[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-31-g2108019
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-31-g2108019 |
|
Date: |
Fri, 13 Jul 2012 19:22:42 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=21080193e5d7b9da46bea1e30212ccbf206a1474
The branch, master has been updated
via 21080193e5d7b9da46bea1e30212ccbf206a1474 (commit)
from a6824de916dafe17bc72042ba4b7a741b8703c63 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 21080193e5d7b9da46bea1e30212ccbf206a1474
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jul 13 21:16:07 2012 +0200
Added functions that import any kind of URL into abstract public and
private keys.
Added:
gnutls_pubkey_import_url()
gnutls_privkey_import_url()
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +-
doc/Makefile.am | 4 ++
doc/cha-cert-auth2.texi | 17 +++-----
lib/gnutls_privkey.c | 97 +++++++++++++++++++++++++--------------
lib/gnutls_pubkey.c | 29 ++++++++++++
lib/includes/gnutls/abstract.h | 6 +++
lib/libgnutls.map | 2 +
src/cli.c | 40 ++---------------
8 files changed, 116 insertions(+), 83 deletions(-)
diff --git a/NEWS b/NEWS
index d822a60..9823753 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,7 @@ gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
gnutls_privkey_import_ext2: Added
+gnutls_privkey_import_url: Added
gnutls_tpm_privkey_generate: Added
gnutls_tpm_key_list_deinit: Added
gnutls_tpm_key_list_get_url: Added
@@ -61,10 +62,11 @@ gnutls_tpm_get_registered: Added
gnutls_tpm_privkey_delete: Added
gnutls_pubkey_import_tpm_raw: Added
gnutls_pubkey_import_tpm_url: Added
+gnutls_pubkey_import_url: Added
+gnutls_pubkey_verify_hash2: Added
gnutls_x509_privkey_import2: Added
gnutls_x509_privkey_import_openssl: Added
gnutls_load_file: Added
-gnutls_pubkey_verify_hash2: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_pkcs11_obj_list_import_url2: Added
diff --git a/doc/Makefile.am b/doc/Makefile.am
index ae1a439..98c5692 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -484,6 +484,7 @@ FUNCS += functions/gnutls_pubkey_import_pkcs11
FUNCS += functions/gnutls_pubkey_import_openpgp
FUNCS += functions/gnutls_pubkey_import_privkey
FUNCS += functions/gnutls_pubkey_import_tpm_url
+FUNCS += functions/gnutls_pubkey_import_url
FUNCS += functions/gnutls_pubkey_import_tpm_raw
FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm
FUNCS += functions/gnutls_pubkey_get_pk_rsa_raw
@@ -518,6 +519,7 @@ FUNCS += functions/gnutls_privkey_import_openpgp_raw
FUNCS += functions/gnutls_privkey_import_x509_raw
FUNCS += functions/gnutls_privkey_import_tpm_raw
FUNCS += functions/gnutls_privkey_import_tpm_url
+FUNCS += functions/gnutls_privkey_import_url
FUNCS += functions/gnutls_privkey_import_pkcs11_url
FUNCS += functions/gnutls_privkey_import_ext
FUNCS += functions/gnutls_privkey_import_ext2
@@ -944,6 +946,8 @@ FUNCS += functions/gnutls_pkcs11_reinit
FUNCS += functions/gnutls_pkcs11_deinit
FUNCS += functions/gnutls_pkcs11_set_token_function
FUNCS += functions/gnutls_pkcs11_set_pin_function
+FUNCS += functions/gnutls_pkcs11_advset_token_function
+FUNCS += functions/gnutls_pkcs11_advset_pin_function
FUNCS += functions/gnutls_pkcs11_add_provider
FUNCS += functions/gnutls_pkcs11_obj_init
FUNCS += functions/gnutls_pkcs11_obj_import_url
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index 1b8cb3b..cee6850 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -549,27 +549,22 @@ used.
@example
#inlude <gnutls/abstract.h>
-#inlude <gnutls/pkcs11.h>
void sign_cert( gnutls_x509_crt_t to_be_signed)
@{
-gnutls_pkcs11_privkey_t ca_key;
gnutls_x509_crt_t ca_cert;
gnutls_privkey_t abs_key;
/* load the PKCS #11 key and certificates */
- gnutls_pkcs11_privkey_init(&ca_key);
- gnutls_pkcs11_privkey_import_url(ca_key, key_url);
+ /* initialize the abstract key */
+ gnutls_privkey_init(&abs_key);
+ gnutls_privkey_import_url(abs_key, key_url);
gnutls_x509_crt_init(&ca_cert);
gnutls_x509_crt_import_pkcs11_url(&ca_cert, cert_url);
- /* initialize the abstract key */
- gnutls_privkey_init(&abs_key);
- gnutls_privkey_import_pkcs11(abs_key, ca_key);
-
/* sign the certificate to be signed */
- gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, ca_key,
+ gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, abs_key,
GNUTLS_DIG_SHA256, 0);
@}
@end example
@@ -590,7 +585,7 @@ or through an ASN.1 encoding of the X.509
@code{SubjectPublicKeyInfo}
sequence.
@showfuncC{gnutls_pubkey_import_x509,gnutls_pubkey_import_openpgp,gnutls_pubkey_import_pkcs11}
address@hidden,gnutls_pubkey_import_privkey,gnutls_pubkey_import}
address@hidden,gnutls_pubkey_import_privkey,gnutls_pubkey_import}
@showfuncdesc{gnutls_pubkey_export}
@@ -609,7 +604,7 @@ to allow abstraction over @acronym{PKCS} #11 keys that
are not extractable.
@showfuncC{gnutls_privkey_import_x509,gnutls_privkey_import_openpgp,gnutls_privkey_import_pkcs11}
address@hidden,gnutls_privkey_import_openpgp_raw,gnutls_privkey_import_pkcs11_url}
address@hidden,gnutls_privkey_import_openpgp_raw,gnutls_privkey_import_url}
@showfuncB{gnutls_privkey_get_pk_algorithm,gnutls_privkey_get_type}
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 2246cab..66aece2 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -372,6 +372,54 @@ int ret;
return 0;
}
+/**
+ * gnutls_privkey_import_pkcs11_url:
+ * @key: A key of type #gnutls_pubkey_t
+ * @url: A PKCS 11 url
+ *
+ * This function will import a PKCS 11 private key to a #gnutls_private_key_t
+ * structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.0
+ **/
+int
+gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
+{
+ gnutls_pkcs11_privkey_t pkey;
+ int ret;
+
+ ret = gnutls_pkcs11_privkey_init (&pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_privkey_import_pkcs11 (key, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ gnutls_pkcs11_privkey_deinit (pkey);
+
+ return ret;
+}
+
#endif /* ENABLE_PKCS11 */
/**
@@ -914,14 +962,14 @@ cleanup:
return ret;
}
+
/**
- * gnutls_privkey_import_pkcs11_url:
+ * gnutls_privkey_import_url:
* @key: A key of type #gnutls_pubkey_t
* @url: A PKCS 11 url
- * @flags: One of GNUTLS_PKCS11_OBJ_* flags
*
- * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t
- * structure.
+ * This function will import a PKCS11 or TPM URL as a
+ * private key.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
@@ -929,36 +977,15 @@ cleanup:
* Since: 3.1.0
**/
int
-gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
+gnutls_privkey_import_url (gnutls_privkey_t key, const char *url)
{
- gnutls_pkcs11_privkey_t pkey;
- int ret;
-
- ret = gnutls_pkcs11_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = gnutls_privkey_import_pkcs11 (key, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- return 0;
-
-cleanup:
- gnutls_pkcs11_privkey_deinit (pkey);
-
- return ret;
+#ifdef ENABLE_PKCS11
+ if (strstr(url, "pkcs11:") != NULL)
+ return gnutls_privkey_import_pkcs11_url(key, url);
+#endif
+#ifdef HAVE_TROUSERS
+ if (strstr(url, "tpmkey:") != NULL)
+ return gnutls_privkey_import_tpm_url(key, url, NULL, NULL, 0);
+#endif
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index c8cc319..267896a 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1048,6 +1048,35 @@ cleanup:
#endif /* ENABLE_PKCS11 */
/**
+ * gnutls_pubkey_import_url:
+ * @key: A key of type #gnutls_pubkey_t
+ * @url: A PKCS 11 url
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will import a PKCS11 certificate or a TPM key
+ * as a public key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.0
+ **/
+int
+gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
+{
+#ifdef ENABLE_PKCS11
+ if (strstr(url, "pkcs11:") != NULL)
+ return gnutls_pubkey_import_pkcs11_url(key, url, flags);
+#endif
+#ifdef HAVE_TROUSERS
+ if (strstr(url, "tpmkey:") != NULL)
+ return gnutls_pubkey_import_tpm_url(key, url, NULL, 0);
+#endif
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+}
+
+/**
* gnutls_pubkey_import_rsa_raw:
* @key: Is a structure will hold the parameters
* @m: holds the modulus
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 562e30c..08fea1a 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -75,6 +75,10 @@ gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey,
unsigned int flags);
int
+gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags);
+
+int
gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_x509_crt_fmt_t format,
@@ -221,6 +225,8 @@ gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey,
const char* url, const char *srk_password, const char *key_password,
unsigned int flags);
+int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url);
+
int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url);
int
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index f186b25..e8097a8 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -817,6 +817,8 @@ GNUTLS_3_1_0 {
gnutls_tpm_privkey_delete;
gnutls_pubkey_import_tpm_url;
gnutls_privkey_import_tpm_url;
+ gnutls_privkey_import_url;
+ gnutls_pubkey_import_url;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/src/cli.c b/src/cli.c
index 0e5f349..218515a 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -142,9 +142,6 @@ load_keys (void)
unsigned int i;
gnutls_datum_t data = { NULL, 0 };
gnutls_x509_crt_t crt_list[MAX_CRT];
-#ifdef ENABLE_PKCS11
- gnutls_pkcs11_privkey_t pkcs11_key;
-#endif
unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
@@ -227,12 +224,10 @@ load_keys (void)
gnutls_strerror (ret));
exit (1);
}
-
-#ifdef ENABLE_PKCS11
- if (strncmp (x509_keyfile, "pkcs11:", 7) == 0)
+ else if (strncmp (x509_keyfile, "tpmkey:", 7) == 0 || strncmp
(x509_keyfile, "pkcs11:", 7) == 0)
{
ret =
- gnutls_privkey_import_pkcs11_url (x509_key, x509_keyfile);
+ gnutls_privkey_import_url (x509_key, x509_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
@@ -241,21 +236,6 @@ load_keys (void)
}
}
else
-#endif /* ENABLE_PKCS11 */
-#ifdef HAVE_TROUSERS
- if (strncmp (x509_keyfile, "tpmkey:", 7) == 0)
- {
- ret =
- gnutls_privkey_import_tpm_url (x509_key, x509_keyfile, NULL, NULL,
0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
- }
- else
-#endif /* HAVE_TROUSERS */
{
ret = gnutls_load_file (x509_keyfile, &data);
if (ret < 0)
@@ -319,20 +299,9 @@ load_keys (void)
exit (1);
}
-#ifdef ENABLE_PKCS11
- if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0)
+ if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0 || strncmp (pgp_keyfile,
"tpmkey:", 7) == 0)
{
- gnutls_pkcs11_privkey_init (&pkcs11_key);
-
- ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_privkey_import_pkcs11( pgp_key, pkcs11_key,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
@@ -341,7 +310,6 @@ load_keys (void)
}
}
else
-#endif /* ENABLE_PKCS11 */
{
ret = gnutls_load_file (pgp_keyfile, &data);
if (ret < 0)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-31-g2108019,
Nikos Mavrogiannopoulos <=