2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010 Free Software Foundation
5 * Author: Nikos Mavrogiannopoulos
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Library General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Library General Public License for more details.
17 * You should have received a copy of the GNU Library General Public
18 * License along with this library; if not, write to the Free
19 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
23 #include <gnutls_int.h>
24 #include <gnutls/pkcs11.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_datum.h>
29 #include <pkcs11_int.h>
33 * gnutls_pkcs11_copy_secret_key:
34 * @token_url: A PKCS #11 URL specifying a token
36 * @label: A name to be used for the stored data
37 * @key_usage: One of GNUTLS_KEY_*
38 * @flags: One of GNUTLS_PKCS11_OBJ_FLAG_*
40 * This function will copy a raw secret (symmetric) key into a PKCS #11
41 * token specified by a URL. The key can be marked as sensitive or not.
43 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
44 * negative error value.
47 gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
49 unsigned int key_usage, unsigned int flags
50 /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
53 struct ck_function_list *module;
54 ck_session_handle_t pks;
55 struct p11_kit_uri *info = NULL;
57 struct ck_attribute a[12];
58 ck_object_class_t class = CKO_SECRET_KEY;
59 ck_object_handle_t obj;
60 ck_key_type_t keytype = CKK_GENERIC_SECRET;
65 ret = pkcs11_url_to_info (token_url, &info);
72 /* generate a unique ID */
73 ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id));
81 pkcs11_open_session (&module, &pks, info,
82 SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
83 p11_kit_uri_free (info);
91 /* FIXME: copy key usage flags */
93 a[0].type = CKA_CLASS;
95 a[0].value_len = sizeof (class);
96 a[1].type = CKA_VALUE;
97 a[1].value = key->data;
98 a[1].value_len = key->size;
99 a[2].type = CKA_TOKEN;
101 a[2].value_len = sizeof (tval);
102 a[3].type = CKA_PRIVATE;
104 a[3].value_len = sizeof (tval);
105 a[4].type = CKA_KEY_TYPE;
106 a[4].value = &keytype;
107 a[4].value_len = sizeof (keytype);
110 a[5].value_len = sizeof (id);
116 a[a_val].type = CKA_LABEL;
117 a[a_val].value = (void *) label;
118 a[a_val].value_len = strlen (label);
122 if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
127 a[a_val].type = CKA_SENSITIVE;
128 a[a_val].value = &tval;
129 a[a_val].value_len = sizeof (tval);
132 rv = pkcs11_create_object (module, pks, a, a_val, &obj);
136 _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
137 ret = pkcs11_rv_to_err (rv);
147 pkcs11_close_session (module, pks);