projects / platform / upstream / gnutls.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'upstream' into tizen
[platform/upstream/gnutls.git] / src / p11tool.c
1 /*
2  * Copyright (C) 2010-2014 Free Software Foundation, Inc.
3  * Copyright (C) 2013-2014 Nikos Mavrogiannopoulos
4  *
5  * Author: Nikos Mavrogiannopoulos
6  *
7  * This file is part of GnuTLS.
8  *
9  * GnuTLS is free software: you can redistribute it and/or modify it
10  * under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * GnuTLS is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program.  If not, see
21  * <http://www.gnu.org/licenses/>.
22  */
23
24 #include <config.h>
25
26 #include <gnutls/gnutls.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/openpgp.h>
29 #include <gnutls/pkcs12.h>
30 #include <gnutls/pkcs11.h>
31 #include <gnutls/abstract.h>
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <ctype.h>
37 #include <time.h>
38 #include <unistd.h>
39 #include <errno.h>
40 #include <sys/types.h>
41 #include <sys/stat.h>
42 #include <fcntl.h>
43
44 /* Gnulib portability files. */
45 #include <read-file.h>
46
47 #include "p11tool-args.h"
48 #include "p11tool.h"
49 #include "certtool-common.h"
50
51 static void cmd_parser(int argc, char **argv);
52
53 static FILE *outfile;
54 int batch = 0;
55 int ask_pass = 0;
56
57 static void tls_log_func(int level, const char *str)
58 {
59         fprintf(stderr, "|<%d>| %s", level, str);
60 }
61
62
63 int main(int argc, char **argv)
64 {
65         cmd_parser(argc, argv);
66
67         return 0;
68 }
69
70 static
71 unsigned opt_to_flags(unsigned *key_usage)
72 {
73         unsigned flags = 0;
74         
75         *key_usage = 0;
76
77         if (HAVE_OPT(MARK_PRIVATE)) {
78                 if (ENABLED_OPT(MARK_PRIVATE)) {
79                         flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
80                 } else {
81                         flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
82                 }
83         }
84
85         if (ENABLED_OPT(MARK_TRUSTED))
86                 flags |=
87                     GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
88
89         if (ENABLED_OPT(MARK_SIGN))
90                 *key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
91
92         if (ENABLED_OPT(MARK_DECRYPT))
93                 *key_usage |= GNUTLS_KEY_DECIPHER_ONLY;
94
95         if (ENABLED_OPT(MARK_CA))
96                 flags |=
97                     GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
98
99         if (ENABLED_OPT(MARK_WRAP))
100                 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
101
102         if (ENABLED_OPT(LOGIN))
103                 flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
104
105         if (ENABLED_OPT(SO_LOGIN))
106                 flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
107
108         return flags;
109 }
110
111 static void cmd_parser(int argc, char **argv)
112 {
113         int ret, debug = 0;
114         common_info_st cinfo;
115         unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
116         const char *url = NULL;
117         unsigned int detailed_url = 0, optct;
118         unsigned int bits = 0;
119         const char *label = NULL, *sec_param = NULL, *id = NULL;
120         unsigned flags;
121         unsigned key_usage;
122
123         optct = optionProcess(&p11toolOptions, argc, argv);
124         argc += optct;
125         argv += optct;
126
127         if (url == NULL && argc > 0)
128                 url = argv[0];
129         else
130                 url = "pkcs11:";
131
132         if (HAVE_OPT(DEBUG))
133                 debug = OPT_VALUE_DEBUG;
134
135         gnutls_global_set_log_function(tls_log_func);
136         gnutls_global_set_log_level(debug);
137         if (debug > 1)
138                 printf("Setting log level to %d\n", debug);
139
140         if ((ret = gnutls_global_init()) < 0) {
141                 fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
142                 exit(1);
143         }
144
145         if (HAVE_OPT(PROVIDER)) {
146                 ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
147                 if (ret < 0)
148                         fprintf(stderr, "pkcs11_init: %s\n",
149                                 gnutls_strerror(ret));
150                 else {
151                         ret =
152                             gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
153                                                        NULL);
154                         if (ret < 0) {
155                                 fprintf(stderr, "pkcs11_add_provider: %s\n",
156                                         gnutls_strerror(ret));
157                                 exit(1);
158                         }
159                 }
160         } else {
161                 ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
162                 if (ret < 0)
163                         fprintf(stderr, "pkcs11_init: %s\n",
164                                 gnutls_strerror(ret));
165         }
166
167         if (HAVE_OPT(OUTFILE)) {
168                 outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
169                 if (outfile == NULL) {
170                         fprintf(stderr, "cannot open %s\n", OPT_ARG(OUTFILE));
171                         exit(1);
172                 }
173         } else
174                 outfile = stdout;
175
176         memset(&cinfo, 0, sizeof(cinfo));
177
178         flags = opt_to_flags(&key_usage);
179         cinfo.key_usage = key_usage;
180
181         if (HAVE_OPT(SECRET_KEY))
182                 cinfo.secret_key = OPT_ARG(SECRET_KEY);
183
184         if (HAVE_OPT(LOAD_PRIVKEY))
185                 cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
186
187         if (HAVE_OPT(PKCS8))
188                 cinfo.pkcs8 = 1;
189
190         if (HAVE_OPT(BATCH)) {
191                 batch = cinfo.batch = 1;
192         }
193
194         if (HAVE_OPT(ONLY_URLS)) {
195                 batch = cinfo.only_urls = 1;
196         }
197
198         if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
199                 cinfo.incert_format = GNUTLS_X509_FMT_DER;
200         else
201                 cinfo.incert_format = GNUTLS_X509_FMT_PEM;
202
203         if (HAVE_OPT(OUTDER) || HAVE_OPT(OUTRAW))
204                 cinfo.outcert_format = GNUTLS_X509_FMT_DER;
205         else
206                 cinfo.outcert_format = GNUTLS_X509_FMT_PEM;
207
208         if (HAVE_OPT(SET_PIN))
209                 cinfo.pin = OPT_ARG(SET_PIN);
210
211         if (HAVE_OPT(SET_SO_PIN))
212                 cinfo.so_pin = OPT_ARG(SET_SO_PIN);
213
214         if (HAVE_OPT(LOAD_CERTIFICATE))
215                 cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
216
217         if (HAVE_OPT(LOAD_PUBKEY))
218                 cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
219
220         if (ENABLED_OPT(DETAILED_URL))
221                 detailed_url = 1;
222
223         if (HAVE_OPT(LABEL)) {
224                 label = OPT_ARG(LABEL);
225         }
226
227         if (HAVE_OPT(ID)) {
228                 id = OPT_ARG(ID);
229         }
230
231         if (HAVE_OPT(BITS)) {
232                 bits = OPT_VALUE_BITS;
233         }
234
235         if (HAVE_OPT(CURVE)) {
236                 gnutls_ecc_curve_t curve = str_to_curve(OPT_ARG(CURVE));
237                 bits = GNUTLS_CURVE_TO_BITS(curve);
238         }
239
240         if (HAVE_OPT(SEC_PARAM)) {
241                 sec_param = OPT_ARG(SEC_PARAM);
242         }
243
244         /* handle actions 
245          */
246         if (HAVE_OPT(LIST_TOKENS)) {
247                 pkcs11_token_list(outfile, detailed_url, &cinfo, 0);
248         } else if (HAVE_OPT(LIST_TOKEN_URLS)) {
249                 pkcs11_token_list(outfile, detailed_url, &cinfo, 1);
250         } else if (HAVE_OPT(LIST_MECHANISMS)) {
251                 pkcs11_mechanism_list(outfile, url, flags, &cinfo);
252         } else if (HAVE_OPT(GENERATE_RANDOM)) {
253                 pkcs11_get_random(outfile, url, OPT_VALUE_GENERATE_RANDOM,
254                                   &cinfo);
255         } else if (HAVE_OPT(INFO)) {
256                 pkcs11_type = PKCS11_TYPE_INFO;
257                 pkcs11_list(outfile, url, pkcs11_type,
258                             flags, detailed_url, &cinfo);
259         } else if (HAVE_OPT(LIST_ALL)) {
260                 pkcs11_type = PKCS11_TYPE_ALL;
261                 pkcs11_list(outfile, url, pkcs11_type,
262                             flags, detailed_url, &cinfo);
263         } else if (HAVE_OPT(LIST_ALL_CERTS)) {
264                 pkcs11_type = PKCS11_TYPE_CRT_ALL;
265                 pkcs11_list(outfile, url, pkcs11_type,
266                             flags, detailed_url, &cinfo);
267         } else if (HAVE_OPT(LIST_CERTS)) {
268                 pkcs11_type = PKCS11_TYPE_PK;
269                 pkcs11_list(outfile, url, pkcs11_type,
270                             flags, detailed_url, &cinfo);
271         } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) {
272                 pkcs11_type = PKCS11_TYPE_PRIVKEY;
273                 pkcs11_list(outfile, url, pkcs11_type,
274                             flags, detailed_url, &cinfo);
275         } else if (HAVE_OPT(LIST_ALL_TRUSTED)) {
276                 pkcs11_type = PKCS11_TYPE_TRUSTED;
277                 pkcs11_list(outfile, url, pkcs11_type,
278                             flags, detailed_url, &cinfo);
279         } else if (HAVE_OPT(EXPORT)) {
280                 pkcs11_export(outfile, url, flags, &cinfo);
281         } else if (HAVE_OPT(EXPORT_CHAIN)) {
282                 pkcs11_export_chain(outfile, url, flags, &cinfo);
283         } else if (HAVE_OPT(WRITE)) {
284                 pkcs11_write(outfile, url, label, id,
285                              flags, &cinfo);
286         } else if (HAVE_OPT(TEST_SIGN)) {
287                 pkcs11_test_sign(outfile, url, flags, &cinfo);
288         } else if (HAVE_OPT(INITIALIZE))
289                 pkcs11_init(outfile, url, label, &cinfo);
290         else if (HAVE_OPT(DELETE))
291                 pkcs11_delete(outfile, url, flags, &cinfo);
292         else if (HAVE_OPT(GENERATE_ECC)) {
293                 key_type = GNUTLS_PK_EC;
294                 pkcs11_generate(outfile, url, key_type,
295                                 get_bits(key_type, bits, sec_param, 0),
296                                 label, id, detailed_url,
297                                 flags, &cinfo);
298         } else if (HAVE_OPT(GENERATE_RSA)) {
299                 key_type = GNUTLS_PK_RSA;
300                 pkcs11_generate(outfile, url, key_type,
301                                 get_bits(key_type, bits, sec_param, 0),
302                                 label, id, detailed_url,
303                                 flags, &cinfo);
304         } else if (HAVE_OPT(GENERATE_DSA)) {
305                 key_type = GNUTLS_PK_DSA;
306                 pkcs11_generate(outfile, url, key_type,
307                                 get_bits(key_type, bits, sec_param, 0),
308                                 label, id, detailed_url,
309                                 flags, &cinfo);
310         } else if (HAVE_OPT(EXPORT_PUBKEY)) {
311                 pkcs11_export_pubkey(outfile, url, detailed_url, flags, &cinfo);
312         } else if (HAVE_OPT(SET_ID)) {
313                 pkcs11_set_id(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_ID));
314         } else if (HAVE_OPT(SET_LABEL)) {
315                 pkcs11_set_label(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_LABEL));
316         } else {
317                 USAGE(1);
318         }
319
320         fclose(outfile);
321
322 #ifdef ENABLE_PKCS11
323         gnutls_pkcs11_deinit();
324 #endif
325         gnutls_global_deinit();
326 }
Domain: Security / Utilities;