Line data Source code
1 : /*
2 : * Copyright (C) 2010-2014 Free Software Foundation, Inc.
3 : *
4 : * Author: Nikos Mavrogiannopoulos
5 : *
6 : * The GnuTLS is free software; you can redistribute it and/or
7 : * modify it under the terms of the GNU Lesser General Public License
8 : * as published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * This library is distributed in the hope that it will be useful, but
12 : * WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 : * Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public License
17 : * along with this program. If not, see <https://www.gnu.org/licenses/>
18 : */
19 :
20 : #include "gnutls_int.h"
21 : #include <gnutls/pkcs11.h>
22 : #include <stdio.h>
23 : #include <string.h>
24 : #include "errors.h"
25 : #include <datum.h>
26 : #include <pkcs11_int.h>
27 : #include <gnutls/abstract.h>
28 : #include <pk.h>
29 : #include <x509_int.h>
30 : #include <tls-sig.h>
31 : #include <algorithms.h>
32 : #include <fips.h>
33 : #include <abstract_int.h>
34 :
35 : /**
36 : * gnutls_privkey_export_rsa_raw:
37 : * @key: Holds the certificate
38 : * @m: will hold the modulus
39 : * @e: will hold the public exponent
40 : * @d: will hold the private exponent
41 : * @p: will hold the first prime (p)
42 : * @q: will hold the second prime (q)
43 : * @u: will hold the coefficient
44 : * @e1: will hold e1 = d mod (p-1)
45 : * @e2: will hold e2 = d mod (q-1)
46 : *
47 : * This function will export the RSA private key's parameters found
48 : * in the given structure. The new parameters will be allocated using
49 : * gnutls_malloc() and will be stored in the appropriate datum. For
50 : * EdDSA keys, the @y value should be %NULL.
51 : *
52 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
53 : *
54 : * Since: 3.3.0
55 : **/
56 : int
57 1 : gnutls_privkey_export_rsa_raw(gnutls_privkey_t key,
58 : gnutls_datum_t * m, gnutls_datum_t * e,
59 : gnutls_datum_t * d, gnutls_datum_t * p,
60 : gnutls_datum_t * q, gnutls_datum_t * u,
61 : gnutls_datum_t * e1,
62 : gnutls_datum_t * e2)
63 : {
64 1 : return gnutls_privkey_export_rsa_raw2(key, m, e, d, p, q, u, e1, e2, 0);
65 : }
66 :
67 : /**
68 : * gnutls_privkey_export_rsa_raw2:
69 : * @key: Holds the certificate
70 : * @m: will hold the modulus
71 : * @e: will hold the public exponent
72 : * @d: will hold the private exponent
73 : * @p: will hold the first prime (p)
74 : * @q: will hold the second prime (q)
75 : * @u: will hold the coefficient
76 : * @e1: will hold e1 = d mod (p-1)
77 : * @e2: will hold e2 = d mod (q-1)
78 : * @flags: flags from %gnutls_abstract_export_flags_t
79 : *
80 : * This function will export the RSA private key's parameters found
81 : * in the given structure. The new parameters will be allocated using
82 : * gnutls_malloc() and will be stored in the appropriate datum.
83 : *
84 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
85 : *
86 : * Since: 3.6.0
87 : **/
88 : int
89 4 : gnutls_privkey_export_rsa_raw2(gnutls_privkey_t key,
90 : gnutls_datum_t * m, gnutls_datum_t * e,
91 : gnutls_datum_t * d, gnutls_datum_t * p,
92 : gnutls_datum_t * q, gnutls_datum_t * u,
93 : gnutls_datum_t * e1,
94 : gnutls_datum_t * e2,
95 : unsigned int flags)
96 : {
97 4 : gnutls_pk_params_st params;
98 4 : int ret;
99 :
100 4 : if (key == NULL) {
101 0 : gnutls_assert();
102 0 : return GNUTLS_E_INVALID_REQUEST;
103 : }
104 :
105 4 : gnutls_pk_params_init(¶ms);
106 :
107 4 : ret = _gnutls_privkey_get_mpis(key, ¶ms);
108 4 : if (ret < 0)
109 0 : return gnutls_assert_val(ret);
110 :
111 4 : ret = _gnutls_params_get_rsa_raw(¶ms, m, e, d, p, q, u, e1, e2, flags);
112 :
113 4 : gnutls_pk_params_release(¶ms);
114 :
115 4 : return ret;
116 : }
117 :
118 : /**
119 : * gnutls_privkey_export_dsa_raw:
120 : * @key: Holds the public key
121 : * @p: will hold the p
122 : * @q: will hold the q
123 : * @g: will hold the g
124 : * @y: will hold the y
125 : * @x: will hold the x
126 : *
127 : * This function will export the DSA private key's parameters found
128 : * in the given structure. The new parameters will be allocated using
129 : * gnutls_malloc() and will be stored in the appropriate datum.
130 : *
131 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
132 : *
133 : * Since: 3.3.0
134 : **/
135 : int
136 1 : gnutls_privkey_export_dsa_raw(gnutls_privkey_t key,
137 : gnutls_datum_t * p, gnutls_datum_t * q,
138 : gnutls_datum_t * g, gnutls_datum_t * y,
139 : gnutls_datum_t * x)
140 : {
141 1 : return gnutls_privkey_export_dsa_raw2(key, p, q, g, y, x, 0);
142 : }
143 :
144 : /**
145 : * gnutls_privkey_export_dsa_raw2:
146 : * @key: Holds the public key
147 : * @p: will hold the p
148 : * @q: will hold the q
149 : * @g: will hold the g
150 : * @y: will hold the y
151 : * @x: will hold the x
152 : * @flags: flags from %gnutls_abstract_export_flags_t
153 : *
154 : * This function will export the DSA private key's parameters found
155 : * in the given structure. The new parameters will be allocated using
156 : * gnutls_malloc() and will be stored in the appropriate datum.
157 : *
158 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
159 : *
160 : * Since: 3.6.0
161 : **/
162 : int
163 3 : gnutls_privkey_export_dsa_raw2(gnutls_privkey_t key,
164 : gnutls_datum_t * p, gnutls_datum_t * q,
165 : gnutls_datum_t * g, gnutls_datum_t * y,
166 : gnutls_datum_t * x, unsigned int flags)
167 : {
168 3 : gnutls_pk_params_st params;
169 3 : int ret;
170 :
171 3 : if (key == NULL) {
172 0 : gnutls_assert();
173 0 : return GNUTLS_E_INVALID_REQUEST;
174 : }
175 :
176 3 : gnutls_pk_params_init(¶ms);
177 :
178 3 : ret = _gnutls_privkey_get_mpis(key, ¶ms);
179 3 : if (ret < 0)
180 0 : return gnutls_assert_val(ret);
181 :
182 3 : ret = _gnutls_params_get_dsa_raw(¶ms, p, q, g, y, x, flags);
183 :
184 3 : gnutls_pk_params_release(¶ms);
185 :
186 3 : return ret;
187 : }
188 :
189 :
190 : /**
191 : * gnutls_privkey_export_ecc_raw:
192 : * @key: Holds the public key
193 : * @curve: will hold the curve
194 : * @x: will hold the x-coordinate
195 : * @y: will hold the y-coordinate
196 : * @k: will hold the private key
197 : *
198 : * This function will export the ECC private key's parameters found
199 : * in the given structure. The new parameters will be allocated using
200 : * gnutls_malloc() and will be stored in the appropriate datum.
201 : *
202 : * In EdDSA curves the @y parameter will be %NULL and the other parameters
203 : * will be in the native format for the curve.
204 : *
205 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
206 : *
207 : * Since: 3.3.0
208 : **/
209 : int
210 5 : gnutls_privkey_export_ecc_raw(gnutls_privkey_t key,
211 : gnutls_ecc_curve_t * curve,
212 : gnutls_datum_t * x,
213 : gnutls_datum_t * y,
214 : gnutls_datum_t * k)
215 : {
216 5 : return gnutls_privkey_export_ecc_raw2(key, curve, x, y, k, 0);
217 : }
218 :
219 : /**
220 : * gnutls_privkey_export_ecc_raw2:
221 : * @key: Holds the public key
222 : * @curve: will hold the curve
223 : * @x: will hold the x-coordinate
224 : * @y: will hold the y-coordinate
225 : * @k: will hold the private key
226 : * @flags: flags from %gnutls_abstract_export_flags_t
227 : *
228 : * This function will export the ECC private key's parameters found
229 : * in the given structure. The new parameters will be allocated using
230 : * gnutls_malloc() and will be stored in the appropriate datum.
231 : *
232 : * In EdDSA curves the @y parameter will be %NULL and the other parameters
233 : * will be in the native format for the curve.
234 : *
235 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
236 : *
237 : * Since: 3.6.0
238 : **/
239 : int
240 7 : gnutls_privkey_export_ecc_raw2(gnutls_privkey_t key,
241 : gnutls_ecc_curve_t * curve,
242 : gnutls_datum_t * x,
243 : gnutls_datum_t * y,
244 : gnutls_datum_t * k,
245 : unsigned int flags)
246 : {
247 7 : gnutls_pk_params_st params;
248 7 : int ret;
249 :
250 7 : if (key == NULL) {
251 0 : gnutls_assert();
252 0 : return GNUTLS_E_INVALID_REQUEST;
253 : }
254 :
255 7 : gnutls_pk_params_init(¶ms);
256 :
257 7 : ret = _gnutls_privkey_get_mpis(key, ¶ms);
258 7 : if (ret < 0)
259 1 : return gnutls_assert_val(ret);
260 :
261 6 : ret = _gnutls_params_get_ecc_raw(¶ms, curve, x, y, k, flags);
262 :
263 6 : gnutls_pk_params_release(¶ms);
264 :
265 6 : return ret;
266 : }
267 :
268 : /**
269 : * gnutls_privkey_export_gost_raw2:
270 : * @key: Holds the public key
271 : * @curve: will hold the curve
272 : * @digest: will hold the digest
273 : * @paramset: will hold the GOST parameter set ID
274 : * @x: will hold the x-coordinate
275 : * @y: will hold the y-coordinate
276 : * @k: will hold the private key
277 : * @flags: flags from %gnutls_abstract_export_flags_t
278 : *
279 : * This function will export the GOST private key's parameters found
280 : * in the given structure. The new parameters will be allocated using
281 : * gnutls_malloc() and will be stored in the appropriate datum.
282 : *
283 : * Note: parameters will be stored with least significant byte first. On
284 : * version 3.6.3 this was incorrectly returned in big-endian format.
285 : *
286 : * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
287 : *
288 : * Since: 3.6.3
289 : **/
290 : int
291 3 : gnutls_privkey_export_gost_raw2(gnutls_privkey_t key,
292 : gnutls_ecc_curve_t * curve,
293 : gnutls_digest_algorithm_t * digest,
294 : gnutls_gost_paramset_t * paramset,
295 : gnutls_datum_t * x,
296 : gnutls_datum_t * y,
297 : gnutls_datum_t * k,
298 : unsigned int flags)
299 : {
300 3 : gnutls_pk_params_st params;
301 3 : int ret;
302 :
303 3 : if (key == NULL) {
304 0 : gnutls_assert();
305 0 : return GNUTLS_E_INVALID_REQUEST;
306 : }
307 :
308 3 : gnutls_pk_params_init(¶ms);
309 :
310 3 : ret = _gnutls_privkey_get_mpis(key, ¶ms);
311 3 : if (ret < 0)
312 0 : return gnutls_assert_val(ret);
313 :
314 3 : ret = _gnutls_params_get_gost_raw(¶ms, curve, digest, paramset,
315 : x, y, k, flags);
316 :
317 3 : gnutls_pk_params_release(¶ms);
318 :
319 3 : return ret;
320 : }
321 :
322 : /**
323 : * gnutls_privkey_import_rsa_raw:
324 : * @key: The structure to store the parsed key
325 : * @m: holds the modulus
326 : * @e: holds the public exponent
327 : * @d: holds the private exponent (optional)
328 : * @p: holds the first prime (p)
329 : * @q: holds the second prime (q)
330 : * @u: holds the coefficient (optional)
331 : * @e1: holds e1 = d mod (p-1) (optional)
332 : * @e2: holds e2 = d mod (q-1) (optional)
333 : *
334 : * This function will convert the given RSA raw parameters to the
335 : * native #gnutls_privkey_t format. The output will be stored in
336 : * @key.
337 : *
338 : * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
339 : * negative error value.
340 : **/
341 : int
342 9 : gnutls_privkey_import_rsa_raw(gnutls_privkey_t key,
343 : const gnutls_datum_t * m,
344 : const gnutls_datum_t * e,
345 : const gnutls_datum_t * d,
346 : const gnutls_datum_t * p,
347 : const gnutls_datum_t * q,
348 : const gnutls_datum_t * u,
349 : const gnutls_datum_t * e1,
350 : const gnutls_datum_t * e2)
351 : {
352 9 : int ret;
353 9 : gnutls_x509_privkey_t xkey;
354 :
355 9 : ret = gnutls_x509_privkey_init(&xkey);
356 9 : if (ret < 0)
357 0 : return gnutls_assert_val(ret);
358 :
359 9 : ret = gnutls_x509_privkey_import_rsa_raw2(xkey, m, e, d, p, q, u, e1, e1);
360 9 : if (ret < 0) {
361 0 : gnutls_assert();
362 0 : goto error;
363 : }
364 :
365 9 : ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
366 9 : if (ret < 0) {
367 0 : gnutls_assert();
368 0 : goto error;
369 : }
370 :
371 : return 0;
372 :
373 0 : error:
374 0 : gnutls_x509_privkey_deinit(xkey);
375 0 : return ret;
376 : }
377 :
378 : /**
379 : * gnutls_privkey_import_dsa_raw:
380 : * @key: The structure to store the parsed key
381 : * @p: holds the p
382 : * @q: holds the q
383 : * @g: holds the g
384 : * @y: holds the y
385 : * @x: holds the x
386 : *
387 : * This function will convert the given DSA raw parameters to the
388 : * native #gnutls_privkey_t format. The output will be stored
389 : * in @key.
390 : *
391 : * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
392 : * negative error value.
393 : **/
394 : int
395 1 : gnutls_privkey_import_dsa_raw(gnutls_privkey_t key,
396 : const gnutls_datum_t * p,
397 : const gnutls_datum_t * q,
398 : const gnutls_datum_t * g,
399 : const gnutls_datum_t * y,
400 : const gnutls_datum_t * x)
401 : {
402 1 : int ret;
403 1 : gnutls_x509_privkey_t xkey;
404 :
405 1 : ret = gnutls_x509_privkey_init(&xkey);
406 1 : if (ret < 0)
407 0 : return gnutls_assert_val(ret);
408 :
409 1 : ret = gnutls_x509_privkey_import_dsa_raw(xkey, p, q, g, y, x);
410 1 : if (ret < 0) {
411 0 : gnutls_assert();
412 0 : goto error;
413 : }
414 :
415 1 : ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
416 1 : if (ret < 0) {
417 0 : gnutls_assert();
418 0 : goto error;
419 : }
420 :
421 : return 0;
422 :
423 0 : error:
424 0 : gnutls_x509_privkey_deinit(xkey);
425 0 : return ret;
426 : }
427 :
428 : /**
429 : * gnutls_privkey_import_ecc_raw:
430 : * @key: The key
431 : * @curve: holds the curve
432 : * @x: holds the x-coordinate
433 : * @y: holds the y-coordinate
434 : * @k: holds the k (private key)
435 : *
436 : * This function will convert the given elliptic curve parameters to the
437 : * native #gnutls_privkey_t format. The output will be stored
438 : * in @key.
439 : *
440 : * In EdDSA curves the @y parameter should be %NULL and the @x and @k parameters
441 : * must be in the native format for the curve.
442 : *
443 : * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
444 : * negative error value.
445 : *
446 : * Since: 3.0
447 : **/
448 : int
449 5 : gnutls_privkey_import_ecc_raw(gnutls_privkey_t key,
450 : gnutls_ecc_curve_t curve,
451 : const gnutls_datum_t * x,
452 : const gnutls_datum_t * y,
453 : const gnutls_datum_t * k)
454 : {
455 5 : int ret;
456 5 : gnutls_x509_privkey_t xkey;
457 :
458 5 : ret = gnutls_x509_privkey_init(&xkey);
459 5 : if (ret < 0)
460 0 : return gnutls_assert_val(ret);
461 :
462 5 : ret = gnutls_x509_privkey_import_ecc_raw(xkey, curve, x, y, k);
463 5 : if (ret < 0) {
464 1 : gnutls_assert();
465 1 : goto error;
466 : }
467 :
468 4 : ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
469 4 : if (ret < 0) {
470 0 : gnutls_assert();
471 0 : goto error;
472 : }
473 :
474 : return 0;
475 :
476 1 : error:
477 1 : gnutls_x509_privkey_deinit(xkey);
478 1 : return ret;
479 : }
480 :
481 : /**
482 : * gnutls_privkey_import_gost_raw:
483 : * @key: The key
484 : * @curve: holds the curve
485 : * @digest: holds the digest
486 : * @paramset: holds the GOST parameter set ID
487 : * @x: holds the x-coordinate
488 : * @y: holds the y-coordinate
489 : * @k: holds the k (private key)
490 : *
491 : * This function will convert the given GOST private key's parameters to the
492 : * native #gnutls_privkey_t format. The output will be stored
493 : * in @key. @digest should be one of GNUTLS_DIG_GOSR_94,
494 : * GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @paramset is set to
495 : * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on
496 : * @digest.
497 : *
498 : * Note: parameters should be stored with least significant byte first. On
499 : * version 3.6.3 big-endian format was used incorrectly.
500 : *
501 : * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
502 : * negative error value.
503 : *
504 : * Since: 3.6.3
505 : **/
506 : int
507 1 : gnutls_privkey_import_gost_raw(gnutls_privkey_t key,
508 : gnutls_ecc_curve_t curve,
509 : gnutls_digest_algorithm_t digest,
510 : gnutls_gost_paramset_t paramset,
511 : const gnutls_datum_t * x,
512 : const gnutls_datum_t * y,
513 : const gnutls_datum_t * k)
514 : {
515 1 : int ret;
516 1 : gnutls_x509_privkey_t xkey;
517 :
518 1 : ret = gnutls_x509_privkey_init(&xkey);
519 1 : if (ret < 0)
520 0 : return gnutls_assert_val(ret);
521 :
522 1 : ret = gnutls_x509_privkey_import_gost_raw(xkey, curve, digest, paramset, x, y, k);
523 1 : if (ret < 0) {
524 0 : gnutls_assert();
525 0 : goto error;
526 : }
527 :
528 1 : ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
529 1 : if (ret < 0) {
530 0 : gnutls_assert();
531 0 : goto error;
532 : }
533 :
534 : return 0;
535 :
536 0 : error:
537 0 : gnutls_x509_privkey_deinit(xkey);
538 0 : return ret;
539 : }
|