diff options
| author | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
| commit | 03636f4440ae918d6f710935a00806469f65f1c6 (patch) | |
| tree | 1969ad6201816d1eb1421d93ef6900ec3b647788 /src | |
| parent | 59425cbec511cdc314f2a22ee95b299f8fa06fc8 (diff) | |
| download | gnutls-03636f4440ae918d6f710935a00806469f65f1c6.tar.gz | |
Indent (using GNU indent 2.2.11).
Diffstat (limited to 'src')
| -rw-r--r-- | src/benchmark.c | 82 | ||||
| -rw-r--r-- | src/certtool-cfg.h | 2 | ||||
| -rw-r--r-- | src/certtool-common.h | 16 | ||||
| -rw-r--r-- | src/certtool.c | 290 | ||||
| -rw-r--r-- | src/cli.c | 94 | ||||
| -rw-r--r-- | src/common.c | 108 | ||||
| -rw-r--r-- | src/common.h | 12 | ||||
| -rw-r--r-- | src/crypt.c | 6 | ||||
| -rw-r--r-- | src/pkcs11.c | 834 | ||||
| -rw-r--r-- | src/prime.c | 2 | ||||
| -rw-r--r-- | src/psk.c | 6 | ||||
| -rw-r--r-- | src/serv.c | 25 | ||||
| -rw-r--r-- | src/tests.c | 18 |
13 files changed, 836 insertions, 659 deletions
diff --git a/src/benchmark.c b/src/benchmark.c index 73aba25e05..bd7ea7ce56 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -35,9 +35,10 @@ static unsigned char data[64 * 1024]; static int must_finish = 0; -static void alarm_handler(int signo) +static void +alarm_handler (int signo) { - must_finish = 1; + must_finish = 1; } static void @@ -46,29 +47,38 @@ tls_log_func (int level, const char *str) fprintf (stderr, "|<%d>| %s", level, str); } -static void value2human(double bytes, double time, double* data, double* speed,char* metric) +static void +value2human (double bytes, double time, double *data, double *speed, + char *metric) { - if (bytes > 1000 && bytes < 1000*1000) { - *data = ((double)bytes)/1000; - *speed = *data/time; - strcpy(metric, "Kb"); - return; - } else if (bytes >= 1000*1000 && bytes < 1000*1000*1000) { - *data = ((double)bytes)/(1000*1000); - *speed = *data/time; - strcpy(metric, "Mb"); - return; - } else if (bytes >= 1000*1000*1000) { - *data = ((double)bytes)/(1000*1000*1000); - *speed = *data/time; - strcpy(metric, "Gb"); - return; - } else { - *data = (double)bytes; - *speed = *data/time; - strcpy(metric, "bytes"); - return; - } + if (bytes > 1000 && bytes < 1000 * 1000) + { + *data = ((double) bytes) / 1000; + *speed = *data / time; + strcpy (metric, "Kb"); + return; + } + else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000) + { + *data = ((double) bytes) / (1000 * 1000); + *speed = *data / time; + strcpy (metric, "Mb"); + return; + } + else if (bytes >= 1000 * 1000 * 1000) + { + *data = ((double) bytes) / (1000 * 1000 * 1000); + *speed = *data / time; + strcpy (metric, "Gb"); + return; + } + else + { + *data = (double) bytes; + *speed = *data / time; + strcpy (metric, "bytes"); + return; + } } static void @@ -105,10 +115,10 @@ cipher_bench (int algo, int size) printf ("Checking %s (%dkb payload)... ", gnutls_cipher_get_name (algo), size); fflush (stdout); - + must_finish = 0; - alarm(5); - + alarm (5); + gettime (&start); ret = gnutls_cipher_init (&ctx, algo, &key, &iv); @@ -123,7 +133,7 @@ cipher_bench (int algo, int size) gnutls_cipher_encrypt (ctx, data, size * 1024); data_size += size * 1024; } - while(must_finish == 0); + while (must_finish == 0); gnutls_cipher_deinit (ctx); @@ -132,8 +142,8 @@ cipher_bench (int algo, int size) secs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) - (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); secs /= 1000; - - value2human(data_size, secs, &ddata, &dspeed, metric); + + value2human (data_size, secs, &ddata, &dspeed, metric); printf ("Encrypted %.2f %s in %.2f secs: ", ddata, metric, secs); printf ("%.2f %s/sec\n", dspeed, metric); @@ -163,7 +173,7 @@ mac_bench (int algo, int size) fflush (stdout); must_finish = 0; - alarm(5); + alarm (5); gettime (&start); @@ -172,7 +182,7 @@ mac_bench (int algo, int size) gnutls_hmac_fast (algo, _key, blocksize, data, size * 1024, _key); data_size += size * 1024; } - while(must_finish == 0); + while (must_finish == 0); gettime (&stop); @@ -181,7 +191,7 @@ mac_bench (int algo, int size) (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); secs /= 1000; - value2human(data_size, secs, &ddata, &dspeed, metric); + value2human (data_size, secs, &ddata, &dspeed, metric); printf ("Hashed %.2f %s in %.2f secs: ", ddata, metric, secs); printf ("%.2f %s/sec\n", dspeed, metric); @@ -190,14 +200,14 @@ mac_bench (int algo, int size) } int -main (int argc, char** argv) +main (int argc, char **argv) { int debug_level = 0; if (argc > 1) debug_level = 2; - - signal(SIGALRM, alarm_handler); + + signal (SIGALRM, alarm_handler); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug_level); diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 44be8e959b..1def3a4b65 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -46,7 +46,7 @@ int get_sign_status (int server); void get_ip_addr_set (int type, void *crt); void get_dns_name_set (int type, void *crt); void get_email_set (int type, void *crt); -int get_ipsec_ike_status(void); +int get_ipsec_ike_status (void); void get_cn_crq_set (gnutls_x509_crq_t crq); void get_uid_crq_set (gnutls_x509_crq_t crq); diff --git a/src/certtool-common.h b/src/certtool-common.h index d8599c8054..1a2d881884 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -39,11 +39,15 @@ enum #define TYPE_CRQ 2 void certtool_version (void); -void pkcs11_list( FILE*outfile, const char* url, int type, unsigned int login, unsigned int detailed); -void pkcs11_export(FILE* outfile, const char *pkcs11_url, unsigned int login); -void pkcs11_token_list(FILE* outfile, unsigned int detailed); -void pkcs11_write(FILE* outfile, const char *pkcs11_url, const char* label, int trusted, unsigned int login); -void pkcs11_delete(FILE* outfile, const char *pkcs11_url, int batch, unsigned int login); +void pkcs11_list (FILE * outfile, const char *url, int type, + unsigned int login, unsigned int detailed); +void pkcs11_export (FILE * outfile, const char *pkcs11_url, + unsigned int login); +void pkcs11_token_list (FILE * outfile, unsigned int detailed); +void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label, + int trusted, unsigned int login); +void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch, + unsigned int login); #define PKCS11_TYPE_CRT_ALL 1 #define PKCS11_TYPE_TRUSTED 2 @@ -65,7 +69,7 @@ gnutls_x509_crt_t load_cert (int mand); gnutls_pubkey_t load_pubkey (int mand); /* returns the bits specified in cmd */ -int get_bits(gnutls_pk_algorithm_t); +int get_bits (gnutls_pk_algorithm_t); /* prime.c */ int generate_prime (int how); diff --git a/src/certtool.c b/src/certtool.c index 794a0d6b6d..a437698008 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -71,7 +71,8 @@ static void gaa_parser (int argc, char **argv); void generate_self_signed (void); void generate_request (void); gnutls_x509_crt_t *load_cert_list (int mand, size_t * size); -static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all); +static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, + unsigned int all); static void print_hex_datum (gnutls_datum_t * dat); @@ -128,7 +129,7 @@ static void print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g) { - if (x) + if (x) { fprintf (outfile, "private key:"); print_hex_datum (x); @@ -146,13 +147,13 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, static void print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * exp1, gnutls_datum_t *exp2) + gnutls_datum_t * exp1, gnutls_datum_t * exp2) { fprintf (outfile, "modulus:"); print_hex_datum (m); fprintf (outfile, "public exponent:"); print_hex_datum (e); - if (d) + if (d) { fprintf (outfile, "private exponent:"); print_hex_datum (d); @@ -163,63 +164,70 @@ print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, fprintf (outfile, "coefficient:"); print_hex_datum (u); if (exp1 && exp2) - { - fprintf (outfile, "exp1:"); - print_hex_datum (exp1); - fprintf (outfile, "exp2:"); - print_hex_datum (exp2); - } + { + fprintf (outfile, "exp1:"); + print_hex_datum (exp1); + fprintf (outfile, "exp2:"); + print_hex_datum (exp2); + } } } -static gnutls_sec_param_t str_to_sec_param(const char* str) +static gnutls_sec_param_t +str_to_sec_param (const char *str) { - if (strcasecmp(str, "low")==0) + if (strcasecmp (str, "low") == 0) { return GNUTLS_SEC_PARAM_LOW; } - else if (strcasecmp(str, "normal")==0) + else if (strcasecmp (str, "normal") == 0) { return GNUTLS_SEC_PARAM_NORMAL; } - else if (strcasecmp(str, "high")==0) + else if (strcasecmp (str, "high") == 0) { return GNUTLS_SEC_PARAM_HIGH; } - else if (strcasecmp(str, "ultra")==0) + else if (strcasecmp (str, "ultra") == 0) { return GNUTLS_SEC_PARAM_ULTRA; } else { - fprintf(stderr, "Unknown security parameter string: %s\n", str); - exit(1); + fprintf (stderr, "Unknown security parameter string: %s\n", str); + exit (1); } } -int get_bits(gnutls_pk_algorithm_t key_type) +int +get_bits (gnutls_pk_algorithm_t key_type) { -int bits; + int bits; if (info.bits != 0) { static int warned = 0; - - if (warned == 0) - { - warned = 1; - fprintf(stderr, "** Note: Please use the --sec-param instead of --bits\n"); - } + + if (warned == 0) + { + warned = 1; + fprintf (stderr, + "** Note: Please use the --sec-param instead of --bits\n"); + } bits = info.bits; } else { if (info.sec_param) - { - bits = gnutls_sec_param_to_pk_bits(key_type, str_to_sec_param(info.sec_param)); - } - else bits = gnutls_sec_param_to_pk_bits(key_type, GNUTLS_SEC_PARAM_NORMAL); + { + bits = + gnutls_sec_param_to_pk_bits (key_type, + str_to_sec_param (info.sec_param)); + } + else + bits = + gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL); } return bits; @@ -243,17 +251,17 @@ generate_private_key_int (void) if (ret < 0) error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret)); - bits = get_bits(key_type); + bits = get_bits (key_type); - fprintf (stderr, "Generating a %d bit %s private key...\n", get_bits(key_type), - gnutls_pk_algorithm_get_name (key_type)); + fprintf (stderr, "Generating a %d bit %s private key...\n", + get_bits (key_type), gnutls_pk_algorithm_get_name (key_type)); if (info.quick_random == 0) fprintf (stderr, "This might take several minutes depending on availability of randomness" " in /dev/random.\n"); - ret = gnutls_x509_privkey_generate (key, key_type, get_bits(key_type), 0); + ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0); if (ret < 0) error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret)); @@ -561,8 +569,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { result = gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_IPSEC_IKE, - 0); + GNUTLS_KP_IPSEC_IKE, 0); if (result < 0) error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); @@ -621,7 +628,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is set, then either digitalSignature or the nonRepudiation bits in the - KeyUsage extension MUST for all IKE certs */ + KeyUsage extension MUST for all IKE certs */ if (is_ike && (get_sign_status (server) != 1)) usage |= GNUTLS_KEY_NON_REPUDIATION; result = gnutls_x509_crt_set_key_usage (crt, usage); @@ -757,17 +764,18 @@ generate_crl (gnutls_x509_crt_t ca_crt) return crl; } -static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt crt) +static gnutls_digest_algorithm_t +get_dig (gnutls_x509_crt crt) { -gnutls_digest_algorithm_t dig; -int result; -unsigned int mand; + gnutls_digest_algorithm_t dig; + int result; + unsigned int mand; - result = gnutls_x509_crt_get_preferred_hash_algorithm(crt, &dig, &mand); + result = gnutls_x509_crt_get_preferred_hash_algorithm (crt, &dig, &mand); if (result < 0) { - error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s", + gnutls_strerror (result)); } /* if algorithm allows alternatives */ @@ -777,7 +785,8 @@ unsigned int mand; return dig; } -void generate_self_signed (void) +void +generate_self_signed (void) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; @@ -807,7 +816,7 @@ void generate_self_signed (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, crt, key, get_dig(crt), 0); + result = gnutls_x509_crt_sign2 (crt, crt, key, get_dig (crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -849,7 +858,7 @@ generate_signed_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig(ca_crt), 0); + result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig (ca_crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -883,7 +892,7 @@ generate_proxy_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, eecrt, eekey, get_dig(eecrt), 0); + result = gnutls_x509_crt_sign2 (crt, eecrt, eekey, get_dig (eecrt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -952,7 +961,7 @@ update_signed_certificate (void) fprintf (stderr, "\n\nSigning certificate...\n"); - result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig(ca_crt), 0); + result = gnutls_x509_crt_sign2 (crt, ca_crt, ca_key, get_dig (ca_crt), 0); if (result < 0) error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result)); @@ -1066,25 +1075,27 @@ gaa_parser (int argc, char **argv) if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); - + if (info.pkcs11_provider != NULL) { - ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); - else { - ret = gnutls_pkcs11_add_provider(info.pkcs11_provider, NULL); - if (ret < 0) - error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); - } + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + else + { + ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); + if (ret < 0) + error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", + gnutls_strerror (ret)); + } } else { - ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); + ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } - + if ((ret = gnutls_global_init_extra ()) < 0) error (EXIT_FAILURE, 0, "global_init_extra: %s", gnutls_strerror (ret)); @@ -1155,19 +1166,21 @@ gaa_parser (int argc, char **argv) generate_pkcs8 (); break; case ACTION_PKCS11_LIST: - pkcs11_list(outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login, info.pkcs11_detailed_url); + pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, + info.pkcs11_login, info.pkcs11_detailed_url); break; case ACTION_PKCS11_TOKENS: - pkcs11_token_list(outfile, info.pkcs11_detailed_url); + pkcs11_token_list (outfile, info.pkcs11_detailed_url); break; case ACTION_PKCS11_EXPORT_URL: - pkcs11_export(outfile, info.pkcs11_url, info.pkcs11_login); + pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login); break; case ACTION_PKCS11_WRITE_URL: - pkcs11_write(outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted, info.pkcs11_login); + pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, + info.pkcs11_trusted, info.pkcs11_login); break; case ACTION_PKCS11_DELETE_URL: - pkcs11_delete(outfile, info.pkcs11_url, batch, info.pkcs11_login); + pkcs11_delete (outfile, info.pkcs11_url, batch, info.pkcs11_login); break; #ifdef ENABLE_OPENPGP case ACTION_PGP_INFO: @@ -1188,9 +1201,9 @@ gaa_parser (int argc, char **argv) exit (0); } fclose (outfile); - - gnutls_pkcs11_deinit(); - gnutls_global_deinit(); + + gnutls_pkcs11_deinit (); + gnutls_global_deinit (); } #define MAX_CRTS 500 @@ -1248,7 +1261,8 @@ certificate_info (int pubkey) fwrite (buffer, 1, size, outfile); - if (pubkey) pubkey_info(crt[i]); + if (pubkey) + pubkey_info (crt[i]); gnutls_x509_crt_deinit (crt[i]); } @@ -1367,7 +1381,9 @@ pgp_privkey_info (void) fprintf (outfile, "\tPublic Key Algorithm: "); cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); - fprintf (outfile, "\tKey Security Level: %s\n", gnutls_sec_param_get_name(gnutls_openpgp_privkey_sec_param(key))); + fprintf (outfile, "\tKey Security Level: %s\n", + gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param + (key))); /* Print the raw public and private keys */ @@ -1671,12 +1687,11 @@ privkey_info (void) if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { if (info.pass) - pass = info.pass; + pass = info.pass; else - pass = get_pass (); + pass = get_pass (); ret = gnutls_x509_privkey_import_pkcs8 (key, &pem, - info.incert_format, - pass, 0); + info.incert_format, pass, 0); } if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -1689,7 +1704,8 @@ privkey_info (void) cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); - fprintf (outfile, "\tKey Security Level: %s\n", gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param(key))); + fprintf (outfile, "\tKey Security Level: %s\n", + gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key))); /* Print the raw public and private keys */ @@ -1697,7 +1713,9 @@ privkey_info (void) { gnutls_datum_t m, e, d, p, q, u, exp1, exp2; - ret = gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, &exp1, &exp2); + ret = + gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, + &exp1, &exp2); if (ret < 0) fprintf (stderr, "Error in key RSA data export: %s\n", gnutls_strerror (ret)); @@ -3159,70 +3177,88 @@ certtool_version (void) "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL); } -static void print_key_usage(FILE* outfile, unsigned int usage) +static void +print_key_usage (FILE * outfile, unsigned int usage) { - if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE) { - fprintf(outfile, "\tDigital signature.\n"); - } + if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE) + { + fprintf (outfile, "\tDigital signature.\n"); + } - if (usage & GNUTLS_KEY_NON_REPUDIATION) { - fprintf(outfile, "\tNon repudiation.\n"); - } + if (usage & GNUTLS_KEY_NON_REPUDIATION) + { + fprintf (outfile, "\tNon repudiation.\n"); + } - if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT) { - fprintf(outfile, "\tKey encipherment.\n"); - } + if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT) + { + fprintf (outfile, "\tKey encipherment.\n"); + } - if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT) { - fprintf(outfile, "\tData encipherment.\n"); - } + if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT) + { + fprintf (outfile, "\tData encipherment.\n"); + } - if (usage & GNUTLS_KEY_KEY_AGREEMENT) { - fprintf(outfile, "\tKey agreement.\n"); - } + if (usage & GNUTLS_KEY_KEY_AGREEMENT) + { + fprintf (outfile, "\tKey agreement.\n"); + } - if (usage & GNUTLS_KEY_KEY_CERT_SIGN) { - fprintf(outfile, "\tCertificate signing.\n"); - } + if (usage & GNUTLS_KEY_KEY_CERT_SIGN) + { + fprintf (outfile, "\tCertificate signing.\n"); + } - if (usage & GNUTLS_KEY_NON_REPUDIATION) { - fprintf(outfile, "\tCRL signing.\n"); - } + if (usage & GNUTLS_KEY_NON_REPUDIATION) + { + fprintf (outfile, "\tCRL signing.\n"); + } - if (usage & GNUTLS_KEY_ENCIPHER_ONLY) { - fprintf(outfile, "\tKey encipher only.\n"); - } + if (usage & GNUTLS_KEY_ENCIPHER_ONLY) + { + fprintf (outfile, "\tKey encipher only.\n"); + } - if (usage & GNUTLS_KEY_DECIPHER_ONLY) { - fprintf(outfile, "\tKey decipher only.\n"); - } + if (usage & GNUTLS_KEY_DECIPHER_ONLY) + { + fprintf (outfile, "\tKey decipher only.\n"); + } } -void pubkey_info (gnutls_x509_crt crt) +void +pubkey_info (gnutls_x509_crt crt) { gnutls_pubkey_t pubkey; unsigned int bits, usage; int ret; size_t size; - const char* cprint; + const char *cprint; - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); - } + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); + } - if (crt == NULL) { - crt = load_cert(0); - } - - if (crt != NULL) { - ret = gnutls_pubkey_import_x509(pubkey, crt, 0); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", gnutls_strerror (ret)); - } - } else { - pubkey = load_pubkey(1); - } + if (crt == NULL) + { + crt = load_cert (0); + } + + if (crt != NULL) + { + ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", + gnutls_strerror (ret)); + } + } + else + { + pubkey = load_pubkey (1); + } fprintf (outfile, "Public Key Info:\n\n"); ret = gnutls_pubkey_get_pk_algorithm (pubkey, &bits); @@ -3268,12 +3304,14 @@ void pubkey_info (gnutls_x509_crt crt) } ret = gnutls_pubkey_get_key_usage (pubkey, &usage); - if (ret < 0) { - error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", gnutls_strerror (ret)); - } - + if (ret < 0) + { + error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", + gnutls_strerror (ret)); + } + fprintf (outfile, "Public Key Usage:\n"); - print_key_usage(outfile, usage); + print_key_usage (outfile, usage); fprintf (outfile, "\n"); @@ -188,9 +188,11 @@ load_keys (void) ret = gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0); - - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - ret = gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + ret = + gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { @@ -241,12 +243,14 @@ load_keys (void) { gnutls_pkcs11_privkey_init (&pkcs11_key); - ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); - if (ret < 0) + ret = + gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); + if (ret < 0) { - fprintf(stderr, "*** Error loading url: %s\n", gnutls_strerror(ret)); - exit(1); - } + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } } else { @@ -303,11 +307,12 @@ load_keys (void) gnutls_pkcs11_privkey_init (&pkcs11_key); ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); - if (ret < 0) + if (ret < 0) { - fprintf(stderr, "*** Error loading url: %s\n", gnutls_strerror(ret)); - exit(1); - } + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } } else { @@ -482,21 +487,21 @@ cert_callback (gnutls_session_t session, return -1; } - if (x509_key != NULL) - { + if (x509_key != NULL) + { st->key.x509 = x509_key; st->key_type = GNUTLS_PRIVKEY_X509; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } st->ncerts = x509_crt_size; @@ -513,21 +518,21 @@ cert_callback (gnutls_session_t session, if (pgp_crt != NULL) { - if (pgp_key != NULL) - { - st->key.pgp = pgp_key; - st->key_type = GNUTLS_PRIVKEY_OPENPGP; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } + if (pgp_key != NULL) + { + st->key.pgp = pgp_key; + st->key_type = GNUTLS_PRIVKEY_OPENPGP; + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } st->ncerts = 1; @@ -594,7 +599,8 @@ init_tls_session (const char *hostname) gnutls_certificate_set_retrieve_function (xcred, cert_callback); gnutls_certificate_set_verify_function (xcred, cert_verify_callback); - gnutls_certificate_set_verify_flags(xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + gnutls_certificate_set_verify_flags (xcred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); /* send the fingerprint */ #ifdef ENABLE_OPENPGP @@ -616,7 +622,7 @@ init_tls_session (const char *hostname) } #ifdef ENABLE_SESSION_TICKET - if (disable_extensions ==0 && !info.noticket) + if (disable_extensions == 0 && !info.noticket) gnutls_session_ticket_enable_client (session); #endif @@ -830,8 +836,8 @@ after_handshake: signal (SIGALRM, &starttls_alarm); #endif - fflush(stdout); - fflush(stderr); + fflush (stdout); + fflush (stderr); /* do not buffer */ #if !(defined _WIN32 || defined __WIN32__) diff --git a/src/common.c b/src/common.c index 808146749e..51ba9465a6 100644 --- a/src/common.c +++ b/src/common.c @@ -116,8 +116,7 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) size_t size = 0; char *p = NULL; - ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, - p, &size); + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size); if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { p = malloc (size); @@ -886,65 +885,74 @@ service_to_port (const char *service) return ntohs (server_port->s_port); } -static int pin_callback(void* user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char* pin, size_t pin_max) +static int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { -const char* password; -int len; + const char *password; + int len; /* allow caching of PIN */ -static char* cached_url = NULL; -static char cached_pin[32] = ""; - - printf("PIN required for token '%s' with URL '%s'\n", token_label, token_url); - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - printf("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - printf("*** Only few tries left before locking!\n"); - - if (flags == 0 && cached_url != NULL) { - if (strcmp(cached_url, token_url)==0) { - strcpy(pin, cached_pin); - return 0; - } - } - - password = getpass("Enter pin: "); - if (password==NULL || password[0] == 0) { - fprintf(stderr, "No password given\n"); - exit(1); + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + + if (flags == 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + strcpy (pin, cached_pin); + return 0; } - - len = MIN(pin_max,strlen(password)); - memcpy(pin, password, len); - pin[len] = 0; - - /* cache */ - strcpy(cached_pin, pin); - free(cached_url); - cached_url = strdup(token_url); - - return 0; + } + + password = getpass ("Enter pin: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + + return 0; } -static int token_callback(void* user, const char* label, const unsigned retry) +static int +token_callback (void *user, const char *label, const unsigned retry) { -char buf[32]; -char *p; + char buf[32]; + char *p; - if (retry > 0) { - fprintf(stderr, "Could not find token %s\n", label); - return -1; - } - printf("Please insert token '%s' in slot and press enter\n", label); - p = fgets(buf, sizeof(buf), stdin); + if (retry > 0) + { + fprintf (stderr, "Could not find token %s\n", label); + return -1; + } + printf ("Please insert token '%s' in slot and press enter\n", label); + p = fgets (buf, sizeof (buf), stdin); - return 0; + return 0; } -void pkcs11_common(void) +void +pkcs11_common (void) { - gnutls_pkcs11_set_pin_function (pin_callback, NULL); - gnutls_pkcs11_set_token_function(token_callback, NULL); + gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_token_function (token_callback, NULL); } diff --git a/src/common.h b/src/common.h index fb04fedd7e..e18ed4b676 100644 --- a/src/common.h +++ b/src/common.h @@ -10,14 +10,14 @@ #include <netinet/in.h> #include <signal.h> #ifdef _WIN32 -# include <io.h> -# include <winbase.h> +#include <io.h> +#include <winbase.h> #endif #ifndef __attribute__ -# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -# define __attribute__(Spec) /* empty */ -# endif +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) +#define __attribute__(Spec) /* empty */ +#endif #endif /* the number of elements in the priority structures. @@ -40,5 +40,5 @@ void parse_protocols (char **protocols, int protocols_size, int *protocol_priority); const char *raw_to_string (const unsigned char *raw, size_t raw_size); int service_to_port (const char *service); -void pkcs11_common(void); +void pkcs11_common (void); void sockets_init (void); diff --git a/src/crypt.c b/src/crypt.c index 1553b43352..b4545612c9 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -33,10 +33,10 @@ #include <sys/stat.h> #ifndef _WIN32 -# include <pwd.h> -# include <unistd.h> +#include <pwd.h> +#include <unistd.h> #else -# include <windows.h> +#include <windows.h> #endif /* Gnulib portability files. */ diff --git a/src/pkcs11.c b/src/pkcs11.c index 2912b97c31..364f5735d3 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -32,431 +32,541 @@ #define MIN(x,y) ((x)<(y))?(x):(y) -static int pin_callback(void* user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char* pin, size_t pin_max) +static int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { -const char* password; -int len; + const char *password; + int len; /* allow caching of PIN */ -static char* cached_url = NULL; -static char cached_pin[32] = ""; - - printf("PIN required for token '%s' with URL '%s'\n", token_label, token_url); - if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) - printf("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) - printf("*** Only few tries left before locking!\n"); - - if (flags == 0 && cached_url != NULL) { - if (strcmp(cached_url, token_url)==0) { - strcpy(pin, cached_pin); - return 0; - } + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + + if (flags == 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + strcpy (pin, cached_pin); + return 0; } - - password = getpass("Enter pin: "); - if (password==NULL || password[0] == 0) { - fprintf(stderr, "No password given\n"); - exit(1); - } - - len = MIN(pin_max,strlen(password)); - memcpy(pin, password, len); - pin[len] = 0; - - /* cache */ - strcpy(cached_pin, pin); - free(cached_url); - cached_url = strdup(token_url); - - return 0; + } + + password = getpass ("Enter pin: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + + return 0; } -static void pkcs11_common(void) +static void +pkcs11_common (void) { - gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_pin_function (pin_callback, NULL); } -void pkcs11_delete(FILE* outfile, const char* url, int batch, unsigned int login) +void +pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login) { -int ret; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - if (!batch) { - pkcs11_list(outfile, url, PKCS11_TYPE_ALL, login, GNUTLS_PKCS11_URL_LIB); - ret = read_yesno("Are you sure you want to delete those objects? (y/N): "); - if (ret == 0) { - exit(1); - } + int ret; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + if (!batch) + { + pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, + GNUTLS_PKCS11_URL_LIB); + ret = + read_yesno ("Are you sure you want to delete those objects? (y/N): "); + if (ret == 0) + { + exit (1); } - - ret = gnutls_pkcs11_delete_url(url, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fprintf(outfile, "\n%d objects deleted\n", ret); - - return; + } + + ret = gnutls_pkcs11_delete_url (url, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + fprintf (outfile, "\n%d objects deleted\n", ret); + + return; } - + /* lists certificates from a token */ -void pkcs11_list( FILE* outfile, const char* url, int type, unsigned int login, unsigned int detailed) +void +pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, + unsigned int detailed) { -gnutls_pkcs11_obj_t *crt_list; -gnutls_x509_crt_t xcrt; -unsigned int crt_list_size = 0; -int ret; -char* output; -int i, attrs; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; - - if (type == PKCS11_TYPE_TRUSTED) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; - } else if (type == PKCS11_TYPE_PK) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; - } else if (type == PKCS11_TYPE_CRT_ALL) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; - } else if (type == PKCS11_TYPE_PRIVKEY) { - attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; - } else { - attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + gnutls_pkcs11_obj_t *crt_list; + gnutls_x509_crt_t xcrt; + unsigned int crt_list_size = 0; + int ret; + char *output; + int i, attrs; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + if (type == PKCS11_TYPE_TRUSTED) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED; + } + else if (type == PKCS11_TYPE_PK) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY; + } + else if (type == PKCS11_TYPE_CRT_ALL) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL; + } + else if (type == PKCS11_TYPE_PRIVKEY) + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; + } + else + { + attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + } + + /* give some initial value to avoid asking for the pkcs11 pin twice. + */ + crt_list_size = 128; + crt_list = malloc (sizeof (*crt_list) * crt_list_size); + if (crt_list == NULL) + { + fprintf (stderr, "Memory error\n"); + exit (1); + } + + ret = gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, + attrs, obj_flags); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + fprintf (stderr, "Error in crt_list_import (1): %s\n", + gnutls_strerror (ret)); + exit (1); + } + + if (crt_list_size == 0) + { + fprintf (stderr, "No matching objects found\n"); + exit (0); + } + + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + crt_list = realloc (crt_list, sizeof (*crt_list) * crt_list_size); + if (crt_list == NULL) + { + fprintf (stderr, "Memory error\n"); + exit (1); } - - /* give some initial value to avoid asking for the pkcs11 pin twice. - */ - crt_list_size = 128; - crt_list = malloc(sizeof(*crt_list)*crt_list_size); - if (crt_list == NULL) { - fprintf(stderr, "Memory error\n"); - exit(1); + + ret = + gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, + attrs, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in crt_list_import: %s\n", + gnutls_strerror (ret)); + exit (1); + } + } + + for (i = 0; i < crt_list_size; i++) + { + char buf[128]; + size_t size; + + ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, - attrs, obj_flags); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - fprintf(stderr, "Error in crt_list_import (1): %s\n", gnutls_strerror(ret)); - exit(1); + fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output); + + fprintf (outfile, "\tType: %s\n", + gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type + (crt_list[i]))); + + size = sizeof (buf); + ret = + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fprintf (outfile, "\tLabel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, + buf, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - if (crt_list_size == 0) { - fprintf(stderr, "No matching objects found\n"); - exit(0); + fprintf (outfile, "\tID: %s\n\n", buf); + + + + if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL + || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) + continue; + + ret = gnutls_x509_crt_init (&xcrt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { - crt_list = realloc(crt_list, sizeof(*crt_list)*crt_list_size); - if (crt_list == NULL) { - fprintf(stderr, "Memory error\n"); - exit(1); - } - - ret = gnutls_pkcs11_obj_list_import_url( crt_list, &crt_list_size, url, attrs, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in crt_list_import: %s\n", gnutls_strerror(ret)); - exit(1); - } + + ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt_list[i]); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - - for (i=0;i<crt_list_size;i++) { - char buf[128]; - size_t size; - - ret = gnutls_pkcs11_obj_export_url(crt_list[i], detailed, &output); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fprintf(outfile, "Object %d:\n\tURL: %s\n", i, output); - - fprintf(outfile, "\tType: %s\n", gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_get_type( crt_list[i]))); - - size = sizeof(buf); - ret = gnutls_pkcs11_obj_get_info( crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "\tLabel: %s\n", buf); - - size = sizeof(buf); - ret = gnutls_pkcs11_obj_get_info( crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "\tID: %s\n\n", buf); - - - - if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) - continue; - - ret = gnutls_x509_crt_init(&xcrt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import_pkcs11(xcrt, crt_list[i]); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } #if 0 - size = buffer_size; - ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fwrite (buffer, 1, size, outfile); - fputs("\n\n", outfile); + size = buffer_size; + ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + fwrite (buffer, 1, size, outfile); + fputs ("\n\n", outfile); #endif - gnutls_x509_crt_deinit(xcrt); + gnutls_x509_crt_deinit (xcrt); - } - - return; + } + + return; } -void pkcs11_export(FILE* outfile, const char* url, unsigned int login) +void +pkcs11_export (FILE * outfile, const char *url, unsigned int login) { -gnutls_pkcs11_obj_t crt; -gnutls_x509_crt_t xcrt; -gnutls_pubkey_t pubkey; -int ret; -size_t size; -unsigned int obj_flags = 0; - - if (login) - obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; + gnutls_pkcs11_obj_t crt; + gnutls_x509_crt_t xcrt; + gnutls_pubkey_t pubkey; + int ret; + size_t size; + unsigned int obj_flags = 0; + + if (login) + obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + ret = gnutls_pkcs11_obj_init (&crt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + ret = gnutls_pkcs11_obj_import_url (crt, url, obj_flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + switch (gnutls_pkcs11_obj_get_type (crt)) + { + case GNUTLS_PKCS11_OBJ_X509_CRT: + ret = gnutls_x509_crt_init (&xcrt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - ret = gnutls_pkcs11_obj_init(&crt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - ret = gnutls_pkcs11_obj_import_url( crt, url, obj_flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); + size = buffer_size; + ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fwrite (buffer, 1, size, outfile); + + gnutls_x509_crt_deinit (xcrt); + break; + case GNUTLS_PKCS11_OBJ_PUBKEY: + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - switch(gnutls_pkcs11_obj_get_type(crt)) { - case GNUTLS_PKCS11_OBJ_X509_CRT: - ret = gnutls_x509_crt_init(&xcrt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import_pkcs11(xcrt, crt); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - size = buffer_size; - ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_x509_crt_deinit(xcrt); - break; - case GNUTLS_PKCS11_OBJ_PUBKEY: - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_pubkey_import_pkcs11(pubkey, crt, 0); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - size = buffer_size; - ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fwrite (buffer, 1, size, outfile); - - gnutls_pubkey_deinit(pubkey); - break; - default: { - gnutls_datum data, enc; - - size = buffer_size; - ret = gnutls_pkcs11_obj_export (crt, buffer, &size); - if (ret < 0) { - break; - } - - data.data = buffer; - data.size = size; - - ret = gnutls_pem_base64_encode_alloc("DATA", &data, &enc); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - fwrite (enc.data, 1, enc.size, outfile); - - gnutls_free(enc.data); - break; - } + ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - fputs("\n\n", outfile); + size = buffer_size; + ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + fwrite (buffer, 1, size, outfile); - gnutls_pkcs11_obj_deinit(crt); + gnutls_pubkey_deinit (pubkey); + break; + default: + { + gnutls_datum data, enc; - return; + size = buffer_size; + ret = gnutls_pkcs11_obj_export (crt, buffer, &size); + if (ret < 0) + { + break; + } -} + data.data = buffer; + data.size = size; -void pkcs11_token_list(FILE* outfile, unsigned int detailed) -{ -int ret; -int i; -char *url; -char buf[128]; -size_t size; + ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - pkcs11_common(); + fwrite (enc.data, 1, enc.size, outfile); - for (i=0;;i++) { - ret = gnutls_pkcs11_token_get_url(i, detailed, &url); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + gnutls_free (enc.data); + break; + } + } + fputs ("\n\n", outfile); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - fprintf(outfile, "Token %d:\n\tURL: %s\n", i, url); + gnutls_pkcs11_obj_deinit (crt); - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_LABEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + return; - fprintf(outfile, "\tLabel: %s\n", buf); +} - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } +void +pkcs11_token_list (FILE * outfile, unsigned int detailed) +{ + int ret; + int i; + char *url; + char buf[128]; + size_t size; + + pkcs11_common (); + + for (i = 0;; i++) + { + ret = gnutls_pkcs11_token_get_url (i, detailed, &url); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tManufacturer: %s\n", buf); + fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_MODEL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + fprintf (outfile, "\tLabel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, + buf, &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tModel: %s\n", buf); + fprintf (outfile, "\tManufacturer: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - size = sizeof(buf); - ret = gnutls_pkcs11_token_get_info(url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, &size); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + fprintf (outfile, "\tModel: %s\n", buf); + + size = sizeof (buf); + ret = + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, + &size); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } - fprintf(outfile, "\tSerial: %s\n", buf); - fprintf(outfile, "\n\n"); + fprintf (outfile, "\tSerial: %s\n", buf); + fprintf (outfile, "\n\n"); - gnutls_free(url); + gnutls_free (url); - } + } - return; + return; } -void pkcs11_write(FILE* outfile, const char* url, const char* label, int trusted, unsigned int login) +void +pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, + unsigned int login) { -gnutls_x509_crt_t xcrt; -gnutls_x509_privkey_t xkey; -int ret; -unsigned int flags = 0; -unsigned int key_usage; - - if (login) - flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; - - pkcs11_common(); - - if (url == NULL) - url = "pkcs11:"; - - xcrt = load_cert(0); - if (xcrt != NULL) { - if (trusted) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; - ret = gnutls_pkcs11_copy_x509_crt(url, xcrt, label, flags); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } - - gnutls_x509_crt_get_key_usage(xcrt, &key_usage, NULL); + gnutls_x509_crt_t xcrt; + gnutls_x509_privkey_t xkey; + int ret; + unsigned int flags = 0; + unsigned int key_usage; + + if (login) + flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + + pkcs11_common (); + + if (url == NULL) + url = "pkcs11:"; + + xcrt = load_cert (0); + if (xcrt != NULL) + { + if (trusted) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } - xkey = load_private_key(0); - if (xkey != NULL) { - ret = gnutls_pkcs11_copy_x509_privkey(url, xkey, label, key_usage, flags|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); - if (ret < 0) { - fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__, gnutls_strerror(ret)); - exit(1); - } + gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL); + } + + xkey = load_private_key (0); + if (xkey != NULL) + { + ret = + gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); } + } - if (xkey == NULL && xcrt == NULL) { - fprintf(stderr, "You must use --load-privkey or --load-certificate to load the file to be copied\n"); - exit (1); - } + if (xkey == NULL && xcrt == NULL) + { + fprintf (stderr, + "You must use --load-privkey or --load-certificate to load the file to be copied\n"); + exit (1); + } - return; + return; } diff --git a/src/prime.c b/src/prime.c index d845110f09..41f64a7e3e 100644 --- a/src/prime.c +++ b/src/prime.c @@ -48,7 +48,7 @@ generate_prime (int how) int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; - int bits = get_bits(GNUTLS_PK_DH); + int bits = get_bits (GNUTLS_PK_DH); gnutls_dh_params_init (&dh_params); @@ -50,10 +50,10 @@ main (int argc, char **argv) #include <sys/stat.h> #ifndef _WIN32 -# include <pwd.h> -# include <unistd.h> +#include <pwd.h> +#include <unistd.h> #else -# include <windows.h> +#include <windows.h> #endif /* Gnulib portability files. */ diff --git a/src/serv.c b/src/serv.c index a6ed9c5a90..d7782b90b2 100644 --- a/src/serv.c +++ b/src/serv.c @@ -737,19 +737,20 @@ listen_socket (const char *name, int listen_port) /* strips \r\n from the end of the string */ -static void strip (char* data) +static void +strip (char *data) { -int i; -int len = strlen(data); + int i; + int len = strlen (data); - for (i=0;i<len;i++) + for (i = 0; i < len; i++) { - if (data[i] == '\r' && data[i+1] == '\n' && data[i+1] == 0) - { - data[i] = '\n'; - data[i+1] = 0; - break; - } + if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 1] == 0) + { + data[i] = '\n'; + data[i + 1] = 0; + break; + } } } @@ -782,7 +783,7 @@ get_response (gnutls_session_t session, char *request, } else { - strip(request); + strip (request); fprintf (stderr, "received: %s\n", request); if (request[0] == request[1] && request[0] == '*') { @@ -891,7 +892,7 @@ main (int argc, char **argv) exit (1); } - pkcs11_common(); + pkcs11_common (); gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); diff --git a/src/tests.c b/src/tests.c index 578518a70b..bb07d138ed 100644 --- a/src/tests.c +++ b/src/tests.c @@ -25,10 +25,10 @@ #include <gnutls/x509.h> #ifndef _WIN32 -# include <unistd.h> -# include <signal.h> +#include <unistd.h> +#include <signal.h> #else -# include <errno.h> +#include <errno.h> #endif #include <stdio.h> @@ -126,7 +126,7 @@ _gnutls_priority_set_direct (gnutls_session_t session, const char *str) if (ret < 0) { fprintf (stderr, "Error with string %s\n", str); - fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror(ret)); + fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror (ret)); exit (1); } } @@ -193,7 +193,7 @@ test_export (gnutls_session_t session) sprintf (prio_str, INIT_STR "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s" , protocol_str, rest); + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -301,7 +301,7 @@ test_safe_renegotiation_scsv (gnutls_session_t session) { int ret; - sprintf (prio_str, INIT_STR + sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION"); _gnutls_priority_set_direct (session, prio_str); @@ -654,7 +654,7 @@ test_record_padding (gnutls_session_t session) } else { - strcat(rest, ":%COMPAT"); + strcat (rest, ":%COMPAT"); } return ret; @@ -709,8 +709,8 @@ test_tls1_1_fallback (gnutls_session_t session) sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s", - rest); + ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX + ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); |