/**
* gnutls_privkey_export_openpgp:
* @pkey: The private key
* @key: Location for the key to be exported.
*
* Converts the given abstract private key to a #gnutls_openpgp_privkey_t
* type. The key must be of type %GNUTLS_PRIVKEY_OPENPGP. The key
* returned in @key must be deinitialized with
* gnutls_openpgp_privkey_deinit().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.4.0
*/
int
gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t *key)
{
int ret;
if (pkey->type != GNUTLS_PRIVKEY_OPENPGP) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gnutls_openpgp_privkey_init(key);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_openpgp_privkey_cpy(*key, pkey->key.openpgp);
if (ret < 0) {
gnutls_openpgp_privkey_deinit(*key);
*key = NULL;
return gnutls_assert_val(ret);
}
return 0;
}
/**
* gnutls_privkey_deinit:
* @key: The key to be deinitialized
*
* This function will deinitialize a private key structure.
*
* Since: 2.12.0
**/
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
if (key == NULL)
return;
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
|| key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
switch (key->type) {
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
gnutls_openpgp_privkey_deinit(key->key.openpgp);
break;
#endif
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
break;
#endif
case GNUTLS_PRIVKEY_X509:
gnutls_x509_privkey_deinit(key->key.x509);
break;
case GNUTLS_PRIVKEY_EXT:
if (key->key.ext.deinit_func != NULL)
key->key.ext.deinit_func(key,
key->key.ext.userdata);
break;
default:
break;
}
gnutls_free(key);
}
/**
* gnutls_privkey_import_openpgp:
* @pkey: The private key
* @key: The private key to be imported
* @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
* The #gnutls_openpgp_privkey_t object must not be deallocated
* during the lifetime of this structure. The subkey set as
* preferred will be used, or the master key otherwise.
*
* @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
* and %GNUTLS_PRIVKEY_IMPORT_COPY.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 2.12.0
**/
int
gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags)
{
int ret, idx;
uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
ret = check_if_clean(pkey);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
if (ret < 0) {
gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
return gnutls_assert_val(ret);
}
} else
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
pkey->pk_algorithm =
gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
} else {
if (ret < 0)
return gnutls_assert_val(ret);
idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
pkey->pk_algorithm =
gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
idx,
NULL);
}
pkey->flags = flags;
return 0;
}
/**
* gnutls_privkey_deinit:
* @key: The structure to be deinitialized
*
* This function will deinitialize a private key structure.
**/
void
gnutls_privkey_deinit (gnutls_privkey_t key)
{
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
switch (key->type)
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return gnutls_openpgp_privkey_deinit (key->key.openpgp);
#endif
case GNUTLS_PRIVKEY_PKCS11:
return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
case GNUTLS_PRIVKEY_X509:
return gnutls_x509_privkey_deinit (key->key.x509);
}
gnutls_free (key);
}
/**
* gnutls_privkey_import_openpgp_raw:
* @pkey: The private key
* @data: The private key data to be imported
* @format: The format of the private key
* @keyid: The key id to use (optional)
* @password: A password (optional)
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
const gnutls_openpgp_keyid_t keyid,
const char *password)
{
gnutls_openpgp_privkey_t xpriv;
int ret;
ret = gnutls_openpgp_privkey_init(&xpriv);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
gnutls_openpgp_privkey_import(xpriv, data, format, password,
0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
if (keyid) {
ret =
gnutls_openpgp_privkey_set_preferred_key_id(xpriv,
keyid);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret =
gnutls_privkey_import_openpgp(pkey, xpriv,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
gnutls_openpgp_privkey_deinit(xpriv);
return ret;
}
static
void check_loaded_key(gnutls_certificate_credentials_t cred)
{
int err;
gnutls_openpgp_privkey_t key;
gnutls_openpgp_crt_t *crts;
unsigned n_crts;
gnutls_openpgp_keyid_t keyid;
unsigned i;
/* check that the getter functions for openpgp keys of
* gnutls_certificate_credentials_t work and deliver the
* expected key ID. */
err = gnutls_certificate_get_openpgp_key(cred, 0, &key);
if (err != 0)
fail("get openpgp key %s\n",
gnutls_strerror(err));
gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid);
if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
fail("incorrect key id (privkey)\n");
err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts);
if (err != 0)
fail("get openpgp crts %s\n",
gnutls_strerror(err));
if (n_crts != 1)
fail("openpgp n_crts != 1\n");
gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid);
if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
fail("incorrect key id (pubkey)\n");
for (i = 0; i < n_crts; ++i)
gnutls_openpgp_crt_deinit(crts[i]);
gnutls_free(crts);
gnutls_openpgp_privkey_deinit(key);
}
int
main (void)
{
int rc;
gnutls_datum_t keydatum =
{ (unsigned char *) dummy_key, strlen (dummy_key) };
gnutls_openpgp_privkey_t key;
rc = gnutls_global_init ();
if (rc)
{
printf ("gnutls_global_init rc %d: %s\n", rc, gnutls_strerror (rc));
return 1;
}
rc = gnutls_openpgp_privkey_init (&key);
if (rc)
{
printf ("gnutls_openpgp_privkey_init rc %d: %s\n",
rc, gnutls_strerror (rc));
return 1;
}
rc = gnutls_openpgp_privkey_import (key, &keydatum,
GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
if (rc)
{
printf ("gnutls_openpgp_privkey_import rc %d: %s\n",
rc, gnutls_strerror (rc));
return 1;
}
gnutls_openpgp_privkey_deinit (key);
gnutls_global_deinit ();
return 0;
}
/**
* gnutls_certificate_set_openpgp_key_mem2 - Used to set OpenPGP keys
* @res: the destination context to save the data.
* @cert: the datum that contains the public key.
* @key: the datum that contains the secret key.
* @subkey_id: a hex encoded subkey id
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
* credentials structure. The files should only contain one key which
* is not encrypted.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
* retrieve the subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
*
* Since: 2.4.0
**/
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
const char *subkey_id,
gnutls_openpgp_crt_fmt_t format)
{
gnutls_openpgp_privkey_t pkey;
gnutls_openpgp_crt_t crt;
int ret;
ret = gnutls_openpgp_privkey_init (&pkey);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
return ret;
}
ret = gnutls_openpgp_crt_init (&crt);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
return ret;
}
ret = gnutls_openpgp_crt_import (crt, cert, format);
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}
if (subkey_id != NULL)
{
gnutls_openpgp_keyid_t keyid;
if (strcasecmp (subkey_id, "auto") == 0)
ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
else
ret = get_keyid (keyid, subkey_id);
if (ret >= 0)
{
ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
if (ret >= 0)
ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
}
if (ret < 0)
{
gnutls_assert ();
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}
}
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
gnutls_openpgp_privkey_deinit (pkey);
gnutls_openpgp_crt_deinit (crt);
return ret;
}