gboolean
gkd_ssh_agent_proto_read_pair_v1 (EggBuffer *req,
gsize *offset,
GckBuilder *priv_attrs,
GckBuilder *pub_attrs)
{
const GckAttribute *attr;
g_assert (req);
g_assert (offset);
g_assert (priv_attrs);
g_assert (pub_attrs);
if (!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_MODULUS) ||
!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PUBLIC_EXPONENT) ||
!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIVATE_EXPONENT) ||
!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_COEFFICIENT) ||
!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_1) ||
!gkd_ssh_agent_proto_read_mpi_v1 (req, offset, priv_attrs, CKA_PRIME_2))
return FALSE;
/* Copy attributes to the public key */
attr = gck_builder_find (priv_attrs, CKA_MODULUS);
gck_builder_add_attribute (pub_attrs, attr);
attr = gck_builder_find (priv_attrs, CKA_PUBLIC_EXPONENT);
gck_builder_add_attribute (pub_attrs, attr);
/* Add in your basic other required attributes */
gck_builder_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
gck_builder_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_RSA);
gck_builder_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gck_builder_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_RSA);
return TRUE;
}
static GckObject *
lookup_public_key (GckObject *object,
GCancellable *cancellable,
GError **lerror)
{
GckBuilder builder = GCK_BUILDER_INIT;
gulong attr_types[] = { CKA_ID };
GckAttributes *attrs;
GError *error = NULL;
GckSession *session;
GckObject *result;
const GckAttribute *id;
GList *objects;
attrs = gck_object_cache_lookup (object, attr_types, G_N_ELEMENTS (attr_types),
cancellable, &error);
if (error != NULL) {
_gcr_debug ("couldn't load private key id: %s", error->message);
g_propagate_error (lerror, error);
return NULL;
}
id = gck_attributes_find (attrs, CKA_ID);
if (id == NULL || gck_attribute_is_invalid (id)) {
gck_attributes_unref (attrs);
_gcr_debug ("couldn't load private key id");
g_set_error_literal (lerror, GCK_ERROR, CKR_ATTRIBUTE_TYPE_INVALID,
gck_message_from_rv (CKR_ATTRIBUTE_TYPE_INVALID));
return NULL;
}
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_PUBLIC_KEY);
gck_builder_add_attribute (&builder, id);
gck_attributes_unref (attrs);
session = gck_object_get_session (object);
objects = gck_session_find_objects (session, gck_builder_end (&builder), cancellable, &error);
g_object_unref (session);
if (error != NULL) {
_gcr_debug ("couldn't lookup public key: %s", error->message);
g_propagate_error (lerror, error);
return NULL;
}
if (!objects)
return NULL;
result = g_object_ref (objects->data);
gck_list_unref_free (objects);
return result;
}
gboolean
gkd_ssh_agent_proto_read_pair_dsa (EggBuffer *req,
gsize *offset,
GckBuilder *priv_attrs,
GckBuilder *pub_attrs)
{
const GckAttribute *attr;
g_assert (req);
g_assert (offset);
g_assert (priv_attrs);
g_assert (pub_attrs);
if (!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_PRIME) ||
!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_SUBPRIME) ||
!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_BASE) ||
!gkd_ssh_agent_proto_read_mpi (req, offset, pub_attrs, CKA_VALUE) ||
!gkd_ssh_agent_proto_read_mpi (req, offset, priv_attrs, CKA_VALUE))
return FALSE;
/* Copy attributes to the public key */
attr = gck_builder_find (priv_attrs, CKA_PRIME);
gck_builder_add_attribute (pub_attrs, attr);
attr = gck_builder_find (priv_attrs, CKA_SUBPRIME);
gck_builder_add_attribute (pub_attrs, attr);
attr = gck_builder_find (priv_attrs, CKA_BASE);
gck_builder_add_attribute (pub_attrs, attr);
/* Add in your basic other required attributes */
gck_builder_add_ulong (priv_attrs, CKA_CLASS, CKO_PRIVATE_KEY);
gck_builder_add_ulong (priv_attrs, CKA_KEY_TYPE, CKK_DSA);
gck_builder_add_ulong (pub_attrs, CKA_CLASS, CKO_PUBLIC_KEY);
gck_builder_add_ulong (pub_attrs, CKA_KEY_TYPE, CKK_DSA);
return TRUE;
}
GckObject*
gkd_secret_create_with_credential (GckSession *session, GckAttributes *attrs,
GckObject *cred, GError **error)
{
GckBuilder builder = GCK_BUILDER_INIT;
const GckAttribute *attr;
gboolean token;
gck_builder_add_ulong (&builder, CKA_G_CREDENTIAL, gck_object_get_handle (cred));
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_COLLECTION);
attr = gck_attributes_find (attrs, CKA_LABEL);
if (attr != NULL)
gck_builder_add_attribute (&builder, attr);
if (!gck_attributes_find_boolean (attrs, CKA_TOKEN, &token))
token = FALSE;
gck_builder_add_boolean (&builder, CKA_TOKEN, token);
return gck_session_create_object (session, gck_builder_end (&builder), NULL, error);
}
static GckObject*
collection_find_matching_item (GkdSecretObjects *self,
GckSession *session,
const gchar *identifier,
const GckAttribute *fields)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckObject *result = NULL;
GError *error = NULL;
GckObject *search;
gpointer data;
gsize n_data;
/* Find items matching the collection and fields */
gck_builder_add_attribute (&builder, fields);
gck_builder_add_string (&builder, CKA_G_COLLECTION, identifier);
gck_builder_add_ulong (&builder, CKA_CLASS, CKO_G_SEARCH);
gck_builder_add_boolean (&builder, CKA_TOKEN, FALSE);
/* Create the search object */
search = gck_session_create_object (session, gck_builder_end (&builder), NULL, &error);
if (error != NULL) {
g_warning ("couldn't search for matching item: %s", egg_error_message (error));
g_clear_error (&error);
return NULL;
}
/* Get the matched item handles, and delete the search object */
data = gck_object_get_data (search, CKA_G_MATCHED, NULL, &n_data, NULL);
gck_object_destroy (search, NULL, NULL);
g_object_unref (search);
if (n_data >= sizeof (CK_OBJECT_HANDLE))
result = gck_object_from_handle (session, *((CK_OBJECT_HANDLE_PTR)data));
g_free (data);
return result;
}
