/**
* gnutls_privkey_import_openpgp_raw:
* @pkey: The private key
* @data: The private key data to be imported
* @format: The format of the private key
* @keyid: The key id to use (optional)
* @password: A password (optional)
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
const gnutls_openpgp_keyid_t keyid,
const char *password)
{
gnutls_openpgp_privkey_t xpriv;
int ret;
ret = gnutls_openpgp_privkey_init(&xpriv);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
gnutls_openpgp_privkey_import(xpriv, data, format, password,
0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
if (keyid) {
ret =
gnutls_openpgp_privkey_set_preferred_key_id(xpriv,
keyid);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret =
gnutls_privkey_import_openpgp(pkey, xpriv,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
gnutls_openpgp_privkey_deinit(xpriv);
return ret;
}
/* Load the certificate and the private key.
*/
static void
load_keys (void)
{
unsigned int crt_num;
int ret;
gnutls_datum_t data;
if (x509_certfile != NULL && x509_keyfile != NULL)
{
data = load_file (x509_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
crt_num = MAX_CRT;
ret =
gnutls_x509_crt_list_import (x509_crt, &crt_num, &data,
GNUTLS_X509_FMT_PEM,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret < 0)
{
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fprintf (stderr,
"*** Error loading cert file: Too many certs %d\n",
crt_num);
}
else
{
fprintf (stderr,
"*** Error loading cert file: %s\n",
gnutls_strerror (ret));
}
exit (1);
}
x509_crt_size = ret;
fprintf (stderr, "Processed %d client certificates...\n", ret);
unload_file (data);
data = load_file (x509_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
gnutls_x509_privkey_init (&x509_key);
ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (data);
fprintf (stderr, "Processed %d client X.509 certificates...\n",
x509_crt_size);
}
#ifdef ENABLE_OPENPGP
if (pgp_certfile != NULL && pgp_keyfile != NULL)
{
data = load_file (pgp_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP cert file.\n");
exit (1);
}
gnutls_openpgp_crt_init (&pgp_crt);
ret =
gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP cert file: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (data);
data = load_file (pgp_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP key file.\n");
exit (1);
}
gnutls_openpgp_privkey_init (&pgp_key);
ret =
gnutls_openpgp_privkey_import (pgp_key, &data,
GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (data);
if (info.pgp_subkey != NULL)
{
gnutls_openpgp_keyid_t keyid;
if (strcasecmp (info.pgp_subkey, "auto") == 0)
{
ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1);
if (ret < 0)
{
fprintf (stderr,
"*** Error setting preferred sub key id (%s): %s\n",
info.pgp_subkey, gnutls_strerror (ret));
exit (1);
}
}
else
get_keyid (keyid, info.pgp_subkey);
ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid);
if (ret >= 0)
ret =
gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid);
if (ret < 0)
{
fprintf (stderr,
"*** Error setting preferred sub key id (%s): %s\n",
info.pgp_subkey, gnutls_strerror (ret));
exit (1);
}
}
fprintf (stderr, "Processed 1 client PGP certificate...\n");
}
#endif
}
/* Load the certificate and the private key.
*/
static void
load_keys (void)
{
unsigned int crt_num;
int ret, i;
gnutls_datum_t data = { NULL, 0 };
gnutls_x509_crt_t crt_list[MAX_CRT];
#ifdef ENABLE_PKCS11
gnutls_pkcs11_privkey_t pkcs11_key;
#endif
gnutls_x509_privkey_t tmp_key;
unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
{
#ifdef ENABLE_PKCS11
if (strncmp (x509_certfile, "pkcs11:", 7) == 0)
{
crt_num = 1;
gnutls_x509_crt_init (&crt_list[0]);
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile,
GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
x509_crt_size = 1;
}
else
#endif /* ENABLE_PKCS11 */
{
data = load_file (x509_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
crt_num = MAX_CRT;
ret =
gnutls_x509_crt_list_import (crt_list, &crt_num, &data,
GNUTLS_X509_FMT_PEM,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret < 0)
{
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fprintf (stderr,
"*** Error loading cert file: Too many certs %d\n",
crt_num);
}
else
{
fprintf (stderr,
"*** Error loading cert file: %s\n",
gnutls_strerror (ret));
}
exit (1);
}
x509_crt_size = ret;
}
for (i=0;i<x509_crt_size;i++)
{
ret = gnutls_pcert_import_x509(&x509_crt[i], crt_list[i], 0);
if (ret < 0)
{
fprintf(stderr, "*** Error importing crt to pcert: %s\n",
gnutls_strerror(ret));
exit(1);
}
gnutls_x509_crt_deinit(crt_list[i]);
}
unload_file (&data);
ret = gnutls_privkey_init(&x509_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
#ifdef ENABLE_PKCS11
if (strncmp (x509_keyfile, "pkcs11:", 7) == 0)
{
gnutls_pkcs11_privkey_init (&pkcs11_key);
ret =
gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_pkcs11( x509_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
#endif /* ENABLE_PKCS11 */
{
data = load_file (x509_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
gnutls_x509_privkey_init (&tmp_key);
ret =
gnutls_x509_privkey_import (tmp_key, &data, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_x509( x509_key, tmp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
}
fprintf (stdout, "Processed %d client X.509 certificates...\n",
x509_crt_size);
}
#ifdef ENABLE_OPENPGP
if (info.pgp_subkey != NULL)
{
get_keyid (keyid, info.pgp_subkey);
}
if (pgp_certfile != NULL && pgp_keyfile != NULL)
{
gnutls_openpgp_crt_t tmp_pgp_crt;
data = load_file (pgp_certfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP cert file.\n");
exit (1);
}
gnutls_openpgp_crt_init (&tmp_pgp_crt);
ret =
gnutls_pcert_import_openpgp_raw (&pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64, info.pgp_subkey!=NULL?keyid:NULL, 0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP cert file: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
ret = gnutls_privkey_init(&pgp_key);
if (ret < 0)
{
fprintf (stderr, "*** Error initializing key: %s\n",
gnutls_strerror (ret));
exit (1);
}
#ifdef ENABLE_PKCS11
if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0)
{
gnutls_pkcs11_privkey_init (&pkcs11_key);
ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
ret = gnutls_privkey_import_pkcs11( pgp_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
}
else
#endif /* ENABLE_PKCS11 */
{
gnutls_openpgp_privkey_t tmp_pgp_key;
data = load_file (pgp_keyfile);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading PGP key file.\n");
exit (1);
}
gnutls_openpgp_privkey_init (&tmp_pgp_key);
ret =
gnutls_openpgp_privkey_import (tmp_pgp_key, &data,
GNUTLS_OPENPGP_FMT_BASE64, NULL,
0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading PGP key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
if (info.pgp_subkey != NULL)
{
ret =
gnutls_openpgp_privkey_set_preferred_key_id (tmp_pgp_key, keyid);
if (ret < 0)
{
fprintf (stderr,
"*** Error setting preferred sub key id (%s): %s\n",
info.pgp_subkey, gnutls_strerror (ret));
exit (1);
}
}
ret = gnutls_privkey_import_openpgp( pgp_key, tmp_pgp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
gnutls_strerror (ret));
exit (1);
}
unload_file (&data);
}
fprintf (stdout, "Processed 1 client PGP certificate...\n");
}
#endif
}
/**
* gnutls_certificate_set_openpgp_key_mem2 - Used to set OpenPGP keys
* @res: the destination context to save the data.
* @cert: the datum that contains the public key.
* @key: the datum that contains the secret key.
* @subkey_id: a hex encoded subkey id
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
* credentials structure. The files should only contain one key which
* is not encrypted.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
* retrieve the subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
*
* Since: 2.4.0
**/
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
const char *subkey_id,
gnutls_openpgp_crt_fmt_t format)
{
gnutls_openpgp_privkey_t pkey;
gnutls_openpgp_crt_t crt;
int ret;
ret = gnutls_openpgp_privkey_init (&pkey);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
return ret;
}
ret = gnutls_openpgp_crt_init (&crt);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
return ret;
}
ret = gnutls_openpgp_crt_import (crt, cert, format);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}
if (subkey_id != NULL)
{
gnutls_openpgp_keyid_t keyid;
if (strcasecmp (subkey_id, "auto") == 0)
ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
else
ret = get_keyid (keyid, subkey_id);
if (ret >= 0)
{
ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
if (ret >= 0)
ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}
}
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}
