[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-231-g664098d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-231-g664098d |
|
Date: |
Thu, 17 Jun 2010 23:16:34 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=664098d0bf95dd1990fe2a9a16052634be64c3e8
The branch, master has been updated
via 664098d0bf95dd1990fe2a9a16052634be64c3e8 (commit)
via eb3dc6ff292de8f40427e8ebb702aa7c2e5bdee8 (commit)
via 6d112bcd452001274e2df7662d1c7aa30ee60d9e (commit)
from 61857adefc8e03dcaa1458519d402c47c7d50400 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 664098d0bf95dd1990fe2a9a16052634be64c3e8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 18 01:15:50 2010 +0200
Allow listing of private keys only. Certtool has now the
--pkcs11-list-privkeya option.
commit eb3dc6ff292de8f40427e8ebb702aa7c2e5bdee8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 18 01:09:12 2010 +0200
Send correct token name to callback.
commit 6d112bcd452001274e2df7662d1c7aa30ee60d9e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 18 01:04:16 2010 +0200
Added more gnutls errors to map closer to PKCS11 actual errors.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_errors.c | 27 +++++++-
lib/includes/gnutls/gnutls.h.in | 14 ++++
lib/includes/gnutls/pkcs11.h | 1 +
lib/pkcs11.c | 109 ++++++++++++++++++++++++++--
lib/pkcs11_int.h | 2 +-
lib/pkcs11_privkey.c | 17 +++--
lib/pkcs11_write.c | 19 +++---
src/certtool-common.h | 1 +
src/certtool-gaa.c | 149 +++++++++++++++++++++------------------
src/certtool-gaa.h | 6 +-
src/certtool.gaa | 1 +
src/pkcs11.c | 4 +-
12 files changed, 249 insertions(+), 101 deletions(-)
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 3a27da8..97d5386 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -286,7 +286,32 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_PKCS11_PIN_SAVE, 1),
ERROR_ENTRY (N_("PKCS #11 error"),
GNUTLS_E_PKCS11_ERROR, 1),
-
+ ERROR_ENTRY (N_("PKCS #11 error in slot"),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 locking error"),
+ GNUTLS_E_PKCS11_LOCKING_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in attribute"),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in device"),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in data"),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in key"),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 PIN expired"),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ ERROR_ENTRY (N_("PKCS #11 PIN locked"),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in session"),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in signature"),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in token"),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 user error"),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
{NULL, NULL, 0, 0}
};
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index e03e7b3..37b91e9 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1757,6 +1757,20 @@ extern "C"
#define GNUTLS_E_PKCS11_PIN_ERROR -303
#define GNUTLS_E_PKCS11_PIN_SAVE -304
+#define GNUTLS_E_PKCS11_SLOT_ERROR -305
+#define GNUTLS_E_PKCS11_LOCKING_ERROR -306
+#define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
+#define GNUTLS_E_PKCS11_DEVICE_ERROR -308
+#define GNUTLS_E_PKCS11_DATA_ERROR -309
+#define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
+#define GNUTLS_E_PKCS11_KEY_ERROR -311
+#define GNUTLS_E_PKCS11_PIN_EXPIRED -312
+#define GNUTLS_E_PKCS11_PIN_LOCKED -313
+#define GNUTLS_E_PKCS11_SESSION_ERROR -314
+#define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
+#define GNUTLS_E_PKCS11_TOKEN_ERROR -316
+#define GNUTLS_E_PKCS11_USER_ERROR -317
+
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index da30b48..80e4b42 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -80,6 +80,7 @@ typedef enum {
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with
corresponding private key */
GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */
} gnutls_pkcs11_obj_attr_t;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 590db80..51d7f2f 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -5,7 +5,7 @@
* Author: Nikos Mavrogiannopoulos
*
* Inspired and some parts based on neon PKCS #11 support by Joe Orton.
- * More ideas came from the pkcs11-helper library.
+ * More ideas came from the pkcs11-helper library by Alon Bar-Lev.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -69,6 +69,91 @@ static void* pin_data;
gnutls_pkcs11_token_callback_t token_func;
void* token_data;
+int pkcs11_rv_to_err(ck_rv_t rv)
+{
+ switch(rv) {
+ case CKR_OK:
+ return 0;
+ case CKR_HOST_MEMORY:
+ return GNUTLS_E_MEMORY_ERROR;
+ case CKR_SLOT_ID_INVALID:
+ return GNUTLS_E_PKCS11_SLOT_ERROR;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_MECHANISM_PARAM_INVALID:
+ return GNUTLS_E_INVALID_REQUEST;
+ case CKR_NEED_TO_CREATE_THREADS:
+ case CKR_CANT_LOCK:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_MUTEX_BAD:
+ case CKR_MUTEX_NOT_LOCKED:
+ return GNUTLS_E_PKCS11_LOCKING_ERROR;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_DEVICE_REMOVED:
+ return GNUTLS_E_PKCS11_DEVICE_ERROR;
+ case CKR_DATA_INVALID:
+ case CKR_DATA_LEN_RANGE:
+ case CKR_ENCRYPTED_DATA_INVALID:
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ return GNUTLS_E_PKCS11_DATA_ERROR;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_MECHANISM_INVALID:
+ return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
+ case CKR_KEY_HANDLE_INVALID:
+ case CKR_KEY_SIZE_RANGE:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_INDIGESTIBLE:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_NOT_WRAPPABLE:
+ case CKR_KEY_UNEXTRACTABLE:
+ return GNUTLS_E_PKCS11_KEY_ERROR;
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ case CKR_PIN_EXPIRED:
+ return GNUTLS_E_PKCS11_PIN_EXPIRED;
+ case CKR_PIN_LOCKED:
+ return GNUTLS_E_PKCS11_PIN_LOCKED;
+ case CKR_SESSION_CLOSED:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return GNUTLS_E_PKCS11_SESSION_ERROR;
+ case CKR_SIGNATURE_INVALID:
+ case CKR_SIGNATURE_LEN_RANGE:
+ return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return GNUTLS_E_PKCS11_TOKEN_ERROR;
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_NOT_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TYPE_INVALID:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_TOO_MANY_TYPES:
+ return GNUTLS_E_PKCS11_USER_ERROR;
+ case CKR_BUFFER_TOO_SMALL:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ default:
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+}
+
/* Fake scan */
void pkcs11_rescan_slots(void)
{
@@ -765,7 +850,7 @@ ck_rv_t rv;
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = pkcs11_rv_to_err(rv);
goto fail;
}
@@ -1248,7 +1333,7 @@ static int find_obj_url(pakchois_session_t *pks, struct
token_info *info, void*
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -1594,7 +1679,7 @@ int pkcs11_login(pakchois_session_t *pks, struct
token_info *info, token_creds_s
_gnutls_debug_log("pk11: Login result = %lu\n", rv);
- return (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 :
GNUTLS_E_PKCS11_ERROR;
+ return (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 :
pkcs11_rv_to_err(rv);
}
static int find_privkeys(pakchois_session_t *pks, struct token_info* info,
struct pkey_list *list)
@@ -1618,7 +1703,7 @@ static int find_privkeys(pakchois_session_t *pks, struct
token_info* info, struc
rv = pakchois_find_objects_init(pks, a, 1);
if (rv != CKR_OK) {
gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
+ return pkcs11_rv_to_err(rv);
}
list->key_ids_size = 0;
@@ -1648,7 +1733,7 @@ static int find_privkeys(pakchois_session_t *pks, struct
token_info* info, struc
rv = pakchois_find_objects_init(pks, a, 1);
if (rv != CKR_OK) {
gnutls_assert();
- return GNUTLS_E_PKCS11_ERROR;
+ return pkcs11_rv_to_err(rv);
}
current = 0;
@@ -1748,7 +1833,8 @@ static int find_objs(pakchois_session_t *pks, struct
token_info *info, void* inp
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- } else if (find_data->flags==GNUTLS_PKCS11_OBJ_ATTR_ALL) {
+ } else if (find_data->flags==GNUTLS_PKCS11_OBJ_ATTR_ALL ||
+ find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
ret = pkcs11_login(pks, info, NULL);
if (ret < 0) {
gnutls_assert();
@@ -1803,6 +1889,13 @@ static int find_objs(pakchois_session_t *pks, struct
token_info *info, void* inp
a[tot_values].value = &class;
a[tot_values].value_len = sizeof class;
tot_values++;
+ } else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
+ class = CKO_PRIVATE_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
} else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) {
if (class != -1) {
a[tot_values].type = CKA_CLASS;
@@ -1833,7 +1926,7 @@ static int find_objs(pakchois_session_t *pks, struct
token_info *info, void* inp
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return pkcs11_rv_to_err(rv);
}
while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 04da57a..324da34 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -51,7 +51,7 @@ struct gnutls_pkcs11_obj_st {
*/
typedef int (*find_func_t)(pakchois_session_t *pks, struct token_info* tinfo,
void* input);
-
+int pkcs11_rv_to_err(ck_rv_t rv);
int pkcs11_url_to_info(const char* url, struct pkcs11_url_info* info);
int pkcs11_get_info(struct pkcs11_url_info *info, gnutls_pkcs11_obj_info_t
itype,
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 67eddd9..c0fe633 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -170,11 +170,12 @@ gnutls_pkcs11_privkey_sign_data(gnutls_pkcs11_privkey_t
signer,
#define FIND_OBJECT(pks, obj, key) \
do { \
int retries = 0; \
+ int rret; \
ret = pkcs11_find_object (&pks, &obj, &key->info, &key->creds, \
SESSION_LOGIN); \
if (ret < 0) { \
- rv = token_func(token_data, key->info.label,
retries++); \
- if (rv == 0) continue; \
+ rret = token_func(token_data, key->info.token,
retries++); \
+ if (rret == 0) continue; \
gnutls_assert(); \
return ret; \
} \
@@ -216,7 +217,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
rv = pakchois_sign_init(pks, &mech, obj);
if (rv != CKR_OK) {
gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -225,7 +226,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
&siglen);
if (rv != CKR_OK) {
gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -237,7 +238,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
if (rv != CKR_OK) {
gnutls_free(signature->data);
gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -329,7 +330,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
rv = pakchois_decrypt_init(pks, &mech, obj);
if (rv != CKR_OK) {
gnutls_assert();
- ret = GNUTLS_E_PK_DECRYPTION_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -338,7 +339,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
&siglen);
if (rv != CKR_OK) {
gnutls_assert();
- ret = GNUTLS_E_PK_DECRYPTION_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -350,7 +351,7 @@ gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t
key,
if (rv != CKR_OK) {
gnutls_free(plaintext->data);
gnutls_assert();
- ret = GNUTLS_E_PK_DECRYPTION_FAILED;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 3ab1b3a..b93623a 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -138,7 +138,7 @@ int gnutls_pkcs11_copy_x509_crt(const char* token_url,
gnutls_x509_crt_t crt,
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
- ret = GNUTLS_E_PKCS11_ERROR;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -321,7 +321,7 @@ int gnutls_pkcs11_copy_x509_privkey(const char* token_url,
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv));
- ret = GNUTLS_E_PKCS11_ERROR;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
@@ -446,19 +446,18 @@ static int delete_obj_url(pakchois_session_t *pks, struct
token_info *info, void
if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log("pk11: FindObjectsInit failed.\n");
- ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK
&& count == 1) {
-
- rv = pakchois_destroy_object(pks, obj);
- if (rv != CKR_OK) {
- _gnutls_debug_log("pkcs11: Cannot destroy object: %s\n",
pakchois_error(rv));
- } else {
- find_data->deleted++;
- }
+ rv = pakchois_destroy_object(pks, obj);
+ if (rv != CKR_OK) {
+ _gnutls_debug_log("pkcs11: Cannot destroy object: %s\n",
pakchois_error(rv));
+ } else {
+ find_data->deleted++;
+ }
found = 1;
}
diff --git a/src/certtool-common.h b/src/certtool-common.h
index f937f95..95ff5dc 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -48,6 +48,7 @@ void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int
batch);
#define PKCS11_TYPE_TRUSTED 2
#define PKCS11_TYPE_PK 3
#define PKCS11_TYPE_ALL 4
+#define PKCS11_TYPE_PRIVKEY 5
extern unsigned char buffer[];
extern const int buffer_size;
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index c8c761c..535ac4c 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -181,6 +181,7 @@ void gaa_help(void)
__gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11
provider library");
__gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified
a pkcs11 URL");
__gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that
have a private key specified by a PKCS#11 URL");
+ __gaa_helpsingle(0, "pkcs11-list-privkeys", "", "List private keys
specified by a PKCS#11 URL");
__gaa_helpsingle(0, "pkcs11-list-trusted", "", "List certificates
marked as trusted, specified by a PKCS#11 URL");
__gaa_helpsingle(0, "pkcs11-list-all-certs", "", "List all certificates
specified by a PKCS#11 URL");
__gaa_helpsingle(0, "pkcs11-list-all", "", "List all objects specified
by a PKCS#11 URL");
@@ -206,11 +207,11 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 159 "certtool.gaa"
+#line 160 "certtool.gaa"
int debug;
-#line 154 "certtool.gaa"
+#line 155 "certtool.gaa"
int pkcs11_trusted;
-#line 151 "certtool.gaa"
+#line 152 "certtool.gaa"
char* pkcs11_label;
#line 144 "certtool.gaa"
int pkcs11_type;
@@ -322,7 +323,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 63
+#define GAA_NB_OPTION 64
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_debug 3
@@ -334,58 +335,59 @@ static int gaa_error = 0;
#define GAAOPTID_pkcs11_list_all 9
#define GAAOPTID_pkcs11_list_all_certs 10
#define GAAOPTID_pkcs11_list_trusted 11
-#define GAAOPTID_pkcs11_list_certs 12
-#define GAAOPTID_pkcs11_export_url 13
-#define GAAOPTID_pkcs11_provider 14
-#define GAAOPTID_pkcs_cipher 15
-#define GAAOPTID_template 16
-#define GAAOPTID_infile 17
-#define GAAOPTID_outfile 18
-#define GAAOPTID_disable_quick_random 19
-#define GAAOPTID_sec_param 20
-#define GAAOPTID_bits 21
-#define GAAOPTID_outraw 22
-#define GAAOPTID_outder 23
-#define GAAOPTID_inraw 24
-#define GAAOPTID_inder 25
-#define GAAOPTID_export_ciphers 26
-#define GAAOPTID_hash 27
-#define GAAOPTID_dsa 28
-#define GAAOPTID_pkcs8 29
-#define GAAOPTID_to_p8 30
-#define GAAOPTID_to_p12 31
-#define GAAOPTID_v1 32
-#define GAAOPTID_fix_key 33
-#define GAAOPTID_pubkey_info 34
-#define GAAOPTID_pgp_key_info 35
-#define GAAOPTID_key_info 36
-#define GAAOPTID_smime_to_p7 37
-#define GAAOPTID_p7_info 38
-#define GAAOPTID_p12_info 39
-#define GAAOPTID_no_crq_extensions 40
-#define GAAOPTID_crq_info 41
-#define GAAOPTID_crl_info 42
-#define GAAOPTID_pgp_ring_info 43
-#define GAAOPTID_pgp_certificate_info 44
-#define GAAOPTID_certificate_info 45
-#define GAAOPTID_password 46
-#define GAAOPTID_load_ca_certificate 47
-#define GAAOPTID_load_ca_privkey 48
-#define GAAOPTID_load_certificate 49
-#define GAAOPTID_load_request 50
-#define GAAOPTID_load_pubkey 51
-#define GAAOPTID_load_privkey 52
-#define GAAOPTID_get_dh_params 53
-#define GAAOPTID_generate_dh_params 54
-#define GAAOPTID_verify_crl 55
-#define GAAOPTID_verify_chain 56
-#define GAAOPTID_generate_request 57
-#define GAAOPTID_generate_privkey 58
-#define GAAOPTID_update_certificate 59
-#define GAAOPTID_generate_crl 60
-#define GAAOPTID_generate_proxy 61
-#define GAAOPTID_generate_certificate 62
-#define GAAOPTID_generate_self_signed 63
+#define GAAOPTID_pkcs11_list_privkeys 12
+#define GAAOPTID_pkcs11_list_certs 13
+#define GAAOPTID_pkcs11_export_url 14
+#define GAAOPTID_pkcs11_provider 15
+#define GAAOPTID_pkcs_cipher 16
+#define GAAOPTID_template 17
+#define GAAOPTID_infile 18
+#define GAAOPTID_outfile 19
+#define GAAOPTID_disable_quick_random 20
+#define GAAOPTID_sec_param 21
+#define GAAOPTID_bits 22
+#define GAAOPTID_outraw 23
+#define GAAOPTID_outder 24
+#define GAAOPTID_inraw 25
+#define GAAOPTID_inder 26
+#define GAAOPTID_export_ciphers 27
+#define GAAOPTID_hash 28
+#define GAAOPTID_dsa 29
+#define GAAOPTID_pkcs8 30
+#define GAAOPTID_to_p8 31
+#define GAAOPTID_to_p12 32
+#define GAAOPTID_v1 33
+#define GAAOPTID_fix_key 34
+#define GAAOPTID_pubkey_info 35
+#define GAAOPTID_pgp_key_info 36
+#define GAAOPTID_key_info 37
+#define GAAOPTID_smime_to_p7 38
+#define GAAOPTID_p7_info 39
+#define GAAOPTID_p12_info 40
+#define GAAOPTID_no_crq_extensions 41
+#define GAAOPTID_crq_info 42
+#define GAAOPTID_crl_info 43
+#define GAAOPTID_pgp_ring_info 44
+#define GAAOPTID_pgp_certificate_info 45
+#define GAAOPTID_certificate_info 46
+#define GAAOPTID_password 47
+#define GAAOPTID_load_ca_certificate 48
+#define GAAOPTID_load_ca_privkey 49
+#define GAAOPTID_load_certificate 50
+#define GAAOPTID_load_request 51
+#define GAAOPTID_load_pubkey 52
+#define GAAOPTID_load_privkey 53
+#define GAAOPTID_get_dh_params 54
+#define GAAOPTID_generate_dh_params 55
+#define GAAOPTID_verify_crl 56
+#define GAAOPTID_verify_chain 57
+#define GAAOPTID_generate_request 58
+#define GAAOPTID_generate_privkey 59
+#define GAAOPTID_update_certificate 60
+#define GAAOPTID_generate_crl 61
+#define GAAOPTID_generate_proxy 62
+#define GAAOPTID_generate_certificate 63
+#define GAAOPTID_generate_self_signed 64
#line 168 "gaa.skel"
@@ -632,7 +634,7 @@ struct GAAOPTION_outfile
int size1;
};
-struct GAAOPTION_sec_param
+struct GAAOPTION_sec_param
{
char* arg1;
int size1;
@@ -750,6 +752,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all);
GAA_CHECK1STR("", GAAOPTID_pkcs11_list_all_certs);
GAA_CHECK1STR("", GAAOPTID_pkcs11_list_trusted);
+ GAA_CHECK1STR("", GAAOPTID_pkcs11_list_privkeys);
GAA_CHECK1STR("", GAAOPTID_pkcs11_list_certs);
GAA_CHECK1STR("", GAAOPTID_disable_quick_random);
GAA_CHECK1STR("", GAAOPTID_outraw);
@@ -801,6 +804,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("pkcs11-list-all",
GAAOPTID_pkcs11_list_all);
GAA_CHECKSTR("pkcs11-list-all-certs",
GAAOPTID_pkcs11_list_all_certs);
GAA_CHECKSTR("pkcs11-list-trusted",
GAAOPTID_pkcs11_list_trusted);
+ GAA_CHECKSTR("pkcs11-list-privkeys",
GAAOPTID_pkcs11_list_privkeys);
GAA_CHECKSTR("pkcs11-list-certs",
GAAOPTID_pkcs11_list_certs);
GAA_CHECKSTR("pkcs11-export-url",
GAAOPTID_pkcs11_export_url);
GAA_CHECKSTR("pkcs11-provider",
GAAOPTID_pkcs11_provider);
@@ -907,14 +911,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 164 "certtool.gaa"
+#line 165 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 162 "certtool.gaa"
+#line 163 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -924,7 +928,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 160 "certtool.gaa"
+#line 161 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -934,14 +938,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs11_delete_url.arg1, gaa_getstr,
GAATMP_pkcs11_delete_url.size1);
gaa_index++;
-#line 157 "certtool.gaa"
+#line 158 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_DELETE_URL; gaaval->pkcs11_url =
GAATMP_pkcs11_delete_url.arg1; ;};
return GAA_OK;
break;
case GAAOPTID_pkcs11_write_trusted:
OK = 0;
-#line 155 "certtool.gaa"
+#line 156 "certtool.gaa"
{ gaaval->pkcs11_trusted = 1; ;};
return GAA_OK;
@@ -951,7 +955,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs11_write_label.arg1, gaa_getstr,
GAATMP_pkcs11_write_label.size1);
gaa_index++;
-#line 153 "certtool.gaa"
+#line 154 "certtool.gaa"
{ gaaval->pkcs11_label = GAATMP_pkcs11_write_label.arg1; ;};
return GAA_OK;
@@ -961,39 +965,46 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs11_write.arg1, gaa_getstr,
GAATMP_pkcs11_write.size1);
gaa_index++;
-#line 152 "certtool.gaa"
+#line 153 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_WRITE_URL; gaaval->pkcs11_url =
GAATMP_pkcs11_write.arg1; ;};
return GAA_OK;
break;
case GAAOPTID_pkcs11_list_tokens:
OK = 0;
-#line 149 "certtool.gaa"
+#line 150 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_TOKENS; ;};
return GAA_OK;
break;
case GAAOPTID_pkcs11_list_all:
OK = 0;
-#line 148 "certtool.gaa"
+#line 149 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST; gaaval->pkcs11_type=PKCS11_TYPE_ALL; ;};
return GAA_OK;
break;
case GAAOPTID_pkcs11_list_all_certs:
OK = 0;
-#line 147 "certtool.gaa"
+#line 148 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_CRT_ALL; ;};
return GAA_OK;
break;
case GAAOPTID_pkcs11_list_trusted:
OK = 0;
-#line 146 "certtool.gaa"
+#line 147 "certtool.gaa"
{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_TRUSTED; ;};
return GAA_OK;
break;
+ case GAAOPTID_pkcs11_list_privkeys:
+ OK = 0;
+#line 146 "certtool.gaa"
+{ gaaval->action = ACTION_PKCS11_LIST;
gaaval->pkcs11_type=PKCS11_TYPE_PRIVKEY; ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_pkcs11_list_certs:
OK = 0;
#line 145 "certtool.gaa"
@@ -1430,7 +1441,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 166 "certtool.gaa"
+#line 167 "certtool.gaa"
{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL;
gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL;
gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0;
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 647e512..8e9f2ff 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,11 +8,11 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 159 "certtool.gaa"
+#line 160 "certtool.gaa"
int debug;
-#line 154 "certtool.gaa"
+#line 155 "certtool.gaa"
int pkcs11_trusted;
-#line 151 "certtool.gaa"
+#line 152 "certtool.gaa"
char* pkcs11_label;
#line 144 "certtool.gaa"
int pkcs11_type;
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 9b77864..0f7be24 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -143,6 +143,7 @@ option (pkcs11-export-url) STR "URL" { $action =
ACTION_PKCS11_EXPORT_URL; $pkcs
#int pkcs11_type;
option (pkcs11-list-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key
specified by a PKCS#11 URL"
+option (pkcs11-list-privkeys) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11
URL"
option (pkcs11-list-trusted) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted,
specified by a PKCS#11 URL"
option (pkcs11-list-all-certs) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a
PKCS#11 URL"
option (pkcs11-list-all) { $action = ACTION_PKCS11_LIST;
$pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
diff --git a/src/pkcs11.c b/src/pkcs11.c
index dc3e8a3..d092136 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -88,6 +88,8 @@ int i, flags;
flags = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY;
} else if (type == PKCS11_TYPE_CRT_ALL) {
flags = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL;
+ } else if (type == PKCS11_TYPE_PRIVKEY) {
+ flags = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
} else {
flags = GNUTLS_PKCS11_OBJ_ATTR_ALL;
}
@@ -158,7 +160,7 @@ int i, flags;
- if (flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
+ if (flags == GNUTLS_PKCS11_OBJ_ATTR_ALL || flags ==
GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
continue;
ret = gnutls_x509_crt_init(&xcrt);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-231-g664098d,
Nikos Mavrogiannopoulos <=