2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 * Author: Nikos Mavrogiannopoulos
5 * This file is part of GnuTLS.
7 * GnuTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include <gnutls/gnutls.h>
25 #include <gnutls/pkcs11.h>
26 #include <gnutls/abstract.h>
30 #include "certtool-cfg.h"
31 #include "certtool-common.h"
37 pkcs11_delete (FILE * outfile
, const char *url
, int batch
, unsigned int login
,
38 common_info_st
* info
)
41 unsigned int obj_flags
= 0;
44 obj_flags
= GNUTLS_PKCS11_OBJ_FLAG_LOGIN
;
48 pkcs11_list (outfile
, url
, PKCS11_TYPE_ALL
, login
,
49 GNUTLS_PKCS11_URL_LIB
, info
);
51 read_yesno ("Are you sure you want to delete those objects? (y/N): ");
58 ret
= gnutls_pkcs11_delete_url (url
, obj_flags
);
61 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
62 gnutls_strerror (ret
));
66 fprintf (outfile
, "\n%d objects deleted\n", ret
);
71 /* lists certificates from a token
74 pkcs11_list (FILE * outfile
, const char *url
, int type
, unsigned int login
,
75 unsigned int detailed
, common_info_st
* info
)
77 gnutls_pkcs11_obj_t
*crt_list
;
78 gnutls_x509_crt_t xcrt
;
79 unsigned int crt_list_size
= 0, i
;
83 unsigned int obj_flags
= 0;
86 obj_flags
= GNUTLS_PKCS11_OBJ_FLAG_LOGIN
;
93 if (type
== PKCS11_TYPE_TRUSTED
)
95 attrs
= GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED
;
97 else if (type
== PKCS11_TYPE_PK
)
99 attrs
= GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY
;
101 else if (type
== PKCS11_TYPE_CRT_ALL
)
103 attrs
= GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
;
105 else if (type
== PKCS11_TYPE_PRIVKEY
)
107 attrs
= GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY
;
111 attrs
= GNUTLS_PKCS11_OBJ_ATTR_ALL
;
114 /* give some initial value to avoid asking for the pkcs11 pin twice.
117 crt_list
= malloc (sizeof (*crt_list
) * crt_list_size
);
118 if (crt_list
== NULL
)
120 fprintf (stderr
, "Memory error\n");
124 ret
= gnutls_pkcs11_obj_list_import_url (crt_list
, &crt_list_size
, url
,
126 if (ret
< 0 && ret
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
128 fprintf (stderr
, "Error in crt_list_import (1): %s\n",
129 gnutls_strerror (ret
));
133 if (crt_list_size
== 0)
135 fprintf (stderr
, "No matching objects found\n");
139 if (ret
== GNUTLS_E_SHORT_MEMORY_BUFFER
)
141 crt_list
= realloc (crt_list
, sizeof (*crt_list
) * crt_list_size
);
142 if (crt_list
== NULL
)
144 fprintf (stderr
, "Memory error\n");
149 gnutls_pkcs11_obj_list_import_url (crt_list
, &crt_list_size
, url
,
153 fprintf (stderr
, "Error in crt_list_import: %s\n",
154 gnutls_strerror (ret
));
159 for (i
= 0; i
< crt_list_size
; i
++)
164 ret
= gnutls_pkcs11_obj_export_url (crt_list
[i
], detailed
, &output
);
167 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
168 gnutls_strerror (ret
));
172 fprintf (outfile
, "Object %d:\n\tURL: %s\n", i
, output
);
174 fprintf (outfile
, "\tType: %s\n",
175 gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type
180 gnutls_pkcs11_obj_get_info (crt_list
[i
], GNUTLS_PKCS11_OBJ_LABEL
, buf
,
184 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
185 gnutls_strerror (ret
));
188 fprintf (outfile
, "\tLabel: %s\n", buf
);
192 gnutls_pkcs11_obj_get_info (crt_list
[i
], GNUTLS_PKCS11_OBJ_ID_HEX
,
196 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
197 gnutls_strerror (ret
));
200 fprintf (outfile
, "\tID: %s\n\n", buf
);
204 if (attrs
== GNUTLS_PKCS11_OBJ_ATTR_ALL
205 || attrs
== GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY
)
208 ret
= gnutls_x509_crt_init (&xcrt
);
211 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
212 gnutls_strerror (ret
));
216 ret
= gnutls_x509_crt_import_pkcs11 (xcrt
, crt_list
[i
]);
219 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
220 gnutls_strerror (ret
));
226 ret
= gnutls_x509_crt_export (xcrt
, GNUTLS_X509_FMT_PEM
, buffer
, &size
);
229 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
230 gnutls_strerror (ret
));
234 fwrite (buffer
, 1, size
, outfile
);
235 fputs ("\n\n", outfile
);
238 gnutls_x509_crt_deinit (xcrt
);
247 pkcs11_export (FILE * outfile
, const char *url
, unsigned int login
,
248 common_info_st
* info
)
250 gnutls_pkcs11_obj_t crt
;
251 gnutls_x509_crt_t xcrt
;
252 gnutls_pubkey_t pubkey
;
255 unsigned int obj_flags
= 0;
258 obj_flags
= GNUTLS_PKCS11_OBJ_FLAG_LOGIN
;
265 ret
= gnutls_pkcs11_obj_init (&crt
);
268 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
269 gnutls_strerror (ret
));
273 ret
= gnutls_pkcs11_obj_import_url (crt
, url
, obj_flags
);
276 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
277 gnutls_strerror (ret
));
281 switch (gnutls_pkcs11_obj_get_type (crt
))
283 case GNUTLS_PKCS11_OBJ_X509_CRT
:
284 ret
= gnutls_x509_crt_init (&xcrt
);
287 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
288 gnutls_strerror (ret
));
292 ret
= gnutls_x509_crt_import_pkcs11 (xcrt
, crt
);
295 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
296 gnutls_strerror (ret
));
301 ret
= gnutls_x509_crt_export (xcrt
, GNUTLS_X509_FMT_PEM
, buffer
, &size
);
304 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
305 gnutls_strerror (ret
));
308 fwrite (buffer
, 1, size
, outfile
);
310 gnutls_x509_crt_deinit (xcrt
);
312 case GNUTLS_PKCS11_OBJ_PUBKEY
:
313 ret
= gnutls_pubkey_init (&pubkey
);
316 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
317 gnutls_strerror (ret
));
321 ret
= gnutls_pubkey_import_pkcs11 (pubkey
, crt
, 0);
324 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
325 gnutls_strerror (ret
));
330 ret
= gnutls_pubkey_export (pubkey
, GNUTLS_X509_FMT_PEM
, buffer
, &size
);
333 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
334 gnutls_strerror (ret
));
337 fwrite (buffer
, 1, size
, outfile
);
339 gnutls_pubkey_deinit (pubkey
);
343 gnutls_datum_t data
, enc
;
346 ret
= gnutls_pkcs11_obj_export (crt
, buffer
, &size
);
355 ret
= gnutls_pem_base64_encode_alloc ("DATA", &data
, &enc
);
358 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
359 gnutls_strerror (ret
));
363 fwrite (enc
.data
, 1, enc
.size
, outfile
);
365 gnutls_free (enc
.data
);
369 fputs ("\n\n", outfile
);
372 gnutls_pkcs11_obj_deinit (crt
);
379 pkcs11_token_list (FILE * outfile
, unsigned int detailed
,
380 common_info_st
* info
)
392 ret
= gnutls_pkcs11_token_get_url (i
, detailed
, &url
);
393 if (ret
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
398 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
399 gnutls_strerror (ret
));
403 fprintf (outfile
, "Token %d:\n\tURL: %s\n", i
, url
);
407 gnutls_pkcs11_token_get_info (url
, GNUTLS_PKCS11_TOKEN_LABEL
, buf
,
411 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
412 gnutls_strerror (ret
));
416 fprintf (outfile
, "\tLabel: %s\n", buf
);
420 gnutls_pkcs11_token_get_info (url
, GNUTLS_PKCS11_TOKEN_MANUFACTURER
,
424 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
425 gnutls_strerror (ret
));
429 fprintf (outfile
, "\tManufacturer: %s\n", buf
);
433 gnutls_pkcs11_token_get_info (url
, GNUTLS_PKCS11_TOKEN_MODEL
, buf
,
437 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
438 gnutls_strerror (ret
));
442 fprintf (outfile
, "\tModel: %s\n", buf
);
446 gnutls_pkcs11_token_get_info (url
, GNUTLS_PKCS11_TOKEN_SERIAL
, buf
,
450 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
451 gnutls_strerror (ret
));
455 fprintf (outfile
, "\tSerial: %s\n", buf
);
456 fprintf (outfile
, "\n\n");
466 pkcs11_write (FILE * outfile
, const char *url
, const char *label
,
467 int trusted
, int private,
468 unsigned int login
, common_info_st
* info
)
470 gnutls_x509_crt_t xcrt
;
471 gnutls_x509_privkey_t xkey
;
473 unsigned int flags
= 0;
474 unsigned int key_usage
= 0;
475 gnutls_datum_t
*secret_key
;
478 flags
= GNUTLS_PKCS11_OBJ_FLAG_LOGIN
;
485 secret_key
= load_secret_key (0, info
);
486 if (secret_key
!= NULL
)
489 gnutls_pkcs11_copy_secret_key (url
, secret_key
, label
, key_usage
,
491 GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE
);
494 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
495 gnutls_strerror (ret
));
501 flags
|= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE
;
502 else if (private == 0)
503 flags
|= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE
;
505 xcrt
= load_cert (0, info
);
509 flags
|= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED
|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO
;
511 ret
= gnutls_pkcs11_copy_x509_crt (url
, xcrt
, label
, flags
);
514 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
515 gnutls_strerror (ret
));
519 gnutls_x509_crt_get_key_usage (xcrt
, &key_usage
, NULL
);
522 xkey
= load_x509_private_key (0, info
);
526 gnutls_pkcs11_copy_x509_privkey (url
, xkey
, label
, key_usage
,
528 GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE
);
531 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
532 gnutls_strerror (ret
));
537 if (xkey
== NULL
&& xcrt
== NULL
&& secret_key
== NULL
)
540 "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
548 pkcs11_generate (FILE * outfile
, const char *url
, gnutls_pk_algorithm_t pk
,
550 const char *label
, int private, int detailed
,
551 unsigned int login
, common_info_st
* info
)
554 unsigned int flags
= 0;
555 gnutls_datum_t pubkey
;
558 flags
= GNUTLS_PKCS11_OBJ_FLAG_LOGIN
;
566 flags
|= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE
;
567 else if (private == 0)
568 flags
|= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE
;
570 ret
= gnutls_pkcs11_privkey_generate2(url
, pk
, bits
, label
, GNUTLS_X509_FMT_PEM
,
574 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
575 gnutls_strerror (ret
));
577 fprintf(stderr
, "Note that --login was not specified and it may be required for generation.\n");
578 else if (bits
!= 1024)
579 fprintf (stderr
, "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n");
583 fwrite (pubkey
.data
, 1, pubkey
.size
, outfile
);
584 gnutls_free(pubkey
.data
);
590 pkcs11_init (FILE * outfile
, const char *url
, const char *label
,
591 common_info_st
* info
)
601 fprintf (stderr
, "No token URL given to initialize!\n");
605 pin
= getpass ("Enter Security Officer's PIN: ");
609 if (strlen(pin
) >= sizeof(so_pin
))
612 strcpy (so_pin
, pin
);
614 pin
= getpass ("Enter new User's PIN: ");
618 ret
= gnutls_pkcs11_token_init (url
, so_pin
, label
);
621 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
622 gnutls_strerror (ret
));
626 ret
= gnutls_pkcs11_token_set_pin (url
, NULL
, pin
, GNUTLS_PIN_USER
);
629 fprintf (stderr
, "Error in %s:%d: %s\n", __func__
, __LINE__
,
630 gnutls_strerror (ret
));
637 const char *mech_list
[] = {
638 [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
639 [1] = "CKM_RSA_PKCS",
640 [2] = "CKM_RSA_9796",
641 [3] = "CKM_RSA_X_509",
642 [4] = "CKM_MD2_RSA_PKCS",
643 [5] = "CKM_MD5_RSA_PKCS",
644 [6] = "CKM_SHA1_RSA_PKCS",
645 [7] = "CKM_RIPEMD128_RSA_PKCS",
646 [8] = "CKM_RIPEMD160_RSA_PKCS",
647 [9] = "CKM_RSA_PKCS_OAEP",
648 [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN",
649 [0xb] = "CKM_RSA_X9_31",
650 [0xc] = "CKM_SHA1_RSA_X9_31",
651 [0xd] = "CKM_RSA_PKCS_PSS",
652 [0xe] = "CKM_SHA1_RSA_PKCS_PSS",
653 [0x10] = "CKM_DSA_KEY_PAIR_GEN",
655 [0x12] = "CKM_DSA_SHA1",
656 [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN",
657 [0x21] = "CKM_DH_PKCS_DERIVE",
658 [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN",
659 [0x31] = "CKM_X9_42_DH_DERIVE",
660 [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE",
661 [0x33] = "CKM_X9_42_MQV_DERIVE",
662 [0x40] = "CKM_SHA256_RSA_PKCS",
663 [0x41] = "CKM_SHA384_RSA_PKCS",
664 [0x42] = "CKM_SHA512_RSA_PKCS",
665 [0x43] = "CKM_SHA256_RSA_PKCS_PSS",
666 [0x44] = "CKM_SHA384_RSA_PKCS_PSS",
667 [0x45] = "CKM_SHA512_RSA_PKCS_PSS",
668 [0x100] = "CKM_RC2_KEY_GEN",
669 [0x101] = "CKM_RC2_ECB",
670 [0x102] = "CKM_RC2_CBC",
671 [0x103] = "CKM_RC2_MAC",
672 [0x104] = "CKM_RC2_MAC_GENERAL",
673 [0x105] = "CKM_RC2_CBC_PAD",
674 [0x110] = "CKM_RC4_KEY_GEN",
676 [0x120] = "CKM_DES_KEY_GEN",
677 [0x121] = "CKM_DES_ECB",
678 [0x122] = "CKM_DES_CBC",
679 [0x123] = "CKM_DES_MAC",
680 [0x124] = "CKM_DES_MAC_GENERAL",
681 [0x125] = "CKM_DES_CBC_PAD",
682 [0x130] = "CKM_DES2_KEY_GEN",
683 [0x131] = "CKM_DES3_KEY_GEN",
684 [0x132] = "CKM_DES3_ECB",
685 [0x133] = "CKM_DES3_CBC",
686 [0x134] = "CKM_DES3_MAC",
687 [0x135] = "CKM_DES3_MAC_GENERAL",
688 [0x136] = "CKM_DES3_CBC_PAD",
689 [0x140] = "CKM_CDMF_KEY_GEN",
690 [0x141] = "CKM_CDMF_ECB",
691 [0x142] = "CKM_CDMF_CBC",
692 [0x143] = "CKM_CDMF_MAC",
693 [0x144] = "CKM_CDMF_MAC_GENERAL",
694 [0x145] = "CKM_CDMF_CBC_PAD",
696 [0x201] = "CKM_MD2_HMAC",
697 [0x202] = "CKM_MD2_HMAC_GENERAL",
699 [0x211] = "CKM_MD5_HMAC",
700 [0x212] = "CKM_MD5_HMAC_GENERAL",
701 [0x220] = "CKM_SHA_1",
702 [0x221] = "CKM_SHA_1_HMAC",
703 [0x222] = "CKM_SHA_1_HMAC_GENERAL",
704 [0x230] = "CKM_RIPEMD128",
705 [0x231] = "CKM_RIPEMD128_HMAC",
706 [0x232] = "CKM_RIPEMD128_HMAC_GENERAL",
707 [0x240] = "CKM_RIPEMD160",
708 [0x241] = "CKM_RIPEMD160_HMAC",
709 [0x242] = "CKM_RIPEMD160_HMAC_GENERAL",
710 [0x250] = "CKM_SHA256",
711 [0x251] = "CKM_SHA256_HMAC",
712 [0x252] = "CKM_SHA256_HMAC_GENERAL",
713 [0x260] = "CKM_SHA384",
714 [0x261] = "CKM_SHA384_HMAC",
715 [0x262] = "CKM_SHA384_HMAC_GENERAL",
716 [0x270] = "CKM_SHA512",
717 [0x271] = "CKM_SHA512_HMAC",
718 [0x272] = "CKM_SHA512_HMAC_GENERAL",
719 [0x300] = "CKM_CAST_KEY_GEN",
720 [0x301] = "CKM_CAST_ECB",
721 [0x302] = "CKM_CAST_CBC",
722 [0x303] = "CKM_CAST_MAC",
723 [0x304] = "CKM_CAST_MAC_GENERAL",
724 [0x305] = "CKM_CAST_CBC_PAD",
725 [0x310] = "CKM_CAST3_KEY_GEN",
726 [0x311] = "CKM_CAST3_ECB",
727 [0x312] = "CKM_CAST3_CBC",
728 [0x313] = "CKM_CAST3_MAC",
729 [0x314] = "CKM_CAST3_MAC_GENERAL",
730 [0x315] = "CKM_CAST3_CBC_PAD",
731 [0x320] = "CKM_CAST128_KEY_GEN",
732 [0x321] = "CKM_CAST128_ECB",
733 [0x322] = "CKM_CAST128_CBC",
734 [0x323] = "CKM_CAST128_MAC",
735 [0x324] = "CKM_CAST128_MAC_GENERAL",
736 [0x325] = "CKM_CAST128_CBC_PAD",
737 [0x330] = "CKM_RC5_KEY_GEN",
738 [0x331] = "CKM_RC5_ECB",
739 [0x332] = "CKM_RC5_CBC",
740 [0x333] = "CKM_RC5_MAC",
741 [0x334] = "CKM_RC5_MAC_GENERAL",
742 [0x335] = "CKM_RC5_CBC_PAD",
743 [0x340] = "CKM_IDEA_KEY_GEN",
744 [0x341] = "CKM_IDEA_ECB",
745 [0x342] = "CKM_IDEA_CBC",
746 [0x343] = "CKM_IDEA_MAC",
747 [0x344] = "CKM_IDEA_MAC_GENERAL",
748 [0x345] = "CKM_IDEA_CBC_PAD",
749 [0x350] = "CKM_GENERIC_SECRET_KEY_GEN",
750 [0x360] = "CKM_CONCATENATE_BASE_AND_KEY",
751 [0x362] = "CKM_CONCATENATE_BASE_AND_DATA",
752 [0x363] = "CKM_CONCATENATE_DATA_AND_BASE",
753 [0x364] = "CKM_XOR_BASE_AND_DATA",
754 [0x365] = "CKM_EXTRACT_KEY_FROM_KEY",
755 [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN",
756 [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE",
757 [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE",
758 [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH",
759 [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN",
760 [0x375] = "CKM_TLS_MASTER_KEY_DERIVE",
761 [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE",
762 [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH",
763 [0x380] = "CKM_SSL3_MD5_MAC",
764 [0x381] = "CKM_SSL3_SHA1_MAC",
765 [0x390] = "CKM_MD5_KEY_DERIVATION",
766 [0x391] = "CKM_MD2_KEY_DERIVATION",
767 [0x392] = "CKM_SHA1_KEY_DERIVATION",
768 [0x3a0] = "CKM_PBE_MD2_DES_CBC",
769 [0x3a1] = "CKM_PBE_MD5_DES_CBC",
770 [0x3a2] = "CKM_PBE_MD5_CAST_CBC",
771 [0x3a3] = "CKM_PBE_MD5_CAST3_CBC",
772 [0x3a4] = "CKM_PBE_MD5_CAST128_CBC",
773 [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC",
774 [0x3a6] = "CKM_PBE_SHA1_RC4_128",
775 [0x3a7] = "CKM_PBE_SHA1_RC4_40",
776 [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC",
777 [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC",
778 [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC",
779 [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC",
780 [0x3b0] = "CKM_PKCS5_PBKD2",
781 [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC",
782 [0x400] = "CKM_KEY_WRAP_LYNKS",
783 [0x401] = "CKM_KEY_WRAP_SET_OAEP",
784 [0x1000] = "CKM_SKIPJACK_KEY_GEN",
785 [0x1001] = "CKM_SKIPJACK_ECB64",
786 [0x1002] = "CKM_SKIPJACK_CBC64",
787 [0x1003] = "CKM_SKIPJACK_OFB64",
788 [0x1004] = "CKM_SKIPJACK_CFB64",
789 [0x1005] = "CKM_SKIPJACK_CFB32",
790 [0x1006] = "CKM_SKIPJACK_CFB16",
791 [0x1007] = "CKM_SKIPJACK_CFB8",
792 [0x1008] = "CKM_SKIPJACK_WRAP",
793 [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP",
794 [0x100a] = "CKM_SKIPJACK_RELAYX",
795 [0x1010] = "CKM_KEA_KEY_PAIR_GEN",
796 [0x1011] = "CKM_KEA_KEY_DERIVE",
797 [0x1020] = "CKM_FORTEZZA_TIMESTAMP",
798 [0x1030] = "CKM_BATON_KEY_GEN",
799 [0x1031] = "CKM_BATON_ECB128",
800 [0x1032] = "CKM_BATON_ECB96",
801 [0x1033] = "CKM_BATON_CBC128",
802 [0x1034] = "CKM_BATON_COUNTER",
803 [0x1035] = "CKM_BATON_SHUFFLE",
804 [0x1036] = "CKM_BATON_WRAP",
805 [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN",
806 [0x1041] = "CKM_ECDSA",
807 [0x1042] = "CKM_ECDSA_SHA1",
808 [0x1050] = "CKM_ECDH1_DERIVE",
809 [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE",
810 [0x1052] = "CKM_ECMQV_DERIVE",
811 [0x1060] = "CKM_JUNIPER_KEY_GEN",
812 [0x1061] = "CKM_JUNIPER_ECB128",
813 [0x1062] = "CKM_JUNIPER_CBC128",
814 [0x1063] = "CKM_JUNIPER_COUNTER",
815 [0x1064] = "CKM_JUNIPER_SHUFFLE",
816 [0x1065] = "CKM_JUNIPER_WRAP",
817 [0x1070] = "CKM_FASTHASH",
818 [0x1080] = "CKM_AES_KEY_GEN",
819 [0x1081] = "CKM_AES_ECB",
820 [0x1082] = "CKM_AES_CBC",
821 [0x1083] = "CKM_AES_MAC",
822 [0x1084] = "CKM_AES_MAC_GENERAL",
823 [0x1085] = "CKM_AES_CBC_PAD",
824 [0x2000] = "CKM_DSA_PARAMETER_GEN",
825 [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN",
826 [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN",
827 [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN",
828 [0x1201] = "CKM_GOSTR3410",
829 [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411",
830 [0x1203] = "CKM_GOSTR3410_KEY_WRAP",
831 [0x1204] = "CKM_GOSTR3410_DERIVE",
832 [0x1210] = "CKM_GOSTR3411",
833 [0x1211] = "CKM_GOSTR3411_HMAC",
834 [0x255] = "CKM_SHA224",
835 [0x256] = "CKM_SHA224_HMAC",
836 [0x257] = "CKM_SHA224_HMAC_GENERAL",
837 [0x46] = "CKM_SHA224_RSA_PKCS",
838 [0x47] = "CKM_SHA224_RSA_PKCS_PSS",
839 [0x396] = "CKM_SHA224_KEY_DERIVATION",
840 [0x550] = "CKM_CAMELLIA_KEY_GEN",
841 [0x551] = "CKM_CAMELLIA_ECB",
842 [0x552] = "CKM_CAMELLIA_CBC",
843 [0x553] = "CKM_CAMELLIA_MAC",
844 [0x554] = "CKM_CAMELLIA_MAC_GENERAL",
845 [0x555] = "CKM_CAMELLIA_CBC_PAD",
846 [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA",
847 [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA"
851 pkcs11_mechanism_list (FILE * outfile
, const char *url
, unsigned int login
,
852 common_info_st
* info
)
856 unsigned long mechanism
;
867 ret
= gnutls_pkcs11_token_get_mechanism (url
, idx
++, &mechanism
);
871 if (mechanism
<= sizeof (mech_list
) / sizeof (mech_list
[0]))
872 str
= mech_list
[mechanism
];
876 fprintf (outfile
, "[0x%.4lx] %s\n", mechanism
, str
);