/** * gnutls_privkey_import_openpgp_raw: * @pkey: The private key * @data: The private key data to be imported * @format: The format of the private key * @keyid: The key id to use (optional) * @password: A password (optional) * * This function will import the given private key to the abstract * #gnutls_privkey_t structure. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.0 **/ int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, const gnutls_openpgp_keyid_t keyid, const char *password) { gnutls_openpgp_privkey_t xpriv; int ret; ret = gnutls_openpgp_privkey_init(&xpriv); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } if (keyid) { ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid); if (ret < 0) { gnutls_assert(); goto cleanup; } } ret = gnutls_privkey_import_openpgp(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = 0; cleanup: gnutls_openpgp_privkey_deinit(xpriv); return ret; }
/* Load the certificate and the private key. */ static void load_keys (void) { unsigned int crt_num; int ret; gnutls_datum_t data; if (x509_certfile != NULL && x509_keyfile != NULL) { data = load_file (x509_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading cert file.\n"); exit (1); } crt_num = MAX_CRT; ret = gnutls_x509_crt_list_import (x509_crt, &crt_num, &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret < 0) { if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { fprintf (stderr, "*** Error loading cert file: Too many certs %d\n", crt_num); } else { fprintf (stderr, "*** Error loading cert file: %s\n", gnutls_strerror (ret)); } exit (1); } x509_crt_size = ret; fprintf (stderr, "Processed %d client certificates...\n", ret); unload_file (data); data = load_file (x509_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading key file.\n"); exit (1); } gnutls_x509_privkey_init (&x509_key); ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); fprintf (stderr, "Processed %d client X.509 certificates...\n", x509_crt_size); } #ifdef ENABLE_OPENPGP if (pgp_certfile != NULL && pgp_keyfile != NULL) { data = load_file (pgp_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP cert file.\n"); exit (1); } gnutls_openpgp_crt_init (&pgp_crt); ret = gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fprintf (stderr, "*** Error loading PGP cert file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); data = load_file (pgp_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP key file.\n"); exit (1); } gnutls_openpgp_privkey_init (&pgp_key); ret = gnutls_openpgp_privkey_import (pgp_key, &data, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading PGP key file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); if (info.pgp_subkey != NULL) { gnutls_openpgp_keyid_t keyid; if (strcasecmp (info.pgp_subkey, "auto") == 0) { ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1); if (ret < 0) { fprintf (stderr, "*** Error setting preferred sub key id (%s): %s\n", info.pgp_subkey, gnutls_strerror (ret)); exit (1); } } else get_keyid (keyid, info.pgp_subkey); ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid); if (ret >= 0) ret = gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid); if (ret < 0) { fprintf (stderr, "*** Error setting preferred sub key id (%s): %s\n", info.pgp_subkey, gnutls_strerror (ret)); exit (1); } } fprintf (stderr, "Processed 1 client PGP certificate...\n"); } #endif }
/* Load the certificate and the private key. */ static void load_keys (void) { unsigned int crt_num; int ret, i; gnutls_datum_t data = { NULL, 0 }; gnutls_x509_crt_t crt_list[MAX_CRT]; #ifdef ENABLE_PKCS11 gnutls_pkcs11_privkey_t pkcs11_key; #endif gnutls_x509_privkey_t tmp_key; unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE]; if (x509_certfile != NULL && x509_keyfile != NULL) { #ifdef ENABLE_PKCS11 if (strncmp (x509_certfile, "pkcs11:", 7) == 0) { crt_num = 1; gnutls_x509_crt_init (&crt_list[0]); ret = gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fprintf (stderr, "*** Error loading cert file.\n"); exit (1); } x509_crt_size = 1; } else #endif /* ENABLE_PKCS11 */ { data = load_file (x509_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading cert file.\n"); exit (1); } crt_num = MAX_CRT; ret = gnutls_x509_crt_list_import (crt_list, &crt_num, &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret < 0) { if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { fprintf (stderr, "*** Error loading cert file: Too many certs %d\n", crt_num); } else { fprintf (stderr, "*** Error loading cert file: %s\n", gnutls_strerror (ret)); } exit (1); } x509_crt_size = ret; } for (i=0;i<x509_crt_size;i++) { ret = gnutls_pcert_import_x509(&x509_crt[i], crt_list[i], 0); if (ret < 0) { fprintf(stderr, "*** Error importing crt to pcert: %s\n", gnutls_strerror(ret)); exit(1); } gnutls_x509_crt_deinit(crt_list[i]); } unload_file (&data); ret = gnutls_privkey_init(&x509_key); if (ret < 0) { fprintf (stderr, "*** Error initializing key: %s\n", gnutls_strerror (ret)); exit (1); } #ifdef ENABLE_PKCS11 if (strncmp (x509_keyfile, "pkcs11:", 7) == 0) { gnutls_pkcs11_privkey_init (&pkcs11_key); ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } ret = gnutls_privkey_import_pkcs11( x509_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } } else #endif /* ENABLE_PKCS11 */ { data = load_file (x509_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading key file.\n"); exit (1); } gnutls_x509_privkey_init (&tmp_key); ret = gnutls_x509_privkey_import (tmp_key, &data, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", gnutls_strerror (ret)); exit (1); } ret = gnutls_privkey_import_x509( x509_key, tmp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (&data); } fprintf (stdout, "Processed %d client X.509 certificates...\n", x509_crt_size); } #ifdef ENABLE_OPENPGP if (info.pgp_subkey != NULL) { get_keyid (keyid, info.pgp_subkey); } if (pgp_certfile != NULL && pgp_keyfile != NULL) { gnutls_openpgp_crt_t tmp_pgp_crt; data = load_file (pgp_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP cert file.\n"); exit (1); } gnutls_openpgp_crt_init (&tmp_pgp_crt); ret = gnutls_pcert_import_openpgp_raw (&pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64, info.pgp_subkey!=NULL?keyid:NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading PGP cert file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (&data); ret = gnutls_privkey_init(&pgp_key); if (ret < 0) { fprintf (stderr, "*** Error initializing key: %s\n", gnutls_strerror (ret)); exit (1); } #ifdef ENABLE_PKCS11 if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0) { gnutls_pkcs11_privkey_init (&pkcs11_key); ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } ret = gnutls_privkey_import_pkcs11( pgp_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } } else #endif /* ENABLE_PKCS11 */ { gnutls_openpgp_privkey_t tmp_pgp_key; data = load_file (pgp_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP key file.\n"); exit (1); } gnutls_openpgp_privkey_init (&tmp_pgp_key); ret = gnutls_openpgp_privkey_import (tmp_pgp_key, &data, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading PGP key file: %s\n", gnutls_strerror (ret)); exit (1); } if (info.pgp_subkey != NULL) { ret = gnutls_openpgp_privkey_set_preferred_key_id (tmp_pgp_key, keyid); if (ret < 0) { fprintf (stderr, "*** Error setting preferred sub key id (%s): %s\n", info.pgp_subkey, gnutls_strerror (ret)); exit (1); } } ret = gnutls_privkey_import_openpgp( pgp_key, tmp_pgp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (&data); } fprintf (stdout, "Processed 1 client PGP certificate...\n"); } #endif }
/** * gnutls_certificate_set_openpgp_key_mem2 - Used to set OpenPGP keys * @res: the destination context to save the data. * @cert: the datum that contains the public key. * @key: the datum that contains the secret key. * @subkey_id: a hex encoded subkey id * @format: the format of the keys * * This funtion is used to load OpenPGP keys into the GnuTLS * credentials structure. The files should only contain one key which * is not encrypted. * * The special keyword "auto" is also accepted as @subkey_id. In that * case the gnutls_openpgp_crt_get_auth_subkey() will be used to * retrieve the subkey. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. * * Since: 2.4.0 **/ int gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, const char *subkey_id, gnutls_openpgp_crt_fmt_t format) { gnutls_openpgp_privkey_t pkey; gnutls_openpgp_crt_t crt; int ret; ret = gnutls_openpgp_privkey_init (&pkey); if (ret < 0) { gnutls_assert (); return ret; } ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); return ret; } ret = gnutls_openpgp_crt_init (&crt); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); return ret; } ret = gnutls_openpgp_crt_import (crt, cert, format); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; } if (subkey_id != NULL) { gnutls_openpgp_keyid_t keyid; if (strcasecmp (subkey_id, "auto") == 0) ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); else ret = get_keyid (keyid, subkey_id); if (ret >= 0) { ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); if (ret >= 0) ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); } if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; } } ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; }