diff options
Diffstat (limited to 'lib/x509')
| -rw-r--r-- | lib/x509/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/x509/compat.c | 35 | ||||
| -rw-r--r-- | lib/x509/crl.c | 2 | ||||
| -rw-r--r-- | lib/x509/pkcs7.c | 2 | ||||
| -rw-r--r-- | lib/x509/pkcs7.h | 2 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 168 | ||||
| -rw-r--r-- | lib/x509/x509.c | 2 | ||||
| -rw-r--r-- | lib/x509/x509.h | 15 |
8 files changed, 221 insertions, 7 deletions
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index cedcc7fcb8..5f7305a57e 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -5,7 +5,7 @@ EXTRA_DIST = dn.h common.h x509.h extensions.h pkcs7.h \ noinst_LTLIBRARIES = libx509.la COBJECTS = crl.c dn.c common.c x509.c extensions.c \ - pkcs7.c xml.c rfc2818_hostname.c verify.c mpi.c + pkcs7.c xml.c rfc2818_hostname.c verify.c mpi.c privkey.c COMPAT_OBJECTS = compat.c diff --git a/lib/x509/compat.c b/lib/x509/compat.c index e8e3385bd2..0f8e457a4d 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -746,3 +746,38 @@ int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list return ret; } + +/** + * gnutls_x509_extract_key_pk_algorithm - This function returns the keys's PublicKey algorithm + * @cert: is a DER encoded private key + * + * This function will return the public key algorithm of a DER encoded private + * key. + * + * Returns a member of the gnutls_pk_algorithm enumeration on success, + * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error. + * + **/ +int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key) +{ + gnutls_x509_privkey pkey; + int ret, pk; + + ret = gnutls_x509_privkey_init( &pkey); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_x509_privkey_import( pkey, key, GNUTLS_X509_FMT_DER); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + pk = gnutls_x509_privkey_get_pk_algorithm( pkey); + + gnutls_x509_privkey_deinit( pkey); + return pk; +} + diff --git a/lib/x509/crl.c b/lib/x509/crl.c index fbba7e4f95..fc1d33769b 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -83,7 +83,7 @@ void gnutls_x509_crl_deinit(gnutls_x509_crl crl) * **/ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, - gnutls_x509_crt_format format) + gnutls_x509_crt_fmt format) { int result = 0, need_free = 0; int start, end; diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 175192b237..b82b6ec706 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -81,7 +81,7 @@ void gnutls_pkcs7_deinit(gnutls_pkcs7 pkcs7) * **/ int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data, - gnutls_x509_crt_format format) + gnutls_x509_crt_fmt format) { int result = 0, need_free = 0; gnutls_datum _data = { data->data, data->size }; diff --git a/lib/x509/pkcs7.h b/lib/x509/pkcs7.h index cf5ca7ae6b..e3ad0b817f 100644 --- a/lib/x509/pkcs7.h +++ b/lib/x509/pkcs7.h @@ -8,7 +8,7 @@ typedef struct gnutls_pkcs7_int *gnutls_pkcs7; int gnutls_pkcs7_init(gnutls_pkcs7 * pkcs7); void gnutls_pkcs7_deinit(gnutls_pkcs7 pkcs7); int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data, - gnutls_x509_crt_format format); + gnutls_x509_crt_fmt format); int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, int indx, char* certificate, int* certificate_size); int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c new file mode 100644 index 0000000000..2e5f0a6ad9 --- /dev/null +++ b/lib/x509/privkey.c @@ -0,0 +1,168 @@ +/* + * Copyright (C) 2003 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#include <gnutls_int.h> +#include <gnutls_datum.h> +#include <gnutls_global.h> +#include <gnutls_errors.h> +#include <common.h> +#include <gnutls_x509.h> +#include <x509_b64.h> +#include <x509.h> +#include <dn.h> +#include <extensions.h> +#include <gnutls_privkey.h> + +/** + * gnutls_x509_privkey_init - This function initializes a gnutls_crl structure + * @key: The structure to be initialized + * + * This function will initialize an private key structure. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_privkey_init(gnutls_x509_privkey * key) +{ + *key = gnutls_calloc( 1, sizeof(gnutls_x509_privkey_int)); + + if (*key) { + return 0; /* success */ + } + return GNUTLS_E_MEMORY_ERROR; +} + +/** + * gnutls_x509_privkey_deinit - This function deinitializes memory used by a gnutls_x509_privkey structure + * @key: The structure to be initialized + * + * This function will deinitialize a CRL structure. + * + **/ +void gnutls_x509_privkey_deinit(gnutls_x509_privkey key) +{ + _gnutls_free_datum(&key->raw); + + gnutls_free(key); +} + +#define PEM_KEY_DSA "DSA PRIVATE" +#define PEM_KEY_RSA "RSA PRIVATE" + +/** + * gnutls_x509_privkey_import - This function will import a DER or PEM encoded Certificate + * @key: The structure to store the parsed key + * @data: The DER or PEM encoded certificate. + * @format: One of DER or PEM + * + * This function will convert the given DER or PEM encoded Certificate + * to the native gnutls_x509_privkey format. The output will be stored in 'key'. + * + * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or + * "CERTIFICATE" and must be a null terminated string. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, + gnutls_x509_crt_fmt format) +{ + int result = 0, need_free = 0; + gnutls_datum _data = { data->data, data->size }; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) { + opaque *out; + + /* Try the first header */ + result = _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size, + &out); + + if (result <= 0) { + /* try for the second header */ + result = _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size, + &out); + + if (result <= 0) { + if (result==0) result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert(); + return result; + } + } + + _data.data = out; + _data.size = result; + + need_free = 1; + } + + result = + _gnutls_set_datum(&key->raw, _data.data, _data.size); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + if (need_free) _gnutls_free_datum( &_data); + + return 0; + + cleanup: + _gnutls_free_datum(&key->raw); + if (need_free) _gnutls_free_datum( &_data); + return result; +} + + + +/** + * gnutls_x509_privkey_get_pk_algorithm - This function returns the key's PublicKey algorithm + * @cert: should contain a gnutls_x509_privkey structure + * + * This function will return the public key algorithm of a private + * key. + * + * Returns a member of the gnutls_pk_algorithm enumeration on success, + * or a negative value on error. + * + **/ +int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key) +{ +int cv, pk; + + pk = GNUTLS_PK_UNKNOWN; + + /* The only way to distinguish the keys + * is to count the sequence of integers. + */ + cv = _gnutls_der_check_if_rsa_key( &key->raw); + if (cv==0) + pk = GNUTLS_PK_RSA; + else { + cv = _gnutls_der_check_if_dsa_key( &key->raw); + if (cv==0) + pk = GNUTLS_PK_DSA; + } + + return pk; + +} diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 0d397ae8b6..c44b2c72e1 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -85,7 +85,7 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt cert) * **/ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, - gnutls_x509_crt_format format) + gnutls_x509_crt_fmt format) { int result = 0, need_free = 0; int start, end; diff --git a/lib/x509/x509.h b/lib/x509/x509.h index 315fa7d0a7..f096dcc06f 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -17,8 +17,13 @@ typedef struct gnutls_x509_crt_int { gnutls_pk_algorithm signature_algorithm; } gnutls_x509_crt_int; +typedef struct gnutls_x509_privkey_int { + gnutls_datum raw; /* we only keep raw data for the moment */ +} gnutls_x509_privkey_int; + typedef struct gnutls_x509_crt_int *gnutls_x509_crt; typedef struct gnutls_x509_crl_int *gnutls_x509_crl; +typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey; int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid, int indx, char *buf, int *sizeof_buf); @@ -52,15 +57,21 @@ int gnutls_x509_crl_get_certificate(gnutls_x509_crl crl, int index, void gnutls_x509_crl_deinit(gnutls_x509_crl crl); int gnutls_x509_crl_init(gnutls_x509_crl * crl); int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, - gnutls_x509_crt_format format); + gnutls_x509_crt_fmt format); int gnutls_x509_crt_init(gnutls_x509_crt * cert); void gnutls_x509_crt_deinit(gnutls_x509_crt cert); int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, - gnutls_x509_crt_format format); + gnutls_x509_crt_fmt format); int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage, int *critical); int gnutls_x509_crt_get_version(gnutls_x509_crt cert); +int gnutls_x509_privkey_init(gnutls_x509_privkey * key); +void gnutls_x509_privkey_deinit(gnutls_x509_privkey key); +int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, + gnutls_x509_crt_fmt format); +int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key); + #endif |