/**
* gnutls_pubkey_import_tpm_url:
* @pkey: The public key
* @url: The URL of the TPM key to be imported
* @srk_password: The password for the SRK key (optional)
* @flags: should be zero
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t type.
*
* Note that unless %GNUTLS_PUBKEY_DISABLE_CALLBACKS
* is specified, if incorrect (or NULL) passwords are given
* the PKCS11 callback functions will be used to obtain the
* correct passwords. Otherwise if the SRK password is wrong
* %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
*
**/
int
gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
const char *url,
const char *srk_password, unsigned int flags)
{
struct tpmkey_url_st durl;
gnutls_datum_t fdata = { NULL, 0 };
int ret;
CHECK_INIT;
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
if (durl.filename) {
ret = gnutls_load_file(durl.filename, &fdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
gnutls_pubkey_import_tpm_raw(pkey, &fdata,
GNUTLS_TPMKEY_FMT_CTK_PEM,
srk_password, flags);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
ret =
gnutls_pubkey_import_tpm_raw(pkey, &fdata,
GNUTLS_TPMKEY_FMT_RAW,
srk_password,
flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else if (durl.uuid_set) {
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
ret =
import_tpm_pubkey(pkey, NULL, 0, &durl.uuid,
durl.storage, srk_password);
else
ret =
import_tpm_pubkey_cb(pkey, NULL, 0, &durl.uuid,
durl.storage,
srk_password);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret = 0;
cleanup:
gnutls_free(fdata.data);
clear_tpmkey_url(&durl);
return ret;
}
/**
* gnutls_pubkey_import_tpm_raw:
* @pkey: The public key
* @fdata: The TPM key to be imported
* @format: The format of the private key
* @srk_password: The password for the SRK key (optional)
* @flags: One of the GNUTLS_PUBKEY_* flags
*
* This function will import the public key from the provided TPM key
* structure.
*
* With respect to passwords the same as in
* gnutls_pubkey_import_tpm_url() apply.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int
gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_tpmkey_fmt_t format,
const char *srk_password, unsigned int flags)
{
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
return import_tpm_pubkey_cb(pkey, fdata, format, NULL, 0,
srk_password);
else
return import_tpm_pubkey(pkey, fdata, format, NULL, 0,
srk_password);
}