[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-10-g00f6b99
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-10-g00f6b99 |
|
Date: |
Sun, 07 Nov 2010 04:22:55 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=00f6b990f9e650b6050d7ab4b5b3fa517ea08e47
The branch, master has been updated
via 00f6b990f9e650b6050d7ab4b5b3fa517ea08e47 (commit)
via 317a2e053028bb9207b8424f590bb50ed6e5731c (commit)
from 1d6c1b025e6bb2c44541693559622e657b98c294 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 00f6b990f9e650b6050d7ab4b5b3fa517ea08e47
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 7 05:22:22 2010 +0100
Introduced p11tool to separate PKCS #11 functionality from certtool.
commit 317a2e053028bb9207b8424f590bb50ed6e5731c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 7 05:09:01 2010 +0100
Removed check on deprecated feature (finished).
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
src/Makefile.am | 34 ++-
src/certtool-common.c | 401 ++++++++++++++++++++++++++
src/certtool-common.h | 61 ++--
src/certtool-gaa.c | 485 +++++++++-----------------------
src/certtool-gaa.h | 66 ++---
src/certtool.c | 544 +++++++-----------------------------
src/certtool.gaa | 33 +--
src/{crypt-gaa.c => p11tool-gaa.c} | 458 ++++++++++++++++++++++++-------
src/p11tool-gaa.h | 63 ++++
src/p11tool.c | 166 +++++++++++
src/p11tool.gaa | 83 ++++++
src/p11tool.h | 34 +++
src/pkcs11.c | 78 +++++-
tests/Makefile.am | 2 +-
tests/finished.c | 293 -------------------
16 files changed, 1494 insertions(+), 1309 deletions(-)
create mode 100644 src/certtool-common.c
copy src/{crypt-gaa.c => p11tool-gaa.c} (62%)
create mode 100644 src/p11tool-gaa.h
create mode 100644 src/p11tool.c
create mode 100644 src/p11tool.gaa
create mode 100644 src/p11tool.h
delete mode 100644 tests/finished.c
diff --git a/.gitignore b/.gitignore
index 1279db5..f17c4a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -379,6 +379,8 @@ m4/lt~obsolete.m4
src/Makefile
src/Makefile.in
src/benchmark
+src/libcmd-p11tool.la
+src/p11tool
src/certtool
src/cfg/Makefile
src/cfg/Makefile.in
diff --git a/src/Makefile.am b/src/Makefile.am
index edd7223..8607f82 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -32,7 +32,7 @@ AM_CPPFLAGS = \
noinst_PROGRAMS = benchmark
bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug
if ENABLE_PKI
-bin_PROGRAMS += certtool
+bin_PROGRAMS += certtool p11tool
endif
if ENABLE_SRP
bin_PROGRAMS += srptool
@@ -80,7 +80,9 @@ noinst_LTLIBRARIES += libcmd-cli-debug.la
libcmd_cli_debug_la_CFLAGS =
libcmd_cli_debug_la_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c
-certtool_SOURCES = certtool.c prime.c pkcs11.c
+#certtool
+
+certtool_SOURCES = certtool.c prime.c certtool-common.c
certtool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
certtool_LDADD += $(LTLIBGCRYPT)
@@ -97,16 +99,40 @@ certtool_LDADD += libcfg.la
endif
noinst_LTLIBRARIES += libcmd-certtool.la
libcmd_certtool_la_CFLAGS =
-libcmd_certtool_la_SOURCES = certtool.gaa certtool-gaa.h \
- certtool-gaa.c certtool-cfg.h certtool-cfg.c
+libcmd_certtool_la_SOURCES = certtool-gaa.c certtool.gaa certtool-gaa.h
\
+ certtool-cfg.h certtool-cfg.c
libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
libcmd_certtool_la_LIBADD += ../lib/libgnutls.la ../libextra/libgnutls-extra.la
libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
+# p11 tool
+p11tool_gaa_CFLAGS =
+p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c
+p11tool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
+p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
+p11tool_LDADD += $(LTLIBGCRYPT)
+
+if HAVE_LIBCFG
+p11tool_LDADD += -lcfg+
+else
+p11tool_LDADD += libcfg.la
+endif
+noinst_LTLIBRARIES += libcmd-p11tool.la
+libcmd_p11tool_la_CFLAGS =
+libcmd_p11tool_la_SOURCES = p11tool-gaa.c p11tool.gaa p11tool-gaa.h \
+ certtool-cfg.h certtool-cfg.c
+libcmd_p11tool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE)
+libcmd_p11tool_la_LIBADD += ../lib/libgnutls.la
+libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB)
+
+
+
psk-gaa.c: $(srcdir)/psk.gaa
-$(GAA) $< -o psk-gaa.c -i psk-gaa.h
crypt-gaa.c: $(srcdir)/crypt.gaa
-$(GAA) $< -o crypt-gaa.c -i crypt-gaa.h
+p11tool-gaa.c: $(srcdir)/p11tool.gaa
+ -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
certtool-gaa.c: $(srcdir)/certtool.gaa
-$(GAA) $< -o certtool-gaa.c -i certtool-gaa.h
cli-gaa.c: $(srcdir)/cli.gaa
diff --git a/src/certtool-common.c b/src/certtool-common.c
new file mode 100644
index 0000000..0c96f47
--- /dev/null
+++ b/src/certtool-common.c
@@ -0,0 +1,401 @@
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
Foundation, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+#include "certtool-common.h"
+#include "certtool-cfg.h"
+
+/* Gnulib portability files. */
+#include <read-file.h>
+
+unsigned char buffer[64 * 1024];
+const int buffer_size = sizeof (buffer);
+
+
+FILE *
+safe_open_rw (const char *file, int privkey_op)
+{
+ mode_t omask = 0;
+ FILE *fh;
+
+ if (privkey_op != 0)
+ {
+ omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+ }
+
+ fh = fopen (file, "wb");
+
+ if (privkey_op != 0)
+ {
+ umask (omask);
+ }
+
+ return fh;
+}
+
+gnutls_datum_t *
+load_secret_key (int mand, common_info_st* info)
+{
+ unsigned char raw_key[64];
+ size_t raw_key_size = sizeof(raw_key);
+ static gnutls_datum_t key;
+ gnutls_datum_t hex_key;
+ int ret;
+
+ fprintf (stderr, "Loading secret key...\n");
+
+ if (info->secret_key == NULL)
+ {
+ if (mand)
+ error (EXIT_FAILURE, 0, "missing --secret-key");
+ else
+ return NULL;
+ }
+
+ hex_key.data = (char*)info->secret_key;
+ hex_key.size = strlen(info->secret_key);
+
+ ret = gnutls_hex_decode( &hex_key, raw_key, &raw_key_size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+
+ key.data = raw_key;
+ key.size = raw_key_size;
+
+ return &key;
+}
+
+/* Load the private key.
+ * @mand should be non zero if it is required to read a private key.
+ */
+gnutls_x509_privkey_t
+load_private_key (int mand, common_info_st* info)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->privkey && !mand)
+ return NULL;
+
+ if (info->privkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-privkey");
+
+ ret = gnutls_x509_privkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->privkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+
+ if (info->pkcs8)
+ {
+ const char *pass = get_pass ();
+ ret =
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
+ }
+ else
+ ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+
+ free (dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header; "
+ "check if your key is PKCS #8 or PKCS #12 encoded");
+ }
+
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ info->privkey, gnutls_strerror (ret));
+
+ return key;
+}
+
+/* Loads the certificate
+ * If mand is non zero then a certificate is mandatory. Otherwise
+ * null will be returned if the certificate loading fails.
+ */
+gnutls_x509_crt_t
+load_cert (int mand, common_info_st* info)
+{
+ gnutls_x509_crt_t *crt;
+ size_t size;
+
+ crt = load_cert_list (mand, &size, info);
+
+ return crt ? crt[0] : NULL;
+}
+
+#define MAX_CERTS 256
+
+/* Loads a certificate list
+ */
+gnutls_x509_crt_t *
+load_cert_list (int mand, size_t * crt_size, common_info_st* info)
+{
+ FILE *fd;
+ static gnutls_x509_crt_t crt[MAX_CERTS];
+ char *ptr;
+ int ret, i;
+ gnutls_datum_t dat;
+ size_t size;
+ int ptr_size;
+
+ *crt_size = 0;
+ fprintf (stderr, "Loading certificate list...\n");
+
+ if (info->cert == NULL)
+ {
+ if (mand)
+ error (EXIT_FAILURE, 0, "missing --load-certificate");
+ else
+ return NULL;
+ }
+
+ fd = fopen (info->cert, "r");
+ if (fd == NULL)
+ error (EXIT_FAILURE, errno, "%s", info->cert);
+
+ size = fread (buffer, 1, sizeof (buffer) - 1, fd);
+ buffer[size] = 0;
+
+ fclose (fd);
+
+ ptr = buffer;
+ ptr_size = size;
+
+ for (i = 0; i < MAX_CERTS; i++)
+ {
+ ret = gnutls_x509_crt_init (&crt[i]);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+ dat.data = ptr;
+ dat.size = ptr_size;
+
+ ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format);
+ if (ret < 0 && *crt_size > 0)
+ break;
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+
+ ptr = strstr (ptr, "---END");
+ if (ptr == NULL)
+ break;
+ ptr++;
+
+ ptr_size = size;
+ ptr_size -=
+ (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
+
+ if (ptr_size < 0)
+ break;
+
+ (*crt_size)++;
+ }
+ fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
+
+ return crt;
+}
+
+/* Load the Certificate Request.
+ */
+gnutls_x509_crq_t
+load_request (common_info_st* info)
+{
+ gnutls_x509_crq_t crq;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->request)
+ return NULL;
+
+ ret = gnutls_x509_crq_init (&crq);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->request, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
+
+ ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header");
+ }
+
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
+ info->request, gnutls_strerror (ret));
+
+ return crq;
+}
+
+/* Load the CA's private key.
+ */
+gnutls_x509_privkey_t
+load_ca_private_key (common_info_st* info)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (info->ca_privkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
+
+ ret = gnutls_x509_privkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->ca_privkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
+ info->ca_privkey);
+
+ if (info->pkcs8)
+ {
+ const char *pass = get_pass ();
+ ret =
+ gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
+ pass, 0);
+ }
+ else
+ ret = gnutls_x509_privkey_import (key, &dat, info->incert_format);
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
+ info->ca_privkey, gnutls_strerror (ret));
+
+ return key;
+}
+
+/* Loads the CA's certificate
+ */
+gnutls_x509_crt_t
+load_ca_cert (common_info_st* info)
+{
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (info->ca == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
+
+ ret = gnutls_x509_crt_init (&crt);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->ca, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info->ca);
+
+ ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
+ free (dat.data);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
+ info->ca, gnutls_strerror (ret));
+
+ return crt;
+}
+
+/* Load a public key.
+ * @mand should be non zero if it is required to read a public key.
+ */
+gnutls_pubkey_t
+load_pubkey (int mand, common_info_st* info)
+{
+ gnutls_pubkey_t key;
+ int ret;
+ gnutls_datum_t dat;
+ size_t size;
+
+ if (!info->pubkey && !mand)
+ return NULL;
+
+ if (info->pubkey == NULL)
+ error (EXIT_FAILURE, 0, "missing --load-pubkey");
+
+ ret = gnutls_pubkey_init (&key);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+
+ dat.data = read_binary_file (info->pubkey, &size);
+ dat.size = size;
+
+ if (!dat.data)
+ error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
+
+ ret = gnutls_pubkey_import (key, &dat, info->incert_format);
+
+ free (dat.data);
+
+ if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ error (EXIT_FAILURE, 0,
+ "import error: could not find a valid PEM header; "
+ "check if your key has the PUBLIC KEY header");
+ }
+
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
+ info->pubkey, gnutls_strerror (ret));
+
+ return key;
+}
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 1a2d881..4d384df 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -1,3 +1,6 @@
+#ifndef CERTTOOL_COMMON_H
+# define CERTTOOL_COMMON_H
+
#include <gnutls/x509.h>
#include <stdio.h>
@@ -26,11 +29,6 @@ enum
ACTION_PGP_PRIVKEY_INFO,
ACTION_RING_INFO,
ACTION_REQUEST,
- ACTION_PKCS11_LIST,
- ACTION_PKCS11_TOKENS,
- ACTION_PKCS11_EXPORT_URL,
- ACTION_PKCS11_WRITE_URL,
- ACTION_PKCS11_DELETE_URL,
ACTION_PUBKEY_INFO,
ACTION_CERT_PUBKEY,
};
@@ -39,37 +37,42 @@ enum
#define TYPE_CRQ 2
void certtool_version (void);
-void pkcs11_list (FILE * outfile, const char *url, int type,
- unsigned int login, unsigned int detailed);
-void pkcs11_export (FILE * outfile, const char *pkcs11_url,
- unsigned int login);
-void pkcs11_token_list (FILE * outfile, unsigned int detailed);
-void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
- int trusted, unsigned int login);
-void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
- unsigned int login);
-
-#define PKCS11_TYPE_CRT_ALL 1
-#define PKCS11_TYPE_TRUSTED 2
-#define PKCS11_TYPE_PK 3
-#define PKCS11_TYPE_ALL 4
-#define PKCS11_TYPE_PRIVKEY 5
-
-extern unsigned char buffer[];
-extern const int buffer_size;
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
-gnutls_x509_privkey_t load_private_key (int mand);
-gnutls_x509_crq_t load_request (void);
-gnutls_x509_privkey_t load_ca_private_key (void);
-gnutls_x509_crt_t load_ca_cert (void);
-gnutls_x509_crt_t load_cert (int mand);
-gnutls_pubkey_t load_pubkey (int mand);
+typedef struct common_info {
+ const char* secret_key;
+ const char* privkey;
+ const char* pubkey;
+ int pkcs8;
+ int incert_format;
+ const char* cert;
+
+ const char* request;
+ const char* ca;
+ const char* ca_privkey;
+} common_info_st;
+
+gnutls_x509_privkey_t load_private_key (int mand, common_info_st* info);
+gnutls_x509_crq_t load_request (common_info_st* info);
+gnutls_x509_privkey_t load_ca_private_key (common_info_st* info);
+gnutls_x509_crt_t load_ca_cert (common_info_st* info);
+gnutls_x509_crt_t load_cert (int mand, common_info_st* info);
+gnutls_datum* load_secret_key (int mand, common_info_st* info);
+gnutls_pubkey_t load_pubkey (int mand, common_info_st* info);
+gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, common_info_st*
info);
/* returns the bits specified in cmd */
int get_bits (gnutls_pk_algorithm_t);
/* prime.c */
int generate_prime (int how);
+
+FILE * safe_open_rw (const char *file, int privkey_op);
+
+extern unsigned char buffer[];
+extern const int buffer_size;
+
+
+#endif
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index ec3dfc0..8ae957a 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -12,7 +12,6 @@
#endif
#include "certtool-common.h"
-#include <gnutls/pkcs11.h>
#include <stdio.h>
#include <string.h>
@@ -180,20 +179,6 @@ void gaa_help(void)
__gaa_helpsingle(0, "infile", "FILE ", "Input file.");
__gaa_helpsingle(0, "template", "FILE ", "Template file to use for non
interactive operation.");
__gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs
operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
- __gaa_helpsingle(0, "p11-provider", "Library ", "Specify the pkcs11
provider library");
- __gaa_helpsingle(0, "p11-export-url", "URL ", "Export data specified a
pkcs11 URL");
- __gaa_helpsingle(0, "p11-list-certs", "", "List certificates that have
a private key specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-privkeys", "", "List private keys
specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-trusted", "", "List certificates marked
as trusted, specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-all-certs", "", "List all certificates
specified by a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-all", "", "List all objects specified by
a PKCS#11 URL");
- __gaa_helpsingle(0, "p11-list-tokens", "", "List all available tokens");
- __gaa_helpsingle(0, "p11-login", "", "Force login to token");
- __gaa_helpsingle(0, "p11-write", "URL ", "Writes loaded certificates or
private keys to a PKCS11 token.");
- __gaa_helpsingle(0, "p11-write-label", "label ", "Sets a label for the
write operation.");
- __gaa_helpsingle(0, "p11-write-trusted", "", "Marks the certificate to
be imported as trusted.");
- __gaa_helpsingle(0, "p11-detailed-url", "", "Export detailed URLs.");
- __gaa_helpsingle(0, "p11-delete-url", "URL ", "Deletes objects matching
the URL.");
__gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level.
Default is 1.");
__gaa_helpsingle('h', "help", "", "shows this help text");
__gaa_helpsingle('v', "version", "", "shows the program's version");
@@ -211,71 +196,57 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
int debug;
-#line 164 "certtool.gaa"
- int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
- int pkcs11_trusted;
-#line 158 "certtool.gaa"
- char* pkcs11_label;
-#line 155 "certtool.gaa"
- int pkcs11_login;
-#line 147 "certtool.gaa"
- int pkcs11_type;
-#line 144 "certtool.gaa"
- char* pkcs11_url;
-#line 141 "certtool.gaa"
- char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
char *privkey;
-#line 18 "certtool.gaa"
- int action;
#line 17 "certtool.gaa"
+ int action;
+#line 16 "certtool.gaa"
int privkey_op;
#line 114 "gaa.skel"
@@ -331,74 +302,60 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 67
+#define GAA_NB_OPTION 53
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_debug 3
-#define GAAOPTID_p11_delete_url 4
-#define GAAOPTID_p11_detailed_url 5
-#define GAAOPTID_p11_write_trusted 6
-#define GAAOPTID_p11_write_label 7
-#define GAAOPTID_p11_write 8
-#define GAAOPTID_p11_login 9
-#define GAAOPTID_p11_list_tokens 10
-#define GAAOPTID_p11_list_all 11
-#define GAAOPTID_p11_list_all_certs 12
-#define GAAOPTID_p11_list_trusted 13
-#define GAAOPTID_p11_list_privkeys 14
-#define GAAOPTID_p11_list_certs 15
-#define GAAOPTID_p11_export_url 16
-#define GAAOPTID_p11_provider 17
-#define GAAOPTID_pkcs_cipher 18
-#define GAAOPTID_template 19
-#define GAAOPTID_infile 20
-#define GAAOPTID_outfile 21
-#define GAAOPTID_disable_quick_random 22
-#define GAAOPTID_sec_param 23
-#define GAAOPTID_bits 24
-#define GAAOPTID_outraw 25
-#define GAAOPTID_outder 26
-#define GAAOPTID_inraw 27
-#define GAAOPTID_inder 28
-#define GAAOPTID_export_ciphers 29
-#define GAAOPTID_hash 30
-#define GAAOPTID_dsa 31
-#define GAAOPTID_pkcs8 32
-#define GAAOPTID_to_p8 33
-#define GAAOPTID_to_p12 34
-#define GAAOPTID_v1 35
-#define GAAOPTID_fix_key 36
-#define GAAOPTID_pubkey_info 37
-#define GAAOPTID_pgp_key_info 38
-#define GAAOPTID_key_info 39
-#define GAAOPTID_smime_to_p7 40
-#define GAAOPTID_p7_info 41
-#define GAAOPTID_p12_info 42
-#define GAAOPTID_no_crq_extensions 43
-#define GAAOPTID_crq_info 44
-#define GAAOPTID_crl_info 45
-#define GAAOPTID_pgp_ring_info 46
-#define GAAOPTID_pgp_certificate_info 47
-#define GAAOPTID_certificate_pubkey 48
-#define GAAOPTID_certificate_info 49
-#define GAAOPTID_password 50
-#define GAAOPTID_load_ca_certificate 51
-#define GAAOPTID_load_ca_privkey 52
-#define GAAOPTID_load_certificate 53
-#define GAAOPTID_load_request 54
-#define GAAOPTID_load_pubkey 55
-#define GAAOPTID_load_privkey 56
-#define GAAOPTID_get_dh_params 57
-#define GAAOPTID_generate_dh_params 58
-#define GAAOPTID_verify_crl 59
-#define GAAOPTID_verify_chain 60
-#define GAAOPTID_generate_request 61
-#define GAAOPTID_generate_privkey 62
-#define GAAOPTID_update_certificate 63
-#define GAAOPTID_generate_crl 64
-#define GAAOPTID_generate_proxy 65
-#define GAAOPTID_generate_certificate 66
-#define GAAOPTID_generate_self_signed 67
+#define GAAOPTID_pkcs_cipher 4
+#define GAAOPTID_template 5
+#define GAAOPTID_infile 6
+#define GAAOPTID_outfile 7
+#define GAAOPTID_disable_quick_random 8
+#define GAAOPTID_sec_param 9
+#define GAAOPTID_bits 10
+#define GAAOPTID_outraw 11
+#define GAAOPTID_outder 12
+#define GAAOPTID_inraw 13
+#define GAAOPTID_inder 14
+#define GAAOPTID_export_ciphers 15
+#define GAAOPTID_hash 16
+#define GAAOPTID_dsa 17
+#define GAAOPTID_pkcs8 18
+#define GAAOPTID_to_p8 19
+#define GAAOPTID_to_p12 20
+#define GAAOPTID_v1 21
+#define GAAOPTID_fix_key 22
+#define GAAOPTID_pubkey_info 23
+#define GAAOPTID_pgp_key_info 24
+#define GAAOPTID_key_info 25
+#define GAAOPTID_smime_to_p7 26
+#define GAAOPTID_p7_info 27
+#define GAAOPTID_p12_info 28
+#define GAAOPTID_no_crq_extensions 29
+#define GAAOPTID_crq_info 30
+#define GAAOPTID_crl_info 31
+#define GAAOPTID_pgp_ring_info 32
+#define GAAOPTID_pgp_certificate_info 33
+#define GAAOPTID_certificate_pubkey 34
+#define GAAOPTID_certificate_info 35
+#define GAAOPTID_password 36
+#define GAAOPTID_load_ca_certificate 37
+#define GAAOPTID_load_ca_privkey 38
+#define GAAOPTID_load_certificate 39
+#define GAAOPTID_load_request 40
+#define GAAOPTID_load_pubkey 41
+#define GAAOPTID_load_privkey 42
+#define GAAOPTID_get_dh_params 43
+#define GAAOPTID_generate_dh_params 44
+#define GAAOPTID_verify_crl 45
+#define GAAOPTID_verify_chain 46
+#define GAAOPTID_generate_request 47
+#define GAAOPTID_generate_privkey 48
+#define GAAOPTID_update_certificate 49
+#define GAAOPTID_generate_crl 50
+#define GAAOPTID_generate_proxy 51
+#define GAAOPTID_generate_certificate 52
+#define GAAOPTID_generate_self_signed 53
#line 168 "gaa.skel"
@@ -591,36 +548,6 @@ struct GAAOPTION_debug
int size1;
};
-struct GAAOPTION_p11_delete_url
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_write_label
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_write
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_export_url
-{
- char* arg1;
- int size1;
-};
-
-struct GAAOPTION_p11_provider
-{
- char* arg1;
- int size1;
-};
-
struct GAAOPTION_pkcs_cipher
{
char* arg1;
@@ -735,11 +662,6 @@ static int gaa_get_option_num(char *str, int status)
{
case GAA_LETTER_OPTION:
GAA_CHECK1STR("d", GAAOPTID_debug);
- GAA_CHECK1STR("", GAAOPTID_p11_delete_url);
- GAA_CHECK1STR("", GAAOPTID_p11_write_label);
- GAA_CHECK1STR("", GAAOPTID_p11_write);
- GAA_CHECK1STR("", GAAOPTID_p11_export_url);
- GAA_CHECK1STR("", GAAOPTID_p11_provider);
GAA_CHECK1STR("", GAAOPTID_pkcs_cipher);
GAA_CHECK1STR("", GAAOPTID_template);
GAA_CHECK1STR("", GAAOPTID_infile);
@@ -758,15 +680,6 @@ static int gaa_get_option_num(char *str, int status)
#line 375 "gaa.skel"
GAA_CHECK1STR("v", GAAOPTID_version);
GAA_CHECK1STR("h", GAAOPTID_help);
- GAA_CHECK1STR("", GAAOPTID_p11_detailed_url);
- GAA_CHECK1STR("", GAAOPTID_p11_write_trusted);
- GAA_CHECK1STR("", GAAOPTID_p11_login);
- GAA_CHECK1STR("", GAAOPTID_p11_list_tokens);
- GAA_CHECK1STR("", GAAOPTID_p11_list_all);
- GAA_CHECK1STR("", GAAOPTID_p11_list_all_certs);
- GAA_CHECK1STR("", GAAOPTID_p11_list_trusted);
- GAA_CHECK1STR("", GAAOPTID_p11_list_privkeys);
- GAA_CHECK1STR("", GAAOPTID_p11_list_certs);
GAA_CHECK1STR("", GAAOPTID_disable_quick_random);
GAA_CHECK1STR("", GAAOPTID_outraw);
GAA_CHECK1STR("", GAAOPTID_outder);
@@ -810,20 +723,6 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("version", GAAOPTID_version);
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("debug", GAAOPTID_debug);
- GAA_CHECKSTR("p11-delete-url", GAAOPTID_p11_delete_url);
- GAA_CHECKSTR("p11-detailed-url",
GAAOPTID_p11_detailed_url);
- GAA_CHECKSTR("p11-write-trusted",
GAAOPTID_p11_write_trusted);
- GAA_CHECKSTR("p11-write-label",
GAAOPTID_p11_write_label);
- GAA_CHECKSTR("p11-write", GAAOPTID_p11_write);
- GAA_CHECKSTR("p11-login", GAAOPTID_p11_login);
- GAA_CHECKSTR("p11-list-tokens",
GAAOPTID_p11_list_tokens);
- GAA_CHECKSTR("p11-list-all", GAAOPTID_p11_list_all);
- GAA_CHECKSTR("p11-list-all-certs",
GAAOPTID_p11_list_all_certs);
- GAA_CHECKSTR("p11-list-trusted",
GAAOPTID_p11_list_trusted);
- GAA_CHECKSTR("p11-list-privkeys",
GAAOPTID_p11_list_privkeys);
- GAA_CHECKSTR("p11-list-certs", GAAOPTID_p11_list_certs);
- GAA_CHECKSTR("p11-export-url", GAAOPTID_p11_export_url);
- GAA_CHECKSTR("p11-provider", GAAOPTID_p11_provider);
GAA_CHECKSTR("pkcs-cipher", GAAOPTID_pkcs_cipher);
GAA_CHECKSTR("template", GAAOPTID_template);
GAA_CHECKSTR("infile", GAAOPTID_infile);
@@ -887,11 +786,6 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
int OK = 0;
int gaa_last_non_option;
struct GAAOPTION_debug GAATMP_debug;
- struct GAAOPTION_p11_delete_url GAATMP_p11_delete_url;
- struct GAAOPTION_p11_write_label GAATMP_p11_write_label;
- struct GAAOPTION_p11_write GAATMP_p11_write;
- struct GAAOPTION_p11_export_url GAATMP_p11_export_url;
- struct GAAOPTION_p11_provider GAATMP_p11_provider;
struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher;
struct GAAOPTION_template GAATMP_template;
struct GAAOPTION_infile GAATMP_infile;
@@ -928,14 +822,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 174 "certtool.gaa"
+#line 145 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 172 "certtool.gaa"
+#line 143 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -945,130 +839,17 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 170 "certtool.gaa"
+#line 141 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
break;
- case GAAOPTID_p11_delete_url:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_delete_url.arg1, gaa_getstr,
GAATMP_p11_delete_url.size1);
- gaa_index++;
-#line 167 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url =
GAATMP_p11_delete_url.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_detailed_url:
- OK = 0;
-#line 165 "certtool.gaa"
-{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write_trusted:
- OK = 0;
-#line 162 "certtool.gaa"
-{ gaaval->pkcs11_trusted = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write_label:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_write_label.arg1, gaa_getstr,
GAATMP_p11_write_label.size1);
- gaa_index++;
-#line 160 "certtool.gaa"
-{ gaaval->pkcs11_label = GAATMP_p11_write_label.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_write:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_write.arg1, gaa_getstr,
GAATMP_p11_write.size1);
- gaa_index++;
-#line 159 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url =
GAATMP_p11_write.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_login:
- OK = 0;
-#line 156 "certtool.gaa"
-{ gaaval->pkcs11_login = 1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_tokens:
- OK = 0;
-#line 153 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_all:
- OK = 0;
-#line 152 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_all_certs:
- OK = 0;
-#line 151 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_trusted:
- OK = 0;
-#line 150 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_privkeys:
- OK = 0;
-#line 149 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_list_certs:
- OK = 0;
-#line 148 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_export_url:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_export_url.arg1, gaa_getstr,
GAATMP_p11_export_url.size1);
- gaa_index++;
-#line 145 "certtool.gaa"
-{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url =
GAATMP_p11_export_url.arg1; ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_p11_provider:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_p11_provider.arg1, gaa_getstr,
GAATMP_p11_provider.size1);
- gaa_index++;
-#line 142 "certtool.gaa"
-{ gaaval->pkcs11_provider = GAATMP_p11_provider.arg1 ;};
-
- return GAA_OK;
- break;
case GAAOPTID_pkcs_cipher:
OK = 0;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr,
GAATMP_pkcs_cipher.size1);
gaa_index++;
-#line 139 "certtool.gaa"
+#line 138 "certtool.gaa"
{ gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
return GAA_OK;
@@ -1078,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_template.arg1, gaa_getstr,
GAATMP_template.size1);
gaa_index++;
-#line 136 "certtool.gaa"
+#line 135 "certtool.gaa"
{ gaaval->template = GAATMP_template.arg1 ;};
return GAA_OK;
@@ -1088,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
gaa_index++;
-#line 133 "certtool.gaa"
+#line 132 "certtool.gaa"
{ gaaval->infile = GAATMP_infile.arg1 ;};
return GAA_OK;
@@ -1098,14 +879,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 130 "certtool.gaa"
+#line 129 "certtool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_disable_quick_random:
OK = 0;
-#line 127 "certtool.gaa"
+#line 126 "certtool.gaa"
{ gaaval->quick_random = 0; ;};
return GAA_OK;
@@ -1115,7 +896,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr,
GAATMP_sec_param.size1);
gaa_index++;
-#line 124 "certtool.gaa"
+#line 123 "certtool.gaa"
{ gaaval->sec_param = GAATMP_sec_param.arg1 ;};
return GAA_OK;
@@ -1125,42 +906,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
gaa_index++;
-#line 121 "certtool.gaa"
+#line 120 "certtool.gaa"
{ gaaval->bits = GAATMP_bits.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_outraw:
OK = 0;
-#line 118 "certtool.gaa"
+#line 117 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_outder:
OK = 0;
-#line 117 "certtool.gaa"
+#line 116 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inraw:
OK = 0;
-#line 114 "certtool.gaa"
+#line 113 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 113 "certtool.gaa"
+#line 112 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_export_ciphers:
OK = 0;
-#line 110 "certtool.gaa"
+#line 109 "certtool.gaa"
{ gaaval->export=1 ;};
return GAA_OK;
@@ -1170,140 +951,140 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
gaa_index++;
-#line 107 "certtool.gaa"
+#line 106 "certtool.gaa"
{ gaaval->hash = GAATMP_hash.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_dsa:
OK = 0;
-#line 104 "certtool.gaa"
+#line 103 "certtool.gaa"
{ gaaval->dsa=1 ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 101 "certtool.gaa"
+#line 100 "certtool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
break;
case GAAOPTID_to_p8:
OK = 0;
-#line 98 "certtool.gaa"
+#line 97 "certtool.gaa"
{ gaaval->action = ACTION_GENERATE_PKCS8; ;};
return GAA_OK;
break;
case GAAOPTID_to_p12:
OK = 0;
-#line 96 "certtool.gaa"
+#line 95 "certtool.gaa"
{ gaaval->action = ACTION_TO_PKCS12; ;};
return GAA_OK;
break;
case GAAOPTID_v1:
OK = 0;
-#line 94 "certtool.gaa"
+#line 93 "certtool.gaa"
{ gaaval->v1_cert = 1; ;};
return GAA_OK;
break;
case GAAOPTID_fix_key:
OK = 0;
-#line 91 "certtool.gaa"
+#line 90 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->fix_key = 1; ;};
return GAA_OK;
break;
case GAAOPTID_pubkey_info:
OK = 0;
-#line 88 "certtool.gaa"
+#line 87 "certtool.gaa"
{ gaaval->action = ACTION_PUBKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_key_info:
OK = 0;
-#line 86 "certtool.gaa"
+#line 85 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_key_info:
OK = 0;
-#line 84 "certtool.gaa"
+#line 83 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_smime_to_p7:
OK = 0;
-#line 80 "certtool.gaa"
+#line 79 "certtool.gaa"
{ gaaval->action = ACTION_SMIME_TO_P7; ;};
return GAA_OK;
break;
case GAAOPTID_p7_info:
OK = 0;
-#line 78 "certtool.gaa"
+#line 77 "certtool.gaa"
{ gaaval->action = ACTION_P7_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_p12_info:
OK = 0;
-#line 76 "certtool.gaa"
+#line 75 "certtool.gaa"
{ gaaval->action = ACTION_PKCS12_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_no_crq_extensions:
OK = 0;
-#line 74 "certtool.gaa"
+#line 73 "certtool.gaa"
{ gaaval->crq_extensions = 0; ;};
return GAA_OK;
break;
case GAAOPTID_crq_info:
OK = 0;
-#line 71 "certtool.gaa"
+#line 70 "certtool.gaa"
{ gaaval->action = ACTION_REQUEST; ;};
return GAA_OK;
break;
case GAAOPTID_crl_info:
OK = 0;
-#line 69 "certtool.gaa"
+#line 68 "certtool.gaa"
{ gaaval->action = ACTION_CRL_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_ring_info:
OK = 0;
-#line 67 "certtool.gaa"
+#line 66 "certtool.gaa"
{ gaaval->action = ACTION_RING_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_certificate_info:
OK = 0;
-#line 65 "certtool.gaa"
+#line 64 "certtool.gaa"
{ gaaval->action = ACTION_PGP_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_pubkey:
OK = 0;
-#line 63 "certtool.gaa"
+#line 62 "certtool.gaa"
{ gaaval->action = ACTION_CERT_PUBKEY; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_info:
OK = 0;
-#line 61 "certtool.gaa"
+#line 60 "certtool.gaa"
{ gaaval->action = ACTION_CERT_INFO; ;};
return GAA_OK;
@@ -1313,7 +1094,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_password.arg1, gaa_getstr,
GAATMP_password.size1);
gaa_index++;
-#line 59 "certtool.gaa"
+#line 58 "certtool.gaa"
{ gaaval->pass = GAATMP_password.arg1 ;};
return GAA_OK;
@@ -1323,7 +1104,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr,
GAATMP_load_ca_certificate.size1);
gaa_index++;
-#line 56 "certtool.gaa"
+#line 55 "certtool.gaa"
{ gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
return GAA_OK;
@@ -1333,7 +1114,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr,
GAATMP_load_ca_privkey.size1);
gaa_index++;
-#line 53 "certtool.gaa"
+#line 52 "certtool.gaa"
{ gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
return GAA_OK;
@@ -1343,7 +1124,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
gaa_index++;
-#line 50 "certtool.gaa"
+#line 49 "certtool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
@@ -1353,7 +1134,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_request.arg1, gaa_getstr,
GAATMP_load_request.size1);
gaa_index++;
-#line 47 "certtool.gaa"
+#line 46 "certtool.gaa"
{ gaaval->request = GAATMP_load_request.arg1 ;};
return GAA_OK;
@@ -1363,7 +1144,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
gaa_index++;
-#line 44 "certtool.gaa"
+#line 43 "certtool.gaa"
{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
@@ -1373,84 +1154,84 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
gaa_index++;
-#line 41 "certtool.gaa"
+#line 40 "certtool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_get_dh_params:
OK = 0;
-#line 38 "certtool.gaa"
+#line 37 "certtool.gaa"
{ gaaval->action=ACTION_GET_DH; ;};
return GAA_OK;
break;
case GAAOPTID_generate_dh_params:
OK = 0;
-#line 37 "certtool.gaa"
+#line 36 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_DH; ;};
return GAA_OK;
break;
case GAAOPTID_verify_crl:
OK = 0;
-#line 35 "certtool.gaa"
+#line 34 "certtool.gaa"
{ gaaval->action=ACTION_VERIFY_CRL; ;};
return GAA_OK;
break;
case GAAOPTID_verify_chain:
OK = 0;
-#line 33 "certtool.gaa"
+#line 32 "certtool.gaa"
{ gaaval->action=ACTION_VERIFY_CHAIN; ;};
return GAA_OK;
break;
case GAAOPTID_generate_request:
OK = 0;
-#line 31 "certtool.gaa"
+#line 30 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_REQUEST; ;};
return GAA_OK;
break;
case GAAOPTID_generate_privkey:
OK = 0;
-#line 29 "certtool.gaa"
+#line 28 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_PRIVKEY; ;};
return GAA_OK;
break;
case GAAOPTID_update_certificate:
OK = 0;
-#line 27 "certtool.gaa"
+#line 26 "certtool.gaa"
{ gaaval->action=ACTION_UPDATE_CERTIFICATE; ;};
return GAA_OK;
break;
case GAAOPTID_generate_crl:
OK = 0;
-#line 25 "certtool.gaa"
+#line 24 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_CRL; ;};
return GAA_OK;
break;
case GAAOPTID_generate_proxy:
OK = 0;
-#line 23 "certtool.gaa"
+#line 22 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_PROXY; ;};
return GAA_OK;
break;
case GAAOPTID_generate_certificate:
OK = 0;
-#line 21 "certtool.gaa"
+#line 20 "certtool.gaa"
{ gaaval->action=ACTION_GENERATE_CERTIFICATE; ;};
return GAA_OK;
break;
case GAAOPTID_generate_self_signed:
OK = 0;
-#line 19 "certtool.gaa"
+#line 18 "certtool.gaa"
{ gaaval->action=ACTION_SELF_SIGNED; ;};
return GAA_OK;
@@ -1479,14 +1260,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 176 "certtool.gaa"
+#line 147 "certtool.gaa"
{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL;
gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL;
gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0;
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL;
gaaval->fix_key = 0; gaaval->quick_random=1;
- gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128";
gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
- gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK;
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
- gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL;
gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; ;};
+ gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128";
gaaval->crq_extensions=1; ;};
}
inited = 1;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 49cb225..4e02a41 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,71 +8,57 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 169 "certtool.gaa"
+#line 140 "certtool.gaa"
int debug;
-#line 164 "certtool.gaa"
- int pkcs11_detailed_url;
-#line 161 "certtool.gaa"
- int pkcs11_trusted;
-#line 158 "certtool.gaa"
- char* pkcs11_label;
-#line 155 "certtool.gaa"
- int pkcs11_login;
-#line 147 "certtool.gaa"
- int pkcs11_type;
-#line 144 "certtool.gaa"
- char* pkcs11_url;
-#line 141 "certtool.gaa"
- char* pkcs11_provider;
-#line 138 "certtool.gaa"
+#line 137 "certtool.gaa"
char *pkcs_cipher;
-#line 135 "certtool.gaa"
+#line 134 "certtool.gaa"
char *template;
-#line 132 "certtool.gaa"
+#line 131 "certtool.gaa"
char *infile;
-#line 129 "certtool.gaa"
+#line 128 "certtool.gaa"
char *outfile;
-#line 126 "certtool.gaa"
+#line 125 "certtool.gaa"
int quick_random;
-#line 123 "certtool.gaa"
+#line 122 "certtool.gaa"
char* sec_param;
-#line 120 "certtool.gaa"
+#line 119 "certtool.gaa"
int bits;
-#line 116 "certtool.gaa"
+#line 115 "certtool.gaa"
int outcert_format;
-#line 112 "certtool.gaa"
+#line 111 "certtool.gaa"
int incert_format;
-#line 109 "certtool.gaa"
+#line 108 "certtool.gaa"
int export;
-#line 106 "certtool.gaa"
+#line 105 "certtool.gaa"
char *hash;
-#line 103 "certtool.gaa"
+#line 102 "certtool.gaa"
int dsa;
-#line 100 "certtool.gaa"
+#line 99 "certtool.gaa"
int pkcs8;
-#line 93 "certtool.gaa"
+#line 92 "certtool.gaa"
int v1_cert;
-#line 90 "certtool.gaa"
+#line 89 "certtool.gaa"
int fix_key;
-#line 73 "certtool.gaa"
+#line 72 "certtool.gaa"
int crq_extensions;
-#line 58 "certtool.gaa"
+#line 57 "certtool.gaa"
char *pass;
-#line 55 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca;
-#line 52 "certtool.gaa"
+#line 51 "certtool.gaa"
char *ca_privkey;
-#line 49 "certtool.gaa"
+#line 48 "certtool.gaa"
char *cert;
-#line 46 "certtool.gaa"
+#line 45 "certtool.gaa"
char *request;
-#line 43 "certtool.gaa"
+#line 42 "certtool.gaa"
char *pubkey;
-#line 40 "certtool.gaa"
+#line 39 "certtool.gaa"
char *privkey;
-#line 18 "certtool.gaa"
- int action;
#line 17 "certtool.gaa"
+ int action;
+#line 16 "certtool.gaa"
int privkey_op;
#line 114 "gaa.skel"
diff --git a/src/certtool.c b/src/certtool.c
index a437698..5669195 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -56,21 +56,20 @@ void pkcs7_info (void);
void crq_info (void);
void smime_to_pkcs7 (void);
void pkcs12_info (void);
-void generate_pkcs12 (void);
-void generate_pkcs8 (void);
+void generate_pkcs12 (common_info_st*);
+void generate_pkcs8 (common_info_st*);
void verify_chain (void);
-void verify_crl (void);
-void pubkey_info (gnutls_x509_crt crt);
+void verify_crl (common_info_st* cinfo);
+void pubkey_info (gnutls_x509_crt crt, common_info_st*);
void pgp_privkey_info (void);
void pgp_ring_info (void);
-void certificate_info (int);
+void certificate_info (int, common_info_st*);
void pgp_certificate_info (void);
void crl_info (void);
void privkey_info (void);
static void gaa_parser (int argc, char **argv);
-void generate_self_signed (void);
-void generate_request (void);
-gnutls_x509_crt_t *load_cert_list (int mand, size_t * size);
+void generate_self_signed (common_info_st*);
+void generate_request (common_info_st* );
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
unsigned int all);
@@ -85,8 +84,6 @@ gnutls_digest_algorithm_t default_dig;
*/
int batch;
-unsigned char buffer[64 * 1024];
-const int buffer_size = sizeof (buffer);
static void
tls_log_func (int level, const char *str)
@@ -316,7 +313,7 @@ print_private_key (gnutls_x509_privkey_t key)
if (!info.pkcs8)
{
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_privkey_export (key, info.outcert_format,
buffer, &size);
if (ret < 0)
@@ -335,7 +332,7 @@ print_private_key (gnutls_x509_privkey_t key)
if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
flags = GNUTLS_PKCS_PLAIN;
- size = sizeof (buffer);
+ size = buffer_size;
ret =
gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass,
flags, buffer, &size);
@@ -362,7 +359,7 @@ generate_private_key (void)
static gnutls_x509_crt_t
generate_certificate (gnutls_x509_privkey_t * ret_key,
- gnutls_x509_crt_t ca_crt, int proxy)
+ gnutls_x509_crt_t ca_crt, int proxy, common_info_st*
cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key = NULL;
@@ -378,12 +375,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
if (ret < 0)
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
- crq = load_request ();
+ crq = load_request (cinfo);
if (crq == NULL)
{
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
if (!batch)
fprintf (stderr,
@@ -639,7 +636,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
/* Subject Key ID.
*/
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size);
if (result >= 0)
{
@@ -653,12 +650,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
*/
if (ca_crt != NULL)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
&size, NULL);
if (result < 0)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
}
if (result >= 0)
@@ -688,7 +685,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key,
}
static gnutls_x509_crl_t
-generate_crl (gnutls_x509_crt_t ca_crt)
+generate_crl (gnutls_x509_crt_t ca_crt, common_info_st* cinfo)
{
gnutls_x509_crl_t crl;
gnutls_x509_crt_t *crts;
@@ -701,7 +698,7 @@ generate_crl (gnutls_x509_crt_t ca_crt)
if (result < 0)
error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result));
- crts = load_cert_list (0, &size);
+ crts = load_cert_list (0, &size, cinfo);
for (i = 0; i < size; i++)
{
@@ -729,12 +726,12 @@ generate_crl (gnutls_x509_crt_t ca_crt)
*/
if (ca_crt != NULL)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer,
&size, NULL);
if (result < 0)
{
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size);
}
if (result >= 0)
@@ -786,7 +783,7 @@ get_dig (gnutls_x509_crt crt)
}
void
-generate_self_signed (void)
+generate_self_signed (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
@@ -796,10 +793,10 @@ generate_self_signed (void)
fprintf (stderr, "Generating a self signed certificate...\n");
- crt = generate_certificate (&key, NULL, 0);
+ crt = generate_certificate (&key, NULL, 0, cinfo);
if (!key)
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
uri = get_crl_dist_point_url ();
if (uri)
@@ -820,7 +817,7 @@ generate_self_signed (void)
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -832,7 +829,7 @@ generate_self_signed (void)
}
static void
-generate_signed_certificate (void)
+generate_signed_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
gnutls_x509_privkey_t key;
@@ -843,10 +840,10 @@ generate_signed_certificate (void)
fprintf (stderr, "Generating a signed certificate...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
- crt = generate_certificate (&key, ca_crt, 0);
+ crt = generate_certificate (&key, ca_crt, 0, cinfo);
/* Copy the CRL distribution points.
*/
@@ -862,7 +859,7 @@ generate_signed_certificate (void)
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -874,7 +871,7 @@ generate_signed_certificate (void)
}
static void
-generate_proxy_certificate (void)
+generate_proxy_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt, eecrt;
gnutls_x509_privkey_t key, eekey;
@@ -883,10 +880,10 @@ generate_proxy_certificate (void)
fprintf (stderr, "Generating a proxy certificate...\n");
- eekey = load_ca_private_key ();
- eecrt = load_cert (1);
+ eekey = load_ca_private_key (cinfo);
+ eecrt = load_cert (1, cinfo);
- crt = generate_certificate (&key, eecrt, 1);
+ crt = generate_certificate (&key, eecrt, 1, cinfo);
print_certificate_info (crt, stderr, 0);
@@ -896,7 +893,7 @@ generate_proxy_certificate (void)
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -908,7 +905,7 @@ generate_proxy_certificate (void)
}
static void
-generate_signed_crl (void)
+generate_signed_crl (common_info_st* cinfo)
{
gnutls_x509_crl_t crl;
int result;
@@ -917,9 +914,9 @@ generate_signed_crl (void)
fprintf (stderr, "Generating a signed CRL...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
- crl = generate_crl (ca_crt);
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
+ crl = generate_crl (ca_crt, cinfo);
fprintf (stderr, "\n");
@@ -933,7 +930,7 @@ generate_signed_crl (void)
}
static void
-update_signed_certificate (void)
+update_signed_certificate (common_info_st* cinfo)
{
gnutls_x509_crt_t crt;
size_t size;
@@ -945,9 +942,9 @@ update_signed_certificate (void)
fprintf (stderr, "Generating a signed certificate...\n");
- ca_key = load_ca_private_key ();
- ca_crt = load_ca_cert ();
- crt = load_cert (1);
+ ca_key = load_ca_private_key (cinfo);
+ ca_crt = load_ca_cert (cinfo);
+ crt = load_cert (1, cinfo);
fprintf (stderr, "Activation/Expiration time.\n");
gnutls_x509_crt_set_activation_time (crt, tim);
@@ -965,7 +962,7 @@ update_signed_certificate (void)
if (result < 0)
error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
@@ -975,31 +972,11 @@ update_signed_certificate (void)
gnutls_x509_crt_deinit (crt);
}
-static FILE *
-safe_open_rw (const char *file)
-{
- mode_t omask = 0;
- FILE *fh;
-
- if (info.privkey_op != 0)
- {
- omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
- }
-
- fh = fopen (file, "wb");
-
- if (info.privkey_op != 0)
- {
- umask (omask);
- }
-
- return fh;
-}
-
void
gaa_parser (int argc, char **argv)
{
int ret;
+ common_info_st cinfo;
if (gaa (argc, argv, &info) != -1)
{
@@ -1010,7 +987,7 @@ gaa_parser (int argc, char **argv)
if (info.outfile)
{
- outfile = safe_open_rw (info.outfile);
+ outfile = safe_open_rw (info.outfile, info.privkey_op);
if (outfile == NULL)
error (EXIT_FAILURE, errno, "%s", info.outfile);
}
@@ -1076,49 +1053,38 @@ gaa_parser (int argc, char **argv)
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
- if (info.pkcs11_provider != NULL)
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- else
- {
- ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
- gnutls_strerror (ret));
- }
- }
- else
- {
- ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
- if (ret < 0)
- fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
- }
-
-
if ((ret = gnutls_global_init_extra ()) < 0)
error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret));
+ memset(&cinfo, 0, sizeof(cinfo));
+ cinfo.privkey = info.privkey;
+ cinfo.pubkey = info.pubkey;
+ cinfo.pkcs8 = info.pkcs8;
+ cinfo.incert_format = info.incert_format;
+ cinfo.cert = info.cert;
+ cinfo.request = info.request;
+ cinfo.ca = info.ca;
+ cinfo.ca_privkey = info.ca_privkey;
+
switch (info.action)
{
case ACTION_SELF_SIGNED:
- generate_self_signed ();
+ generate_self_signed (&cinfo);
break;
case ACTION_GENERATE_PRIVKEY:
generate_private_key ();
break;
case ACTION_CERT_INFO:
- certificate_info (0);
+ certificate_info (0, &cinfo);
break;
case ACTION_CERT_PUBKEY:
- certificate_info (1);
+ certificate_info (1, &cinfo);
break;
case ACTION_GENERATE_REQUEST:
- generate_request ();
+ generate_request (&cinfo);
break;
case ACTION_GENERATE_CERTIFICATE:
- generate_signed_certificate ();
+ generate_signed_certificate (&cinfo);
break;
case ACTION_VERIFY_CHAIN:
verify_chain ();
@@ -1127,13 +1093,13 @@ gaa_parser (int argc, char **argv)
privkey_info ();
break;
case ACTION_PUBKEY_INFO:
- pubkey_info (NULL);
+ pubkey_info (NULL, &cinfo);
break;
case ACTION_UPDATE_CERTIFICATE:
- update_signed_certificate ();
+ update_signed_certificate (&cinfo);
break;
case ACTION_TO_PKCS12:
- generate_pkcs12 ();
+ generate_pkcs12 (&cinfo);
break;
case ACTION_PKCS12_INFO:
pkcs12_info ();
@@ -1151,36 +1117,19 @@ gaa_parser (int argc, char **argv)
pkcs7_info ();
break;
case ACTION_GENERATE_CRL:
- generate_signed_crl ();
+ generate_signed_crl (&cinfo);
break;
case ACTION_VERIFY_CRL:
- verify_crl ();
+ verify_crl (&cinfo);
break;
case ACTION_SMIME_TO_P7:
smime_to_pkcs7 ();
break;
case ACTION_GENERATE_PROXY:
- generate_proxy_certificate ();
+ generate_proxy_certificate (&cinfo);
break;
case ACTION_GENERATE_PKCS8:
- generate_pkcs8 ();
- break;
- case ACTION_PKCS11_LIST:
- pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
- info.pkcs11_login, info.pkcs11_detailed_url);
- break;
- case ACTION_PKCS11_TOKENS:
- pkcs11_token_list (outfile, info.pkcs11_detailed_url);
- break;
- case ACTION_PKCS11_EXPORT_URL:
- pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login);
- break;
- case ACTION_PKCS11_WRITE_URL:
- pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
- info.pkcs11_trusted, info.pkcs11_login);
- break;
- case ACTION_PKCS11_DELETE_URL:
- pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login);
+ generate_pkcs8 (&cinfo);
break;
#ifdef ENABLE_OPENPGP
case ACTION_PGP_INFO:
@@ -1208,7 +1157,7 @@ gaa_parser (int argc, char **argv)
#define MAX_CRTS 500
void
-certificate_info (int pubkey)
+certificate_info (int pubkey, common_info_st* cinfo)
{
gnutls_x509_crt_t crt[MAX_CRTS];
size_t size;
@@ -1253,7 +1202,7 @@ certificate_info (int pubkey)
if (info.outcert_format == GNUTLS_X509_FMT_PEM)
print_certificate_info (crt[i], outfile, 1);
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer,
&size);
if (ret < 0)
@@ -1262,7 +1211,7 @@ certificate_info (int pubkey)
fwrite (buffer, 1, size, outfile);
if (pubkey)
- pubkey_info (crt[i]);
+ pubkey_info (crt[i], cinfo);
gnutls_x509_crt_deinit (crt[i]);
}
@@ -1322,7 +1271,7 @@ pgp_certificate_info (void)
verify_status);
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size);
if (ret < 0)
{
@@ -1344,7 +1293,7 @@ pgp_privkey_info (void)
gnutls_datum_t pem;
const char *cprint;
- size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+ size = fread (buffer, 1, buffer_size - 1, infile);
buffer[size] = 0;
gnutls_openpgp_privkey_init (&key);
@@ -1428,7 +1377,7 @@ pgp_privkey_info (void)
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if (i == -1)
ret = gnutls_openpgp_privkey_get_key_id (key, keyid);
else
@@ -1446,7 +1395,7 @@ pgp_privkey_info (void)
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
NULL, 0, buffer, &size);
if (ret < 0)
@@ -1493,7 +1442,7 @@ pgp_ring_info (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_openpgp_crt_export (crt, info.outcert_format,
buffer, &size);
if (ret < 0)
@@ -1567,7 +1516,7 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out)
gnutls_free (cinfo.data);
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret));
@@ -1623,7 +1572,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
gnutls_free (cinfo.data);
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
@@ -1671,7 +1620,7 @@ privkey_info (void)
const char *cprint;
const char *pass;
- size = fread (buffer, 1, sizeof (buffer) - 1, infile);
+ size = fread (buffer, 1, buffer_size - 1, infile);
buffer[size] = 0;
gnutls_x509_privkey_init (&key);
@@ -1753,7 +1702,7 @@ privkey_info (void)
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
@@ -1771,7 +1720,7 @@ privkey_info (void)
error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret));
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
@@ -1781,308 +1730,11 @@ privkey_info (void)
gnutls_x509_privkey_deinit (key);
}
-/* Load a public key.
- * @mand should be non zero if it is required to read a public key.
- */
-gnutls_pubkey_t
-load_pubkey (int mand)
-{
- gnutls_pubkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.pubkey && !mand)
- return NULL;
-
- if (info.pubkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-pubkey");
-
- ret = gnutls_pubkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.pubkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info.pubkey);
-
- ret = gnutls_pubkey_import (key, &dat, info.incert_format);
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key has the PUBLIC KEY header");
- }
-
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
- info.pubkey, gnutls_strerror (ret));
-
- return key;
-}
-
-
-/* Load the private key.
- * @mand should be non zero if it is required to read a private key.
- */
-gnutls_x509_privkey_t
-load_private_key (int mand)
-{
- gnutls_x509_privkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.privkey && !mand)
- return NULL;
-
- if (info.privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.privkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info.privkey);
-
- if (info.pkcs8)
- {
- const char *pass = get_pass ();
- ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
- pass, 0);
- }
- else
- ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
-
- free (dat.data);
-
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header; "
- "check if your key is PKCS #8 or PKCS #12 encoded");
- }
-
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
- info.privkey, gnutls_strerror (ret));
-
- return key;
-}
-
-/* Load the Certificate Request.
- */
-gnutls_x509_crq_t
-load_request (void)
-{
- gnutls_x509_crq_t crq;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (!info.request)
- return NULL;
-
- ret = gnutls_x509_crq_init (&crq);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.request, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-request: %s", info.request);
-
- ret = gnutls_x509_crq_import (crq, &dat, info.incert_format);
- if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
- {
- error (EXIT_FAILURE, 0,
- "import error: could not find a valid PEM header");
- }
-
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
- info.request, gnutls_strerror (ret));
-
- return crq;
-}
-
-/* Load the CA's private key.
- */
-gnutls_x509_privkey_t
-load_ca_private_key (void)
-{
- gnutls_x509_privkey_t key;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (info.ca_privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
-
- ret = gnutls_x509_privkey_init (&key);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.ca_privkey, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
- info.ca_privkey);
-
- if (info.pkcs8)
- {
- const char *pass = get_pass ();
- ret =
- gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format,
- pass, 0);
- }
- else
- ret = gnutls_x509_privkey_import (key, &dat, info.incert_format);
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s",
- info.ca_privkey, gnutls_strerror (ret));
-
- return key;
-}
-
-/* Loads the CA's certificate
- */
-gnutls_x509_crt_t
-load_ca_cert (void)
-{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t dat;
- size_t size;
-
- if (info.ca == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
- dat.data = read_binary_file (info.ca, &size);
- dat.size = size;
-
- if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info.ca);
-
- ret = gnutls_x509_crt_import (crt, &dat, info.incert_format);
- free (dat.data);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
- info.ca, gnutls_strerror (ret));
-
- return crt;
-}
-
-/* Loads the certificate
- * If mand is non zero then a certificate is mandatory. Otherwise
- * null will be returned if the certificate loading fails.
- */
-gnutls_x509_crt_t
-load_cert (int mand)
-{
- gnutls_x509_crt_t *crt;
- size_t size;
-
- crt = load_cert_list (mand, &size);
-
- return crt ? crt[0] : NULL;
-}
-
-#define MAX_CERTS 256
-
-/* Loads a certificate list
- */
-gnutls_x509_crt_t *
-load_cert_list (int mand, size_t * crt_size)
-{
- FILE *fd;
- static gnutls_x509_crt_t crt[MAX_CERTS];
- char *ptr;
- int ret, i;
- gnutls_datum_t dat;
- size_t size;
- int ptr_size;
-
- *crt_size = 0;
- fprintf (stderr, "Loading certificate list...\n");
-
- if (info.cert == NULL)
- {
- if (mand)
- error (EXIT_FAILURE, 0, "missing --load-certificate");
- else
- return NULL;
- }
-
- fd = fopen (info.cert, "r");
- if (fd == NULL)
- error (EXIT_FAILURE, errno, "%s", info.cert);
-
- size = fread (buffer, 1, sizeof (buffer) - 1, fd);
- buffer[size] = 0;
-
- fclose (fd);
-
- ptr = buffer;
- ptr_size = size;
-
- for (i = 0; i < MAX_CERTS; i++)
- {
- ret = gnutls_x509_crt_init (&crt[i]);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-
- dat.data = ptr;
- dat.size = ptr_size;
-
- ret = gnutls_x509_crt_import (crt[i], &dat, info.incert_format);
- if (ret < 0 && *crt_size > 0)
- break;
- if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
-
- ptr = strstr (ptr, "---END");
- if (ptr == NULL)
- break;
- ptr++;
-
- ptr_size = size;
- ptr_size -=
- (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer);
-
- if (ptr_size < 0)
- break;
-
- (*crt_size)++;
- }
- fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
-
- return crt;
-}
-
/* Generate a PKCS #10 certificate request.
*/
void
-generate_request (void)
+generate_request (common_info_st* cinfo)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t key;
@@ -2098,7 +1750,7 @@ generate_request (void)
/* Load the private key.
*/
- key = load_private_key (0);
+ key = load_private_key (0, cinfo);
if (!key)
{
key = generate_private_key_int ();
@@ -2583,7 +2235,7 @@ verify_chain (void)
}
void
-verify_crl (void)
+verify_crl (common_info_st* cinfo)
{
size_t size, dn_size;
char dn[128];
@@ -2595,7 +2247,7 @@ verify_crl (void)
time_t now = time (0);
gnutls_x509_crt_t issuer;
- issuer = load_ca_cert ();
+ issuer = load_ca_cert (cinfo);
fprintf (outfile, "\nCA certificate:\n");
@@ -2676,7 +2328,7 @@ verify_crl (void)
void
-generate_pkcs8 (void)
+generate_pkcs8 (common_info_st* cinfo)
{
gnutls_x509_privkey_t key;
int result;
@@ -2686,7 +2338,7 @@ generate_pkcs8 (void)
fprintf (stderr, "Generating a PKCS #8 key structure...\n");
- key = load_private_key (1);
+ key = load_private_key (1, cinfo);
if (info.pass)
password = info.pass;
@@ -2703,7 +2355,7 @@ generate_pkcs8 (void)
flags = GNUTLS_PKCS_PLAIN;
}
- size = sizeof (buffer);
+ size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format,
password, flags, buffer, &size);
@@ -2720,7 +2372,7 @@ generate_pkcs8 (void)
#include <unistd.h>
void
-generate_pkcs12 (void)
+generate_pkcs12 (common_info_st* cinfo)
{
gnutls_pkcs12_t pkcs12;
gnutls_x509_crt_t *crts;
@@ -2738,8 +2390,8 @@ generate_pkcs12 (void)
fprintf (stderr, "Generating a PKCS #12 structure...\n");
- key = load_private_key (0);
- crts = load_cert_list (0, &ncrts);
+ key = load_private_key (0, cinfo);
+ crts = load_cert_list (0, &ncrts, cinfo);
name = get_pkcs12_key_name ();
@@ -2813,7 +2465,7 @@ generate_pkcs12 (void)
else
flags = cipher_to_flags (info.pkcs_cipher);
- size = sizeof (buffer);
+ size = buffer_size;
result =
gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
pass, flags, buffer, &size);
@@ -2857,7 +2509,7 @@ generate_pkcs12 (void)
if (result < 0)
error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size);
if (result < 0)
error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
@@ -3076,7 +2728,7 @@ pkcs7_info (void)
{
fputs ("\n", outfile);
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size);
if (result < 0)
break;
@@ -3107,7 +2759,7 @@ pkcs7_info (void)
{
fputs ("\n", outfile);
- size = sizeof (buffer);
+ size = buffer_size;
result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size);
if (result < 0)
break;
@@ -3227,7 +2879,7 @@ print_key_usage (FILE * outfile, unsigned int usage)
}
void
-pubkey_info (gnutls_x509_crt crt)
+pubkey_info (gnutls_x509_crt crt, common_info_st* cinfo)
{
gnutls_pubkey_t pubkey;
unsigned int bits, usage;
@@ -3243,7 +2895,7 @@ pubkey_info (gnutls_x509_crt crt)
if (crt == NULL)
{
- crt = load_cert (0);
+ crt = load_cert (0, cinfo);
}
if (crt != NULL)
@@ -3257,7 +2909,7 @@ pubkey_info (gnutls_x509_crt crt)
}
else
{
- pubkey = load_pubkey (1);
+ pubkey = load_pubkey (1, cinfo);
}
fprintf (outfile, "Public Key Info:\n\n");
@@ -3315,7 +2967,7 @@ pubkey_info (gnutls_x509_crt crt)
fprintf (outfile, "\n");
- size = sizeof (buffer);
+ size = buffer_size;
if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0)
{
fprintf (stderr, "Error in key id calculation: %s\n",
@@ -3326,7 +2978,7 @@ pubkey_info (gnutls_x509_crt crt)
fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size));
}
- size = sizeof (buffer);
+ size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 6b1be3d..e3e9f1c 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -8,7 +8,6 @@
#endif
#include "certtool-common.h"
-#include <gnutls/pkcs11.h>
#}
@@ -138,34 +137,6 @@ option (template) STR "FILE" { $template = $1 } "Template
file to use for non in
#char *pkcs_cipher;
option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for
pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
-#char* pkcs11_provider;
-option (p11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the
pkcs11 provider library"
-
-#char* pkcs11_url;
-option (p11-export-url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL;
$pkcs11_url = $1; } "Export data specified a pkcs11 URL"
-
-#int pkcs11_type;
-option (p11-list-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key
specified by a PKCS#11 URL"
-option (p11-list-privkeys) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11
URL"
-option (p11-list-trusted) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted,
specified by a PKCS#11 URL"
-option (p11-list-all-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a
PKCS#11 URL"
-option (p11-list-all) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
-option (p11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all
available tokens"
-
-#int pkcs11_login;
-option (p11-login) { $pkcs11_login = 1; } "Force login to token"
-
-#char* pkcs11_label;
-option (p11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url
= $1; } "Writes loaded certificates or private keys to a PKCS11 token."
-option (p11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for
the write operation."
-#int pkcs11_trusted;
-option (p11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to
be imported as trusted."
-
-#int pkcs11_detailed_url;
-option (p11-detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; }
"Export detailed URLs."
-
-option (p11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL;
$pkcs11_url = $1; } "Deletes objects matching the URL."
-
#int debug;
option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level.
Default is 1."
@@ -177,6 +148,4 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL;
$ca_privkey = NULL;
$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert =
NULL;
$incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL;
$v1_cert = 0;
$export = 0; $template = NULL; $hash=NULL; $fix_key = 0;
$quick_random=1;
- $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1;
$pkcs11_provider= NULL;
- $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL;
$pkcs11_label = NULL;
- $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0;
$pkcs11_detailed_url = 0; }
+ $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; }
diff --git a/src/crypt-gaa.c b/src/p11tool-gaa.c
similarity index 62%
copy from src/crypt-gaa.c
copy to src/p11tool-gaa.c
index 3375cf9..f29d25d 100644
--- a/src/crypt-gaa.c
+++ b/src/p11tool-gaa.c
@@ -1,7 +1,7 @@
/* File generated by GAA 1.6.6
*/
#define GAA_NO_WIN32
-#line 1 "crypt.gaa"
+#line 1 "p11tool.gaa"
/* C declarations */
@@ -11,7 +11,9 @@
# include <io.h>
#endif
-void srptool_version(void);
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
#include <stdio.h>
#include <string.h>
@@ -128,15 +130,34 @@ static void __gaa_helpsingle(char short_name, char *name,
void gaa_help(void)
{
- printf("Srptool help\nUsage : srptool [options]\n");
- __gaa_helpsingle('u', "username", "username ", "specify username.");
- __gaa_helpsingle('p', "passwd", "FILE ", "specify a password file.");
- __gaa_helpsingle('i', "index", "INDEX ", "specify the index of the
group parameters in tpasswd.conf to use.");
- __gaa_helpsingle('s', "salt", "SALT ", "specify salt size for crypt
algorithm.");
- __gaa_helpsingle(0, "verify", "", "just verify password.");
- __gaa_helpsingle('c', "passwd-conf", "FILE ", "specify a password conf
file.");
- __gaa_helpsingle(0, "create-conf", "FILE ", "Generate a tpasswd.conf
file.");
- __gaa_helpsingle('v', "version", "", "prints the program's version
number");
+ printf("p11tool help\nUsage: p11tool [options]\n");
+ printf("Usage: p11tool --list-tokens\n");
+ printf("Usage: p11tool --list-all\n");
+ printf("Usage: p11tool --url 'pkcs11:...'\n\n");
+ __gaa_helpsingle(0, "url", "URL ", "Specify a pkcs11 URL");
+ __gaa_helpsingle(0, "list-tokens", "", "List all available tokens");
+ __gaa_helpsingle(0, "list-all", "", "List all objects specified by a
PKCS#11 URL");
+ __gaa_helpsingle(0, "list-all-certs", "", "List all certificates
specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-certs", "", "List certificates that have a
private key specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-privkeys", "", "List private keys specified
by a PKCS#11 URL");
+ __gaa_helpsingle(0, "list-trusted", "", "List certificates marked as
trusted, specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "initialize", "URL ", "Initializes a PKCS11
token.");
+ __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates,
private or secret keys to a PKCS11 token.");
+ __gaa_helpsingle(0, "secret-key", "HEX_KEY ", "Provide a hex encoded
secret key.");
+ __gaa_helpsingle(0, "label", "label ", "Sets a label for the write
operation.");
+ __gaa_helpsingle(0, "write-trusted", "", "Marks the certificate to be
imported as trusted.");
+ __gaa_helpsingle(0, "login", "", "Force login to token");
+ __gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs.");
+ __gaa_helpsingle(0, "delete-url", "URL ", "Deletes objects matching the
URL.");
+ __gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to
use.");
+ __gaa_helpsingle(0, "load-pubkey", "FILE ", "Private key file to use.");
+ __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to
use.");
+ __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private
keys.");
+ __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates
and private keys.");
+ __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input
certificates and private keys.");
+ __gaa_helpsingle(0, "provider", "Library ", "Specify the pkcs11
provider library");
+ __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
+ __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level.
Default is 1.");
__gaa_helpsingle('h', "help", "", "shows this help text");
#line 100 "gaa.skel"
@@ -152,20 +173,38 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 34 "crypt.gaa"
- char *create_conf;
-#line 31 "crypt.gaa"
- char *passwd_conf;
-#line 28 "crypt.gaa"
- int verify;
-#line 25 "crypt.gaa"
- int salt;
-#line 22 "crypt.gaa"
- int index;
-#line 19 "crypt.gaa"
- char *passwd;
-#line 16 "crypt.gaa"
- char *username;
+#line 75 "p11tool.gaa"
+ int debug;
+#line 70 "p11tool.gaa"
+ char *outfile;
+#line 67 "p11tool.gaa"
+ int action;
+#line 66 "p11tool.gaa"
+ char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+ int incert_format;
+#line 59 "p11tool.gaa"
+ int pkcs8;
+#line 56 "p11tool.gaa"
+ char *cert;
+#line 53 "p11tool.gaa"
+ char *pubkey;
+#line 50 "p11tool.gaa"
+ char *privkey;
+#line 45 "p11tool.gaa"
+ int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+ int pkcs11_login;
+#line 39 "p11tool.gaa"
+ int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+ char* secret_key;
+#line 32 "p11tool.gaa"
+ char* pkcs11_label;
+#line 24 "p11tool.gaa"
+ int pkcs11_type;
+#line 21 "p11tool.gaa"
+ char* pkcs11_url;
#line 114 "gaa.skel"
};
@@ -220,16 +259,32 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 9
+#define GAA_NB_OPTION 25
#define GAAOPTID_help 1
-#define GAAOPTID_version 2
-#define GAAOPTID_create_conf 3
-#define GAAOPTID_passwd_conf 4
-#define GAAOPTID_verify 5
-#define GAAOPTID_salt 6
-#define GAAOPTID_index 7
-#define GAAOPTID_passwd 8
-#define GAAOPTID_username 9
+#define GAAOPTID_debug 2
+#define GAAOPTID_outfile 3
+#define GAAOPTID_provider 4
+#define GAAOPTID_inraw 5
+#define GAAOPTID_inder 6
+#define GAAOPTID_pkcs8 7
+#define GAAOPTID_load_certificate 8
+#define GAAOPTID_load_pubkey 9
+#define GAAOPTID_load_privkey 10
+#define GAAOPTID_delete_url 11
+#define GAAOPTID_detailed_url 12
+#define GAAOPTID_login 13
+#define GAAOPTID_write_trusted 14
+#define GAAOPTID_label 15
+#define GAAOPTID_secret_key 16
+#define GAAOPTID_write 17
+#define GAAOPTID_initialize 18
+#define GAAOPTID_list_trusted 19
+#define GAAOPTID_list_privkeys 20
+#define GAAOPTID_list_certs 21
+#define GAAOPTID_list_all_certs 22
+#define GAAOPTID_list_all 23
+#define GAAOPTID_list_tokens 24
+#define GAAOPTID_url 25
#line 168 "gaa.skel"
@@ -416,37 +471,73 @@ static float gaa_getfloat(char *arg)
}
/* option structures */
-struct GAAOPTION_create_conf
+struct GAAOPTION_debug
+{
+ int arg1;
+ int size1;
+};
+
+struct GAAOPTION_outfile
{
char* arg1;
int size1;
};
-struct GAAOPTION_passwd_conf
+struct GAAOPTION_provider
{
char* arg1;
int size1;
};
-struct GAAOPTION_salt
+struct GAAOPTION_load_certificate
{
- int arg1;
+ char* arg1;
int size1;
};
-struct GAAOPTION_index
+struct GAAOPTION_load_pubkey
{
- int arg1;
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_load_privkey
+{
+ char* arg1;
int size1;
};
-struct GAAOPTION_passwd
+struct GAAOPTION_delete_url
{
char* arg1;
int size1;
};
-struct GAAOPTION_username
+struct GAAOPTION_label
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_secret_key
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_write
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_initialize
+{
+ char* arg1;
+ int size1;
+};
+
+struct GAAOPTION_url
{
char* arg1;
int size1;
@@ -481,30 +572,62 @@ static int gaa_get_option_num(char *str, int status)
switch(status)
{
case GAA_LETTER_OPTION:
- GAA_CHECK1STR("", GAAOPTID_create_conf);
- GAA_CHECK1STR("c", GAAOPTID_passwd_conf);
- GAA_CHECK1STR("s", GAAOPTID_salt);
- GAA_CHECK1STR("i", GAAOPTID_index);
- GAA_CHECK1STR("p", GAAOPTID_passwd);
- GAA_CHECK1STR("u", GAAOPTID_username);
+ GAA_CHECK1STR("d", GAAOPTID_debug);
+ GAA_CHECK1STR("", GAAOPTID_outfile);
+ GAA_CHECK1STR("", GAAOPTID_provider);
+ GAA_CHECK1STR("", GAAOPTID_load_certificate);
+ GAA_CHECK1STR("", GAAOPTID_load_pubkey);
+ GAA_CHECK1STR("", GAAOPTID_load_privkey);
+ GAA_CHECK1STR("", GAAOPTID_delete_url);
+ GAA_CHECK1STR("", GAAOPTID_label);
+ GAA_CHECK1STR("", GAAOPTID_secret_key);
+ GAA_CHECK1STR("", GAAOPTID_write);
+ GAA_CHECK1STR("", GAAOPTID_initialize);
+ GAA_CHECK1STR("", GAAOPTID_url);
case GAA_MULTIPLE_OPTION:
#line 375 "gaa.skel"
GAA_CHECK1STR("h", GAAOPTID_help);
- GAA_CHECK1STR("v", GAAOPTID_version);
- GAA_CHECK1STR("", GAAOPTID_verify);
+ GAA_CHECK1STR("", GAAOPTID_inraw);
+ GAA_CHECK1STR("", GAAOPTID_inder);
+ GAA_CHECK1STR("8", GAAOPTID_pkcs8);
+ GAA_CHECK1STR("", GAAOPTID_detailed_url);
+ GAA_CHECK1STR("", GAAOPTID_login);
+ GAA_CHECK1STR("", GAAOPTID_write_trusted);
+ GAA_CHECK1STR("", GAAOPTID_list_trusted);
+ GAA_CHECK1STR("", GAAOPTID_list_privkeys);
+ GAA_CHECK1STR("", GAAOPTID_list_certs);
+ GAA_CHECK1STR("", GAAOPTID_list_all_certs);
+ GAA_CHECK1STR("", GAAOPTID_list_all);
+ GAA_CHECK1STR("", GAAOPTID_list_tokens);
#line 277 "gaa.skel"
break;
case GAA_WORD_OPTION:
GAA_CHECKSTR("help", GAAOPTID_help);
- GAA_CHECKSTR("version", GAAOPTID_version);
- GAA_CHECKSTR("create-conf", GAAOPTID_create_conf);
- GAA_CHECKSTR("passwd-conf", GAAOPTID_passwd_conf);
- GAA_CHECKSTR("verify", GAAOPTID_verify);
- GAA_CHECKSTR("salt", GAAOPTID_salt);
- GAA_CHECKSTR("index", GAAOPTID_index);
- GAA_CHECKSTR("passwd", GAAOPTID_passwd);
- GAA_CHECKSTR("username", GAAOPTID_username);
+ GAA_CHECKSTR("debug", GAAOPTID_debug);
+ GAA_CHECKSTR("outfile", GAAOPTID_outfile);
+ GAA_CHECKSTR("provider", GAAOPTID_provider);
+ GAA_CHECKSTR("inraw", GAAOPTID_inraw);
+ GAA_CHECKSTR("inder", GAAOPTID_inder);
+ GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
+ GAA_CHECKSTR("load-certificate",
GAAOPTID_load_certificate);
+ GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey);
+ GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
+ GAA_CHECKSTR("delete-url", GAAOPTID_delete_url);
+ GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url);
+ GAA_CHECKSTR("login", GAAOPTID_login);
+ GAA_CHECKSTR("write-trusted", GAAOPTID_write_trusted);
+ GAA_CHECKSTR("label", GAAOPTID_label);
+ GAA_CHECKSTR("secret-key", GAAOPTID_secret_key);
+ GAA_CHECKSTR("write", GAAOPTID_write);
+ GAA_CHECKSTR("initialize", GAAOPTID_initialize);
+ GAA_CHECKSTR("list-trusted", GAAOPTID_list_trusted);
+ GAA_CHECKSTR("list-privkeys", GAAOPTID_list_privkeys);
+ GAA_CHECKSTR("list-certs", GAAOPTID_list_certs);
+ GAA_CHECKSTR("list-all-certs", GAAOPTID_list_all_certs);
+ GAA_CHECKSTR("list-all", GAAOPTID_list_all);
+ GAA_CHECKSTR("list-tokens", GAAOPTID_list_tokens);
+ GAA_CHECKSTR("url", GAAOPTID_url);
#line 281 "gaa.skel"
break;
@@ -517,12 +640,18 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
int OK = 0;
int gaa_last_non_option;
- struct GAAOPTION_create_conf GAATMP_create_conf;
- struct GAAOPTION_passwd_conf GAATMP_passwd_conf;
- struct GAAOPTION_salt GAATMP_salt;
- struct GAAOPTION_index GAATMP_index;
- struct GAAOPTION_passwd GAATMP_passwd;
- struct GAAOPTION_username GAATMP_username;
+ struct GAAOPTION_debug GAATMP_debug;
+ struct GAAOPTION_outfile GAATMP_outfile;
+ struct GAAOPTION_provider GAATMP_provider;
+ struct GAAOPTION_load_certificate GAATMP_load_certificate;
+ struct GAAOPTION_load_pubkey GAATMP_load_pubkey;
+ struct GAAOPTION_load_privkey GAATMP_load_privkey;
+ struct GAAOPTION_delete_url GAATMP_delete_url;
+ struct GAAOPTION_label GAATMP_label;
+ struct GAAOPTION_secret_key GAATMP_secret_key;
+ struct GAAOPTION_write GAATMP_write;
+ struct GAAOPTION_initialize GAATMP_initialize;
+ struct GAAOPTION_url GAATMP_url;
#line 393 "gaa.skel"
#ifdef GAA_REST_EXISTS
@@ -545,82 +674,212 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_help:
OK = 0;
-#line 38 "crypt.gaa"
+#line 78 "p11tool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
- case GAAOPTID_version:
+ case GAAOPTID_debug:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
+ gaa_index++;
+#line 76 "p11tool.gaa"
+{ gaaval->debug = GAATMP_debug.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_outfile:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
+ gaa_index++;
+#line 71 "p11tool.gaa"
+{ gaaval->outfile = GAATMP_outfile.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_provider:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_provider.arg1, gaa_getstr,
GAATMP_provider.size1);
+ gaa_index++;
+#line 68 "p11tool.gaa"
+{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_inraw:
+ OK = 0;
+#line 64 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_inder:
+ OK = 0;
+#line 63 "p11tool.gaa"
+{ gaaval->incert_format=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_pkcs8:
+ OK = 0;
+#line 60 "p11tool.gaa"
+{ gaaval->pkcs8=1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_load_certificate:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
+ gaa_index++;
+#line 57 "p11tool.gaa"
+{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_load_pubkey:
OK = 0;
-#line 37 "crypt.gaa"
-{ srptool_version(); exit(0); ;};
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
+ gaa_index++;
+#line 54 "p11tool.gaa"
+{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
break;
- case GAAOPTID_create_conf:
+ case GAAOPTID_load_privkey:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_create_conf.arg1, gaa_getstr,
GAATMP_create_conf.size1);
+ GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
gaa_index++;
-#line 35 "crypt.gaa"
-{ gaaval->create_conf = GAATMP_create_conf.arg1 ;};
+#line 51 "p11tool.gaa"
+{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
break;
- case GAAOPTID_passwd_conf:
+ case GAAOPTID_delete_url:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_passwd_conf.arg1, gaa_getstr,
GAATMP_passwd_conf.size1);
+ GAA_FILL(GAATMP_delete_url.arg1, gaa_getstr,
GAATMP_delete_url.size1);
gaa_index++;
-#line 32 "crypt.gaa"
-{ gaaval->passwd_conf = GAATMP_passwd_conf.arg1 ;};
+#line 48 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url =
GAATMP_delete_url.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_detailed_url:
+ OK = 0;
+#line 46 "p11tool.gaa"
+{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
return GAA_OK;
break;
- case GAAOPTID_verify:
+ case GAAOPTID_login:
OK = 0;
-#line 29 "crypt.gaa"
-{ gaaval->verify = 1 ;};
+#line 43 "p11tool.gaa"
+{ gaaval->pkcs11_login = 1; ;};
return GAA_OK;
break;
- case GAAOPTID_salt:
+ case GAAOPTID_write_trusted:
+ OK = 0;
+#line 40 "p11tool.gaa"
+{ gaaval->pkcs11_trusted = 1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_label:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_salt.arg1, gaa_getint, GAATMP_salt.size1);
+ GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1);
gaa_index++;
-#line 26 "crypt.gaa"
-{ gaaval->salt = GAATMP_salt.arg1 ;};
+#line 38 "p11tool.gaa"
+{ gaaval->pkcs11_label = GAATMP_label.arg1; ;};
return GAA_OK;
break;
- case GAAOPTID_index:
+ case GAAOPTID_secret_key:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_index.arg1, gaa_getint, GAATMP_index.size1);
+ GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr,
GAATMP_secret_key.size1);
gaa_index++;
-#line 23 "crypt.gaa"
-{ gaaval->index = GAATMP_index.arg1 ;};
+#line 37 "p11tool.gaa"
+{ gaaval->secret_key = GAATMP_secret_key.arg1; ;};
return GAA_OK;
break;
- case GAAOPTID_passwd:
+ case GAAOPTID_write:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_passwd.arg1, gaa_getstr, GAATMP_passwd.size1);
+ GAA_FILL(GAATMP_write.arg1, gaa_getstr, GAATMP_write.size1);
gaa_index++;
-#line 20 "crypt.gaa"
-{ gaaval->passwd = GAATMP_passwd.arg1 ;};
+#line 34 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url =
GAATMP_write.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_initialize:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_initialize.arg1, gaa_getstr,
GAATMP_initialize.size1);
+ gaa_index++;
+#line 33 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKEN_INIT; gaaval->pkcs11_url =
GAATMP_initialize.arg1; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_trusted:
+ OK = 0;
+#line 30 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_privkeys:
+ OK = 0;
+#line 29 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_certs:
+ OK = 0;
+#line 28 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_all_certs:
+ OK = 0;
+#line 27 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_all:
+ OK = 0;
+#line 26 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
+
+ return GAA_OK;
+ break;
+ case GAAOPTID_list_tokens:
+ OK = 0;
+#line 25 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
return GAA_OK;
break;
- case GAAOPTID_username:
+ case GAAOPTID_url:
OK = 0;
GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_username.arg1, gaa_getstr,
GAATMP_username.size1);
+ GAA_FILL(GAATMP_url.arg1, gaa_getstr, GAATMP_url.size1);
gaa_index++;
-#line 17 "crypt.gaa"
-{ gaaval->username = GAATMP_username.arg1 ;};
+#line 22 "p11tool.gaa"
+{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url =
GAATMP_url.arg1; ;};
return GAA_OK;
break;
@@ -648,10 +907,11 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 40 "crypt.gaa"
-{ gaaval->username=NULL; gaaval->passwd=NULL; gaaval->salt=0;
- gaaval->create_conf=NULL; gaaval->passwd_conf=NULL; gaaval->verify = 0;
- gaaval->index = 1; ;};
+#line 80 "p11tool.gaa"
+{ gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile =
NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
+ gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK;
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
+ gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0;
gaaval->pkcs11_detailed_url = 0;
+ gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format =
0; ;};
}
inited = 1;
diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h
new file mode 100644
index 0000000..000ca1a
--- /dev/null
+++ b/src/p11tool-gaa.h
@@ -0,0 +1,63 @@
+
+#line 104 "gaa.skel"
+/* GAA HEADER */
+#ifndef GAA_HEADER_POKY
+#define GAA_HEADER_POKY
+
+typedef struct _gaainfo gaainfo;
+
+struct _gaainfo
+{
+#line 75 "p11tool.gaa"
+ int debug;
+#line 70 "p11tool.gaa"
+ char *outfile;
+#line 67 "p11tool.gaa"
+ int action;
+#line 66 "p11tool.gaa"
+ char* pkcs11_provider;
+#line 62 "p11tool.gaa"
+ int incert_format;
+#line 59 "p11tool.gaa"
+ int pkcs8;
+#line 56 "p11tool.gaa"
+ char *cert;
+#line 53 "p11tool.gaa"
+ char *pubkey;
+#line 50 "p11tool.gaa"
+ char *privkey;
+#line 45 "p11tool.gaa"
+ int pkcs11_detailed_url;
+#line 42 "p11tool.gaa"
+ int pkcs11_login;
+#line 39 "p11tool.gaa"
+ int pkcs11_trusted;
+#line 36 "p11tool.gaa"
+ char* secret_key;
+#line 32 "p11tool.gaa"
+ char* pkcs11_label;
+#line 24 "p11tool.gaa"
+ int pkcs11_type;
+#line 21 "p11tool.gaa"
+ char* pkcs11_url;
+
+#line 114 "gaa.skel"
+};
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ int gaa(int argc, char *argv[], gaainfo *gaaval);
+
+ void gaa_help(void);
+
+ int gaa_file(const char *name, gaainfo *gaaval);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
diff --git a/src/p11tool.c b/src/p11tool.c
new file mode 100644
index 0000000..5502737
--- /dev/null
+++ b/src/p11tool.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+
+#include <gcrypt.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+
+/* Gnulib portability files. */
+#include <read-file.h>
+#include <progname.h>
+#include <version-etc.h>
+
+#include "p11tool-gaa.h"
+#include "p11tool.h"
+#include "certtool-common.h"
+
+static void gaa_parser (int argc, char **argv);
+
+static gaainfo info;
+static FILE *outfile;
+int batch = 0;
+
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ set_program_name (argv[0]);
+ gaa_parser (argc, argv);
+
+ return 0;
+}
+
+static void
+gaa_parser (int argc, char **argv)
+{
+ int ret;
+ common_info_st cinfo;
+
+ if (gaa (argc, argv, &info) != -1)
+ {
+ fprintf (stderr, "Try `%s --help' for more information.\n",
+ program_name);
+ exit (1);
+ }
+
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (info.debug);
+ if (info.debug > 1)
+ printf ("Setting log level to %d\n", info.debug);
+
+ if ((ret = gnutls_global_init ()) < 0)
+ error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+
+ if (info.pkcs11_provider != NULL)
+ {
+ ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ if (ret < 0)
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ else
+ {
+ ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
+ gnutls_strerror (ret));
+ }
+ }
+ else
+ {
+ ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+ if (ret < 0)
+ fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
+ }
+
+ if (info.outfile)
+ {
+ outfile = safe_open_rw (info.outfile, 0);
+ if (outfile == NULL)
+ error (EXIT_FAILURE, errno, "%s", info.outfile);
+ }
+ else
+ outfile = stdout;
+
+ memset(&cinfo, 0, sizeof(cinfo));
+ cinfo.secret_key = info.secret_key;
+ cinfo.privkey = info.privkey;
+ cinfo.pkcs8 = info.pkcs8;
+ cinfo.incert_format = info.incert_format;
+ cinfo.cert = info.cert;
+
+ switch (info.action)
+ {
+ case ACTION_PKCS11_LIST:
+ pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
+ info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
+ break;
+ case ACTION_PKCS11_TOKENS:
+ pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
+ break;
+ case ACTION_PKCS11_EXPORT_URL:
+ pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
+ break;
+ case ACTION_PKCS11_WRITE_URL:
+ pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
+ info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+ break;
+ case ACTION_PKCS11_TOKEN_INIT:
+ pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
+ break;
+ case ACTION_PKCS11_DELETE_URL:
+ pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo);
+ break;
+ default:
+ gaa_help ();
+ exit (0);
+ }
+ fclose (outfile);
+
+ gnutls_pkcs11_deinit ();
+ gnutls_global_deinit ();
+}
+
diff --git a/src/p11tool.gaa b/src/p11tool.gaa
new file mode 100644
index 0000000..cdc5def
--- /dev/null
+++ b/src/p11tool.gaa
@@ -0,0 +1,83 @@
+#{
+
+/* C declarations */
+
+#include <config.h>
+#ifdef _WIN32
+# include <io.h>
+#endif
+
+#include "certtool-common.h"
+#include "p11tool.h"
+#include <gnutls/pkcs11.h>
+
+#}
+
+helpnode "p11tool help\nUsage: p11tool [options]"
+helpnode "Usage: p11tool --list-tokens"
+helpnode "Usage: p11tool --list-all"
+helpnode "Usage: p11tool --url 'pkcs11:...'\n"
+
+#char* pkcs11_url;
+option (url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1;
} "Specify a pkcs11 URL"
+
+#int pkcs11_type;
+option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available
tokens"
+option (list-all) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
+option (list-all-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a
PKCS#11 URL"
+option (list-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key
specified by a PKCS#11 URL"
+option (list-privkeys) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11
URL"
+option (list-trusted) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted,
specified by a PKCS#11 URL"
+
+#char* pkcs11_label;
+option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT;
$pkcs11_url = $1; } "Initializes a PKCS11 token."
+option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url =
$1; } "Writes loaded certificates, private or secret keys to a PKCS11 token."
+
+#char* secret_key;
+option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded
secret key."
+option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write
operation."
+#int pkcs11_trusted;
+option (write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be
imported as trusted."
+
+#int pkcs11_login;
+option (login) { $pkcs11_login = 1; } "Force login to token"
+
+#int pkcs11_detailed_url;
+option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; }
"Export detailed URLs."
+
+option (delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL;
$pkcs11_url = $1; } "Deletes objects matching the URL."
+
+#char *privkey;
+option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
+
+#char *pubkey;
+option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use."
+
+#char *cert;
+option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."
+
+#int pkcs8;
+option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
+
+#int incert_format;
+option (inder) { $incert_format=1 } "Use DER format for input certificates and
private keys."
+option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates
and private keys."
+
+#char* pkcs11_provider;
+#int action;
+option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11
provider library"
+
+#char *outfile;
+option (outfile) STR "FILE" { $outfile = $1 } "Output file."
+
+
+
+#int debug;
+option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level.
Default is 1."
+
+option (h, help) { gaa_help(); exit(0); } "shows this help text"
+
+init { $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey
= NULL; $privkey = NULL;
+ $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL;
$pkcs11_label = NULL;
+ $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 0;
+ $secret_key = NULL; $cert = NULL; $incert_format = 0; }
diff --git a/src/p11tool.h b/src/p11tool.h
new file mode 100644
index 0000000..023e355
--- /dev/null
+++ b/src/p11tool.h
@@ -0,0 +1,34 @@
+#ifndef P11TOOL_H
+# define P11TOOL_H
+
+#include "certtool-common.h"
+
+void pkcs11_list (FILE * outfile, const char *url, int type,
+ unsigned int login, unsigned int detailed, common_info_st*);
+void pkcs11_export (FILE * outfile, const char *pkcs11_url,
+ unsigned int login, common_info_st*);
+void pkcs11_token_list (FILE * outfile, unsigned int detailed,
common_info_st*);
+void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
+ int trusted, unsigned int login, common_info_st*);
+void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
+ unsigned int login, common_info_st*);
+void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char* label,
common_info_st*);
+
+#define PKCS11_TYPE_CRT_ALL 1
+#define PKCS11_TYPE_TRUSTED 2
+#define PKCS11_TYPE_PK 3
+#define PKCS11_TYPE_ALL 4
+#define PKCS11_TYPE_PRIVKEY 5
+
+
+enum
+{
+ ACTION_PKCS11_LIST,
+ ACTION_PKCS11_TOKENS,
+ ACTION_PKCS11_EXPORT_URL,
+ ACTION_PKCS11_WRITE_URL,
+ ACTION_PKCS11_DELETE_URL,
+ ACTION_PKCS11_TOKEN_INIT,
+};
+
+#endif
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 364f573..9a5de9f 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -25,8 +25,9 @@
#include <gnutls/abstract.h>
#include <stdio.h>
#include <stdlib.h>
-#include "certtool-common.h"
+#include "p11tool.h"
#include "certtool-cfg.h"
+#include "certtool-common.h"
#include <unistd.h>
#include <string.h>
@@ -87,7 +88,7 @@ pkcs11_common (void)
}
void
-pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login)
+pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
common_info_st* info)
{
int ret;
unsigned int obj_flags = 0;
@@ -98,7 +99,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch,
unsigned int login)
if (!batch)
{
pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
- GNUTLS_PKCS11_URL_LIB);
+ GNUTLS_PKCS11_URL_LIB, info);
ret =
read_yesno ("Are you sure you want to delete those objects? (y/N): ");
if (ret == 0)
@@ -124,7 +125,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch,
unsigned int login)
*/
void
pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
- unsigned int detailed)
+ unsigned int detailed, common_info_st* info)
{
gnutls_pkcs11_obj_t *crt_list;
gnutls_x509_crt_t xcrt;
@@ -296,7 +297,7 @@ pkcs11_list (FILE * outfile, const char *url, int type,
unsigned int login,
}
void
-pkcs11_export (FILE * outfile, const char *url, unsigned int login)
+pkcs11_export (FILE * outfile, const char *url, unsigned int login,
common_info_st* info)
{
gnutls_pkcs11_obj_t crt;
gnutls_x509_crt_t xcrt;
@@ -427,7 +428,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned
int login)
}
void
-pkcs11_token_list (FILE * outfile, unsigned int detailed)
+pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st* info)
{
int ret;
int i;
@@ -514,13 +515,14 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed)
void
pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
- unsigned int login)
+ unsigned int login, common_info_st* info)
{
gnutls_x509_crt_t xcrt;
gnutls_x509_privkey_t xkey;
int ret;
unsigned int flags = 0;
- unsigned int key_usage;
+ unsigned int key_usage = 0;
+ gnutls_datum_t* secret_key;
if (login)
flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
@@ -530,7 +532,22 @@ pkcs11_write (FILE * outfile, const char *url, const char
*label, int trusted,
if (url == NULL)
url = "pkcs11:";
- xcrt = load_cert (0);
+ secret_key = load_secret_key(0, info);
+ if (secret_key != NULL)
+ {
+ ret =
+ gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
+ flags |
+ GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
+ exit (1);
+ }
+ }
+
+ xcrt = load_cert (0, info);
if (xcrt != NULL)
{
if (trusted)
@@ -546,7 +563,7 @@ pkcs11_write (FILE * outfile, const char *url, const char
*label, int trusted,
gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
}
- xkey = load_private_key (0);
+ xkey = load_private_key (0, info);
if (xkey != NULL)
{
ret =
@@ -561,10 +578,47 @@ pkcs11_write (FILE * outfile, const char *url, const char
*label, int trusted,
}
}
- if (xkey == NULL && xcrt == NULL)
+ if (xkey == NULL && xcrt == NULL && secret_key != NULL)
{
fprintf (stderr,
- "You must use --load-privkey or --load-certificate to load the
file to be copied\n");
+ "You must use --load-privkey, --load-certificate or --secret-key
to load the file to be copied\n");
+ exit (1);
+ }
+
+ return;
+}
+
+void
+pkcs11_init (FILE * outfile, const char *url, const char *label,
common_info_st* info)
+{
+ int ret;
+ char * pin;
+ char so_pin[32];
+
+ pkcs11_common ();
+
+ if (url == NULL)
+ {
+ fprintf(stderr, "No token URL given to initialize!\n");
+ exit(1);
+ }
+
+ pin = getpass ("Enter Security Officer's PIN: ");
+ if (pin == NULL)
+ exit(0);
+
+ strcpy(so_pin, pin);
+
+ pin = getpass ("Enter new User's PIN: ");
+ if (pin == NULL)
+ exit(0);
+
+ ret =
+ gnutls_pkcs11_token_init (url, so_pin, pin, label);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+ gnutls_strerror (ret));
exit (1);
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 15d03a4..bc099e4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -56,7 +56,7 @@ libutils_la_SOURCES = utils.h utils.c
ctests = simple gc set_pkcs12_cred certder certuniqueid mpi
\
certificate_set_x509_crl dn parse_ca moredn crypto_rng mini \
- finished hostname-check cve-2008-4989 pkcs12_s2k chainverify \
+ hostname-check cve-2008-4989 pkcs12_s2k chainverify \
crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \
crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \
nul-in-x509-names x509_altname pkcs12_encode mini-x509 \
diff --git a/tests/finished.c b/tests/finished.c
deleted file mode 100644
index afbdbcf..0000000
--- a/tests/finished.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
- *
- * Author: Simon Josefsson
- *
- * This file is part of GnuTLS.
- *
- * GnuTLS is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuTLS is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* Based on mini.c. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <gnutls/gnutls.h>
-
-#include "utils.h"
-
-static void
-tls_log_func (int level, const char *str)
-{
- fprintf (stderr, "|<%d>| %s", level, str);
-}
-
-char *to_server;
-size_t to_server_len;
-
-char *to_client;
-size_t to_client_len;
-
-static ssize_t
-client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
-{
- if (debug)
- success ("client_pull len %d has %d\n", (int) len, (int) to_client_len);
-
- if (to_client_len < len)
- {
- gnutls_transport_set_global_errno (EAGAIN);
- return -1;
- }
-
- memcpy (data, to_client, len);
-
- memmove (to_client, to_client + len, to_client_len - len);
- to_client_len -= len;
-
- return len;
-}
-
-static ssize_t
-client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
-{
- size_t newlen = to_server_len + len;
- char *tmp;
-
- if (debug)
- {
- success ("client_push len %d has %d\n", (int) len, (int) to_server_len);
- hexprint (data, len);
- }
-
- tmp = realloc (to_server, newlen);
- if (!tmp)
- {
- fail ("Memory allocation failure...\n");
- exit (1);
- }
- to_server = tmp;
-
- memcpy (to_server + to_server_len, data, len);
- to_server_len = newlen;
-
- return len;
-}
-
-static ssize_t
-server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
-{
- if (debug)
- success ("server_pull len %d has %d\n", (int) len, (int) to_server_len);
-
- if (to_server_len < len)
- {
- gnutls_transport_set_global_errno (EAGAIN);
- return -1;
- }
-
- memcpy (data, to_server, len);
-
- memmove (to_server, to_server + len, to_server_len - len);
- to_server_len -= len;
-
- return len;
-}
-
-static ssize_t
-server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
-{
- size_t newlen = to_client_len + len;
- char *tmp;
-
- if (debug)
- {
- success ("server_push len %d has %d\n", (int) len, (int) to_client_len);
- hexprint (data, len);
- }
-
- tmp = realloc (to_client, newlen);
- if (!tmp)
- {
- fail ("Memory allocation failure...\n");
- exit (1);
- }
- to_client = tmp;
-
- memcpy (to_client + to_client_len, data, len);
- to_client_len = newlen;
-
- return len;
-}
-
-static void
-client_finished_callback (gnutls_session_t session,
- const void *finished, size_t len)
-{
- if (debug)
- {
- success ("client finished (length %d)\n", (int) len);
- hexprint (finished, len);
- }
-}
-
-static void
-server_finished_callback (gnutls_session_t session,
- const void *finished, size_t len)
-{
- if (debug)
- {
- success ("server finished (length %d)\n", (int) len);
- hexprint (finished, len);
- }
-}
-
-#define MAX_BUF 1024
-#define MSG "Hello TLS"
-
-void
-doit (void)
-{
- /* Server stuff. */
- gnutls_anon_server_credentials_t s_anoncred;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
- static gnutls_dh_params_t dh_params;
- gnutls_session_t server;
- int sret = GNUTLS_E_AGAIN;
- /* Client stuff. */
- gnutls_anon_client_credentials_t c_anoncred;
- gnutls_session_t client;
- int n, cret = GNUTLS_E_AGAIN;
- /* Need to enable anonymous KX specifically. */
- const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
- char buffer[MAX_BUF + 1];
- ssize_t ns;
- int ret;
-
- /* General init. */
- gnutls_global_init ();
- gnutls_global_set_log_function (tls_log_func);
- if (debug)
- gnutls_global_set_log_level (4711);
-
- /* Init server */
- gnutls_anon_allocate_server_credentials (&s_anoncred);
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
- gnutls_init (&server, GNUTLS_SERVER);
- gnutls_set_default_priority (server);
- gnutls_kx_set_priority (server, kx_prio);
- gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
- gnutls_dh_set_prime_bits (server, 1024);
- gnutls_transport_set_push_function (server, server_push);
- gnutls_transport_set_pull_function (server, server_pull);
- gnutls_session_set_finished_function (server, server_finished_callback);
-
- /* Init client */
- gnutls_anon_allocate_client_credentials (&c_anoncred);
- gnutls_init (&client, GNUTLS_CLIENT);
- gnutls_set_default_priority (client);
- gnutls_kx_set_priority (client, kx_prio);
- gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
- gnutls_transport_set_push_function (client, client_push);
- gnutls_transport_set_pull_function (client, client_pull);
- gnutls_session_set_finished_function (client, client_finished_callback);
-
- do
- {
- if (cret == GNUTLS_E_AGAIN)
- {
- if (debug)
- success ("loop invoking client:\n");
- cret = gnutls_handshake (client);
- if (debug)
- success ("client %d: %s\n", cret, gnutls_strerror (cret));
- }
-
- if (sret == GNUTLS_E_AGAIN)
- {
- if (debug)
- success ("loop invoking server:\n");
- sret = gnutls_handshake (server);
- if (debug)
- success ("server %d: %s\n", sret, gnutls_strerror (sret));
- }
- }
- while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
-
- if (debug)
- success ("Handshake established\n");
-
- ns = gnutls_record_send (client, MSG, strlen (MSG));
- if (debug)
- success ("client: sent %d\n", (int) ns);
-
- ret = gnutls_record_recv (server, buffer, MAX_BUF);
- if (ret == 0)
- fail ("server: didn't receive any data\n");
- else if (ret < 0)
- fail ("server: error: %s\n", gnutls_strerror (ret));
- else if (debug)
- {
- printf ("server: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
- }
-
- ns = gnutls_record_send (server, MSG, strlen (MSG));
- if (debug)
- success ("server: sent %d\n", (int) ns);
-
- ret = gnutls_record_recv (client, buffer, MAX_BUF);
- if (ret == 0)
- {
- fail ("client: Peer has closed the TLS connection\n");
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- }
- else if (debug)
- {
- printf ("client: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
- }
-
- gnutls_bye (client, GNUTLS_SHUT_RDWR);
- gnutls_bye (server, GNUTLS_SHUT_RDWR);
-
- gnutls_deinit (client);
- gnutls_deinit (server);
-
- free (to_server);
- free (to_client);
-
- gnutls_anon_free_client_credentials (c_anoncred);
- gnutls_anon_free_server_credentials (s_anoncred);
-
- gnutls_dh_params_deinit (dh_params);
-
- gnutls_global_deinit ();
-}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-10-g00f6b99,
Nikos Mavrogiannopoulos <=