[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-266-g5c70162

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-266-g5c70162
Date:	Mon, 28 Jun 2010 19:02:45 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5c70162532b8fc8dfc3adb359e2f866945761c22

The branch, master has been updated
       via  5c70162532b8fc8dfc3adb359e2f866945761c22 (commit)
      from  a9801fddb8d28acf0685f111add562c6c4b3a689 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5c70162532b8fc8dfc3adb359e2f866945761c22
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jun 28 21:02:02 2010 +0200

    When copying a private key the sensitive flag can be set or not. This allows
    copying private keys that can be exported.

-----------------------------------------------------------------------

Summary of changes:
 lib/includes/gnutls/pkcs11.h |    5 ++-
 lib/pkcs11_write.c           |   43 ++++++++++++++++++++++++++---------------
 src/pkcs11.c                 |    2 +-
 3 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index e754804..8ef30a2 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -48,8 +48,9 @@ void gnutls_pkcs11_set_pin_function 
(gnutls_pkcs11_pin_callback_t callback, void
 int gnutls_pkcs11_add_provider (const char * name, const char * params);
 int gnutls_pkcs11_obj_init ( gnutls_pkcs11_obj_t *certificate);
 
-#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN 1 /* force login in the token for the 
operation */
-#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED 1 /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for 
the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted 
*/
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as 
sensitive (unexportable) */
 
 int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char * url,
        unsigned int flags/* GNUTLS_PKCS11_OBJ_FLAG_* */);
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 7ed62b4..312e352 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -165,7 +165,8 @@ int gnutls_pkcs11_copy_x509_crt(const char *token_url,
  * @flags: One of GNUTLS_PKCS11_OBJ_* flags
  *
  * This function will copy a private key into a PKCS #11 token specified by
- * a URL. 
+ * a URL. It is highly recommended flags to contain 
%GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE
+ * unless there is a strong reason not to.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
  *   negative error value.
@@ -215,21 +216,31 @@ int gnutls_pkcs11_copy_x509_privkey(const char *token_url,
        }
 
        /* FIXME: copy key usage flags */
-
-       a[0].type = CKA_CLASS;
-       a[0].value = &class;
-       a[0].value_len = sizeof(class);
-       a[1].type = CKA_ID;
-       a[1].value = id;
-       a[1].value_len = id_size;
-       a[2].type = CKA_KEY_TYPE;
-       a[2].value = &type;
-       a[2].value_len = sizeof(type);
-       a[3].type = CKA_SENSITIVE;
-       a[3].value = &tval;
-       a[3].value_len = sizeof(tval);
-
-       a_val = 4;
+       a_val = 0;
+       a[a_val].type = CKA_CLASS;
+       a[a_val].value = &class;
+       a[a_val].value_len = sizeof(class);
+       a_val++;
+       
+       a[a_val].type = CKA_ID;
+       a[a_val].value = id;
+       a[a_val].value_len = id_size;
+       a_val++;
+       
+       a[a_val].type = CKA_KEY_TYPE;
+       a[a_val].value = &type;
+       a[a_val].value_len = sizeof(type);
+       a_val++;
+       
+       if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+               tval = 1;
+       else
+               tval = 0;
+       
+       a[a_val].type = CKA_SENSITIVE;
+       a[a_val].value = &tval;
+       a[a_val].value_len = sizeof(tval);
+       a_val++;
 
        pk = gnutls_x509_privkey_get_pk_algorithm(key);
        switch (pk) {
diff --git a/src/pkcs11.c b/src/pkcs11.c
index ae28a84..02489ea 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -411,7 +411,7 @@ unsigned int key_usage;
 
        xkey = load_private_key(0);
        if (xkey != NULL) {
-               ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, 
key_usage, flags);
+               ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, 
key_usage, flags|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
                if (ret < 0) {
                        fprintf(stderr, "Error in %s:%d: %s\n", __func__, 
__LINE__, gnutls_strerror(ret));
                        exit(1);


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-266-g5c70162, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-265-ga9801fd
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-267-gc320d1a
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-265-ga9801fd
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-267-gc320d1a
Index(es):
- Date
- Thread