2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos, Stef Walter
7 * The GnuTLS is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public License
9 * as published by the Free Software Foundation; either version 3 of
10 * the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>
21 #include <gnutls_int.h>
22 #include <gnutls/pkcs11.h>
25 #include <gnutls_errors.h>
26 #include <gnutls_datum.h>
27 #include <pkcs11_int.h>
31 * gnutls_pkcs11_copy_secret_key:
32 * @token_url: A PKCS #11 URL specifying a token
34 * @label: A name to be used for the stored data
35 * @key_usage: One of GNUTLS_KEY_*
36 * @flags: One of GNUTLS_PKCS11_OBJ_FLAG_*
38 * This function will copy a raw secret (symmetric) key into a PKCS #11
39 * token specified by a URL. The key can be marked as sensitive or not.
41 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
42 * negative error value.
47 gnutls_pkcs11_copy_secret_key (const char *token_url
, gnutls_datum_t
* key
,
49 unsigned int key_usage
, unsigned int flags
50 /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
53 struct p11_kit_uri
*info
= NULL
;
55 struct ck_attribute a
[12];
56 ck_object_class_t
class = CKO_SECRET_KEY
;
57 ck_object_handle_t obj
;
58 ck_key_type_t keytype
= CKK_GENERIC_SECRET
;
62 struct pkcs11_session_info sinfo
;
64 memset(&sinfo
, 0, sizeof(sinfo
));
66 ret
= pkcs11_url_to_info (token_url
, &info
);
73 /* generate a unique ID */
74 ret
= _gnutls_rnd (GNUTLS_RND_NONCE
, id
, sizeof (id
));
82 pkcs11_open_session (&sinfo
, NULL
, info
,
83 SESSION_WRITE
| pkcs11_obj_flags_to_int (flags
));
84 p11_kit_uri_free (info
);
92 /* FIXME: copy key usage flags */
94 a
[0].type
= CKA_CLASS
;
96 a
[0].value_len
= sizeof (class);
97 a
[1].type
= CKA_VALUE
;
98 a
[1].value
= key
->data
;
99 a
[1].value_len
= key
->size
;
100 a
[2].type
= CKA_TOKEN
;
102 a
[2].value_len
= sizeof (tval
);
103 a
[3].type
= CKA_PRIVATE
;
105 a
[3].value_len
= sizeof (tval
);
106 a
[4].type
= CKA_KEY_TYPE
;
107 a
[4].value
= &keytype
;
108 a
[4].value_len
= sizeof (keytype
);
111 a
[5].value_len
= sizeof (id
);
117 a
[a_val
].type
= CKA_LABEL
;
118 a
[a_val
].value
= (void *) label
;
119 a
[a_val
].value_len
= strlen (label
);
123 if (flags
& GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE
)
128 a
[a_val
].type
= CKA_SENSITIVE
;
129 a
[a_val
].value
= &tval
;
130 a
[a_val
].value_len
= sizeof (tval
);
133 rv
= pkcs11_create_object (sinfo
.module
, sinfo
.pks
, a
, a_val
, &obj
);
137 _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv
));
138 ret
= pkcs11_rv_to_err (rv
);
148 pkcs11_close_session (&sinfo
);