/**
* gnutls_tpm_privkey_delete:
* @url: the URL describing the key
* @srk_password: a password for the SRK key
*
* This function will unregister the private key from the TPM
* chip.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int gnutls_tpm_privkey_delete(const char *url, const char *srk_password)
{
struct tpm_ctx_st s;
struct tpmkey_url_st durl;
TSS_RESULT tssret;
TSS_HKEY tkey;
int ret;
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
if (durl.uuid_set == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
ret = tpm_open_session(&s, srk_password);
if (ret < 0)
return gnutls_assert_val(ret);
tssret =
Tspi_Context_UnregisterKey(s.tpm_ctx, durl.storage, durl.uuid,
&tkey);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_cc;
}
ret = 0;
err_cc:
tpm_close_session(&s);
return ret;
}
/**
* gnutls_pubkey_import_tpm_url:
* @pkey: The public key
* @url: The URL of the TPM key to be imported
* @srk_password: The password for the SRK key (optional)
* @flags: should be zero
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t type.
*
* Note that unless %GNUTLS_PUBKEY_DISABLE_CALLBACKS
* is specified, if incorrect (or NULL) passwords are given
* the PKCS11 callback functions will be used to obtain the
* correct passwords. Otherwise if the SRK password is wrong
* %GNUTLS_E_TPM_SRK_PASSWORD_ERROR is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
*
**/
int
gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey,
const char *url,
const char *srk_password, unsigned int flags)
{
struct tpmkey_url_st durl;
gnutls_datum_t fdata = { NULL, 0 };
int ret;
CHECK_INIT;
ret = decode_tpmkey_url(url, &durl);
if (ret < 0)
return gnutls_assert_val(ret);
if (durl.filename) {
ret = gnutls_load_file(durl.filename, &fdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
gnutls_pubkey_import_tpm_raw(pkey, &fdata,
GNUTLS_TPMKEY_FMT_CTK_PEM,
srk_password, flags);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
ret =
gnutls_pubkey_import_tpm_raw(pkey, &fdata,
GNUTLS_TPMKEY_FMT_RAW,
srk_password,
flags);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else if (durl.uuid_set) {
if (flags & GNUTLS_PUBKEY_DISABLE_CALLBACKS)
ret =
import_tpm_pubkey(pkey, NULL, 0, &durl.uuid,
durl.storage, srk_password);
else
ret =
import_tpm_pubkey_cb(pkey, NULL, 0, &durl.uuid,
durl.storage,
srk_password);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret = 0;
cleanup:
gnutls_free(fdata.data);
clear_tpmkey_url(&durl);
return ret;
}