/** * gnutls_privkey_get_pk_algorithm: * @key: should contain a #gnutls_privkey_t type * @bits: If set will return the number of bits of the parameters (may be NULL) * * This function will return the public key algorithm of a private * key and if possible will return a number of bits that indicates * the security parameter of the key. * * Returns: a member of the #gnutls_pk_algorithm_t enumeration on * success, or a negative error code on error. * * Since: 2.12.0 **/ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, unsigned int *bits) { switch (key->type) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: return gnutls_openpgp_privkey_get_pk_algorithm(key->key.openpgp, bits); #endif #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.pkcs11, bits); #endif case GNUTLS_PRIVKEY_X509: if (bits) *bits = _gnutls_mpi_get_nbits(key->key.x509-> params.params[0]); return gnutls_x509_privkey_get_pk_algorithm(key->key.x509); case GNUTLS_PRIVKEY_EXT: if (bits) *bits = 0; return key->pk_algorithm; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } }
/** * gnutls_privkey_import_pkcs11: * @pkey: The private key * @key: The private key to be imported * @flags: Flags for the import * * This function will import the given private key to the abstract * #gnutls_privkey_t type. * * The #gnutls_pkcs11_privkey_t object must not be deallocated * during the lifetime of this structure. * * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE * and %GNUTLS_PRIVKEY_IMPORT_COPY. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 2.12.0 **/ int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags) { int ret; ret = check_if_clean(pkey); if (ret < 0) { gnutls_assert(); return ret; } if (flags & GNUTLS_PRIVKEY_IMPORT_COPY) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); pkey->key.pkcs11 = key; pkey->type = GNUTLS_PRIVKEY_PKCS11; pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL); pkey->flags = flags; if (pkey->pin.data) gnutls_pkcs11_privkey_set_pin_function(key, pkey->pin.cb, pkey->pin.data); return 0; }
/** * gnutls_privkey_import_pkcs11: * @pkey: The private key * @key: The private key to be imported * @flags: should be zero * * This function will import the given private key to the abstract * #gnutls_privkey_t structure. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, gnutls_pkcs11_privkey_t key, unsigned int flags) { pkey->key.pkcs11 = key; pkey->type = GNUTLS_PRIVKEY_PKCS11; pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL); pkey->flags = flags; return 0; }
int _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags) { gnutls_pubkey_t pubkey = NULL; gnutls_pkcs11_obj_t obj = NULL; ck_key_type_t key_type; int ret; PKCS11_CHECK_INIT_PRIVKEY(pkey); if (!pkey) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_pkcs11_obj_init(&obj); if (ret < 0) { gnutls_assert(); goto cleanup; } obj->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(pkey, 0); obj->type = GNUTLS_PKCS11_OBJ_PUBKEY; pk_to_genmech(obj->pk_algorithm, &key_type); gnutls_pubkey_set_pin_function(pubkey, pkey->pin.cb, pkey->pin.data); /* we can only read the public key from RSA keys */ if (key_type != CKK_RSA) { /* try opening the public key object if it exists */ ret = load_pubkey_obj(pkey, pubkey); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { ret = pkcs11_read_pubkey(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, key_type, obj); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_pubkey_import_pkcs11(pubkey, obj, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } } *pub = pubkey; pubkey = NULL; ret = 0; cleanup: if (obj != NULL) gnutls_pkcs11_obj_deinit(obj); if (pubkey != NULL) gnutls_pubkey_deinit(pubkey); return ret; }