[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-19-g69d2584
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-19-g69d2584 |
|
Date: |
Thu, 11 Nov 2010 18:17:10 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=69d25843fb9ffda39fad00d0cf8b94995d5fff96
The branch, master has been updated
via 69d25843fb9ffda39fad00d0cf8b94995d5fff96 (commit)
from 03512d4cdfaad9caeadb5d9c34575c5958d2b3bf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 69d25843fb9ffda39fad00d0cf8b94995d5fff96
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 11 19:16:20 2010 +0100
Added --list-mechanisms option to p11tool. Lists all mechanisms supported by
a token.
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/pkcs11.h | 9 ++-
lib/libgnutls.map | 1 +
lib/pkcs11.c | 63 +++++++++++-
src/p11tool-gaa.c | 105 ++++++++++++--------
src/p11tool-gaa.h | 28 +++---
src/p11tool.c | 3 +
src/p11tool.gaa | 3 +
src/p11tool.h | 2 +
src/pkcs11.c | 229 ++++++++++++++++++++++++++++++++++++++++++
9 files changed, 384 insertions(+), 59 deletions(-)
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index d801f0a..749d96d 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -148,6 +148,10 @@ gnutls_pkcs11_token_init (const char *token_url,
const char *label);
int
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long *mechanism);
+
+int
gnutls_pkcs11_token_set_pin (const char *token_url,
const char* oldpin, const char* newpin, unsigned int
flags/*gnutls_pkcs11_pin_flag_t*/);
@@ -177,8 +181,9 @@ gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type
(gnutls_pkcs11_obj_t
certificate);
const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
-int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned
int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /*
must be zero */
- );
+int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
+ unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs,
+ unsigned int flags /* must be zero */);
/* private key functions...*/
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index c9474f3..f719563 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -693,6 +693,7 @@ GNUTLS_2_12
gnutls_pkcs11_copy_secret_key;
gnutls_pkcs11_token_init;
gnutls_pkcs11_token_set_pin;
+ gnutls_pkcs11_token_get_mechanism;
} GNUTLS_2_10;
GNUTLS_PRIVATE {
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index b769b55..2ed329a 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2762,7 +2762,7 @@ find_flags (pakchois_session_t * pks, struct token_info
*info,
/**
* gnutls_pkcs11_token_get_flags:
* @url: should contain a PKCS 11 URL
- * @flags: The output flags
+ * @flags: The output flags (GNUTLS_PKCS11_TOKEN_*)
*
* This function will return information about the PKCS 11 token flags.
*
@@ -2797,6 +2797,67 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned
int *flags)
}
+/**
+ * gnutls_pkcs11_token_get_mechanism:
+ * @url: should contain a PKCS 11 URL
+ * @idx: The index of the mechanism
+ * @mechanism: The PKCS #11 mechanism ID
+ *
+ * This function will return the names of the supported mechanisms
+ * by the token. It should be called with an increasing index until
+ * it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long* mechanism)
+{
+ int ret;
+ ck_rv_t rv;
+ pakchois_module_t *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+ struct pkcs11_url_info info;
+ unsigned long count;
+ ck_mechanism_type_t mlist[400];
+
+ ret = pkcs11_url_to_info (url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ ret = pkcs11_find_slot(&module, &slot, &info, &tinfo);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ count = sizeof(mlist)/sizeof(mlist[0]);
+ rv = pakchois_get_mechanism_list(module, slot, mlist, &count);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ if (idx >= count)
+ {
+ gnutls_assert();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *mechanism = mlist[idx];
+
+ return 0;
+
+}
+
+
const char *
gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type)
{
diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c
index 8bd5a2d..99dab2f 100644
--- a/src/p11tool-gaa.c
+++ b/src/p11tool-gaa.c
@@ -136,6 +136,7 @@ void gaa_help(void)
printf("Usage: p11tool --export 'pkcs11:...'\n\n");
__gaa_helpsingle(0, "export", "URL ", "Export an object specified by a
pkcs11 URL");
__gaa_helpsingle(0, "list-tokens", "", "List all available tokens");
+ __gaa_helpsingle(0, "list-mechanisms", "URL ", "List all available
mechanisms in token.");
__gaa_helpsingle(0, "list-all", "", "List all objects specified by a
PKCS#11 URL");
__gaa_helpsingle(0, "list-all-certs", "", "List all certificates
specified by a PKCS#11 URL");
__gaa_helpsingle(0, "list-certs", "", "List certificates that have a
private key specified by a PKCS#11 URL");
@@ -174,33 +175,33 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 77 "p11tool.gaa"
+#line 80 "p11tool.gaa"
int debug;
-#line 72 "p11tool.gaa"
+#line 75 "p11tool.gaa"
char *outfile;
-#line 69 "p11tool.gaa"
+#line 72 "p11tool.gaa"
int action;
-#line 68 "p11tool.gaa"
+#line 71 "p11tool.gaa"
char* pkcs11_provider;
-#line 64 "p11tool.gaa"
+#line 67 "p11tool.gaa"
int incert_format;
-#line 61 "p11tool.gaa"
+#line 64 "p11tool.gaa"
int pkcs8;
-#line 58 "p11tool.gaa"
+#line 61 "p11tool.gaa"
char *cert;
-#line 55 "p11tool.gaa"
+#line 58 "p11tool.gaa"
char *pubkey;
-#line 52 "p11tool.gaa"
+#line 55 "p11tool.gaa"
char *privkey;
-#line 49 "p11tool.gaa"
+#line 52 "p11tool.gaa"
char* secret_key;
-#line 45 "p11tool.gaa"
+#line 48 "p11tool.gaa"
int pkcs11_detailed_url;
-#line 42 "p11tool.gaa"
+#line 45 "p11tool.gaa"
int pkcs11_login;
-#line 39 "p11tool.gaa"
+#line 42 "p11tool.gaa"
int pkcs11_trusted;
-#line 32 "p11tool.gaa"
+#line 35 "p11tool.gaa"
char* pkcs11_label;
#line 24 "p11tool.gaa"
int pkcs11_type;
@@ -260,7 +261,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 26
+#define GAA_NB_OPTION 27
#define GAAOPTID_help 1
#define GAAOPTID_debug 2
#define GAAOPTID_outfile 3
@@ -285,8 +286,9 @@ static int gaa_error = 0;
#define GAAOPTID_list_certs 22
#define GAAOPTID_list_all_certs 23
#define GAAOPTID_list_all 24
-#define GAAOPTID_list_tokens 25
-#define GAAOPTID_export 26
+#define GAAOPTID_list_mechanisms 25
+#define GAAOPTID_list_tokens 26
+#define GAAOPTID_export 27
#line 168 "gaa.skel"
@@ -539,6 +541,12 @@ struct GAAOPTION_initialize
int size1;
};
+struct GAAOPTION_list_mechanisms
+{
+ char* arg1;
+ int size1;
+};
+
struct GAAOPTION_export
{
char* arg1;
@@ -585,6 +593,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_delete);
GAA_CHECK1STR("", GAAOPTID_write);
GAA_CHECK1STR("", GAAOPTID_initialize);
+ GAA_CHECK1STR("", GAAOPTID_list_mechanisms);
GAA_CHECK1STR("", GAAOPTID_export);
case GAA_MULTIPLE_OPTION:
#line 375 "gaa.skel"
@@ -630,6 +639,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("list-certs", GAAOPTID_list_certs);
GAA_CHECKSTR("list-all-certs", GAAOPTID_list_all_certs);
GAA_CHECKSTR("list-all", GAAOPTID_list_all);
+ GAA_CHECKSTR("list-mechanisms",
GAAOPTID_list_mechanisms);
GAA_CHECKSTR("list-tokens", GAAOPTID_list_tokens);
GAA_CHECKSTR("export", GAAOPTID_export);
@@ -655,6 +665,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
struct GAAOPTION_delete GAATMP_delete;
struct GAAOPTION_write GAATMP_write;
struct GAAOPTION_initialize GAATMP_initialize;
+ struct GAAOPTION_list_mechanisms GAATMP_list_mechanisms;
struct GAAOPTION_export GAATMP_export;
#line 393 "gaa.skel"
@@ -678,7 +689,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_help:
OK = 0;
-#line 80 "p11tool.gaa"
+#line 83 "p11tool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -688,7 +699,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 78 "p11tool.gaa"
+#line 81 "p11tool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -698,7 +709,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 73 "p11tool.gaa"
+#line 76 "p11tool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
@@ -708,28 +719,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_provider.arg1, gaa_getstr,
GAATMP_provider.size1);
gaa_index++;
-#line 70 "p11tool.gaa"
+#line 73 "p11tool.gaa"
{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_inraw:
OK = 0;
-#line 66 "p11tool.gaa"
+#line 69 "p11tool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 65 "p11tool.gaa"
+#line 68 "p11tool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 62 "p11tool.gaa"
+#line 65 "p11tool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
@@ -739,7 +750,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
gaa_index++;
-#line 59 "p11tool.gaa"
+#line 62 "p11tool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
@@ -749,7 +760,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
gaa_index++;
-#line 56 "p11tool.gaa"
+#line 59 "p11tool.gaa"
{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
@@ -759,7 +770,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
gaa_index++;
-#line 53 "p11tool.gaa"
+#line 56 "p11tool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
@@ -769,35 +780,35 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr,
GAATMP_secret_key.size1);
gaa_index++;
-#line 50 "p11tool.gaa"
+#line 53 "p11tool.gaa"
{ gaaval->secret_key = GAATMP_secret_key.arg1; ;};
return GAA_OK;
break;
case GAAOPTID_no_detailed_url:
OK = 0;
-#line 47 "p11tool.gaa"
+#line 50 "p11tool.gaa"
{ gaaval->pkcs11_detailed_url = 0; ;};
return GAA_OK;
break;
case GAAOPTID_detailed_url:
OK = 0;
-#line 46 "p11tool.gaa"
+#line 49 "p11tool.gaa"
{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
return GAA_OK;
break;
case GAAOPTID_login:
OK = 0;
-#line 43 "p11tool.gaa"
+#line 46 "p11tool.gaa"
{ gaaval->pkcs11_login = 1; ;};
return GAA_OK;
break;
case GAAOPTID_trusted:
OK = 0;
-#line 40 "p11tool.gaa"
+#line 43 "p11tool.gaa"
{ gaaval->pkcs11_trusted = 1; ;};
return GAA_OK;
@@ -807,7 +818,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1);
gaa_index++;
-#line 38 "p11tool.gaa"
+#line 41 "p11tool.gaa"
{ gaaval->pkcs11_label = GAATMP_label.arg1; ;};
return GAA_OK;
@@ -817,7 +828,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_delete.arg1, gaa_getstr, GAATMP_delete.size1);
gaa_index++;
-#line 35 "p11tool.gaa"
+#line 38 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url =
GAATMP_delete.arg1; ;};
return GAA_OK;
@@ -827,7 +838,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_write.arg1, gaa_getstr, GAATMP_write.size1);
gaa_index++;
-#line 34 "p11tool.gaa"
+#line 37 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url =
GAATMP_write.arg1; ;};
return GAA_OK;
@@ -837,46 +848,56 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_initialize.arg1, gaa_getstr,
GAATMP_initialize.size1);
gaa_index++;
-#line 33 "p11tool.gaa"
+#line 36 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_TOKEN_INIT; gaaval->pkcs11_url =
GAATMP_initialize.arg1; ;};
return GAA_OK;
break;
case GAAOPTID_list_trusted:
OK = 0;
-#line 30 "p11tool.gaa"
+#line 33 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
return GAA_OK;
break;
case GAAOPTID_list_privkeys:
OK = 0;
-#line 29 "p11tool.gaa"
+#line 32 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
return GAA_OK;
break;
case GAAOPTID_list_certs:
OK = 0;
-#line 28 "p11tool.gaa"
+#line 31 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;};
return GAA_OK;
break;
case GAAOPTID_list_all_certs:
OK = 0;
-#line 27 "p11tool.gaa"
+#line 30 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
return GAA_OK;
break;
case GAAOPTID_list_all:
OK = 0;
-#line 26 "p11tool.gaa"
+#line 29 "p11tool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
return GAA_OK;
break;
+ case GAAOPTID_list_mechanisms:
+ OK = 0;
+ GAA_TESTMOREARGS;
+ GAA_FILL(GAATMP_list_mechanisms.arg1, gaa_getstr,
GAATMP_list_mechanisms.size1);
+ gaa_index++;
+#line 27 "p11tool.gaa"
+{ gaaval->pkcs11_url = GAATMP_list_mechanisms.arg1; gaaval->action =
ACTION_PKCS11_MECHANISMS; ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_list_tokens:
OK = 0;
#line 25 "p11tool.gaa"
@@ -918,7 +939,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 82 "p11tool.gaa"
+#line 85 "p11tool.gaa"
{ gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile =
NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK;
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0;
gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB;
diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h
index 32adbb2..f581def 100644
--- a/src/p11tool-gaa.h
+++ b/src/p11tool-gaa.h
@@ -8,33 +8,33 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 77 "p11tool.gaa"
+#line 80 "p11tool.gaa"
int debug;
-#line 72 "p11tool.gaa"
+#line 75 "p11tool.gaa"
char *outfile;
-#line 69 "p11tool.gaa"
+#line 72 "p11tool.gaa"
int action;
-#line 68 "p11tool.gaa"
+#line 71 "p11tool.gaa"
char* pkcs11_provider;
-#line 64 "p11tool.gaa"
+#line 67 "p11tool.gaa"
int incert_format;
-#line 61 "p11tool.gaa"
+#line 64 "p11tool.gaa"
int pkcs8;
-#line 58 "p11tool.gaa"
+#line 61 "p11tool.gaa"
char *cert;
-#line 55 "p11tool.gaa"
+#line 58 "p11tool.gaa"
char *pubkey;
-#line 52 "p11tool.gaa"
+#line 55 "p11tool.gaa"
char *privkey;
-#line 49 "p11tool.gaa"
+#line 52 "p11tool.gaa"
char* secret_key;
-#line 45 "p11tool.gaa"
+#line 48 "p11tool.gaa"
int pkcs11_detailed_url;
-#line 42 "p11tool.gaa"
+#line 45 "p11tool.gaa"
int pkcs11_login;
-#line 39 "p11tool.gaa"
+#line 42 "p11tool.gaa"
int pkcs11_trusted;
-#line 32 "p11tool.gaa"
+#line 35 "p11tool.gaa"
char* pkcs11_label;
#line 24 "p11tool.gaa"
int pkcs11_type;
diff --git a/src/p11tool.c b/src/p11tool.c
index 5502737..39a54f9 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -141,6 +141,9 @@ gaa_parser (int argc, char **argv)
case ACTION_PKCS11_TOKENS:
pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
break;
+ case ACTION_PKCS11_MECHANISMS:
+ pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login,
&cinfo);
+ break;
case ACTION_PKCS11_EXPORT_URL:
pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
break;
diff --git a/src/p11tool.gaa b/src/p11tool.gaa
index fb0b4c6..9b7fe4d 100644
--- a/src/p11tool.gaa
+++ b/src/p11tool.gaa
@@ -23,6 +23,9 @@ option (export) STR "URL" { $action =
ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1
#int pkcs11_type;
option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available
tokens"
+
+option (list-mechanisms) STR "URL" { $pkcs11_url = $1; $action =
ACTION_PKCS11_MECHANISMS; } "List all available mechanisms in token."
+
option (list-all) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
option (list-all-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a
PKCS#11 URL"
option (list-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key
specified by a PKCS#11 URL"
diff --git a/src/p11tool.h b/src/p11tool.h
index 023e355..9a69098 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -5,6 +5,7 @@
void pkcs11_list (FILE * outfile, const char *url, int type,
unsigned int login, unsigned int detailed, common_info_st*);
+void pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int
login, common_info_st*);
void pkcs11_export (FILE * outfile, const char *pkcs11_url,
unsigned int login, common_info_st*);
void pkcs11_token_list (FILE * outfile, unsigned int detailed,
common_info_st*);
@@ -29,6 +30,7 @@ enum
ACTION_PKCS11_WRITE_URL,
ACTION_PKCS11_DELETE_URL,
ACTION_PKCS11_TOKEN_INIT,
+ ACTION_PKCS11_MECHANISMS,
};
#endif
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 1102d20..907f139 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -633,3 +633,232 @@ pkcs11_init (FILE * outfile, const char *url, const char
*label, common_info_st*
return;
}
+
+const char* mech_list[] = {
+ [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
+ [1] = "CKM_RSA_PKCS",
+ [2] = "CKM_RSA_9796",
+ [3] = "CKM_RSA_X_509",
+ [4] = "CKM_MD2_RSA_PKCS",
+ [5] = "CKM_MD5_RSA_PKCS",
+ [6] = "CKM_SHA1_RSA_PKCS",
+ [7] = "CKM_RIPEMD128_RSA_PKCS",
+ [8] = "CKM_RIPEMD160_RSA_PKCS",
+ [9] = "CKM_RSA_PKCS_OAEP",
+ [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN",
+ [0xb] = "CKM_RSA_X9_31",
+ [0xc] = "CKM_SHA1_RSA_X9_31",
+ [0xd] = "CKM_RSA_PKCS_PSS",
+ [0xe] = "CKM_SHA1_RSA_PKCS_PSS",
+ [0x10] = "CKM_DSA_KEY_PAIR_GEN",
+ [0x11] = "CKM_DSA",
+ [0x12] = "CKM_DSA_SHA1",
+ [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN",
+ [0x21] = "CKM_DH_PKCS_DERIVE",
+ [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN",
+ [0x31] = "CKM_X9_42_DH_DERIVE",
+ [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE",
+ [0x33] = "CKM_X9_42_MQV_DERIVE",
+ [0x40] = "CKM_SHA256_RSA_PKCS",
+ [0x41] = "CKM_SHA384_RSA_PKCS",
+ [0x42] = "CKM_SHA512_RSA_PKCS",
+ [0x43] = "CKM_SHA256_RSA_PKCS_PSS",
+ [0x44] = "CKM_SHA384_RSA_PKCS_PSS",
+ [0x45] = "CKM_SHA512_RSA_PKCS_PSS",
+ [0x100] = "CKM_RC2_KEY_GEN",
+ [0x101] = "CKM_RC2_ECB",
+ [0x102] = "CKM_RC2_CBC",
+ [0x103] = "CKM_RC2_MAC",
+ [0x104] = "CKM_RC2_MAC_GENERAL",
+ [0x105] = "CKM_RC2_CBC_PAD",
+ [0x110] = "CKM_RC4_KEY_GEN",
+ [0x111] = "CKM_RC4",
+ [0x120] = "CKM_DES_KEY_GEN",
+ [0x121] = "CKM_DES_ECB",
+ [0x122] = "CKM_DES_CBC",
+ [0x123] = "CKM_DES_MAC",
+ [0x124] = "CKM_DES_MAC_GENERAL",
+ [0x125] = "CKM_DES_CBC_PAD",
+ [0x130] = "CKM_DES2_KEY_GEN",
+ [0x131] = "CKM_DES3_KEY_GEN",
+ [0x132] = "CKM_DES3_ECB",
+ [0x133] = "CKM_DES3_CBC",
+ [0x134] = "CKM_DES3_MAC",
+ [0x135] = "CKM_DES3_MAC_GENERAL",
+ [0x136] = "CKM_DES3_CBC_PAD",
+ [0x140] = "CKM_CDMF_KEY_GEN",
+ [0x141] = "CKM_CDMF_ECB",
+ [0x142] = "CKM_CDMF_CBC",
+ [0x143] = "CKM_CDMF_MAC",
+ [0x144] = "CKM_CDMF_MAC_GENERAL",
+ [0x145] = "CKM_CDMF_CBC_PAD",
+ [0x200] = "CKM_MD2",
+ [0x201] = "CKM_MD2_HMAC",
+ [0x202] = "CKM_MD2_HMAC_GENERAL",
+ [0x210] = "CKM_MD5",
+ [0x211] = "CKM_MD5_HMAC",
+ [0x212] = "CKM_MD5_HMAC_GENERAL",
+ [0x220] = "CKM_SHA_1",
+ [0x221] = "CKM_SHA_1_HMAC",
+ [0x222] = "CKM_SHA_1_HMAC_GENERAL",
+ [0x230] = "CKM_RIPEMD128",
+ [0x231] = "CKM_RIPEMD128_HMAC",
+ [0x232] = "CKM_RIPEMD128_HMAC_GENERAL",
+ [0x240] = "CKM_RIPEMD160",
+ [0x241] = "CKM_RIPEMD160_HMAC",
+ [0x242] = "CKM_RIPEMD160_HMAC_GENERAL",
+ [0x250] = "CKM_SHA256",
+ [0x251] = "CKM_SHA256_HMAC",
+ [0x252] = "CKM_SHA256_HMAC_GENERAL",
+ [0x260] = "CKM_SHA384",
+ [0x261] = "CKM_SHA384_HMAC",
+ [0x262] = "CKM_SHA384_HMAC_GENERAL",
+ [0x270] = "CKM_SHA512",
+ [0x271] = "CKM_SHA512_HMAC",
+ [0x272] = "CKM_SHA512_HMAC_GENERAL",
+ [0x300] = "CKM_CAST_KEY_GEN",
+ [0x301] = "CKM_CAST_ECB",
+ [0x302] = "CKM_CAST_CBC",
+ [0x303] = "CKM_CAST_MAC",
+ [0x304] = "CKM_CAST_MAC_GENERAL",
+ [0x305] = "CKM_CAST_CBC_PAD",
+ [0x310] = "CKM_CAST3_KEY_GEN",
+ [0x311] = "CKM_CAST3_ECB",
+ [0x312] = "CKM_CAST3_CBC",
+ [0x313] = "CKM_CAST3_MAC",
+ [0x314] = "CKM_CAST3_MAC_GENERAL",
+ [0x315] = "CKM_CAST3_CBC_PAD",
+ [0x320] = "CKM_CAST128_KEY_GEN",
+ [0x321] = "CKM_CAST128_ECB",
+ [0x322] = "CKM_CAST128_CBC",
+ [0x323] = "CKM_CAST128_MAC",
+ [0x324] = "CKM_CAST128_MAC_GENERAL",
+ [0x325] = "CKM_CAST128_CBC_PAD",
+ [0x330] = "CKM_RC5_KEY_GEN",
+ [0x331] = "CKM_RC5_ECB",
+ [0x332] = "CKM_RC5_CBC",
+ [0x333] = "CKM_RC5_MAC",
+ [0x334] = "CKM_RC5_MAC_GENERAL",
+ [0x335] = "CKM_RC5_CBC_PAD",
+ [0x340] = "CKM_IDEA_KEY_GEN",
+ [0x341] = "CKM_IDEA_ECB",
+ [0x342] = "CKM_IDEA_CBC",
+ [0x343] = "CKM_IDEA_MAC",
+ [0x344] = "CKM_IDEA_MAC_GENERAL",
+ [0x345] = "CKM_IDEA_CBC_PAD",
+ [0x350] = "CKM_GENERIC_SECRET_KEY_GEN",
+ [0x360] = "CKM_CONCATENATE_BASE_AND_KEY",
+ [0x362] = "CKM_CONCATENATE_BASE_AND_DATA",
+ [0x363] = "CKM_CONCATENATE_DATA_AND_BASE",
+ [0x364] = "CKM_XOR_BASE_AND_DATA",
+ [0x365] = "CKM_EXTRACT_KEY_FROM_KEY",
+ [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN",
+ [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE",
+ [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE",
+ [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH",
+ [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN",
+ [0x375] = "CKM_TLS_MASTER_KEY_DERIVE",
+ [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE",
+ [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH",
+ [0x380] = "CKM_SSL3_MD5_MAC",
+ [0x381] = "CKM_SSL3_SHA1_MAC",
+ [0x390] = "CKM_MD5_KEY_DERIVATION",
+ [0x391] = "CKM_MD2_KEY_DERIVATION",
+ [0x392] = "CKM_SHA1_KEY_DERIVATION",
+ [0x3a0] = "CKM_PBE_MD2_DES_CBC",
+ [0x3a1] = "CKM_PBE_MD5_DES_CBC",
+ [0x3a2] = "CKM_PBE_MD5_CAST_CBC",
+ [0x3a3] = "CKM_PBE_MD5_CAST3_CBC",
+ [0x3a4] = "CKM_PBE_MD5_CAST128_CBC",
+ [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC",
+ [0x3a6] = "CKM_PBE_SHA1_RC4_128",
+ [0x3a7] = "CKM_PBE_SHA1_RC4_40",
+ [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC",
+ [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC",
+ [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC",
+ [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC",
+ [0x3b0] = "CKM_PKCS5_PBKD2",
+ [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC",
+ [0x400] = "CKM_KEY_WRAP_LYNKS",
+ [0x401] = "CKM_KEY_WRAP_SET_OAEP",
+ [0x1000] = "CKM_SKIPJACK_KEY_GEN",
+ [0x1001] = "CKM_SKIPJACK_ECB64",
+ [0x1002] = "CKM_SKIPJACK_CBC64",
+ [0x1003] = "CKM_SKIPJACK_OFB64",
+ [0x1004] = "CKM_SKIPJACK_CFB64",
+ [0x1005] = "CKM_SKIPJACK_CFB32",
+ [0x1006] = "CKM_SKIPJACK_CFB16",
+ [0x1007] = "CKM_SKIPJACK_CFB8",
+ [0x1008] = "CKM_SKIPJACK_WRAP",
+ [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP",
+ [0x100a] = "CKM_SKIPJACK_RELAYX",
+ [0x1010] = "CKM_KEA_KEY_PAIR_GEN",
+ [0x1011] = "CKM_KEA_KEY_DERIVE",
+ [0x1020] = "CKM_FORTEZZA_TIMESTAMP",
+ [0x1030] = "CKM_BATON_KEY_GEN",
+ [0x1031] = "CKM_BATON_ECB128",
+ [0x1032] = "CKM_BATON_ECB96",
+ [0x1033] = "CKM_BATON_CBC128",
+ [0x1034] = "CKM_BATON_COUNTER",
+ [0x1035] = "CKM_BATON_SHUFFLE",
+ [0x1036] = "CKM_BATON_WRAP",
+ [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN",
+ [0x1041] = "CKM_ECDSA",
+ [0x1042] = "CKM_ECDSA_SHA1",
+ [0x1050] = "CKM_ECDH1_DERIVE",
+ [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE",
+ [0x1052] = "CKM_ECMQV_DERIVE",
+ [0x1060] = "CKM_JUNIPER_KEY_GEN",
+ [0x1061] = "CKM_JUNIPER_ECB128",
+ [0x1062] = "CKM_JUNIPER_CBC128",
+ [0x1063] = "CKM_JUNIPER_COUNTER",
+ [0x1064] = "CKM_JUNIPER_SHUFFLE",
+ [0x1065] = "CKM_JUNIPER_WRAP",
+ [0x1070] = "CKM_FASTHASH",
+ [0x1080] = "CKM_AES_KEY_GEN",
+ [0x1081] = "CKM_AES_ECB",
+ [0x1082] = "CKM_AES_CBC",
+ [0x1083] = "CKM_AES_MAC",
+ [0x1084] = "CKM_AES_MAC_GENERAL",
+ [0x1085] = "CKM_AES_CBC_PAD",
+ [0x2000] = "CKM_DSA_PARAMETER_GEN",
+ [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN",
+ [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN"
+};
+
+void
+pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login,
+ common_info_st* info)
+{
+ int ret;
+ int idx;
+ unsigned int obj_flags = 0;
+ unsigned long mechanism;
+ const char* str;
+
+ if (login)
+ obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
+
+ pkcs11_common ();
+
+ if (url == NULL)
+ url = "pkcs11:";
+
+ idx = 0;
+ do
+ {
+ ret = gnutls_pkcs11_token_get_mechanism(url, idx++, &mechanism);
+ if (ret >= 0)
+ {
+ str = NULL;
+ if (mechanism <= sizeof(mech_list)/sizeof(mech_list[0]))
+ str = mech_list[mechanism];
+ if (str == NULL) str = "UNKNOWN";
+
+ fprintf(outfile, "[%.4lx] %s\n", mechanism, str);
+ }
+ } while(ret >= 0);
+
+
+ return;
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-19-g69d2584,
Nikos Mavrogiannopoulos <=