if ENABLE_PKCS11
bin_PROGRAMS += p11tool
-PKCS11_SRCS = p11common.c p11common.h
-else
-PKCS11_SRCS =
endif
noinst_LTLIBRARIES =
udp-serv.c udp-serv.h \
socket.c socket.h \
common.h common.c \
- certtool-common.h \
- $(PKCS11_SRCS)
+ certtool-common.h
gnutls_serv_LDADD = ../lib/libgnutls.la
gnutls_serv_LDADD += libcmd-serv.la ../gl/libgnu.la $(LIBOPTS_LDADD) $(LTLIBINTL)
gnutls_serv_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB)
gnutls_cli_SOURCES = cli.c common.h common.c \
socket.c socket.h ocsptool-common.c \
- $(PKCS11_SRCS) $(BENCHMARK_SRCS)
+ $(BENCHMARK_SRCS)
gnutls_cli_LDADD = ../lib/libgnutls.la
gnutls_cli_LDADD += libcmd-cli.la ../gl/libgnu.la $(LIBOPTS_LDADD) $(LTLIBINTL)
gnutls_cli_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME) \
libcmd_cli_la_SOURCES = cli-args.def cli-args.c cli-args.h
gnutls_cli_debug_SOURCES = tls_test.c tests.h tests.c \
- socket.c socket.h common.h common.c \
- $(PKCS11_SRCS)
+ socket.c socket.h common.h common.c
gnutls_cli_debug_LDADD = ../lib/libgnutls.la libcmd-cli-debug.la
gnutls_cli_debug_LDADD += $(LIBOPTS_LDADD) $(LTLIBINTL)
gnutls_cli_debug_LDADD += ../gl/libgnu.la $(LIBSOCKET) $(GETADDRINFO_LIB)
#certtool
-certtool_SOURCES = certtool.c dh.c certtool-common.c certtool-extras.c $(PKCS11_SRCS)
+certtool_SOURCES = certtool.c dh.c certtool-common.c certtool-extras.c common.c
certtool_LDADD = ../lib/libgnutls.la
certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
# p11 tool
if ENABLE_PKCS11
-p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c certtool-extras.c p11tool.h $(PKCS11_SRCS)
+p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c \
+ certtool-extras.c p11tool.h common.c
p11tool_LDADD = ../lib/libgnutls.la $(LIBOPTS_LDADD) $(LTLIBINTL)
p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
if ENABLE_TROUSERS
-tpmtool_SOURCES = tpmtool-args.def tpmtool.c certtool-common.c certtool-extras.c
+tpmtool_SOURCES = tpmtool-args.def tpmtool.c certtool-common.c certtool-extras.c common.c
tpmtool_LDADD = ../lib/libgnutls.la $(LIBOPTS_LDADD) $(LTLIBINTL)
tpmtool_LDADD += libcmd-tpmtool.la ../gl/libgnu.la
#include <sys/stat.h>
#include <fcntl.h>
#include <error.h>
+#include <common.h>
#include "certtool-common.h"
#include "certtool-cfg.h"
}
}
-const char *
-raw_to_string (const unsigned char *raw, size_t raw_size)
-{
- static char buf[1024];
- size_t i;
- if (raw_size == 0)
- return NULL;
-
- if (raw_size * 3 + 1 >= sizeof (buf))
- return NULL;
-
- for (i = 0; i < raw_size; i++)
- {
- sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
- }
- buf[sizeof (buf) - 1] = '\0';
-
- return buf;
-}
-
void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey)
{
unsigned int usage;
FILE *safe_open_rw (const char *file, int privkey_op);
-const char *
-raw_to_string (const unsigned char *raw, size_t raw_size);
-
extern unsigned char buffer[];
extern const int buffer_size;
#include <version-etc.h>
#include <certtool-cfg.h>
-#include <p11common.h>
+#include <common.h>
#include "certtool-args.h"
#include "certtool-common.h"
{
crt_num = 1;
gnutls_x509_crt_init (&crt_list[0]);
+ gnutls_x509_crt_set_pin_function(crt_list[0], pin_callback, NULL);
ret =
gnutls_x509_crt_import_pkcs11_url (crt_list[0], x509_certfile, 0);
gnutls_strerror (ret));
exit (1);
}
- else if (gnutls_url_is_supported(x509_keyfile) != 0)
+
+ gnutls_privkey_set_pin_function(x509_key, pin_callback, NULL);
+
+ if (gnutls_url_is_supported(x509_keyfile) != 0)
{
ret =
gnutls_privkey_import_url (x509_key, x509_keyfile, 0);
exit (1);
}
+ gnutls_privkey_set_pin_function(pgp_key, pin_callback, NULL);
+
if (gnutls_url_is_supported (pgp_keyfile))
{
ret = gnutls_privkey_import_url( pgp_key, pgp_keyfile, 0);
}
#ifdef ENABLE_PKCS11
- pkcs11_common ();
+// pkcs11_common ();
#endif
if (hostname == NULL)
if (ret == 0)
{
/* print some information */
- print_info (socket->session, print_cert);
+ print_info (socket->session, print_cert, verbose);
socket->secure = 1;
}
else
fprintf (stderr, "Certificate allocation memory error\n");
exit (1);
}
+ gnutls_certificate_set_pin_function(xcred, pin_callback, NULL);
if (x509_cafile != NULL)
{
#include <time.h>
#include <common.h>
-#define SU(x) (x!=NULL?x:"Unknown")
+#ifdef ENABLE_PKCS11
+# include <gnutls/pkcs11.h>
+#endif
-extern int verbose;
+#define SU(x) (x!=NULL?x:"Unknown")
const char str_unknown[] = "(unknown)";
}
int
-print_info (gnutls_session_t session, int print_cert)
+print_info (gnutls_session_t session, int print_cert, int verbose)
{
const char *tmp;
gnutls_credentials_type_t cred;
}
return 0;
}
+
+#define MIN(x,y) ((x)<(y))?(x):(y)
+#define MAX_CACHE_TRIES 5
+int
+pin_callback (void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
+{
+ const char *password;
+ const char * desc;
+ int len, cache = MAX_CACHE_TRIES;
+/* allow caching of PIN */
+ static char *cached_url = NULL;
+ static char cached_pin[32] = "";
+
+ if (flags & GNUTLS_PKCS11_PIN_SO)
+ desc = "security officer";
+ else
+ desc = "user";
+
+ if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
+ {
+ cache = 0;
+ printf ("*** This is the final try before locking!\n");
+ }
+ if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
+ {
+ cache = 0;
+ printf ("*** Only few tries left before locking!\n");
+ }
+
+ if (flags & GNUTLS_PKCS11_PIN_WRONG)
+ {
+ cache = 0;
+ printf ("*** Wrong PIN has been provided!\n");
+ }
+
+ if (cache > 0 && cached_url != NULL)
+ {
+ if (strcmp (cached_url, token_url) == 0)
+ {
+ if (strlen(pin) >= sizeof(cached_pin))
+ {
+ fprintf (stderr, "Too long PIN given\n");
+ exit (1);
+ }
+
+ fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
+ strcpy (pin, cached_pin);
+ cache--;
+ return 0;
+ }
+ }
+
+ printf ("Token '%s' with URL '%s' ", token_label, token_url);
+ printf ("requires %s PIN\n", desc);
+
+ password = getpass ("Enter PIN: ");
+ if (password == NULL || password[0] == 0)
+ {
+ fprintf (stderr, "No password given\n");
+ exit (1);
+ }
+
+ len = MIN (pin_max, strlen (password));
+ memcpy (pin, password, len);
+ pin[len] = 0;
+
+ /* cache */
+ strcpy (cached_pin, pin);
+ free (cached_url);
+ cached_url = strdup (token_url);
+ cache = MAX_CACHE_TRIES;
+
+ return 0;
+}
+
+#ifdef ENABLE_PKCS11
+
+static int
+token_callback (void *user, const char *label, const unsigned retry)
+{
+ char buf[32];
+
+ if (retry > 0)
+ {
+ fprintf (stderr, "Could not find token %s\n", label);
+ return -1;
+ }
+ printf ("Please insert token '%s' in slot and press enter\n", label);
+ fgets (buf, sizeof (buf), stdin);
+
+ return 0;
+}
+
+void
+pkcs11_common (void)
+{
+
+ gnutls_pkcs11_set_pin_function (pin_callback, NULL);
+ gnutls_pkcs11_set_token_function (token_callback, NULL);
+
+}
+
+#endif
extern const char str_unknown[];
-int print_info (gnutls_session_t state, int print_cert);
+int print_info (gnutls_session_t state, int print_cert, int verbose);
void print_cert_info (gnutls_session_t, int flag, int print_cert);
void print_cert_info_compact (gnutls_session_t session);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
void pkcs11_common (void);
int check_command(gnutls_session_t session, const char* str);
+
+int
+pin_callback (void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max);
+
+void pkcs11_common (void);
+++ /dev/null
-/*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * GnuTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-
-#include <getpass.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <gnutls/pkcs11.h>
-#include <p11common.h>
-
-#ifdef ENABLE_PKCS11
-
-#define MIN(x,y) ((x)<(y))?(x):(y)
-
-#define MAX_CACHE_TRIES 5
-static int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
-{
- const char *password;
- const char * desc;
- int len, cache = MAX_CACHE_TRIES;
-/* allow caching of PIN */
- static char *cached_url = NULL;
- static char cached_pin[32] = "";
-
- if (flags & GNUTLS_PKCS11_PIN_SO)
- desc = "security officer";
- else
- desc = "user";
-
- if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
- {
- cache = 0;
- printf ("*** This is the final try before locking!\n");
- }
- if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
- {
- cache = 0;
- printf ("*** Only few tries left before locking!\n");
- }
-
- if (flags & GNUTLS_PKCS11_PIN_WRONG)
- {
- cache = 0;
- printf ("*** Wrong PIN has been provided!\n");
- }
-
- if (cache > 0 && cached_url != NULL)
- {
- if (strcmp (cached_url, token_url) == 0)
- {
- if (strlen(pin) >= sizeof(cached_pin))
- {
- fprintf (stderr, "Too long PIN given\n");
- exit (1);
- }
-
- fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
- strcpy (pin, cached_pin);
- cache--;
- return 0;
- }
- }
-
- printf ("Token '%s' with URL '%s' ", token_label, token_url);
- printf ("requires %s PIN\n", desc);
-
- password = getpass ("Enter PIN: ");
- if (password == NULL || password[0] == 0)
- {
- fprintf (stderr, "No password given\n");
- exit (1);
- }
-
- len = MIN (pin_max, strlen (password));
- memcpy (pin, password, len);
- pin[len] = 0;
-
- /* cache */
- strcpy (cached_pin, pin);
- free (cached_url);
- cached_url = strdup (token_url);
- cache = MAX_CACHE_TRIES;
-
- return 0;
-}
-
-static int
-token_callback (void *user, const char *label, const unsigned retry)
-{
- char buf[32];
-
- if (retry > 0)
- {
- fprintf (stderr, "Could not find token %s\n", label);
- return -1;
- }
- printf ("Please insert token '%s' in slot and press enter\n", label);
- fgets (buf, sizeof (buf), stdin);
-
- return 0;
-}
-
-void
-pkcs11_common (void)
-{
-
- gnutls_pkcs11_set_pin_function (pin_callback, NULL);
- gnutls_pkcs11_set_token_function (token_callback, NULL);
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * GnuTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-void pkcs11_common (void);
#include "certtool-common.h"
#include <unistd.h>
#include <string.h>
-#include <p11common.h>
+#include <common.h>
void
pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
human_addr ((struct sockaddr *)
&client_address, calen, topbuf,
sizeof (topbuf)));
- print_info (j->tls_session, verbose);
+ print_info (j->tls_session, verbose, verbose);
if (gnutls_auth_get_type (j->tls_session) == GNUTLS_CRD_CERTIFICATE)
cert_verify(j->tls_session, NULL);
}
&client_address, calen, topbuf,
sizeof (topbuf)));
- print_info (j->tls_session, verbose);
+ print_info (j->tls_session, verbose, verbose);
if (gnutls_auth_get_type (j->tls_session) == GNUTLS_CRD_CERTIFICATE)
cert_verify(j->tls_session, NULL);
}