version 1.44, 2019/09/02 00:19:25 |
version 1.45, 2019/09/05 10:05:51 |
|
|
} |
} |
|
|
static int |
static int |
pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) |
pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si, |
|
CK_USER_TYPE type) |
{ |
{ |
struct pkcs11_slotinfo *si; |
|
CK_FUNCTION_LIST *f; |
|
char *pin = NULL, prompt[1024]; |
char *pin = NULL, prompt[1024]; |
CK_RV rv; |
CK_RV rv; |
|
|
if (!k11->provider || !k11->provider->valid) { |
if (provider == NULL || si == NULL || !provider->valid) { |
error("no pkcs11 (valid) provider found"); |
error("no pkcs11 (valid) provider found"); |
return (-1); |
return (-1); |
} |
} |
|
|
f = k11->provider->function_list; |
|
si = &k11->provider->slotinfo[k11->slotidx]; |
|
|
|
if (!pkcs11_interactive) { |
if (!pkcs11_interactive) { |
error("need pin entry%s", |
error("need pin entry%s", |
(si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? |
(si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? |
|
|
return (-1); /* bail out */ |
return (-1); /* bail out */ |
} |
} |
} |
} |
rv = f->C_Login(si->session, type, (u_char *)pin, |
rv = provider->function_list->C_Login(si->session, type, (u_char *)pin, |
(pin != NULL) ? strlen(pin) : 0); |
(pin != NULL) ? strlen(pin) : 0); |
if (pin != NULL) |
if (pin != NULL) |
freezero(pin, strlen(pin)); |
freezero(pin, strlen(pin)); |
|
|
} |
} |
|
|
static int |
static int |
|
pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) |
|
{ |
|
if (k11 == NULL || k11->provider == NULL || !k11->provider->valid) { |
|
error("no pkcs11 (valid) provider found"); |
|
return (-1); |
|
} |
|
|
|
return pkcs11_login_slot(k11->provider, |
|
&k11->provider->slotinfo[k11->slotidx], type); |
|
} |
|
|
|
|
|
static int |
pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, |
pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, |
CK_ATTRIBUTE_TYPE type, int *val) |
CK_ATTRIBUTE_TYPE type, int *val) |
{ |
{ |
|
|
* open session, login with pin and retrieve public |
* open session, login with pin and retrieve public |
* keys (if keyp is provided) |
* keys (if keyp is provided) |
*/ |
*/ |
if ((ret = pkcs11_open_session(p, i, pin, user)) == 0) { |
if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || |
if (keyp == NULL) |
keyp == NULL) |
|
continue; |
|
pkcs11_fetch_keys(p, i, keyp, &nkeys); |
|
pkcs11_fetch_certs(p, i, keyp, &nkeys); |
|
if (nkeys == 0 && !p->slotinfo[i].logged_in && |
|
pkcs11_interactive) { |
|
/* |
|
* Some tokens require login before they will |
|
* expose keys. |
|
*/ |
|
if (pkcs11_login_slot(p, &p->slotinfo[i], |
|
CKU_USER) < 0) { |
|
error("login failed"); |
continue; |
continue; |
|
} |
pkcs11_fetch_keys(p, i, keyp, &nkeys); |
pkcs11_fetch_keys(p, i, keyp, &nkeys); |
pkcs11_fetch_certs(p, i, keyp, &nkeys); |
pkcs11_fetch_certs(p, i, keyp, &nkeys); |
} |
} |