int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, gnutls_datum_t *x, gnutls_datum_t *y, gnutls_datum_t *k) { gnutls_pk_params_st params; int ret; gnutls_pk_params_init(¶ms); params.flags = curve; params.algo = GNUTLS_PK_EC; x->data = NULL; y->data = NULL; k->data = NULL; ret = _gnutls_pk_generate_keys(GNUTLS_PK_EC, curve, ¶ms); if (ret < 0) { return gnutls_assert_val(ret); } ret = _gnutls_mpi_dprint_lz(params.params[ECC_X], x); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_mpi_dprint_lz(params.params[ECC_Y], y); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_mpi_dprint_lz(params.params[ECC_K], k); if (ret < 0) { gnutls_assert(); goto fail; } ret = 0; goto cleanup; fail: gnutls_free(y->data); gnutls_free(x->data); gnutls_free(k->data); cleanup: gnutls_pk_params_clear(¶ms); return ret; }
int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, gnutls_ecc_curve_t * curve, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * k) { int ret; if (params == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } if (curve) *curve = params->flags; /* X */ if (x) { ret = _gnutls_mpi_dprint_lz(params->params[ECC_X], x); if (ret < 0) { gnutls_assert(); return ret; } } /* Y */ if (y) { ret = _gnutls_mpi_dprint_lz(params->params[ECC_Y], y); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(x); return ret; } } /* K */ if (k) { ret = _gnutls_mpi_dprint_lz(params->params[ECC_K], k); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(x); _gnutls_free_datum(y); return ret; } } return 0; }
/** * gnutls_x509_privkey_export_ecc_raw: * @key: a structure that holds the rsa parameters * @curve: will hold the curve * @x: will hold the x coordinate * @y: will hold the y coordinate * @k: will hold the private key * * This function will export the ECC private key's parameters found * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.0 **/ int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key, gnutls_ecc_curve_t *curve, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t* k) { int ret; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } *curve = key->params.flags; /* X */ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x); if (ret < 0) { gnutls_assert (); return ret; } /* Y */ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (x); return ret; } /* K */ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_K], k); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (x); _gnutls_free_datum (y); return ret; } return 0; }
int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, gnutls_datum_t *priv_key, gnutls_datum_t *pub_key) { gnutls_pk_params_st params; int ret; gnutls_pk_params_init(¶ms); params.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); params.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); params.params_nr = 3; /* include empty q */ params.algo = GNUTLS_PK_DH; priv_key->data = NULL; pub_key->data = NULL; ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms); if (ret < 0) { return gnutls_assert_val(ret); } ret = _gnutls_mpi_dprint_lz(params.params[DH_X], priv_key); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_mpi_dprint_lz(params.params[DH_Y], pub_key); if (ret < 0) { gnutls_assert(); goto fail; } ret = 0; goto cleanup; fail: gnutls_free(pub_key->data); gnutls_free(priv_key->data); cleanup: gnutls_pk_params_clear(¶ms); return ret; }
int _gnutls_buffer_append_mpi (gnutls_buffer_st * buf, int pfx_size, bigint_t mpi, int lz) { gnutls_datum_t dd; int ret; if (lz) ret = _gnutls_mpi_dprint_lz (mpi, &dd); else ret = _gnutls_mpi_dprint (mpi, &dd); if (ret < 0) return gnutls_assert_val(ret); ret = _gnutls_buffer_append_data_prefix(buf, pfx_size, dd.data, dd.size); _gnutls_free_datum(&dd); return ret; }
/** * gnutls_x509_privkey_export_dsa_raw: * @key: a structure that holds the DSA parameters * @p: will hold the p * @q: will hold the q * @g: will hold the g * @y: will hold the y * @x: will hold the x * * This function will export the DSA private key's parameters found * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x) { int ret; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } /* P */ ret = _gnutls_mpi_dprint_lz (key->params.params[0], p); if (ret < 0) { gnutls_assert (); return ret; } /* Q */ ret = _gnutls_mpi_dprint_lz (key->params.params[1], q); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (p); return ret; } /* G */ ret = _gnutls_mpi_dprint_lz (key->params.params[2], g); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (p); _gnutls_free_datum (q); return ret; } /* Y */ ret = _gnutls_mpi_dprint_lz (key->params.params[3], y); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (p); _gnutls_free_datum (g); _gnutls_free_datum (q); return ret; } /* X */ ret = _gnutls_mpi_dprint_lz (key->params.params[4], x); if (ret < 0) { gnutls_assert (); _gnutls_free_datum (y); _gnutls_free_datum (p); _gnutls_free_datum (g); _gnutls_free_datum (q); return ret; } return 0; }
/** * gnutls_x509_privkey_export_rsa_raw2: * @key: a structure that holds the rsa parameters * @m: will hold the modulus * @e: will hold the public exponent * @d: will hold the private exponent * @p: will hold the first prime (p) * @q: will hold the second prime (q) * @u: will hold the coefficient * @e1: will hold e1 = d mod (p-1) * @e2: will hold e2 = d mod (q-1) * * This function will export the RSA private key's parameters found * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 2.12.0 **/ int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, gnutls_datum_t * e1, gnutls_datum_t * e2) { int ret; gnutls_pk_params_st pk_params; gnutls_pk_params_init(&pk_params); if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } m->data = e->data = d->data = p->data = q->data = u->data = NULL; m->size = e->size = d->size = p->size = q->size = u->size = 0; ret = _gnutls_pk_params_copy (&pk_params, &key->params); if (ret < 0) { gnutls_assert (); return ret; } ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params); if (ret < 0) { gnutls_assert (); goto error; } ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m); if (ret < 0) { gnutls_assert (); goto error; } /* E */ ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e); if (ret < 0) { gnutls_assert (); goto error; } /* D */ ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d); if (ret < 0) { gnutls_assert (); goto error; } /* P */ ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p); if (ret < 0) { gnutls_assert (); goto error; } /* Q */ ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q); if (ret < 0) { gnutls_assert (); goto error; } /* U */ ret = _gnutls_mpi_dprint_lz (key->params.params[5], u); if (ret < 0) { gnutls_assert (); goto error; } /* E1 */ if (e1) { ret = _gnutls_mpi_dprint_lz (key->params.params[6], e1); if (ret < 0) { gnutls_assert (); goto error; } } /* E2 */ if (e2) { ret = _gnutls_mpi_dprint_lz (key->params.params[7], e2); if (ret < 0) { gnutls_assert (); goto error; } } gnutls_pk_params_release (&pk_params); return 0; error: _gnutls_free_datum (m); _gnutls_free_datum (d); _gnutls_free_datum (e); _gnutls_free_datum (p); _gnutls_free_datum (q); gnutls_pk_params_release (&pk_params); return ret; }
/* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) { int result; opaque null = '\0'; gnutls_pk_params_st pk_params; gnutls_datum_t m, e, d, p, q, u, exp1, exp2; memset (&pk_params, 0, sizeof (pk_params)); memset (&m, 0, sizeof (m)); memset (&p, 0, sizeof (e)); memset (&q, 0, sizeof (d)); memset (&p, 0, sizeof (p)); memset (&q, 0, sizeof (q)); memset (&u, 0, sizeof (u)); memset (&exp1, 0, sizeof (exp1)); memset (&exp2, 0, sizeof (exp2)); result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS); if (result < 0) { gnutls_assert (); return result; } result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params); if (result < 0) { gnutls_assert (); goto cleanup; } /* retrieve as data */ result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2); if (result < 0) { gnutls_assert (); goto cleanup; } /* Ok. Now we have the data. Create the asn1 structures */ /* first make sure that no previously allocated data are leaked */ if (*c2 != ASN1_TYPE_EMPTY) { asn1_delete_structure (c2); *c2 = ASN1_TYPE_EMPTY; } if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } /* Write PRIME */ if ((result = asn1_write_value (*c2, "modulus", m.data, m.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "publicExponent", e.data, e.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "privateExponent", d.data, d.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "prime1", p.data, p.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "prime2", q.data, q.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "coefficient", u.data, u.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "exponent1", exp1.data, exp1.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "exponent2", exp2.data, exp2.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "otherPrimeInfos", NULL, 0)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); goto cleanup; } result = 0; cleanup: if (result != 0) asn1_delete_structure (c2); gnutls_pk_params_release (&pk_params); _gnutls_free_datum (&m); _gnutls_free_datum (&d); _gnutls_free_datum (&e); _gnutls_free_datum (&p); _gnutls_free_datum (&q); _gnutls_free_datum (&u); _gnutls_free_datum (&exp1); _gnutls_free_datum (&exp2); return result; }
int _gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x) { int ret; if (params == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } if (params->algo != GNUTLS_PK_DSA) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } /* P */ if (p) { ret = _gnutls_mpi_dprint_lz(params->params[0], p); if (ret < 0) { gnutls_assert(); return ret; } } /* Q */ if (q) { ret = _gnutls_mpi_dprint_lz(params->params[1], q); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(p); return ret; } } /* G */ if (g) { ret = _gnutls_mpi_dprint_lz(params->params[2], g); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(p); _gnutls_free_datum(q); return ret; } } /* Y */ if (y) { ret = _gnutls_mpi_dprint_lz(params->params[3], y); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(p); _gnutls_free_datum(g); _gnutls_free_datum(q); return ret; } } /* X */ if (x) { ret = _gnutls_mpi_dprint_lz(params->params[4], x); if (ret < 0) { gnutls_assert(); _gnutls_free_datum(y); _gnutls_free_datum(p); _gnutls_free_datum(g); _gnutls_free_datum(q); return ret; } } return 0; }
int _gnutls_params_get_rsa_raw(const gnutls_pk_params_st* params, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, gnutls_datum_t * e1, gnutls_datum_t * e2) { int ret; if (params == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } if (params->algo != GNUTLS_PK_RSA) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } if (m) { ret = _gnutls_mpi_dprint_lz(params->params[0], m); if (ret < 0) { gnutls_assert(); goto error; } } /* E */ if (e) { ret = _gnutls_mpi_dprint_lz(params->params[1], e); if (ret < 0) { gnutls_assert(); goto error; } } /* D */ if (d && params->params[2]) { ret = _gnutls_mpi_dprint_lz(params->params[2], d); if (ret < 0) { gnutls_assert(); goto error; } } else if (d) { d->data = NULL; d->size = 0; } /* P */ if (p && params->params[3]) { ret = _gnutls_mpi_dprint_lz(params->params[3], p); if (ret < 0) { gnutls_assert(); goto error; } } else if (p) { p->data = NULL; p->size = 0; } /* Q */ if (q && params->params[4]) { ret = _gnutls_mpi_dprint_lz(params->params[4], q); if (ret < 0) { gnutls_assert(); goto error; } } else if (q) { q->data = NULL; q->size = 0; } /* U */ if (u && params->params[5]) { ret = _gnutls_mpi_dprint_lz(params->params[5], u); if (ret < 0) { gnutls_assert(); goto error; } } else if (u) { u->data = NULL; u->size = 0; } /* E1 */ if (e1 && params->params[6]) { ret = _gnutls_mpi_dprint_lz(params->params[6], e1); if (ret < 0) { gnutls_assert(); goto error; } } else if (e1) { e1->data = NULL; e1->size = 0; } /* E2 */ if (e2 && params->params[7]) { ret = _gnutls_mpi_dprint_lz(params->params[7], e2); if (ret < 0) { gnutls_assert(); goto error; } } else if (e2) { e2->data = NULL; e2->size = 0; } return 0; error: _gnutls_free_datum(m); _gnutls_free_datum(d); _gnutls_free_datum(e); _gnutls_free_datum(e1); _gnutls_free_datum(e2); _gnutls_free_datum(p); _gnutls_free_datum(q); return ret; }
/** * gnutls_pkcs11_copy_x509_privkey: * @token_url: A PKCS #11 URL specifying a token * @key: A private key * @label: A name to be used for the stored data * @key_usage: One of GNUTLS_KEY_* * @flags: One of GNUTLS_PKCS11_OBJ_* flags * * This function will copy a private key into a PKCS #11 token specified by * a URL. It is highly recommended flags to contain %GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE * unless there is a strong reason not to. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 2.12.0 **/ int gnutls_pkcs11_copy_x509_privkey(const char *token_url, gnutls_x509_privkey_t key, const char *label, unsigned int key_usage, unsigned int flags) { int ret; struct p11_kit_uri *info = NULL; ck_rv_t rv; size_t id_size; uint8_t id[20]; struct ck_attribute a[16]; ck_object_class_t class = CKO_PRIVATE_KEY; ck_object_handle_t obj; ck_key_type_t type; int a_val; gnutls_pk_algorithm_t pk; gnutls_datum_t p, q, g, y, x; gnutls_datum_t m, e, d, u, exp1, exp2; struct pkcs11_session_info sinfo; PKCS11_CHECK_INIT; memset(&sinfo, 0, sizeof(sinfo)); memset(&p, 0, sizeof(p)); memset(&q, 0, sizeof(q)); memset(&g, 0, sizeof(g)); memset(&y, 0, sizeof(y)); memset(&x, 0, sizeof(x)); memset(&m, 0, sizeof(m)); memset(&e, 0, sizeof(e)); memset(&d, 0, sizeof(d)); memset(&u, 0, sizeof(u)); memset(&exp1, 0, sizeof(exp1)); memset(&exp2, 0, sizeof(exp2)); ret = pkcs11_url_to_info(token_url, &info); if (ret < 0) { gnutls_assert(); return ret; } id_size = sizeof(id); ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size); if (ret < 0) { p11_kit_uri_free(info); gnutls_assert(); return ret; } ret = pkcs11_open_session(&sinfo, NULL, info, SESSION_WRITE | pkcs11_obj_flags_to_int(flags)); p11_kit_uri_free(info); if (ret < 0) { gnutls_assert(); return ret; } /* FIXME: copy key usage flags */ a_val = 0; a[a_val].type = CKA_CLASS; a[a_val].value = &class; a[a_val].value_len = sizeof(class); a_val++; a[a_val].type = CKA_ID; a[a_val].value = id; a[a_val].value_len = id_size; a_val++; a[a_val].type = CKA_KEY_TYPE; a[a_val].value = &type; a[a_val].value_len = sizeof(type); a_val++; a[a_val].type = CKA_TOKEN; a[a_val].value = (void *) &tval; a[a_val].value_len = sizeof(tval); a_val++; /* a private key is set always as private unless * requested otherwise */ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) { a[a_val].type = CKA_PRIVATE; a[a_val].value = (void *) &fval; a[a_val].value_len = sizeof(fval); a_val++; } else { a[a_val].type = CKA_PRIVATE; a[a_val].value = (void *) &tval; a[a_val].value_len = sizeof(tval); a_val++; } if (label) { a[a_val].type = CKA_LABEL; a[a_val].value = (void *) label; a[a_val].value_len = strlen(label); a_val++; } if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) { a[a_val].type = CKA_SENSITIVE; a[a_val].value = (void *) &tval; a[a_val].value_len = sizeof(tval); a_val++; } else { a[a_val].type = CKA_SENSITIVE; a[a_val].value = (void *) &fval; a[a_val].value_len = sizeof(fval); a_val++; } pk = gnutls_x509_privkey_get_pk_algorithm(key); switch (pk) { case GNUTLS_PK_RSA: { ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &exp1, &exp2); if (ret < 0) { gnutls_assert(); goto cleanup; } type = CKK_RSA; a[a_val].type = CKA_MODULUS; a[a_val].value = m.data; a[a_val].value_len = m.size; a_val++; a[a_val].type = CKA_PUBLIC_EXPONENT; a[a_val].value = e.data; a[a_val].value_len = e.size; a_val++; a[a_val].type = CKA_PRIVATE_EXPONENT; a[a_val].value = d.data; a[a_val].value_len = d.size; a_val++; a[a_val].type = CKA_PRIME_1; a[a_val].value = p.data; a[a_val].value_len = p.size; a_val++; a[a_val].type = CKA_PRIME_2; a[a_val].value = q.data; a[a_val].value_len = q.size; a_val++; a[a_val].type = CKA_COEFFICIENT; a[a_val].value = u.data; a[a_val].value_len = u.size; a_val++; a[a_val].type = CKA_EXPONENT_1; a[a_val].value = exp1.data; a[a_val].value_len = exp1.size; a_val++; a[a_val].type = CKA_EXPONENT_2; a[a_val].value = exp2.data; a[a_val].value_len = exp2.size; a_val++; break; } case GNUTLS_PK_DSA: { ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); if (ret < 0) { gnutls_assert(); goto cleanup; } type = CKK_DSA; a[a_val].type = CKA_PRIME; a[a_val].value = p.data; a[a_val].value_len = p.size; a_val++; a[a_val].type = CKA_SUBPRIME; a[a_val].value = q.data; a[a_val].value_len = q.size; a_val++; a[a_val].type = CKA_BASE; a[a_val].value = g.data; a[a_val].value_len = g.size; a_val++; a[a_val].type = CKA_VALUE; a[a_val].value = x.data; a[a_val].value_len = x.size; a_val++; break; } case GNUTLS_PK_EC: { ret = _gnutls_x509_write_ecc_params(key->params.flags, &p); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_mpi_dprint_lz(&key->params. params[ECC_K], &x); if (ret < 0) { gnutls_assert(); goto cleanup; } type = CKK_ECDSA; a[a_val].type = CKA_EC_PARAMS; a[a_val].value = p.data; a[a_val].value_len = p.size; a_val++; a[a_val].type = CKA_VALUE; a[a_val].value = x.data; a[a_val].value_len = x.size; a_val++; break; } default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; goto cleanup; } rv = pkcs11_create_object(sinfo.module, sinfo.pks, a, a_val, &obj); if (rv != CKR_OK) { gnutls_assert(); _gnutls_debug_log("p11: %s\n", pkcs11_strerror(rv)); ret = pkcs11_rv_to_err(rv); goto cleanup; } ret = 0; cleanup: switch (pk) { case GNUTLS_PK_RSA: { gnutls_free(m.data); gnutls_free(e.data); gnutls_free(d.data); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(u.data); gnutls_free(exp1.data); gnutls_free(exp2.data); break; } case GNUTLS_PK_DSA: { gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); gnutls_free(y.data); gnutls_free(x.data); break; } case GNUTLS_PK_EC: { gnutls_free(p.data); gnutls_free(x.data); break; } default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; break; } if (sinfo.pks != 0) pkcs11_close_session(&sinfo); return ret; }