From: Nikos Mavrogiannopoulos Date: Sun, 7 Nov 2010 04:22:22 +0000 (+0100) Subject: Introduced p11tool to separate PKCS #11 functionality from certtool. X-Git-Tag: gnutls_2_11_5~60 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=00f6b990f9e650b6050d7ab4b5b3fa517ea08e47;p=thirdparty%2Fgnutls.git Introduced p11tool to separate PKCS #11 functionality from certtool. --- diff --git a/.gitignore b/.gitignore index 1279db551c..f17c4a874f 100644 --- a/.gitignore +++ b/.gitignore @@ -379,6 +379,8 @@ m4/lt~obsolete.m4 src/Makefile src/Makefile.in src/benchmark +src/libcmd-p11tool.la +src/p11tool src/certtool src/cfg/Makefile src/cfg/Makefile.in diff --git a/src/Makefile.am b/src/Makefile.am index edd72231b0..8607f8208d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -32,7 +32,7 @@ AM_CPPFLAGS = \ noinst_PROGRAMS = benchmark bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug if ENABLE_PKI -bin_PROGRAMS += certtool +bin_PROGRAMS += certtool p11tool endif if ENABLE_SRP bin_PROGRAMS += srptool @@ -80,7 +80,9 @@ noinst_LTLIBRARIES += libcmd-cli-debug.la libcmd_cli_debug_la_CFLAGS = libcmd_cli_debug_la_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c -certtool_SOURCES = certtool.c prime.c pkcs11.c +#certtool + +certtool_SOURCES = certtool.c prime.c certtool-common.c certtool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la certtool_LDADD += $(LTLIBGCRYPT) @@ -97,16 +99,40 @@ certtool_LDADD += libcfg.la endif noinst_LTLIBRARIES += libcmd-certtool.la libcmd_certtool_la_CFLAGS = -libcmd_certtool_la_SOURCES = certtool.gaa certtool-gaa.h \ - certtool-gaa.c certtool-cfg.h certtool-cfg.c +libcmd_certtool_la_SOURCES = certtool-gaa.c certtool.gaa certtool-gaa.h \ + certtool-cfg.h certtool-cfg.c libcmd_certtool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE) libcmd_certtool_la_LIBADD += ../lib/libgnutls.la ../libextra/libgnutls-extra.la libcmd_certtool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB) +# p11 tool +p11tool_gaa_CFLAGS = +p11tool_SOURCES = p11tool.gaa p11tool.c pkcs11.c certtool-common.c +p11tool_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la +p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la +p11tool_LDADD += $(LTLIBGCRYPT) + +if HAVE_LIBCFG +p11tool_LDADD += -lcfg+ +else +p11tool_LDADD += libcfg.la +endif +noinst_LTLIBRARIES += libcmd-p11tool.la +libcmd_p11tool_la_CFLAGS = +libcmd_p11tool_la_SOURCES = p11tool-gaa.c p11tool.gaa p11tool-gaa.h \ + certtool-cfg.h certtool-cfg.c +libcmd_p11tool_la_LIBADD = ../gl/libgnu.la $(LTLIBREADLINE) +libcmd_p11tool_la_LIBADD += ../lib/libgnutls.la +libcmd_p11tool_la_LIBADD += ../gl/libgnu.la $(INET_PTON_LIB) + + + psk-gaa.c: $(srcdir)/psk.gaa -$(GAA) $< -o psk-gaa.c -i psk-gaa.h crypt-gaa.c: $(srcdir)/crypt.gaa -$(GAA) $< -o crypt-gaa.c -i crypt-gaa.h +p11tool-gaa.c: $(srcdir)/p11tool.gaa + -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h certtool-gaa.c: $(srcdir)/certtool.gaa -$(GAA) $< -o certtool-gaa.c -i certtool-gaa.h cli-gaa.c: $(srcdir)/cli.gaa diff --git a/src/certtool-common.c b/src/certtool-common.c new file mode 100644 index 0000000000..0c96f47919 --- /dev/null +++ b/src/certtool-common.c @@ -0,0 +1,401 @@ +/* + * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see + * . + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "certtool-common.h" +#include "certtool-cfg.h" + +/* Gnulib portability files. */ +#include + +unsigned char buffer[64 * 1024]; +const int buffer_size = sizeof (buffer); + + +FILE * +safe_open_rw (const char *file, int privkey_op) +{ + mode_t omask = 0; + FILE *fh; + + if (privkey_op != 0) + { + omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); + } + + fh = fopen (file, "wb"); + + if (privkey_op != 0) + { + umask (omask); + } + + return fh; +} + +gnutls_datum_t * +load_secret_key (int mand, common_info_st* info) +{ + unsigned char raw_key[64]; + size_t raw_key_size = sizeof(raw_key); + static gnutls_datum_t key; + gnutls_datum_t hex_key; + int ret; + + fprintf (stderr, "Loading secret key...\n"); + + if (info->secret_key == NULL) + { + if (mand) + error (EXIT_FAILURE, 0, "missing --secret-key"); + else + return NULL; + } + + hex_key.data = (char*)info->secret_key; + hex_key.size = strlen(info->secret_key); + + ret = gnutls_hex_decode( &hex_key, raw_key, &raw_key_size); + if (ret < 0) + error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret)); + + key.data = raw_key; + key.size = raw_key_size; + + return &key; +} + +/* Load the private key. + * @mand should be non zero if it is required to read a private key. + */ +gnutls_x509_privkey_t +load_private_key (int mand, common_info_st* info) +{ + gnutls_x509_privkey_t key; + int ret; + gnutls_datum_t dat; + size_t size; + + if (!info->privkey && !mand) + return NULL; + + if (info->privkey == NULL) + error (EXIT_FAILURE, 0, "missing --load-privkey"); + + ret = gnutls_x509_privkey_init (&key); + if (ret < 0) + error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); + + dat.data = read_binary_file (info->privkey, &size); + dat.size = size; + + if (!dat.data) + error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey); + + if (info->pkcs8) + { + const char *pass = get_pass (); + ret = + gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, + pass, 0); + } + else + ret = gnutls_x509_privkey_import (key, &dat, info->incert_format); + + free (dat.data); + + if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) + { + error (EXIT_FAILURE, 0, + "import error: could not find a valid PEM header; " + "check if your key is PKCS #8 or PKCS #12 encoded"); + } + + if (ret < 0) + error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s", + info->privkey, gnutls_strerror (ret)); + + return key; +} + +/* Loads the certificate + * If mand is non zero then a certificate is mandatory. Otherwise + * null will be returned if the certificate loading fails. + */ +gnutls_x509_crt_t +load_cert (int mand, common_info_st* info) +{ + gnutls_x509_crt_t *crt; + size_t size; + + crt = load_cert_list (mand, &size, info); + + return crt ? crt[0] : NULL; +} + +#define MAX_CERTS 256 + +/* Loads a certificate list + */ +gnutls_x509_crt_t * +load_cert_list (int mand, size_t * crt_size, common_info_st* info) +{ + FILE *fd; + static gnutls_x509_crt_t crt[MAX_CERTS]; + char *ptr; + int ret, i; + gnutls_datum_t dat; + size_t size; + int ptr_size; + + *crt_size = 0; + fprintf (stderr, "Loading certificate list...\n"); + + if (info->cert == NULL) + { + if (mand) + error (EXIT_FAILURE, 0, "missing --load-certificate"); + else + return NULL; + } + + fd = fopen (info->cert, "r"); + if (fd == NULL) + error (EXIT_FAILURE, errno, "%s", info->cert); + + size = fread (buffer, 1, sizeof (buffer) - 1, fd); + buffer[size] = 0; + + fclose (fd); + + ptr = buffer; + ptr_size = size; + + for (i = 0; i < MAX_CERTS; i++) + { + ret = gnutls_x509_crt_init (&crt[i]); + if (ret < 0) + error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); + + dat.data = ptr; + dat.size = ptr_size; + + ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format); + if (ret < 0 && *crt_size > 0) + break; + if (ret < 0) + error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret)); + + ptr = strstr (ptr, "---END"); + if (ptr == NULL) + break; + ptr++; + + ptr_size = size; + ptr_size -= + (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer); + + if (ptr_size < 0) + break; + + (*crt_size)++; + } + fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size); + + return crt; +} + +/* Load the Certificate Request. + */ +gnutls_x509_crq_t +load_request (common_info_st* info) +{ + gnutls_x509_crq_t crq; + int ret; + gnutls_datum_t dat; + size_t size; + + if (!info->request) + return NULL; + + ret = gnutls_x509_crq_init (&crq); + if (ret < 0) + error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret)); + + dat.data = read_binary_file (info->request, &size); + dat.size = size; + + if (!dat.data) + error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request); + + ret = gnutls_x509_crq_import (crq, &dat, info->incert_format); + if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) + { + error (EXIT_FAILURE, 0, + "import error: could not find a valid PEM header"); + } + + free (dat.data); + if (ret < 0) + error (EXIT_FAILURE, 0, "importing --load-request: %s: %s", + info->request, gnutls_strerror (ret)); + + return crq; +} + +/* Load the CA's private key. + */ +gnutls_x509_privkey_t +load_ca_private_key (common_info_st* info) +{ + gnutls_x509_privkey_t key; + int ret; + gnutls_datum_t dat; + size_t size; + + if (info->ca_privkey == NULL) + error (EXIT_FAILURE, 0, "missing --load-ca-privkey"); + + ret = gnutls_x509_privkey_init (&key); + if (ret < 0) + error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); + + dat.data = read_binary_file (info->ca_privkey, &size); + dat.size = size; + + if (!dat.data) + error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s", + info->ca_privkey); + + if (info->pkcs8) + { + const char *pass = get_pass (); + ret = + gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, + pass, 0); + } + else + ret = gnutls_x509_privkey_import (key, &dat, info->incert_format); + free (dat.data); + if (ret < 0) + error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s", + info->ca_privkey, gnutls_strerror (ret)); + + return key; +} + +/* Loads the CA's certificate + */ +gnutls_x509_crt_t +load_ca_cert (common_info_st* info) +{ + gnutls_x509_crt_t crt; + int ret; + gnutls_datum_t dat; + size_t size; + + if (info->ca == NULL) + error (EXIT_FAILURE, 0, "missing --load-ca-certificate"); + + ret = gnutls_x509_crt_init (&crt); + if (ret < 0) + error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); + + dat.data = read_binary_file (info->ca, &size); + dat.size = size; + + if (!dat.data) + error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info->ca); + + ret = gnutls_x509_crt_import (crt, &dat, info->incert_format); + free (dat.data); + if (ret < 0) + error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s", + info->ca, gnutls_strerror (ret)); + + return crt; +} + +/* Load a public key. + * @mand should be non zero if it is required to read a public key. + */ +gnutls_pubkey_t +load_pubkey (int mand, common_info_st* info) +{ + gnutls_pubkey_t key; + int ret; + gnutls_datum_t dat; + size_t size; + + if (!info->pubkey && !mand) + return NULL; + + if (info->pubkey == NULL) + error (EXIT_FAILURE, 0, "missing --load-pubkey"); + + ret = gnutls_pubkey_init (&key); + if (ret < 0) + error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); + + dat.data = read_binary_file (info->pubkey, &size); + dat.size = size; + + if (!dat.data) + error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey); + + ret = gnutls_pubkey_import (key, &dat, info->incert_format); + + free (dat.data); + + if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) + { + error (EXIT_FAILURE, 0, + "import error: could not find a valid PEM header; " + "check if your key has the PUBLIC KEY header"); + } + + if (ret < 0) + error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s", + info->pubkey, gnutls_strerror (ret)); + + return key; +} diff --git a/src/certtool-common.h b/src/certtool-common.h index 1a2d881884..4d384df956 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -1,3 +1,6 @@ +#ifndef CERTTOOL_COMMON_H +# define CERTTOOL_COMMON_H + #include #include @@ -26,11 +29,6 @@ enum ACTION_PGP_PRIVKEY_INFO, ACTION_RING_INFO, ACTION_REQUEST, - ACTION_PKCS11_LIST, - ACTION_PKCS11_TOKENS, - ACTION_PKCS11_EXPORT_URL, - ACTION_PKCS11_WRITE_URL, - ACTION_PKCS11_DELETE_URL, ACTION_PUBKEY_INFO, ACTION_CERT_PUBKEY, }; @@ -39,37 +37,42 @@ enum #define TYPE_CRQ 2 void certtool_version (void); -void pkcs11_list (FILE * outfile, const char *url, int type, - unsigned int login, unsigned int detailed); -void pkcs11_export (FILE * outfile, const char *pkcs11_url, - unsigned int login); -void pkcs11_token_list (FILE * outfile, unsigned int detailed); -void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label, - int trusted, unsigned int login); -void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch, - unsigned int login); - -#define PKCS11_TYPE_CRT_ALL 1 -#define PKCS11_TYPE_TRUSTED 2 -#define PKCS11_TYPE_PK 3 -#define PKCS11_TYPE_ALL 4 -#define PKCS11_TYPE_PRIVKEY 5 - -extern unsigned char buffer[]; -extern const int buffer_size; #include #include -gnutls_x509_privkey_t load_private_key (int mand); -gnutls_x509_crq_t load_request (void); -gnutls_x509_privkey_t load_ca_private_key (void); -gnutls_x509_crt_t load_ca_cert (void); -gnutls_x509_crt_t load_cert (int mand); -gnutls_pubkey_t load_pubkey (int mand); +typedef struct common_info { + const char* secret_key; + const char* privkey; + const char* pubkey; + int pkcs8; + int incert_format; + const char* cert; + + const char* request; + const char* ca; + const char* ca_privkey; +} common_info_st; + +gnutls_x509_privkey_t load_private_key (int mand, common_info_st* info); +gnutls_x509_crq_t load_request (common_info_st* info); +gnutls_x509_privkey_t load_ca_private_key (common_info_st* info); +gnutls_x509_crt_t load_ca_cert (common_info_st* info); +gnutls_x509_crt_t load_cert (int mand, common_info_st* info); +gnutls_datum* load_secret_key (int mand, common_info_st* info); +gnutls_pubkey_t load_pubkey (int mand, common_info_st* info); +gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, common_info_st* info); /* returns the bits specified in cmd */ int get_bits (gnutls_pk_algorithm_t); /* prime.c */ int generate_prime (int how); + +FILE * safe_open_rw (const char *file, int privkey_op); + +extern unsigned char buffer[]; +extern const int buffer_size; + + +#endif diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index ec3dfc012c..8ae957ace5 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -12,7 +12,6 @@ #endif #include "certtool-common.h" -#include #include #include @@ -180,20 +179,6 @@ void gaa_help(void) __gaa_helpsingle(0, "infile", "FILE ", "Input file."); __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation."); __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."); - __gaa_helpsingle(0, "p11-provider", "Library ", "Specify the pkcs11 provider library"); - __gaa_helpsingle(0, "p11-export-url", "URL ", "Export data specified a pkcs11 URL"); - __gaa_helpsingle(0, "p11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL"); - __gaa_helpsingle(0, "p11-list-privkeys", "", "List private keys specified by a PKCS#11 URL"); - __gaa_helpsingle(0, "p11-list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL"); - __gaa_helpsingle(0, "p11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL"); - __gaa_helpsingle(0, "p11-list-all", "", "List all objects specified by a PKCS#11 URL"); - __gaa_helpsingle(0, "p11-list-tokens", "", "List all available tokens"); - __gaa_helpsingle(0, "p11-login", "", "Force login to token"); - __gaa_helpsingle(0, "p11-write", "URL ", "Writes loaded certificates or private keys to a PKCS11 token."); - __gaa_helpsingle(0, "p11-write-label", "label ", "Sets a label for the write operation."); - __gaa_helpsingle(0, "p11-write-trusted", "", "Marks the certificate to be imported as trusted."); - __gaa_helpsingle(0, "p11-detailed-url", "", "Export detailed URLs."); - __gaa_helpsingle(0, "p11-delete-url", "URL ", "Deletes objects matching the URL."); __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1."); __gaa_helpsingle('h', "help", "", "shows this help text"); __gaa_helpsingle('v', "version", "", "shows the program's version"); @@ -211,71 +196,57 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 169 "certtool.gaa" +#line 140 "certtool.gaa" int debug; -#line 164 "certtool.gaa" - int pkcs11_detailed_url; -#line 161 "certtool.gaa" - int pkcs11_trusted; -#line 158 "certtool.gaa" - char* pkcs11_label; -#line 155 "certtool.gaa" - int pkcs11_login; -#line 147 "certtool.gaa" - int pkcs11_type; -#line 144 "certtool.gaa" - char* pkcs11_url; -#line 141 "certtool.gaa" - char* pkcs11_provider; -#line 138 "certtool.gaa" +#line 137 "certtool.gaa" char *pkcs_cipher; -#line 135 "certtool.gaa" +#line 134 "certtool.gaa" char *template; -#line 132 "certtool.gaa" +#line 131 "certtool.gaa" char *infile; -#line 129 "certtool.gaa" +#line 128 "certtool.gaa" char *outfile; -#line 126 "certtool.gaa" +#line 125 "certtool.gaa" int quick_random; -#line 123 "certtool.gaa" +#line 122 "certtool.gaa" char* sec_param; -#line 120 "certtool.gaa" +#line 119 "certtool.gaa" int bits; -#line 116 "certtool.gaa" +#line 115 "certtool.gaa" int outcert_format; -#line 112 "certtool.gaa" +#line 111 "certtool.gaa" int incert_format; -#line 109 "certtool.gaa" +#line 108 "certtool.gaa" int export; -#line 106 "certtool.gaa" +#line 105 "certtool.gaa" char *hash; -#line 103 "certtool.gaa" +#line 102 "certtool.gaa" int dsa; -#line 100 "certtool.gaa" +#line 99 "certtool.gaa" int pkcs8; -#line 93 "certtool.gaa" +#line 92 "certtool.gaa" int v1_cert; -#line 90 "certtool.gaa" +#line 89 "certtool.gaa" int fix_key; -#line 73 "certtool.gaa" +#line 72 "certtool.gaa" int crq_extensions; -#line 58 "certtool.gaa" +#line 57 "certtool.gaa" char *pass; -#line 55 "certtool.gaa" +#line 54 "certtool.gaa" char *ca; -#line 52 "certtool.gaa" +#line 51 "certtool.gaa" char *ca_privkey; -#line 49 "certtool.gaa" +#line 48 "certtool.gaa" char *cert; -#line 46 "certtool.gaa" +#line 45 "certtool.gaa" char *request; -#line 43 "certtool.gaa" +#line 42 "certtool.gaa" char *pubkey; -#line 40 "certtool.gaa" +#line 39 "certtool.gaa" char *privkey; -#line 18 "certtool.gaa" - int action; #line 17 "certtool.gaa" + int action; +#line 16 "certtool.gaa" int privkey_op; #line 114 "gaa.skel" @@ -331,74 +302,60 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 67 +#define GAA_NB_OPTION 53 #define GAAOPTID_version 1 #define GAAOPTID_help 2 #define GAAOPTID_debug 3 -#define GAAOPTID_p11_delete_url 4 -#define GAAOPTID_p11_detailed_url 5 -#define GAAOPTID_p11_write_trusted 6 -#define GAAOPTID_p11_write_label 7 -#define GAAOPTID_p11_write 8 -#define GAAOPTID_p11_login 9 -#define GAAOPTID_p11_list_tokens 10 -#define GAAOPTID_p11_list_all 11 -#define GAAOPTID_p11_list_all_certs 12 -#define GAAOPTID_p11_list_trusted 13 -#define GAAOPTID_p11_list_privkeys 14 -#define GAAOPTID_p11_list_certs 15 -#define GAAOPTID_p11_export_url 16 -#define GAAOPTID_p11_provider 17 -#define GAAOPTID_pkcs_cipher 18 -#define GAAOPTID_template 19 -#define GAAOPTID_infile 20 -#define GAAOPTID_outfile 21 -#define GAAOPTID_disable_quick_random 22 -#define GAAOPTID_sec_param 23 -#define GAAOPTID_bits 24 -#define GAAOPTID_outraw 25 -#define GAAOPTID_outder 26 -#define GAAOPTID_inraw 27 -#define GAAOPTID_inder 28 -#define GAAOPTID_export_ciphers 29 -#define GAAOPTID_hash 30 -#define GAAOPTID_dsa 31 -#define GAAOPTID_pkcs8 32 -#define GAAOPTID_to_p8 33 -#define GAAOPTID_to_p12 34 -#define GAAOPTID_v1 35 -#define GAAOPTID_fix_key 36 -#define GAAOPTID_pubkey_info 37 -#define GAAOPTID_pgp_key_info 38 -#define GAAOPTID_key_info 39 -#define GAAOPTID_smime_to_p7 40 -#define GAAOPTID_p7_info 41 -#define GAAOPTID_p12_info 42 -#define GAAOPTID_no_crq_extensions 43 -#define GAAOPTID_crq_info 44 -#define GAAOPTID_crl_info 45 -#define GAAOPTID_pgp_ring_info 46 -#define GAAOPTID_pgp_certificate_info 47 -#define GAAOPTID_certificate_pubkey 48 -#define GAAOPTID_certificate_info 49 -#define GAAOPTID_password 50 -#define GAAOPTID_load_ca_certificate 51 -#define GAAOPTID_load_ca_privkey 52 -#define GAAOPTID_load_certificate 53 -#define GAAOPTID_load_request 54 -#define GAAOPTID_load_pubkey 55 -#define GAAOPTID_load_privkey 56 -#define GAAOPTID_get_dh_params 57 -#define GAAOPTID_generate_dh_params 58 -#define GAAOPTID_verify_crl 59 -#define GAAOPTID_verify_chain 60 -#define GAAOPTID_generate_request 61 -#define GAAOPTID_generate_privkey 62 -#define GAAOPTID_update_certificate 63 -#define GAAOPTID_generate_crl 64 -#define GAAOPTID_generate_proxy 65 -#define GAAOPTID_generate_certificate 66 -#define GAAOPTID_generate_self_signed 67 +#define GAAOPTID_pkcs_cipher 4 +#define GAAOPTID_template 5 +#define GAAOPTID_infile 6 +#define GAAOPTID_outfile 7 +#define GAAOPTID_disable_quick_random 8 +#define GAAOPTID_sec_param 9 +#define GAAOPTID_bits 10 +#define GAAOPTID_outraw 11 +#define GAAOPTID_outder 12 +#define GAAOPTID_inraw 13 +#define GAAOPTID_inder 14 +#define GAAOPTID_export_ciphers 15 +#define GAAOPTID_hash 16 +#define GAAOPTID_dsa 17 +#define GAAOPTID_pkcs8 18 +#define GAAOPTID_to_p8 19 +#define GAAOPTID_to_p12 20 +#define GAAOPTID_v1 21 +#define GAAOPTID_fix_key 22 +#define GAAOPTID_pubkey_info 23 +#define GAAOPTID_pgp_key_info 24 +#define GAAOPTID_key_info 25 +#define GAAOPTID_smime_to_p7 26 +#define GAAOPTID_p7_info 27 +#define GAAOPTID_p12_info 28 +#define GAAOPTID_no_crq_extensions 29 +#define GAAOPTID_crq_info 30 +#define GAAOPTID_crl_info 31 +#define GAAOPTID_pgp_ring_info 32 +#define GAAOPTID_pgp_certificate_info 33 +#define GAAOPTID_certificate_pubkey 34 +#define GAAOPTID_certificate_info 35 +#define GAAOPTID_password 36 +#define GAAOPTID_load_ca_certificate 37 +#define GAAOPTID_load_ca_privkey 38 +#define GAAOPTID_load_certificate 39 +#define GAAOPTID_load_request 40 +#define GAAOPTID_load_pubkey 41 +#define GAAOPTID_load_privkey 42 +#define GAAOPTID_get_dh_params 43 +#define GAAOPTID_generate_dh_params 44 +#define GAAOPTID_verify_crl 45 +#define GAAOPTID_verify_chain 46 +#define GAAOPTID_generate_request 47 +#define GAAOPTID_generate_privkey 48 +#define GAAOPTID_update_certificate 49 +#define GAAOPTID_generate_crl 50 +#define GAAOPTID_generate_proxy 51 +#define GAAOPTID_generate_certificate 52 +#define GAAOPTID_generate_self_signed 53 #line 168 "gaa.skel" @@ -591,36 +548,6 @@ struct GAAOPTION_debug int size1; }; -struct GAAOPTION_p11_delete_url -{ - char* arg1; - int size1; -}; - -struct GAAOPTION_p11_write_label -{ - char* arg1; - int size1; -}; - -struct GAAOPTION_p11_write -{ - char* arg1; - int size1; -}; - -struct GAAOPTION_p11_export_url -{ - char* arg1; - int size1; -}; - -struct GAAOPTION_p11_provider -{ - char* arg1; - int size1; -}; - struct GAAOPTION_pkcs_cipher { char* arg1; @@ -735,11 +662,6 @@ static int gaa_get_option_num(char *str, int status) { case GAA_LETTER_OPTION: GAA_CHECK1STR("d", GAAOPTID_debug); - GAA_CHECK1STR("", GAAOPTID_p11_delete_url); - GAA_CHECK1STR("", GAAOPTID_p11_write_label); - GAA_CHECK1STR("", GAAOPTID_p11_write); - GAA_CHECK1STR("", GAAOPTID_p11_export_url); - GAA_CHECK1STR("", GAAOPTID_p11_provider); GAA_CHECK1STR("", GAAOPTID_pkcs_cipher); GAA_CHECK1STR("", GAAOPTID_template); GAA_CHECK1STR("", GAAOPTID_infile); @@ -758,15 +680,6 @@ static int gaa_get_option_num(char *str, int status) #line 375 "gaa.skel" GAA_CHECK1STR("v", GAAOPTID_version); GAA_CHECK1STR("h", GAAOPTID_help); - GAA_CHECK1STR("", GAAOPTID_p11_detailed_url); - GAA_CHECK1STR("", GAAOPTID_p11_write_trusted); - GAA_CHECK1STR("", GAAOPTID_p11_login); - GAA_CHECK1STR("", GAAOPTID_p11_list_tokens); - GAA_CHECK1STR("", GAAOPTID_p11_list_all); - GAA_CHECK1STR("", GAAOPTID_p11_list_all_certs); - GAA_CHECK1STR("", GAAOPTID_p11_list_trusted); - GAA_CHECK1STR("", GAAOPTID_p11_list_privkeys); - GAA_CHECK1STR("", GAAOPTID_p11_list_certs); GAA_CHECK1STR("", GAAOPTID_disable_quick_random); GAA_CHECK1STR("", GAAOPTID_outraw); GAA_CHECK1STR("", GAAOPTID_outder); @@ -810,20 +723,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("version", GAAOPTID_version); GAA_CHECKSTR("help", GAAOPTID_help); GAA_CHECKSTR("debug", GAAOPTID_debug); - GAA_CHECKSTR("p11-delete-url", GAAOPTID_p11_delete_url); - GAA_CHECKSTR("p11-detailed-url", GAAOPTID_p11_detailed_url); - GAA_CHECKSTR("p11-write-trusted", GAAOPTID_p11_write_trusted); - GAA_CHECKSTR("p11-write-label", GAAOPTID_p11_write_label); - GAA_CHECKSTR("p11-write", GAAOPTID_p11_write); - GAA_CHECKSTR("p11-login", GAAOPTID_p11_login); - GAA_CHECKSTR("p11-list-tokens", GAAOPTID_p11_list_tokens); - GAA_CHECKSTR("p11-list-all", GAAOPTID_p11_list_all); - GAA_CHECKSTR("p11-list-all-certs", GAAOPTID_p11_list_all_certs); - GAA_CHECKSTR("p11-list-trusted", GAAOPTID_p11_list_trusted); - GAA_CHECKSTR("p11-list-privkeys", GAAOPTID_p11_list_privkeys); - GAA_CHECKSTR("p11-list-certs", GAAOPTID_p11_list_certs); - GAA_CHECKSTR("p11-export-url", GAAOPTID_p11_export_url); - GAA_CHECKSTR("p11-provider", GAAOPTID_p11_provider); GAA_CHECKSTR("pkcs-cipher", GAAOPTID_pkcs_cipher); GAA_CHECKSTR("template", GAAOPTID_template); GAA_CHECKSTR("infile", GAAOPTID_infile); @@ -887,11 +786,6 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) int OK = 0; int gaa_last_non_option; struct GAAOPTION_debug GAATMP_debug; - struct GAAOPTION_p11_delete_url GAATMP_p11_delete_url; - struct GAAOPTION_p11_write_label GAATMP_p11_write_label; - struct GAAOPTION_p11_write GAATMP_p11_write; - struct GAAOPTION_p11_export_url GAATMP_p11_export_url; - struct GAAOPTION_p11_provider GAATMP_p11_provider; struct GAAOPTION_pkcs_cipher GAATMP_pkcs_cipher; struct GAAOPTION_template GAATMP_template; struct GAAOPTION_infile GAATMP_infile; @@ -928,14 +822,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_version: OK = 0; -#line 174 "certtool.gaa" +#line 145 "certtool.gaa" { certtool_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 172 "certtool.gaa" +#line 143 "certtool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -945,122 +839,9 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 170 "certtool.gaa" +#line 141 "certtool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; - return GAA_OK; - break; - case GAAOPTID_p11_delete_url: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_p11_delete_url.arg1, gaa_getstr, GAATMP_p11_delete_url.size1); - gaa_index++; -#line 167 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_p11_delete_url.arg1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_detailed_url: - OK = 0; -#line 165 "certtool.gaa" -{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_write_trusted: - OK = 0; -#line 162 "certtool.gaa" -{ gaaval->pkcs11_trusted = 1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_write_label: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_p11_write_label.arg1, gaa_getstr, GAATMP_p11_write_label.size1); - gaa_index++; -#line 160 "certtool.gaa" -{ gaaval->pkcs11_label = GAATMP_p11_write_label.arg1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_write: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_p11_write.arg1, gaa_getstr, GAATMP_p11_write.size1); - gaa_index++; -#line 159 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_p11_write.arg1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_login: - OK = 0; -#line 156 "certtool.gaa" -{ gaaval->pkcs11_login = 1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_tokens: - OK = 0; -#line 153 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_TOKENS; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_all: - OK = 0; -#line 152 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_all_certs: - OK = 0; -#line 151 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_trusted: - OK = 0; -#line 150 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_privkeys: - OK = 0; -#line 149 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_list_certs: - OK = 0; -#line 148 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_export_url: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_p11_export_url.arg1, gaa_getstr, GAATMP_p11_export_url.size1); - gaa_index++; -#line 145 "certtool.gaa" -{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_p11_export_url.arg1; ;}; - - return GAA_OK; - break; - case GAAOPTID_p11_provider: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_p11_provider.arg1, gaa_getstr, GAATMP_p11_provider.size1); - gaa_index++; -#line 142 "certtool.gaa" -{ gaaval->pkcs11_provider = GAATMP_p11_provider.arg1 ;}; - return GAA_OK; break; case GAAOPTID_pkcs_cipher: @@ -1068,7 +849,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr, GAATMP_pkcs_cipher.size1); gaa_index++; -#line 139 "certtool.gaa" +#line 138 "certtool.gaa" { gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;}; return GAA_OK; @@ -1078,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1); gaa_index++; -#line 136 "certtool.gaa" +#line 135 "certtool.gaa" { gaaval->template = GAATMP_template.arg1 ;}; return GAA_OK; @@ -1088,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1); gaa_index++; -#line 133 "certtool.gaa" +#line 132 "certtool.gaa" { gaaval->infile = GAATMP_infile.arg1 ;}; return GAA_OK; @@ -1098,14 +879,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1); gaa_index++; -#line 130 "certtool.gaa" +#line 129 "certtool.gaa" { gaaval->outfile = GAATMP_outfile.arg1 ;}; return GAA_OK; break; case GAAOPTID_disable_quick_random: OK = 0; -#line 127 "certtool.gaa" +#line 126 "certtool.gaa" { gaaval->quick_random = 0; ;}; return GAA_OK; @@ -1115,7 +896,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1); gaa_index++; -#line 124 "certtool.gaa" +#line 123 "certtool.gaa" { gaaval->sec_param = GAATMP_sec_param.arg1 ;}; return GAA_OK; @@ -1125,42 +906,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); gaa_index++; -#line 121 "certtool.gaa" +#line 120 "certtool.gaa" { gaaval->bits = GAATMP_bits.arg1 ;}; return GAA_OK; break; case GAAOPTID_outraw: OK = 0; -#line 118 "certtool.gaa" +#line 117 "certtool.gaa" { gaaval->outcert_format=1 ;}; return GAA_OK; break; case GAAOPTID_outder: OK = 0; -#line 117 "certtool.gaa" +#line 116 "certtool.gaa" { gaaval->outcert_format=1 ;}; return GAA_OK; break; case GAAOPTID_inraw: OK = 0; -#line 114 "certtool.gaa" +#line 113 "certtool.gaa" { gaaval->incert_format=1 ;}; return GAA_OK; break; case GAAOPTID_inder: OK = 0; -#line 113 "certtool.gaa" +#line 112 "certtool.gaa" { gaaval->incert_format=1 ;}; return GAA_OK; break; case GAAOPTID_export_ciphers: OK = 0; -#line 110 "certtool.gaa" +#line 109 "certtool.gaa" { gaaval->export=1 ;}; return GAA_OK; @@ -1170,140 +951,140 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1); gaa_index++; -#line 107 "certtool.gaa" +#line 106 "certtool.gaa" { gaaval->hash = GAATMP_hash.arg1 ;}; return GAA_OK; break; case GAAOPTID_dsa: OK = 0; -#line 104 "certtool.gaa" +#line 103 "certtool.gaa" { gaaval->dsa=1 ;}; return GAA_OK; break; case GAAOPTID_pkcs8: OK = 0; -#line 101 "certtool.gaa" +#line 100 "certtool.gaa" { gaaval->pkcs8=1 ;}; return GAA_OK; break; case GAAOPTID_to_p8: OK = 0; -#line 98 "certtool.gaa" +#line 97 "certtool.gaa" { gaaval->action = ACTION_GENERATE_PKCS8; ;}; return GAA_OK; break; case GAAOPTID_to_p12: OK = 0; -#line 96 "certtool.gaa" +#line 95 "certtool.gaa" { gaaval->action = ACTION_TO_PKCS12; ;}; return GAA_OK; break; case GAAOPTID_v1: OK = 0; -#line 94 "certtool.gaa" +#line 93 "certtool.gaa" { gaaval->v1_cert = 1; ;}; return GAA_OK; break; case GAAOPTID_fix_key: OK = 0; -#line 91 "certtool.gaa" +#line 90 "certtool.gaa" { gaaval->privkey_op=1; gaaval->fix_key = 1; ;}; return GAA_OK; break; case GAAOPTID_pubkey_info: OK = 0; -#line 88 "certtool.gaa" +#line 87 "certtool.gaa" { gaaval->action = ACTION_PUBKEY_INFO; ;}; return GAA_OK; break; case GAAOPTID_pgp_key_info: OK = 0; -#line 86 "certtool.gaa" +#line 85 "certtool.gaa" { gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;}; return GAA_OK; break; case GAAOPTID_key_info: OK = 0; -#line 84 "certtool.gaa" +#line 83 "certtool.gaa" { gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;}; return GAA_OK; break; case GAAOPTID_smime_to_p7: OK = 0; -#line 80 "certtool.gaa" +#line 79 "certtool.gaa" { gaaval->action = ACTION_SMIME_TO_P7; ;}; return GAA_OK; break; case GAAOPTID_p7_info: OK = 0; -#line 78 "certtool.gaa" +#line 77 "certtool.gaa" { gaaval->action = ACTION_P7_INFO; ;}; return GAA_OK; break; case GAAOPTID_p12_info: OK = 0; -#line 76 "certtool.gaa" +#line 75 "certtool.gaa" { gaaval->action = ACTION_PKCS12_INFO; ;}; return GAA_OK; break; case GAAOPTID_no_crq_extensions: OK = 0; -#line 74 "certtool.gaa" +#line 73 "certtool.gaa" { gaaval->crq_extensions = 0; ;}; return GAA_OK; break; case GAAOPTID_crq_info: OK = 0; -#line 71 "certtool.gaa" +#line 70 "certtool.gaa" { gaaval->action = ACTION_REQUEST; ;}; return GAA_OK; break; case GAAOPTID_crl_info: OK = 0; -#line 69 "certtool.gaa" +#line 68 "certtool.gaa" { gaaval->action = ACTION_CRL_INFO; ;}; return GAA_OK; break; case GAAOPTID_pgp_ring_info: OK = 0; -#line 67 "certtool.gaa" +#line 66 "certtool.gaa" { gaaval->action = ACTION_RING_INFO; ;}; return GAA_OK; break; case GAAOPTID_pgp_certificate_info: OK = 0; -#line 65 "certtool.gaa" +#line 64 "certtool.gaa" { gaaval->action = ACTION_PGP_INFO; ;}; return GAA_OK; break; case GAAOPTID_certificate_pubkey: OK = 0; -#line 63 "certtool.gaa" +#line 62 "certtool.gaa" { gaaval->action = ACTION_CERT_PUBKEY; ;}; return GAA_OK; break; case GAAOPTID_certificate_info: OK = 0; -#line 61 "certtool.gaa" +#line 60 "certtool.gaa" { gaaval->action = ACTION_CERT_INFO; ;}; return GAA_OK; @@ -1313,7 +1094,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_password.arg1, gaa_getstr, GAATMP_password.size1); gaa_index++; -#line 59 "certtool.gaa" +#line 58 "certtool.gaa" { gaaval->pass = GAATMP_password.arg1 ;}; return GAA_OK; @@ -1323,7 +1104,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr, GAATMP_load_ca_certificate.size1); gaa_index++; -#line 56 "certtool.gaa" +#line 55 "certtool.gaa" { gaaval->ca = GAATMP_load_ca_certificate.arg1 ;}; return GAA_OK; @@ -1333,7 +1114,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr, GAATMP_load_ca_privkey.size1); gaa_index++; -#line 53 "certtool.gaa" +#line 52 "certtool.gaa" { gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;}; return GAA_OK; @@ -1343,7 +1124,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1); gaa_index++; -#line 50 "certtool.gaa" +#line 49 "certtool.gaa" { gaaval->cert = GAATMP_load_certificate.arg1 ;}; return GAA_OK; @@ -1353,7 +1134,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_request.arg1, gaa_getstr, GAATMP_load_request.size1); gaa_index++; -#line 47 "certtool.gaa" +#line 46 "certtool.gaa" { gaaval->request = GAATMP_load_request.arg1 ;}; return GAA_OK; @@ -1363,7 +1144,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1); gaa_index++; -#line 44 "certtool.gaa" +#line 43 "certtool.gaa" { gaaval->pubkey = GAATMP_load_pubkey.arg1 ;}; return GAA_OK; @@ -1373,84 +1154,84 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1); gaa_index++; -#line 41 "certtool.gaa" +#line 40 "certtool.gaa" { gaaval->privkey = GAATMP_load_privkey.arg1 ;}; return GAA_OK; break; case GAAOPTID_get_dh_params: OK = 0; -#line 38 "certtool.gaa" +#line 37 "certtool.gaa" { gaaval->action=ACTION_GET_DH; ;}; return GAA_OK; break; case GAAOPTID_generate_dh_params: OK = 0; -#line 37 "certtool.gaa" +#line 36 "certtool.gaa" { gaaval->action=ACTION_GENERATE_DH; ;}; return GAA_OK; break; case GAAOPTID_verify_crl: OK = 0; -#line 35 "certtool.gaa" +#line 34 "certtool.gaa" { gaaval->action=ACTION_VERIFY_CRL; ;}; return GAA_OK; break; case GAAOPTID_verify_chain: OK = 0; -#line 33 "certtool.gaa" +#line 32 "certtool.gaa" { gaaval->action=ACTION_VERIFY_CHAIN; ;}; return GAA_OK; break; case GAAOPTID_generate_request: OK = 0; -#line 31 "certtool.gaa" +#line 30 "certtool.gaa" { gaaval->action=ACTION_GENERATE_REQUEST; ;}; return GAA_OK; break; case GAAOPTID_generate_privkey: OK = 0; -#line 29 "certtool.gaa" +#line 28 "certtool.gaa" { gaaval->privkey_op=1; gaaval->action=ACTION_GENERATE_PRIVKEY; ;}; return GAA_OK; break; case GAAOPTID_update_certificate: OK = 0; -#line 27 "certtool.gaa" +#line 26 "certtool.gaa" { gaaval->action=ACTION_UPDATE_CERTIFICATE; ;}; return GAA_OK; break; case GAAOPTID_generate_crl: OK = 0; -#line 25 "certtool.gaa" +#line 24 "certtool.gaa" { gaaval->action=ACTION_GENERATE_CRL; ;}; return GAA_OK; break; case GAAOPTID_generate_proxy: OK = 0; -#line 23 "certtool.gaa" +#line 22 "certtool.gaa" { gaaval->action=ACTION_GENERATE_PROXY; ;}; return GAA_OK; break; case GAAOPTID_generate_certificate: OK = 0; -#line 21 "certtool.gaa" +#line 20 "certtool.gaa" { gaaval->action=ACTION_GENERATE_CERTIFICATE; ;}; return GAA_OK; break; case GAAOPTID_generate_self_signed: OK = 0; -#line 19 "certtool.gaa" +#line 18 "certtool.gaa" { gaaval->action=ACTION_SELF_SIGNED; ;}; return GAA_OK; @@ -1479,14 +1260,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 176 "certtool.gaa" +#line 147 "certtool.gaa" { gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; - gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL; - gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; - gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; ;}; + gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; ;}; } inited = 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index 49cb22519f..4e02a41dff 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -8,71 +8,57 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 169 "certtool.gaa" +#line 140 "certtool.gaa" int debug; -#line 164 "certtool.gaa" - int pkcs11_detailed_url; -#line 161 "certtool.gaa" - int pkcs11_trusted; -#line 158 "certtool.gaa" - char* pkcs11_label; -#line 155 "certtool.gaa" - int pkcs11_login; -#line 147 "certtool.gaa" - int pkcs11_type; -#line 144 "certtool.gaa" - char* pkcs11_url; -#line 141 "certtool.gaa" - char* pkcs11_provider; -#line 138 "certtool.gaa" +#line 137 "certtool.gaa" char *pkcs_cipher; -#line 135 "certtool.gaa" +#line 134 "certtool.gaa" char *template; -#line 132 "certtool.gaa" +#line 131 "certtool.gaa" char *infile; -#line 129 "certtool.gaa" +#line 128 "certtool.gaa" char *outfile; -#line 126 "certtool.gaa" +#line 125 "certtool.gaa" int quick_random; -#line 123 "certtool.gaa" +#line 122 "certtool.gaa" char* sec_param; -#line 120 "certtool.gaa" +#line 119 "certtool.gaa" int bits; -#line 116 "certtool.gaa" +#line 115 "certtool.gaa" int outcert_format; -#line 112 "certtool.gaa" +#line 111 "certtool.gaa" int incert_format; -#line 109 "certtool.gaa" +#line 108 "certtool.gaa" int export; -#line 106 "certtool.gaa" +#line 105 "certtool.gaa" char *hash; -#line 103 "certtool.gaa" +#line 102 "certtool.gaa" int dsa; -#line 100 "certtool.gaa" +#line 99 "certtool.gaa" int pkcs8; -#line 93 "certtool.gaa" +#line 92 "certtool.gaa" int v1_cert; -#line 90 "certtool.gaa" +#line 89 "certtool.gaa" int fix_key; -#line 73 "certtool.gaa" +#line 72 "certtool.gaa" int crq_extensions; -#line 58 "certtool.gaa" +#line 57 "certtool.gaa" char *pass; -#line 55 "certtool.gaa" +#line 54 "certtool.gaa" char *ca; -#line 52 "certtool.gaa" +#line 51 "certtool.gaa" char *ca_privkey; -#line 49 "certtool.gaa" +#line 48 "certtool.gaa" char *cert; -#line 46 "certtool.gaa" +#line 45 "certtool.gaa" char *request; -#line 43 "certtool.gaa" +#line 42 "certtool.gaa" char *pubkey; -#line 40 "certtool.gaa" +#line 39 "certtool.gaa" char *privkey; -#line 18 "certtool.gaa" - int action; #line 17 "certtool.gaa" + int action; +#line 16 "certtool.gaa" int privkey_op; #line 114 "gaa.skel" diff --git a/src/certtool.c b/src/certtool.c index a437698008..5669195a48 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -56,21 +56,20 @@ void pkcs7_info (void); void crq_info (void); void smime_to_pkcs7 (void); void pkcs12_info (void); -void generate_pkcs12 (void); -void generate_pkcs8 (void); +void generate_pkcs12 (common_info_st*); +void generate_pkcs8 (common_info_st*); void verify_chain (void); -void verify_crl (void); -void pubkey_info (gnutls_x509_crt crt); +void verify_crl (common_info_st* cinfo); +void pubkey_info (gnutls_x509_crt crt, common_info_st*); void pgp_privkey_info (void); void pgp_ring_info (void); -void certificate_info (int); +void certificate_info (int, common_info_st*); void pgp_certificate_info (void); void crl_info (void); void privkey_info (void); static void gaa_parser (int argc, char **argv); -void generate_self_signed (void); -void generate_request (void); -gnutls_x509_crt_t *load_cert_list (int mand, size_t * size); +void generate_self_signed (common_info_st*); +void generate_request (common_info_st* ); static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all); @@ -85,8 +84,6 @@ gnutls_digest_algorithm_t default_dig; */ int batch; -unsigned char buffer[64 * 1024]; -const int buffer_size = sizeof (buffer); static void tls_log_func (int level, const char *str) @@ -316,7 +313,7 @@ print_private_key (gnutls_x509_privkey_t key) if (!info.pkcs8) { - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_privkey_export (key, info.outcert_format, buffer, &size); if (ret < 0) @@ -335,7 +332,7 @@ print_private_key (gnutls_x509_privkey_t key) if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0') flags = GNUTLS_PKCS_PLAIN; - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass, flags, buffer, &size); @@ -362,7 +359,7 @@ generate_private_key (void) static gnutls_x509_crt_t generate_certificate (gnutls_x509_privkey_t * ret_key, - gnutls_x509_crt_t ca_crt, int proxy) + gnutls_x509_crt_t ca_crt, int proxy, common_info_st* cinfo) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key = NULL; @@ -378,12 +375,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, if (ret < 0) error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - crq = load_request (); + crq = load_request (cinfo); if (crq == NULL) { - key = load_private_key (1); + key = load_private_key (1, cinfo); if (!batch) fprintf (stderr, @@ -639,7 +636,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, /* Subject Key ID. */ - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size); if (result >= 0) { @@ -653,12 +650,12 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, */ if (ca_crt != NULL) { - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer, &size, NULL); if (result < 0) { - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); } if (result >= 0) @@ -688,7 +685,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, } static gnutls_x509_crl_t -generate_crl (gnutls_x509_crt_t ca_crt) +generate_crl (gnutls_x509_crt_t ca_crt, common_info_st* cinfo) { gnutls_x509_crl_t crl; gnutls_x509_crt_t *crts; @@ -701,7 +698,7 @@ generate_crl (gnutls_x509_crt_t ca_crt) if (result < 0) error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result)); - crts = load_cert_list (0, &size); + crts = load_cert_list (0, &size, cinfo); for (i = 0; i < size; i++) { @@ -729,12 +726,12 @@ generate_crl (gnutls_x509_crt_t ca_crt) */ if (ca_crt != NULL) { - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer, &size, NULL); if (result < 0) { - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); } if (result >= 0) @@ -786,7 +783,7 @@ get_dig (gnutls_x509_crt crt) } void -generate_self_signed (void) +generate_self_signed (common_info_st* cinfo) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; @@ -796,10 +793,10 @@ generate_self_signed (void) fprintf (stderr, "Generating a self signed certificate...\n"); - crt = generate_certificate (&key, NULL, 0); + crt = generate_certificate (&key, NULL, 0, cinfo); if (!key) - key = load_private_key (1); + key = load_private_key (1, cinfo); uri = get_crl_dist_point_url (); if (uri) @@ -820,7 +817,7 @@ generate_self_signed (void) if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result)); @@ -832,7 +829,7 @@ generate_self_signed (void) } static void -generate_signed_certificate (void) +generate_signed_certificate (common_info_st* cinfo) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; @@ -843,10 +840,10 @@ generate_signed_certificate (void) fprintf (stderr, "Generating a signed certificate...\n"); - ca_key = load_ca_private_key (); - ca_crt = load_ca_cert (); + ca_key = load_ca_private_key (cinfo); + ca_crt = load_ca_cert (cinfo); - crt = generate_certificate (&key, ca_crt, 0); + crt = generate_certificate (&key, ca_crt, 0, cinfo); /* Copy the CRL distribution points. */ @@ -862,7 +859,7 @@ generate_signed_certificate (void) if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result)); @@ -874,7 +871,7 @@ generate_signed_certificate (void) } static void -generate_proxy_certificate (void) +generate_proxy_certificate (common_info_st* cinfo) { gnutls_x509_crt_t crt, eecrt; gnutls_x509_privkey_t key, eekey; @@ -883,10 +880,10 @@ generate_proxy_certificate (void) fprintf (stderr, "Generating a proxy certificate...\n"); - eekey = load_ca_private_key (); - eecrt = load_cert (1); + eekey = load_ca_private_key (cinfo); + eecrt = load_cert (1, cinfo); - crt = generate_certificate (&key, eecrt, 1); + crt = generate_certificate (&key, eecrt, 1, cinfo); print_certificate_info (crt, stderr, 0); @@ -896,7 +893,7 @@ generate_proxy_certificate (void) if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result)); @@ -908,7 +905,7 @@ generate_proxy_certificate (void) } static void -generate_signed_crl (void) +generate_signed_crl (common_info_st* cinfo) { gnutls_x509_crl_t crl; int result; @@ -917,9 +914,9 @@ generate_signed_crl (void) fprintf (stderr, "Generating a signed CRL...\n"); - ca_key = load_ca_private_key (); - ca_crt = load_ca_cert (); - crl = generate_crl (ca_crt); + ca_key = load_ca_private_key (cinfo); + ca_crt = load_ca_cert (cinfo); + crl = generate_crl (ca_crt, cinfo); fprintf (stderr, "\n"); @@ -933,7 +930,7 @@ generate_signed_crl (void) } static void -update_signed_certificate (void) +update_signed_certificate (common_info_st* cinfo) { gnutls_x509_crt_t crt; size_t size; @@ -945,9 +942,9 @@ update_signed_certificate (void) fprintf (stderr, "Generating a signed certificate...\n"); - ca_key = load_ca_private_key (); - ca_crt = load_ca_cert (); - crt = load_cert (1); + ca_key = load_ca_private_key (cinfo); + ca_crt = load_ca_cert (cinfo); + crt = load_cert (1, cinfo); fprintf (stderr, "Activation/Expiration time.\n"); gnutls_x509_crt_set_activation_time (crt, tim); @@ -965,7 +962,7 @@ update_signed_certificate (void) if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_crt_export (crt, info.outcert_format, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result)); @@ -975,31 +972,11 @@ update_signed_certificate (void) gnutls_x509_crt_deinit (crt); } -static FILE * -safe_open_rw (const char *file) -{ - mode_t omask = 0; - FILE *fh; - - if (info.privkey_op != 0) - { - omask = umask (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); - } - - fh = fopen (file, "wb"); - - if (info.privkey_op != 0) - { - umask (omask); - } - - return fh; -} - void gaa_parser (int argc, char **argv) { int ret; + common_info_st cinfo; if (gaa (argc, argv, &info) != -1) { @@ -1010,7 +987,7 @@ gaa_parser (int argc, char **argv) if (info.outfile) { - outfile = safe_open_rw (info.outfile); + outfile = safe_open_rw (info.outfile, info.privkey_op); if (outfile == NULL) error (EXIT_FAILURE, errno, "%s", info.outfile); } @@ -1076,49 +1053,38 @@ gaa_parser (int argc, char **argv) if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); - if (info.pkcs11_provider != NULL) - { - ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); - if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - else - { - ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); - if (ret < 0) - error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", - gnutls_strerror (ret)); - } - } - else - { - ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); - if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - } - - if ((ret = gnutls_global_init_extra ()) < 0) error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret)); + memset(&cinfo, 0, sizeof(cinfo)); + cinfo.privkey = info.privkey; + cinfo.pubkey = info.pubkey; + cinfo.pkcs8 = info.pkcs8; + cinfo.incert_format = info.incert_format; + cinfo.cert = info.cert; + cinfo.request = info.request; + cinfo.ca = info.ca; + cinfo.ca_privkey = info.ca_privkey; + switch (info.action) { case ACTION_SELF_SIGNED: - generate_self_signed (); + generate_self_signed (&cinfo); break; case ACTION_GENERATE_PRIVKEY: generate_private_key (); break; case ACTION_CERT_INFO: - certificate_info (0); + certificate_info (0, &cinfo); break; case ACTION_CERT_PUBKEY: - certificate_info (1); + certificate_info (1, &cinfo); break; case ACTION_GENERATE_REQUEST: - generate_request (); + generate_request (&cinfo); break; case ACTION_GENERATE_CERTIFICATE: - generate_signed_certificate (); + generate_signed_certificate (&cinfo); break; case ACTION_VERIFY_CHAIN: verify_chain (); @@ -1127,13 +1093,13 @@ gaa_parser (int argc, char **argv) privkey_info (); break; case ACTION_PUBKEY_INFO: - pubkey_info (NULL); + pubkey_info (NULL, &cinfo); break; case ACTION_UPDATE_CERTIFICATE: - update_signed_certificate (); + update_signed_certificate (&cinfo); break; case ACTION_TO_PKCS12: - generate_pkcs12 (); + generate_pkcs12 (&cinfo); break; case ACTION_PKCS12_INFO: pkcs12_info (); @@ -1151,36 +1117,19 @@ gaa_parser (int argc, char **argv) pkcs7_info (); break; case ACTION_GENERATE_CRL: - generate_signed_crl (); + generate_signed_crl (&cinfo); break; case ACTION_VERIFY_CRL: - verify_crl (); + verify_crl (&cinfo); break; case ACTION_SMIME_TO_P7: smime_to_pkcs7 (); break; case ACTION_GENERATE_PROXY: - generate_proxy_certificate (); + generate_proxy_certificate (&cinfo); break; case ACTION_GENERATE_PKCS8: - generate_pkcs8 (); - break; - case ACTION_PKCS11_LIST: - pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, - info.pkcs11_login, info.pkcs11_detailed_url); - break; - case ACTION_PKCS11_TOKENS: - pkcs11_token_list (outfile, info.pkcs11_detailed_url); - break; - case ACTION_PKCS11_EXPORT_URL: - pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login); - break; - case ACTION_PKCS11_WRITE_URL: - pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, - info.pkcs11_trusted, info.pkcs11_login); - break; - case ACTION_PKCS11_DELETE_URL: - pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login); + generate_pkcs8 (&cinfo); break; #ifdef ENABLE_OPENPGP case ACTION_PGP_INFO: @@ -1208,7 +1157,7 @@ gaa_parser (int argc, char **argv) #define MAX_CRTS 500 void -certificate_info (int pubkey) +certificate_info (int pubkey, common_info_st* cinfo) { gnutls_x509_crt_t crt[MAX_CRTS]; size_t size; @@ -1253,7 +1202,7 @@ certificate_info (int pubkey) if (info.outcert_format == GNUTLS_X509_FMT_PEM) print_certificate_info (crt[i], outfile, 1); - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer, &size); if (ret < 0) @@ -1262,7 +1211,7 @@ certificate_info (int pubkey) fwrite (buffer, 1, size, outfile); if (pubkey) - pubkey_info (crt[i]); + pubkey_info (crt[i], cinfo); gnutls_x509_crt_deinit (crt[i]); } @@ -1322,7 +1271,7 @@ pgp_certificate_info (void) verify_status); } - size = sizeof (buffer); + size = buffer_size; ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size); if (ret < 0) { @@ -1344,7 +1293,7 @@ pgp_privkey_info (void) gnutls_datum_t pem; const char *cprint; - size = fread (buffer, 1, sizeof (buffer) - 1, infile); + size = fread (buffer, 1, buffer_size - 1, infile); buffer[size] = 0; gnutls_openpgp_privkey_init (&key); @@ -1428,7 +1377,7 @@ pgp_privkey_info (void) fprintf (outfile, "\n"); - size = sizeof (buffer); + size = buffer_size; if (i == -1) ret = gnutls_openpgp_privkey_get_key_id (key, keyid); else @@ -1446,7 +1395,7 @@ pgp_privkey_info (void) } - size = sizeof (buffer); + size = buffer_size; ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0, buffer, &size); if (ret < 0) @@ -1493,7 +1442,7 @@ pgp_ring_info (void) if (ret < 0) error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); - size = sizeof (buffer); + size = buffer_size; ret = gnutls_openpgp_crt_export (crt, info.outcert_format, buffer, &size); if (ret < 0) @@ -1567,7 +1516,7 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out) gnutls_free (cinfo.data); - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret)); @@ -1623,7 +1572,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out) gnutls_free (cinfo.data); } - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size); if (ret < 0) error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret)); @@ -1671,7 +1620,7 @@ privkey_info (void) const char *cprint; const char *pass; - size = fread (buffer, 1, sizeof (buffer) - 1, infile); + size = fread (buffer, 1, buffer_size - 1, infile); buffer[size] = 0; gnutls_x509_privkey_init (&key); @@ -1753,7 +1702,7 @@ privkey_info (void) fprintf (outfile, "\n"); - size = sizeof (buffer); + size = buffer_size; if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0) { fprintf (stderr, "Error in key id calculation: %s\n", @@ -1771,7 +1720,7 @@ privkey_info (void) error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret)); } - size = sizeof (buffer); + size = buffer_size; ret = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); @@ -1781,308 +1730,11 @@ privkey_info (void) gnutls_x509_privkey_deinit (key); } -/* Load a public key. - * @mand should be non zero if it is required to read a public key. - */ -gnutls_pubkey_t -load_pubkey (int mand) -{ - gnutls_pubkey_t key; - int ret; - gnutls_datum_t dat; - size_t size; - - if (!info.pubkey && !mand) - return NULL; - - if (info.pubkey == NULL) - error (EXIT_FAILURE, 0, "missing --load-pubkey"); - - ret = gnutls_pubkey_init (&key); - if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); - - dat.data = read_binary_file (info.pubkey, &size); - dat.size = size; - - if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info.pubkey); - - ret = gnutls_pubkey_import (key, &dat, info.incert_format); - - free (dat.data); - - if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) - { - error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header; " - "check if your key has the PUBLIC KEY header"); - } - - if (ret < 0) - error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s", - info.pubkey, gnutls_strerror (ret)); - - return key; -} - - -/* Load the private key. - * @mand should be non zero if it is required to read a private key. - */ -gnutls_x509_privkey_t -load_private_key (int mand) -{ - gnutls_x509_privkey_t key; - int ret; - gnutls_datum_t dat; - size_t size; - - if (!info.privkey && !mand) - return NULL; - - if (info.privkey == NULL) - error (EXIT_FAILURE, 0, "missing --load-privkey"); - - ret = gnutls_x509_privkey_init (&key); - if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); - - dat.data = read_binary_file (info.privkey, &size); - dat.size = size; - - if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info.privkey); - - if (info.pkcs8) - { - const char *pass = get_pass (); - ret = - gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format, - pass, 0); - } - else - ret = gnutls_x509_privkey_import (key, &dat, info.incert_format); - - free (dat.data); - - if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) - { - error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header; " - "check if your key is PKCS #8 or PKCS #12 encoded"); - } - - if (ret < 0) - error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s", - info.privkey, gnutls_strerror (ret)); - - return key; -} - -/* Load the Certificate Request. - */ -gnutls_x509_crq_t -load_request (void) -{ - gnutls_x509_crq_t crq; - int ret; - gnutls_datum_t dat; - size_t size; - - if (!info.request) - return NULL; - - ret = gnutls_x509_crq_init (&crq); - if (ret < 0) - error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret)); - - dat.data = read_binary_file (info.request, &size); - dat.size = size; - - if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-request: %s", info.request); - - ret = gnutls_x509_crq_import (crq, &dat, info.incert_format); - if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) - { - error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header"); - } - - free (dat.data); - if (ret < 0) - error (EXIT_FAILURE, 0, "importing --load-request: %s: %s", - info.request, gnutls_strerror (ret)); - - return crq; -} - -/* Load the CA's private key. - */ -gnutls_x509_privkey_t -load_ca_private_key (void) -{ - gnutls_x509_privkey_t key; - int ret; - gnutls_datum_t dat; - size_t size; - - if (info.ca_privkey == NULL) - error (EXIT_FAILURE, 0, "missing --load-ca-privkey"); - - ret = gnutls_x509_privkey_init (&key); - if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); - - dat.data = read_binary_file (info.ca_privkey, &size); - dat.size = size; - - if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s", - info.ca_privkey); - - if (info.pkcs8) - { - const char *pass = get_pass (); - ret = - gnutls_x509_privkey_import_pkcs8 (key, &dat, info.incert_format, - pass, 0); - } - else - ret = gnutls_x509_privkey_import (key, &dat, info.incert_format); - free (dat.data); - if (ret < 0) - error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s", - info.ca_privkey, gnutls_strerror (ret)); - - return key; -} - -/* Loads the CA's certificate - */ -gnutls_x509_crt_t -load_ca_cert (void) -{ - gnutls_x509_crt_t crt; - int ret; - gnutls_datum_t dat; - size_t size; - - if (info.ca == NULL) - error (EXIT_FAILURE, 0, "missing --load-ca-certificate"); - - ret = gnutls_x509_crt_init (&crt); - if (ret < 0) - error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - - dat.data = read_binary_file (info.ca, &size); - dat.size = size; - - if (!dat.data) - error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", info.ca); - - ret = gnutls_x509_crt_import (crt, &dat, info.incert_format); - free (dat.data); - if (ret < 0) - error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s", - info.ca, gnutls_strerror (ret)); - - return crt; -} - -/* Loads the certificate - * If mand is non zero then a certificate is mandatory. Otherwise - * null will be returned if the certificate loading fails. - */ -gnutls_x509_crt_t -load_cert (int mand) -{ - gnutls_x509_crt_t *crt; - size_t size; - - crt = load_cert_list (mand, &size); - - return crt ? crt[0] : NULL; -} - -#define MAX_CERTS 256 - -/* Loads a certificate list - */ -gnutls_x509_crt_t * -load_cert_list (int mand, size_t * crt_size) -{ - FILE *fd; - static gnutls_x509_crt_t crt[MAX_CERTS]; - char *ptr; - int ret, i; - gnutls_datum_t dat; - size_t size; - int ptr_size; - - *crt_size = 0; - fprintf (stderr, "Loading certificate list...\n"); - - if (info.cert == NULL) - { - if (mand) - error (EXIT_FAILURE, 0, "missing --load-certificate"); - else - return NULL; - } - - fd = fopen (info.cert, "r"); - if (fd == NULL) - error (EXIT_FAILURE, errno, "%s", info.cert); - - size = fread (buffer, 1, sizeof (buffer) - 1, fd); - buffer[size] = 0; - - fclose (fd); - - ptr = buffer; - ptr_size = size; - - for (i = 0; i < MAX_CERTS; i++) - { - ret = gnutls_x509_crt_init (&crt[i]); - if (ret < 0) - error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); - - dat.data = ptr; - dat.size = ptr_size; - - ret = gnutls_x509_crt_import (crt[i], &dat, info.incert_format); - if (ret < 0 && *crt_size > 0) - break; - if (ret < 0) - error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret)); - - ptr = strstr (ptr, "---END"); - if (ptr == NULL) - break; - ptr++; - - ptr_size = size; - ptr_size -= - (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer); - - if (ptr_size < 0) - break; - - (*crt_size)++; - } - fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size); - - return crt; -} - /* Generate a PKCS #10 certificate request. */ void -generate_request (void) +generate_request (common_info_st* cinfo) { gnutls_x509_crq_t crq; gnutls_x509_privkey_t key; @@ -2098,7 +1750,7 @@ generate_request (void) /* Load the private key. */ - key = load_private_key (0); + key = load_private_key (0, cinfo); if (!key) { key = generate_private_key_int (); @@ -2583,7 +2235,7 @@ verify_chain (void) } void -verify_crl (void) +verify_crl (common_info_st* cinfo) { size_t size, dn_size; char dn[128]; @@ -2595,7 +2247,7 @@ verify_crl (void) time_t now = time (0); gnutls_x509_crt_t issuer; - issuer = load_ca_cert (); + issuer = load_ca_cert (cinfo); fprintf (outfile, "\nCA certificate:\n"); @@ -2676,7 +2328,7 @@ verify_crl (void) void -generate_pkcs8 (void) +generate_pkcs8 (common_info_st* cinfo) { gnutls_x509_privkey_t key; int result; @@ -2686,7 +2338,7 @@ generate_pkcs8 (void) fprintf (stderr, "Generating a PKCS #8 key structure...\n"); - key = load_private_key (1); + key = load_private_key (1, cinfo); if (info.pass) password = info.pass; @@ -2703,7 +2355,7 @@ generate_pkcs8 (void) flags = GNUTLS_PKCS_PLAIN; } - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, password, flags, buffer, &size); @@ -2720,7 +2372,7 @@ generate_pkcs8 (void) #include void -generate_pkcs12 (void) +generate_pkcs12 (common_info_st* cinfo) { gnutls_pkcs12_t pkcs12; gnutls_x509_crt_t *crts; @@ -2738,8 +2390,8 @@ generate_pkcs12 (void) fprintf (stderr, "Generating a PKCS #12 structure...\n"); - key = load_private_key (0); - crts = load_cert_list (0, &ncrts); + key = load_private_key (0, cinfo); + crts = load_cert_list (0, &ncrts, cinfo); name = get_pkcs12_key_name (); @@ -2813,7 +2465,7 @@ generate_pkcs12 (void) else flags = cipher_to_flags (info.pkcs_cipher); - size = sizeof (buffer); + size = buffer_size; result = gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER, pass, flags, buffer, &size); @@ -2857,7 +2509,7 @@ generate_pkcs12 (void) if (result < 0) error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result)); - size = sizeof (buffer); + size = buffer_size; result = gnutls_pkcs12_export (pkcs12, info.outcert_format, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result)); @@ -3076,7 +2728,7 @@ pkcs7_info (void) { fputs ("\n", outfile); - size = sizeof (buffer); + size = buffer_size; result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size); if (result < 0) break; @@ -3107,7 +2759,7 @@ pkcs7_info (void) { fputs ("\n", outfile); - size = sizeof (buffer); + size = buffer_size; result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size); if (result < 0) break; @@ -3227,7 +2879,7 @@ print_key_usage (FILE * outfile, unsigned int usage) } void -pubkey_info (gnutls_x509_crt crt) +pubkey_info (gnutls_x509_crt crt, common_info_st* cinfo) { gnutls_pubkey_t pubkey; unsigned int bits, usage; @@ -3243,7 +2895,7 @@ pubkey_info (gnutls_x509_crt crt) if (crt == NULL) { - crt = load_cert (0); + crt = load_cert (0, cinfo); } if (crt != NULL) @@ -3257,7 +2909,7 @@ pubkey_info (gnutls_x509_crt crt) } else { - pubkey = load_pubkey (1); + pubkey = load_pubkey (1, cinfo); } fprintf (outfile, "Public Key Info:\n\n"); @@ -3315,7 +2967,7 @@ pubkey_info (gnutls_x509_crt crt) fprintf (outfile, "\n"); - size = sizeof (buffer); + size = buffer_size; if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0) { fprintf (stderr, "Error in key id calculation: %s\n", @@ -3326,7 +2978,7 @@ pubkey_info (gnutls_x509_crt crt) fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size)); } - size = sizeof (buffer); + size = buffer_size; ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); diff --git a/src/certtool.gaa b/src/certtool.gaa index 6b1be3d98f..e3e9f1c620 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -8,7 +8,6 @@ #endif #include "certtool-common.h" -#include #} @@ -138,34 +137,6 @@ option (template) STR "FILE" { $template = $1 } "Template file to use for non in #char *pkcs_cipher; option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)." -#char* pkcs11_provider; -option (p11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library" - -#char* pkcs11_url; -option (p11-export-url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export data specified a pkcs11 URL" - -#int pkcs11_type; -option (p11-list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL" -option (p11-list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL" -option (p11-list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL" -option (p11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL" -option (p11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL" -option (p11-list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens" - -#int pkcs11_login; -option (p11-login) { $pkcs11_login = 1; } "Force login to token" - -#char* pkcs11_label; -option (p11-write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates or private keys to a PKCS11 token." -option (p11-write-label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation." -#int pkcs11_trusted; -option (p11-write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted." - -#int pkcs11_detailed_url; -option (p11-detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs." - -option (p11-delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL." - #int debug; option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1." @@ -177,6 +148,4 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; - $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $pkcs11_provider= NULL; - $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; - $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; $pkcs11_detailed_url = 0; } + $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; } diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c new file mode 100644 index 0000000000..f29d25d068 --- /dev/null +++ b/src/p11tool-gaa.c @@ -0,0 +1,1147 @@ +/* File generated by GAA 1.6.6 + */ +#define GAA_NO_WIN32 +#line 1 "p11tool.gaa" + + +/* C declarations */ + +#include +#ifdef _WIN32 +# include +#endif + +#include "certtool-common.h" +#include "p11tool.h" +#include + +#include +#include +#include + +#ifndef GAA_NO_WIN32 +#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(WINDOWS) +#define GAA_WIN32 +#endif +#endif + +static void* gaa_malloc( size_t size) { +void* ret; + ret = malloc(size); + if (ret==NULL) { + fprintf(stderr, "gaa: could not allocate memory"); + exit(1); + } + return ret; +} + +static void __gaa_helpsingle(char short_name, char *name, + char *arg_desc, char *opt_help) +{ + int col1, col3, col4, tabsize = 3, curr; + int i; + + col1 = 5; /* Default values */ + col3 = 30; + col4 = 70; + + curr = 0; + for(i = 0; i < col1; i++) + { + printf(" "); + curr++; + } + if(short_name) + { + if(name && *name) + { + printf("-%c, ", short_name); + curr += 4; + } + else + { + printf("-%c ", short_name); + curr += 3; + } + } + if(name && *name) + { + printf("--%s ", name); + curr += 3 + strlen(name); + } + if(arg_desc && *arg_desc) + { + printf("%s ", arg_desc); + curr += 1 + strlen(arg_desc); + } + if(curr >= col3) + { + printf("\n"); + curr = 0; + } + if(opt_help) /* let's print the option's help body */ + { + const char *str = opt_help; + while(*str) + { + while(curr < col3) + { + printf(" "); + curr++; + } + switch(*str) + { + case '\n': + printf("\n"); + curr = 0; + break; + case '\t': + do + { + printf(" "); + curr++; + } + while((curr - col3) % tabsize != 0 && curr < col4); + case ' ': + if(*str == ' ') + { + curr++; + printf(" "); + } + for(i = 1; str[i] && str[i] != ' ' && str[i] != '\n' + && str[i] != '\t'; i++); + if(curr + i - 1 >= col4) + curr = col4; + break; + default: + printf("%c", *str); + curr++; + } + if(curr >= col4) + { + printf("\n"); + curr = 0; + } + str++; + } + } + printf("\n"); +} + +void gaa_help(void) +{ + printf("p11tool help\nUsage: p11tool [options]\n"); + printf("Usage: p11tool --list-tokens\n"); + printf("Usage: p11tool --list-all\n"); + printf("Usage: p11tool --url 'pkcs11:...'\n\n"); + __gaa_helpsingle(0, "url", "URL ", "Specify a pkcs11 URL"); + __gaa_helpsingle(0, "list-tokens", "", "List all available tokens"); + __gaa_helpsingle(0, "list-all", "", "List all objects specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "list-all-certs", "", "List all certificates specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "list-privkeys", "", "List private keys specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "initialize", "URL ", "Initializes a PKCS11 token."); + __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates, private or secret keys to a PKCS11 token."); + __gaa_helpsingle(0, "secret-key", "HEX_KEY ", "Provide a hex encoded secret key."); + __gaa_helpsingle(0, "label", "label ", "Sets a label for the write operation."); + __gaa_helpsingle(0, "write-trusted", "", "Marks the certificate to be imported as trusted."); + __gaa_helpsingle(0, "login", "", "Force login to token"); + __gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs."); + __gaa_helpsingle(0, "delete-url", "URL ", "Deletes objects matching the URL."); + __gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to use."); + __gaa_helpsingle(0, "load-pubkey", "FILE ", "Private key file to use."); + __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use."); + __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys."); + __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys."); + __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input certificates and private keys."); + __gaa_helpsingle(0, "provider", "Library ", "Specify the pkcs11 provider library"); + __gaa_helpsingle(0, "outfile", "FILE ", "Output file."); + __gaa_helpsingle('d', "debug", "LEVEL ", "specify the debug level. Default is 1."); + __gaa_helpsingle('h', "help", "", "shows this help text"); + +#line 100 "gaa.skel" +} +/* Copy of C area */ + +#line 104 "gaa.skel" +/* GAA HEADER */ +#ifndef GAA_HEADER_POKY +#define GAA_HEADER_POKY + +typedef struct _gaainfo gaainfo; + +struct _gaainfo +{ +#line 75 "p11tool.gaa" + int debug; +#line 70 "p11tool.gaa" + char *outfile; +#line 67 "p11tool.gaa" + int action; +#line 66 "p11tool.gaa" + char* pkcs11_provider; +#line 62 "p11tool.gaa" + int incert_format; +#line 59 "p11tool.gaa" + int pkcs8; +#line 56 "p11tool.gaa" + char *cert; +#line 53 "p11tool.gaa" + char *pubkey; +#line 50 "p11tool.gaa" + char *privkey; +#line 45 "p11tool.gaa" + int pkcs11_detailed_url; +#line 42 "p11tool.gaa" + int pkcs11_login; +#line 39 "p11tool.gaa" + int pkcs11_trusted; +#line 36 "p11tool.gaa" + char* secret_key; +#line 32 "p11tool.gaa" + char* pkcs11_label; +#line 24 "p11tool.gaa" + int pkcs11_type; +#line 21 "p11tool.gaa" + char* pkcs11_url; + +#line 114 "gaa.skel" +}; + +#ifdef __cplusplus +extern "C" +{ +#endif + + int gaa(int argc, char *argv[], gaainfo *gaaval); + + void gaa_help(void); + + int gaa_file(const char *name, gaainfo *gaaval); + +#ifdef __cplusplus +} +#endif + + +#endif + +#line 135 "gaa.skel" + +/* C declarations */ + +#define GAAERROR(x) \ +{ \ +gaa_error = 1; \ +return x; \ +} + +static char *gaa_current_option; +static int gaa_error = 0; + +/* Generated by gaa */ + +#include +#include + + +#define GAA_OK -1 + +#define GAA_ERROR_NOMATCH 0 +#define GAA_ERROR_NOTENOUGH_ARGS 1 +#define GAA_ERROR_INVALID_ARG 2 +#define GAA_ERROR_UNKNOWN 3 + +#define GAA_NOT_AN_OPTION 0 +#define GAA_WORD_OPTION 1 +#define GAA_LETTER_OPTION 2 +#define GAA_MULTIPLE_OPTION 3 + +#define GAA_REST 0 +#define GAA_NB_OPTION 25 +#define GAAOPTID_help 1 +#define GAAOPTID_debug 2 +#define GAAOPTID_outfile 3 +#define GAAOPTID_provider 4 +#define GAAOPTID_inraw 5 +#define GAAOPTID_inder 6 +#define GAAOPTID_pkcs8 7 +#define GAAOPTID_load_certificate 8 +#define GAAOPTID_load_pubkey 9 +#define GAAOPTID_load_privkey 10 +#define GAAOPTID_delete_url 11 +#define GAAOPTID_detailed_url 12 +#define GAAOPTID_login 13 +#define GAAOPTID_write_trusted 14 +#define GAAOPTID_label 15 +#define GAAOPTID_secret_key 16 +#define GAAOPTID_write 17 +#define GAAOPTID_initialize 18 +#define GAAOPTID_list_trusted 19 +#define GAAOPTID_list_privkeys 20 +#define GAAOPTID_list_certs 21 +#define GAAOPTID_list_all_certs 22 +#define GAAOPTID_list_all 23 +#define GAAOPTID_list_tokens 24 +#define GAAOPTID_url 25 + +#line 168 "gaa.skel" + +#define GAA_CHECK1STR(a,b) \ +if(a[0] == str[0]) \ +{ \ + gaa_current_option = a; \ + return b; \ +} + +#define GAA_CHECKSTR(a,b) \ +if(strcmp(a,str) == 0) \ +{ \ + gaa_current_option = a; \ + return b; \ +} + +#define GAA_TESTMOREARGS \ +if(!OK) \ +{ \ +while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \ + gaa_index++; \ +if(gaa_last_non_option == gaa_index) \ + return GAA_ERROR_NOTENOUGH_ARGS; \ +} + +#define GAA_TESTMOREOPTIONALARGS \ +if(!OK) \ +{ \ +while((gaa_last_non_option != gaa_index) && (gaa_arg_used[gaa_index] == 1)) \ + gaa_index++; \ +if(gaa_last_non_option == gaa_index) \ + OK = 1; \ +} + +#define GAA_FILL_2ARGS(target, func) \ +target = func(GAAargv[gaa_index]); \ +gaa_arg_used[gaa_index] = 1; \ +if(gaa_error == 1) \ +{ \ + gaa_error = 0; \ + return GAA_ERROR_INVALID_ARG; \ +} + + + +#define GAA_FILL(target, func, num) \ +if(!OK) \ +{ \ +target = func(GAAargv[gaa_index]); \ +gaa_arg_used[gaa_index] = 1; \ +if(gaa_error == 1) \ +{ \ + gaa_error = 0; \ + return GAA_ERROR_INVALID_ARG; \ +} \ +num = 1; \ +} \ +else \ +{ \ +num = 0; \ +} + +#define GAA_LIST_FILL(target, func, type ,num) \ +if(!OK) \ +{ \ +num = 0; \ +target = NULL; \ +if ( gaa_last_non_option - gaa_index > 0) \ + target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\ +for(; gaa_index < gaa_last_non_option; gaa_index++) \ +{ \ + if(gaa_arg_used[gaa_index] == 0) \ + { \ + GAA_FILL_2ARGS(target[num], func); \ + num++; \ + } \ +} \ +if(num == 0) \ + return GAA_ERROR_NOTENOUGH_ARGS; \ +} + +#define GAA_OPTIONALLIST_FILL(target, func, type ,num) \ +if(!OK) \ +{ \ +num = 0; \ +target = NULL; \ +if ( gaa_last_non_option - gaa_index > 0) \ + target = gaa_malloc((gaa_last_non_option - gaa_index) * sizeof(type));\ +for(; gaa_index < gaa_last_non_option; gaa_index++) \ +{ \ + if(gaa_arg_used[gaa_index] == 0) \ + { \ + GAA_FILL_2ARGS(target[num], func); \ + num++; \ + } \ +} \ +} + +#define GAA_OBLIGAT(str) \ +k = 0; \ +for(i = 0; i < strlen(str); i++) \ +{ \ + j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \ + if(j == GAA_ERROR_NOMATCH) \ + { \ + printf("Error: invalid 'obligat' set\n"); \ + exit(-1); \ + } \ + if(opt_list[j] == 1) \ + k = 1; \ +} \ +if(k == 0) \ +{ \ + if(strlen(str) == 1) \ + printf("You must give the -%s option\n", str); \ + else \ + printf("You must give at least one option of '%s'\n", str); \ + return 0; \ +} + +#define GAA_INCOMP(str) \ +k = 0; \ +for(i = 0; i < strlen(str); i++) \ +{ \ + j = gaa_get_option_num(str + i, GAA_LETTER_OPTION); \ + if(j == GAA_ERROR_NOMATCH) \ + { \ + printf("Error: invalid 'obligat' set\n"); \ + exit(-1); \ + } \ + if(opt_list[j] == 1) \ + k++; \ +} \ +if(k > 1) \ +{ \ + printf("The options '%s' are incompatible\n", str); \ + return 0; \ +} + + +static char **GAAargv; +static int GAAargc; +static char *gaa_arg_used; +static int gaa_processing_file = 0; +static int inited = 0; + +static int gaa_getint(char *arg) +{ + int tmp; + char a; + if(sscanf(arg, "%d%c", &tmp, &a) < 1) + { + printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg); + GAAERROR(-1); + } + return tmp; +} + +static char gaa_getchar(char *arg) +{ + if(strlen(arg) != 1) + { + printf("Option %s: '%s' isn't an character\n", gaa_current_option, arg); + GAAERROR(-1); + } + return arg[0]; +} + +static char* gaa_getstr(char *arg) +{ + return arg; +} +static float gaa_getfloat(char *arg) +{ + float tmp; + char a; + if(sscanf(arg, "%f%c", &tmp, &a) < 1) + { + printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg); + GAAERROR(-1); + } + return tmp; +} +/* option structures */ + +struct GAAOPTION_debug +{ + int arg1; + int size1; +}; + +struct GAAOPTION_outfile +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_provider +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_load_certificate +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_load_pubkey +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_load_privkey +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_delete_url +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_label +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_secret_key +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_write +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_initialize +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_url +{ + char* arg1; + int size1; +}; + +#line 349 "gaa.skel" +static int gaa_is_an_argument(char *str) +{ +#ifdef GAA_WIN32 + if(str[0] == '/' && str[1] != 0) + return GAA_MULTIPLE_OPTION; +#endif + if(str[0] != '-') + return GAA_NOT_AN_OPTION; + if(str[1] == 0) + return GAA_NOT_AN_OPTION; + if(str[1] == '-') + { + if(str[2] != 0) + return GAA_WORD_OPTION; + else + return GAA_NOT_AN_OPTION; + } + if(str[2] == 0) + return GAA_LETTER_OPTION; + else + return GAA_MULTIPLE_OPTION; +} + +static int gaa_get_option_num(char *str, int status) +{ + switch(status) + { + case GAA_LETTER_OPTION: + GAA_CHECK1STR("d", GAAOPTID_debug); + GAA_CHECK1STR("", GAAOPTID_outfile); + GAA_CHECK1STR("", GAAOPTID_provider); + GAA_CHECK1STR("", GAAOPTID_load_certificate); + GAA_CHECK1STR("", GAAOPTID_load_pubkey); + GAA_CHECK1STR("", GAAOPTID_load_privkey); + GAA_CHECK1STR("", GAAOPTID_delete_url); + GAA_CHECK1STR("", GAAOPTID_label); + GAA_CHECK1STR("", GAAOPTID_secret_key); + GAA_CHECK1STR("", GAAOPTID_write); + GAA_CHECK1STR("", GAAOPTID_initialize); + GAA_CHECK1STR("", GAAOPTID_url); + case GAA_MULTIPLE_OPTION: +#line 375 "gaa.skel" + GAA_CHECK1STR("h", GAAOPTID_help); + GAA_CHECK1STR("", GAAOPTID_inraw); + GAA_CHECK1STR("", GAAOPTID_inder); + GAA_CHECK1STR("8", GAAOPTID_pkcs8); + GAA_CHECK1STR("", GAAOPTID_detailed_url); + GAA_CHECK1STR("", GAAOPTID_login); + GAA_CHECK1STR("", GAAOPTID_write_trusted); + GAA_CHECK1STR("", GAAOPTID_list_trusted); + GAA_CHECK1STR("", GAAOPTID_list_privkeys); + GAA_CHECK1STR("", GAAOPTID_list_certs); + GAA_CHECK1STR("", GAAOPTID_list_all_certs); + GAA_CHECK1STR("", GAAOPTID_list_all); + GAA_CHECK1STR("", GAAOPTID_list_tokens); + +#line 277 "gaa.skel" + break; + case GAA_WORD_OPTION: + GAA_CHECKSTR("help", GAAOPTID_help); + GAA_CHECKSTR("debug", GAAOPTID_debug); + GAA_CHECKSTR("outfile", GAAOPTID_outfile); + GAA_CHECKSTR("provider", GAAOPTID_provider); + GAA_CHECKSTR("inraw", GAAOPTID_inraw); + GAA_CHECKSTR("inder", GAAOPTID_inder); + GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8); + GAA_CHECKSTR("load-certificate", GAAOPTID_load_certificate); + GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey); + GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey); + GAA_CHECKSTR("delete-url", GAAOPTID_delete_url); + GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url); + GAA_CHECKSTR("login", GAAOPTID_login); + GAA_CHECKSTR("write-trusted", GAAOPTID_write_trusted); + GAA_CHECKSTR("label", GAAOPTID_label); + GAA_CHECKSTR("secret-key", GAAOPTID_secret_key); + GAA_CHECKSTR("write", GAAOPTID_write); + GAA_CHECKSTR("initialize", GAAOPTID_initialize); + GAA_CHECKSTR("list-trusted", GAAOPTID_list_trusted); + GAA_CHECKSTR("list-privkeys", GAAOPTID_list_privkeys); + GAA_CHECKSTR("list-certs", GAAOPTID_list_certs); + GAA_CHECKSTR("list-all-certs", GAAOPTID_list_all_certs); + GAA_CHECKSTR("list-all", GAAOPTID_list_all); + GAA_CHECKSTR("list-tokens", GAAOPTID_list_tokens); + GAA_CHECKSTR("url", GAAOPTID_url); + +#line 281 "gaa.skel" + break; + default: break; + } + return GAA_ERROR_NOMATCH; +} + +static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) +{ + int OK = 0; + int gaa_last_non_option; + struct GAAOPTION_debug GAATMP_debug; + struct GAAOPTION_outfile GAATMP_outfile; + struct GAAOPTION_provider GAATMP_provider; + struct GAAOPTION_load_certificate GAATMP_load_certificate; + struct GAAOPTION_load_pubkey GAATMP_load_pubkey; + struct GAAOPTION_load_privkey GAATMP_load_privkey; + struct GAAOPTION_delete_url GAATMP_delete_url; + struct GAAOPTION_label GAATMP_label; + struct GAAOPTION_secret_key GAATMP_secret_key; + struct GAAOPTION_write GAATMP_write; + struct GAAOPTION_initialize GAATMP_initialize; + struct GAAOPTION_url GAATMP_url; + +#line 393 "gaa.skel" +#ifdef GAA_REST_EXISTS + struct GAAREST GAAREST_tmp; +#endif + + opt_list[gaa_num] = 1; + + for(gaa_last_non_option = gaa_index; + (gaa_last_non_option != GAAargc) && (gaa_is_an_argument(GAAargv[gaa_last_non_option]) == GAA_NOT_AN_OPTION); + gaa_last_non_option++); + + if(gaa_num == GAA_REST) + { + gaa_index = 1; + gaa_last_non_option = GAAargc; + } + + switch(gaa_num) + { + case GAAOPTID_help: + OK = 0; +#line 78 "p11tool.gaa" +{ gaa_help(); exit(0); ;}; + + return GAA_OK; + break; + case GAAOPTID_debug: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); + gaa_index++; +#line 76 "p11tool.gaa" +{ gaaval->debug = GAATMP_debug.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_outfile: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1); + gaa_index++; +#line 71 "p11tool.gaa" +{ gaaval->outfile = GAATMP_outfile.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_provider: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_provider.arg1, gaa_getstr, GAATMP_provider.size1); + gaa_index++; +#line 68 "p11tool.gaa" +{ gaaval->pkcs11_provider = GAATMP_provider.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_inraw: + OK = 0; +#line 64 "p11tool.gaa" +{ gaaval->incert_format=1 ;}; + + return GAA_OK; + break; + case GAAOPTID_inder: + OK = 0; +#line 63 "p11tool.gaa" +{ gaaval->incert_format=1 ;}; + + return GAA_OK; + break; + case GAAOPTID_pkcs8: + OK = 0; +#line 60 "p11tool.gaa" +{ gaaval->pkcs8=1 ;}; + + return GAA_OK; + break; + case GAAOPTID_load_certificate: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1); + gaa_index++; +#line 57 "p11tool.gaa" +{ gaaval->cert = GAATMP_load_certificate.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_load_pubkey: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1); + gaa_index++; +#line 54 "p11tool.gaa" +{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_load_privkey: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1); + gaa_index++; +#line 51 "p11tool.gaa" +{ gaaval->privkey = GAATMP_load_privkey.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_delete_url: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_delete_url.arg1, gaa_getstr, GAATMP_delete_url.size1); + gaa_index++; +#line 48 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url = GAATMP_delete_url.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_detailed_url: + OK = 0; +#line 46 "p11tool.gaa" +{ gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;}; + + return GAA_OK; + break; + case GAAOPTID_login: + OK = 0; +#line 43 "p11tool.gaa" +{ gaaval->pkcs11_login = 1; ;}; + + return GAA_OK; + break; + case GAAOPTID_write_trusted: + OK = 0; +#line 40 "p11tool.gaa" +{ gaaval->pkcs11_trusted = 1; ;}; + + return GAA_OK; + break; + case GAAOPTID_label: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1); + gaa_index++; +#line 38 "p11tool.gaa" +{ gaaval->pkcs11_label = GAATMP_label.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_secret_key: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr, GAATMP_secret_key.size1); + gaa_index++; +#line 37 "p11tool.gaa" +{ gaaval->secret_key = GAATMP_secret_key.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_write: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_write.arg1, gaa_getstr, GAATMP_write.size1); + gaa_index++; +#line 34 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url = GAATMP_write.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_initialize: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_initialize.arg1, gaa_getstr, GAATMP_initialize.size1); + gaa_index++; +#line 33 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_TOKEN_INIT; gaaval->pkcs11_url = GAATMP_initialize.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_trusted: + OK = 0; +#line 30 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_privkeys: + OK = 0; +#line 29 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_certs: + OK = 0; +#line 28 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_PK; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_all_certs: + OK = 0; +#line 27 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_all: + OK = 0; +#line 26 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;}; + + return GAA_OK; + break; + case GAAOPTID_list_tokens: + OK = 0; +#line 25 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_TOKENS; ;}; + + return GAA_OK; + break; + case GAAOPTID_url: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_url.arg1, gaa_getstr, GAATMP_url.size1); + gaa_index++; +#line 22 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_EXPORT_URL; gaaval->pkcs11_url = GAATMP_url.arg1; ;}; + + return GAA_OK; + break; + +#line 413 "gaa.skel" + default: break; + } + return GAA_ERROR_UNKNOWN; +} + +int gaa(int argc, char **argv, gaainfo *gaaval) +{ + int tmp1, tmp2; + int i, j; + char *opt_list; + + GAAargv = argv; + GAAargc = argc; + + opt_list = (char*) gaa_malloc(GAA_NB_OPTION + 1); + + for(i = 0; i < GAA_NB_OPTION + 1; i++) + opt_list[i] = 0; + /* initialization */ + if(inited == 0) + { + +#line 80 "p11tool.gaa" +{ gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile = NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL; + gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; + gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; + gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; ;}; + + } + inited = 1; +#line 438 "gaa.skel" + gaa_arg_used = NULL; + + if (argc > 0) { + gaa_arg_used = gaa_malloc(argc * sizeof(char)); + } + + for(i = 1; i < argc; i++) + gaa_arg_used[i] = 0; + for(i = 1; i < argc; i++) + { + if(gaa_arg_used[i] == 0) + { + j = 0; + tmp1 = gaa_is_an_argument(GAAargv[i]); + switch(tmp1) + { + case GAA_WORD_OPTION: + j++; + case GAA_LETTER_OPTION: + j++; + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); + if(tmp2 == GAA_ERROR_NOMATCH) + { + printf("Invalid option '%s'\n", argv[i]+j); + return 0; + } + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) + { + case GAA_ERROR_NOTENOUGH_ARGS: + printf("'%s': not enough arguments\n",gaa_current_option); + return 0; + case GAA_ERROR_INVALID_ARG: + printf("Invalid arguments\n"); + return 0; + case GAA_OK: + break; + default: + printf("Unknown error\n"); + } + gaa_arg_used[i] = 1; + break; + case GAA_MULTIPLE_OPTION: + for(j = 1; j < strlen(argv[i]); j++) + { + tmp2 = gaa_get_option_num(argv[i]+j, tmp1); + if(tmp2 == GAA_ERROR_NOMATCH) + { + printf("Invalid option '%c'\n", *(argv[i]+j)); + return 0; + } + switch(gaa_try(tmp2, i+1, gaaval, opt_list)) + { + case GAA_ERROR_NOTENOUGH_ARGS: + printf("'%s': not enough arguments\n",gaa_current_option); + return 0; + case GAA_ERROR_INVALID_ARG: + printf("Invalid arguments\n"); + return 0; + case GAA_OK: + break; + default: + printf("Unknown error\n"); + } + } + gaa_arg_used[i] = 1; + break; + default: break; + } + } + } +if(gaa_processing_file == 0) +{ + +#line 507 "gaa.skel" +#ifdef GAA_REST_EXISTS + switch(gaa_try(GAA_REST, 1, gaaval, opt_list)) + { + case GAA_ERROR_NOTENOUGH_ARGS: + printf("Rest: not enough arguments\n"); + return 0; + case GAA_ERROR_INVALID_ARG: + printf("Invalid arguments\n"); + return 0; + case GAA_OK: + break; + default: + printf("Unknown error\n"); + } +#endif +} + for(i = 1; i < argc; i++) + { + if(gaa_arg_used[i] == 0) + { + printf("Too many arguments\n"); + return 0; + } + } + free(gaa_arg_used); + free(opt_list); + return -1; +} + +struct gaastrnode +{ + char *str; + struct gaastrnode *next; +}; + +typedef struct gaastrnode gaa_str_node; + +static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc) +{ + int pos_ini; + int a; + int i = 0, len = 0, newline = 0; + + if(argc == 1) { + newline = 1; + len = 2; + } + + a = fgetc( file); + if (a == EOF) return 0; + + while(a == ' ' || a == 9 || a == '\n') + { + if(a == '\n') + { + newline=1; + len = 2; + } + a = fgetc( file); + if (a == EOF) return 0; + } + + pos_ini = ftell(file) - 1; + + while(a != ' ' && a != 9 && a != '\n') + { + + len++; + a = fgetc( file); + if(a==EOF) return 0; //a = ' '; + } + + len += 1; + tmp_str->str = gaa_malloc((len) * sizeof(char)); + + if(newline == 1) + { + tmp_str->str[0] = '-'; + tmp_str->str[1] = '-'; + i = 2; + } + else + { + i = 0; + } + + fseek(file,pos_ini, SEEK_SET); + do + { + a = fgetc( file); + + if (a == EOF) { + i+=2; + break; + } + tmp_str->str[i] = a; + i++; + } + while(a != ' ' && a != 9 && a != '\n' && i < len); + + tmp_str->str[i - 1] = 0; + + fseek(file,- 1, SEEK_CUR); +/* printf("%d\n", ftell(file)); */ + + return -1; +} + +int gaa_file(const char *name, gaainfo *gaaval) +{ + gaa_str_node *first_str, **tmp_str, *tmp_str2; + int rval, i; + char **argv; + int argc = 0; + FILE *file; + + gaa_processing_file = 1; + + if((file = fopen(name, "r")) == NULL) + { + printf("Couldn't open '%s' configuration file for reading\n", name); + return 1; + } + + tmp_str = &first_str; + do + { + argc++; + *tmp_str = gaa_malloc(sizeof(gaa_str_node)); + + (*tmp_str)->str = NULL; + (*tmp_str)->next = NULL; + + rval = gaa_internal_get_next_str(file, *tmp_str, argc); + tmp_str = &((*tmp_str)->next); + } + while(rval == -1); + + if(rval == 1) + return 0; + + argv = gaa_malloc((1 + argc) * sizeof(char*)); + + tmp_str2 = first_str; + argv[0] = "cfg"; + for(i = 1; i < argc; i++) + { + argv[i] = tmp_str2->str; + tmp_str2 = tmp_str2->next; + } + + rval = gaa(argc, argv, gaaval); + gaa_processing_file = 0; + return rval; +} diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h new file mode 100644 index 0000000000..000ca1ad72 --- /dev/null +++ b/src/p11tool-gaa.h @@ -0,0 +1,63 @@ + +#line 104 "gaa.skel" +/* GAA HEADER */ +#ifndef GAA_HEADER_POKY +#define GAA_HEADER_POKY + +typedef struct _gaainfo gaainfo; + +struct _gaainfo +{ +#line 75 "p11tool.gaa" + int debug; +#line 70 "p11tool.gaa" + char *outfile; +#line 67 "p11tool.gaa" + int action; +#line 66 "p11tool.gaa" + char* pkcs11_provider; +#line 62 "p11tool.gaa" + int incert_format; +#line 59 "p11tool.gaa" + int pkcs8; +#line 56 "p11tool.gaa" + char *cert; +#line 53 "p11tool.gaa" + char *pubkey; +#line 50 "p11tool.gaa" + char *privkey; +#line 45 "p11tool.gaa" + int pkcs11_detailed_url; +#line 42 "p11tool.gaa" + int pkcs11_login; +#line 39 "p11tool.gaa" + int pkcs11_trusted; +#line 36 "p11tool.gaa" + char* secret_key; +#line 32 "p11tool.gaa" + char* pkcs11_label; +#line 24 "p11tool.gaa" + int pkcs11_type; +#line 21 "p11tool.gaa" + char* pkcs11_url; + +#line 114 "gaa.skel" +}; + +#ifdef __cplusplus +extern "C" +{ +#endif + + int gaa(int argc, char *argv[], gaainfo *gaaval); + + void gaa_help(void); + + int gaa_file(const char *name, gaainfo *gaaval); + +#ifdef __cplusplus +} +#endif + + +#endif diff --git a/src/p11tool.c b/src/p11tool.c new file mode 100644 index 0000000000..5502737049 --- /dev/null +++ b/src/p11tool.c @@ -0,0 +1,166 @@ +/* + * Copyright (C) 2010 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see + * . + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Gnulib portability files. */ +#include +#include +#include + +#include "p11tool-gaa.h" +#include "p11tool.h" +#include "certtool-common.h" + +static void gaa_parser (int argc, char **argv); + +static gaainfo info; +static FILE *outfile; +int batch = 0; + +static void +tls_log_func (int level, const char *str) +{ + fprintf (stderr, "|<%d>| %s", level, str); +} + + +int +main (int argc, char **argv) +{ + set_program_name (argv[0]); + gaa_parser (argc, argv); + + return 0; +} + +static void +gaa_parser (int argc, char **argv) +{ + int ret; + common_info_st cinfo; + + if (gaa (argc, argv, &info) != -1) + { + fprintf (stderr, "Try `%s --help' for more information.\n", + program_name); + exit (1); + } + + gnutls_global_set_log_function (tls_log_func); + gnutls_global_set_log_level (info.debug); + if (info.debug > 1) + printf ("Setting log level to %d\n", info.debug); + + if ((ret = gnutls_global_init ()) < 0) + error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); + + if (info.pkcs11_provider != NULL) + { + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret < 0) + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + else + { + ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); + if (ret < 0) + error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", + gnutls_strerror (ret)); + } + } + else + { + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); + if (ret < 0) + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + } + + if (info.outfile) + { + outfile = safe_open_rw (info.outfile, 0); + if (outfile == NULL) + error (EXIT_FAILURE, errno, "%s", info.outfile); + } + else + outfile = stdout; + + memset(&cinfo, 0, sizeof(cinfo)); + cinfo.secret_key = info.secret_key; + cinfo.privkey = info.privkey; + cinfo.pkcs8 = info.pkcs8; + cinfo.incert_format = info.incert_format; + cinfo.cert = info.cert; + + switch (info.action) + { + case ACTION_PKCS11_LIST: + pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, + info.pkcs11_login, info.pkcs11_detailed_url, &cinfo); + break; + case ACTION_PKCS11_TOKENS: + pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo); + break; + case ACTION_PKCS11_EXPORT_URL: + pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); + break; + case ACTION_PKCS11_WRITE_URL: + pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, + info.pkcs11_trusted, info.pkcs11_login, &cinfo); + break; + case ACTION_PKCS11_TOKEN_INIT: + pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo); + break; + case ACTION_PKCS11_DELETE_URL: + pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo); + break; + default: + gaa_help (); + exit (0); + } + fclose (outfile); + + gnutls_pkcs11_deinit (); + gnutls_global_deinit (); +} + diff --git a/src/p11tool.gaa b/src/p11tool.gaa new file mode 100644 index 0000000000..cdc5def972 --- /dev/null +++ b/src/p11tool.gaa @@ -0,0 +1,83 @@ +#{ + +/* C declarations */ + +#include +#ifdef _WIN32 +# include +#endif + +#include "certtool-common.h" +#include "p11tool.h" +#include + +#} + +helpnode "p11tool help\nUsage: p11tool [options]" +helpnode "Usage: p11tool --list-tokens" +helpnode "Usage: p11tool --list-all" +helpnode "Usage: p11tool --url 'pkcs11:...'\n" + +#char* pkcs11_url; +option (url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Specify a pkcs11 URL" + +#int pkcs11_type; +option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens" +option (list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL" +option (list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL" +option (list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL" +option (list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL" +option (list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL" + +#char* pkcs11_label; +option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT; $pkcs11_url = $1; } "Initializes a PKCS11 token." +option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates, private or secret keys to a PKCS11 token." + +#char* secret_key; +option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded secret key." +option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation." +#int pkcs11_trusted; +option (write-trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted." + +#int pkcs11_login; +option (login) { $pkcs11_login = 1; } "Force login to token" + +#int pkcs11_detailed_url; +option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs." + +option (delete-url) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL." + +#char *privkey; +option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use." + +#char *pubkey; +option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use." + +#char *cert; +option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use." + +#int pkcs8; +option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys." + +#int incert_format; +option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys." +option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates and private keys." + +#char* pkcs11_provider; +#int action; +option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library" + +#char *outfile; +option (outfile) STR "FILE" { $outfile = $1 } "Output file." + + + +#int debug; +option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1." + +option (h, help) { gaa_help(); exit(0); } "shows this help text" + +init { $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; $privkey = NULL; + $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; + $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 0; + $secret_key = NULL; $cert = NULL; $incert_format = 0; } diff --git a/src/p11tool.h b/src/p11tool.h new file mode 100644 index 0000000000..023e355eac --- /dev/null +++ b/src/p11tool.h @@ -0,0 +1,34 @@ +#ifndef P11TOOL_H +# define P11TOOL_H + +#include "certtool-common.h" + +void pkcs11_list (FILE * outfile, const char *url, int type, + unsigned int login, unsigned int detailed, common_info_st*); +void pkcs11_export (FILE * outfile, const char *pkcs11_url, + unsigned int login, common_info_st*); +void pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st*); +void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label, + int trusted, unsigned int login, common_info_st*); +void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch, + unsigned int login, common_info_st*); +void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char* label, common_info_st*); + +#define PKCS11_TYPE_CRT_ALL 1 +#define PKCS11_TYPE_TRUSTED 2 +#define PKCS11_TYPE_PK 3 +#define PKCS11_TYPE_ALL 4 +#define PKCS11_TYPE_PRIVKEY 5 + + +enum +{ + ACTION_PKCS11_LIST, + ACTION_PKCS11_TOKENS, + ACTION_PKCS11_EXPORT_URL, + ACTION_PKCS11_WRITE_URL, + ACTION_PKCS11_DELETE_URL, + ACTION_PKCS11_TOKEN_INIT, +}; + +#endif diff --git a/src/pkcs11.c b/src/pkcs11.c index 364f5735d3..9a5de9fd0b 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -25,8 +25,9 @@ #include #include #include -#include "certtool-common.h" +#include "p11tool.h" #include "certtool-cfg.h" +#include "certtool-common.h" #include #include @@ -87,7 +88,7 @@ pkcs11_common (void) } void -pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login) +pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, common_info_st* info) { int ret; unsigned int obj_flags = 0; @@ -98,7 +99,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login) if (!batch) { pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, - GNUTLS_PKCS11_URL_LIB); + GNUTLS_PKCS11_URL_LIB, info); ret = read_yesno ("Are you sure you want to delete those objects? (y/N): "); if (ret == 0) @@ -124,7 +125,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login) */ void pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, - unsigned int detailed) + unsigned int detailed, common_info_st* info) { gnutls_pkcs11_obj_t *crt_list; gnutls_x509_crt_t xcrt; @@ -296,7 +297,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, } void -pkcs11_export (FILE * outfile, const char *url, unsigned int login) +pkcs11_export (FILE * outfile, const char *url, unsigned int login, common_info_st* info) { gnutls_pkcs11_obj_t crt; gnutls_x509_crt_t xcrt; @@ -427,7 +428,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login) } void -pkcs11_token_list (FILE * outfile, unsigned int detailed) +pkcs11_token_list (FILE * outfile, unsigned int detailed, common_info_st* info) { int ret; int i; @@ -514,13 +515,14 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed) void pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, - unsigned int login) + unsigned int login, common_info_st* info) { gnutls_x509_crt_t xcrt; gnutls_x509_privkey_t xkey; int ret; unsigned int flags = 0; - unsigned int key_usage; + unsigned int key_usage = 0; + gnutls_datum_t* secret_key; if (login) flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; @@ -530,7 +532,22 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, if (url == NULL) url = "pkcs11:"; - xcrt = load_cert (0); + secret_key = load_secret_key(0, info); + if (secret_key != NULL) + { + ret = + gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + } + + xcrt = load_cert (0, info); if (xcrt != NULL) { if (trusted) @@ -546,7 +563,7 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL); } - xkey = load_private_key (0); + xkey = load_private_key (0, info); if (xkey != NULL) { ret = @@ -561,10 +578,47 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, } } - if (xkey == NULL && xcrt == NULL) + if (xkey == NULL && xcrt == NULL && secret_key != NULL) { fprintf (stderr, - "You must use --load-privkey or --load-certificate to load the file to be copied\n"); + "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n"); + exit (1); + } + + return; +} + +void +pkcs11_init (FILE * outfile, const char *url, const char *label, common_info_st* info) +{ + int ret; + char * pin; + char so_pin[32]; + + pkcs11_common (); + + if (url == NULL) + { + fprintf(stderr, "No token URL given to initialize!\n"); + exit(1); + } + + pin = getpass ("Enter Security Officer's PIN: "); + if (pin == NULL) + exit(0); + + strcpy(so_pin, pin); + + pin = getpass ("Enter new User's PIN: "); + if (pin == NULL) + exit(0); + + ret = + gnutls_pkcs11_token_init (url, so_pin, pin, label); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); exit (1); }