gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-106-g73ea673


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_2-106-g73ea673
Date: Sat, 18 Jun 2011 10:33:37 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9

The branch, master has been updated
       via  73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9 (commit)
      from  750aaed6ffc8d29441f9f6d8870e2c8f4787c329 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 73ea673d5d1851dfcd3d4c159822a96e1e7ad5c9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Jun 18 11:53:14 2011 +0200

    Added new PKCS #11 flags to force an object being private or not.
    Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and 
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE.
    p11tool supports now the --no-private and --private options.

-----------------------------------------------------------------------

Summary of changes:
 NEWS                         |    6 ++
 lib/gnutls_errors.c          |    2 +
 lib/includes/gnutls/pkcs11.h |    2 +
 lib/pkcs11.c                 |    2 +-
 lib/pkcs11_write.c           |   72 ++++++++++++++++++++-------
 src/p11tool-gaa.c            |  110 +++++++++++++++++++++++++----------------
 src/p11tool-gaa.h            |   26 +++++-----
 src/p11tool.c                |    2 +-
 src/p11tool.gaa              |    8 ++-
 src/p11tool.h                |    2 +-
 src/pkcs11.c                 |    8 +++-
 11 files changed, 160 insertions(+), 80 deletions(-)

diff --git a/NEWS b/NEWS
index be3e7ff..6963351 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
 
 * Version 2.99.3 (unreleased)
 
+** libgnutls: Added new PKCS #11 flags to force an object being private or
+not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and 
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+
 ** libgnutls: Added SUITEB128 and SUITEB192 priority
 strings to enable the NSA SuiteB cryptography ciphersuites.
 
@@ -44,6 +47,9 @@ gnutls_crypto_single_digest_register: REMOVED
 gnutls_crypto_single_mac_register: REMOVED
 GNUTLS_KX_ECDHE_PSK: New key exchange method
 GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag.
+
 
 * Version 2.99.2 (released 2011-05-26)
 
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 39bf11b..21d8297 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -332,6 +332,8 @@ static const gnutls_error_entry error_algorithms[] = {
                GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
   ERROR_ENTRY (N_("The curve is unsupported"),
                GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
+  ERROR_ENTRY (N_("The requested PKCS #11 object is not available"),
+               GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
   {NULL, NULL, 0, 0}
 };
 
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index c1b7981..edcea28 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -69,6 +69,8 @@ int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
 #define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1)      /* object marked as 
trusted */
 #define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2)    /* object marked as 
sensitive (unexportable) */
 #define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3)     /* force login as a 
security officer in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private 
(requires PIN to access) */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not 
private */
 
   /**
    * gnutls_pkcs11_url_type_t:
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 41126dd..d76ed65 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -814,7 +814,7 @@ pkcs11_find_slot (struct ck_function_list ** module, 
ck_slot_id_t * slot,
     }
 
   gnutls_assert ();
-  return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+  return GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE;
 }
 
 int
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 3083faf..f376945 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -28,6 +28,9 @@
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
 
+static const ck_bool_t tval = 1;
+static const ck_bool_t fval = 0;
+
 /**
  * gnutls_pkcs11_copy_x509_crt:
  * @token_url: A PKCS #11 URL specifying a token
@@ -58,8 +61,6 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   ck_object_class_t class = CKO_CERTIFICATE;
   ck_certificate_type_t type = CKC_X_509;
   ck_object_handle_t obj;
-  ck_bool_t tval = 1;
-  ck_bool_t fval = 0;
   int a_val;
   gnutls_datum_t subject = { NULL, 0 };
 
@@ -130,7 +131,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   a[2].value = der;
   a[2].value_len = der_size;
   a[3].type = CKA_TOKEN;
-  a[3].value = &tval;
+  a[3].value = (void*)&tval;
   a[3].value_len = sizeof (tval);
   a[4].type = CKA_CERTIFICATE_TYPE;
   a[4].value = &type;
@@ -143,7 +144,6 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   a[a_val].value_len = subject.size;
   a_val++;
 
-
   if (label)
     {
       a[a_val].type = CKA_LABEL;
@@ -155,15 +155,32 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
     {
       a[a_val].type = CKA_TRUSTED;
-      a[a_val].value = &tval;
+      a[a_val].value = (void*)&tval;
       a[a_val].value_len = sizeof (tval);
       a_val++;
 
       a[a_val].type = CKA_PRIVATE;
-      a[a_val].value = &fval;
+      a[a_val].value = (void*)&fval;
       a[a_val].value_len = sizeof(fval);
       a_val++;
     }
+  else
+    {
+      if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE)
+        {
+          a[a_val].type = CKA_PRIVATE;
+          a[a_val].value = (void*)&tval;
+          a[a_val].value_len = sizeof(tval);
+          a_val++;
+        }
+      else if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+        {
+          a[a_val].type = CKA_PRIVATE;
+          a[a_val].value = (void*)&fval;
+          a[a_val].value_len = sizeof(fval);
+          a_val++;
+        }
+    }
 
   rv = pkcs11_create_object (module, pks, a, a_val, &obj);
   if (rv != CKR_OK)
@@ -219,7 +236,6 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
   ck_object_class_t class = CKO_PRIVATE_KEY;
   ck_object_handle_t obj;
   ck_key_type_t type;
-  ck_bool_t tval = 1;
   int a_val;
   gnutls_pk_algorithm_t pk;
   gnutls_datum_t p, q, g, y, x;
@@ -271,14 +287,27 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
   a_val++;
 
   a[a_val].type = CKA_TOKEN;
-  a[a_val].value = &tval;
+  a[a_val].value = (void*)&tval;
   a[a_val].value_len = sizeof (tval);
   a_val++;
 
-  a[a_val].type = CKA_PRIVATE;
-  a[a_val].value = &tval;
-  a[a_val].value_len = sizeof (tval);
-  a_val++;
+  /* a private key is set always as private unless
+   * requested otherwise
+   */
+  if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+    {
+      a[a_val].type = CKA_PRIVATE;
+      a[a_val].value = (void*)&fval;
+      a[a_val].value_len = sizeof(fval);
+      a_val++;
+    }
+  else
+    {
+      a[a_val].type = CKA_PRIVATE;
+      a[a_val].value = (void*)&tval;
+      a[a_val].value_len = sizeof (tval);
+      a_val++;
+    }
 
   if (label)
     {
@@ -289,14 +318,19 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
     }
 
   if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
-    tval = 1;
+    {
+      a[a_val].type = CKA_SENSITIVE;
+      a[a_val].value = (void*)&tval;
+      a[a_val].value_len = sizeof (tval);
+      a_val++;
+    }
   else
-    tval = 0;
-
-  a[a_val].type = CKA_SENSITIVE;
-  a[a_val].value = &tval;
-  a[a_val].value_len = sizeof (tval);
-  a_val++;
+    {
+      a[a_val].type = CKA_SENSITIVE;
+      a[a_val].value = (void*)&fval;
+      a[a_val].value_len = sizeof (fval);
+      a_val++;
+    }
 
   pk = gnutls_x509_privkey_get_pk_algorithm (key);
   switch (pk)
diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c
index 83976f0..1816240 100644
--- a/src/p11tool-gaa.c
+++ b/src/p11tool-gaa.c
@@ -146,7 +146,9 @@ void gaa_help(void)
        __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates, 
private or secret keys to a PKCS11 token.");
        __gaa_helpsingle(0, "delete", "URL ", "Deletes objects matching the 
URL.");
        __gaa_helpsingle(0, "label", "label ", "Sets a label for the write 
operation.");
-       __gaa_helpsingle(0, "trusted", "", "Marks the certificate to be 
imported as trusted.");
+       __gaa_helpsingle(0, "trusted", "", "Marks the certificate to be written 
as trusted.");
+       __gaa_helpsingle(0, "private", "", "Marks the object to be written as 
private (requires PIN).");
+       __gaa_helpsingle(0, "no-private", "", "Marks the object to be written 
as not private.");
        __gaa_helpsingle(0, "login", "", "Force login to token");
        __gaa_helpsingle(0, "detailed-url", "", "Export detailed URLs.");
        __gaa_helpsingle(0, "no-detailed-url", "", "Export less detailed 
URLs.");
@@ -175,30 +177,32 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 80 "p11tool.gaa"
+#line 84 "p11tool.gaa"
        int debug;
-#line 75 "p11tool.gaa"
+#line 79 "p11tool.gaa"
        char *outfile;
-#line 72 "p11tool.gaa"
+#line 76 "p11tool.gaa"
        int action;
-#line 71 "p11tool.gaa"
+#line 75 "p11tool.gaa"
        char* pkcs11_provider;
-#line 67 "p11tool.gaa"
+#line 71 "p11tool.gaa"
        int incert_format;
-#line 64 "p11tool.gaa"
+#line 68 "p11tool.gaa"
        int pkcs8;
-#line 61 "p11tool.gaa"
+#line 65 "p11tool.gaa"
        char *cert;
-#line 58 "p11tool.gaa"
+#line 62 "p11tool.gaa"
        char *pubkey;
-#line 55 "p11tool.gaa"
+#line 59 "p11tool.gaa"
        char *privkey;
-#line 52 "p11tool.gaa"
+#line 56 "p11tool.gaa"
        char* secret_key;
-#line 48 "p11tool.gaa"
+#line 52 "p11tool.gaa"
        int pkcs11_detailed_url;
-#line 45 "p11tool.gaa"
+#line 49 "p11tool.gaa"
        int pkcs11_login;
+#line 45 "p11tool.gaa"
+       int pkcs11_private;
 #line 42 "p11tool.gaa"
        int pkcs11_trusted;
 #line 35 "p11tool.gaa"
@@ -261,7 +265,7 @@ static int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           27
+#define GAA_NB_OPTION           29
 #define GAAOPTID_help  1
 #define GAAOPTID_debug 2
 #define GAAOPTID_outfile       3
@@ -276,19 +280,21 @@ static int gaa_error = 0;
 #define GAAOPTID_no_detailed_url       12
 #define GAAOPTID_detailed_url  13
 #define GAAOPTID_login 14
-#define GAAOPTID_trusted       15
-#define GAAOPTID_label 16
-#define GAAOPTID_delete        17
-#define GAAOPTID_write 18
-#define GAAOPTID_initialize    19
-#define GAAOPTID_list_trusted  20
-#define GAAOPTID_list_privkeys 21
-#define GAAOPTID_list_certs    22
-#define GAAOPTID_list_all_certs        23
-#define GAAOPTID_list_all      24
-#define GAAOPTID_list_mechanisms       25
-#define GAAOPTID_list_tokens   26
-#define GAAOPTID_export        27
+#define GAAOPTID_no_private    15
+#define GAAOPTID_private       16
+#define GAAOPTID_trusted       17
+#define GAAOPTID_label 18
+#define GAAOPTID_delete        19
+#define GAAOPTID_write 20
+#define GAAOPTID_initialize    21
+#define GAAOPTID_list_trusted  22
+#define GAAOPTID_list_privkeys 23
+#define GAAOPTID_list_certs    24
+#define GAAOPTID_list_all_certs        25
+#define GAAOPTID_list_all      26
+#define GAAOPTID_list_mechanisms       27
+#define GAAOPTID_list_tokens   28
+#define GAAOPTID_export        29
 
 #line 168 "gaa.skel"
 
@@ -604,6 +610,8 @@ static int gaa_get_option_num(char *str, int status)
                        GAA_CHECK1STR("", GAAOPTID_no_detailed_url);
                        GAA_CHECK1STR("", GAAOPTID_detailed_url);
                        GAA_CHECK1STR("", GAAOPTID_login);
+                       GAA_CHECK1STR("", GAAOPTID_no_private);
+                       GAA_CHECK1STR("", GAAOPTID_private);
                        GAA_CHECK1STR("", GAAOPTID_trusted);
                        GAA_CHECK1STR("", GAAOPTID_list_trusted);
                        GAA_CHECK1STR("", GAAOPTID_list_privkeys);
@@ -629,6 +637,8 @@ static int gaa_get_option_num(char *str, int status)
                        GAA_CHECKSTR("no-detailed-url", 
GAAOPTID_no_detailed_url);
                        GAA_CHECKSTR("detailed-url", GAAOPTID_detailed_url);
                        GAA_CHECKSTR("login", GAAOPTID_login);
+                       GAA_CHECKSTR("no-private", GAAOPTID_no_private);
+                       GAA_CHECKSTR("private", GAAOPTID_private);
                        GAA_CHECKSTR("trusted", GAAOPTID_trusted);
                        GAA_CHECKSTR("label", GAAOPTID_label);
                        GAA_CHECKSTR("delete", GAAOPTID_delete);
@@ -689,7 +699,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
     {
        case GAAOPTID_help:
        OK = 0;
-#line 83 "p11tool.gaa"
+#line 87 "p11tool.gaa"
 { gaa_help(); exit(0); ;};
 
                return GAA_OK;
@@ -699,7 +709,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
                gaa_index++;
-#line 81 "p11tool.gaa"
+#line 85 "p11tool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
                return GAA_OK;
@@ -709,7 +719,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
                gaa_index++;
-#line 76 "p11tool.gaa"
+#line 80 "p11tool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
                return GAA_OK;
@@ -719,28 +729,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_provider.arg1, gaa_getstr, 
GAATMP_provider.size1);
                gaa_index++;
-#line 73 "p11tool.gaa"
+#line 77 "p11tool.gaa"
 { gaaval->pkcs11_provider = GAATMP_provider.arg1 ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_inraw:
        OK = 0;
-#line 69 "p11tool.gaa"
+#line 73 "p11tool.gaa"
 { gaaval->incert_format=GNUTLS_X509_FMT_DER ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_inder:
        OK = 0;
-#line 68 "p11tool.gaa"
+#line 72 "p11tool.gaa"
 { gaaval->incert_format=GNUTLS_X509_FMT_DER ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_pkcs8:
        OK = 0;
-#line 65 "p11tool.gaa"
+#line 69 "p11tool.gaa"
 { gaaval->pkcs8=1 ;};
 
                return GAA_OK;
@@ -750,7 +760,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, 
GAATMP_load_certificate.size1);
                gaa_index++;
-#line 62 "p11tool.gaa"
+#line 66 "p11tool.gaa"
 { gaaval->cert = GAATMP_load_certificate.arg1 ;};
 
                return GAA_OK;
@@ -760,7 +770,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, 
GAATMP_load_pubkey.size1);
                gaa_index++;
-#line 59 "p11tool.gaa"
+#line 63 "p11tool.gaa"
 { gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
 
                return GAA_OK;
@@ -770,7 +780,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, 
GAATMP_load_privkey.size1);
                gaa_index++;
-#line 56 "p11tool.gaa"
+#line 60 "p11tool.gaa"
 { gaaval->privkey = GAATMP_load_privkey.arg1 ;};
 
                return GAA_OK;
@@ -780,32 +790,46 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo 
*gaaval, char *opt_list)
                GAA_TESTMOREARGS;
                GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr, 
GAATMP_secret_key.size1);
                gaa_index++;
-#line 53 "p11tool.gaa"
+#line 57 "p11tool.gaa"
 { gaaval->secret_key = GAATMP_secret_key.arg1; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_no_detailed_url:
        OK = 0;
-#line 50 "p11tool.gaa"
+#line 54 "p11tool.gaa"
 { gaaval->pkcs11_detailed_url = 0; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_detailed_url:
        OK = 0;
-#line 49 "p11tool.gaa"
+#line 53 "p11tool.gaa"
 { gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;};
 
                return GAA_OK;
                break;
        case GAAOPTID_login:
        OK = 0;
-#line 46 "p11tool.gaa"
+#line 50 "p11tool.gaa"
 { gaaval->pkcs11_login = 1; ;};
 
                return GAA_OK;
                break;
+       case GAAOPTID_no_private:
+       OK = 0;
+#line 47 "p11tool.gaa"
+{ gaaval->pkcs11_private = 0; ;};
+
+               return GAA_OK;
+               break;
+       case GAAOPTID_private:
+       OK = 0;
+#line 46 "p11tool.gaa"
+{ gaaval->pkcs11_private = 1; ;};
+
+               return GAA_OK;
+               break;
        case GAAOPTID_trusted:
        OK = 0;
 #line 43 "p11tool.gaa"
@@ -939,12 +963,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 85 "p11tool.gaa"
+#line 89 "p11tool.gaa"
 {
        gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile = 
NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL;
        gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; 
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; 
        gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; 
gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; 
-       gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = 
GNUTLS_X509_FMT_PEM; ;};
+       gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = 
GNUTLS_X509_FMT_PEM; gaaval->pkcs11_private = -1; ;};
 
     }
     inited = 1;
diff --git a/src/p11tool-gaa.h b/src/p11tool-gaa.h
index f581def..bc5871f 100644
--- a/src/p11tool-gaa.h
+++ b/src/p11tool-gaa.h
@@ -8,30 +8,32 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 80 "p11tool.gaa"
+#line 84 "p11tool.gaa"
        int debug;
-#line 75 "p11tool.gaa"
+#line 79 "p11tool.gaa"
        char *outfile;
-#line 72 "p11tool.gaa"
+#line 76 "p11tool.gaa"
        int action;
-#line 71 "p11tool.gaa"
+#line 75 "p11tool.gaa"
        char* pkcs11_provider;
-#line 67 "p11tool.gaa"
+#line 71 "p11tool.gaa"
        int incert_format;
-#line 64 "p11tool.gaa"
+#line 68 "p11tool.gaa"
        int pkcs8;
-#line 61 "p11tool.gaa"
+#line 65 "p11tool.gaa"
        char *cert;
-#line 58 "p11tool.gaa"
+#line 62 "p11tool.gaa"
        char *pubkey;
-#line 55 "p11tool.gaa"
+#line 59 "p11tool.gaa"
        char *privkey;
-#line 52 "p11tool.gaa"
+#line 56 "p11tool.gaa"
        char* secret_key;
-#line 48 "p11tool.gaa"
+#line 52 "p11tool.gaa"
        int pkcs11_detailed_url;
-#line 45 "p11tool.gaa"
+#line 49 "p11tool.gaa"
        int pkcs11_login;
+#line 45 "p11tool.gaa"
+       int pkcs11_private;
 #line 42 "p11tool.gaa"
        int pkcs11_trusted;
 #line 35 "p11tool.gaa"
diff --git a/src/p11tool.c b/src/p11tool.c
index ce3bebb..ebaa6fd 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -147,7 +147,7 @@ gaa_parser (int argc, char **argv)
       break;
     case ACTION_PKCS11_WRITE_URL:
       pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
-                    info.pkcs11_trusted, info.pkcs11_login, &cinfo);
+                    info.pkcs11_trusted, info.pkcs11_private, 
info.pkcs11_login, &cinfo);
       break;
     case ACTION_PKCS11_TOKEN_INIT:
       pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
diff --git a/src/p11tool.gaa b/src/p11tool.gaa
index 7c2ca91..9c2e4ae 100644
--- a/src/p11tool.gaa
+++ b/src/p11tool.gaa
@@ -40,7 +40,11 @@ option (delete) STR "URL" { $action = 
ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1
 
 option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write 
operation."
 #int pkcs11_trusted;
-option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be 
imported as trusted."
+option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be written 
as trusted."
+
+#int pkcs11_private;
+option (private) { $pkcs11_private = 1; } "Marks the object to be written as 
private (requires PIN)."
+option (no-private) { $pkcs11_private = 0; } "Marks the object to be written 
as not private."
 
 #int pkcs11_login;
 option (login) { $pkcs11_login = 1; } "Force login to token"
@@ -86,4 +90,4 @@ init {
        $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; 
$privkey = NULL;
        $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; 
$pkcs11_label = NULL; 
        $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 
GNUTLS_PKCS11_URL_LIB; 
-       $secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM; 
}
+       $secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM; 
$pkcs11_private = -1; }
diff --git a/src/p11tool.h b/src/p11tool.h
index ec48c79..3682fb1 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -13,7 +13,7 @@ void pkcs11_export (FILE * outfile, const char *pkcs11_url,
 void pkcs11_token_list (FILE * outfile, unsigned int detailed,
                         common_info_st *);
 void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label,
-                   int trusted, unsigned int login, common_info_st *);
+                   int trusted, int private, unsigned int login, 
common_info_st *);
 void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch,
                     unsigned int login, common_info_st *);
 void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label,
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 2534106..8a74204 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -464,7 +464,8 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed,
 }
 
 void
-pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted,
+pkcs11_write (FILE * outfile, const char *url, const char *label, 
+              int trusted, int private,
               unsigned int login, common_info_st * info)
 {
   gnutls_x509_crt_t xcrt;
@@ -497,6 +498,11 @@ pkcs11_write (FILE * outfile, const char *url, const char 
*label, int trusted,
         }
     }
 
+  if (private == 1)
+    flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
+  else if (private == 0)
+    flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
+
   xcrt = load_cert (0, info);
   if (xcrt != NULL)
     {


hooks/post-receive
-- 
GNU gnutls



reply via email to

[Prev in Thread] Current Thread [Next in Thread]