aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--GNUmakefile53
-rw-r--r--attributes.yaml50
-rw-r--r--p11util.c106
-rw-r--r--pkcs11.c72
-rw-r--r--schema.sql46
-rwxr-xr-xscripts/build-attributes46
-rw-r--r--scripts/convert-schema.sed46
-rwxr-xr-xscripts/format-attribute-comments46
-rwxr-xr-xscripts/test-hsmcheck50
-rw-r--r--sql_common.h50
10 files changed, 299 insertions, 266 deletions
diff --git a/GNUmakefile b/GNUmakefile
index 872930e..9f34377 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -2,30 +2,30 @@
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Whether to enable threading. Main reason for being able to turn it
@@ -92,18 +92,13 @@ HSMBULLY_OPTIONS := \
--pin fnord --so-pin fnord --pkcs11lib $(abspath libpkcs11.so) \
--verbose=9 --fast-and-frivolous --skip-fragmentation --skip-keysizing
-FNORD := x'98034e94dd4fc527fb8a9296eab55677cd4ce40e025d42acae3cfcc7813f3b9d'
-SALT := x'000102030405060708090a0b0c0d0e0f'
-PIN_SQL := UPDATE global SET user_pin = ${FNORD}, user_pin_salt = ${SALT}, so_pin = ${FNORD}, so_pin_salt = ${SALT}
-
export PKCS11_DATABASE=$(abspath .pkcs11.db)
SQLITE3_CMD := $(abspath ../sqlite3/build/sqlite3)
bully: all
rm -f ${PKCS11_DATABASE} ${PKCS11_DATABASE}-journal
- ${SQLITE3_CMD} ${PKCS11_DATABASE} <schema.sql
- ${SQLITE3_CMD} -echo ${PKCS11_DATABASE} "${PIN_SQL}"
+ (echo fnord; echo fnord) | sudo -E ./p11util --set-so-pin --set-user-pin --pin-from-stdin
sudo -E ${HSMBULLY} ${HSMBULLY_OPTIONS}
endif
diff --git a/attributes.yaml b/attributes.yaml
index ad7a9b6..3d05a35 100644
--- a/attributes.yaml
+++ b/attributes.yaml
@@ -68,7 +68,7 @@
# known object fields should result in an error during parsing.
#
########################################################################
-#
+#
# Currently-defined attribute fields:
#
# - "type": a PKCS #11 type name (CK_*) or one of a few other types
@@ -124,30 +124,30 @@
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
########################################################################
@@ -562,7 +562,7 @@
footnotes: [1]
type: biginteger
value: 0x10001 # We only allow F4 as public exponent
-
+
###
# RSA private key objects
###
diff --git a/p11util.c b/p11util.c
index 7b375f8..697b696 100644
--- a/p11util.c
+++ b/p11util.c
@@ -1,6 +1,37 @@
/*
+ * p11util.c
+ * ---------
+ *
* Command line tool for setting up PKCS #11. Mostly this means
* things like setting PINs.
+ *
+ * Author: Rob Austein
+ * Copyright (c) 2015, SUNET
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define _POSIX_SOURCE
@@ -27,8 +58,8 @@
*/
static int getpin_tty(const char *prompt,
- char *pinbuf,
- const size_t pinbuf_len)
+ char *pinbuf,
+ const size_t pinbuf_len)
{
struct termios oflags, nflags;
int c = '\0', ok = 0, fixtty = 0;
@@ -77,11 +108,12 @@ static int getpin_tty(const char *prompt,
-#define OPTIONS \
- OPT_FLG('s', "set-so-pin", "set Security Officer PIN") \
- OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \
- OPT_ARG('i', "set-iterations", "set PBKDF2 iteration count") \
- OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \
+#define OPTIONS \
+ OPT_FLG('h', "help", "show help") \
+ OPT_FLG('s', "set-so-pin", "set Security Officer PIN") \
+ OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \
+ OPT_ARG('i', "set-iterations", "set PBKDF2 iteration count") \
+ OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \
OPT_END
#define OPT_END
@@ -103,11 +135,11 @@ static void usage(const int code, const char *jane)
}
static void parse_args(int argc, char *argv[],
- int *do_set_so_pin,
- int *do_set_user_pin,
- int *do_set_iterations,
- int *read_from_stdin,
- unsigned long *iterations)
+ int *do_set_so_pin,
+ int *do_set_user_pin,
+ int *do_set_iterations,
+ int *read_from_stdin,
+ unsigned long *iterations)
{
char *endptr;
int c;
@@ -125,8 +157,8 @@ static void parse_args(int argc, char *argv[],
#undef OPT_FLG
assert(argv != 0 &&
- do_set_so_pin != 0 && do_set_user_pin != 0 && do_set_iterations != NULL &&
- read_from_stdin != NULL && iterations != NULL);
+ do_set_so_pin != 0 && do_set_user_pin != 0 && do_set_iterations != NULL &&
+ read_from_stdin != NULL && iterations != NULL);
opterr = 0;
if (argc == 1)
@@ -142,7 +174,7 @@ static void parse_args(int argc, char *argv[],
*do_set_iterations = 1;
*iterations = strtoul(optarg, &endptr, 0);
if (*optarg == '\0' || *endptr != '\0')
- usage(1, argv[0]);
+ usage(1, argv[0]);
continue;
case 'p':
@@ -168,10 +200,10 @@ static void parse_args(int argc, char *argv[],
-#define lose(_msg_) \
- do { \
- fprintf(stderr, "%s\n", _msg_); \
- goto fail; \
+#define lose(_msg_) \
+ do { \
+ fprintf(stderr, "%s\n", _msg_); \
+ goto fail; \
} while (0)
static int set_iterations(unsigned long iterations)
@@ -181,9 +213,9 @@ static int set_iterations(unsigned long iterations)
sqlite3_stmt *q = NULL;
int ok = 0;
-
- if (!sql_check_ok(sql_prepare(&q, update_query)) ||
- !sql_check_ok(sqlite3_bind_int64(q, 1, iterations)) ||
+
+ if (!sql_check_ok(sql_prepare(&q, update_query)) ||
+ !sql_check_ok(sqlite3_bind_int64(q, 1, iterations)) ||
!sql_check_done(sqlite3_step(q)))
lose("Couldn't update database");
@@ -196,7 +228,7 @@ static int set_iterations(unsigned long iterations)
static int set_pin(const char * const pin_type, const int read_from_stdin)
{
- static const char iterations_query[] =
+ static const char iterations_query[] =
" SELECT pbkdf2_iterations FROM global";
static const char update_format[] =
@@ -230,34 +262,34 @@ static int set_pin(const char * const pin_type, const int read_from_stdin)
if (len < P11_MIN_PIN_LENGTH || len > P11_MAX_PIN_LENGTH) {
fprintf(stderr, "Unacceptable length %lu for %s PIN, allowd range [%lu, %lu]\n",
- (unsigned long) len, pin_type,
- (unsigned long) P11_MIN_PIN_LENGTH, (unsigned long) P11_MAX_PIN_LENGTH);
+ (unsigned long) len, pin_type,
+ (unsigned long) P11_MIN_PIN_LENGTH, (unsigned long) P11_MAX_PIN_LENGTH);
return 0;
}
- if (!sql_check_ok(sql_prepare(&q, iterations_query)) ||
- !sql_check_row(sqlite3_step(q)) ||
+ if (!sql_check_ok(sql_prepare(&q, iterations_query)) ||
+ !sql_check_row(sqlite3_step(q)) ||
sqlite3_column_type(q, 0) == SQLITE_NULL)
lose("Couldn't retrieve PBKDF2 iteration count from SQL");
-
+
if ((err = hal_get_random(salt, sizeof(salt))) != HAL_OK) {
fprintf(stderr, "Couldn't generate salt: %s\n", hal_error_string(err));
goto fail;
}
if ((err = hal_pbkdf2(hal_hash_sha256, (uint8_t *) pin, len, salt, sizeof(salt),
- pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) {
+ pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) {
fprintf(stderr, "Couldn't process new PIN: %s\n", hal_error_string(err));
goto fail;
}
- if (!sql_check_ok(sql_finalize_and_clear(&q)) ||
- !sql_check_ok(sql_prepare(&q, update_format, pin_type, pin_type)) ||
- !sql_check_ok(sqlite3_bind_blob(q, 1, pinbuf, sizeof(pinbuf), NULL)) ||
- !sql_check_ok(sqlite3_bind_blob(q, 2, salt, sizeof(salt), NULL)) ||
+ if (!sql_check_ok(sql_finalize_and_clear(&q)) ||
+ !sql_check_ok(sql_prepare(&q, update_format, pin_type, pin_type)) ||
+ !sql_check_ok(sqlite3_bind_blob(q, 1, pinbuf, sizeof(pinbuf), NULL)) ||
+ !sql_check_ok(sqlite3_bind_blob(q, 2, salt, sizeof(salt), NULL)) ||
!sql_check_done(sqlite3_step(q)))
lose("Couldn't update database");
-
+
ok = 1;
fail:
@@ -297,3 +329,9 @@ int main(int argc, char *argv[])
sql_fini();
return !ok;
}
+
+/*
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/pkcs11.c b/pkcs11.c
index a653ecf..da711b0 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1,4 +1,4 @@
-/*
+/*
* pkcs11.c
* --------
*
@@ -7,37 +7,37 @@
*
* Author: Rob Austein
* Copyright (c) 2015, SUNET
- *
- * Redistribution and use in source and binary forms, with or
- * without modification, are permitted provided that the following
- * conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <stdarg.h>
+#include <stdarg.h>
#include <assert.h>
#include <hal.h>
@@ -386,7 +386,7 @@ static CK_RV posix_mutex_create(CK_VOID_PTR_PTR ppMutex)
default:
lose(CKR_GENERAL_ERROR);
- }
+ }
fail:
if (m != NULL)
@@ -683,7 +683,7 @@ static int p11_attribute_get(const CK_OBJECT_HANDLE object_handle,
if (value != NULL && maxlength < len)
goto fail;
-
+
if (value != NULL)
memcpy(value, sqlite3_column_blob(q, 0), len);
@@ -1108,7 +1108,7 @@ static CK_OBJECT_HANDLE p11_object_create(const p11_session_t *session,
/*
* Finally, add generation mechanism attributes as needed.
*/
-
+
if (mechanism != NULL &&
(!sql_check_ok(sqlite3_reset(q)) ||
!sql_check_ok(sqlite3_bind_int64(q, 2, CKA_LOCAL)) ||
@@ -1612,7 +1612,7 @@ static CK_RV p11_check_keypair_attributes_check_template_2(const p11_session_t *
* public and private keys in a keypair), so we need to do a fair
* amount of checking. We automate as much of the dumb stuff as
* possible through the object descriptor.
- *
+ *
* Key usage handling here is based on RFC 5280 4.2.1.3.
*
* PKCS #11 suggests but does not require CKA_ID values for public and
@@ -1689,7 +1689,7 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session,
ulPublicKeyAttributeCount)) != CKR_OK ||
(rv = p11_check_keypair_attributes_check_template_2(session,
private_descriptor,
- pPrivateKeyTemplate,
+ pPrivateKeyTemplate,
ulPrivateKeyAttributeCount)) != CKR_OK)
goto fail;
@@ -1746,7 +1746,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
return rv;
assert(session != NULL && pMechanism != NULL &&
- pPublicKeyTemplate != NULL && phPublicKey != NULL &&
+ pPublicKeyTemplate != NULL && phPublicKey != NULL &&
pPrivateKeyTemplate != NULL && phPrivateKey != NULL);
/*
@@ -2369,7 +2369,7 @@ CK_RV C_OpenSession(CK_SLOT_ID slotID,
lose(CKR_SESSION_READ_WRITE_SO_EXISTS);
session->state = CKS_RW_SO_FUNCTIONS;
break;
- }
+ }
session->notify = Notify;
session->application = pApplication;
@@ -2453,7 +2453,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession,
*/
if (logged_in_as != not_logged_in)
- lose(CKR_USER_ALREADY_LOGGED_IN);
+ lose(CKR_USER_ALREADY_LOGGED_IN);
/*
* Figure out which PIN we're checking.
@@ -2884,7 +2884,7 @@ CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
*/
if (!sql_check_ok(sql_prepare(&session->find_query, select_format, hSession)))
- lose(CKR_FUNCTION_FAILED);
+ lose(CKR_FUNCTION_FAILED);
session->find_query_done = 0;
fail:
@@ -2958,7 +2958,7 @@ CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
p11_session_t *session;
sqlite3_stmt *q = NULL;
CK_RV rv = CKR_OK;
-
+
mutex_lock_or_return_failure(p11_global_mutex);
if ((session = p11_session_find(hSession)) == NULL)
@@ -3422,7 +3422,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
return CKR_SLOT_ID_INVALID;
switch (type) {
-
+
case CKM_RSA_PKCS_KEY_PAIR_GEN:
pInfo->ulMinKeySize = 1024;
pInfo->ulMaxKeySize = 8192;
diff --git a/schema.sql b/schema.sql
index aaf2b21..01816fa 100644
--- a/schema.sql
+++ b/schema.sql
@@ -2,30 +2,30 @@
--
-- Author: Rob Austein
-- Copyright (c) 2015, SUNET
---
--- Redistribution and use in source and binary forms, with or
--- without modification, are permitted provided that the following
--- conditions are met:
---
--- 1. Redistributions of source code must retain the above copyright
--- notice, this list of conditions and the following disclaimer.
---
--- 2. Redistributions in binary form must reproduce the above copyright
--- notice, this list of conditions and the following disclaimer in
--- the documentation and/or other materials provided with the
--- distribution.
---
--- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
--- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
--- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
--- FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
--- COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
--- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+--
+-- Redistribution and use in source and binary forms, with or
+-- without modification, are permitted provided that the following
+-- conditions are met:
+--
+-- 1. Redistributions of source code must retain the above copyright
+-- notice, this list of conditions and the following disclaimer.
+--
+-- 2. Redistributions in binary form must reproduce the above copyright
+-- notice, this list of conditions and the following disclaimer in
+-- the documentation and/or other materials provided with the
+-- distribution.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+-- FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+-- COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+-- INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-- BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
--- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
--- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
--- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
--- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+-- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+-- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+-- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+-- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-- ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-- Notes:
diff --git a/scripts/build-attributes b/scripts/build-attributes
index 891bdb6..1625f85 100755
--- a/scripts/build-attributes
+++ b/scripts/build-attributes
@@ -7,30 +7,30 @@ attributes. See comments in attributes.yaml for details.
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This requires a third-party YAML parser. On Debian-family Linux,
diff --git a/scripts/convert-schema.sed b/scripts/convert-schema.sed
index f8874b3..a4b4069 100644
--- a/scripts/convert-schema.sed
+++ b/scripts/convert-schema.sed
@@ -5,30 +5,30 @@
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/scripts/format-attribute-comments b/scripts/format-attribute-comments
index 3c13bba..5911f0e 100755
--- a/scripts/format-attribute-comments
+++ b/scripts/format-attribute-comments
@@ -8,30 +8,30 @@
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
url=http://www.cryptsoft.com/pkcs11doc/download/pkcs11doc-v230.tgz
diff --git a/scripts/test-hsmcheck b/scripts/test-hsmcheck
index b7a5643..4e8fa0f 100755
--- a/scripts/test-hsmcheck
+++ b/scripts/test-hsmcheck
@@ -11,30 +11,30 @@ input by screen scraping the output of another ad hoc test tool?
# Author: Rob Austein
# Copyright (c) 2015, SUNET
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import os
@@ -58,7 +58,7 @@ def write_config():
SubElement(r, "TokenLabel").text = args.token_label
SubElement(r, "PIN").text = args.pin
ElementTree(e).write(args.write_config)
- args.write_config.flush()
+ args.write_config.flush()
def hsmcheck(flag):
@@ -86,7 +86,7 @@ def check_dnssec(text):
This requires the DNSPython toolkit, which in turn requires
PyCrypto; ECDSA support (not yet tested) requires a third package.
On Debian-family Linux, you can install these with:
-
+
sudo apt-get install python-dnspython python-crypto python-ecdsa
Equivalent packages exist for other platforms.
diff --git a/sql_common.h b/sql_common.h
index 1e55322..dfd41f6 100644
--- a/sql_common.h
+++ b/sql_common.h
@@ -1,4 +1,4 @@
-/*
+/*
* sql_common.h
* ------------
*
@@ -10,30 +10,30 @@
*
* Author: Rob Austein
* Copyright (c) 2015, SUNET
- *
- * Redistribution and use in source and binary forms, with or
- * without modification, are permitted provided that the following
- * conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
@@ -43,7 +43,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <stdarg.h>
+#include <stdarg.h>
#include <assert.h>
#include <sqlite3.h>