2 * Copyright (C) 2010-2014 Free Software Foundation, Inc.
3 * Copyright (C) 2013-2014 Nikos Mavrogiannopoulos
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * GnuTLS is free software: you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
14 * GnuTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see
21 * <http://www.gnu.org/licenses/>.
26 #include <gnutls/gnutls.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/openpgp.h>
29 #include <gnutls/pkcs12.h>
30 #include <gnutls/pkcs11.h>
31 #include <gnutls/abstract.h>
40 #include <sys/types.h>
44 /* Gnulib portability files. */
45 #include <read-file.h>
47 #include "p11tool-args.h"
49 #include "certtool-common.h"
51 static void cmd_parser(int argc, char **argv);
57 static void tls_log_func(int level, const char *str)
59 fprintf(stderr, "|<%d>| %s", level, str);
63 int main(int argc, char **argv)
65 cmd_parser(argc, argv);
71 unsigned opt_to_flags(void)
75 if (HAVE_OPT(MARK_PRIVATE)) {
76 if (ENABLED_OPT(MARK_PRIVATE)) {
77 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
79 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
83 if (ENABLED_OPT(MARK_TRUSTED))
85 GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
87 if (ENABLED_OPT(MARK_CA))
89 GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
91 if (ENABLED_OPT(MARK_WRAP))
92 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
94 if (ENABLED_OPT(LOGIN))
95 flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
97 if (ENABLED_OPT(SO_LOGIN))
98 flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
103 static void cmd_parser(int argc, char **argv)
106 common_info_st cinfo;
107 unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
108 const char *url = NULL;
109 unsigned int detailed_url = 0, optct;
110 unsigned int bits = 0;
111 const char *label = NULL, *sec_param = NULL, *id = NULL;
114 optct = optionProcess(&p11toolOptions, argc, argv);
118 if (url == NULL && argc > 0)
124 debug = OPT_VALUE_DEBUG;
126 gnutls_global_set_log_function(tls_log_func);
127 gnutls_global_set_log_level(debug);
129 printf("Setting log level to %d\n", debug);
131 if ((ret = gnutls_global_init()) < 0) {
132 fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret));
136 if (HAVE_OPT(PROVIDER)) {
137 ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
139 fprintf(stderr, "pkcs11_init: %s\n",
140 gnutls_strerror(ret));
143 gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
146 fprintf(stderr, "pkcs11_add_provider: %s\n",
147 gnutls_strerror(ret));
152 ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
154 fprintf(stderr, "pkcs11_init: %s\n",
155 gnutls_strerror(ret));
158 if (HAVE_OPT(OUTFILE)) {
159 outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
160 if (outfile == NULL) {
161 fprintf(stderr, "cannot open %s\n", OPT_ARG(OUTFILE));
167 memset(&cinfo, 0, sizeof(cinfo));
169 flags = opt_to_flags();
171 if (HAVE_OPT(SECRET_KEY))
172 cinfo.secret_key = OPT_ARG(SECRET_KEY);
174 if (HAVE_OPT(LOAD_PRIVKEY))
175 cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
180 if (HAVE_OPT(BATCH)) {
181 batch = cinfo.batch = 1;
184 if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
185 cinfo.incert_format = GNUTLS_X509_FMT_DER;
187 cinfo.incert_format = GNUTLS_X509_FMT_PEM;
189 if (HAVE_OPT(OUTDER) || HAVE_OPT(OUTRAW))
190 cinfo.outcert_format = GNUTLS_X509_FMT_DER;
192 cinfo.outcert_format = GNUTLS_X509_FMT_PEM;
194 if (HAVE_OPT(SET_PIN))
195 cinfo.pin = OPT_ARG(SET_PIN);
197 if (HAVE_OPT(SET_SO_PIN))
198 cinfo.so_pin = OPT_ARG(SET_SO_PIN);
200 if (HAVE_OPT(LOAD_CERTIFICATE))
201 cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
203 if (HAVE_OPT(LOAD_PUBKEY))
204 cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
206 if (ENABLED_OPT(DETAILED_URL))
209 if (HAVE_OPT(LABEL)) {
210 label = OPT_ARG(LABEL);
217 if (HAVE_OPT(BITS)) {
218 bits = OPT_VALUE_BITS;
221 if (HAVE_OPT(CURVE)) {
222 gnutls_ecc_curve_t curve = str_to_curve(OPT_ARG(CURVE));
223 bits = GNUTLS_CURVE_TO_BITS(curve);
226 if (HAVE_OPT(SEC_PARAM)) {
227 sec_param = OPT_ARG(SEC_PARAM);
231 if (HAVE_OPT(MARK_PRIVATE))
232 fprintf(stderr, "Private: %s\n",
233 ENABLED_OPT(MARK_PRIVATE) ? "yes" : "no");
234 fprintf(stderr, "Trusted: %s\n",
235 ENABLED_OPT(MARK_TRUSTED) ? "yes" : "no");
236 fprintf(stderr, "Wrap: %s\n",
237 ENABLED_OPT(MARK_WRAP) ? "yes" : "no");
238 fprintf(stderr, "CA: %s\n",
239 ENABLED_OPT(MARK_CA) ? "yes" : "no");
240 fprintf(stderr, "Login: %s\n",
241 ENABLED_OPT(LOGIN) ? "yes" : "no");
242 fprintf(stderr, "SO Login: %s\n",
243 ENABLED_OPT(SO_LOGIN) ? "yes" : "no");
244 fprintf(stderr, "Detailed URLs: %s\n",
245 ENABLED_OPT(DETAILED_URL) ? "yes" : "no");
246 fprintf(stderr, "\n");
251 if (HAVE_OPT(LIST_TOKENS)) {
252 pkcs11_token_list(outfile, detailed_url, &cinfo, 0);
253 } else if (HAVE_OPT(LIST_MECHANISMS)) {
254 pkcs11_mechanism_list(outfile, url, flags, &cinfo);
255 } else if (HAVE_OPT(GENERATE_RANDOM)) {
256 pkcs11_get_random(outfile, url, OPT_VALUE_GENERATE_RANDOM,
258 } else if (HAVE_OPT(INFO)) {
259 pkcs11_type = PKCS11_TYPE_INFO;
260 pkcs11_list(outfile, url, pkcs11_type,
261 flags, detailed_url, &cinfo);
262 } else if (HAVE_OPT(LIST_ALL)) {
263 pkcs11_type = PKCS11_TYPE_ALL;
264 pkcs11_list(outfile, url, pkcs11_type,
265 flags, detailed_url, &cinfo);
266 } else if (HAVE_OPT(LIST_ALL_CERTS)) {
267 pkcs11_type = PKCS11_TYPE_CRT_ALL;
268 pkcs11_list(outfile, url, pkcs11_type,
269 flags, detailed_url, &cinfo);
270 } else if (HAVE_OPT(LIST_CERTS)) {
271 pkcs11_type = PKCS11_TYPE_PK;
272 pkcs11_list(outfile, url, pkcs11_type,
273 flags, detailed_url, &cinfo);
274 } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) {
275 pkcs11_type = PKCS11_TYPE_PRIVKEY;
276 pkcs11_list(outfile, url, pkcs11_type,
277 flags, detailed_url, &cinfo);
278 } else if (HAVE_OPT(LIST_ALL_TRUSTED)) {
279 pkcs11_type = PKCS11_TYPE_TRUSTED;
280 pkcs11_list(outfile, url, pkcs11_type,
281 flags, detailed_url, &cinfo);
282 } else if (HAVE_OPT(EXPORT)) {
283 pkcs11_export(outfile, url, flags, &cinfo);
284 } else if (HAVE_OPT(EXPORT_CHAIN)) {
285 pkcs11_export_chain(outfile, url, flags, &cinfo);
286 } else if (HAVE_OPT(WRITE)) {
287 pkcs11_write(outfile, url, label, id,
289 } else if (HAVE_OPT(INITIALIZE))
290 pkcs11_init(outfile, url, label, &cinfo);
291 else if (HAVE_OPT(DELETE))
292 pkcs11_delete(outfile, url, flags, &cinfo);
293 else if (HAVE_OPT(GENERATE_ECC)) {
294 key_type = GNUTLS_PK_EC;
295 pkcs11_generate(outfile, url, key_type,
296 get_bits(key_type, bits, sec_param, 0),
297 label, id, detailed_url,
299 } else if (HAVE_OPT(GENERATE_RSA)) {
300 key_type = GNUTLS_PK_RSA;
301 pkcs11_generate(outfile, url, key_type,
302 get_bits(key_type, bits, sec_param, 0),
303 label, id, detailed_url,
305 } else if (HAVE_OPT(GENERATE_DSA)) {
306 key_type = GNUTLS_PK_DSA;
307 pkcs11_generate(outfile, url, key_type,
308 get_bits(key_type, bits, sec_param, 0),
309 label, id, detailed_url,
311 } else if (HAVE_OPT(EXPORT_PUBKEY)) {
312 pkcs11_export_pubkey(outfile, url, detailed_url, flags, &cinfo);
313 } else if (HAVE_OPT(SET_ID)) {
314 pkcs11_set_id(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_ID));
315 } else if (HAVE_OPT(SET_LABEL)) {
316 pkcs11_set_label(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_LABEL));
324 gnutls_pkcs11_deinit();
326 gnutls_global_deinit();