static GBytes *
gkm_gnome2_private_key_real_save (GkmSerializable *base, GkmSecret *login)
{
GkmGnome2PrivateKey *self = GKM_GNOME2_PRIVATE_KEY (base);
const gchar *password = NULL;
gsize n_password;
GkmSexp *sexp;
GBytes *result;
g_return_val_if_fail (GKM_IS_GNOME2_PRIVATE_KEY (self), FALSE);
sexp = gkm_gnome2_private_key_real_acquire_crypto_sexp (GKM_SEXP_KEY (self), NULL);
g_return_val_if_fail (sexp, FALSE);
if (login != NULL)
password = gkm_secret_get_password (login, &n_password);
if (password == NULL) {
result = gkm_data_der_write_private_pkcs8_plain (gkm_sexp_get (sexp));
} else {
result = gkm_data_der_write_private_pkcs8_crypted (gkm_sexp_get (sexp), password,
n_password);
}
gkm_sexp_unref (sexp);
return result;
}
static gboolean
gkm_mate2_private_key_real_save (GkmSerializable *base, GkmSecret *login, gpointer *data, gsize *n_data)
{
GkmMate2PrivateKey *self = GKM_MATE2_PRIVATE_KEY (base);
const gchar *password;
gsize n_password;
GkmSexp *sexp;
guchar *key;
g_return_val_if_fail (GKM_IS_MATE2_PRIVATE_KEY (self), FALSE);
g_return_val_if_fail (data, FALSE);
g_return_val_if_fail (n_data, FALSE);
sexp = gkm_mate2_private_key_real_acquire_crypto_sexp (GKM_SEXP_KEY (self), NULL);
g_return_val_if_fail (sexp, FALSE);
password = gkm_secret_get_password (login, &n_password);
if (password == NULL) {
key = gkm_data_der_write_private_pkcs8_plain (gkm_sexp_get (sexp), n_data);
/*
* Caller is expecting normal memory buffer, which makes sense since
* this is being written to disk, and won't be 'secure' anyway.
*/
*data = g_memdup (key, *n_data);
egg_secure_free (key);
} else {
*data = gkm_data_der_write_private_pkcs8_crypted (gkm_sexp_get (sexp), password,
n_password, n_data);
}
gkm_sexp_unref (sexp);
return *data != NULL;
}
static gboolean
gkm_mate2_public_key_real_save (GkmSerializable *base, GkmSecret *login, gpointer *data, gsize *n_data)
{
GkmMate2PublicKey *self = GKM_MATE2_PUBLIC_KEY (base);
GkmSexp *wrapper;
g_return_val_if_fail (GKM_IS_MATE2_PUBLIC_KEY (self), FALSE);
g_return_val_if_fail (data, FALSE);
g_return_val_if_fail (n_data, FALSE);
wrapper = gkm_sexp_key_get_base (GKM_SEXP_KEY (self));
g_return_val_if_fail (wrapper, FALSE);
*data = gkm_data_der_write_public_key (gkm_sexp_get (wrapper), n_data);
return *data != NULL;
}
CK_RV
gkm_crypto_decrypt (GkmSession *session, CK_MECHANISM_TYPE mech, CK_BYTE_PTR encrypted,
CK_ULONG n_encrypted, CK_BYTE_PTR data, CK_ULONG_PTR n_data)
{
GkmSexp *sexp;
switch (mech) {
case CKM_RSA_PKCS:
case CKM_RSA_X_509:
sexp = gkm_session_get_crypto_state (session);
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
return gkm_crypto_decrypt_xsa (gkm_sexp_get (sexp), mech, encrypted, n_encrypted, data, n_data);
default:
g_return_val_if_reached (CKR_GENERAL_ERROR);
}
}
CK_RV
gkm_crypto_verify (GkmSession *session, CK_MECHANISM_TYPE mech, CK_BYTE_PTR data,
CK_ULONG n_data, CK_BYTE_PTR signature, CK_ULONG n_signature)
{
GkmSexp *sexp;
switch (mech) {
case CKM_RSA_PKCS:
case CKM_RSA_X_509:
case CKM_DSA:
sexp = gkm_session_get_crypto_state (session);
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
return gkm_crypto_verify_xsa (gkm_sexp_get (sexp), mech, data, n_data, signature, n_signature);
default:
g_return_val_if_reached (CKR_GENERAL_ERROR);
}
}
