diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-13 21:16:07 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-13 21:21:52 +0200 |
commit | 21080193e5d7b9da46bea1e30212ccbf206a1474 (patch) | |
tree | 2b5618d4e5c914d5460611abb89fee5ba1ccb775 | |
parent | a6824de916dafe17bc72042ba4b7a741b8703c63 (diff) | |
download | gnutls-21080193e5d7b9da46bea1e30212ccbf206a1474.tar.gz |
Added functions that import any kind of URL into abstract public and private keys.
Added:
gnutls_pubkey_import_url()
gnutls_privkey_import_url()
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/Makefile.am | 4 | ||||
-rw-r--r-- | doc/cha-cert-auth2.texi | 17 | ||||
-rw-r--r-- | lib/gnutls_privkey.c | 97 | ||||
-rw-r--r-- | lib/gnutls_pubkey.c | 29 | ||||
-rw-r--r-- | lib/includes/gnutls/abstract.h | 6 | ||||
-rw-r--r-- | lib/libgnutls.map | 2 | ||||
-rw-r--r-- | src/cli.c | 40 |
8 files changed, 116 insertions, 83 deletions
@@ -54,6 +54,7 @@ gnutls_privkey_import_pkcs11_url: Added gnutls_privkey_import_openpgp_raw: Added gnutls_privkey_import_x509_raw: Added gnutls_privkey_import_ext2: Added +gnutls_privkey_import_url: Added gnutls_tpm_privkey_generate: Added gnutls_tpm_key_list_deinit: Added gnutls_tpm_key_list_get_url: Added @@ -61,10 +62,11 @@ gnutls_tpm_get_registered: Added gnutls_tpm_privkey_delete: Added gnutls_pubkey_import_tpm_raw: Added gnutls_pubkey_import_tpm_url: Added +gnutls_pubkey_import_url: Added +gnutls_pubkey_verify_hash2: Added gnutls_x509_privkey_import2: Added gnutls_x509_privkey_import_openssl: Added gnutls_load_file: Added -gnutls_pubkey_verify_hash2: Added gnutls_pkcs12_simple_parse: Added gnutls_certificate_set_x509_system_trust: Added gnutls_pkcs11_obj_list_import_url2: Added diff --git a/doc/Makefile.am b/doc/Makefile.am index ae1a439a6a..98c5692c4f 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -484,6 +484,7 @@ FUNCS += functions/gnutls_pubkey_import_pkcs11 FUNCS += functions/gnutls_pubkey_import_openpgp FUNCS += functions/gnutls_pubkey_import_privkey FUNCS += functions/gnutls_pubkey_import_tpm_url +FUNCS += functions/gnutls_pubkey_import_url FUNCS += functions/gnutls_pubkey_import_tpm_raw FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm FUNCS += functions/gnutls_pubkey_get_pk_rsa_raw @@ -518,6 +519,7 @@ FUNCS += functions/gnutls_privkey_import_openpgp_raw FUNCS += functions/gnutls_privkey_import_x509_raw FUNCS += functions/gnutls_privkey_import_tpm_raw FUNCS += functions/gnutls_privkey_import_tpm_url +FUNCS += functions/gnutls_privkey_import_url FUNCS += functions/gnutls_privkey_import_pkcs11_url FUNCS += functions/gnutls_privkey_import_ext FUNCS += functions/gnutls_privkey_import_ext2 @@ -944,6 +946,8 @@ FUNCS += functions/gnutls_pkcs11_reinit FUNCS += functions/gnutls_pkcs11_deinit FUNCS += functions/gnutls_pkcs11_set_token_function FUNCS += functions/gnutls_pkcs11_set_pin_function +FUNCS += functions/gnutls_pkcs11_advset_token_function +FUNCS += functions/gnutls_pkcs11_advset_pin_function FUNCS += functions/gnutls_pkcs11_add_provider FUNCS += functions/gnutls_pkcs11_obj_init FUNCS += functions/gnutls_pkcs11_obj_import_url diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi index 1b8cb3b084..cee68500f1 100644 --- a/doc/cha-cert-auth2.texi +++ b/doc/cha-cert-auth2.texi @@ -549,27 +549,22 @@ used. @example #inlude <gnutls/abstract.h> -#inlude <gnutls/pkcs11.h> void sign_cert( gnutls_x509_crt_t to_be_signed) @{ -gnutls_pkcs11_privkey_t ca_key; gnutls_x509_crt_t ca_cert; gnutls_privkey_t abs_key; /* load the PKCS #11 key and certificates */ - gnutls_pkcs11_privkey_init(&ca_key); - gnutls_pkcs11_privkey_import_url(ca_key, key_url); + /* initialize the abstract key */ + gnutls_privkey_init(&abs_key); + gnutls_privkey_import_url(abs_key, key_url); gnutls_x509_crt_init(&ca_cert); gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url); - /* initialize the abstract key */ - gnutls_privkey_init(&abs_key); - gnutls_privkey_import_pkcs11(abs_key, ca_key); - /* sign the certificate to be signed */ - gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key, + gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, abs_key, GNUTLS_DIG_SHA256, 0); @} @end example @@ -590,7 +585,7 @@ or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo} sequence. @showfuncC{gnutls_pubkey_import_x509,gnutls_pubkey_import_openpgp,gnutls_pubkey_import_pkcs11} -@showfuncC{gnutls_pubkey_import_pkcs11_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import} +@showfuncC{gnutls_pubkey_import_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import} @showfuncdesc{gnutls_pubkey_export} @@ -609,7 +604,7 @@ to allow abstraction over @acronym{PKCS} #11 keys that are not extractable. @showfuncC{gnutls_privkey_import_x509,gnutls_privkey_import_openpgp,gnutls_privkey_import_pkcs11} -@showfuncC{gnutls_privkey_import_x509_raw,gnutls_privkey_import_openpgp_raw,gnutls_privkey_import_pkcs11_url} +@showfuncC{gnutls_privkey_import_x509_raw,gnutls_privkey_import_openpgp_raw,gnutls_privkey_import_url} @showfuncB{gnutls_privkey_get_pk_algorithm,gnutls_privkey_get_type} diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 2246cabe9d..66aece2556 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -372,6 +372,54 @@ int ret; return 0; } +/** + * gnutls_privkey_import_pkcs11_url: + * @key: A key of type #gnutls_pubkey_t + * @url: A PKCS 11 url + * + * This function will import a PKCS 11 private key to a #gnutls_private_key_t + * structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1.0 + **/ +int +gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url) +{ + gnutls_pkcs11_privkey_t pkey; + int ret; + + ret = gnutls_pkcs11_privkey_init (&pkey); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + return 0; + +cleanup: + gnutls_pkcs11_privkey_deinit (pkey); + + return ret; +} + #endif /* ENABLE_PKCS11 */ /** @@ -914,14 +962,14 @@ cleanup: return ret; } + /** - * gnutls_privkey_import_pkcs11_url: + * gnutls_privkey_import_url: * @key: A key of type #gnutls_pubkey_t * @url: A PKCS 11 url - * @flags: One of GNUTLS_PKCS11_OBJ_* flags * - * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t - * structure. + * This function will import a PKCS11 or TPM URL as a + * private key. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -929,36 +977,15 @@ cleanup: * Since: 3.1.0 **/ int -gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url) +gnutls_privkey_import_url (gnutls_privkey_t key, const char *url) { - gnutls_pkcs11_privkey_t pkey; - int ret; - - ret = gnutls_pkcs11_privkey_init (&pkey); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - return 0; - -cleanup: - gnutls_pkcs11_privkey_deinit (pkey); - - return ret; +#ifdef ENABLE_PKCS11 + if (strstr(url, "pkcs11:") != NULL) + return gnutls_privkey_import_pkcs11_url(key, url); +#endif +#ifdef HAVE_TROUSERS + if (strstr(url, "tpmkey:") != NULL) + return gnutls_privkey_import_tpm_url(key, url, NULL, NULL, 0); +#endif + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index c8cc31905f..267896aab7 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -1048,6 +1048,35 @@ cleanup: #endif /* ENABLE_PKCS11 */ /** + * gnutls_pubkey_import_url: + * @key: A key of type #gnutls_pubkey_t + * @url: A PKCS 11 url + * @flags: One of GNUTLS_PKCS11_OBJ_* flags + * + * This function will import a PKCS11 certificate or a TPM key + * as a public key. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1.0 + **/ +int +gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url, + unsigned int flags) +{ +#ifdef ENABLE_PKCS11 + if (strstr(url, "pkcs11:") != NULL) + return gnutls_pubkey_import_pkcs11_url(key, url, flags); +#endif +#ifdef HAVE_TROUSERS + if (strstr(url, "tpmkey:") != NULL) + return gnutls_pubkey_import_tpm_url(key, url, NULL, 0); +#endif + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +} + +/** * gnutls_pubkey_import_rsa_raw: * @key: Is a structure will hold the parameters * @m: holds the modulus diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 562e30c3ef..08fea1a6d9 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -75,6 +75,10 @@ gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey, unsigned int flags); int +gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url, + unsigned int flags); + +int gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey, const gnutls_datum_t * fdata, gnutls_x509_crt_fmt_t format, @@ -221,6 +225,8 @@ gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey, const char* url, const char *srk_password, const char *key_password, unsigned int flags); +int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url); + int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url); int diff --git a/lib/libgnutls.map b/lib/libgnutls.map index f186b2531f..e8097a87b5 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -817,6 +817,8 @@ GNUTLS_3_1_0 { gnutls_tpm_privkey_delete; gnutls_pubkey_import_tpm_url; gnutls_privkey_import_tpm_url; + gnutls_privkey_import_url; + gnutls_pubkey_import_url; } GNUTLS_3_0_0; GNUTLS_PRIVATE { @@ -142,9 +142,6 @@ load_keys (void) unsigned int i; gnutls_datum_t data = { NULL, 0 }; gnutls_x509_crt_t crt_list[MAX_CRT]; -#ifdef ENABLE_PKCS11 - gnutls_pkcs11_privkey_t pkcs11_key; -#endif unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE]; if (x509_certfile != NULL && x509_keyfile != NULL) @@ -227,12 +224,10 @@ load_keys (void) gnutls_strerror (ret)); exit (1); } - -#ifdef ENABLE_PKCS11 - if (strncmp (x509_keyfile, "pkcs11:", 7) == 0) + else if (strncmp (x509_keyfile, "tpmkey:", 7) == 0 || strncmp (x509_keyfile, "pkcs11:", 7) == 0) { ret = - gnutls_privkey_import_pkcs11_url (x509_key, x509_keyfile); + gnutls_privkey_import_url (x509_key, x509_keyfile, 0); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", @@ -241,21 +236,6 @@ load_keys (void) } } else -#endif /* ENABLE_PKCS11 */ -#ifdef HAVE_TROUSERS - if (strncmp (x509_keyfile, "tpmkey:", 7) == 0) - { - ret = - gnutls_privkey_import_tpm_url (x509_key, x509_keyfile, NULL, NULL, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading url: %s\n", - gnutls_strerror (ret)); - exit (1); - } - } - else -#endif /* HAVE_TROUSERS */ { ret = gnutls_load_file (x509_keyfile, &data); if (ret < 0) @@ -319,20 +299,9 @@ load_keys (void) exit (1); } -#ifdef ENABLE_PKCS11 - if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0) + if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0 || strncmp (pgp_keyfile, "tpmkey:", 7) == 0) { - gnutls_pkcs11_privkey_init (&pkcs11_key); - - ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading url: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_privkey_import_pkcs11( pgp_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", @@ -341,7 +310,6 @@ load_keys (void) } } else -#endif /* ENABLE_PKCS11 */ { ret = gnutls_load_file (pgp_keyfile, &data); if (ret < 0) |