @userdata: private data to be provided to the callbacks
382 * @sign_func: callback for signature operations
383 * @decrypt_func: callback for decryption operations
384 * @flags: Flags for the import
385 *
386 * This function will associate the given callbacks with the
387 * #gnutls_privkey_t structure. At least one of the two callbacks
388 * must be non-null.
389 *
390 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
391 * negative error value.
392 *
393 * Since: 3.0
394 **/
395 int
396 gnutls_privkey_import_ext (gnutls_privkey_t pkey,
397 gnutls_pk_algorithm_t pk,
398 void* userdata,
399 gnutls_privkey_sign_func sign_func,
400 gnutls_privkey_decrypt_func decrypt_func,
401 unsigned int flags)
402 {
403 int ret;
404
405 ret = check_if_clean(pkey);
406 if (ret < 0)
407 {
408 gnutls_assert();
409 return ret;
410 }
411
412 if (sign_func == NULL && decrypt_func == NULL)
413 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
414
415 pkey->key.ext.sign_func = sign_func;
416 pkey->key.ext.decrypt_func = decrypt_func;
417 pkey->key.ext.deinit_func = NULL;
418 pkey->key.ext.userdata = userdata;
419 pkey->type = GNUTLS_PRIVKEY_EXT;
420 pkey->pk_algorithm = pk;
421 pkey->flags = flags;
422
423 return 0;
424 }
425
426 /**
427 * gnutls_privkey_import_ext2:
428 * @pkey: The private key
429 * @pk: The public key algorithm
430 * @userdata: private data to be provided to the callbacks
431 * @sign_func: callback for signature operations
432 * @decrypt_func: callback for decryption operations
433 * @deinit_func: a deinitialization function
434 * @flags: Flags for the import
435 *
436 * This function will associate the given callbacks with the
437 * #gnutls_privkey_t structure. At least one of the two callbacks
438 * must be non-null.
439 *
440 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
441 * negative error value.
442 *
443 * Since: 3.1
444 **/
445 int
446 gnutls_privkey_import_ext2 (gnutls_privkey_t pkey,
447 gnutls_pk_algorithm_t pk,
448 void* userdata,
449 gnutls_privkey_sign_func sign_func,
450 gnutls_privkey_decrypt_func decrypt_func,
451 gnutls_privkey_deinit_func deinit_func,
452 unsigned int flags)
453 {
454 int ret;
455
456 ret = check_if_clean(pkey);
457 if (ret < 0)
458 {
459 gnutls_assert();
460 return ret;
461 }
462
463 if (sign_func == NULL && decrypt_func == NULL)
464 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
465
466 pkey->key.ext.sign_func = sign_func;
467 pkey->key.ext.decrypt_func = decrypt_func;
468 pkey->key.ext.deinit_func = deinit_func;
469 pkey->key.ext.userdata = userdata;
470 pkey->type = GNUTLS_PRIVKEY_EXT;
471 pkey->pk_algorithm = pk;
472 pkey->flags = flags;
473
474 return 0;
475 }
476
477 /**
478 * gnutls_privkey_import_x509:
479 * @pkey: The private key
480 * @key: The private key to be imported
481 * @flags: Flags for the import
482 *
483 * This function will import the given private key to the abstract
484 * #gnutls_privkey_t structure.
485 *
486 * The #gnutls_x509_privkey_t object must not be deallocated
487 * during the lifetime of this structure.
488 *
489 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
490 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
491 *
492 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
493 * negative error value.
494 *
495 * Since: 2.12.0
496 **/
497 int
498 gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
499 gnutls_x509_privkey_t key, unsigned int flags)
500 {
501 int ret;
502
503 ret = check_if_clean(pkey);
504 if (ret < 0)
505 {
506 gnutls_assert();
507 return ret;
508 }
509
510 if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
511 {
512 ret = gnutls_x509_privkey_init(&pkey->key.x509);
513 if (ret < 0)
514 return gnutls_assert_val(ret);
515
516 ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
517 if (ret < 0)
518 {
519 gnutls_x509_privkey_deinit(pkey->key.x509);
520 return gnutls_assert_val(ret);
521 }
522 }
523 else
524 pkey->key.x509 = key;
525
526 pkey->type = GNUTLS_PRIVKEY_X509;
527 pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
528 pkey->flags = flags;
529
530 return 0;
531 }
532
533 #ifdef ENABLE_OPENPGP
534 /**
535 * gnutls_privkey_import_openpgp:
536 * @pkey: The private key
537 * @key: The private key to be imported
538 * @flags: Flags for the import
539 *
540 * This function will import the given private key to the abstract
541 * #gnutls_privkey_t structure.
542 *
543 * The #gnutls_openpgp_privkey_t object must not be deallocated
544 * during the lifetime of this structure. The subkey set as
545 * preferred will be used, or the master key otherwise.
546 *
547 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
548 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
549 *
550 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
551 * negative error value.
552 *
553 * Since: 2.12.0
554 **/
555 int
556 gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
557 gnutls_openpgp_privkey_t key,
558 unsigned int flags)
559 {
560 int ret, idx;
561 uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
562
563 ret = check_if_clean(pkey);
564 if (ret < 0)
565 {
566 gnutls_assert();
567 return ret;
568 }
569
570 if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
571 {
572 ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
573 if (ret < 0)
574 return gnutls_assert_val(ret);
575
576 ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
577 if (ret < 0)
578 {
579 gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
580 return gnutls_assert_val(ret);
581 }
582 }
583 else
584 pkey->key.openpgp = key;
585
586 pkey->type = GNUTLS_PRIVKEY_OPENPGP;
587
588 ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
589 if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
590 {
591 pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
592 }
593 else
594 {
595 if (ret < 0)
596 return gnutls_assert_val(ret);
597
598 idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
599
600 pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
601 }
602
603 pkey->flags = flags;
604
605 return 0;
606 }
607 #endif
608
609 /**
610 * gnutls_privkey_sign_data:
611 * @signer: Holds the key
612 * @hash: should be a digest algorithm
613 * @flags: should be 0 for now
614 * @data: holds the data to be signed
615 * @signature: will contain the signature allocate with gnutls_malloc()
616 *
617 * This function will sign the given data using a signature algorithm
618 * supported by the private key. Signature algorithms are always used
619 * together with a hash functions. Different hash functions may be
620 * used for the RSA algorithm, but only the SHA family for the DSA keys.
621 *
622 * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
623 * the hash algorithm.
624 *
625 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
626 * negative error value.
627 *
628 * Since: 2.12.0
629 **/
630 int
631 gnutls_privkey_sign_data (gnutls_privkey_t signer,
632 gnutls_digest_algorithm_t hash,
633 unsigned int flags,
634 const gnutls_datum_t * data,
635 gnutls_datum_t * signature)
636 {
637 int ret;
638 gnutls_datum_t digest;
639
640 ret = pk_hash_data (signer->pk_algorithm, hash, NULL, data, &digest);
641 if (ret < 0)
642 {
643 gnutls_assert ();
644 return ret;
645 }
646
647 ret = pk_prepare_hash (signer->pk_algorithm, hash, &digest);
648 if (ret < 0)
649 {
650 gnutls_assert ();
651 goto cleanup;
652 }
653
654 ret = _gnutls_privkey_sign_hash (signer, &digest, signature);
655 _gnutls_free_datum (&digest);
656
657 if (ret < 0)
658 {
659 gnutls_assert ();
660 return ret;
661 }
662
663 return 0;
664
665 cleanup:
666 _gnutls_free_datum (&digest);
667 return ret;
668 }
669
670 /**
671 * gnutls_privkey_sign_hash:
672 * @signer: Holds the signer's key
673 * @hash_algo: The hash algorithm used
674 * @flags: zero for now
675 * @hash_data: holds the data to be signed
676 * @signature: will contain newly allocated signature
677 *
678 * This function will sign the given hashed data using a signature algorithm
679 * supported by the private key. Signature algorithms are always used
680 * together with a hash functions. Different hash functions may be
681 * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
682 *
683 * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
684 * the hash algorithm.
685 *
686 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
687 * negative error value.
688 *
689 * Since: 2.12.0
690 **/
691 int
692 gnutls_privkey_sign_hash (gnutls_privkey_t signer,
693 gnutls_digest_algorithm_t hash_algo,
694 unsigned int flags,
695 const gnutls_datum_t * hash_data,
696 gnutls_datum_t * signature)
697 {
698 int ret;
699 gnutls_datum_t digest;
700
701 digest.data = gnutls_malloc (hash_data->size);
702 if (digest.data == NULL)
703 {
704 gnutls_assert ();
705 return GNUTLS_E_MEMORY_ERROR;
706 }
707 digest.size = hash_data->size;
708 memcpy (digest.data, hash_data->data, digest.size);
709
710 ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
711 if (ret < 0)
712 {
713 gnutls_assert ();
714 goto cleanup;
715 }
716
717 ret = _gnutls_privkey_sign_hash (signer, &digest, signature);
718 if (ret < 0)
719 {
720 gnutls_assert ();
721 goto cleanup;
722 }
723
724 ret = 0;
725
726 cleanup:
727 _gnutls_free_datum (&digest);
728 return ret;
729 }
730
731 /*-
732 * _gnutls_privkey_sign_hash:
733 * @key: Holds the key
734 * @data: holds the data to be signed
735 * @signature: will contain the signature allocate with gnutls_malloc()
736 *
737 * This function will sign the given data using a signature algorithm
738 * supported by the private key.
739 *
740 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
741 * negative error value.
742 -*/
743 int
744 _gnutls_privkey_sign_hash (gnutls_privkey_t key,
745 const gnutls_datum_t * hash,
746 gnutls_datum_t * signature)
747 {
748 switch (key->type)
749 {
750 #ifdef ENABLE_OPENPGP
751 case GNUTLS_PRIVKEY_OPENPGP:
752 return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
753 hash, signature);
754 #endif
755 #ifdef ENABLE_PKCS11
756 case GNUTLS_PRIVKEY_PKCS11:
757 return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
758 hash, signature);
759 #endif
760 case GNUTLS_PRIVKEY_X509:
761 return _gnutls_pk_sign (key->key.x509->pk_algorithm,
762 signature, hash, &key->key.x509->params);
763 case GNUTLS_PRIVKEY_EXT:
764 if (key->key.ext.sign_func == NULL)
765 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
766 return key->key.ext.sign_func(key, key->key.ext.userdata, hash, signature);
767 default:
768 gnutls_assert ();
769 return GNUTLS_E_INVALID_REQUEST;
770 }
771 }
772
773 /**
774 * gnutls_privkey_decrypt_data:
775 * @key: Holds the key
776 * @flags: zero for now
777 * @ciphertext: holds the data to be decrypted
778 * @plaintext: will contain the decrypted data, allocated with gnutls_malloc()
779 *
780 * This function will decrypt the given data using the algorithm
781 * supported by the private key.
782 *
783 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
784 * negative error value.
785 *
786 * Since: 2.12.0
787 **/
788 int
789 gnutls_privkey_decrypt_data (gnutls_privkey_t key,
790 unsigned int flags,
791 const gnutls_datum_t * ciphertext,
792 gnutls_datum_t * plaintext)
793 {
794 switch (key->type)
795 {
796 #ifdef ENABLE_OPENPGP
797 case GNUTLS_PRIVKEY_OPENPGP:
798 return _gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
799 ciphertext, plaintext);
800 #endif
801 case GNUTLS_PRIVKEY_X509:
802 return _gnutls_pk_decrypt (key->pk_algorithm, plaintext, ciphertext,
803 &key->key.x509->params);
804 #ifdef ENABLE_PKCS11
805 case GNUTLS_PRIVKEY_PKCS11:
806 return _gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
807 flags,
808 ciphertext, plaintext);
809 #endif
810 case GNUTLS_PRIVKEY_EXT:
811 if (key->key.ext.decrypt_func == NULL)
812 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
813
814 return key->key.ext.decrypt_func(key, key->key.ext.userdata, ciphertext, plaintext);
815 default:
816 gnutls_assert ();
817 return GNUTLS_E_INVALID_REQUEST;
818 }
819 }
820
821 /**
822 * gnutls_privkey_import_x509_raw:
823 * @pkey: The private key
824 * @data: The private key data to be imported
825 * @format: The format of the private key
826 * @password: A password (optional)
827 *
828 * This function will import the given private key to the abstract
829 * #gnutls_privkey_t structure.
830 *
831 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
832 * negative error value.
833 *
834 * Since: 3.1.0
835 **/
836 int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
837 const gnutls_datum_t * data,
838 gnutls_x509_crt_fmt_t format,
839 const char* password)
840 {
841 gnutls_x509_privkey_t xpriv;
842 int ret;
843
844 ret = gnutls_x509_privkey_init(&xpriv);
845 if (ret < 0)
846 return gnutls_assert_val(ret);
847
848 ret = gnutls_x509_privkey_import2(xpriv, data, format, password);
849 if (ret < 0)
850 {
851 gnutls_assert();
852 goto cleanup;
853 }
854
855 ret = gnutls_privkey_import_x509(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
856 if (ret < 0)
857 {
858 gnutls_assert();
859 goto cleanup;
860 }
861
862 return 0;
863
864 cleanup:
865 gnutls_x509_privkey_deinit(xpriv);
866
867 return ret;
868 }
869
870 /**
871 * gnutls_privkey_import_openpgp_raw:
872 * @pkey: The private key
873 * @data: The private key data to be imported
874 * @format: The format of the private key
875 * @keyid: The key id to use (optional)
876 * @password: A password (optional)
877 *
878 * This function will import the given private key to the abstract
879 * #gnutls_privkey_t structure.
880 *
881 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
882 * negative error value.
883 *
884 * Since: 3.1.0
885 **/
886 int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
887 const gnutls_datum_t * data,
888 gnutls_openpgp_crt_fmt_t format,
889 const gnutls_openpgp_keyid_t keyid,
890 const char* password)
891 {
892 gnutls_openpgp_privkey_t xpriv;
893 int ret;
894
895 ret = gnutls_openpgp_privkey_init(&xpriv);
896 if (ret < 0)
897 return gnutls_assert_val(ret);
898
899 ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0);
900 if (ret < 0)
901 {
902 gnutls_assert();
903 goto cleanup;
904 }
905
906 if(keyid)
907 {
908 ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid);
909 if (ret < 0)
910 {
911 gnutls_assert();
912 goto cleanup;
913 }
914 }
915
916 ret = gnutls_privkey_import_openpgp(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
917 if (ret < 0)
918 {
919 gnutls_assert();
920 goto cleanup;
921 }
922
923 ret = 0;
924
925 cleanup:
926 gnutls_openpgp_privkey_deinit(xpriv);
927
928 return ret;
929 }
930
931 /**
932 * gnutls_privkey_import_pkcs11_url:
933 * @key: A key of type #gnutls_pubkey_t
934 * @url: A PKCS 11 url
935 * @flags: One of GNUTLS_PKCS11_OBJ_* flags
936 *
937 * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t
938 * structure.
939 *
940 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
941 * negative error value.
942 *
943 * Since: 3.1.0
944 **/
945 int
946 gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
947 {
948 gnutls_pkcs11_privkey_t pkey;
949 int ret;
950
951 ret = gnutls_pkcs11_privkey_init (&pkey);
952 if (ret < 0)
953 {
954 gnutls_assert ();
955 return ret;
956 }
957
958 ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
959 if (ret < 0)
960 {
961 gnutls_assert ();
962 goto cleanup;
963 }
964
965 ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
966 if (ret < 0)
967 {
968 gnutls_assert ();
969 goto cleanup;
970 }
971
972 return 0;
973
974 cleanup:
975 gnutls_pkcs11_privkey_deinit (pkey);
976
977 return ret;
978 }
Implementation of the SSL/TLS protocol