_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys

parent 439e7171
......@@ -198,6 +198,18 @@ _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params)
case GNUTLS_PRIVKEY_X509:
ret = _gnutls_pk_params_copy(params, &key->key.x509->params);
break;
case GNUTLS_PRIVKEY_PKCS11: {
gnutls_pubkey_t pubkey;
ret = _pkcs11_privkey_get_pubkey(key->key.pkcs11, &pubkey, 0);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_pubkey_get_mpis(pubkey, params);
gnutls_pubkey_deinit(pubkey);
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
......
......@@ -140,6 +140,9 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
const gnutls_datum_t * ciphertext,
gnutls_datum_t * plaintext);
int
_pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags);
static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
{
if (pk == GNUTLS_PK_DSA)
......
......@@ -885,26 +885,8 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk,
return ret;
}
/*
* gnutls_pkcs11_privkey_get_pubkey
* @pkey: The private key
* @fmt: the format of output params. PEM or DER.
* @data: will hold the public key
* @flags: should be zero
*
* This function will extract the public key (modulus and public
* exponent) from the private key specified by the @url private key.
* This public key will be stored in @pubkey in the format specified
* by @fmt. @pubkey should be deinitialized using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_pkcs11_privkey_export_pubkey (gnutls_pkcs11_privkey_t pkey,
gnutls_x509_crt_fmt_t fmt,
gnutls_datum_t * data,
unsigned int flags)
_pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags)
{
ck_object_handle_t priv_obj;
struct ck_mechanism mech;
......@@ -915,7 +897,7 @@ gnutls_pkcs11_privkey_export_pubkey (gnutls_pkcs11_privkey_t pkey,
PKCS11_CHECK_INIT;
if (!pubkey || !pkey) {
if (!pkey) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
......@@ -949,16 +931,57 @@ gnutls_pkcs11_privkey_export_pubkey (gnutls_pkcs11_privkey_t pkey,
goto cleanup;
}
*pub = pubkey;
pubkey = NULL;
ret = 0;
cleanup:
if (obj != NULL)
gnutls_pkcs11_obj_deinit(obj);
if (pubkey != NULL)
gnutls_pubkey_deinit(pubkey);
return ret;
}
/*
* gnutls_pkcs11_privkey_get_pubkey
* @pkey: The private key
* @fmt: the format of output params. PEM or DER.
* @data: will hold the public key
* @flags: should be zero
*
* This function will extract the public key (modulus and public
* exponent) from the private key specified by the @url private key.
* This public key will be stored in @pubkey in the format specified
* by @fmt. @pubkey should be deinitialized using gnutls_free().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_pkcs11_privkey_export_pubkey (gnutls_pkcs11_privkey_t pkey,
gnutls_x509_crt_fmt_t fmt,
gnutls_datum_t * data,
unsigned int flags)
{
int ret;
gnutls_pubkey_t pubkey = NULL;
ret = _pkcs11_privkey_get_pubkey(pkey, &pubkey, flags);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_pubkey_export2(pubkey, fmt, data);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
if (obj != NULL)
gnutls_pkcs11_obj_deinit(obj);
if (pubkey != NULL)
gnutls_pubkey_deinit(pubkey);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment