static void cmd_parser(int argc, char **argv)
{
int ret, privkey_op = 0;
common_info_st cinfo;
const char *proto = "tcp";
unsigned int port = 443;
optionProcess(&danetoolOptions, argc, argv);
if (HAVE_OPT(OUTFILE)) {
outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op);
if (outfile == NULL) {
fprintf(stderr, "%s", OPT_ARG(OUTFILE));
exit(1);
}
} else
outfile = stdout;
default_dig = GNUTLS_DIG_UNKNOWN;
if (HAVE_OPT(HASH)) {
if (strcasecmp(OPT_ARG(HASH), "md5") == 0) {
fprintf(stderr,
"Warning: MD5 is broken, and should not be used any more for digital signatures.\n");
default_dig = GNUTLS_DIG_MD5;
} else if (strcasecmp(OPT_ARG(HASH), "sha1") == 0)
default_dig = GNUTLS_DIG_SHA1;
else if (strcasecmp(OPT_ARG(HASH), "sha256") == 0)
default_dig = GNUTLS_DIG_SHA256;
else if (strcasecmp(OPT_ARG(HASH), "sha224") == 0)
default_dig = GNUTLS_DIG_SHA224;
else if (strcasecmp(OPT_ARG(HASH), "sha384") == 0)
default_dig = GNUTLS_DIG_SHA384;
else if (strcasecmp(OPT_ARG(HASH), "sha512") == 0)
default_dig = GNUTLS_DIG_SHA512;
else if (strcasecmp(OPT_ARG(HASH), "rmd160") == 0)
default_dig = GNUTLS_DIG_RMD160;
else {
fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH));
exit(1);
}
}
gnutls_global_set_log_function(tls_log_func);
if (HAVE_OPT(DEBUG)) {
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
}
if ((ret = gnutls_global_init()) < 0) {
fprintf(stderr, "global_init: %s", gnutls_strerror(ret));
exit(1);
}
#ifdef ENABLE_PKCS11
pkcs11_common(NULL);
#endif
memset(&cinfo, 0, sizeof(cinfo));
if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
cinfo.incert_format = GNUTLS_X509_FMT_DER;
else
cinfo.incert_format = GNUTLS_X509_FMT_PEM;
if (HAVE_OPT(VERBOSE))
cinfo.verbose = 1;
if (HAVE_OPT(LOAD_PUBKEY))
cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
if (HAVE_OPT(LOAD_CERTIFICATE))
cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
if (HAVE_OPT(PORT)) {
port = OPT_VALUE_PORT;
} else {
if (HAVE_OPT(STARTTLS_PROTO))
port = starttls_proto_to_port(OPT_ARG(STARTTLS_PROTO));
}
if (HAVE_OPT(PROTO))
proto = OPT_ARG(PROTO);
if (HAVE_OPT(TLSA_RR))
dane_info(OPT_ARG(HOST), proto, port,
HAVE_OPT(CA), ENABLED_OPT(DOMAIN), &cinfo);
else if (HAVE_OPT(CHECK))
dane_check(OPT_ARG(CHECK), proto, port, &cinfo);
else
USAGE(1);
fclose(outfile);
#ifdef ENABLE_PKCS11
gnutls_pkcs11_deinit();
#endif
gnutls_global_deinit();
}
static void cmd_parser(int argc, char **argv)
{
unsigned int optct;
/* Note that the default sec-param is legacy because several TPMs
* cannot handle larger keys.
*/
optct = optionProcess(&systemkey_toolOptions, argc, argv);
argc += optct;
argv += optct;
gnutls_global_set_log_function(tls_log_func);
if (HAVE_OPT(DEBUG)) {
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
}
if (HAVE_OPT(INDER)) {
incert_format = GNUTLS_X509_FMT_DER;
inkey_format = GNUTLS_TPMKEY_FMT_DER;
} else {
incert_format = GNUTLS_X509_FMT_PEM;
inkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
}
if (HAVE_OPT(OUTDER)) {
outcert_format = GNUTLS_X509_FMT_DER;
outkey_format = GNUTLS_TPMKEY_FMT_DER;
} else {
outcert_format = GNUTLS_X509_FMT_PEM;
outkey_format = GNUTLS_TPMKEY_FMT_CTK_PEM;
}
if (HAVE_OPT(OUTFILE)) {
outfile = safe_open_rw(OPT_ARG(OUTFILE), 0);
if (outfile == NULL) {
fprintf(stderr, "%s", OPT_ARG(OUTFILE));
exit(1);
}
} else
outfile = stdout;
if (HAVE_OPT(INFILE)) {
infile = fopen(OPT_ARG(INFILE), "rb");
if (infile == NULL) {
fprintf(stderr, "%s", OPT_ARG(INFILE));
exit(1);
}
} else
infile = stdin;
if (HAVE_OPT(DELETE)) {
systemkey_delete(OPT_ARG(DELETE), outfile);
} else if (HAVE_OPT(LIST)) {
systemkey_list(outfile);
} else {
USAGE(1);
}
fclose(outfile);
gnutls_global_deinit();
}
static void
cmd_parser (int argc, char **argv)
{
int ret, debug = 0;
common_info_st cinfo;
unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
const char* url = NULL;
unsigned int detailed_url = 0, optct;
unsigned int login = 0, bits = 0;
const char* label = NULL, *sec_param = NULL;
optct = optionProcess( &p11toolOptions, argc, argv);
argc += optct;
argv += optct;
if (url == NULL && argc > 0)
url = argv[0];
else
url = "pkcs11:";
if (HAVE_OPT(DEBUG))
debug = OPT_VALUE_DEBUG;
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (debug);
if (debug > 1)
printf ("Setting log level to %d\n", debug);
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
if (HAVE_OPT(PROVIDER))
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
if (ret < 0)
fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
else
{
ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
if (ret < 0)
error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
gnutls_strerror (ret));
}
}
else
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
if (ret < 0)
fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
}
if (HAVE_OPT(OUTFILE))
{
outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
if (outfile == NULL)
error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
}
else
outfile = stdout;
memset (&cinfo, 0, sizeof (cinfo));
if (HAVE_OPT(SECRET_KEY))
cinfo.secret_key = OPT_ARG(SECRET_KEY);
if (HAVE_OPT(LOAD_PRIVKEY))
cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
if (HAVE_OPT(PKCS8))
cinfo.pkcs8 = 1;
if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
cinfo.incert_format = GNUTLS_X509_FMT_DER;
else
cinfo.incert_format = GNUTLS_X509_FMT_PEM;
if (HAVE_OPT(LOAD_CERTIFICATE))
cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
if (HAVE_OPT(LOAD_PUBKEY))
cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
if (ENABLED_OPT(DETAILED_URL))
detailed_url = 1;
if (ENABLED_OPT(LOGIN))
login = 1;
if (HAVE_OPT(LABEL))
{
label = OPT_ARG(LABEL);
}
if (HAVE_OPT(BITS))
{
bits = OPT_VALUE_BITS;
}
if (HAVE_OPT(SEC_PARAM))
{
sec_param = OPT_ARG(SEC_PARAM);
}
if (debug > 0)
{
if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no");
fprintf(stderr, "\n");
}
/* handle actions
*/
if (HAVE_OPT(LIST_TOKENS))
pkcs11_token_list (outfile, detailed_url, &cinfo);
else if (HAVE_OPT(LIST_MECHANISMS))
pkcs11_mechanism_list (outfile, url, login,
&cinfo);
else if (HAVE_OPT(LIST_ALL))
{
pkcs11_type = PKCS11_TYPE_ALL;
pkcs11_list (outfile, url, pkcs11_type,
login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_CERTS))
{
pkcs11_type = PKCS11_TYPE_CRT_ALL;
pkcs11_list (outfile, url, pkcs11_type,
login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_CERTS))
{
pkcs11_type = PKCS11_TYPE_PK;
pkcs11_list (outfile, url, pkcs11_type,
login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
{
pkcs11_type = PKCS11_TYPE_PRIVKEY;
pkcs11_list (outfile, url, pkcs11_type,
login, detailed_url, &cinfo);
}
else if (HAVE_OPT(LIST_ALL_TRUSTED))
{
pkcs11_type = PKCS11_TYPE_TRUSTED;
pkcs11_list (outfile, url, pkcs11_type,
login, detailed_url, &cinfo);
}
else if (HAVE_OPT(EXPORT))
{
pkcs11_export (outfile, url, login, &cinfo);
}
else if (HAVE_OPT(WRITE))
{
int priv;
if (HAVE_OPT(PRIVATE))
priv = ENABLED_OPT(PRIVATE);
else priv = -1;
pkcs11_write (outfile, url, label,
ENABLED_OPT(TRUSTED), priv, login, &cinfo);
}
else if (HAVE_OPT(INITIALIZE))
pkcs11_init (outfile, url, label, &cinfo);
else if (HAVE_OPT(DELETE))
pkcs11_delete (outfile, url, 0, login, &cinfo);
else if (HAVE_OPT(GENERATE_ECC))
{
key_type = GNUTLS_PK_EC;
pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
label, ENABLED_OPT(PRIVATE), detailed_url, login,
&cinfo);
}
else if (HAVE_OPT(GENERATE_RSA))
{
key_type = GNUTLS_PK_RSA;
pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
label, ENABLED_OPT(PRIVATE), detailed_url, login,
&cinfo);
}
else if (HAVE_OPT(GENERATE_DSA))
{
key_type = GNUTLS_PK_DSA;
pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
label, ENABLED_OPT(PRIVATE), detailed_url, login,
&cinfo);
}
else
{
USAGE(1);
}
fclose (outfile);
#ifdef ENABLE_PKCS11
gnutls_pkcs11_deinit ();
#endif
gnutls_global_deinit ();
}
static void
gaa_parser (int argc, char **argv)
{
int ret;
common_info_st cinfo;
if (gaa (argc, argv, &info) != -1)
{
fprintf (stderr, "Try `%s --help' for more information.\n",
program_name);
exit (1);
}
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (info.debug);
if (info.debug > 1)
printf ("Setting log level to %d\n", info.debug);
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
if (info.pkcs11_provider != NULL)
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
if (ret < 0)
fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
else
{
ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
if (ret < 0)
error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
gnutls_strerror (ret));
}
}
else
{
ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
if (ret < 0)
fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
}
if (info.outfile)
{
outfile = safe_open_rw (info.outfile, 0);
if (outfile == NULL)
error (EXIT_FAILURE, errno, "%s", info.outfile);
}
else
outfile = stdout;
memset (&cinfo, 0, sizeof (cinfo));
cinfo.secret_key = info.secret_key;
cinfo.privkey = info.privkey;
cinfo.pkcs8 = info.pkcs8;
cinfo.incert_format = info.incert_format;
cinfo.cert = info.cert;
switch (info.action)
{
case ACTION_PKCS11_LIST:
pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
break;
case ACTION_PKCS11_TOKENS:
pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
break;
case ACTION_PKCS11_MECHANISMS:
pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login,
&cinfo);
break;
case ACTION_PKCS11_EXPORT_URL:
pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
break;
case ACTION_PKCS11_WRITE_URL:
pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
info.pkcs11_trusted, info.pkcs11_login, &cinfo);
break;
case ACTION_PKCS11_TOKEN_INIT:
pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
break;
case ACTION_PKCS11_DELETE_URL:
pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo);
break;
default:
gaa_help ();
exit (0);
}
fclose (outfile);
gnutls_pkcs11_deinit ();
gnutls_global_deinit ();
}
