| version 1.4, 2010/02/24 06:12:53 |
version 1.5, 2010/04/15 20:32:55 |
|
|
| return (rv); |
return (rv); |
| } |
} |
| |
|
| |
/* find a single 'obj' for given attributes */ |
| |
static int |
| |
pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, |
| |
CK_ULONG nattr, CK_OBJECT_HANDLE *obj) |
| |
{ |
| |
CK_FUNCTION_LIST *f; |
| |
CK_SESSION_HANDLE session; |
| |
CK_ULONG nfound = 0; |
| |
CK_RV rv; |
| |
int ret = -1; |
| |
|
| |
f = p->function_list; |
| |
session = p->slotinfo[slotidx].session; |
| |
if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { |
| |
error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); |
| |
return (-1); |
| |
} |
| |
if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || |
| |
nfound != 1) { |
| |
debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", |
| |
nfound, nattr, rv); |
| |
} else |
| |
ret = 0; |
| |
if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
| |
error("C_FindObjectsFinal failed: %lu", rv); |
| |
return (ret); |
| |
} |
| |
|
| /* openssl callback doing the actual signing operation */ |
/* openssl callback doing the actual signing operation */ |
| static int |
static int |
| pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, |
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, |
|
|
| struct pkcs11_slotinfo *si; |
struct pkcs11_slotinfo *si; |
| CK_FUNCTION_LIST *f; |
CK_FUNCTION_LIST *f; |
| CK_OBJECT_HANDLE obj; |
CK_OBJECT_HANDLE obj; |
| CK_ULONG tlen = 0, nfound = 0; |
CK_ULONG tlen = 0; |
| CK_RV rv; |
CK_RV rv; |
| CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; |
CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY; |
| CK_BBOOL true = CK_TRUE; |
CK_BBOOL true = CK_TRUE; |
|
|
| } |
} |
| key_filter[1].pValue = k11->keyid; |
key_filter[1].pValue = k11->keyid; |
| key_filter[1].ulValueLen = k11->keyid_len; |
key_filter[1].ulValueLen = k11->keyid_len; |
| if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) { |
/* try to find object w/CKA_SIGN first, retry w/o */ |
| error("C_FindObjectsInit failed: %lu", rv); |
if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && |
| return (-1); |
pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { |
| } |
error("cannot find private key"); |
| if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK || |
|
| nfound != 1) { |
|
| error("C_FindObjects failed (%lu nfound): %lu", nfound, rv); |
|
| } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
| error("C_SignInit failed: %lu", rv); |
error("C_SignInit failed: %lu", rv); |
| } else { |
} else { |
|
|
| else |
else |
| error("C_Sign failed: %lu", rv); |
error("C_Sign failed: %lu", rv); |
| } |
} |
| if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK) |
|
| error("C_FindObjectsFinal failed: %lu", rv); |
|
| return (rval); |
return (rval); |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-pkcs11.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh