[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-265-ga9801fd
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-265-ga9801fd |
|
Date: |
Mon, 28 Jun 2010 17:01:55 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a9801fddb8d28acf0685f111add562c6c4b3a689
The branch, master has been updated
via a9801fddb8d28acf0685f111add562c6c4b3a689 (commit)
via 283c5ff49d3eb59f57b89600967ee364ffc26040 (commit)
from 21e200fdfe407108ff58b8a26a2f827bf0bf38d3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a9801fddb8d28acf0685f111add562c6c4b3a689
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jun 28 19:01:20 2010 +0200
Combined object flags. No implicit login any more. Login has to be
specified with a flag
on every call that could use it.
commit 283c5ff49d3eb59f57b89600967ee364ffc26040
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jun 28 18:51:29 2010 +0200
Indented code.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_privkey.c | 148 ++++++++------
lib/gnutls_pubkey.c | 75 ++++----
lib/includes/gnutls/pkcs11.h | 10 +-
lib/pkcs11.c | 15 +--
lib/pkcs11_int.h | 96 +++++----
lib/pkcs11_privkey.c | 51 +++--
lib/pkcs11_write.c | 475 +++++++++++++++++++++---------------------
src/certtool-common.h | 4 +-
src/certtool.c | 4 +-
src/pkcs11.c | 18 ++-
10 files changed, 473 insertions(+), 423 deletions(-)
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 185a1e9..c61567b 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -38,13 +38,13 @@
struct gnutls_privkey_st {
gnutls_privkey_type_t type;
gnutls_pk_algorithm_t pk_algorithm;
-
+
union {
gnutls_x509_privkey_t x509;
gnutls_pkcs11_privkey_t pkcs11;
gnutls_openpgp_privkey_t openpgp;
} key;
-
+
unsigned int flags;
};
@@ -58,7 +58,7 @@ struct gnutls_privkey_st {
* Returns: a member of the #gnutls_privkey_type_t enumeration on
* success, or a negative value on error.
**/
-gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key)
+gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key)
{
return key->type;
}
@@ -75,20 +75,27 @@ gnutls_privkey_type_t gnutls_privkey_get_type
(gnutls_privkey_t key)
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int* bits)
+int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key,
+ unsigned int *bits)
{
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return
gnutls_openpgp_privkey_get_pk_algorithm(key->key.openpgp, bits);
- case GNUTLS_PRIVKEY_PKCS11:
- return
gnutls_pkcs11_privkey_get_pk_algorithm(key->key.pkcs11, bits);
- case GNUTLS_PRIVKEY_X509:
- if (bits)
- *bits = _gnutls_mpi_get_nbits
(key->key.x509->params[0]);
- return
gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm(key->key.
+ openpgp,
+ bits);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm(key->key.
+ pkcs11,
+ bits);
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits =
+ _gnutls_mpi_get_nbits(key->key.x509->
+ params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm(key->key.x509);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
@@ -109,7 +116,7 @@ int gnutls_privkey_init(gnutls_privkey_t * key)
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
return 0;
}
@@ -122,13 +129,15 @@ int gnutls_privkey_init(gnutls_privkey_t * key)
void gnutls_privkey_deinit(gnutls_privkey_t key)
{
if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return
gnutls_openpgp_privkey_deinit(key->key.openpgp);
- case GNUTLS_PRIVKEY_PKCS11:
- return
gnutls_pkcs11_privkey_deinit(key->key.pkcs11);
- case GNUTLS_PRIVKEY_X509:
- return
gnutls_x509_privkey_deinit(key->key.x509);
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_deinit(key->key.
+ openpgp);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_deinit(key->key.
+ pkcs11);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_deinit(key->key.x509);
}
gnutls_free(key);
}
@@ -145,11 +154,14 @@ void gnutls_privkey_deinit(gnutls_privkey_t key)
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, unsigned int flags)
+int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags)
{
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
- pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
+ pkey->pk_algorithm =
+ gnutls_pkcs11_privkey_get_pk_algorithm(key, NULL);
pkey->flags = flags;
return 0;
@@ -167,9 +179,11 @@ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, gnutls_x509_privkey_t
key, unsigned int flags)
+int gnutls_privkey_import_x509(gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags)
{
- pkey->key.x509 = key;
+ pkey->key.x509 = key;
pkey->type = GNUTLS_PRIVKEY_X509;
pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm(key);
pkey->flags = flags;
@@ -189,13 +203,16 @@ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
gnutls_x509_privkey_t key
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key, unsigned int flags)
+int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
{
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ pkey->pk_algorithm =
+ gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
pkey->flags = flags;
-
+
return 0;
}
@@ -217,10 +234,10 @@ int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey
**/
int
gnutls_privkey_sign_data(gnutls_privkey_t signer,
- gnutls_digest_algorithm_t hash,
- unsigned int flags,
- const gnutls_datum_t * data,
- gnutls_datum_t * signature)
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
@@ -269,20 +286,23 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_privkey_sign_hash (gnutls_privkey_t key,
- const gnutls_datum_t * hash,
- gnutls_datum_t * signature)
+int gnutls_privkey_sign_hash(gnutls_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
{
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return
gnutls_openpgp_privkey_sign_hash(key->key.openpgp, hash, signature);
- case GNUTLS_PRIVKEY_PKCS11:
- return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
hash, signature);
- case GNUTLS_PRIVKEY_X509:
- return gnutls_x509_privkey_sign_hash(key->key.x509,
hash, signature);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash(key->key.openpgp,
+ hash, signature);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11,
+ hash, signature);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_sign_hash(key->key.x509, hash,
+ signature);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
@@ -308,17 +328,25 @@ int gnutls_privkey_decrypt_data(gnutls_privkey_t key,
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
-
- switch(key->type) {
- case GNUTLS_PRIVKEY_OPENPGP:
- return
gnutls_openpgp_privkey_decrypt_data(key->key.openpgp, flags, ciphertext,
plaintext);
- case GNUTLS_PRIVKEY_X509:
- return _gnutls_pkcs1_rsa_decrypt (plaintext,
ciphertext, key->key.x509->params, key->key.x509->params_size, 2);
- case GNUTLS_PRIVKEY_PKCS11:
- return
gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11, flags, ciphertext,
plaintext);
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+
+ switch (key->type) {
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_decrypt_data(key->key.
+ openpgp, flags,
+ ciphertext,
+ plaintext);
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pkcs1_rsa_decrypt(plaintext, ciphertext,
+ key->key.x509->params,
+ key->key.x509->
+ params_size, 2);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_decrypt_data(key->key.pkcs11,
+ flags,
+ ciphertext,
+ plaintext);
+ default:
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
-
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 46d8469..f1740bb 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -199,21 +199,22 @@ int gnutls_pubkey_import_x509(gnutls_pubkey_t key,
gnutls_x509_crt_t crt,
* Since: 2.11.0
**/
int
-gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
- gnutls_digest_algorithm_t * hash, unsigned int
*mand)
+gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
- key->params, key->params_size, hash, mand);
+ ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm,
+ key->params, key->params_size,
+ hash, mand);
- return ret;
+ return ret;
}
@@ -749,7 +750,7 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key,
unsigned int usage)
**/
int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+ unsigned int flags)
{
gnutls_pkcs11_obj_t pcrt;
int ret;
@@ -903,23 +904,22 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
* success.
**/
int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
{
- int ret;
+ int ret;
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
- ret =
- pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
- key->params, key->params_size);
+ ret =
+ pubkey_verify_sig(NULL, hash, signature, key->pk_algorithm,
+ key->params, key->params_size);
- return ret;
+ return ret;
}
/**
@@ -935,18 +935,19 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned
int flags,
* returned on error.
**/
int
-gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
- const gnutls_datum_t * signature,
- gnutls_digest_algorithm_t * hash)
+gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
{
- if (key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
- signature, key->pk_algorithm, key->params,
- key->params_size);
+ if (key == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_verify_algorithm((gnutls_mac_algorithm_t *)
+ hash, signature,
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
}
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index e7ae57a..e754804 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -49,6 +49,7 @@ int gnutls_pkcs11_add_provider (const char * name, const char
* params);
int gnutls_pkcs11_obj_init ( gnutls_pkcs11_obj_t *certificate);
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN 1 /* force login in the token for the
operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED 1 /* object marked as trusted */
int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char * url,
unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
@@ -59,14 +60,13 @@ int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
void *output_data, size_t * output_data_size);
-#define GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED 1 /* object marked as trusted */
-
int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt,
- const char* label, unsigned int flags /* GNUTLS_PKCS11_COPY_FLAG_* */);
+ const char* label, unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */);
int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
gnutls_x509_privkey_t crt, const char* label, unsigned int key_usage
/*GNUTLS_KEY_* */,
- unsigned int flags /* GNUTLS_PKCS11_COPY_FLAG_* */);
-int gnutls_pkcs11_delete_url(const char* object_url);
+ unsigned int flags /* GNUTLS_PKCS11_OBJ_FLAG_* */);
+int gnutls_pkcs11_delete_url(const char* object_url,
+ unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
typedef enum {
GNUTLS_PKCS11_OBJ_ID_HEX=1,
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index ed70073..0d1d8d4 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1517,7 +1517,7 @@ static int find_obj_url(pakchois_session_t * pks, struct
token_info *info,
return ret;
}
-inline static unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags)
{
switch(flags) {
case GNUTLS_PKCS11_OBJ_FLAG_LOGIN:
@@ -1991,12 +1991,6 @@ static int find_objs(pakchois_session_t * pks, struct
token_info *info,
memset(&plist, 0, sizeof(plist));
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
- ret = pkcs11_login(pks, info, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
ret = find_privkeys(pks, info, &plist);
if (ret < 0) {
gnutls_assert();
@@ -2007,13 +2001,6 @@ static int find_objs(pakchois_session_t * pks, struct
token_info *info,
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL ||
- find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
- ret = pkcs11_login(pks, info, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
}
cert_data = gnutls_malloc(MAX_CERT_SIZE);
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 324da34..783478d 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -8,73 +8,87 @@
#define PKCS11_LABEL_SIZE 128
typedef struct token_creds {
- char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
- size_t pin_size;
+ char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
+ size_t pin_size;
} token_creds_st;
struct token_info {
- struct ck_token_info tinfo;
- struct ck_slot_info sinfo;
- ck_slot_id_t sid;
- struct gnutls_pkcs11_provider_s* prov;
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
};
-struct pkcs11_url_info
-{
- /* everything here is null terminated strings */
- opaque id[PKCS11_ID_SIZE*3+1]; /* hex with delimiters */
- opaque type[16]; /* cert/key etc. */
- opaque manufacturer[sizeof (((struct ck_token_info
*)NULL)->manufacturer_id)+1];
- opaque token[sizeof (((struct ck_token_info *)NULL)->label)+1];
- opaque serial[sizeof (((struct ck_token_info *)NULL)->serial_number)+1];
- opaque model[sizeof (((struct ck_token_info *)NULL)->model)+1];
- opaque label[PKCS11_LABEL_SIZE+1];
-
- opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
- size_t certid_raw_size;
+struct pkcs11_url_info {
+ /* everything here is null terminated strings */
+ opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
+ opaque type[16]; /* cert/key etc. */
+ opaque
+ manufacturer[sizeof
+ (((struct ck_token_info *) NULL)->
+ manufacturer_id) + 1];
+ opaque token[sizeof(((struct ck_token_info *) NULL)->label) + 1];
+ opaque
+ serial[sizeof(((struct ck_token_info *) NULL)->serial_number) +
+ 1];
+ opaque model[sizeof(((struct ck_token_info *) NULL)->model) + 1];
+ opaque label[PKCS11_LABEL_SIZE + 1];
+
+ opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
+ size_t certid_raw_size;
};
struct gnutls_pkcs11_obj_st {
- gnutls_datum_t raw;
- gnutls_pkcs11_obj_type_t type;
- struct pkcs11_url_info info;
-
- /* only when pubkey */
- gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
- gnutls_pk_algorithm pk_algorithm;
- unsigned int key_usage;
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct pkcs11_url_info info;
+
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm pk_algorithm;
+ unsigned int key_usage;
};
/* thus function is called for every token in the traverse_tokens
* function. Once everything is traversed it is called with NULL tinfo.
* It should return 0 if found what it was looking for.
*/
-typedef int (*find_func_t)(pakchois_session_t *pks, struct token_info* tinfo,
void* input);
+typedef int (*find_func_t) (pakchois_session_t * pks,
+ struct token_info * tinfo, void *input);
int pkcs11_rv_to_err(ck_rv_t rv);
-int pkcs11_url_to_info(const char* url, struct pkcs11_url_info* info);
+int pkcs11_url_to_info(const char *url, struct pkcs11_url_info *info);
-int pkcs11_get_info(struct pkcs11_url_info *info, gnutls_pkcs11_obj_info_t
itype,
- void* output, size_t* output_size);
-int pkcs11_login(pakchois_session_t *pks, struct token_info *info,
token_creds_st *);
+int pkcs11_get_info(struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login(pakchois_session_t * pks, struct token_info *info,
+ token_creds_st *);
extern gnutls_pkcs11_token_callback_t token_func;
-extern void* token_data;
+extern void *token_data;
void pkcs11_rescan_slots(void);
-int pkcs11_info_to_url(const struct pkcs11_url_info* info, char** url);
+int pkcs11_info_to_url(const struct pkcs11_url_info *info, char **url);
#define SESSION_WRITE 1
#define SESSION_LOGIN 2
-int pkcs11_open_session (pakchois_session_t** _pks, struct pkcs11_url_info
*info,
- token_creds_st * creds, unsigned int flags);
-int _pkcs11_traverse_tokens (find_func_t find_func, void* input, unsigned int
flags);
-ck_object_class_t pkcs11_strtype_to_class(const char* type);
+int pkcs11_open_session(pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info,
+ token_creds_st * creds, unsigned int flags);
+int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class(const char *type);
-int pkcs11_token_matches_info( struct pkcs11_url_info* info, struct
ck_token_info* tinfo);
+int pkcs11_token_matches_info(struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo);
/* flags are SESSION_* */
-int pkcs11_find_object (pakchois_session_t** _pks, ck_object_handle_t* _obj,
- struct pkcs11_url_info *info, token_creds_st*, unsigned int flags);
+int pkcs11_find_object(pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, token_creds_st *,
+ unsigned int flags);
+
+unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
#endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index c0fe633..11b744a 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -54,7 +54,7 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
-
+
return 0;
}
@@ -79,10 +79,11 @@ void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t
key)
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
* success, or a negative value on error.
**/
-int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
unsigned int *bits)
+int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
{
- if (bits)
- *bits = 0; /* FIXME */
+ if (bits)
+ *bits = 0; /* FIXME */
return key->pk_algorithm;
}
@@ -179,7 +180,7 @@ gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t
signer,
gnutls_assert(); \
return ret; \
} \
- } while (ret < 0);
+ } while (ret < 0);
/**
* gnutls_pkcs11_privkey_sign_hash:
@@ -222,8 +223,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
}
/* Work out how long the signature must be: */
- rv = pakchois_sign(pks, hash->data, hash->size, NULL,
- &siglen);
+ rv = pakchois_sign(pks, hash->data, hash->size, NULL, &siglen);
if (rv != CKR_OK) {
gnutls_assert();
ret = pkcs11_rv_to_err(rv);
@@ -246,7 +246,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
ret = 0;
-cleanup:
+ cleanup:
pakchois_close_session(pks);
return ret;
@@ -280,7 +280,8 @@ int
gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
pkey->flags = flags;
- if (pkey->info.type[0] != 0 && strcmp(pkey->info.type, "private") != 0)
{
+ if (pkey->info.type[0] != 0
+ && strcmp(pkey->info.type, "private") != 0) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
@@ -308,8 +309,9 @@ int
gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
**/
int
gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
- unsigned int flags, const gnutls_datum_t * ciphertext,
- gnutls_datum_t * plaintext)
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
{
ck_rv_t rv;
int ret;
@@ -319,7 +321,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
ck_object_handle_t obj;
FIND_OBJECT(pks, obj, key);
-
+
mech.mechanism =
key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
mech.parameter = NULL;
@@ -335,8 +337,8 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
}
/* Work out how long the plaintext must be: */
- rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size, NULL,
- &siglen);
+ rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
+ NULL, &siglen);
if (rv != CKR_OK) {
gnutls_assert();
ret = pkcs11_rv_to_err(rv);
@@ -347,7 +349,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
plaintext->size = siglen;
rv = pakchois_decrypt(pks, ciphertext->data, ciphertext->size,
- plaintext->data, &siglen);
+ plaintext->data, &siglen);
if (rv != CKR_OK) {
gnutls_free(plaintext->data);
gnutls_assert();
@@ -359,7 +361,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
ret = 0;
-cleanup:
+ cleanup:
pakchois_close_session(pks);
return ret;
@@ -375,15 +377,16 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, char ** url)
+int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key,
+ char **url)
{
-int ret;
+ int ret;
- ret = pkcs11_info_to_url(&key->info, url);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ ret = pkcs11_info_to_url(&key->info, url);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- return 0;
+ return 0;
}
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index b41f9bb..7ed62b4 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -33,7 +33,7 @@
* @token_url: A PKCS #11 URL specifying a token
* @crt: A certificate
* @label: A name to be used for the stored data
- * @flags: One of GNUTLS_PKCS11_COPY_FLAG_*
+ * @flags: One of GNUTLS_PKCS11_OBJ_FLAG_*
*
* This function will copy a certificate into a PKCS #11 token specified by
* a URL. The certificate can be marked as trusted or not.
@@ -41,43 +41,45 @@
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_crt(const char* token_url, gnutls_x509_crt_t crt,
- const char* label, unsigned int flags)
+int gnutls_pkcs11_copy_x509_crt(const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t der_size, id_size;
- opaque* der = NULL;
- opaque id[20];
- struct ck_attribute a[8];
- ck_object_class_t class = CKO_CERTIFICATE;
- ck_certificate_type_t type = CKC_X_509;
- ck_object_handle_t obj;
- unsigned int tval = 1;
- int a_val;
-
- ret = pkcs11_url_to_info(token_url, &info);
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ opaque *der = NULL;
+ opaque id[20];
+ struct ck_attribute a[8];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ unsigned int tval = 1;
+ int a_val;
+
+ ret = pkcs11_url_to_info(token_url, &info);
if (ret < 0) {
gnutls_assert();
return ret;
}
-
- ret = pkcs11_open_session (&pks, &info, NULL,
SESSION_WRITE|SESSION_LOGIN);
+
+ ret =
+ pkcs11_open_session(&pks, &info, NULL,
+ SESSION_WRITE | pkcs11_obj_flags_to_int(flags));
if (ret < 0) {
gnutls_assert();
return ret;
}
-
- ret = gnutls_x509_crt_export (crt,
- GNUTLS_X509_FMT_DER, NULL,
- &der_size);
+
+ ret = gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_DER, NULL, &der_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
gnutls_assert();
goto cleanup;
}
-
+
der = gnutls_malloc(der_size);
if (der == NULL) {
gnutls_assert();
@@ -85,74 +87,73 @@ int gnutls_pkcs11_copy_x509_crt(const char* token_url,
gnutls_x509_crt_t crt,
goto cleanup;
}
- ret = gnutls_x509_crt_export (crt,
- GNUTLS_X509_FMT_DER, der,
- &der_size);
+ ret = gnutls_x509_crt_export(crt,
+ GNUTLS_X509_FMT_DER, der, &der_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
+
id_size = sizeof(id);
- ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
+ ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof(class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_VALUE;
- a[2].value = der;
- a[2].value_len = der_size;
- a[3].type = CKA_TOKEN;
- a[3].value = &tval;
- a[3].value_len = sizeof(tval);
- a[4].type = CKA_CERTIFICATE_TYPE;
- a[4].value = &type;
- a[4].value_len = sizeof(type);
-
- a_val = 5;
-
- if (label) {
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof(type);
+
+ a_val = 5;
+
+ if (label) {
a[a_val].type = CKA_LABEL;
- a[a_val].value = (void*)label;
+ a[a_val].value = (void *) label;
a[a_val].value_len = strlen(label);
a_val++;
}
-
- if (flags & GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED) {
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
a[a_val].type = CKA_TRUSTED;
a[a_val].value = &tval;
a[a_val].value_len = sizeof(tval);
a_val++;
}
-
+
rv = pakchois_create_object(pks, a, a_val, &obj);
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
ret = pkcs11_rv_to_err(rv);
- goto cleanup;
+ goto cleanup;
}
-
+
/* generated!
*/
ret = 0;
-
-cleanup:
+
+ cleanup:
gnutls_free(der);
pakchois_close_session(pks);
-
+
return ret;
-
+
}
/**
@@ -161,7 +162,7 @@ cleanup:
* @key: A private key
* @label: A name to be used for the stored data
* @key_usage: One of GNUTLS_KEY_*
- * @flags: One of GNUTLS_PKCS11_COPY_* flags
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
*
* This function will copy a private key into a PKCS #11 token specified by
* a URL.
@@ -169,76 +170,84 @@ cleanup:
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
- gnutls_x509_privkey_t key, const char* label, unsigned int key_usage,
- unsigned int flags)
+int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage,
+ unsigned int flags)
{
- int ret;
- pakchois_session_t *pks;
- struct pkcs11_url_info info;
- ck_rv_t rv;
- size_t id_size;
- opaque id[20];
- struct ck_attribute a[16];
- ck_object_class_t class = CKO_PRIVATE_KEY;
- ck_object_handle_t obj;
- ck_key_type_t type;
- unsigned int tval = 1;
- int a_val;
- gnutls_pk_algorithm_t pk;
- gnutls_datum_t p, q, g, y, x;
- gnutls_datum_t m, e, d, u, exp1, exp2;
-
-
- ret = pkcs11_url_to_info(token_url, &info);
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t id_size;
+ opaque id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ unsigned int tval = 1;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+
+
+ ret = pkcs11_url_to_info(token_url, &info);
if (ret < 0) {
gnutls_assert();
return ret;
}
id_size = sizeof(id);
- ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
+ ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = pkcs11_open_session (&pks, &info, NULL,
SESSION_WRITE|SESSION_LOGIN);
+ ret =
+ pkcs11_open_session(&pks, &info, NULL,
+ SESSION_WRITE | pkcs11_obj_flags_to_int(flags));
if (ret < 0) {
gnutls_assert();
return ret;
}
- /* FIXME: copy key usage flags */
-
- a[0].type = CKA_CLASS;
- a[0].value = &class;
- a[0].value_len = sizeof(class);
- a[1].type = CKA_ID;
- a[1].value = id;
- a[1].value_len = id_size;
- a[2].type = CKA_KEY_TYPE;
- a[2].value = &type;
- a[2].value_len = sizeof(type);
- a[3].type = CKA_SENSITIVE;
- a[3].value = &tval;
- a[3].value_len = sizeof(tval);
-
- a_val = 4;
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof(class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_KEY_TYPE;
+ a[2].value = &type;
+ a[2].value_len = sizeof(type);
+ a[3].type = CKA_SENSITIVE;
+ a[3].value = &tval;
+ a[3].value_len = sizeof(tval);
+
+ a_val = 4;
pk = gnutls_x509_privkey_get_pk_algorithm(key);
- switch(pk) {
- case GNUTLS_PK_RSA: {
-
- ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e,
- &d, &p, &q, &u, &exp1, &exp2);
+ switch (pk) {
+ case GNUTLS_PK_RSA:{
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2(key, &m,
+ &e, &d, &p,
+ &q, &u,
+ &exp1,
+ &exp2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
-
+
type = CKK_RSA;
-
+
a[a_val].type = CKA_MODULUS;
a[a_val].value = m.data;
a[a_val].value_len = m.size;
@@ -281,16 +290,17 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
break;
}
- case GNUTLS_PK_DSA: {
- ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
- &g, &y, &x);
+ case GNUTLS_PK_DSA:{
+ ret =
+ gnutls_x509_privkey_export_dsa_raw(key, &p, &q,
+ &g, &y, &x);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
type = CKK_DSA;
-
+
a[a_val].type = CKA_PRIME;
a[a_val].value = p.data;
a[a_val].value_len = p.size;
@@ -313,36 +323,36 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
break;
}
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
-
+
rv = pakchois_create_object(pks, a, a_val, &obj);
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
ret = pkcs11_rv_to_err(rv);
- goto cleanup;
+ goto cleanup;
}
/* generated!
*/
- switch(pk) {
- case GNUTLS_PK_RSA: {
- gnutls_free(m.data);
- gnutls_free(e.data);
- gnutls_free(d.data);
- gnutls_free(p.data);
- gnutls_free(q.data);
- gnutls_free(u.data);
- gnutls_free(exp1.data);
- gnutls_free(exp2.data);
+ switch (pk) {
+ case GNUTLS_PK_RSA:{
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ gnutls_free(d.data);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(u.data);
+ gnutls_free(exp1.data);
+ gnutls_free(exp2.data);
break;
}
- case GNUTLS_PK_DSA: {
+ case GNUTLS_PK_DSA:{
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(g.data);
@@ -350,72 +360,67 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
gnutls_free(x.data);
break;
}
- default:
- gnutls_assert();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
+ default:
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
ret = 0;
-
-cleanup:
+
+ cleanup:
pakchois_close_session(pks);
-
+
return ret;
-
+
}
struct delete_data_st {
struct pkcs11_url_info info;
- unsigned int deleted; /* how many */
+ unsigned int deleted; /* how many */
};
-static int delete_obj_url(pakchois_session_t *pks, struct token_info *info,
void* input)
+static int delete_obj_url(pakchois_session_t * pks,
+ struct token_info *info, void *input)
{
- struct delete_data_st* find_data = input;
- struct ck_attribute a[4];
- ck_object_class_t class;
- ck_certificate_type_t type = -1;
- ck_rv_t rv;
- ck_object_handle_t obj;
- unsigned long count, a_vals;
- int found = 0, ret;
-
-
- if (info == NULL) { /* we don't support multiple calls */
- gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- /* do not bother reading the token if basic fields do not match
- */
- if (pkcs11_token_matches_info( &find_data->info, &info->tinfo) < 0) {
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+
+ if (info == NULL) { /* we don't support multiple calls */
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- class = CKO_CERTIFICATE; /* default */
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info(&find_data->info, &info->tinfo) < 0) {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
- if (find_data->info.type[0] != 0) {
- class = pkcs11_strtype_to_class(find_data->info.type);
- if (class == CKO_CERTIFICATE)
- type = CKC_X_509;
+ class = CKO_CERTIFICATE; /* default */
- if (class == -1) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
- }
+ if (find_data->info.type[0] != 0) {
+ class = pkcs11_strtype_to_class(find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
- ret = pkcs11_login(pks, info, NULL);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (class == -1) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
}
a_vals = 0;
-
- /* Find objects with given class and type */
+
+ /* Find objects with given class and type */
if (find_data->info.certid_raw_size > 0) {
a[a_vals].type = CKA_ID;
a[a_vals].value = find_data->info.certid_raw;
@@ -427,86 +432,90 @@ static int delete_obj_url(pakchois_session_t *pks, struct
token_info *info, void
a[a_vals].type = CKA_CLASS;
a[a_vals].value = &class;
a[a_vals].value_len = sizeof class;
- a_vals++;
+ a_vals++;
+ }
+
+ if (type != -1) {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
}
- if (type != -1) {
- a[a_vals].type = CKA_CERTIFICATE_TYPE;
- a[a_vals].value = &type;
- a[a_vals].value_len = sizeof type;
- a_vals++;
- }
-
- if (find_data->info.label[0] != 0) {
- a[a_vals].type = CKA_LABEL;
- a[a_vals].value = find_data->info.label;
- a[a_vals].value_len = strlen(find_data->info.label);
- a_vals++;
+ if (find_data->info.label[0] != 0) {
+ a[a_vals].type = CKA_LABEL;
+ a[a_vals].value = find_data->info.label;
+ a[a_vals].value_len = strlen(find_data->info.label);
+ a_vals++;
}
- rv = pakchois_find_objects_init(pks, a, a_vals);
- if (rv != CKR_OK) {
- gnutls_assert();
- _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = pkcs11_rv_to_err(rv);
- goto cleanup;
- }
-
- while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
- && count == 1) {
- rv = pakchois_destroy_object(pks, obj);
+ rv = pakchois_find_objects_init(pks, a, a_vals);
if (rv != CKR_OK) {
- _gnutls_debug_log("pkcs11: Cannot destroy object: %s\n",
pakchois_error(rv));
+ gnutls_assert();
+ _gnutls_debug_log("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err(rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
+ && count == 1) {
+ rv = pakchois_destroy_object(pks, obj);
+ if (rv != CKR_OK) {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n",
+ pakchois_error(rv));
+ } else {
+ find_data->deleted++;
+ }
+
+ found = 1;
+ }
+
+ if (found == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
} else {
- find_data->deleted++;
+ ret = 0;
}
-
- found = 1;
- }
-
- if (found == 0) {
- gnutls_assert();
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- } else {
- ret = 0;
- }
-
-cleanup:
- pakchois_find_objects_final(pks);
-
- return ret;
+
+ cleanup:
+ pakchois_find_objects_final(pks);
+
+ return ret;
}
/**
* gnutls_pkcs11_delete_url:
* @object_url: The URL of the object to delete.
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
*
* This function will delete objects matching the given URL.
*
* Returns: On success, the number of objects deleted is returned, otherwise a
* negative error value.
**/
-int gnutls_pkcs11_delete_url(const char* object_url)
+int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags)
{
- int ret;
- struct delete_data_st find_data;
+ int ret;
+ struct delete_data_st find_data;
memset(&find_data, 0, sizeof(find_data));
- ret = pkcs11_url_to_info(object_url, &find_data.info);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = _pkcs11_traverse_tokens(delete_obj_url, &find_data, SESSION_WRITE);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- return find_data.deleted;
-
+ ret = pkcs11_url_to_info(object_url, &find_data.info);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens(delete_obj_url, &find_data,
+
SESSION_WRITE|pkcs11_obj_flags_to_int(flags));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ return find_data.deleted;
+
}
-
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 010eac0..093ceef 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -41,8 +41,8 @@ void certtool_version (void);
void pkcs11_list( FILE*outfile, const char* url, int type, unsigned int login);
void pkcs11_export(FILE* outfile, const char *pkcs11_url, unsigned int login);
void pkcs11_token_list(FILE* outfile);
-void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label,
int trusted);
-void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch);
+void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label,
int trusted, unsigned int login);
+void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch, unsigned
int login);
#define PKCS11_TYPE_CRT_ALL 1
#define PKCS11_TYPE_TRUSTED 2
diff --git a/src/certtool.c b/src/certtool.c
index 02a4417..dcca2fa 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1136,10 +1136,10 @@ gaa_parser (int argc, char **argv)
pkcs11_export(outfile, info.pkcs11_url, info.pkcs11_login);
break;
case ACTION_PKCS11_WRITE_URL:
- pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label,
info.pkcs11_trusted);
+ pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label,
info.pkcs11_trusted, info.pkcs11_login);
break;
case ACTION_PKCS11_DELETE_URL:
- pkcs11_delete(outfile, info.pkcs11_url, batch);
+ pkcs11_delete(outfile, info.pkcs11_url, batch, info.pkcs11_login);
break;
#ifdef ENABLE_OPENPGP
case ACTION_PGP_INFO:
diff --git a/src/pkcs11.c b/src/pkcs11.c
index f4275b9..ae28a84 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -44,18 +44,23 @@ static void pkcs11_common(void)
}
-void pkcs11_delete(FILE* outfile, const char* url, int batch)
+void pkcs11_delete(FILE* outfile, const char* url, int batch, unsigned int
login)
{
int ret;
+unsigned int obj_flags = 0;
+
+ if (login)
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
if (!batch) {
- pkcs11_list(outfile, url, PKCS11_TYPE_ALL, 1/*login*/);
+ pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login);
ret = read_yesno("Are you sure you want to delete those
objects? (Y/N): ");
if (ret == 0) {
exit(1);
}
}
- ret = gnutls_pkcs11_delete_url(url);
+ ret = gnutls_pkcs11_delete_url(url, obj_flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
gnutls_strerror(ret));
exit(1);
@@ -375,7 +380,7 @@ size_t size;
return;
}
-void pkcs11_write(FILE* outfile, const char* url, const char* label, int
trusted)
+void pkcs11_write(FILE* outfile, const char* url, const char* label, int
trusted, unsigned int login)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
@@ -383,6 +388,9 @@ int ret;
unsigned int flags = 0;
unsigned int key_usage;
+ if (login)
+ flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
pkcs11_common();
if (url == NULL)
@@ -391,7 +399,7 @@ unsigned int key_usage;
xcrt = load_cert(0);
if (xcrt != NULL) {
if (trusted)
- flags |= GNUTLS_PKCS11_COPY_FLAG_MARK_TRUSTED;
+ flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags);
if (ret < 0) {
fprintf(stderr, "Error in %s:%d: %s\n", __func__,
__LINE__, gnutls_strerror(ret));
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-265-ga9801fd,
Nikos Mavrogiannopoulos <=