diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/cha-cert-auth2.texi | 6 | ||||
| -rw-r--r-- | lib/gnutls_privkey.c | 172 | ||||
| -rw-r--r-- | lib/gnutls_ui.c | 1 | ||||
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 14 | ||||
| -rw-r--r-- | lib/libgnutls.map | 4 | ||||
| -rw-r--r-- | src/cli.c | 104 |
7 files changed, 215 insertions, 89 deletions
@@ -40,6 +40,9 @@ by Alexandre Bique. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added +gnutls_privkey_import_pkcs11_url: Added +gnutls_privkey_import_openpgp_raw: Added +gnutls_privkey_import_x509_raw: Added gnutls_load_file: Added gnutls_pubkey_verify_hash2: Added gnutls_pkcs12_simple_parse: Added diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi index 3a2e67cc4b..efc44d76a0 100644 --- a/doc/cha-cert-auth2.texi +++ b/doc/cha-cert-auth2.texi @@ -585,8 +585,10 @@ an existing structure like @code{gnutls_x509_crt_t}, or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo} sequence. -@showfuncdesc{gnutls_pubkey_import_x509} -@showfuncE{gnutls_pubkey_import_openpgp,gnutls_pubkey_import_pkcs11,gnutls_pubkey_import_pkcs11_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import} +@showfuncC{gnutls_pubkey_import_x509,gnutls_pubkey_import_openpgp,gnutls_pubkey_import_pkcs11} +@showfuncC{gnutls_pubkey_import_pkcs11_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import} + +@showfuncC{gnutls_pubkey_import_x509_raw,gnutls_pubkey_import_openpgp_raw,gnutls_pubkey_import_pkcs11_url} @showfuncdesc{gnutls_pubkey_export} Additional functions are available that will return diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 3b4446350b..8a99ec7db6 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -760,3 +760,175 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } } + +/** + * gnutls_privkey_import_x509_raw: + * @pkey: The private key + * @data: The private key data to be imported + * @format: The format of the private key + * @password: A password (optional) + * + * This function will import the given private key to the abstract + * #gnutls_privkey_t structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1 + **/ +int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char* password) +{ + gnutls_x509_privkey_t xpriv; + int ret; + + ret = gnutls_x509_privkey_init(&xpriv); + if (ret < 0) + return gnutls_assert_val(ret); + + if (password == NULL) + { + ret = gnutls_x509_privkey_import(xpriv, data, format); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + } + else + { + ret = gnutls_x509_privkey_import_pkcs8(xpriv, data, format, password, 0); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + + } + + ret = gnutls_privkey_import_x509(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + + return 0; + +cleanup: + gnutls_x509_privkey_deinit(xpriv); + + return ret; +} + +/** + * gnutls_privkey_import_openpgp_raw: + * @pkey: The private key + * @data: The private key data to be imported + * @format: The format of the private key + * @keyid: The key id to use (optional) + * @password: A password (optional) + * + * This function will import the given private key to the abstract + * #gnutls_privkey_t structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1 + **/ +int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const gnutls_openpgp_keyid_t keyid, + const char* password) +{ + gnutls_openpgp_privkey_t xpriv; + int ret; + + ret = gnutls_openpgp_privkey_init(&xpriv); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + + if(keyid) + { + ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + } + + ret = gnutls_privkey_import_openpgp(pkey, xpriv, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + { + gnutls_assert(); + goto cleanup; + } + + ret = 0; + +cleanup: + gnutls_openpgp_privkey_deinit(xpriv); + + return ret; +} + +/** + * gnutls_privkey_import_pkcs11_url: + * @key: A key of type #gnutls_pubkey_t + * @url: A PKCS 11 url + * @flags: One of GNUTLS_PKCS11_OBJ_* flags + * + * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t + * structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1 + **/ +int +gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url) +{ + gnutls_pkcs11_privkey_t pkey; + int ret; + + ret = gnutls_pkcs11_privkey_init (&pkey); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = gnutls_privkey_import_pkcs11 (key, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + return 0; + +cleanup: + gnutls_pkcs11_privkey_deinit (pkey); + + return ret; +} diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index e254d228f4..6ff667afe6 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -748,6 +748,7 @@ gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res, * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. * + * Since 3.1 **/ int gnutls_load_file(const char* filename, gnutls_datum_t * data) { diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index ad66246613..26a3d140f5 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -174,6 +174,20 @@ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, gnutls_openpgp_privkey_t key, unsigned int flags); + +int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const gnutls_openpgp_keyid_t keyid, + const char* password); + +int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char* password); + +int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url); + int gnutls_privkey_import_ext (gnutls_privkey_t pkey, gnutls_pk_algorithm_t pk, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index eefae38611..c32fc0cd58 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -798,6 +798,10 @@ GNUTLS_3_1_0 { gnutls_x509_trust_list_add_trust_file; gnutls_x509_trust_list_add_trust_mem; gnutls_pkcs12_simple_parse; + gnutls_privkey_import_openpgp_raw; + gnutls_privkey_import_x509_raw; + gnutls_privkey_import_pkcs11_url; + gnutls_load_file; } GNUTLS_3_0_0; GNUTLS_PRIVATE { @@ -103,28 +103,6 @@ static int do_handshake (socket_st * socket); static void init_global_tls_stuff (void); static int cert_verify_ocsp (gnutls_session_t session); -/* Helper functions to load a certificate and key - * files into memory. - */ -static gnutls_datum_t -load_file (const char *file) -{ - gnutls_datum_t loaded_file = { NULL, 0 }; - size_t length; - - loaded_file.data = (void*)read_binary_file (file, &length); - if (loaded_file.data) - loaded_file.size = (unsigned int) length; - - return loaded_file; -} - -static void -unload_file (gnutls_datum_t* data) -{ - free (data->data); -} - #define MAX_CRT 6 static unsigned int x509_crt_size; static gnutls_pcert_st x509_crt[MAX_CRT]; @@ -167,7 +145,6 @@ load_keys (void) #ifdef ENABLE_PKCS11 gnutls_pkcs11_privkey_t pkcs11_key; #endif - gnutls_x509_privkey_t tmp_key; unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE]; if (x509_certfile != NULL && x509_keyfile != NULL) @@ -197,8 +174,8 @@ load_keys (void) #endif /* ENABLE_PKCS11 */ { - data = load_file (x509_certfile); - if (data.data == NULL) + ret = gnutls_load_file (x509_certfile, &data); + if (ret < 0) { fprintf (stderr, "*** Error loading cert file.\n"); exit (1); @@ -241,7 +218,7 @@ load_keys (void) gnutls_x509_crt_deinit(crt_list[i]); } - unload_file (&data); + gnutls_free (data.data); ret = gnutls_privkey_init(&x509_key); if (ret < 0) @@ -254,18 +231,8 @@ load_keys (void) #ifdef ENABLE_PKCS11 if (strncmp (x509_keyfile, "pkcs11:", 7) == 0) { - gnutls_pkcs11_privkey_init (&pkcs11_key); - ret = - gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading url: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_privkey_import_pkcs11( x509_key, pkcs11_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + gnutls_privkey_import_pkcs11_url (x509_key, x509_keyfile); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", @@ -276,25 +243,14 @@ load_keys (void) else #endif /* ENABLE_PKCS11 */ { - data = load_file (x509_keyfile); - if (data.data == NULL) - { - fprintf (stderr, "*** Error loading key file.\n"); - exit (1); - } - - gnutls_x509_privkey_init (&tmp_key); - - ret = - gnutls_x509_privkey_import (tmp_key, &data, x509ctype); + ret = gnutls_load_file (x509_keyfile, &data); if (ret < 0) { - fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "*** Error loading key file.\n"); exit (1); } - ret = gnutls_privkey_import_x509( x509_key, tmp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype, NULL); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", @@ -302,7 +258,7 @@ load_keys (void) exit (1); } - unload_file (&data); + gnutls_free(data.data); } fprintf (stdout, "Processed %d client X.509 certificates...\n", @@ -320,8 +276,8 @@ load_keys (void) { gnutls_openpgp_crt_t tmp_pgp_crt; - data = load_file (pgp_certfile); - if (data.data == NULL) + ret = gnutls_load_file (pgp_certfile, &data); + if (ret < 0) { fprintf (stderr, "*** Error loading PGP cert file.\n"); exit (1); @@ -339,7 +295,7 @@ load_keys (void) exit (1); } - unload_file (&data); + gnutls_free (data.data); ret = gnutls_privkey_init(&pgp_key); if (ret < 0) @@ -373,43 +329,17 @@ load_keys (void) else #endif /* ENABLE_PKCS11 */ { - gnutls_openpgp_privkey_t tmp_pgp_key; - - data = load_file (pgp_keyfile); - if (data.data == NULL) - { - fprintf (stderr, "*** Error loading PGP key file.\n"); - exit (1); - } - - gnutls_openpgp_privkey_init (&tmp_pgp_key); - - ret = - gnutls_openpgp_privkey_import (tmp_pgp_key, &data, - GNUTLS_OPENPGP_FMT_BASE64, NULL, - 0); + ret = gnutls_load_file (pgp_keyfile, &data); if (ret < 0) { - fprintf (stderr, - "*** Error loading PGP key file: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "*** Error loading key file.\n"); exit (1); } if (HAVE_OPT(PGPSUBKEY)) - { - ret = - gnutls_openpgp_privkey_set_preferred_key_id (tmp_pgp_key, keyid); - if (ret < 0) - { - fprintf (stderr, - "*** Error setting preferred sub key id (%s): %s\n", - OPT_ARG(PGPSUBKEY), gnutls_strerror (ret)); - exit (1); - } - } - - ret = gnutls_privkey_import_openpgp( pgp_key, tmp_pgp_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, keyid, NULL); + else + ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data, x509ctype, NULL, NULL); if (ret < 0) { fprintf (stderr, "*** Error loading url: %s\n", @@ -417,7 +347,7 @@ load_keys (void) exit (1); } - unload_file (&data); + gnutls_free(data.data); } |