SEXP PKI_load_private_RSA(SEXP what, SEXP sPassword) {
EVP_PKEY *key = 0;
BIO *bio_mem;
if (TYPEOF(sPassword) != STRSXP || LENGTH(sPassword) != 1)
Rf_error("Password must be a string");
PKI_init();
if (TYPEOF(what) == RAWSXP) { /* assuming binary DER format */
RSA *rsa = 0;
const unsigned char *ptr;
ptr = (const unsigned char *) RAW(what);
rsa = d2i_RSAPrivateKey(&rsa, &ptr, LENGTH(what));
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, rsa);
} else if (TYPEOF(what) == STRSXP && LENGTH(what)) {
SEXP b64Key = STRING_ELT(what, 0);
bio_mem = BIO_new_mem_buf((void *) CHAR(b64Key), -1);
key = PEM_read_bio_PrivateKey(bio_mem, 0, 0, (void*) CHAR(STRING_ELT(sPassword, 0)));
BIO_free(bio_mem);
if (!key)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
} else
Rf_error("Private key must be a character or raw vector");
return wrap_EVP_PKEY(key, PKI_KT_PRIVATE);
}
SEXP PKI_cert_public_key(SEXP sCert) {
X509 *cert;
EVP_PKEY *key;
PKI_init();
cert = retrieve_cert(sCert, "");
key = X509_get_pubkey(cert);
if (!key)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
return wrap_EVP_PKEY(key, PKI_KT_PUBLIC);
}
SEXP PKI_RSAkeygen(SEXP sBits) {
EVP_PKEY *key;
RSA *rsa;
int bits = asInteger(sBits);
if (bits < 512)
Rf_error("invalid key size");
rsa = RSA_generate_key(bits, 65537, 0, 0);
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, rsa);
return wrap_EVP_PKEY(key, PKI_KT_PRIVATE | PKI_KT_PUBLIC);
}
SEXP PKI_load_public_RSA(SEXP what) {
EVP_PKEY *key;
RSA *rsa = 0;
const unsigned char *ptr;
if (TYPEOF(what) != RAWSXP)
Rf_error("key must be a raw vector");
ptr = (const unsigned char *) RAW(what);
rsa = d2i_RSA_PUBKEY(&rsa, &ptr, LENGTH(what));
if (!rsa)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, rsa);
return wrap_EVP_PKEY(key, PKI_KT_PUBLIC);
}
SEXP loadPrivateKey(SEXP privateKey) {
EVP_PKEY *key;
BIO *bio_mem;
SEXP b64Key;
if (TYPEOF(privateKey) != STRSXP || LENGTH(privateKey) == 0)
Rf_error("PKCS8 private key must be a character vector of length 1");
b64Key = STRING_ELT(privateKey, 0);
bio_mem = BIO_new_mem_buf((void *) CHAR(b64Key), LENGTH(b64Key));
key = PEM_read_bio_PrivateKey(bio_mem, &key, 0, "Can not ask password.");
if (!key) {
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
}
return wrap_EVP_PKEY(key);
}
SEXP loadPKCS12(SEXP privateKey) {
EVP_PKEY *key;
BIO *bio_mem;
PKCS12 *p12;
X509 *cert;
if (TYPEOF(privateKey) != RAWSXP)
Rf_error("PKCS12 private key must be a raw vector");
bio_mem = BIO_new_mem_buf((void *) RAW(privateKey), LENGTH(privateKey));
p12 = d2i_PKCS12_bio(bio_mem, &p12);
if (!p12
|| !PKCS12_verify_mac(p12, pass, strlen(pass))
|| !PKCS12_parse(p12, pass, &key, &cert, NULL)
|| !key) {
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
}
return wrap_EVP_PKEY(key);
}
