void
pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
unsigned int bits,
const char *label, const char *id, int detailed,
unsigned int flags, common_info_st * info)
{
int ret;
gnutls_datum_t pubkey;
gnutls_datum_t cid = {NULL, 0};
unsigned char raw_id[128];
size_t raw_id_size;
pkcs11_common(info);
FIX(url, outfile, detailed, info);
CHECK_LOGIN_FLAG(flags);
if (id != NULL) {
raw_id_size = sizeof(raw_id);
ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size);
if (ret < 0) {
fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
exit(1);
}
cid.data = raw_id;
cid.size = raw_id_size;
}
if (outfile == stderr || outfile == stdout) {
fprintf(stderr, "warning: no --outfile was specified and the generated public key will be printed on screen.\n");
}
if (label == NULL && info->batch == 0) {
label = read_str("warning: Label was not specified.\nLabel: ");
}
ret =
gnutls_pkcs11_privkey_generate3(url, pk, bits, label, &cid,
GNUTLS_X509_FMT_PEM, &pubkey,
info->key_usage,
flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
if (bits != 1024 && pk == GNUTLS_PK_RSA)
fprintf(stderr,
"note: several smart cards do not support arbitrary size keys; try --bits 1024 or 2048.\n");
exit(1);
}
fwrite(pubkey.data, 1, pubkey.size, outfile);
gnutls_free(pubkey.data);
UNFIX;
return;
}
static void
get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
{
size_t keyid_size = sizeof (keyid);
if (strlen (str) != 16)
{
fprintf (stderr,
"The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
exit (1);
}
if (gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0)
{
fprintf (stderr, "Error converting hex string: %s.\n", str);
exit (1);
}
return;
}
void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size)
{
int ret;
size_t seed_size;
seed->size = hex_size;
seed->data = malloc(hex_size);
if (seed->data == NULL) {
fprintf(stderr, "memory error\n");
exit(1);
}
seed_size = hex_size;
ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size);
if (ret < 0) {
fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
exit(1);
}
seed->size = seed_size;
return;
}
void
pkcs11_write(FILE * outfile, const char *url, const char *label,
const char *id, unsigned flags, common_info_st * info)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
gnutls_pubkey_t xpubkey;
int ret;
gnutls_datum_t *secret_key;
unsigned key_usage = 0;
unsigned char raw_id[128];
size_t raw_id_size;
gnutls_datum_t cid = {NULL, 0};
pkcs11_common(info);
FIX(url, outfile, 0, info);
CHECK_LOGIN_FLAG(flags);
if (label == NULL && info->batch == 0) {
label = read_str("warning: The object's label was not specified.\nLabel: ");
}
if (id != NULL) {
raw_id_size = sizeof(raw_id);
ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size);
if (ret < 0) {
fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
exit(1);
}
cid.data = raw_id;
cid.size = raw_id_size;
}
secret_key = load_secret_key(0, info);
if (secret_key != NULL) {
ret =
gnutls_pkcs11_copy_secret_key(url, secret_key, label,
info->key_usage,
flags |
GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
exit(1);
}
}
xcrt = load_cert(0, info);
if (xcrt != NULL) {
ret = gnutls_pkcs11_copy_x509_crt2(url, xcrt, label, &cid, flags);
if (ret < 0) {
fprintf(stderr, "Error writing certificate: %s\n", gnutls_strerror(ret));
if (((flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) ||
(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)) &&
(flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) == 0)
fprintf(stderr, "note: some tokens may require security officer login for this operation\n");
exit(1);
}
gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL);
gnutls_x509_crt_deinit(xcrt);
}
xkey = load_x509_private_key(0, info);
if (xkey != NULL) {
ret =
gnutls_pkcs11_copy_x509_privkey2(url, xkey, label,
&cid, key_usage|info->key_usage,
flags |
GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
exit(1);
}
gnutls_x509_privkey_deinit(xkey);
}
xpubkey = load_pubkey(0, info);
if (xpubkey != NULL) {
ret =
gnutls_pkcs11_copy_pubkey(url, xpubkey, label,
&cid,
0, flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
exit(1);
}
gnutls_pubkey_deinit(xpubkey);
}
if (xkey == NULL && xcrt == NULL && secret_key == NULL && xpubkey == NULL) {
fprintf(stderr,
"You must use --load-privkey, --load-certificate, --load-pubkey or --secret-key to load the file to be copied\n");
exit(1);
}
UNFIX;
return;
}
