예제 #1
0
/**
 * gnutls_privkey_export_openpgp:
 * @pkey: The private key
 * @key: Location for the key to be exported.
 *
 * Converts the given abstract private key to a #gnutls_openpgp_privkey_t
 * type. The key must be of type %GNUTLS_PRIVKEY_OPENPGP. The key
 * returned in @key must be deinitialized with
 * gnutls_openpgp_privkey_deinit().
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.4.0
 */
int
gnutls_privkey_export_openpgp(gnutls_privkey_t pkey,
                              gnutls_openpgp_privkey_t *key)
{
	int ret;

	if (pkey->type != GNUTLS_PRIVKEY_OPENPGP) {
		gnutls_assert();
		return GNUTLS_E_INVALID_REQUEST;
	}

	ret = gnutls_openpgp_privkey_init(key);
	if (ret < 0)
		return gnutls_assert_val(ret);

	ret = _gnutls_openpgp_privkey_cpy(*key, pkey->key.openpgp);
	if (ret < 0) {
		gnutls_openpgp_privkey_deinit(*key);
		*key = NULL;

		return gnutls_assert_val(ret);
	}

	return 0;
}
예제 #2
0
/**
 * gnutls_privkey_deinit:
 * @key: The key to be deinitialized
 *
 * This function will deinitialize a private key structure.
 *
 * Since: 2.12.0
 **/
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
	if (key == NULL)
		return;

	if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
	    || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
		switch (key->type) {
#ifdef ENABLE_OPENPGP
		case GNUTLS_PRIVKEY_OPENPGP:
			gnutls_openpgp_privkey_deinit(key->key.openpgp);
			break;
#endif
#ifdef ENABLE_PKCS11
		case GNUTLS_PRIVKEY_PKCS11:
			gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
			break;
#endif
		case GNUTLS_PRIVKEY_X509:
			gnutls_x509_privkey_deinit(key->key.x509);
			break;
		case GNUTLS_PRIVKEY_EXT:
			if (key->key.ext.deinit_func != NULL)
				key->key.ext.deinit_func(key,
							 key->key.ext.userdata);
			break;
		default:
			break;
		}
	gnutls_free(key);
}
예제 #3
0
/**
 * gnutls_privkey_import_openpgp:
 * @pkey: The private key
 * @key: The private key to be imported
 * @flags: Flags for the import
 *
 * This function will import the given private key to the abstract
 * #gnutls_privkey_t structure.
 *
 * The #gnutls_openpgp_privkey_t object must not be deallocated
 * during the lifetime of this structure. The subkey set as
 * preferred will be used, or the master key otherwise.
 *
 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 2.12.0
 **/
int
gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
			      gnutls_openpgp_privkey_t key,
			      unsigned int flags)
{
	int ret, idx;
	uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];

	ret = check_if_clean(pkey);
	if (ret < 0) {
		gnutls_assert();
		return ret;
	}

	if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) {
		ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
		if (ret < 0)
			return gnutls_assert_val(ret);

		ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
		if (ret < 0) {
			gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
			return gnutls_assert_val(ret);
		}
	} else
		pkey->key.openpgp = key;

	pkey->type = GNUTLS_PRIVKEY_OPENPGP;

	ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid);
	if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) {
		pkey->pk_algorithm =
		    gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
	} else {
		if (ret < 0)
			return gnutls_assert_val(ret);

		idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);

		pkey->pk_algorithm =
		    gnutls_openpgp_privkey_get_subkey_pk_algorithm(key,
								   idx,
								   NULL);
	}

	pkey->flags = flags;

	return 0;
}
예제 #4
0
파일: gnutls_privkey.c 프로젝트: sqs/gnutls
/**
 * gnutls_privkey_deinit:
 * @key: The structure to be deinitialized
 *
 * This function will deinitialize a private key structure.
 **/
void
gnutls_privkey_deinit (gnutls_privkey_t key)
{
  if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
    switch (key->type)
      {
#ifdef ENABLE_OPENPGP
      case GNUTLS_PRIVKEY_OPENPGP:
        return gnutls_openpgp_privkey_deinit (key->key.openpgp);
#endif
      case GNUTLS_PRIVKEY_PKCS11:
        return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
      case GNUTLS_PRIVKEY_X509:
        return gnutls_x509_privkey_deinit (key->key.x509);
      }
  gnutls_free (key);
}
예제 #5
0
/**
 * gnutls_privkey_import_openpgp_raw:
 * @pkey: The private key
 * @data: The private key data to be imported
 * @format: The format of the private key
 * @keyid: The key id to use (optional)
 * @password: A password (optional)
 *
 * This function will import the given private key to the abstract
 * #gnutls_privkey_t structure. 
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.1.0
 **/
int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey,
				      const gnutls_datum_t * data,
				      gnutls_openpgp_crt_fmt_t format,
				      const gnutls_openpgp_keyid_t keyid,
				      const char *password)
{
	gnutls_openpgp_privkey_t xpriv;
	int ret;

	ret = gnutls_openpgp_privkey_init(&xpriv);
	if (ret < 0)
		return gnutls_assert_val(ret);

	ret =
	    gnutls_openpgp_privkey_import(xpriv, data, format, password,
					  0);
	if (ret < 0) {
		gnutls_assert();
		goto cleanup;
	}

	if (keyid) {
		ret =
		    gnutls_openpgp_privkey_set_preferred_key_id(xpriv,
								keyid);
		if (ret < 0) {
			gnutls_assert();
			goto cleanup;
		}
	}

	ret =
	    gnutls_privkey_import_openpgp(pkey, xpriv,
					  GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
	if (ret < 0) {
		gnutls_assert();
		goto cleanup;
	}

	ret = 0;

      cleanup:
	gnutls_openpgp_privkey_deinit(xpriv);

	return ret;
}
예제 #6
0
static
void check_loaded_key(gnutls_certificate_credentials_t cred)
{
	int err;
	gnutls_openpgp_privkey_t key;
	gnutls_openpgp_crt_t *crts;
	unsigned n_crts;
	gnutls_openpgp_keyid_t keyid;
	unsigned i;

	/* check that the getter functions for openpgp keys of
	 * gnutls_certificate_credentials_t work and deliver the
	 * expected key ID. */

	err = gnutls_certificate_get_openpgp_key(cred, 0, &key);
	if (err != 0)
		fail("get openpgp key %s\n",
		     gnutls_strerror(err));

	gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid);
	if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
	    keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
		fail("incorrect key id (privkey)\n");

	err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts);
	if (err != 0)
		fail("get openpgp crts %s\n",
		     gnutls_strerror(err));

	if (n_crts != 1)
		fail("openpgp n_crts != 1\n");

	gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid);
	if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 ||
	    keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba)
		fail("incorrect key id (pubkey)\n");

	for (i = 0; i < n_crts; ++i)
		gnutls_openpgp_crt_deinit(crts[i]);
	gnutls_free(crts);
	gnutls_openpgp_privkey_deinit(key);
}
예제 #7
0
int
main (void)
{
  int rc;
  gnutls_datum_t keydatum =
    { (unsigned char *) dummy_key, strlen (dummy_key) };
  gnutls_openpgp_privkey_t key;

  rc = gnutls_global_init ();
  if (rc)
    {
      printf ("gnutls_global_init rc %d: %s\n", rc, gnutls_strerror (rc));
      return 1;
    }

  rc = gnutls_openpgp_privkey_init (&key);
  if (rc)
    {
      printf ("gnutls_openpgp_privkey_init rc %d: %s\n",
	      rc, gnutls_strerror (rc));
      return 1;
    }

  rc = gnutls_openpgp_privkey_import (key, &keydatum,
				      GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
  if (rc)
    {
      printf ("gnutls_openpgp_privkey_import rc %d: %s\n",
	      rc, gnutls_strerror (rc));
      return 1;
    }

  gnutls_openpgp_privkey_deinit (key);

  gnutls_global_deinit ();

  return 0;
}
예제 #8
0
/**
 * gnutls_certificate_set_openpgp_key_mem2 - Used to set OpenPGP keys
 * @res: the destination context to save the data.
 * @cert: the datum that contains the public key.
 * @key: the datum that contains the secret key.
 * @subkey_id: a hex encoded subkey id
 * @format: the format of the keys
 *
 * This funtion is used to load OpenPGP keys into the GnuTLS
 * credentials structure.  The files should only contain one key which
 * is not encrypted.
 *
 * The special keyword "auto" is also accepted as @subkey_id.  In that
 * case the gnutls_openpgp_crt_get_auth_subkey() will be used to
 * retrieve the subkey.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
 *   negative error value.
 *
 * Since: 2.4.0
 **/
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
					 const gnutls_datum_t * cert,
					 const gnutls_datum_t * key,
					 const char *subkey_id,
					 gnutls_openpgp_crt_fmt_t format)
{
  gnutls_openpgp_privkey_t pkey;
  gnutls_openpgp_crt_t crt;
  int ret;

  ret = gnutls_openpgp_privkey_init (&pkey);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_openpgp_privkey_deinit (pkey);
      return ret;
    }

  ret = gnutls_openpgp_crt_init (&crt);
  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_openpgp_privkey_deinit (pkey);
      return ret;
    }

  ret = gnutls_openpgp_crt_import (crt, cert, format);
  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_openpgp_privkey_deinit (pkey);
      gnutls_openpgp_crt_deinit (crt);
      return ret;
    }

  if (subkey_id != NULL)
    {
      gnutls_openpgp_keyid_t keyid;

      if (strcasecmp (subkey_id, "auto") == 0)
	ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
      else
	ret = get_keyid (keyid, subkey_id);

      if (ret >= 0)
	{
	  ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
	  if (ret >= 0)
	    ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
	}

      if (ret < 0)
	{
	  gnutls_assert ();
	  gnutls_openpgp_privkey_deinit (pkey);
	  gnutls_openpgp_crt_deinit (crt);
	  return ret;
	}
    }

  ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);

  gnutls_openpgp_privkey_deinit (pkey);
  gnutls_openpgp_crt_deinit (crt);

  return ret;
}