/* loads a the corresponding to the private key public key either from * a public key object or from a certificate. */ static int load_pubkey_obj(gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t pub) { int ret, iret; gnutls_x509_crt_t crt; ret = gnutls_pubkey_import_url(pub, pkey->url, pkey->flags); if (ret >= 0) { return ret; } iret = ret; /* else try certificate */ ret = gnutls_x509_crt_init(&crt); if (ret < 0) { gnutls_assert(); return ret; } gnutls_x509_crt_set_pin_function(crt, pkey->pin.cb, pkey->pin.data); ret = gnutls_x509_crt_import_url(crt, pkey->url, pkey->flags); if (ret < 0) { ret = iret; goto cleanup; } ret = gnutls_pubkey_import_x509(pub, crt, 0); cleanup: gnutls_x509_crt_deinit(crt); return ret; }
static gnutls_pubkey_t _load_url_pubkey(const char *url) { int ret; gnutls_pubkey_t pubkey; unsigned int obj_flags = 0; ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_import_url(pubkey, url, obj_flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s: %s\n", __func__, __LINE__, gnutls_strerror(ret), url); exit(1); } return pubkey; }
void doit(void) { int ret; const char *lib; gnutls_privkey_t key; gnutls_pubkey_t pub; gnutls_datum_t m1, e1; gnutls_datum_t m2, e2; ret = global_init(); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); lib = getenv("P11MOCKLIB1"); if (lib == NULL) lib = P11LIB; ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_add_provider(lib, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_init(&key); assert(ret>=0); ret = gnutls_pubkey_init(&pub); assert(ret>=0); gnutls_privkey_set_pin_function(key, pin_func, NULL); ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_export_rsa_raw(pub, &m1, &e1); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_pubkey_deinit(pub); gnutls_privkey_deinit(key); /* try again using gnutls_pubkey_import_url */ ret = gnutls_pubkey_init(&pub); assert(ret>=0); ret = gnutls_pubkey_import_url(pub, "pkcs11:object=test;type=public", 0); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_export_rsa_raw(pub, &m2, &e2); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } assert(m1.size == m2.size); assert(e1.size == e2.size); assert(memcmp(e1.data, e2.data, e2.size)==0); assert(memcmp(m1.data, m2.data, m2.size)==0); gnutls_pubkey_deinit(pub); gnutls_free(m1.data); gnutls_free(e1.data); gnutls_free(m2.data); gnutls_free(e2.data); gnutls_pkcs11_deinit(); gnutls_global_deinit(); }
void pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags, common_info_st * info) { gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; int ret; gnutls_datum_t data, sig = {NULL, 0}; int pk; pkcs11_common(info); FIX(url, outfile, 0, info); data.data = (void*)TEST_DATA; data.size = sizeof(TEST_DATA)-1; ret = gnutls_privkey_init(&privkey); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_import_url(privkey, url, flags); if (ret < 0) { fprintf(stderr, "Cannot import private key: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, flags); if (ret < 0) { fprintf(stderr, "Cannot import public key: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &data, &sig); if (ret < 0) { fprintf(stderr, "Cannot sign data: %s\n", gnutls_strerror(ret)); exit(1); } pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); fprintf(stderr, "Verifying against private key parameters... "); ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1), 0, &data, &sig); if (ret < 0) { fprintf(stderr, "Cannot verify signed data: %s\n", gnutls_strerror(ret)); exit(1); } fprintf(stderr, "ok\n"); /* now try to verify against a public key within the token */ gnutls_pubkey_deinit(pubkey); ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_import_url(pubkey, url, flags); if (ret < 0) { fprintf(stderr, "Cannot find a corresponding public key object in token: %s\n", gnutls_strerror(ret)); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) exit(0); exit(1); } fprintf(stderr, "Verifying against public key in the token... "); ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1), 0, &data, &sig); if (ret < 0) { fprintf(stderr, "Cannot verify signed data: %s\n", gnutls_strerror(ret)); exit(1); } fprintf(stderr, "ok\n"); gnutls_free(sig.data); gnutls_pubkey_deinit(pubkey); gnutls_privkey_deinit(privkey); UNFIX; }