diff options
Diffstat (limited to 'src/p11tool-gaa.c')
| -rw-r--r-- | src/p11tool-gaa.c | 232 |
1 files changed, 172 insertions, 60 deletions
diff --git a/src/p11tool-gaa.c b/src/p11tool-gaa.c index 18162402e8..8938e33d1b 100644 --- a/src/p11tool-gaa.c +++ b/src/p11tool-gaa.c @@ -145,6 +145,9 @@ void gaa_help(void) __gaa_helpsingle(0, "initialize", "URL ", "Initializes a PKCS11 token."); __gaa_helpsingle(0, "write", "URL ", "Writes loaded certificates, private or secret keys to a PKCS11 token."); __gaa_helpsingle(0, "delete", "URL ", "Deletes objects matching the URL."); + __gaa_helpsingle(0, "generate-rsa", "URL ", "Generates an RSA private key on the specified token."); + __gaa_helpsingle(0, "generate-dsa", "URL ", "Generates a DSA private key on the specified token."); + __gaa_helpsingle(0, "generate-ecc", "URL ", "Generates an ECDSA private key on the specified token."); __gaa_helpsingle(0, "label", "label ", "Sets a label for the write operation."); __gaa_helpsingle(0, "trusted", "", "Marks the certificate to be written as trusted."); __gaa_helpsingle(0, "private", "", "Marks the object to be written as private (requires PIN)."); @@ -157,6 +160,8 @@ void gaa_help(void) __gaa_helpsingle(0, "load-pubkey", "FILE ", "Private key file to use."); __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use."); __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys."); + __gaa_helpsingle(0, "bits", "BITS ", "specify the number of bits for key generation."); + __gaa_helpsingle(0, "sec-param", "PARAM ", "specify the security level [low|normal|high|ultra]."); __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys."); __gaa_helpsingle(0, "inraw", "", "Use RAW/DER format for input certificates and private keys."); __gaa_helpsingle(0, "provider", "Library ", "Specify the pkcs11 provider library"); @@ -177,34 +182,40 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 84 "p11tool.gaa" +#line 94 "p11tool.gaa" int debug; -#line 79 "p11tool.gaa" +#line 89 "p11tool.gaa" char *outfile; -#line 76 "p11tool.gaa" +#line 86 "p11tool.gaa" int action; -#line 75 "p11tool.gaa" +#line 85 "p11tool.gaa" char* pkcs11_provider; -#line 71 "p11tool.gaa" +#line 81 "p11tool.gaa" int incert_format; -#line 68 "p11tool.gaa" +#line 78 "p11tool.gaa" + char* sec_param; +#line 75 "p11tool.gaa" + int bits; +#line 72 "p11tool.gaa" int pkcs8; -#line 65 "p11tool.gaa" +#line 69 "p11tool.gaa" char *cert; -#line 62 "p11tool.gaa" +#line 66 "p11tool.gaa" char *pubkey; -#line 59 "p11tool.gaa" +#line 63 "p11tool.gaa" char *privkey; -#line 56 "p11tool.gaa" +#line 60 "p11tool.gaa" char* secret_key; -#line 52 "p11tool.gaa" +#line 56 "p11tool.gaa" int pkcs11_detailed_url; -#line 49 "p11tool.gaa" +#line 53 "p11tool.gaa" int pkcs11_login; -#line 45 "p11tool.gaa" +#line 49 "p11tool.gaa" int pkcs11_private; -#line 42 "p11tool.gaa" +#line 46 "p11tool.gaa" int pkcs11_trusted; +#line 40 "p11tool.gaa" + int key_type; #line 35 "p11tool.gaa" char* pkcs11_label; #line 24 "p11tool.gaa" @@ -265,36 +276,41 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 29 +#define GAA_NB_OPTION 34 #define GAAOPTID_help 1 #define GAAOPTID_debug 2 #define GAAOPTID_outfile 3 #define GAAOPTID_provider 4 #define GAAOPTID_inraw 5 #define GAAOPTID_inder 6 -#define GAAOPTID_pkcs8 7 -#define GAAOPTID_load_certificate 8 -#define GAAOPTID_load_pubkey 9 -#define GAAOPTID_load_privkey 10 -#define GAAOPTID_secret_key 11 -#define GAAOPTID_no_detailed_url 12 -#define GAAOPTID_detailed_url 13 -#define GAAOPTID_login 14 -#define GAAOPTID_no_private 15 -#define GAAOPTID_private 16 -#define GAAOPTID_trusted 17 -#define GAAOPTID_label 18 -#define GAAOPTID_delete 19 -#define GAAOPTID_write 20 -#define GAAOPTID_initialize 21 -#define GAAOPTID_list_trusted 22 -#define GAAOPTID_list_privkeys 23 -#define GAAOPTID_list_certs 24 -#define GAAOPTID_list_all_certs 25 -#define GAAOPTID_list_all 26 -#define GAAOPTID_list_mechanisms 27 -#define GAAOPTID_list_tokens 28 -#define GAAOPTID_export 29 +#define GAAOPTID_sec_param 7 +#define GAAOPTID_bits 8 +#define GAAOPTID_pkcs8 9 +#define GAAOPTID_load_certificate 10 +#define GAAOPTID_load_pubkey 11 +#define GAAOPTID_load_privkey 12 +#define GAAOPTID_secret_key 13 +#define GAAOPTID_no_detailed_url 14 +#define GAAOPTID_detailed_url 15 +#define GAAOPTID_login 16 +#define GAAOPTID_no_private 17 +#define GAAOPTID_private 18 +#define GAAOPTID_trusted 19 +#define GAAOPTID_label 20 +#define GAAOPTID_generate_ecc 21 +#define GAAOPTID_generate_dsa 22 +#define GAAOPTID_generate_rsa 23 +#define GAAOPTID_delete 24 +#define GAAOPTID_write 25 +#define GAAOPTID_initialize 26 +#define GAAOPTID_list_trusted 27 +#define GAAOPTID_list_privkeys 28 +#define GAAOPTID_list_certs 29 +#define GAAOPTID_list_all_certs 30 +#define GAAOPTID_list_all 31 +#define GAAOPTID_list_mechanisms 32 +#define GAAOPTID_list_tokens 33 +#define GAAOPTID_export 34 #line 168 "gaa.skel" @@ -499,6 +515,18 @@ struct GAAOPTION_provider int size1; }; +struct GAAOPTION_sec_param +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_bits +{ + int arg1; + int size1; +}; + struct GAAOPTION_load_certificate { char* arg1; @@ -529,6 +557,24 @@ struct GAAOPTION_label int size1; }; +struct GAAOPTION_generate_ecc +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_generate_dsa +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_generate_rsa +{ + char* arg1; + int size1; +}; + struct GAAOPTION_delete { char* arg1; @@ -591,11 +637,16 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("d", GAAOPTID_debug); GAA_CHECK1STR("", GAAOPTID_outfile); GAA_CHECK1STR("", GAAOPTID_provider); + GAA_CHECK1STR("", GAAOPTID_sec_param); + GAA_CHECK1STR("", GAAOPTID_bits); GAA_CHECK1STR("", GAAOPTID_load_certificate); GAA_CHECK1STR("", GAAOPTID_load_pubkey); GAA_CHECK1STR("", GAAOPTID_load_privkey); GAA_CHECK1STR("", GAAOPTID_secret_key); GAA_CHECK1STR("", GAAOPTID_label); + GAA_CHECK1STR("", GAAOPTID_generate_ecc); + GAA_CHECK1STR("", GAAOPTID_generate_dsa); + GAA_CHECK1STR("", GAAOPTID_generate_rsa); GAA_CHECK1STR("", GAAOPTID_delete); GAA_CHECK1STR("", GAAOPTID_write); GAA_CHECK1STR("", GAAOPTID_initialize); @@ -629,6 +680,8 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("provider", GAAOPTID_provider); GAA_CHECKSTR("inraw", GAAOPTID_inraw); GAA_CHECKSTR("inder", GAAOPTID_inder); + GAA_CHECKSTR("sec-param", GAAOPTID_sec_param); + GAA_CHECKSTR("bits", GAAOPTID_bits); GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8); GAA_CHECKSTR("load-certificate", GAAOPTID_load_certificate); GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey); @@ -641,6 +694,9 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("private", GAAOPTID_private); GAA_CHECKSTR("trusted", GAAOPTID_trusted); GAA_CHECKSTR("label", GAAOPTID_label); + GAA_CHECKSTR("generate-ecc", GAAOPTID_generate_ecc); + GAA_CHECKSTR("generate-dsa", GAAOPTID_generate_dsa); + GAA_CHECKSTR("generate-rsa", GAAOPTID_generate_rsa); GAA_CHECKSTR("delete", GAAOPTID_delete); GAA_CHECKSTR("write", GAAOPTID_write); GAA_CHECKSTR("initialize", GAAOPTID_initialize); @@ -667,11 +723,16 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) struct GAAOPTION_debug GAATMP_debug; struct GAAOPTION_outfile GAATMP_outfile; struct GAAOPTION_provider GAATMP_provider; + struct GAAOPTION_sec_param GAATMP_sec_param; + struct GAAOPTION_bits GAATMP_bits; struct GAAOPTION_load_certificate GAATMP_load_certificate; struct GAAOPTION_load_pubkey GAATMP_load_pubkey; struct GAAOPTION_load_privkey GAATMP_load_privkey; struct GAAOPTION_secret_key GAATMP_secret_key; struct GAAOPTION_label GAATMP_label; + struct GAAOPTION_generate_ecc GAATMP_generate_ecc; + struct GAAOPTION_generate_dsa GAATMP_generate_dsa; + struct GAAOPTION_generate_rsa GAATMP_generate_rsa; struct GAAOPTION_delete GAATMP_delete; struct GAAOPTION_write GAATMP_write; struct GAAOPTION_initialize GAATMP_initialize; @@ -699,7 +760,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_help: OK = 0; -#line 87 "p11tool.gaa" +#line 97 "p11tool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -709,7 +770,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 85 "p11tool.gaa" +#line 95 "p11tool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; return GAA_OK; @@ -719,7 +780,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1); gaa_index++; -#line 80 "p11tool.gaa" +#line 90 "p11tool.gaa" { gaaval->outfile = GAATMP_outfile.arg1 ;}; return GAA_OK; @@ -729,28 +790,48 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_provider.arg1, gaa_getstr, GAATMP_provider.size1); gaa_index++; -#line 77 "p11tool.gaa" +#line 87 "p11tool.gaa" { gaaval->pkcs11_provider = GAATMP_provider.arg1 ;}; return GAA_OK; break; case GAAOPTID_inraw: OK = 0; -#line 73 "p11tool.gaa" +#line 83 "p11tool.gaa" { gaaval->incert_format=GNUTLS_X509_FMT_DER ;}; return GAA_OK; break; case GAAOPTID_inder: OK = 0; -#line 72 "p11tool.gaa" +#line 82 "p11tool.gaa" { gaaval->incert_format=GNUTLS_X509_FMT_DER ;}; return GAA_OK; break; + case GAAOPTID_sec_param: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1); + gaa_index++; +#line 79 "p11tool.gaa" +{ gaaval->sec_param = GAATMP_sec_param.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_bits: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); + gaa_index++; +#line 76 "p11tool.gaa" +{ gaaval->bits = GAATMP_bits.arg1 ;}; + + return GAA_OK; + break; case GAAOPTID_pkcs8: OK = 0; -#line 69 "p11tool.gaa" +#line 73 "p11tool.gaa" { gaaval->pkcs8=1 ;}; return GAA_OK; @@ -760,7 +841,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1); gaa_index++; -#line 66 "p11tool.gaa" +#line 70 "p11tool.gaa" { gaaval->cert = GAATMP_load_certificate.arg1 ;}; return GAA_OK; @@ -770,7 +851,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr, GAATMP_load_pubkey.size1); gaa_index++; -#line 63 "p11tool.gaa" +#line 67 "p11tool.gaa" { gaaval->pubkey = GAATMP_load_pubkey.arg1 ;}; return GAA_OK; @@ -780,7 +861,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1); gaa_index++; -#line 60 "p11tool.gaa" +#line 64 "p11tool.gaa" { gaaval->privkey = GAATMP_load_privkey.arg1 ;}; return GAA_OK; @@ -790,49 +871,49 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_secret_key.arg1, gaa_getstr, GAATMP_secret_key.size1); gaa_index++; -#line 57 "p11tool.gaa" +#line 61 "p11tool.gaa" { gaaval->secret_key = GAATMP_secret_key.arg1; ;}; return GAA_OK; break; case GAAOPTID_no_detailed_url: OK = 0; -#line 54 "p11tool.gaa" +#line 58 "p11tool.gaa" { gaaval->pkcs11_detailed_url = 0; ;}; return GAA_OK; break; case GAAOPTID_detailed_url: OK = 0; -#line 53 "p11tool.gaa" +#line 57 "p11tool.gaa" { gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; ;}; return GAA_OK; break; case GAAOPTID_login: OK = 0; -#line 50 "p11tool.gaa" +#line 54 "p11tool.gaa" { gaaval->pkcs11_login = 1; ;}; return GAA_OK; break; case GAAOPTID_no_private: OK = 0; -#line 47 "p11tool.gaa" +#line 51 "p11tool.gaa" { gaaval->pkcs11_private = 0; ;}; return GAA_OK; break; case GAAOPTID_private: OK = 0; -#line 46 "p11tool.gaa" +#line 50 "p11tool.gaa" { gaaval->pkcs11_private = 1; ;}; return GAA_OK; break; case GAAOPTID_trusted: OK = 0; -#line 43 "p11tool.gaa" +#line 47 "p11tool.gaa" { gaaval->pkcs11_trusted = 1; ;}; return GAA_OK; @@ -842,11 +923,41 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_label.arg1, gaa_getstr, GAATMP_label.size1); gaa_index++; -#line 41 "p11tool.gaa" +#line 45 "p11tool.gaa" { gaaval->pkcs11_label = GAATMP_label.arg1; ;}; return GAA_OK; break; + case GAAOPTID_generate_ecc: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_generate_ecc.arg1, gaa_getstr, GAATMP_generate_ecc.size1); + gaa_index++; +#line 43 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_GENERATE; gaaval->key_type = GNUTLS_PK_ECC; gaaval->pkcs11_url = GAATMP_generate_ecc.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_generate_dsa: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_generate_dsa.arg1, gaa_getstr, GAATMP_generate_dsa.size1); + gaa_index++; +#line 42 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_GENERATE; gaaval->key_type = GNUTLS_PK_DSA; gaaval->pkcs11_url = GAATMP_generate_dsa.arg1; ;}; + + return GAA_OK; + break; + case GAAOPTID_generate_rsa: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_generate_rsa.arg1, gaa_getstr, GAATMP_generate_rsa.size1); + gaa_index++; +#line 41 "p11tool.gaa" +{ gaaval->action = ACTION_PKCS11_GENERATE; gaaval->key_type = GNUTLS_PK_RSA; gaaval->pkcs11_url = GAATMP_generate_rsa.arg1; ;}; + + return GAA_OK; + break; case GAAOPTID_delete: OK = 0; GAA_TESTMOREARGS; @@ -963,12 +1074,13 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 89 "p11tool.gaa" +#line 99 "p11tool.gaa" { gaaval->action = -1; gaaval->pkcs11_provider= NULL; gaaval->outfile = NULL; gaaval->pubkey = NULL; gaaval->privkey = NULL; gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; - gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; - gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = GNUTLS_X509_FMT_PEM; gaaval->pkcs11_private = -1; ;}; + gaaval->pkcs11_trusted=0; gaaval->pkcs11_login = 0; gaaval->pkcs11_detailed_url = 0; + gaaval->secret_key = NULL; gaaval->cert = NULL; gaaval->incert_format = GNUTLS_X509_FMT_PEM; gaaval->pkcs11_private = -1; + gaaval->key_type = 0; gaaval->bits = 0; gaaval->sec_param = NULL; ;}; } inited = 1; @@ -1116,7 +1228,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; //a = ' '; + if(a==EOF) return 0; } len += 1; |