/**
* gnutls_privkey_get_pk_algorithm:
* @key: should contain a #gnutls_privkey_t type
* @bits: If set will return the number of bits of the parameters (may be NULL)
*
* This function will return the public key algorithm of a private
* key and if possible will return a number of bits that indicates
* the security parameter of the key.
*
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative error code on error.
*
* Since: 2.12.0
**/
int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, unsigned int *bits)
{
switch (key->type) {
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return gnutls_openpgp_privkey_get_pk_algorithm(key->key.openpgp,
bits);
#endif
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.pkcs11,
bits);
#endif
case GNUTLS_PRIVKEY_X509:
if (bits)
*bits =
_gnutls_mpi_get_nbits(key->key.x509->
params.params[0]);
return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
case GNUTLS_PRIVKEY_EXT:
if (bits)
*bits = 0;
return key->pk_algorithm;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
}
/**
* gnutls_privkey_import_pkcs11:
* @pkey: The private key
* @key: The private key to be imported
* @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t type.
*
* The #gnutls_pkcs11_privkey_t object must not be deallocated
* during the lifetime of this structure.
*
* @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
* and %GNUTLS_PRIVKEY_IMPORT_COPY.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 2.12.0
**/
int
gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, unsigned int flags)
{
int ret;
ret = check_if_clean(pkey);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
pkey->flags = flags;
if (pkey->pin.data)
gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb,
pkey->pin.data);
return 0;
}
/**
* gnutls_privkey_import_pkcs11:
* @pkey: The private key
* @key: The private key to be imported
* @flags: should be zero
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
int
gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, unsigned int flags)
{
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
pkey->flags = flags;
return 0;
}
int
_pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags)
{
gnutls_pubkey_t pubkey = NULL;
gnutls_pkcs11_obj_t obj = NULL;
ck_key_type_t key_type;
int ret;
PKCS11_CHECK_INIT_PRIVKEY(pkey);
if (!pkey) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pkcs11_obj_init(&obj);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0);
obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
pk_to_genmech(obj->pk_algorithm, &key_type);
gnutls_pubkey_set_pin_function(pubkey, pkey->pin.cb, pkey->pin.data);
/* we can only read the public key from RSA keys */
if (key_type != CKK_RSA) {
/* try opening the public key object if it exists */
ret = load_pubkey_obj(pkey, pubkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pubkey_import_pkcs11(pubkey, obj, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
*pub = pubkey;
pubkey = NULL;
ret = 0;
cleanup:
if (obj != NULL)
gnutls_pkcs11_obj_deinit(obj);
if (pubkey != NULL)
gnutls_pubkey_deinit(pubkey);
return ret;
}
