Skip to content

Commit

Permalink
p11-kit tool: Support --provider option
Browse files Browse the repository at this point in the history
This adds --provider option to p11-kit subcommands which loads PKCS#11
modules.  The option would be useful for testing a specific module
without installing it on the system.

Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
ueno committed Jan 2, 2024
1 parent 2fd9f15 commit ef42b99
Show file tree
Hide file tree
Showing 14 changed files with 263 additions and 2 deletions.
63 changes: 63 additions & 0 deletions doc/manual/p11-kit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,13 @@ $ p11-kit list-tokens pkcs11:token
<term><option>--only-uris</option></term>
<listitem><para>Print only the matching token URIs.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand All @@ -153,6 +160,13 @@ $ p11-kit list-objects pkcs11:object_on_token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand Down Expand Up @@ -189,6 +203,13 @@ $ p11-kit import-object --file=file.pem &lsqb;--label=label&rsqb; pkcs11:token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand All @@ -211,6 +232,13 @@ $ p11-kit export-object pkcs11:object_on_token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand All @@ -232,6 +260,13 @@ $ p11-kit delete-object pkcs11:object_on_token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand Down Expand Up @@ -280,6 +315,13 @@ $ p11-kit generate-keypair --type=algorithm &lcub;--bits=n|--curve=name&rcub; &l
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand All @@ -302,6 +344,13 @@ $ p11-kit list-profiles pkcs11:token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand Down Expand Up @@ -335,6 +384,13 @@ $ p11-kit add-profile --profile=profile pkcs11:token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand Down Expand Up @@ -367,6 +423,13 @@ $ p11-kit delete-profile --profile=profile pkcs11:token
<term><option>--login</option></term>
<listitem><para>Authenticate to the token before enumerating objects. The PIN value is read from either the <literal>pin-value</literal> attribute in the URI or from the terminal.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--provider=&lt;module_path&gt;</option></term>
<listitem><para>Load only the given PKCS#11 module instead of enumerating modules installed on the system. If <parameter>module_path</parameter> is a relative path, the module is loaded from the default module path. This path can be determined by running:</para>
<programlisting>
$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
/usr/lib64/pkcs11</programlisting></listitem>
</varlistentry>
</variablelist>
</refsect1>

Expand Down
13 changes: 13 additions & 0 deletions p11-kit/add-profile.c
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
#include "tool.h"

#include <assert.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>

Expand Down Expand Up @@ -147,13 +148,15 @@ p11_kit_add_profile (int argc,
p11_dict *profile_nicks = NULL;
bool login = false;
p11_tool *tool = NULL;
const char *provider = NULL;

enum {
opt_verbose = 'v',
opt_quiet = 'q',
opt_help = 'h',
opt_profile = 'p',
opt_login = 'l',
opt_provider = CHAR_MAX + 2,
};

struct option options[] = {
Expand All @@ -162,13 +165,15 @@ p11_kit_add_profile (int argc,
{ "help", no_argument, NULL, opt_help },
{ "profile", required_argument, NULL, opt_profile },
{ "login", no_argument, NULL, opt_login },
{ "provider", required_argument, NULL, opt_provider },
{ 0 },
};

p11_tool_desc usages[] = {
{ 0, "usage: p11-kit add-profile --profile profile pkcs11:token" },
{ opt_profile, "specify the profile to add" },
{ opt_login, "login to the token" },
{ opt_provider, "specify the module to use" },
{ 0 },
};

Expand Down Expand Up @@ -207,6 +212,9 @@ p11_kit_add_profile (int argc,
case opt_login:
login = true;
break;
case opt_provider:
provider = optarg;
break;
case '?':
goto cleanup;
default:
Expand Down Expand Up @@ -239,6 +247,11 @@ p11_kit_add_profile (int argc,
goto cleanup;
}

if (!p11_tool_set_provider (tool, provider)) {
p11_message (_("failed to allocate memory"));
goto cleanup;
}

p11_tool_set_login (tool, login);

ret = add_profile (tool, profile);
Expand Down
13 changes: 13 additions & 0 deletions p11-kit/delete-object.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
#include "tool.h"

#include <assert.h>
#include <limits.h>
#include <stdlib.h>

#ifdef ENABLE_NLS
Expand Down Expand Up @@ -99,25 +100,29 @@ p11_kit_delete_object (int argc,
int opt, ret = 2;
bool login = false;
p11_tool *tool = NULL;
const char *provider = NULL;

enum {
opt_verbose = 'v',
opt_quiet = 'q',
opt_help = 'h',
opt_login = 'l',
opt_provider = CHAR_MAX + 2,
};

struct option options[] = {
{ "verbose", no_argument, NULL, opt_verbose },
{ "quiet", no_argument, NULL, opt_quiet },
{ "help", no_argument, NULL, opt_help },
{ "login", no_argument, NULL, opt_login },
{ "provider", required_argument, NULL, opt_provider },
{ 0 },
};

p11_tool_desc usages[] = {
{ 0, "usage: p11-kit delete-object pkcs11:token" },
{ opt_login, "login to the token" },
{ opt_provider, "specify the module to use" },
{ 0 },
};

Expand All @@ -126,6 +131,9 @@ p11_kit_delete_object (int argc,
case opt_login:
login = true;
break;
case opt_provider:
provider = optarg;
break;
case opt_verbose:
p11_kit_be_loud ();
break;
Expand Down Expand Up @@ -162,6 +170,11 @@ p11_kit_delete_object (int argc,
goto cleanup;
}

if (!p11_tool_set_provider (tool, provider)) {
p11_message (_("failed to allocate memory"));
goto cleanup;
}

p11_tool_set_login (tool, login);

ret = delete_object (tool);
Expand Down
13 changes: 13 additions & 0 deletions p11-kit/delete-profile.c
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
#include "tool.h"

#include <assert.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>

Expand Down Expand Up @@ -147,13 +148,15 @@ p11_kit_delete_profile (int argc,
p11_dict *profile_nicks = NULL;
bool login = false;
p11_tool *tool = NULL;
const char *provider = NULL;

enum {
opt_verbose = 'v',
opt_quiet = 'q',
opt_help = 'h',
opt_profile = 'p',
opt_login = 'l',
opt_provider = CHAR_MAX + 2,
};

struct option options[] = {
Expand All @@ -162,13 +165,15 @@ p11_kit_delete_profile (int argc,
{ "help", no_argument, NULL, opt_help },
{ "profile", required_argument, NULL, opt_profile },
{ "login", no_argument, NULL, opt_login },
{ "provider", required_argument, NULL, opt_provider },
{ 0 },
};

p11_tool_desc usages[] = {
{ 0, "usage: p11-kit delete-profile --profile profile pkcs11:token" },
{ opt_profile, "specify the profile to delete" },
{ opt_login, "login to the token" },
{ opt_provider, "specify the module to use" },
{ 0 },
};

Expand Down Expand Up @@ -207,6 +212,9 @@ p11_kit_delete_profile (int argc,
case opt_login:
login = true;
break;
case opt_provider:
provider = optarg;
break;
case '?':
goto cleanup;
default:
Expand Down Expand Up @@ -239,6 +247,11 @@ p11_kit_delete_profile (int argc,
goto cleanup;
}

if (!p11_tool_set_provider (tool, provider)) {
p11_message (_("failed to allocate memory"));
goto cleanup;
}

p11_tool_set_login (tool, login);

ret = delete_profile (tool, profile);
Expand Down
12 changes: 12 additions & 0 deletions p11-kit/export-object.c
Original file line number Diff line number Diff line change
Expand Up @@ -493,25 +493,29 @@ p11_kit_export_object (int argc,
int opt, ret = 2;
bool login = false;
p11_tool *tool = NULL;
const char *provider = NULL;

enum {
opt_verbose = 'v',
opt_quiet = 'q',
opt_help = 'h',
opt_login = 'l',
opt_provider = CHAR_MAX + 2,
};

struct option options[] = {
{ "verbose", no_argument, NULL, opt_verbose },
{ "quiet", no_argument, NULL, opt_quiet },
{ "help", no_argument, NULL, opt_help },
{ "login", no_argument, NULL, opt_login },
{ "provider", required_argument, NULL, opt_provider },
{ 0 },
};

p11_tool_desc usages[] = {
{ 0, "usage: p11-kit export-object pkcs11:token" },
{ opt_login, "login to the token" },
{ opt_provider, "specify the module to use" },
{ 0 },
};

Expand All @@ -529,6 +533,9 @@ p11_kit_export_object (int argc,
case opt_login:
login = true;
break;
case opt_provider:
provider = optarg;
break;
case '?':
return 2;
default:
Expand Down Expand Up @@ -556,6 +563,11 @@ p11_kit_export_object (int argc,
goto cleanup;
}

if (!p11_tool_set_provider (tool, provider)) {
p11_message (_("failed to allocate memory"));
goto cleanup;
}

p11_tool_set_login (tool, login);

ret = export_object (tool);
Expand Down
Loading

0 comments on commit ef42b99

Please sign in to comment.