void pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, unsigned int bits, const char *label, const char *id, int detailed, unsigned int flags, common_info_st * info) { int ret; gnutls_datum_t pubkey; gnutls_datum_t cid = {NULL, 0}; unsigned char raw_id[128]; size_t raw_id_size; pkcs11_common(info); FIX(url, outfile, detailed, info); CHECK_LOGIN_FLAG(flags); if (id != NULL) { raw_id_size = sizeof(raw_id); ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); exit(1); } cid.data = raw_id; cid.size = raw_id_size; } if (outfile == stderr || outfile == stdout) { fprintf(stderr, "warning: no --outfile was specified and the generated public key will be printed on screen.\n"); } if (label == NULL && info->batch == 0) { label = read_str("warning: Label was not specified.\nLabel: "); } ret = gnutls_pkcs11_privkey_generate3(url, pk, bits, label, &cid, GNUTLS_X509_FMT_PEM, &pubkey, info->key_usage, flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); if (bits != 1024 && pk == GNUTLS_PK_RSA) fprintf(stderr, "note: several smart cards do not support arbitrary size keys; try --bits 1024 or 2048.\n"); exit(1); } fwrite(pubkey.data, 1, pubkey.size, outfile); gnutls_free(pubkey.data); UNFIX; return; }
static void get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) { size_t keyid_size = sizeof (keyid); if (strlen (str) != 16) { fprintf (stderr, "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); exit (1); } if (gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0) { fprintf (stderr, "Error converting hex string: %s.\n", str); exit (1); } return; }
void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size) { int ret; size_t seed_size; seed->size = hex_size; seed->data = malloc(hex_size); if (seed->data == NULL) { fprintf(stderr, "memory error\n"); exit(1); } seed_size = hex_size; ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size); if (ret < 0) { fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); exit(1); } seed->size = seed_size; return; }
void pkcs11_write(FILE * outfile, const char *url, const char *label, const char *id, unsigned flags, common_info_st * info) { gnutls_x509_crt_t xcrt; gnutls_x509_privkey_t xkey; gnutls_pubkey_t xpubkey; int ret; gnutls_datum_t *secret_key; unsigned key_usage = 0; unsigned char raw_id[128]; size_t raw_id_size; gnutls_datum_t cid = {NULL, 0}; pkcs11_common(info); FIX(url, outfile, 0, info); CHECK_LOGIN_FLAG(flags); if (label == NULL && info->batch == 0) { label = read_str("warning: The object's label was not specified.\nLabel: "); } if (id != NULL) { raw_id_size = sizeof(raw_id); ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size); if (ret < 0) { fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret)); exit(1); } cid.data = raw_id; cid.size = raw_id_size; } secret_key = load_secret_key(0, info); if (secret_key != NULL) { ret = gnutls_pkcs11_copy_secret_key(url, secret_key, label, info->key_usage, flags | GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } } xcrt = load_cert(0, info); if (xcrt != NULL) { ret = gnutls_pkcs11_copy_x509_crt2(url, xcrt, label, &cid, flags); if (ret < 0) { fprintf(stderr, "Error writing certificate: %s\n", gnutls_strerror(ret)); if (((flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) || (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)) && (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) == 0) fprintf(stderr, "note: some tokens may require security officer login for this operation\n"); exit(1); } gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL); gnutls_x509_crt_deinit(xcrt); } xkey = load_x509_private_key(0, info); if (xkey != NULL) { ret = gnutls_pkcs11_copy_x509_privkey2(url, xkey, label, &cid, key_usage|info->key_usage, flags | GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } gnutls_x509_privkey_deinit(xkey); } xpubkey = load_pubkey(0, info); if (xpubkey != NULL) { ret = gnutls_pkcs11_copy_pubkey(url, xpubkey, label, &cid, 0, flags); if (ret < 0) { fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); exit(1); } gnutls_pubkey_deinit(xpubkey); } if (xkey == NULL && xcrt == NULL && secret_key == NULL && xpubkey == NULL) { fprintf(stderr, "You must use --load-privkey, --load-certificate, --load-pubkey or --secret-key to load the file to be copied\n"); exit(1); } UNFIX; return; }