version 1.14, 2014/06/24 01:13:21 |
version 1.15, 2015/01/15 09:40:00 |
|
|
|
|
#include "log.h" |
#include "log.h" |
#include "misc.h" |
#include "misc.h" |
#include "key.h" |
#include "sshkey.h" |
#include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
|
|
|
|
* keysp points to an (possibly empty) array with *nkeys keys. |
* keysp points to an (possibly empty) array with *nkeys keys. |
*/ |
*/ |
static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, |
static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG, |
CK_ATTRIBUTE [], CK_ATTRIBUTE [3], Key ***, int *) |
CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *) |
__attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); |
__attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE)))); |
|
|
static int |
static int |
pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, |
pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, |
Key ***keysp, int *nkeys) |
struct sshkey ***keysp, int *nkeys) |
{ |
{ |
CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; |
CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY; |
CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; |
CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE; |
|
|
} |
} |
|
|
static int |
static int |
pkcs11_key_included(Key ***keysp, int *nkeys, Key *key) |
pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) |
{ |
{ |
int i; |
int i; |
|
|
for (i = 0; i < *nkeys; i++) |
for (i = 0; i < *nkeys; i++) |
if (key_equal(key, (*keysp)[i])) |
if (sshkey_equal(key, (*keysp)[i])) |
return (1); |
return (1); |
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, |
pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, |
CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], |
CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3], |
Key ***keysp, int *nkeys) |
struct sshkey ***keysp, int *nkeys) |
{ |
{ |
Key *key; |
struct sshkey *key; |
RSA *rsa; |
RSA *rsa; |
X509 *x509; |
X509 *x509; |
EVP_PKEY *evp; |
EVP_PKEY *evp; |
|
|
} |
} |
if (rsa && rsa->n && rsa->e && |
if (rsa && rsa->n && rsa->e && |
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { |
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { |
key = key_new(KEY_UNSPEC); |
key = sshkey_new(KEY_UNSPEC); |
key->rsa = rsa; |
key->rsa = rsa; |
key->type = KEY_RSA; |
key->type = KEY_RSA; |
key->flags |= SSHKEY_FLAG_EXT; |
key->flags |= SSHKEY_FLAG_EXT; |
if (pkcs11_key_included(keysp, nkeys, key)) { |
if (pkcs11_key_included(keysp, nkeys, key)) { |
key_free(key); |
sshkey_free(key); |
} else { |
} else { |
/* expand key array and add key */ |
/* expand key array and add key */ |
*keysp = xrealloc(*keysp, *nkeys + 1, |
*keysp = xrealloc(*keysp, *nkeys + 1, |
sizeof(Key *)); |
sizeof(struct sshkey *)); |
(*keysp)[*nkeys] = key; |
(*keysp)[*nkeys] = key; |
*nkeys = *nkeys + 1; |
*nkeys = *nkeys + 1; |
debug("have %d keys", *nkeys); |
debug("have %d keys", *nkeys); |
|
|
#ifdef HAVE_DLOPEN |
#ifdef HAVE_DLOPEN |
/* register a new provider, fails if provider already exists */ |
/* register a new provider, fails if provider already exists */ |
int |
int |
pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp) |
pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) |
{ |
{ |
int nkeys, need_finalize = 0; |
int nkeys, need_finalize = 0; |
struct pkcs11_provider *p = NULL; |
struct pkcs11_provider *p = NULL; |
|
|
} |
} |
#else |
#else |
int |
int |
pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp) |
pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) |
{ |
{ |
error("dlopen() not supported"); |
error("dlopen() not supported"); |
return (-1); |
return (-1); |