source-git / gnutls

Clone
Source Code
GIT

Blame lib/pcert.c

c8 c8s master
  1.   ca5948f81dd31339b411bde50ba161fd45abb378
  2.   lib
  3.   pcert.c
Blob History Raw
Packit Service 4684c1 
/*
Packit Service 4684c1 
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Author: Nikos Mavrogiannopoulos
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This file is part of GnuTLS.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * The GnuTLS is free software; you can redistribute it and/or
Packit Service 4684c1 
 * modify it under the terms of the GNU Lesser General Public License
Packit Service 4684c1 
 * as published by the Free Software Foundation; either version 2.1 of
Packit Service 4684c1 
 * the License, or (at your option) any later version.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This library is distributed in the hope that it will be useful, but
Packit Service 4684c1 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
 * Lesser General Public License for more details.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * You should have received a copy of the GNU Lesser General Public License
Packit Service 4684c1 
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
Packit Service 4684c1 
 *
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#include "gnutls_int.h"
Packit Service 4684c1 
#include "errors.h"
Packit Service 4684c1 
#include <auth/cert.h>
Packit Service 4684c1 
#include <x509/common.h>
Packit Service 4684c1 
#include <x509.h>
Packit Service 4684c1 
#include "x509/x509_int.h"
Packit Service 4684c1 
#include <gnutls/x509.h>
Packit Service 4684c1 
#include "x509_b64.h"
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_import_x509:
Packit Service 4684c1 
 * @pcert: The pcert structure
Packit Service 4684c1 
 * @crt: The certificate to be imported
Packit Service 4684c1 
 * @flags: zero for now
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import the given certificate to a
Packit Service 4684c1 
 * #gnutls_pcert_st structure. The structure must be deinitialized
Packit Service 4684c1 
 * afterwards using gnutls_pcert_deinit();
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.0
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_import_x509(gnutls_pcert_st * pcert,
Packit Service 4684c1 
			     gnutls_x509_crt_t crt, unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1
Packit Service 4684c1 
	memset(pcert, 0, sizeof(*pcert));
Packit Service 4684c1
Packit Service 4684c1 
	pcert->type = GNUTLS_CRT_X509;
Packit Service 4684c1 
	pcert->cert.data = NULL;
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER,
Packit Service 4684c1 
				    &pcert->cert);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_pubkey_init(&pcert->pubkey);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_pubkey_deinit(pcert->pubkey);
Packit Service 4684c1 
		pcert->pubkey = NULL;
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1
Packit Service 4684c1 
      cleanup:
Packit Service 4684c1 
	_gnutls_free_datum(&pcert->cert);
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_import_x509_list:
Packit Service 4684c1 
 * @pcert_list: The structures to store the certificates; must not contain initialized #gnutls_pcert_st structures.
Packit Service 4684c1 
 * @crt: The certificates to be imported
Packit Service 4684c1 
 * @ncrt: The number of certificates in @crt; will be updated if necessary
Packit Service 4684c1 
 * @flags: zero or %GNUTLS_X509_CRT_LIST_SORT
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import the given certificates to an
Packit Service 4684c1 
 * already allocated set of #gnutls_pcert_st structures. The structures must
Packit Service 4684c1 
 * be deinitialized afterwards using gnutls_pcert_deinit(). @pcert_list
Packit Service 4684c1 
 * should contain space for at least @ncrt elements.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * In the case %GNUTLS_X509_CRT_LIST_SORT is specified and that
Packit Service 4684c1 
 * function cannot sort the list, %GNUTLS_E_CERTIFICATE_LIST_UNSORTED
Packit Service 4684c1 
 * will be returned. Currently sorting can fail if the list size
Packit Service 4684c1 
 * exceeds an internal constraint (16).
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.4.0
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert_list,
Packit Service 4684c1 
				  gnutls_x509_crt_t *crt, unsigned *ncrt,
Packit Service 4684c1 
				  unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	unsigned i;
Packit Service 4684c1 
	unsigned current = 0;
Packit Service 4684c1 
	gnutls_x509_crt_t sorted[DEFAULT_MAX_VERIFY_DEPTH];
Packit Service 4684c1 
	gnutls_x509_crt_t *s;
Packit Service 4684c1
Packit Service 4684c1 
	s = crt;
Packit Service 4684c1
Packit Service 4684c1 
	if (flags & GNUTLS_X509_CRT_LIST_SORT && *ncrt > 1) {
Packit Service 4684c1 
		if (*ncrt > DEFAULT_MAX_VERIFY_DEPTH) {
Packit Service 4684c1 
			ret = _gnutls_check_if_sorted(crt, *ncrt);
Packit Service 4684c1 
			if (ret < 0) {
Packit Service 4684c1 
				gnutls_assert();
Packit Service 4684c1 
				return GNUTLS_E_CERTIFICATE_LIST_UNSORTED;
Packit Service 4684c1 
			}
Packit Service 4684c1 
		} else {
Packit Service 4684c1 
			s = _gnutls_sort_clist(sorted, crt, ncrt, NULL);
Packit Service 4684c1 
			if (s == crt) {
Packit Service 4684c1 
				gnutls_assert();
Packit Service 4684c1 
				return GNUTLS_E_UNIMPLEMENTED_FEATURE;
Packit Service 4684c1 
			}
Packit Service 4684c1 
		}
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	for (i=0;i<*ncrt;i++) {
Packit Service 4684c1 
		ret = gnutls_pcert_import_x509(&pcert_list[i], s[i], 0);
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			current = i;
Packit Service 4684c1 
			goto cleanup;
Packit Service 4684c1 
		}
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1
Packit Service 4684c1 
 cleanup:
Packit Service 4684c1 
	for (i=0;i
Packit Service 4684c1 
		gnutls_pcert_deinit(&pcert_list[i]);
Packit Service 4684c1 
	}
Packit Service 4684c1 
	return ret;
Packit Service 4684c1
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_list_import_x509_raw:
Packit Service 4684c1 
 * @pcert_list: The structures to store the certificates; must not contain initialized #gnutls_pcert_st structures.
Packit Service 4684c1 
 * @pcert_list_size: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
Packit Service 4684c1 
 * @data: The certificates.
Packit Service 4684c1 
 * @format: One of DER or PEM.
Packit Service 4684c1 
 * @flags: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This function will import the provided DER or PEM encoded certificates to an
Packit Service 4684c1 
 * already allocated set of #gnutls_pcert_st structures. The structures must
Packit Service 4684c1 
 * be deinitialized afterwards using gnutls_pcert_deinit(). @pcert_list
Packit Service 4684c1 
 * should contain space for at least @pcert_list_size elements.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * If the Certificate is PEM encoded it should have a header of "X509
Packit Service 4684c1 
 * CERTIFICATE", or "CERTIFICATE".
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value; if the @pcert list doesn't have enough space
Packit Service 4684c1 
 *   %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.0
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int
Packit Service 4684c1 
gnutls_pcert_list_import_x509_raw(gnutls_pcert_st *pcert_list,
Packit Service 4684c1 
				  unsigned int *pcert_list_size,
Packit Service 4684c1 
				  const gnutls_datum_t *data,
Packit Service 4684c1 
				  gnutls_x509_crt_fmt_t format,
Packit Service 4684c1 
				  unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	unsigned int i = 0, j;
Packit Service 4684c1 
	gnutls_x509_crt_t *crt;
Packit Service 4684c1
Packit Service 4684c1 
	crt = gnutls_malloc((*pcert_list_size) * sizeof(gnutls_x509_crt_t));
Packit Service 4684c1
Packit Service 4684c1 
	if (crt == NULL)
Packit Service 4684c1 
		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    gnutls_x509_crt_list_import(crt, pcert_list_size, data, format,
Packit Service 4684c1 
					flags);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup_crt;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	for (i = 0; i < *pcert_list_size; i++) {
Packit Service 4684c1 
		ret = gnutls_pcert_import_x509(&pcert_list[i], crt[i], flags);
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			ret = gnutls_assert_val(ret);
Packit Service 4684c1 
			goto cleanup_pcert;
Packit Service 4684c1 
		}
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = 0;
Packit Service 4684c1 
	goto cleanup;
Packit Service 4684c1
Packit Service 4684c1 
 cleanup_pcert:
Packit Service 4684c1 
	for (j = 0; j < i; j++)
Packit Service 4684c1 
		gnutls_pcert_deinit(&pcert_list[j]);
Packit Service 4684c1
Packit Service 4684c1 
 cleanup:
Packit Service 4684c1 
	for (i = 0; i < *pcert_list_size; i++)
Packit Service 4684c1 
		gnutls_x509_crt_deinit(crt[i]);
Packit Service 4684c1
Packit Service 4684c1 
 cleanup_crt:
Packit Service 4684c1 
	gnutls_free(crt);
Packit Service 4684c1 
	return ret;
Packit Service 4684c1
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_list_import_x509_url:
Packit Service 4684c1 
 * @pcert_list: The structures to store the certificates; must not contain initialized #gnutls_pcert_st structures.
Packit Service 4684c1 
 * @pcert_list_size: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
Packit Service 4684c1 
 * @file: A file or supported URI with the certificates to load
Packit Service 4684c1 
 * @format: %GNUTLS_X509_FMT_DER or %GNUTLS_X509_FMT_PEM if a file is given
Packit Service 4684c1 
 * @pin_fn: a PIN callback if not globally set
Packit Service 4684c1 
 * @pin_fn_userdata: parameter for the PIN callback
Packit Service 4684c1 
 * @flags: zero or flags from %gnutls_certificate_import_flags
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import a certificate chain from the given
Packit Service 4684c1 
 * file or supported URI to #gnutls_pcert_st structures. The structures
Packit Service 4684c1 
 * must be deinitialized afterwards using gnutls_pcert_deinit().
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This function will always return a sorted certificate chain.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value; if the @pcert list doesn't have enough space
Packit Service 4684c1 
 *   %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.6.3
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_list_import_x509_file(gnutls_pcert_st *pcert_list,
Packit Service 4684c1 
				       unsigned *pcert_list_size,
Packit Service 4684c1 
				       const char *file,
Packit Service 4684c1 
				       gnutls_x509_crt_fmt_t format,
Packit Service 4684c1 
				       gnutls_pin_callback_t pin_fn,
Packit Service 4684c1 
				       void *pin_fn_userdata,
Packit Service 4684c1 
				       unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret, ret2;
Packit Service 4684c1 
	unsigned i;
Packit Service 4684c1 
	gnutls_x509_crt_t *crts = NULL;
Packit Service 4684c1 
	unsigned crts_size = 0;
Packit Service 4684c1 
	gnutls_datum_t data = {NULL, 0};
Packit Service 4684c1
Packit Service 4684c1 
	if (gnutls_url_is_supported(file) != 0) {
Packit Service 4684c1 
		ret = gnutls_x509_crt_list_import_url(&crts, &crts_size, file, pin_fn, pin_fn_userdata, 0);
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			ret2 = gnutls_x509_crt_list_import_url(&crts, &crts_size, file, pin_fn, pin_fn_userdata, GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
Packit Service 4684c1 
			if (ret2 >= 0) ret = ret2;
Packit Service 4684c1 
		}
Packit Service 4684c1
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			gnutls_assert();
Packit Service 4684c1 
			goto cleanup;
Packit Service 4684c1 
		}
Packit Service 4684c1
Packit Service 4684c1 
	} else { /* file */
Packit Service 4684c1 
		ret = gnutls_load_file(file, &data);
Packit Service 4684c1 
		if (ret < 0)
Packit Service 4684c1 
			return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
		ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &data, format, flags|GNUTLS_X509_CRT_LIST_SORT);
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			gnutls_assert();
Packit Service 4684c1 
			goto cleanup;
Packit Service 4684c1 
		}
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (crts_size > *pcert_list_size) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_pcert_import_x509_list(pcert_list, crts, &crts_size, flags);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1 
	*pcert_list_size = crts_size;
Packit Service 4684c1
Packit Service 4684c1 
	ret = 0;
Packit Service 4684c1 
cleanup:
Packit Service 4684c1 
	for (i=0;i
Packit Service 4684c1 
		gnutls_x509_crt_deinit(crts[i]);
Packit Service 4684c1 
	gnutls_free(crts);
Packit Service 4684c1 
	gnutls_free(data.data);
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_import_x509_raw:
Packit Service 4684c1 
 * @pcert: The pcert structure
Packit Service 4684c1 
 * @cert: The raw certificate to be imported
Packit Service 4684c1 
 * @format: The format of the certificate
Packit Service 4684c1 
 * @flags: zero for now
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import the given certificate to a
Packit Service 4684c1 
 * #gnutls_pcert_st structure. The structure must be deinitialized
Packit Service 4684c1 
 * afterwards using gnutls_pcert_deinit();
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.0
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert,
Packit Service 4684c1 
				 const gnutls_datum_t * cert,
Packit Service 4684c1 
				 gnutls_x509_crt_fmt_t format,
Packit Service 4684c1 
				 unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	gnutls_x509_crt_t crt;
Packit Service 4684c1
Packit Service 4684c1 
	memset(pcert, 0, sizeof(*pcert));
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_x509_crt_init(&crt;;
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_x509_crt_import(crt, cert, format);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_pcert_import_x509(pcert, crt, flags);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		ret = gnutls_assert_val(ret);
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = 0;
Packit Service 4684c1
Packit Service 4684c1 
      cleanup:
Packit Service 4684c1 
	gnutls_x509_crt_deinit(crt);
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_import_rawpk:
Packit Service 4684c1 
 * @pcert: The pcert structure to import the data into.
Packit Service 4684c1 
 * @pubkey: The raw public-key in #gnutls_pubkey_t format to be imported
Packit Service 4684c1 
 * @flags: zero for now
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import (i.e. convert) the given raw
Packit Service 4684c1 
 * public key @pubkey into a #gnutls_pcert_st structure. The structure
Packit Service 4684c1 
 * must be deinitialized afterwards using gnutls_pcert_deinit(). The
Packit Service 4684c1 
 * given @pubkey must not be deinitialized because it will be associated
Packit Service 4684c1 
 * with the given @pcert structure and will be deinitialized with it.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.6.6
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert,
Packit Service 4684c1 
			     gnutls_pubkey_t pubkey, unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1
Packit Service 4684c1 
	if (pubkey == NULL) {
Packit Service 4684c1 
		return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	memset(pcert, 0, sizeof(*pcert));
Packit Service 4684c1
Packit Service 4684c1 
	/* A pcert struct holds a raw copy of the certificate data.
Packit Service 4684c1 
	 * Therefore we convert our gnutls_pubkey_t to its raw DER
Packit Service 4684c1 
	 * representation and copy it into our pcert. It is this raw data
Packit Service 4684c1 
	 * that will be transferred to the peer via a Certificate msg.
Packit Service 4684c1 
	 * According to the spec (RFC7250) a DER representation must be used.
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &pcert->cert);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	pcert->pubkey = pubkey;
Packit Service 4684c1
Packit Service 4684c1 
	pcert->type = GNUTLS_CRT_RAWPK;
Packit Service 4684c1
Packit Service 4684c1 
	return GNUTLS_E_SUCCESS;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_import_rawpk_raw:
Packit Service 4684c1 
 * @pcert: The pcert structure to import the data into.
Packit Service 4684c1 
 * @rawpubkey: The raw public-key in #gnutls_datum_t format to be imported.
Packit Service 4684c1 
 * @format: The format of the raw public-key. DER or PEM.
Packit Service 4684c1 
 * @key_usage: An ORed sequence of %GNUTLS_KEY_* flags.
Packit Service 4684c1 
 * @flags: zero for now
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This convenience function will import (i.e. convert) the given raw
Packit Service 4684c1 
 * public key @rawpubkey into a #gnutls_pcert_st structure. The structure
Packit Service 4684c1 
 * must be deinitialized afterwards using gnutls_pcert_deinit().
Packit Service 4684c1 
 * Note that the caller is responsible for freeing @rawpubkey. All necessary
Packit Service 4684c1 
 * values will be copied into @pcert.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
Packit Service 4684c1 
 * set because there is no certificate structure around the key to define
Packit Service 4684c1 
 * this value. See for more info gnutls_x509_crt_get_key_usage().
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 *   negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.6.6
Packit Service 4684c1 
 **/
Packit Service 4684c1 
int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert,
Packit Service 4684c1 
				    const gnutls_datum_t* rawpubkey,
Packit Service 4684c1 
				    gnutls_x509_crt_fmt_t format,
Packit Service 4684c1 
				    unsigned int key_usage, unsigned int flags)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1
Packit Service 4684c1 
	if (rawpubkey == NULL) {
Packit Service 4684c1 
		return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	memset(pcert, 0, sizeof(*pcert));
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_pubkey_init(&pcert->pubkey);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	// Convert our raw public-key to a gnutls_pubkey_t structure
Packit Service 4684c1 
	ret = gnutls_pubkey_import(pcert->pubkey, rawpubkey, format);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	pcert->pubkey->key_usage = key_usage;
Packit Service 4684c1
Packit Service 4684c1 
	/* A pcert struct holds a raw copy of the certificate data.
Packit Service 4684c1 
	 * It is this raw data that will be transferred to the peer via a
Packit Service 4684c1 
	 * Certificate message. According to the spec (RFC7250) a DER
Packit Service 4684c1 
	 * representation must be used. Therefore we check the format and
Packit Service 4684c1 
	 * convert if necessary.
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	if (format == GNUTLS_X509_FMT_PEM) {
Packit Service 4684c1 
		ret = _gnutls_fbase64_decode(PEM_PK,
Packit Service 4684c1 
					rawpubkey->data, rawpubkey->size,
Packit Service 4684c1 
					&pcert->cert);
Packit Service 4684c1
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			gnutls_pubkey_deinit(pcert->pubkey);
Packit Service 4684c1
Packit Service 4684c1 
			return gnutls_assert_val(ret);
Packit Service 4684c1 
		}
Packit Service 4684c1 
	} else {
Packit Service 4684c1 
		// Directly copy the raw DER data to our pcert
Packit Service 4684c1 
		ret = _gnutls_set_datum(&pcert->cert, rawpubkey->data, rawpubkey->size);
Packit Service 4684c1
Packit Service 4684c1 
		if (ret < 0) {
Packit Service 4684c1 
			gnutls_pubkey_deinit(pcert->pubkey);
Packit Service 4684c1
Packit Service 4684c1 
			return gnutls_assert_val(ret);
Packit Service 4684c1 
		}
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	pcert->type = GNUTLS_CRT_RAWPK;
Packit Service 4684c1
Packit Service 4684c1 
	return GNUTLS_E_SUCCESS;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_export_x509:
Packit Service 4684c1 
 * @pcert: The pcert structure.
Packit Service 4684c1 
 * @crt: An initialized #gnutls_x509_crt_t.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Converts the given #gnutls_pcert_t type into a #gnutls_x509_crt_t.
Packit Service 4684c1 
 * This function only works if the type of @pcert is %GNUTLS_CRT_X509.
Packit Service 4684c1 
 * When successful, the value written to @crt must be freed with
Packit Service 4684c1 
 * gnutls_x509_crt_deinit() when no longer needed.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
Packit Service 4684c1 
 * negative error value.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.4.0
Packit Service 4684c1 
 */
Packit Service 4684c1 
int gnutls_pcert_export_x509(gnutls_pcert_st * pcert,
Packit Service 4684c1 
			     gnutls_x509_crt_t * crt)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1
Packit Service 4684c1 
	if (pcert->type != GNUTLS_CRT_X509) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INVALID_REQUEST;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_x509_crt_init(crt);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_x509_crt_import(*crt, &pcert->cert, GNUTLS_X509_FMT_DER);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_x509_crt_deinit(*crt);
Packit Service 4684c1 
		*crt = NULL;
Packit Service 4684c1
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/**
Packit Service 4684c1 
 * gnutls_pcert_deinit:
Packit Service 4684c1 
 * @pcert: The structure to be deinitialized
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This function will deinitialize a pcert structure.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Since: 3.0
Packit Service 4684c1 
 **/
Packit Service 4684c1 
void gnutls_pcert_deinit(gnutls_pcert_st * pcert)
Packit Service 4684c1 
{
Packit Service 4684c1 
	if (pcert->pubkey)
Packit Service 4684c1 
		gnutls_pubkey_deinit(pcert->pubkey);
Packit Service 4684c1 
	pcert->pubkey = NULL;
Packit Service 4684c1 
	_gnutls_free_datum(&pcert->cert);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/* Converts the first certificate for the cert_auth_info structure
Packit Service 4684c1 
 * to a pcert.
Packit Service 4684c1 
 */
Packit Service 4684c1 
int
Packit Service 4684c1 
_gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert,
Packit Service 4684c1 
			    gnutls_certificate_type_t type,
Packit Service 4684c1 
			    cert_auth_info_t info)
Packit Service 4684c1 
{
Packit Service 4684c1 
	switch (type) {
Packit Service 4684c1 
		case GNUTLS_CRT_X509:
Packit Service 4684c1 
			return gnutls_pcert_import_x509_raw(pcert,
Packit Service 4684c1 
							&info->raw_certificate_list[0],
Packit Service 4684c1 
							GNUTLS_X509_FMT_DER,
Packit Service 4684c1 
							0);
Packit Service 4684c1 
		case GNUTLS_CRT_RAWPK:
Packit Service 4684c1 
			return gnutls_pcert_import_rawpk_raw(pcert,
Packit Service 4684c1 
							&info->raw_certificate_list[0],
Packit Service 4684c1 
							GNUTLS_X509_FMT_DER,
Packit Service 4684c1 
							0, 0);
Packit Service 4684c1 
		default:
Packit Service 4684c1 
			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
Packit Service 4684c1 
	}
Packit Service 4684c1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation