danetool is being built even without libgnutls-dane.
[gnutls.git] / src / pkcs11.c
bloba8fc41f652430a5465225bb440efc79fc8774549
1 /*
2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 * Author: Nikos Mavrogiannopoulos
5 * This file is part of GnuTLS.
7 * GnuTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include <config.h>
22 #include <getpass.h>
24 #include <gnutls/gnutls.h>
25 #include <gnutls/pkcs11.h>
26 #include <gnutls/abstract.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include "p11tool.h"
30 #include "certtool-cfg.h"
31 #include "certtool-common.h"
32 #include <unistd.h>
33 #include <string.h>
34 #include <common.h>
36 void
37 pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login,
38 common_info_st * info)
40 int ret;
41 unsigned int obj_flags = 0;
43 if (login)
44 obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
46 if (!batch)
48 pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login,
49 GNUTLS_PKCS11_URL_LIB, info);
50 ret =
51 read_yesno ("Are you sure you want to delete those objects? (y/N): ");
52 if (ret == 0)
54 exit (1);
58 ret = gnutls_pkcs11_delete_url (url, obj_flags);
59 if (ret < 0)
61 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
62 gnutls_strerror (ret));
63 exit (1);
66 fprintf (outfile, "\n%d objects deleted\n", ret);
68 return;
71 /* lists certificates from a token
73 void
74 pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
75 unsigned int detailed, common_info_st * info)
77 gnutls_pkcs11_obj_t *crt_list;
78 gnutls_x509_crt_t xcrt;
79 unsigned int crt_list_size = 0, i;
80 int ret;
81 char *output;
82 int attrs;
83 unsigned int obj_flags = 0;
85 if (login)
86 obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
88 pkcs11_common ();
90 if (url == NULL)
91 url = "pkcs11:";
93 if (type == PKCS11_TYPE_TRUSTED)
95 attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED;
97 else if (type == PKCS11_TYPE_PK)
99 attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY;
101 else if (type == PKCS11_TYPE_CRT_ALL)
103 attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL;
105 else if (type == PKCS11_TYPE_PRIVKEY)
107 attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
109 else
111 attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
114 /* give some initial value to avoid asking for the pkcs11 pin twice.
116 ret = gnutls_pkcs11_obj_list_import_url2 (&crt_list, &crt_list_size, url,
117 attrs, obj_flags);
118 if (ret < 0)
120 fprintf (stderr, "Error in crt_list_import (1): %s\n",
121 gnutls_strerror (ret));
122 exit (1);
125 if (crt_list_size == 0)
127 fprintf (stderr, "No matching objects found\n");
128 exit (0);
131 for (i = 0; i < crt_list_size; i++)
133 char buf[128];
134 size_t size;
136 ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output);
137 if (ret < 0)
139 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
140 gnutls_strerror (ret));
141 exit (1);
144 fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output);
146 fprintf (outfile, "\tType: %s\n",
147 gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type
148 (crt_list[i])));
150 size = sizeof (buf);
151 ret =
152 gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf,
153 &size);
154 if (ret < 0)
156 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
157 gnutls_strerror (ret));
158 exit (1);
160 fprintf (outfile, "\tLabel: %s\n", buf);
162 size = sizeof (buf);
163 ret =
164 gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX,
165 buf, &size);
166 if (ret < 0)
168 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
169 gnutls_strerror (ret));
170 exit (1);
172 fprintf (outfile, "\tID: %s\n\n", buf);
176 if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL
177 || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
178 continue;
180 ret = gnutls_x509_crt_init (&xcrt);
181 if (ret < 0)
183 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
184 gnutls_strerror (ret));
185 exit (1);
188 ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt_list[i]);
189 if (ret < 0)
191 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
192 gnutls_strerror (ret));
193 exit (1);
196 #if 0
197 size = buffer_size;
198 ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size);
199 if (ret < 0)
201 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
202 gnutls_strerror (ret));
203 exit (1);
206 fwrite (buffer, 1, size, outfile);
207 fputs ("\n\n", outfile);
208 #endif
210 gnutls_x509_crt_deinit (xcrt);
215 return;
218 void
219 pkcs11_export (FILE * outfile, const char *url, unsigned int login,
220 common_info_st * info)
222 gnutls_pkcs11_obj_t crt;
223 gnutls_x509_crt_t xcrt;
224 gnutls_pubkey_t pubkey;
225 int ret;
226 size_t size;
227 unsigned int obj_flags = 0;
229 if (login)
230 obj_flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
232 pkcs11_common ();
234 if (url == NULL)
235 url = "pkcs11:";
237 ret = gnutls_pkcs11_obj_init (&crt);
238 if (ret < 0)
240 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
241 gnutls_strerror (ret));
242 exit (1);
245 ret = gnutls_pkcs11_obj_import_url (crt, url, obj_flags);
246 if (ret < 0)
248 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
249 gnutls_strerror (ret));
250 exit (1);
253 switch (gnutls_pkcs11_obj_get_type (crt))
255 case GNUTLS_PKCS11_OBJ_X509_CRT:
256 ret = gnutls_x509_crt_init (&xcrt);
257 if (ret < 0)
259 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
260 gnutls_strerror (ret));
261 exit (1);
264 ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt);
265 if (ret < 0)
267 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
268 gnutls_strerror (ret));
269 exit (1);
272 size = buffer_size;
273 ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size);
274 if (ret < 0)
276 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
277 gnutls_strerror (ret));
278 exit (1);
280 fwrite (buffer, 1, size, outfile);
282 gnutls_x509_crt_deinit (xcrt);
283 break;
284 case GNUTLS_PKCS11_OBJ_PUBKEY:
285 ret = gnutls_pubkey_init (&pubkey);
286 if (ret < 0)
288 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
289 gnutls_strerror (ret));
290 exit (1);
293 ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0);
294 if (ret < 0)
296 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
297 gnutls_strerror (ret));
298 exit (1);
301 size = buffer_size;
302 ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
303 if (ret < 0)
305 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
306 gnutls_strerror (ret));
307 exit (1);
309 fwrite (buffer, 1, size, outfile);
311 gnutls_pubkey_deinit (pubkey);
312 break;
313 default:
315 gnutls_datum_t data, enc;
317 size = buffer_size;
318 ret = gnutls_pkcs11_obj_export (crt, buffer, &size);
319 if (ret < 0)
321 break;
324 data.data = buffer;
325 data.size = size;
327 ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc);
328 if (ret < 0)
330 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
331 gnutls_strerror (ret));
332 exit (1);
335 fwrite (enc.data, 1, enc.size, outfile);
337 gnutls_free (enc.data);
338 break;
341 fputs ("\n\n", outfile);
344 gnutls_pkcs11_obj_deinit (crt);
346 return;
350 void
351 pkcs11_token_list (FILE * outfile, unsigned int detailed,
352 common_info_st * info)
354 int ret;
355 int i;
356 char *url;
357 char buf[128];
358 size_t size;
360 pkcs11_common ();
362 for (i = 0;; i++)
364 ret = gnutls_pkcs11_token_get_url (i, detailed, &url);
365 if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
366 break;
368 if (ret < 0)
370 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
371 gnutls_strerror (ret));
372 exit (1);
375 fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url);
377 size = sizeof (buf);
378 ret =
379 gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf,
380 &size);
381 if (ret < 0)
383 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
384 gnutls_strerror (ret));
385 exit (1);
388 fprintf (outfile, "\tLabel: %s\n", buf);
390 size = sizeof (buf);
391 ret =
392 gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER,
393 buf, &size);
394 if (ret < 0)
396 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
397 gnutls_strerror (ret));
398 exit (1);
401 fprintf (outfile, "\tManufacturer: %s\n", buf);
403 size = sizeof (buf);
404 ret =
405 gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf,
406 &size);
407 if (ret < 0)
409 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
410 gnutls_strerror (ret));
411 exit (1);
414 fprintf (outfile, "\tModel: %s\n", buf);
416 size = sizeof (buf);
417 ret =
418 gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf,
419 &size);
420 if (ret < 0)
422 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
423 gnutls_strerror (ret));
424 exit (1);
427 fprintf (outfile, "\tSerial: %s\n", buf);
428 fprintf (outfile, "\n\n");
430 gnutls_free (url);
434 return;
437 void
438 pkcs11_write (FILE * outfile, const char *url, const char *label,
439 int trusted, int private,
440 unsigned int login, common_info_st * info)
442 gnutls_x509_crt_t xcrt;
443 gnutls_x509_privkey_t xkey;
444 int ret;
445 unsigned int flags = 0;
446 unsigned int key_usage = 0;
447 gnutls_datum_t *secret_key;
449 if (login)
450 flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
452 pkcs11_common ();
454 if (url == NULL)
455 url = "pkcs11:";
457 secret_key = load_secret_key (0, info);
458 if (secret_key != NULL)
460 ret =
461 gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage,
462 flags |
463 GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
464 if (ret < 0)
466 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
467 gnutls_strerror (ret));
468 exit (1);
472 if (private == 1)
473 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
474 else if (private == 0)
475 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
477 xcrt = load_cert (0, info);
478 if (xcrt != NULL)
480 if (trusted)
481 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO;
483 ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags);
484 if (ret < 0)
486 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
487 gnutls_strerror (ret));
488 exit (1);
491 gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL);
494 xkey = load_x509_private_key (0, info);
495 if (xkey != NULL)
497 ret =
498 gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage,
499 flags |
500 GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
501 if (ret < 0)
503 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
504 gnutls_strerror (ret));
505 exit (1);
509 if (xkey == NULL && xcrt == NULL && secret_key == NULL)
511 fprintf (stderr,
512 "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n");
513 exit (1);
516 return;
519 void
520 pkcs11_generate (FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
521 unsigned int bits,
522 const char *label, int private, int detailed,
523 unsigned int login, common_info_st * info)
525 int ret;
526 unsigned int flags = 0;
527 gnutls_datum_t pubkey;
529 if (login)
530 flags = GNUTLS_PKCS11_OBJ_FLAG_LOGIN;
532 pkcs11_common ();
534 if (url == NULL)
535 url = "pkcs11:";
537 if (private == 1)
538 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
539 else if (private == 0)
540 flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
542 ret = gnutls_pkcs11_privkey_generate2(url, pk, bits, label, GNUTLS_X509_FMT_PEM,
543 &pubkey, flags);
544 if (ret < 0)
546 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
547 gnutls_strerror (ret));
548 if (login == 0)
549 fprintf(stderr, "Note that --login was not specified and it may be required for generation.\n");
550 else if (bits != 1024)
551 fprintf (stderr, "Note that several smart cards do not support arbitrary size keys.\nTry --bits 1024 or 2048.\n");
552 exit(1);
555 fwrite (pubkey.data, 1, pubkey.size, outfile);
556 gnutls_free(pubkey.data);
558 return;
561 void
562 pkcs11_init (FILE * outfile, const char *url, const char *label,
563 common_info_st * info)
565 int ret;
566 char *pin;
567 char so_pin[32];
569 pkcs11_common ();
571 if (url == NULL)
573 fprintf (stderr, "No token URL given to initialize!\n");
574 exit (1);
577 pin = getpass ("Enter Security Officer's PIN: ");
578 if (pin == NULL)
579 exit (1);
581 if (strlen(pin) >= sizeof(so_pin))
582 exit (1);
584 strcpy (so_pin, pin);
586 pin = getpass ("Enter new User's PIN: ");
587 if (pin == NULL)
588 exit (1);
590 ret = gnutls_pkcs11_token_init (url, so_pin, label);
591 if (ret < 0)
593 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
594 gnutls_strerror (ret));
595 exit (1);
598 ret = gnutls_pkcs11_token_set_pin (url, NULL, pin, GNUTLS_PIN_USER);
599 if (ret < 0)
601 fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
602 gnutls_strerror (ret));
603 exit (1);
606 return;
609 const char *mech_list[] = {
610 [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
611 [1] = "CKM_RSA_PKCS",
612 [2] = "CKM_RSA_9796",
613 [3] = "CKM_RSA_X_509",
614 [4] = "CKM_MD2_RSA_PKCS",
615 [5] = "CKM_MD5_RSA_PKCS",
616 [6] = "CKM_SHA1_RSA_PKCS",
617 [7] = "CKM_RIPEMD128_RSA_PKCS",
618 [8] = "CKM_RIPEMD160_RSA_PKCS",
619 [9] = "CKM_RSA_PKCS_OAEP",
620 [0xa] = "CKM_RSA_X9_31_KEY_PAIR_GEN",
621 [0xb] = "CKM_RSA_X9_31",
622 [0xc] = "CKM_SHA1_RSA_X9_31",
623 [0xd] = "CKM_RSA_PKCS_PSS",
624 [0xe] = "CKM_SHA1_RSA_PKCS_PSS",
625 [0x10] = "CKM_DSA_KEY_PAIR_GEN",
626 [0x11] = "CKM_DSA",
627 [0x12] = "CKM_DSA_SHA1",
628 [0x20] = "CKM_DH_PKCS_KEY_PAIR_GEN",
629 [0x21] = "CKM_DH_PKCS_DERIVE",
630 [0x30] = "CKM_X9_42_DH_KEY_PAIR_GEN",
631 [0x31] = "CKM_X9_42_DH_DERIVE",
632 [0x32] = "CKM_X9_42_DH_HYBRID_DERIVE",
633 [0x33] = "CKM_X9_42_MQV_DERIVE",
634 [0x40] = "CKM_SHA256_RSA_PKCS",
635 [0x41] = "CKM_SHA384_RSA_PKCS",
636 [0x42] = "CKM_SHA512_RSA_PKCS",
637 [0x43] = "CKM_SHA256_RSA_PKCS_PSS",
638 [0x44] = "CKM_SHA384_RSA_PKCS_PSS",
639 [0x45] = "CKM_SHA512_RSA_PKCS_PSS",
640 [0x100] = "CKM_RC2_KEY_GEN",
641 [0x101] = "CKM_RC2_ECB",
642 [0x102] = "CKM_RC2_CBC",
643 [0x103] = "CKM_RC2_MAC",
644 [0x104] = "CKM_RC2_MAC_GENERAL",
645 [0x105] = "CKM_RC2_CBC_PAD",
646 [0x110] = "CKM_RC4_KEY_GEN",
647 [0x111] = "CKM_RC4",
648 [0x120] = "CKM_DES_KEY_GEN",
649 [0x121] = "CKM_DES_ECB",
650 [0x122] = "CKM_DES_CBC",
651 [0x123] = "CKM_DES_MAC",
652 [0x124] = "CKM_DES_MAC_GENERAL",
653 [0x125] = "CKM_DES_CBC_PAD",
654 [0x130] = "CKM_DES2_KEY_GEN",
655 [0x131] = "CKM_DES3_KEY_GEN",
656 [0x132] = "CKM_DES3_ECB",
657 [0x133] = "CKM_DES3_CBC",
658 [0x134] = "CKM_DES3_MAC",
659 [0x135] = "CKM_DES3_MAC_GENERAL",
660 [0x136] = "CKM_DES3_CBC_PAD",
661 [0x140] = "CKM_CDMF_KEY_GEN",
662 [0x141] = "CKM_CDMF_ECB",
663 [0x142] = "CKM_CDMF_CBC",
664 [0x143] = "CKM_CDMF_MAC",
665 [0x144] = "CKM_CDMF_MAC_GENERAL",
666 [0x145] = "CKM_CDMF_CBC_PAD",
667 [0x200] = "CKM_MD2",
668 [0x201] = "CKM_MD2_HMAC",
669 [0x202] = "CKM_MD2_HMAC_GENERAL",
670 [0x210] = "CKM_MD5",
671 [0x211] = "CKM_MD5_HMAC",
672 [0x212] = "CKM_MD5_HMAC_GENERAL",
673 [0x220] = "CKM_SHA_1",
674 [0x221] = "CKM_SHA_1_HMAC",
675 [0x222] = "CKM_SHA_1_HMAC_GENERAL",
676 [0x230] = "CKM_RIPEMD128",
677 [0x231] = "CKM_RIPEMD128_HMAC",
678 [0x232] = "CKM_RIPEMD128_HMAC_GENERAL",
679 [0x240] = "CKM_RIPEMD160",
680 [0x241] = "CKM_RIPEMD160_HMAC",
681 [0x242] = "CKM_RIPEMD160_HMAC_GENERAL",
682 [0x250] = "CKM_SHA256",
683 [0x251] = "CKM_SHA256_HMAC",
684 [0x252] = "CKM_SHA256_HMAC_GENERAL",
685 [0x260] = "CKM_SHA384",
686 [0x261] = "CKM_SHA384_HMAC",
687 [0x262] = "CKM_SHA384_HMAC_GENERAL",
688 [0x270] = "CKM_SHA512",
689 [0x271] = "CKM_SHA512_HMAC",
690 [0x272] = "CKM_SHA512_HMAC_GENERAL",
691 [0x300] = "CKM_CAST_KEY_GEN",
692 [0x301] = "CKM_CAST_ECB",
693 [0x302] = "CKM_CAST_CBC",
694 [0x303] = "CKM_CAST_MAC",
695 [0x304] = "CKM_CAST_MAC_GENERAL",
696 [0x305] = "CKM_CAST_CBC_PAD",
697 [0x310] = "CKM_CAST3_KEY_GEN",
698 [0x311] = "CKM_CAST3_ECB",
699 [0x312] = "CKM_CAST3_CBC",
700 [0x313] = "CKM_CAST3_MAC",
701 [0x314] = "CKM_CAST3_MAC_GENERAL",
702 [0x315] = "CKM_CAST3_CBC_PAD",
703 [0x320] = "CKM_CAST128_KEY_GEN",
704 [0x321] = "CKM_CAST128_ECB",
705 [0x322] = "CKM_CAST128_CBC",
706 [0x323] = "CKM_CAST128_MAC",
707 [0x324] = "CKM_CAST128_MAC_GENERAL",
708 [0x325] = "CKM_CAST128_CBC_PAD",
709 [0x330] = "CKM_RC5_KEY_GEN",
710 [0x331] = "CKM_RC5_ECB",
711 [0x332] = "CKM_RC5_CBC",
712 [0x333] = "CKM_RC5_MAC",
713 [0x334] = "CKM_RC5_MAC_GENERAL",
714 [0x335] = "CKM_RC5_CBC_PAD",
715 [0x340] = "CKM_IDEA_KEY_GEN",
716 [0x341] = "CKM_IDEA_ECB",
717 [0x342] = "CKM_IDEA_CBC",
718 [0x343] = "CKM_IDEA_MAC",
719 [0x344] = "CKM_IDEA_MAC_GENERAL",
720 [0x345] = "CKM_IDEA_CBC_PAD",
721 [0x350] = "CKM_GENERIC_SECRET_KEY_GEN",
722 [0x360] = "CKM_CONCATENATE_BASE_AND_KEY",
723 [0x362] = "CKM_CONCATENATE_BASE_AND_DATA",
724 [0x363] = "CKM_CONCATENATE_DATA_AND_BASE",
725 [0x364] = "CKM_XOR_BASE_AND_DATA",
726 [0x365] = "CKM_EXTRACT_KEY_FROM_KEY",
727 [0x370] = "CKM_SSL3_PRE_MASTER_KEY_GEN",
728 [0x371] = "CKM_SSL3_MASTER_KEY_DERIVE",
729 [0x372] = "CKM_SSL3_KEY_AND_MAC_DERIVE",
730 [0x373] = "CKM_SSL3_MASTER_KEY_DERIVE_DH",
731 [0x374] = "CKM_TLS_PRE_MASTER_KEY_GEN",
732 [0x375] = "CKM_TLS_MASTER_KEY_DERIVE",
733 [0x376] = "CKM_TLS_KEY_AND_MAC_DERIVE",
734 [0x377] = "CKM_TLS_MASTER_KEY_DERIVE_DH",
735 [0x380] = "CKM_SSL3_MD5_MAC",
736 [0x381] = "CKM_SSL3_SHA1_MAC",
737 [0x390] = "CKM_MD5_KEY_DERIVATION",
738 [0x391] = "CKM_MD2_KEY_DERIVATION",
739 [0x392] = "CKM_SHA1_KEY_DERIVATION",
740 [0x3a0] = "CKM_PBE_MD2_DES_CBC",
741 [0x3a1] = "CKM_PBE_MD5_DES_CBC",
742 [0x3a2] = "CKM_PBE_MD5_CAST_CBC",
743 [0x3a3] = "CKM_PBE_MD5_CAST3_CBC",
744 [0x3a4] = "CKM_PBE_MD5_CAST128_CBC",
745 [0x3a5] = "CKM_PBE_SHA1_CAST128_CBC",
746 [0x3a6] = "CKM_PBE_SHA1_RC4_128",
747 [0x3a7] = "CKM_PBE_SHA1_RC4_40",
748 [0x3a8] = "CKM_PBE_SHA1_DES3_EDE_CBC",
749 [0x3a9] = "CKM_PBE_SHA1_DES2_EDE_CBC",
750 [0x3aa] = "CKM_PBE_SHA1_RC2_128_CBC",
751 [0x3ab] = "CKM_PBE_SHA1_RC2_40_CBC",
752 [0x3b0] = "CKM_PKCS5_PBKD2",
753 [0x3c0] = "CKM_PBA_SHA1_WITH_SHA1_HMAC",
754 [0x400] = "CKM_KEY_WRAP_LYNKS",
755 [0x401] = "CKM_KEY_WRAP_SET_OAEP",
756 [0x1000] = "CKM_SKIPJACK_KEY_GEN",
757 [0x1001] = "CKM_SKIPJACK_ECB64",
758 [0x1002] = "CKM_SKIPJACK_CBC64",
759 [0x1003] = "CKM_SKIPJACK_OFB64",
760 [0x1004] = "CKM_SKIPJACK_CFB64",
761 [0x1005] = "CKM_SKIPJACK_CFB32",
762 [0x1006] = "CKM_SKIPJACK_CFB16",
763 [0x1007] = "CKM_SKIPJACK_CFB8",
764 [0x1008] = "CKM_SKIPJACK_WRAP",
765 [0x1009] = "CKM_SKIPJACK_PRIVATE_WRAP",
766 [0x100a] = "CKM_SKIPJACK_RELAYX",
767 [0x1010] = "CKM_KEA_KEY_PAIR_GEN",
768 [0x1011] = "CKM_KEA_KEY_DERIVE",
769 [0x1020] = "CKM_FORTEZZA_TIMESTAMP",
770 [0x1030] = "CKM_BATON_KEY_GEN",
771 [0x1031] = "CKM_BATON_ECB128",
772 [0x1032] = "CKM_BATON_ECB96",
773 [0x1033] = "CKM_BATON_CBC128",
774 [0x1034] = "CKM_BATON_COUNTER",
775 [0x1035] = "CKM_BATON_SHUFFLE",
776 [0x1036] = "CKM_BATON_WRAP",
777 [0x1040] = "CKM_ECDSA_KEY_PAIR_GEN",
778 [0x1041] = "CKM_ECDSA",
779 [0x1042] = "CKM_ECDSA_SHA1",
780 [0x1050] = "CKM_ECDH1_DERIVE",
781 [0x1051] = "CKM_ECDH1_COFACTOR_DERIVE",
782 [0x1052] = "CKM_ECMQV_DERIVE",
783 [0x1060] = "CKM_JUNIPER_KEY_GEN",
784 [0x1061] = "CKM_JUNIPER_ECB128",
785 [0x1062] = "CKM_JUNIPER_CBC128",
786 [0x1063] = "CKM_JUNIPER_COUNTER",
787 [0x1064] = "CKM_JUNIPER_SHUFFLE",
788 [0x1065] = "CKM_JUNIPER_WRAP",
789 [0x1070] = "CKM_FASTHASH",
790 [0x1080] = "CKM_AES_KEY_GEN",
791 [0x1081] = "CKM_AES_ECB",
792 [0x1082] = "CKM_AES_CBC",
793 [0x1083] = "CKM_AES_MAC",
794 [0x1084] = "CKM_AES_MAC_GENERAL",
795 [0x1085] = "CKM_AES_CBC_PAD",
796 [0x2000] = "CKM_DSA_PARAMETER_GEN",
797 [0x2001] = "CKM_DH_PKCS_PARAMETER_GEN",
798 [0x2002] = "CKM_X9_42_DH_PARAMETER_GEN",
799 [0x1200] = "CKM_GOSTR3410_KEY_PAIR_GEN",
800 [0x1201] = "CKM_GOSTR3410",
801 [0x1202] = "CKM_GOSTR3410_WITH_GOSTR3411",
802 [0x1203] = "CKM_GOSTR3410_KEY_WRAP",
803 [0x1204] = "CKM_GOSTR3410_DERIVE",
804 [0x1210] = "CKM_GOSTR3411",
805 [0x1211] = "CKM_GOSTR3411_HMAC",
806 [0x255] = "CKM_SHA224",
807 [0x256] = "CKM_SHA224_HMAC",
808 [0x257] = "CKM_SHA224_HMAC_GENERAL",
809 [0x46] = "CKM_SHA224_RSA_PKCS",
810 [0x47] = "CKM_SHA224_RSA_PKCS_PSS",
811 [0x396] = "CKM_SHA224_KEY_DERIVATION",
812 [0x550] = "CKM_CAMELLIA_KEY_GEN",
813 [0x551] = "CKM_CAMELLIA_ECB",
814 [0x552] = "CKM_CAMELLIA_CBC",
815 [0x553] = "CKM_CAMELLIA_MAC",
816 [0x554] = "CKM_CAMELLIA_MAC_GENERAL",
817 [0x555] = "CKM_CAMELLIA_CBC_PAD",
818 [0x556] = "CKM_CAMELLIA_ECB_ENCRYPT_DATA",
819 [0x557] = "CKM_CAMELLIA_CBC_ENCRYPT_DATA"
822 void
823 pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login,
824 common_info_st * info)
826 int ret;
827 int idx;
828 unsigned long mechanism;
829 const char *str;
831 pkcs11_common ();
833 if (url == NULL)
834 url = "pkcs11:";
836 idx = 0;
839 ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism);
840 if (ret >= 0)
842 str = NULL;
843 if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0]))
844 str = mech_list[mechanism];
845 if (str == NULL)
846 str = "UNKNOWN";
848 fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str);
851 while (ret >= 0);
854 return;