2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
21 #include <gnutls_int.h>
22 #include <gnutls/pkcs11.h>
25 #include <gnutls_errors.h>
26 #include <gnutls_datum.h>
27 #include <pkcs11_int.h>
28 #include <gnutls/abstract.h>
29 #include <gnutls_pk.h>
31 #include <openpgp/openpgp_int.h>
32 #include <openpgp/gnutls_openpgp.h>
33 #include <gnutls_sig.h>
34 #include <abstract_int.h>
37 * gnutls_privkey_get_type:
38 * @key: should contain a #gnutls_privkey_t structure
40 * This function will return the type of the private key. This is
41 * actually the type of the subsystem used to set this private key.
43 * Returns: a member of the #gnutls_privkey_type_t enumeration on
44 * success, or a negative error code on error.
49 gnutls_privkey_get_type (gnutls_privkey_t key
)
55 * gnutls_privkey_get_pk_algorithm:
56 * @key: should contain a #gnutls_privkey_t structure
57 * @bits: If set will return the number of bits of the parameters (may be NULL)
59 * This function will return the public key algorithm of a private
60 * key and if possible will return a number of bits that indicates
61 * the security parameter of the key.
63 * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
64 * success, or a negative error code on error.
69 gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key
, unsigned int *bits
)
74 case GNUTLS_PRIVKEY_OPENPGP
:
75 return gnutls_openpgp_privkey_get_pk_algorithm (key
->key
.openpgp
, bits
);
78 case GNUTLS_PRIVKEY_PKCS11
:
79 return gnutls_pkcs11_privkey_get_pk_algorithm (key
->key
.pkcs11
, bits
);
81 case GNUTLS_PRIVKEY_X509
:
83 *bits
= _gnutls_mpi_get_nbits (key
->key
.x509
->params
.params
[0]);
84 return gnutls_x509_privkey_get_pk_algorithm (key
->key
.x509
);
85 case GNUTLS_PRIVKEY_EXT
:
88 return key
->pk_algorithm
;
91 return GNUTLS_E_INVALID_REQUEST
;
97 privkey_to_pubkey (gnutls_pk_algorithm_t pk
,
98 const gnutls_pk_params_st
* priv
,
99 gnutls_pk_params_st
* pub
)
106 pub
->params
[0] = _gnutls_mpi_copy (priv
->params
[0]);
107 pub
->params
[1] = _gnutls_mpi_copy (priv
->params
[1]);
109 pub
->params_nr
= RSA_PUBLIC_PARAMS
;
111 if (pub
->params
[0] == NULL
|| pub
->params
[1] == NULL
)
114 ret
= GNUTLS_E_MEMORY_ERROR
;
120 pub
->params
[0] = _gnutls_mpi_copy (priv
->params
[0]);
121 pub
->params
[1] = _gnutls_mpi_copy (priv
->params
[1]);
122 pub
->params
[2] = _gnutls_mpi_copy (priv
->params
[2]);
123 pub
->params
[3] = _gnutls_mpi_copy (priv
->params
[3]);
125 pub
->params_nr
= DSA_PUBLIC_PARAMS
;
127 if (pub
->params
[0] == NULL
|| pub
->params
[1] == NULL
||
128 pub
->params
[2] == NULL
|| pub
->params
[3] == NULL
)
131 ret
= GNUTLS_E_MEMORY_ERROR
;
137 pub
->params
[0] = _gnutls_mpi_copy (priv
->params
[0]);
138 pub
->params
[1] = _gnutls_mpi_copy (priv
->params
[1]);
139 pub
->params
[2] = _gnutls_mpi_copy (priv
->params
[2]);
140 pub
->params
[3] = _gnutls_mpi_copy (priv
->params
[3]);
141 pub
->params
[4] = _gnutls_mpi_copy (priv
->params
[4]);
142 pub
->params
[5] = _gnutls_mpi_copy (priv
->params
[5]);
143 pub
->params
[6] = _gnutls_mpi_copy (priv
->params
[6]);
144 pub
->params
[7] = _gnutls_mpi_copy (priv
->params
[7]);
146 pub
->params_nr
= ECC_PUBLIC_PARAMS
;
147 pub
->flags
= priv
->flags
;
149 if (pub
->params
[0] == NULL
|| pub
->params
[1] == NULL
||
150 pub
->params
[2] == NULL
|| pub
->params
[3] == NULL
||
151 pub
->params
[4] == NULL
|| pub
->params
[5] == NULL
||
152 pub
->params
[6] == NULL
|| pub
->params
[7] == NULL
)
155 ret
= GNUTLS_E_MEMORY_ERROR
;
162 return GNUTLS_E_INVALID_REQUEST
;
167 gnutls_pk_params_release(pub
);
172 /* Returns the public key of the private key (if possible)
175 _gnutls_privkey_get_public_mpis (gnutls_privkey_t key
,
176 gnutls_pk_params_st
* params
)
179 gnutls_pk_algorithm_t pk
= gnutls_privkey_get_pk_algorithm (key
, NULL
);
183 #ifdef ENABLE_OPENPGP
184 case GNUTLS_PRIVKEY_OPENPGP
:
186 gnutls_pk_params_st tmp_params
;
188 uint8_t keyid
[GNUTLS_OPENPGP_KEYID_SIZE
];
191 gnutls_openpgp_privkey_get_preferred_key_id (key
->key
.openpgp
,
195 KEYID_IMPORT (kid
, keyid
);
196 ret
= _gnutls_openpgp_privkey_get_mpis (key
->key
.openpgp
, kid
,
200 ret
= _gnutls_openpgp_privkey_get_mpis (key
->key
.openpgp
, NULL
,
209 ret
= privkey_to_pubkey (pk
,
213 gnutls_pk_params_release(&tmp_params
);
218 case GNUTLS_PRIVKEY_X509
:
219 ret
= privkey_to_pubkey (pk
,
220 &key
->key
.x509
->params
,
225 return GNUTLS_E_INVALID_REQUEST
;
232 * gnutls_privkey_init:
233 * @key: The structure to be initialized
235 * This function will initialize an private key structure.
237 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
238 * negative error value.
243 gnutls_privkey_init (gnutls_privkey_t
* key
)
245 *key
= gnutls_calloc (1, sizeof (struct gnutls_privkey_st
));
249 return GNUTLS_E_MEMORY_ERROR
;
256 * gnutls_privkey_deinit:
257 * @key: The structure to be deinitialized
259 * This function will deinitialize a private key structure.
264 gnutls_privkey_deinit (gnutls_privkey_t key
)
266 if (key
== NULL
) return;
268 if (key
->flags
& GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
|| key
->flags
& GNUTLS_PRIVKEY_IMPORT_COPY
)
271 #ifdef ENABLE_OPENPGP
272 case GNUTLS_PRIVKEY_OPENPGP
:
273 gnutls_openpgp_privkey_deinit (key
->key
.openpgp
);
277 case GNUTLS_PRIVKEY_PKCS11
:
278 gnutls_pkcs11_privkey_deinit (key
->key
.pkcs11
);
281 case GNUTLS_PRIVKEY_X509
:
282 gnutls_x509_privkey_deinit (key
->key
.x509
);
284 case GNUTLS_PRIVKEY_EXT
:
285 if (key
->key
.ext
.deinit_func
!= NULL
)
286 key
->key
.ext
.deinit_func(key
, key
->key
.ext
.userdata
);
294 /* will fail if the private key contains an actual key.
296 static int check_if_clean(gnutls_privkey_t key
)
299 return GNUTLS_E_INVALID_REQUEST
;
307 * gnutls_privkey_import_pkcs11:
308 * @pkey: The private key
309 * @key: The private key to be imported
310 * @flags: Flags for the import
312 * This function will import the given private key to the abstract
313 * #gnutls_privkey_t structure.
315 * The #gnutls_pkcs11_privkey_t object must not be deallocated
316 * during the lifetime of this structure.
318 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
319 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
321 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
322 * negative error value.
327 gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey
,
328 gnutls_pkcs11_privkey_t key
, unsigned int flags
)
332 ret
= check_if_clean(pkey
);
339 if (flags
& GNUTLS_PRIVKEY_IMPORT_COPY
)
340 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
342 pkey
->key
.pkcs11
= key
;
343 pkey
->type
= GNUTLS_PRIVKEY_PKCS11
;
344 pkey
->pk_algorithm
= gnutls_pkcs11_privkey_get_pk_algorithm (key
, NULL
);
348 gnutls_pkcs11_privkey_set_pin_function(key
, pkey
->pin
.cb
, pkey
->pin
.data
);
354 * gnutls_privkey_import_pkcs11_url:
355 * @key: A key of type #gnutls_pubkey_t
356 * @url: A PKCS 11 url
358 * This function will import a PKCS 11 private key to a #gnutls_private_key_t
361 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
362 * negative error value.
367 gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key
, const char *url
)
369 gnutls_pkcs11_privkey_t pkey
;
372 ret
= gnutls_pkcs11_privkey_init (&pkey
);
380 gnutls_pkcs11_privkey_set_pin_function(pkey
, key
->pin
.cb
, key
->pin
.data
);
382 ret
= gnutls_pkcs11_privkey_import_url (pkey
, url
, 0);
389 ret
= gnutls_privkey_import_pkcs11 (key
, pkey
, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
);
399 gnutls_pkcs11_privkey_deinit (pkey
);
404 #endif /* ENABLE_PKCS11 */
407 * gnutls_privkey_import_ext:
408 * @pkey: The private key
409 * @pk: The public key algorithm
410 * @userdata: private data to be provided to the callbacks
411 * @sign_func: callback for signature operations
412 * @decrypt_func: callback for decryption operations
413 * @flags: Flags for the import
415 * This function will associate the given callbacks with the
416 * #gnutls_privkey_t structure. At least one of the two callbacks
419 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
420 * negative error value.
425 gnutls_privkey_import_ext (gnutls_privkey_t pkey
,
426 gnutls_pk_algorithm_t pk
,
428 gnutls_privkey_sign_func sign_func
,
429 gnutls_privkey_decrypt_func decrypt_func
,
432 return gnutls_privkey_import_ext2( pkey
, pk
, userdata
, sign_func
, decrypt_func
,
437 * gnutls_privkey_import_ext2:
438 * @pkey: The private key
439 * @pk: The public key algorithm
440 * @userdata: private data to be provided to the callbacks
441 * @sign_func: callback for signature operations
442 * @decrypt_func: callback for decryption operations
443 * @deinit_func: a deinitialization function
444 * @flags: Flags for the import
446 * This function will associate the given callbacks with the
447 * #gnutls_privkey_t structure. At least one of the two callbacks
448 * must be non-null. If a deinitialization function is provided
449 * then flags is assumed to contain %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE.
451 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
452 * negative error value.
457 gnutls_privkey_import_ext2 (gnutls_privkey_t pkey
,
458 gnutls_pk_algorithm_t pk
,
460 gnutls_privkey_sign_func sign_func
,
461 gnutls_privkey_decrypt_func decrypt_func
,
462 gnutls_privkey_deinit_func deinit_func
,
467 ret
= check_if_clean(pkey
);
474 if (sign_func
== NULL
&& decrypt_func
== NULL
)
475 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
477 pkey
->key
.ext
.sign_func
= sign_func
;
478 pkey
->key
.ext
.decrypt_func
= decrypt_func
;
479 pkey
->key
.ext
.deinit_func
= deinit_func
;
480 pkey
->key
.ext
.userdata
= userdata
;
481 pkey
->type
= GNUTLS_PRIVKEY_EXT
;
482 pkey
->pk_algorithm
= pk
;
485 /* Ensure gnutls_privkey_deinit() calls the deinit_func */
487 pkey
->flags
|= GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
;
493 * gnutls_privkey_import_x509:
494 * @pkey: The private key
495 * @key: The private key to be imported
496 * @flags: Flags for the import
498 * This function will import the given private key to the abstract
499 * #gnutls_privkey_t structure.
501 * The #gnutls_x509_privkey_t object must not be deallocated
502 * during the lifetime of this structure.
504 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
505 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
507 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
508 * negative error value.
513 gnutls_privkey_import_x509 (gnutls_privkey_t pkey
,
514 gnutls_x509_privkey_t key
, unsigned int flags
)
518 ret
= check_if_clean(pkey
);
525 if (flags
& GNUTLS_PRIVKEY_IMPORT_COPY
)
527 ret
= gnutls_x509_privkey_init(&pkey
->key
.x509
);
529 return gnutls_assert_val(ret
);
531 ret
= gnutls_x509_privkey_cpy(pkey
->key
.x509
, key
);
534 gnutls_x509_privkey_deinit(pkey
->key
.x509
);
535 return gnutls_assert_val(ret
);
539 pkey
->key
.x509
= key
;
541 pkey
->type
= GNUTLS_PRIVKEY_X509
;
542 pkey
->pk_algorithm
= gnutls_x509_privkey_get_pk_algorithm (key
);
548 #ifdef ENABLE_OPENPGP
550 * gnutls_privkey_import_openpgp:
551 * @pkey: The private key
552 * @key: The private key to be imported
553 * @flags: Flags for the import
555 * This function will import the given private key to the abstract
556 * #gnutls_privkey_t structure.
558 * The #gnutls_openpgp_privkey_t object must not be deallocated
559 * during the lifetime of this structure. The subkey set as
560 * preferred will be used, or the master key otherwise.
562 * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
563 * and %GNUTLS_PRIVKEY_IMPORT_COPY.
565 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
566 * negative error value.
571 gnutls_privkey_import_openpgp (gnutls_privkey_t pkey
,
572 gnutls_openpgp_privkey_t key
,
576 uint8_t keyid
[GNUTLS_OPENPGP_KEYID_SIZE
];
578 ret
= check_if_clean(pkey
);
585 if (flags
& GNUTLS_PRIVKEY_IMPORT_COPY
)
587 ret
= gnutls_openpgp_privkey_init(&pkey
->key
.openpgp
);
589 return gnutls_assert_val(ret
);
591 ret
= _gnutls_openpgp_privkey_cpy(pkey
->key
.openpgp
, key
);
594 gnutls_openpgp_privkey_deinit(pkey
->key
.openpgp
);
595 return gnutls_assert_val(ret
);
599 pkey
->key
.openpgp
= key
;
601 pkey
->type
= GNUTLS_PRIVKEY_OPENPGP
;
603 ret
= gnutls_openpgp_privkey_get_preferred_key_id (key
, keyid
);
604 if (ret
== GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
)
606 pkey
->pk_algorithm
= gnutls_openpgp_privkey_get_pk_algorithm(key
, NULL
);
611 return gnutls_assert_val(ret
);
613 idx
= gnutls_openpgp_privkey_get_subkey_idx (key
, keyid
);
615 pkey
->pk_algorithm
= gnutls_openpgp_privkey_get_subkey_pk_algorithm (key
, idx
, NULL
);
624 * gnutls_privkey_import_openpgp_raw:
625 * @pkey: The private key
626 * @data: The private key data to be imported
627 * @format: The format of the private key
628 * @keyid: The key id to use (optional)
629 * @password: A password (optional)
631 * This function will import the given private key to the abstract
632 * #gnutls_privkey_t structure.
634 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
635 * negative error value.
639 int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey
,
640 const gnutls_datum_t
* data
,
641 gnutls_openpgp_crt_fmt_t format
,
642 const gnutls_openpgp_keyid_t keyid
,
643 const char* password
)
645 gnutls_openpgp_privkey_t xpriv
;
648 ret
= gnutls_openpgp_privkey_init(&xpriv
);
650 return gnutls_assert_val(ret
);
652 ret
= gnutls_openpgp_privkey_import(xpriv
, data
, format
, password
, 0);
661 ret
= gnutls_openpgp_privkey_set_preferred_key_id(xpriv
, keyid
);
669 ret
= gnutls_privkey_import_openpgp(pkey
, xpriv
, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
);
679 gnutls_openpgp_privkey_deinit(xpriv
);
686 * gnutls_privkey_sign_data:
687 * @signer: Holds the key
688 * @hash: should be a digest algorithm
689 * @flags: should be 0 for now
690 * @data: holds the data to be signed
691 * @signature: will contain the signature allocate with gnutls_malloc()
693 * This function will sign the given data using a signature algorithm
694 * supported by the private key. Signature algorithms are always used
695 * together with a hash functions. Different hash functions may be
696 * used for the RSA algorithm, but only the SHA family for the DSA keys.
698 * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
699 * the hash algorithm.
701 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
702 * negative error value.
707 gnutls_privkey_sign_data (gnutls_privkey_t signer
,
708 gnutls_digest_algorithm_t hash
,
710 const gnutls_datum_t
* data
,
711 gnutls_datum_t
* signature
)
714 gnutls_datum_t digest
;
716 ret
= pk_hash_data (signer
->pk_algorithm
, hash
, NULL
, data
, &digest
);
723 ret
= pk_prepare_hash (signer
->pk_algorithm
, hash
, &digest
);
730 ret
= _gnutls_privkey_sign_hash (signer
, &digest
, signature
);
731 _gnutls_free_datum (&digest
);
742 _gnutls_free_datum (&digest
);
747 * gnutls_privkey_sign_hash:
748 * @signer: Holds the signer's key
749 * @hash_algo: The hash algorithm used
750 * @flags: zero for now
751 * @hash_data: holds the data to be signed
752 * @signature: will contain newly allocated signature
754 * This function will sign the given hashed data using a signature algorithm
755 * supported by the private key. Signature algorithms are always used
756 * together with a hash functions. Different hash functions may be
757 * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
759 * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
760 * the hash algorithm.
762 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
763 * negative error value.
768 gnutls_privkey_sign_hash (gnutls_privkey_t signer
,
769 gnutls_digest_algorithm_t hash_algo
,
771 const gnutls_datum_t
* hash_data
,
772 gnutls_datum_t
* signature
)
775 gnutls_datum_t digest
;
777 digest
.data
= gnutls_malloc (hash_data
->size
);
778 if (digest
.data
== NULL
)
781 return GNUTLS_E_MEMORY_ERROR
;
783 digest
.size
= hash_data
->size
;
784 memcpy (digest
.data
, hash_data
->data
, digest
.size
);
786 ret
= pk_prepare_hash (signer
->pk_algorithm
, hash_algo
, &digest
);
793 ret
= _gnutls_privkey_sign_hash (signer
, &digest
, signature
);
803 _gnutls_free_datum (&digest
);
808 * _gnutls_privkey_sign_hash:
809 * @key: Holds the key
810 * @data: holds the data to be signed
811 * @signature: will contain the signature allocate with gnutls_malloc()
813 * This function will sign the given data using a signature algorithm
814 * supported by the private key.
816 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
817 * negative error value.
820 _gnutls_privkey_sign_hash (gnutls_privkey_t key
,
821 const gnutls_datum_t
* hash
,
822 gnutls_datum_t
* signature
)
826 #ifdef ENABLE_OPENPGP
827 case GNUTLS_PRIVKEY_OPENPGP
:
828 return gnutls_openpgp_privkey_sign_hash (key
->key
.openpgp
,
832 case GNUTLS_PRIVKEY_PKCS11
:
833 return _gnutls_pkcs11_privkey_sign_hash (key
->key
.pkcs11
,
836 case GNUTLS_PRIVKEY_X509
:
837 return _gnutls_pk_sign (key
->key
.x509
->pk_algorithm
,
838 signature
, hash
, &key
->key
.x509
->params
);
839 case GNUTLS_PRIVKEY_EXT
:
840 if (key
->key
.ext
.sign_func
== NULL
)
841 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
842 return key
->key
.ext
.sign_func(key
, key
->key
.ext
.userdata
, hash
, signature
);
845 return GNUTLS_E_INVALID_REQUEST
;
850 * gnutls_privkey_decrypt_data:
851 * @key: Holds the key
852 * @flags: zero for now
853 * @ciphertext: holds the data to be decrypted
854 * @plaintext: will contain the decrypted data, allocated with gnutls_malloc()
856 * This function will decrypt the given data using the algorithm
857 * supported by the private key.
859 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
860 * negative error value.
865 gnutls_privkey_decrypt_data (gnutls_privkey_t key
,
867 const gnutls_datum_t
* ciphertext
,
868 gnutls_datum_t
* plaintext
)
872 #ifdef ENABLE_OPENPGP
873 case GNUTLS_PRIVKEY_OPENPGP
:
874 return _gnutls_openpgp_privkey_decrypt_data (key
->key
.openpgp
, flags
,
875 ciphertext
, plaintext
);
877 case GNUTLS_PRIVKEY_X509
:
878 return _gnutls_pk_decrypt (key
->pk_algorithm
, plaintext
, ciphertext
,
879 &key
->key
.x509
->params
);
881 case GNUTLS_PRIVKEY_PKCS11
:
882 return _gnutls_pkcs11_privkey_decrypt_data (key
->key
.pkcs11
,
884 ciphertext
, plaintext
);
886 case GNUTLS_PRIVKEY_EXT
:
887 if (key
->key
.ext
.decrypt_func
== NULL
)
888 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
890 return key
->key
.ext
.decrypt_func(key
, key
->key
.ext
.userdata
, ciphertext
, plaintext
);
893 return GNUTLS_E_INVALID_REQUEST
;
898 * gnutls_privkey_import_x509_raw:
899 * @pkey: The private key
900 * @data: The private key data to be imported
901 * @format: The format of the private key
902 * @password: A password (optional)
903 * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
905 * This function will import the given private key to the abstract
906 * #gnutls_privkey_t structure.
908 * The supported formats are typical X.509, PKCS #8 and the openssl
911 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
912 * negative error value.
916 int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey
,
917 const gnutls_datum_t
* data
,
918 gnutls_x509_crt_fmt_t format
,
919 const char* password
, unsigned int flags
)
921 gnutls_x509_privkey_t xpriv
;
924 ret
= gnutls_x509_privkey_init(&xpriv
);
926 return gnutls_assert_val(ret
);
928 ret
= gnutls_x509_privkey_import2(xpriv
, data
, format
, password
, flags
);
935 ret
= gnutls_privkey_import_x509(pkey
, xpriv
, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
);
945 gnutls_x509_privkey_deinit(xpriv
);
951 * gnutls_privkey_import_url:
952 * @key: A key of type #gnutls_privkey_t
953 * @url: A PKCS 11 url
954 * @flags: should be zero
956 * This function will import a PKCS11 or TPM URL as a
957 * private key. The supported URL types can be checked
958 * using gnutls_url_is_supported().
960 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
961 * negative error value.
966 gnutls_privkey_import_url (gnutls_privkey_t key
, const char *url
, unsigned int flags
)
969 if (strstr(url
, "pkcs11:") != NULL
)
970 return gnutls_privkey_import_pkcs11_url(key
, url
);
973 if (strstr(url
, "tpmkey:") != NULL
)
974 return gnutls_privkey_import_tpm_url(key
, url
, NULL
, NULL
, 0);
976 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
980 * gnutls_privkey_set_pin_function:
981 * @key: A key of type #gnutls_privkey_t
983 * @userdata: data associated with the callback
985 * This function will set a callback function to be used when
986 * required to access the object. This function overrides any other
987 * global PIN functions.
989 * Note that this function must be called right after initialization
995 void gnutls_privkey_set_pin_function (gnutls_privkey_t key
,
996 gnutls_pin_callback_t fn
, void *userdata
)
999 key
->pin
.data
= userdata
;