diff options
-rw-r--r-- | GNUmakefile | 53 | ||||
-rw-r--r-- | attributes.yaml | 50 | ||||
-rw-r--r-- | p11util.c | 106 | ||||
-rw-r--r-- | pkcs11.c | 72 | ||||
-rw-r--r-- | schema.sql | 46 | ||||
-rwxr-xr-x | scripts/build-attributes | 46 | ||||
-rw-r--r-- | scripts/convert-schema.sed | 46 | ||||
-rwxr-xr-x | scripts/format-attribute-comments | 46 | ||||
-rwxr-xr-x | scripts/test-hsmcheck | 50 | ||||
-rw-r--r-- | sql_common.h | 50 |
10 files changed, 299 insertions, 266 deletions
diff --git a/GNUmakefile b/GNUmakefile index 872930e..9f34377 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -2,30 +2,30 @@ # # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Whether to enable threading. Main reason for being able to turn it @@ -92,18 +92,13 @@ HSMBULLY_OPTIONS := \ --pin fnord --so-pin fnord --pkcs11lib $(abspath libpkcs11.so) \ --verbose=9 --fast-and-frivolous --skip-fragmentation --skip-keysizing -FNORD := x'98034e94dd4fc527fb8a9296eab55677cd4ce40e025d42acae3cfcc7813f3b9d' -SALT := x'000102030405060708090a0b0c0d0e0f' -PIN_SQL := UPDATE global SET user_pin = ${FNORD}, user_pin_salt = ${SALT}, so_pin = ${FNORD}, so_pin_salt = ${SALT} - export PKCS11_DATABASE=$(abspath .pkcs11.db) SQLITE3_CMD := $(abspath ../sqlite3/build/sqlite3) bully: all rm -f ${PKCS11_DATABASE} ${PKCS11_DATABASE}-journal - ${SQLITE3_CMD} ${PKCS11_DATABASE} <schema.sql - ${SQLITE3_CMD} -echo ${PKCS11_DATABASE} "${PIN_SQL}" + (echo fnord; echo fnord) | sudo -E ./p11util --set-so-pin --set-user-pin --pin-from-stdin sudo -E ${HSMBULLY} ${HSMBULLY_OPTIONS} endif diff --git a/attributes.yaml b/attributes.yaml index ad7a9b6..3d05a35 100644 --- a/attributes.yaml +++ b/attributes.yaml @@ -68,7 +68,7 @@ # known object fields should result in an error during parsing. # ######################################################################## -# +# # Currently-defined attribute fields: # # - "type": a PKCS #11 type name (CK_*) or one of a few other types @@ -124,30 +124,30 @@ # # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # ######################################################################## @@ -562,7 +562,7 @@ footnotes: [1] type: biginteger value: 0x10001 # We only allow F4 as public exponent - + ### # RSA private key objects ### @@ -1,6 +1,37 @@ /* + * p11util.c + * --------- + * * Command line tool for setting up PKCS #11. Mostly this means * things like setting PINs. + * + * Author: Rob Austein + * Copyright (c) 2015, SUNET + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define _POSIX_SOURCE @@ -27,8 +58,8 @@ */ static int getpin_tty(const char *prompt, - char *pinbuf, - const size_t pinbuf_len) + char *pinbuf, + const size_t pinbuf_len) { struct termios oflags, nflags; int c = '\0', ok = 0, fixtty = 0; @@ -77,11 +108,12 @@ static int getpin_tty(const char *prompt, -#define OPTIONS \ - OPT_FLG('s', "set-so-pin", "set Security Officer PIN") \ - OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \ - OPT_ARG('i', "set-iterations", "set PBKDF2 iteration count") \ - OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \ +#define OPTIONS \ + OPT_FLG('h', "help", "show help") \ + OPT_FLG('s', "set-so-pin", "set Security Officer PIN") \ + OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \ + OPT_ARG('i', "set-iterations", "set PBKDF2 iteration count") \ + OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \ OPT_END #define OPT_END @@ -103,11 +135,11 @@ static void usage(const int code, const char *jane) } static void parse_args(int argc, char *argv[], - int *do_set_so_pin, - int *do_set_user_pin, - int *do_set_iterations, - int *read_from_stdin, - unsigned long *iterations) + int *do_set_so_pin, + int *do_set_user_pin, + int *do_set_iterations, + int *read_from_stdin, + unsigned long *iterations) { char *endptr; int c; @@ -125,8 +157,8 @@ static void parse_args(int argc, char *argv[], #undef OPT_FLG assert(argv != 0 && - do_set_so_pin != 0 && do_set_user_pin != 0 && do_set_iterations != NULL && - read_from_stdin != NULL && iterations != NULL); + do_set_so_pin != 0 && do_set_user_pin != 0 && do_set_iterations != NULL && + read_from_stdin != NULL && iterations != NULL); opterr = 0; if (argc == 1) @@ -142,7 +174,7 @@ static void parse_args(int argc, char *argv[], *do_set_iterations = 1; *iterations = strtoul(optarg, &endptr, 0); if (*optarg == '\0' || *endptr != '\0') - usage(1, argv[0]); + usage(1, argv[0]); continue; case 'p': @@ -168,10 +200,10 @@ static void parse_args(int argc, char *argv[], -#define lose(_msg_) \ - do { \ - fprintf(stderr, "%s\n", _msg_); \ - goto fail; \ +#define lose(_msg_) \ + do { \ + fprintf(stderr, "%s\n", _msg_); \ + goto fail; \ } while (0) static int set_iterations(unsigned long iterations) @@ -181,9 +213,9 @@ static int set_iterations(unsigned long iterations) sqlite3_stmt *q = NULL; int ok = 0; - - if (!sql_check_ok(sql_prepare(&q, update_query)) || - !sql_check_ok(sqlite3_bind_int64(q, 1, iterations)) || + + if (!sql_check_ok(sql_prepare(&q, update_query)) || + !sql_check_ok(sqlite3_bind_int64(q, 1, iterations)) || !sql_check_done(sqlite3_step(q))) lose("Couldn't update database"); @@ -196,7 +228,7 @@ static int set_iterations(unsigned long iterations) static int set_pin(const char * const pin_type, const int read_from_stdin) { - static const char iterations_query[] = + static const char iterations_query[] = " SELECT pbkdf2_iterations FROM global"; static const char update_format[] = @@ -230,34 +262,34 @@ static int set_pin(const char * const pin_type, const int read_from_stdin) if (len < P11_MIN_PIN_LENGTH || len > P11_MAX_PIN_LENGTH) { fprintf(stderr, "Unacceptable length %lu for %s PIN, allowd range [%lu, %lu]\n", - (unsigned long) len, pin_type, - (unsigned long) P11_MIN_PIN_LENGTH, (unsigned long) P11_MAX_PIN_LENGTH); + (unsigned long) len, pin_type, + (unsigned long) P11_MIN_PIN_LENGTH, (unsigned long) P11_MAX_PIN_LENGTH); return 0; } - if (!sql_check_ok(sql_prepare(&q, iterations_query)) || - !sql_check_row(sqlite3_step(q)) || + if (!sql_check_ok(sql_prepare(&q, iterations_query)) || + !sql_check_row(sqlite3_step(q)) || sqlite3_column_type(q, 0) == SQLITE_NULL) lose("Couldn't retrieve PBKDF2 iteration count from SQL"); - + if ((err = hal_get_random(salt, sizeof(salt))) != HAL_OK) { fprintf(stderr, "Couldn't generate salt: %s\n", hal_error_string(err)); goto fail; } if ((err = hal_pbkdf2(hal_hash_sha256, (uint8_t *) pin, len, salt, sizeof(salt), - pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) { + pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) { fprintf(stderr, "Couldn't process new PIN: %s\n", hal_error_string(err)); goto fail; } - if (!sql_check_ok(sql_finalize_and_clear(&q)) || - !sql_check_ok(sql_prepare(&q, update_format, pin_type, pin_type)) || - !sql_check_ok(sqlite3_bind_blob(q, 1, pinbuf, sizeof(pinbuf), NULL)) || - !sql_check_ok(sqlite3_bind_blob(q, 2, salt, sizeof(salt), NULL)) || + if (!sql_check_ok(sql_finalize_and_clear(&q)) || + !sql_check_ok(sql_prepare(&q, update_format, pin_type, pin_type)) || + !sql_check_ok(sqlite3_bind_blob(q, 1, pinbuf, sizeof(pinbuf), NULL)) || + !sql_check_ok(sqlite3_bind_blob(q, 2, salt, sizeof(salt), NULL)) || !sql_check_done(sqlite3_step(q))) lose("Couldn't update database"); - + ok = 1; fail: @@ -297,3 +329,9 @@ int main(int argc, char *argv[]) sql_fini(); return !ok; } + +/* + * Local variables: + * indent-tabs-mode: nil + * End: + */ @@ -1,4 +1,4 @@ -/* +/* * pkcs11.c * -------- * @@ -7,37 +7,37 @@ * * Author: Rob Austein * Copyright (c) 2015, SUNET - * - * Redistribution and use in source and binary forms, with or - * without modification, are permitted provided that the following - * conditions are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include <stdio.h> #include <string.h> #include <stdlib.h> -#include <stdarg.h> +#include <stdarg.h> #include <assert.h> #include <hal.h> @@ -386,7 +386,7 @@ static CK_RV posix_mutex_create(CK_VOID_PTR_PTR ppMutex) default: lose(CKR_GENERAL_ERROR); - } + } fail: if (m != NULL) @@ -683,7 +683,7 @@ static int p11_attribute_get(const CK_OBJECT_HANDLE object_handle, if (value != NULL && maxlength < len) goto fail; - + if (value != NULL) memcpy(value, sqlite3_column_blob(q, 0), len); @@ -1108,7 +1108,7 @@ static CK_OBJECT_HANDLE p11_object_create(const p11_session_t *session, /* * Finally, add generation mechanism attributes as needed. */ - + if (mechanism != NULL && (!sql_check_ok(sqlite3_reset(q)) || !sql_check_ok(sqlite3_bind_int64(q, 2, CKA_LOCAL)) || @@ -1612,7 +1612,7 @@ static CK_RV p11_check_keypair_attributes_check_template_2(const p11_session_t * * public and private keys in a keypair), so we need to do a fair * amount of checking. We automate as much of the dumb stuff as * possible through the object descriptor. - * + * * Key usage handling here is based on RFC 5280 4.2.1.3. * * PKCS #11 suggests but does not require CKA_ID values for public and @@ -1689,7 +1689,7 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session, ulPublicKeyAttributeCount)) != CKR_OK || (rv = p11_check_keypair_attributes_check_template_2(session, private_descriptor, - pPrivateKeyTemplate, + pPrivateKeyTemplate, ulPrivateKeyAttributeCount)) != CKR_OK) goto fail; @@ -1746,7 +1746,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session, return rv; assert(session != NULL && pMechanism != NULL && - pPublicKeyTemplate != NULL && phPublicKey != NULL && + pPublicKeyTemplate != NULL && phPublicKey != NULL && pPrivateKeyTemplate != NULL && phPrivateKey != NULL); /* @@ -2369,7 +2369,7 @@ CK_RV C_OpenSession(CK_SLOT_ID slotID, lose(CKR_SESSION_READ_WRITE_SO_EXISTS); session->state = CKS_RW_SO_FUNCTIONS; break; - } + } session->notify = Notify; session->application = pApplication; @@ -2453,7 +2453,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, */ if (logged_in_as != not_logged_in) - lose(CKR_USER_ALREADY_LOGGED_IN); + lose(CKR_USER_ALREADY_LOGGED_IN); /* * Figure out which PIN we're checking. @@ -2884,7 +2884,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession, */ if (!sql_check_ok(sql_prepare(&session->find_query, select_format, hSession))) - lose(CKR_FUNCTION_FAILED); + lose(CKR_FUNCTION_FAILED); session->find_query_done = 0; fail: @@ -2958,7 +2958,7 @@ CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession) p11_session_t *session; sqlite3_stmt *q = NULL; CK_RV rv = CKR_OK; - + mutex_lock_or_return_failure(p11_global_mutex); if ((session = p11_session_find(hSession)) == NULL) @@ -3422,7 +3422,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, return CKR_SLOT_ID_INVALID; switch (type) { - + case CKM_RSA_PKCS_KEY_PAIR_GEN: pInfo->ulMinKeySize = 1024; pInfo->ulMaxKeySize = 8192; @@ -2,30 +2,30 @@ -- -- Author: Rob Austein -- Copyright (c) 2015, SUNET --- --- Redistribution and use in source and binary forms, with or --- without modification, are permitted provided that the following --- conditions are met: --- --- 1. Redistributions of source code must retain the above copyright --- notice, this list of conditions and the following disclaimer. --- --- 2. Redistributions in binary form must reproduce the above copyright --- notice, this list of conditions and the following disclaimer in --- the documentation and/or other materials provided with the --- distribution. --- --- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS --- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT --- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS --- FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE --- COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, --- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +-- +-- Redistribution and use in source and binary forms, with or +-- without modification, are permitted provided that the following +-- conditions are met: +-- +-- 1. Redistributions of source code must retain the above copyright +-- notice, this list of conditions and the following disclaimer. +-- +-- 2. Redistributions in binary form must reproduce the above copyright +-- notice, this list of conditions and the following disclaimer in +-- the documentation and/or other materials provided with the +-- distribution. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +-- FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +-- COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +-- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -- BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; --- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER --- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, --- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) --- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +-- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +-- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +-- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -- ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- Notes: diff --git a/scripts/build-attributes b/scripts/build-attributes index 891bdb6..1625f85 100755 --- a/scripts/build-attributes +++ b/scripts/build-attributes @@ -7,30 +7,30 @@ attributes. See comments in attributes.yaml for details. # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # This requires a third-party YAML parser. On Debian-family Linux, diff --git a/scripts/convert-schema.sed b/scripts/convert-schema.sed index f8874b3..a4b4069 100644 --- a/scripts/convert-schema.sed +++ b/scripts/convert-schema.sed @@ -5,30 +5,30 @@ # # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/scripts/format-attribute-comments b/scripts/format-attribute-comments index 3c13bba..5911f0e 100755 --- a/scripts/format-attribute-comments +++ b/scripts/format-attribute-comments @@ -8,30 +8,30 @@ # # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. url=http://www.cryptsoft.com/pkcs11doc/download/pkcs11doc-v230.tgz diff --git a/scripts/test-hsmcheck b/scripts/test-hsmcheck index b7a5643..4e8fa0f 100755 --- a/scripts/test-hsmcheck +++ b/scripts/test-hsmcheck @@ -11,30 +11,30 @@ input by screen scraping the output of another ad hoc test tool? # Author: Rob Austein # Copyright (c) 2015, SUNET -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. import os @@ -58,7 +58,7 @@ def write_config(): SubElement(r, "TokenLabel").text = args.token_label SubElement(r, "PIN").text = args.pin ElementTree(e).write(args.write_config) - args.write_config.flush() + args.write_config.flush() def hsmcheck(flag): @@ -86,7 +86,7 @@ def check_dnssec(text): This requires the DNSPython toolkit, which in turn requires PyCrypto; ECDSA support (not yet tested) requires a third package. On Debian-family Linux, you can install these with: - + sudo apt-get install python-dnspython python-crypto python-ecdsa Equivalent packages exist for other platforms. diff --git a/sql_common.h b/sql_common.h index 1e55322..dfd41f6 100644 --- a/sql_common.h +++ b/sql_common.h @@ -1,4 +1,4 @@ -/* +/* * sql_common.h * ------------ * @@ -10,30 +10,30 @@ * * Author: Rob Austein * Copyright (c) 2015, SUNET - * - * Redistribution and use in source and binary forms, with or - * without modification, are permitted provided that the following - * conditions are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ @@ -43,7 +43,7 @@ #include <stdio.h> #include <string.h> #include <stdlib.h> -#include <stdarg.h> +#include <stdarg.h> #include <assert.h> #include <sqlite3.h> |