diff options
Diffstat (limited to 'src/pkcs11.c')
-rw-r--r-- | src/pkcs11.c | 1505 |
1 files changed, 743 insertions, 762 deletions
diff --git a/src/pkcs11.c b/src/pkcs11.c index c5dc1979c0..68a4ca5689 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -35,811 +35,792 @@ #include <common.h> void -pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, - common_info_st * info) +pkcs11_delete(FILE * outfile, const char *url, int batch, + unsigned int login, common_info_st * info) { - int ret; - unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - if (!batch) - { - pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, - GNUTLS_PKCS11_URL_LIB, info); - ret = - read_yesno ("Are you sure you want to delete those objects? (y/N): ", 0); - if (ret == 0) - { - exit (1); - } - } - - ret = gnutls_pkcs11_delete_url (url, obj_flags); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "\n%d objects deleted\n", ret); - - return; + int ret; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + if (!batch) { + pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login, + GNUTLS_PKCS11_URL_LIB, info); + ret = + read_yesno + ("Are you sure you want to delete those objects? (y/N): ", + 0); + if (ret == 0) { + exit(1); + } + } + + ret = gnutls_pkcs11_delete_url(url, obj_flags); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\n%d objects deleted\n", ret); + + return; } /* lists certificates from a token */ void -pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, - unsigned int detailed, common_info_st * info) +pkcs11_list(FILE * outfile, const char *url, int type, unsigned int login, + unsigned int detailed, common_info_st * info) { - gnutls_pkcs11_obj_t *crt_list; - unsigned int crt_list_size = 0, i; - int ret, otype; - char *output; - int attrs; - unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common (); - - if (url == NULL) - url = "pkcs11:"; - - if (type == PKCS11_TYPE_TRUSTED) - { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; - } - else if (type == PKCS11_TYPE_PK) - { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; - } - else if (type == PKCS11_TYPE_CRT_ALL) - { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; - } - else if (type == PKCS11_TYPE_PRIVKEY) - { - attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; - } - else - { - attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; - } - - /* give some initial value to avoid asking for the pkcs11 pin twice. - */ - ret = gnutls_pkcs11_obj_list_import_url2 (&crt_list, &crt_list_size, url, - attrs, obj_flags); - if (ret < 0) - { - fprintf (stderr, "Error in crt_list_import (1): %s\n", - gnutls_strerror (ret)); - exit (1); - } - - if (crt_list_size == 0) - { - fprintf (stderr, "No matching objects found\n"); - exit (0); - } - - for (i = 0; i < crt_list_size; i++) - { - char buf[128]; - size_t size; - - ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output); - - otype = gnutls_pkcs11_obj_get_type(crt_list[i]); - fprintf (outfile, "\tType: %s\n", - gnutls_pkcs11_type_get_name (otype)); - - size = sizeof (buf); - ret = - gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, - &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - fprintf (outfile, "\tLabel: %s\n", buf); - - size = sizeof (buf); - ret = - gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, - buf, &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - fprintf (outfile, "\tID: %s\n\n", buf); - } - - return; + gnutls_pkcs11_obj_t *crt_list; + unsigned int crt_list_size = 0, i; + int ret, otype; + char *output; + int attrs; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common(); + + if (url == NULL) + url = "pkcs11:"; + + if (type == PKCS11_TYPE_TRUSTED) { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; + } else if (type == PKCS11_TYPE_PK) { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; + } else if (type == PKCS11_TYPE_CRT_ALL) { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; + } else if (type == PKCS11_TYPE_PRIVKEY) { + attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; + } else { + attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + } + + /* give some initial value to avoid asking for the pkcs11 pin twice. + */ + ret = + gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size, + url, attrs, obj_flags); + if (ret < 0) { + fprintf(stderr, "Error in crt_list_import (1): %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (crt_list_size == 0) { + fprintf(stderr, "No matching objects found\n"); + exit(0); + } + + for (i = 0; i < crt_list_size; i++) { + char buf[128]; + size_t size; + + ret = + gnutls_pkcs11_obj_export_url(crt_list[i], detailed, + &output); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "Object %d:\n\tURL: %s\n", i, output); + + otype = gnutls_pkcs11_obj_get_type(crt_list[i]); + fprintf(outfile, "\tType: %s\n", + gnutls_pkcs11_type_get_name(otype)); + + size = sizeof(buf); + ret = + gnutls_pkcs11_obj_get_info(crt_list[i], + GNUTLS_PKCS11_OBJ_LABEL, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + fprintf(outfile, "\tLabel: %s\n", buf); + + size = sizeof(buf); + ret = + gnutls_pkcs11_obj_get_info(crt_list[i], + GNUTLS_PKCS11_OBJ_ID_HEX, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + fprintf(outfile, "\tID: %s\n\n", buf); + } + + return; } void -pkcs11_export (FILE * outfile, const char *url, unsigned int login, - common_info_st * info) +pkcs11_export(FILE * outfile, const char *url, unsigned int login, + common_info_st * info) { - gnutls_pkcs11_obj_t crt; - gnutls_x509_crt_t xcrt; - gnutls_pubkey_t pubkey; - int ret; - size_t size; - unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common (); - - if (url == NULL) - url = "pkcs11:"; - - ret = gnutls_pkcs11_obj_init (&crt); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_pkcs11_obj_import_url (crt, url, obj_flags); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - switch (gnutls_pkcs11_obj_get_type (crt)) - { - case GNUTLS_PKCS11_OBJ_X509_CRT: - ret = gnutls_x509_crt_init (&xcrt); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - size = buffer_size; - ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_x509_crt_deinit (xcrt); - break; - case GNUTLS_PKCS11_OBJ_PUBKEY: - ret = gnutls_pubkey_init (&pubkey); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - size = buffer_size; - ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_pubkey_deinit (pubkey); - break; - default: - { - gnutls_datum_t data, enc; - - size = buffer_size; - ret = gnutls_pkcs11_obj_export (crt, buffer, &size); - if (ret < 0) - { - break; - } - - data.data = buffer; - data.size = size; - - ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fwrite (enc.data, 1, enc.size, outfile); - - gnutls_free (enc.data); - break; - } - } - fputs ("\n\n", outfile); - - - gnutls_pkcs11_obj_deinit (crt); - - return; + gnutls_pkcs11_obj_t crt; + gnutls_x509_crt_t xcrt; + gnutls_pubkey_t pubkey; + int ret; + size_t size; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common(); + + if (url == NULL) + url = "pkcs11:"; + + ret = gnutls_pkcs11_obj_init(&crt); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_obj_import_url(crt, url, obj_flags); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + switch (gnutls_pkcs11_obj_get_type(crt)) { + case GNUTLS_PKCS11_OBJ_X509_CRT: + ret = gnutls_x509_crt_init(&xcrt); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import_pkcs11(xcrt, crt); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + size = buffer_size; + ret = + gnutls_x509_crt_export(xcrt, GNUTLS_X509_FMT_PEM, + buffer, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + fwrite(buffer, 1, size, outfile); + + gnutls_x509_crt_deinit(xcrt); + break; + case GNUTLS_PKCS11_OBJ_PUBKEY: + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_import_pkcs11(pubkey, crt, 0); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + size = buffer_size; + ret = + gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, + buffer, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + fwrite(buffer, 1, size, outfile); + + gnutls_pubkey_deinit(pubkey); + break; + default: + { + gnutls_datum_t data, enc; + + size = buffer_size; + ret = gnutls_pkcs11_obj_export(crt, buffer, &size); + if (ret < 0) { + break; + } + + data.data = buffer; + data.size = size; + + ret = + gnutls_pem_base64_encode_alloc("DATA", &data, + &enc); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", + __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + fwrite(enc.data, 1, enc.size, outfile); + + gnutls_free(enc.data); + break; + } + } + fputs("\n\n", outfile); + + + gnutls_pkcs11_obj_deinit(crt); + + return; } void -pkcs11_token_list (FILE * outfile, unsigned int detailed, - common_info_st * info) +pkcs11_token_list(FILE * outfile, unsigned int detailed, + common_info_st * info) { - int ret; - int i; - char *url; - char buf[128]; - size_t size; - - pkcs11_common (); - - for (i = 0;; i++) - { - ret = gnutls_pkcs11_token_get_url (i, detailed, &url); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url); - - size = sizeof (buf); - ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf, - &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "\tLabel: %s\n", buf); - - size = sizeof (buf); - ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, - buf, &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "\tManufacturer: %s\n", buf); - - size = sizeof (buf); - ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf, - &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "\tModel: %s\n", buf); - - size = sizeof (buf); - ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, - &size); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fprintf (outfile, "\tSerial: %s\n", buf); - fprintf (outfile, "\n\n"); - - gnutls_free (url); - - } - - return; + int ret; + int i; + char *url; + char buf[128]; + size_t size; + + pkcs11_common(); + + for (i = 0;; i++) { + ret = gnutls_pkcs11_token_get_url(i, detailed, &url); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "Token %d:\n\tURL: %s\n", i, url); + + size = sizeof(buf); + ret = + gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_LABEL, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\tLabel: %s\n", buf); + + size = sizeof(buf); + ret = + gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_MANUFACTURER, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\tManufacturer: %s\n", buf); + + size = sizeof(buf); + ret = + gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_MODEL, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\tModel: %s\n", buf); + + size = sizeof(buf); + ret = + gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_SERIAL, + buf, &size); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(outfile, "\tSerial: %s\n", buf); + fprintf(outfile, "\n\n"); + + gnutls_free(url); + + } + + return; } void -pkcs11_write (FILE * outfile, const char *url, const char *label, - int trusted, int private, - unsigned int login, common_info_st * info) +pkcs11_write(FILE * outfile, const char *url, const char *label, + int trusted, int private, + unsigned int login, common_info_st * info) { - gnutls_x509_crt_t xcrt; - gnutls_x509_privkey_t xkey; - int ret; - unsigned int flags = 0; - unsigned int key_usage = 0; - gnutls_datum_t *secret_key; - - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common (); - - if (url == NULL) - url = "pkcs11:"; - - secret_key = load_secret_key (0, info); - if (secret_key != NULL) - { - ret = - gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage, - flags | - GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - } - - if (private == 1) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; - else if (private == 0) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; - - xcrt = load_cert (0, info); - if (xcrt != NULL) - { - if (trusted) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO; - - ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL); - } - - xkey = load_x509_private_key (0, info); - if (xkey != NULL) - { - ret = - gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage, - flags | - GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - } - - if (xkey == NULL && xcrt == NULL && secret_key == NULL) - { - fprintf (stderr, - "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n"); - exit (1); - } - - return; + gnutls_x509_crt_t xcrt; + gnutls_x509_privkey_t xkey; + int ret; + unsigned int flags = 0; + unsigned int key_usage = 0; + gnutls_datum_t *secret_key; + + if (login) + flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common(); + + if (url == NULL) + url = "pkcs11:"; + + secret_key = load_secret_key(0, info); + if (secret_key != NULL) { + ret = + gnutls_pkcs11_copy_secret_key(url, secret_key, label, + key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + } + + if (private == 1) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; + else if (private == 0) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; + + xcrt = load_cert(0, info); + if (xcrt != NULL) { + if (trusted) + flags |= + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO; + + ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL); + } + + xkey = load_x509_private_key(0, info); + if (xkey != NULL) { + ret = + gnutls_pkcs11_copy_x509_privkey(url, xkey, label, + key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, + __LINE__, gnutls_strerror(ret)); + exit(1); + } + } + + if (xkey == NULL && xcrt == NULL && secret_key == NULL) { + fprintf(stderr, + "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n"); + exit(1); + } + + return; } void -pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, - unsigned int bits, - const char *label, int private, int detailed, - unsigned int login, common_info_st * info) +pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk, + unsigned int bits, + const char *label, int private, int detailed, + unsigned int login, common_info_st * info) { - int ret; - unsigned int flags = 0; - gnutls_datum_t pubkey; - - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common (); - - if (url == NULL) - url = "pkcs11:"; - - if (private == 1) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; - else if (private == 0) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; - - ret = gnutls_pkcs11_privkey_generate2(url, pk, bits, label, GNUTLS_X509_FMT_PEM, - &pubkey, flags); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - if (login == 0) - fprintf(stderr, "Note that --login was not specified and it may be required for generation.\n"); - else if (bits != 1024) - fprintf (stderr, "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n"); - exit(1); - } - - fwrite (pubkey.data, 1, pubkey.size, outfile); - gnutls_free(pubkey.data); - - return; + int ret; + unsigned int flags = 0; + gnutls_datum_t pubkey; + + if (login) + flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common(); + + if (url == NULL) + url = "pkcs11:"; + + if (private == 1) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; + else if (private == 0) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; + + ret = + gnutls_pkcs11_privkey_generate2(url, pk, bits, label, + GNUTLS_X509_FMT_PEM, &pubkey, + flags); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + if (login == 0) + fprintf(stderr, + "Note that --login was not specified and it may be required for generation.\n"); + else if (bits != 1024) + fprintf(stderr, + "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n"); + exit(1); + } + + fwrite(pubkey.data, 1, pubkey.size, outfile); + gnutls_free(pubkey.data); + + return; } void -pkcs11_init (FILE * outfile, const char *url, const char *label, - common_info_st * info) +pkcs11_init(FILE * outfile, const char *url, const char *label, + common_info_st * info) { - int ret; - char *pin; - char so_pin[32]; - - pkcs11_common (); - - if (url == NULL) - { - fprintf (stderr, "No token URL given to initialize!\n"); - exit (1); - } - - pin = getpass ("Enter Security Officer's PIN: "); - if (pin == NULL) - exit (1); - - if (strlen(pin) >= sizeof(so_pin)) - exit (1); - - strcpy (so_pin, pin); - - pin = getpass ("Enter new User's PIN: "); - if (pin == NULL) - exit (1); - - ret = gnutls_pkcs11_token_init (url, so_pin, label); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - ret = gnutls_pkcs11_token_set_pin (url, NULL, pin, GNUTLS_PIN_USER); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - return; + int ret; + char *pin; + char so_pin[32]; + + pkcs11_common(); + + if (url == NULL) { + fprintf(stderr, "No token URL given to initialize!\n"); + exit(1); + } + + pin = getpass("Enter Security Officer's PIN: "); + if (pin == NULL) + exit(1); + + if (strlen(pin) >= sizeof(so_pin)) + exit(1); + + strcpy(so_pin, pin); + + pin = getpass("Enter new User's PIN: "); + if (pin == NULL) + exit(1); + + ret = gnutls_pkcs11_token_init(url, so_pin, label); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(url, NULL, pin, GNUTLS_PIN_USER); + if (ret < 0) { + fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + return; } const char *mech_list[] = { - [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN", - [1] = "CKM_RSA_PKCS", - [2] = "CKM_RSA_9796", - [3] = "CKM_RSA_X_509", - [4] = "CKM_MD2_RSA_PKCS", - [5] = "CKM_MD5_RSA_PKCS", - [6] = "CKM_SHA1_RSA_PKCS", - [7] = "CKM_RIPEMD128_RSA_PKCS", - [8] = "CKM_RIPEMD160_RSA_PKCS", - [9] = "CKM_RSA_PKCS_OAEP", - [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN", - [0xb] = "CKM_RSA_X9_31", - [0xc] = "CKM_SHA1_RSA_X9_31", - [0xd] = "CKM_RSA_PKCS_PSS", - [0xe] = "CKM_SHA1_RSA_PKCS_PSS", - [0x10] = "CKM_DSA_KEY_PAIR_GEN", - [0x11] = "CKM_DSA", - [0x12] = "CKM_DSA_SHA1", - [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN", - [0x21] = "CKM_DH_PKCS_DERIVE", - [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN", - [0x31] = "CKM_X9_42_DH_DERIVE", - [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE", - [0x33] = "CKM_X9_42_MQV_DERIVE", - [0x40] = "CKM_SHA256_RSA_PKCS", - [0x41] = "CKM_SHA384_RSA_PKCS", - [0x42] = "CKM_SHA512_RSA_PKCS", - [0x43] = "CKM_SHA256_RSA_PKCS_PSS", - [0x44] = "CKM_SHA384_RSA_PKCS_PSS", - [0x45] = "CKM_SHA512_RSA_PKCS_PSS", - [0x100] = "CKM_RC2_KEY_GEN", - [0x101] = "CKM_RC2_ECB", - [0x102] = "CKM_RC2_CBC", - [0x103] = "CKM_RC2_MAC", - [0x104] = "CKM_RC2_MAC_GENERAL", - [0x105] = "CKM_RC2_CBC_PAD", - [0x110] = "CKM_RC4_KEY_GEN", - [0x111] = "CKM_RC4", - [0x120] = "CKM_DES_KEY_GEN", - [0x121] = "CKM_DES_ECB", - [0x122] = "CKM_DES_CBC", - [0x123] = "CKM_DES_MAC", - [0x124] = "CKM_DES_MAC_GENERAL", - [0x125] = "CKM_DES_CBC_PAD", - [0x130] = "CKM_DES2_KEY_GEN", - [0x131] = "CKM_DES3_KEY_GEN", - [0x132] = "CKM_DES3_ECB", - [0x133] = "CKM_DES3_CBC", - [0x134] = "CKM_DES3_MAC", - [0x135] = "CKM_DES3_MAC_GENERAL", - [0x136] = "CKM_DES3_CBC_PAD", - [0x140] = "CKM_CDMF_KEY_GEN", - [0x141] = "CKM_CDMF_ECB", - [0x142] = "CKM_CDMF_CBC", - [0x143] = "CKM_CDMF_MAC", - [0x144] = "CKM_CDMF_MAC_GENERAL", - [0x145] = "CKM_CDMF_CBC_PAD", - [0x200] = "CKM_MD2", - [0x201] = "CKM_MD2_HMAC", - [0x202] = "CKM_MD2_HMAC_GENERAL", - [0x210] = "CKM_MD5", - [0x211] = "CKM_MD5_HMAC", - [0x212] = "CKM_MD5_HMAC_GENERAL", - [0x220] = "CKM_SHA_1", - [0x221] = "CKM_SHA_1_HMAC", - [0x222] = "CKM_SHA_1_HMAC_GENERAL", - [0x230] = "CKM_RIPEMD128", - [0x231] = "CKM_RIPEMD128_HMAC", - [0x232] = "CKM_RIPEMD128_HMAC_GENERAL", - [0x240] = "CKM_RIPEMD160", - [0x241] = "CKM_RIPEMD160_HMAC", - [0x242] = "CKM_RIPEMD160_HMAC_GENERAL", - [0x250] = "CKM_SHA256", - [0x251] = "CKM_SHA256_HMAC", - [0x252] = "CKM_SHA256_HMAC_GENERAL", - [0x260] = "CKM_SHA384", - [0x261] = "CKM_SHA384_HMAC", - [0x262] = "CKM_SHA384_HMAC_GENERAL", - [0x270] = "CKM_SHA512", - [0x271] = "CKM_SHA512_HMAC", - [0x272] = "CKM_SHA512_HMAC_GENERAL", - [0x300] = "CKM_CAST_KEY_GEN", - [0x301] = "CKM_CAST_ECB", - [0x302] = "CKM_CAST_CBC", - [0x303] = "CKM_CAST_MAC", - [0x304] = "CKM_CAST_MAC_GENERAL", - [0x305] = "CKM_CAST_CBC_PAD", - [0x310] = "CKM_CAST3_KEY_GEN", - [0x311] = "CKM_CAST3_ECB", - [0x312] = "CKM_CAST3_CBC", - [0x313] = "CKM_CAST3_MAC", - [0x314] = "CKM_CAST3_MAC_GENERAL", - [0x315] = "CKM_CAST3_CBC_PAD", - [0x320] = "CKM_CAST128_KEY_GEN", - [0x321] = "CKM_CAST128_ECB", - [0x322] = "CKM_CAST128_CBC", - [0x323] = "CKM_CAST128_MAC", - [0x324] = "CKM_CAST128_MAC_GENERAL", - [0x325] = "CKM_CAST128_CBC_PAD", - [0x330] = "CKM_RC5_KEY_GEN", - [0x331] = "CKM_RC5_ECB", - [0x332] = "CKM_RC5_CBC", - [0x333] = "CKM_RC5_MAC", - [0x334] = "CKM_RC5_MAC_GENERAL", - [0x335] = "CKM_RC5_CBC_PAD", - [0x340] = "CKM_IDEA_KEY_GEN", - [0x341] = "CKM_IDEA_ECB", - [0x342] = "CKM_IDEA_CBC", - [0x343] = "CKM_IDEA_MAC", - [0x344] = "CKM_IDEA_MAC_GENERAL", - [0x345] = "CKM_IDEA_CBC_PAD", - [0x350] = "CKM_GENERIC_SECRET_KEY_GEN", - [0x360] = "CKM_CONCATENATE_BASE_AND_KEY", - [0x362] = "CKM_CONCATENATE_BASE_AND_DATA", - [0x363] = "CKM_CONCATENATE_DATA_AND_BASE", - [0x364] = "CKM_XOR_BASE_AND_DATA", - [0x365] = "CKM_EXTRACT_KEY_FROM_KEY", - [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN", - [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE", - [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE", - [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH", - [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN", - [0x375] = "CKM_TLS_MASTER_KEY_DERIVE", - [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE", - [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH", - [0x380] = "CKM_SSL3_MD5_MAC", - [0x381] = "CKM_SSL3_SHA1_MAC", - [0x390] = "CKM_MD5_KEY_DERIVATION", - [0x391] = "CKM_MD2_KEY_DERIVATION", - [0x392] = "CKM_SHA1_KEY_DERIVATION", - [0x3a0] = "CKM_PBE_MD2_DES_CBC", - [0x3a1] = "CKM_PBE_MD5_DES_CBC", - [0x3a2] = "CKM_PBE_MD5_CAST_CBC", - [0x3a3] = "CKM_PBE_MD5_CAST3_CBC", - [0x3a4] = "CKM_PBE_MD5_CAST128_CBC", - [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC", - [0x3a6] = "CKM_PBE_SHA1_RC4_128", - [0x3a7] = "CKM_PBE_SHA1_RC4_40", - [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC", - [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC", - [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC", - [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC", - [0x3b0] = "CKM_PKCS5_PBKD2", - [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC", - [0x400] = "CKM_KEY_WRAP_LYNKS", - [0x401] = "CKM_KEY_WRAP_SET_OAEP", - [0x1000] = "CKM_SKIPJACK_KEY_GEN", - [0x1001] = "CKM_SKIPJACK_ECB64", - [0x1002] = "CKM_SKIPJACK_CBC64", - [0x1003] = "CKM_SKIPJACK_OFB64", - [0x1004] = "CKM_SKIPJACK_CFB64", - [0x1005] = "CKM_SKIPJACK_CFB32", - [0x1006] = "CKM_SKIPJACK_CFB16", - [0x1007] = "CKM_SKIPJACK_CFB8", - [0x1008] = "CKM_SKIPJACK_WRAP", - [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP", - [0x100a] = "CKM_SKIPJACK_RELAYX", - [0x1010] = "CKM_KEA_KEY_PAIR_GEN", - [0x1011] = "CKM_KEA_KEY_DERIVE", - [0x1020] = "CKM_FORTEZZA_TIMESTAMP", - [0x1030] = "CKM_BATON_KEY_GEN", - [0x1031] = "CKM_BATON_ECB128", - [0x1032] = "CKM_BATON_ECB96", - [0x1033] = "CKM_BATON_CBC128", - [0x1034] = "CKM_BATON_COUNTER", - [0x1035] = "CKM_BATON_SHUFFLE", - [0x1036] = "CKM_BATON_WRAP", - [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN", - [0x1041] = "CKM_ECDSA", - [0x1042] = "CKM_ECDSA_SHA1", - [0x1050] = "CKM_ECDH1_DERIVE", - [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE", - [0x1052] = "CKM_ECMQV_DERIVE", - [0x1060] = "CKM_JUNIPER_KEY_GEN", - [0x1061] = "CKM_JUNIPER_ECB128", - [0x1062] = "CKM_JUNIPER_CBC128", - [0x1063] = "CKM_JUNIPER_COUNTER", - [0x1064] = "CKM_JUNIPER_SHUFFLE", - [0x1065] = "CKM_JUNIPER_WRAP", - [0x1070] = "CKM_FASTHASH", - [0x1080] = "CKM_AES_KEY_GEN", - [0x1081] = "CKM_AES_ECB", - [0x1082] = "CKM_AES_CBC", - [0x1083] = "CKM_AES_MAC", - [0x1084] = "CKM_AES_MAC_GENERAL", - [0x1085] = "CKM_AES_CBC_PAD", - [0x2000] = "CKM_DSA_PARAMETER_GEN", - [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN", - [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN", - [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN", - [0x1201] = "CKM_GOSTR3410", - [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411", - [0x1203] = "CKM_GOSTR3410_KEY_WRAP", - [0x1204] = "CKM_GOSTR3410_DERIVE", - [0x1210] = "CKM_GOSTR3411", - [0x1211] = "CKM_GOSTR3411_HMAC", - [0x255] = "CKM_SHA224", - [0x256] = "CKM_SHA224_HMAC", - [0x257] = "CKM_SHA224_HMAC_GENERAL", - [0x46] = "CKM_SHA224_RSA_PKCS", - [0x47] = "CKM_SHA224_RSA_PKCS_PSS", - [0x396] = "CKM_SHA224_KEY_DERIVATION", - [0x550] = "CKM_CAMELLIA_KEY_GEN", - [0x551] = "CKM_CAMELLIA_ECB", - [0x552] = "CKM_CAMELLIA_CBC", - [0x553] = "CKM_CAMELLIA_MAC", - [0x554] = "CKM_CAMELLIA_MAC_GENERAL", - [0x555] = "CKM_CAMELLIA_CBC_PAD", - [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA", - [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA" + [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN", + [1] = "CKM_RSA_PKCS", + [2] = "CKM_RSA_9796", + [3] = "CKM_RSA_X_509", + [4] = "CKM_MD2_RSA_PKCS", + [5] = "CKM_MD5_RSA_PKCS", + [6] = "CKM_SHA1_RSA_PKCS", + [7] = "CKM_RIPEMD128_RSA_PKCS", + [8] = "CKM_RIPEMD160_RSA_PKCS", + [9] = "CKM_RSA_PKCS_OAEP", + [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN", + [0xb] = "CKM_RSA_X9_31", + [0xc] = "CKM_SHA1_RSA_X9_31", + [0xd] = "CKM_RSA_PKCS_PSS", + [0xe] = "CKM_SHA1_RSA_PKCS_PSS", + [0x10] = "CKM_DSA_KEY_PAIR_GEN", + [0x11] = "CKM_DSA", + [0x12] = "CKM_DSA_SHA1", + [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN", + [0x21] = "CKM_DH_PKCS_DERIVE", + [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN", + [0x31] = "CKM_X9_42_DH_DERIVE", + [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE", + [0x33] = "CKM_X9_42_MQV_DERIVE", + [0x40] = "CKM_SHA256_RSA_PKCS", + [0x41] = "CKM_SHA384_RSA_PKCS", + [0x42] = "CKM_SHA512_RSA_PKCS", + [0x43] = "CKM_SHA256_RSA_PKCS_PSS", + [0x44] = "CKM_SHA384_RSA_PKCS_PSS", + [0x45] = "CKM_SHA512_RSA_PKCS_PSS", + [0x100] = "CKM_RC2_KEY_GEN", + [0x101] = "CKM_RC2_ECB", + [0x102] = "CKM_RC2_CBC", + [0x103] = "CKM_RC2_MAC", + [0x104] = "CKM_RC2_MAC_GENERAL", + [0x105] = "CKM_RC2_CBC_PAD", + [0x110] = "CKM_RC4_KEY_GEN", + [0x111] = "CKM_RC4", + [0x120] = "CKM_DES_KEY_GEN", + [0x121] = "CKM_DES_ECB", + [0x122] = "CKM_DES_CBC", + [0x123] = "CKM_DES_MAC", + [0x124] = "CKM_DES_MAC_GENERAL", + [0x125] = "CKM_DES_CBC_PAD", + [0x130] = "CKM_DES2_KEY_GEN", + [0x131] = "CKM_DES3_KEY_GEN", + [0x132] = "CKM_DES3_ECB", + [0x133] = "CKM_DES3_CBC", + [0x134] = "CKM_DES3_MAC", + [0x135] = "CKM_DES3_MAC_GENERAL", + [0x136] = "CKM_DES3_CBC_PAD", + [0x140] = "CKM_CDMF_KEY_GEN", + [0x141] = "CKM_CDMF_ECB", + [0x142] = "CKM_CDMF_CBC", + [0x143] = "CKM_CDMF_MAC", + [0x144] = "CKM_CDMF_MAC_GENERAL", + [0x145] = "CKM_CDMF_CBC_PAD", + [0x200] = "CKM_MD2", + [0x201] = "CKM_MD2_HMAC", + [0x202] = "CKM_MD2_HMAC_GENERAL", + [0x210] = "CKM_MD5", + [0x211] = "CKM_MD5_HMAC", + [0x212] = "CKM_MD5_HMAC_GENERAL", + [0x220] = "CKM_SHA_1", + [0x221] = "CKM_SHA_1_HMAC", + [0x222] = "CKM_SHA_1_HMAC_GENERAL", + [0x230] = "CKM_RIPEMD128", + [0x231] = "CKM_RIPEMD128_HMAC", + [0x232] = "CKM_RIPEMD128_HMAC_GENERAL", + [0x240] = "CKM_RIPEMD160", + [0x241] = "CKM_RIPEMD160_HMAC", + [0x242] = "CKM_RIPEMD160_HMAC_GENERAL", + [0x250] = "CKM_SHA256", + [0x251] = "CKM_SHA256_HMAC", + [0x252] = "CKM_SHA256_HMAC_GENERAL", + [0x260] = "CKM_SHA384", + [0x261] = "CKM_SHA384_HMAC", + [0x262] = "CKM_SHA384_HMAC_GENERAL", + [0x270] = "CKM_SHA512", + [0x271] = "CKM_SHA512_HMAC", + [0x272] = "CKM_SHA512_HMAC_GENERAL", + [0x300] = "CKM_CAST_KEY_GEN", + [0x301] = "CKM_CAST_ECB", + [0x302] = "CKM_CAST_CBC", + [0x303] = "CKM_CAST_MAC", + [0x304] = "CKM_CAST_MAC_GENERAL", + [0x305] = "CKM_CAST_CBC_PAD", + [0x310] = "CKM_CAST3_KEY_GEN", + [0x311] = "CKM_CAST3_ECB", + [0x312] = "CKM_CAST3_CBC", + [0x313] = "CKM_CAST3_MAC", + [0x314] = "CKM_CAST3_MAC_GENERAL", + [0x315] = "CKM_CAST3_CBC_PAD", + [0x320] = "CKM_CAST128_KEY_GEN", + [0x321] = "CKM_CAST128_ECB", + [0x322] = "CKM_CAST128_CBC", + [0x323] = "CKM_CAST128_MAC", + [0x324] = "CKM_CAST128_MAC_GENERAL", + [0x325] = "CKM_CAST128_CBC_PAD", + [0x330] = "CKM_RC5_KEY_GEN", + [0x331] = "CKM_RC5_ECB", + [0x332] = "CKM_RC5_CBC", + [0x333] = "CKM_RC5_MAC", + [0x334] = "CKM_RC5_MAC_GENERAL", + [0x335] = "CKM_RC5_CBC_PAD", + [0x340] = "CKM_IDEA_KEY_GEN", + [0x341] = "CKM_IDEA_ECB", + [0x342] = "CKM_IDEA_CBC", + [0x343] = "CKM_IDEA_MAC", + [0x344] = "CKM_IDEA_MAC_GENERAL", + [0x345] = "CKM_IDEA_CBC_PAD", + [0x350] = "CKM_GENERIC_SECRET_KEY_GEN", + [0x360] = "CKM_CONCATENATE_BASE_AND_KEY", + [0x362] = "CKM_CONCATENATE_BASE_AND_DATA", + [0x363] = "CKM_CONCATENATE_DATA_AND_BASE", + [0x364] = "CKM_XOR_BASE_AND_DATA", + [0x365] = "CKM_EXTRACT_KEY_FROM_KEY", + [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN", + [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE", + [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE", + [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH", + [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN", + [0x375] = "CKM_TLS_MASTER_KEY_DERIVE", + [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE", + [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH", + [0x380] = "CKM_SSL3_MD5_MAC", + [0x381] = "CKM_SSL3_SHA1_MAC", + [0x390] = "CKM_MD5_KEY_DERIVATION", + [0x391] = "CKM_MD2_KEY_DERIVATION", + [0x392] = "CKM_SHA1_KEY_DERIVATION", + [0x3a0] = "CKM_PBE_MD2_DES_CBC", + [0x3a1] = "CKM_PBE_MD5_DES_CBC", + [0x3a2] = "CKM_PBE_MD5_CAST_CBC", + [0x3a3] = "CKM_PBE_MD5_CAST3_CBC", + [0x3a4] = "CKM_PBE_MD5_CAST128_CBC", + [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC", + [0x3a6] = "CKM_PBE_SHA1_RC4_128", + [0x3a7] = "CKM_PBE_SHA1_RC4_40", + [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC", + [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC", + [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC", + [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC", + [0x3b0] = "CKM_PKCS5_PBKD2", + [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC", + [0x400] = "CKM_KEY_WRAP_LYNKS", + [0x401] = "CKM_KEY_WRAP_SET_OAEP", + [0x1000] = "CKM_SKIPJACK_KEY_GEN", + [0x1001] = "CKM_SKIPJACK_ECB64", + [0x1002] = "CKM_SKIPJACK_CBC64", + [0x1003] = "CKM_SKIPJACK_OFB64", + [0x1004] = "CKM_SKIPJACK_CFB64", + [0x1005] = "CKM_SKIPJACK_CFB32", + [0x1006] = "CKM_SKIPJACK_CFB16", + [0x1007] = "CKM_SKIPJACK_CFB8", + [0x1008] = "CKM_SKIPJACK_WRAP", + [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP", + [0x100a] = "CKM_SKIPJACK_RELAYX", + [0x1010] = "CKM_KEA_KEY_PAIR_GEN", + [0x1011] = "CKM_KEA_KEY_DERIVE", + [0x1020] = "CKM_FORTEZZA_TIMESTAMP", + [0x1030] = "CKM_BATON_KEY_GEN", + [0x1031] = "CKM_BATON_ECB128", + [0x1032] = "CKM_BATON_ECB96", + [0x1033] = "CKM_BATON_CBC128", + [0x1034] = "CKM_BATON_COUNTER", + [0x1035] = "CKM_BATON_SHUFFLE", + [0x1036] = "CKM_BATON_WRAP", + [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN", + [0x1041] = "CKM_ECDSA", + [0x1042] = "CKM_ECDSA_SHA1", + [0x1050] = "CKM_ECDH1_DERIVE", + [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE", + [0x1052] = "CKM_ECMQV_DERIVE", + [0x1060] = "CKM_JUNIPER_KEY_GEN", + [0x1061] = "CKM_JUNIPER_ECB128", + [0x1062] = "CKM_JUNIPER_CBC128", + [0x1063] = "CKM_JUNIPER_COUNTER", + [0x1064] = "CKM_JUNIPER_SHUFFLE", + [0x1065] = "CKM_JUNIPER_WRAP", + [0x1070] = "CKM_FASTHASH", + [0x1080] = "CKM_AES_KEY_GEN", + [0x1081] = "CKM_AES_ECB", + [0x1082] = "CKM_AES_CBC", + [0x1083] = "CKM_AES_MAC", + [0x1084] = "CKM_AES_MAC_GENERAL", + [0x1085] = "CKM_AES_CBC_PAD", + [0x2000] = "CKM_DSA_PARAMETER_GEN", + [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN", + [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN", + [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN", + [0x1201] = "CKM_GOSTR3410", + [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411", + [0x1203] = "CKM_GOSTR3410_KEY_WRAP", + [0x1204] = "CKM_GOSTR3410_DERIVE", + [0x1210] = "CKM_GOSTR3411", + [0x1211] = "CKM_GOSTR3411_HMAC", + [0x255] = "CKM_SHA224", + [0x256] = "CKM_SHA224_HMAC", + [0x257] = "CKM_SHA224_HMAC_GENERAL", + [0x46] = "CKM_SHA224_RSA_PKCS", + [0x47] = "CKM_SHA224_RSA_PKCS_PSS", + [0x396] = "CKM_SHA224_KEY_DERIVATION", + [0x550] = "CKM_CAMELLIA_KEY_GEN", + [0x551] = "CKM_CAMELLIA_ECB", + [0x552] = "CKM_CAMELLIA_CBC", + [0x553] = "CKM_CAMELLIA_MAC", + [0x554] = "CKM_CAMELLIA_MAC_GENERAL", + [0x555] = "CKM_CAMELLIA_CBC_PAD", + [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA", + [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA" }; void -pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login, - common_info_st * info) +pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int login, + common_info_st * info) { - int ret; - int idx; - unsigned long mechanism; - const char *str; - - pkcs11_common (); - - if (url == NULL) - url = "pkcs11:"; - - idx = 0; - do - { - ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism); - if (ret >= 0) - { - str = NULL; - if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0])) - str = mech_list[mechanism]; - if (str == NULL) - str = "UNKNOWN"; - - fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str); - } - } - while (ret >= 0); - - - return; + int ret; + int idx; + unsigned long mechanism; + const char *str; + + pkcs11_common(); + + if (url == NULL) + url = "pkcs11:"; + + idx = 0; + do { + ret = + gnutls_pkcs11_token_get_mechanism(url, idx++, + &mechanism); + if (ret >= 0) { + str = NULL; + if (mechanism <= + sizeof(mech_list) / sizeof(mech_list[0])) + str = mech_list[mechanism]; + if (str == NULL) + str = "UNKNOWN"; + + fprintf(outfile, "[0x%.4lx] %s\n", mechanism, str); + } + } + while (ret >= 0); + + + return; } void -pkcs11_get_random (FILE * outfile, const char *url, unsigned bytes, common_info_st * info) +pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes, + common_info_st * info) { - int ret; - uint8_t* output; + int ret; + uint8_t *output; - pkcs11_common (); + pkcs11_common(); - if (url == NULL) - url = "pkcs11:"; + if (url == NULL) + url = "pkcs11:"; - output = malloc(bytes); - if (output == NULL) - { - fprintf(stderr, "Memory error\n"); - exit(1); - } + output = malloc(bytes); + if (output == NULL) { + fprintf(stderr, "Memory error\n"); + exit(1); + } - ret = gnutls_pkcs11_token_get_random (url, output, bytes); - if (ret < 0) - { - fprintf(stderr, "gnutls_pkcs11_token_get_random: %s\n", gnutls_strerror(ret)); - exit(1); - } + ret = gnutls_pkcs11_token_get_random(url, output, bytes); + if (ret < 0) { + fprintf(stderr, "gnutls_pkcs11_token_get_random: %s\n", + gnutls_strerror(ret)); + exit(1); + } - fwrite(output, 1, bytes, outfile); + fwrite(output, 1, bytes, outfile); - return; + return; } |