giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Made a seperate function for the login functionality, and split test_kpgen_certwrite() into 2 parts, with a logout - unload lib - load lib - login between them 

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1693 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
sth 2003-12-23 16:31:09 +00:00
parent f017da5102
commit 6952fb4030
1 changed files with 78 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
src/tools/pkcs11-tool.c
View File

@ -92,9 +92,9 @@ const char *option_help[] = {
"Specify the type of object (e.g. cert, privkey, pubkey)",
"Specify the id of the object",
"Specify the label of the object",
"Set the CKA_ID of an object, <args>= the (new) CKA_ID",
"Specify number of the slot to use",
"Specify label of the slot to use",
"Set the CKA_ID of an object, >args>= the (new) CKA_ID",
"Specify the input file",
"Specify the output file",
"Specify the module to load",
@ -119,6 +119,7 @@ static CK_OBJECT_CLASS opt_object_class = -1;
static CK_BYTE opt_object_id[100], new_object_id[100];
static size_t opt_object_id_len = 0, new_object_id_len = 0;
static char * opt_object_label = NULL;
static char * opt_pin = NULL;
static void *module = NULL;
static CK_FUNCTION_LIST_PTR p11 = NULL;
@ -140,6 +141,7 @@ static void list_slots(void);
static void show_token(CK_SLOT_ID);
static void list_mechs(CK_SLOT_ID);
static void list_objects(CK_SESSION_HANDLE);
static int login(CK_SESSION_HANDLE);
static int change_pin(CK_SLOT_ID, CK_SESSION_HANDLE);
static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
static void show_key(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, int);
@ -183,7 +185,6 @@ main(int argc, char * const argv[])
{
CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE object = CK_INVALID_HANDLE;
char *opt_pin = NULL;
int err = 0, c, long_optind = 0;
int do_show_info = 0;
int do_list_slots = 0;
@ -418,34 +419,11 @@ main(int argc, char * const argv[])
return change_pin(opt_slot, session);
if (opt_login || opt_pin) {
char *pin = NULL;
CK_TOKEN_INFO info;
get_token_info(opt_slot, &info);
/* Identify which pin to enter */
if (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
if (opt_pin)
pin = opt_pin;
} else
if (info.flags & CKF_LOGIN_REQUIRED) {
if (opt_pin == NULL)
pin = getpass("Please enter PIN: ");
else
pin = opt_pin;
if (!pin || !*pin)
return 1;
} else {
goto skip_login;
}
rv = p11->C_Login(session, CKU_USER, (CK_UTF8CHAR *) pin,
pin == NULL ? 0 : strlen(pin));
if (rv != CKR_OK)
p11_fatal("C_Login", rv);
int r = login(session);
if (r != 0)
return r;
}
skip_login:
if (do_sign) {
if (!find_object(session, CKO_PRIVATE_KEY, &object, NULL, 0, 0))
fatal("Private key not found");
@ -495,7 +473,6 @@ end:
return err;
}
void
show_cryptoki_info(void)
{
@ -584,6 +561,8 @@ show_token(CK_SLOT_ID slot)
sizeof(info.model)));
printf(" token flags: %s\n",
p11_token_info_flags(info.flags));
printf(" serial num : %s\n", p11_utf8_to_local(info.serialNumber,
sizeof(info.serialNumber)));
}
void
@ -648,6 +627,38 @@ list_objects(CK_SESSION_HANDLE sess)
p11->C_FindObjectsFinal(sess);
}
static int login(CK_SESSION_HANDLE session)
{
char *pin = NULL;
CK_TOKEN_INFO info;
CK_RV rv;
get_token_info(opt_slot, &info);
/* Identify which pin to enter */
if (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
if (opt_pin)
pin = opt_pin;
} else
if (info.flags & CKF_LOGIN_REQUIRED) {
if (opt_pin == NULL)
pin = getpass("Please enter PIN: ");
else
pin = opt_pin;
if (!pin || !*pin)
return 1;
} else {
return 0;
}
rv = p11->C_Login(session, CKU_USER, (CK_UTF8CHAR *) pin,
pin == NULL ? 0 : strlen(pin));
if (rv != CKR_OK)
p11_fatal("C_Login", rv);
return 0;
}
int
change_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
{
@ -2340,6 +2351,8 @@ test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
};
FILE *f;
printf("\n*** We allready opened a session and logged in ***\n");
get_mechanisms(slot, &mech_type, &num_mechs);
for (i = 0; i < num_mechs; i++) {
if (mech_type[i] == CKM_RSA_PKCS_KEY_PAIR_GEN)
@ -2415,9 +2428,10 @@ test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
if (rv != CKR_OK)
p11_fatal("C_Verify", rv);
printf("\n*** Signing the certificate request ***\n");
/* Sign the certificate request */
printf("\n*** Signing the certificate request ***\n");
data = md5_and_digestinfo;
data_len = 20;
rv = p11->C_SignInit(session, &mech, priv_key);
@ -2427,14 +2441,46 @@ test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
if (rv != CKR_OK)
p11_fatal("C_Sign", rv);
printf("\n*** In real life, the cert req should be sent to the CA ***\n");
printf("\n*** Changing the CKA_LABEL, CKA_ID and CKA_SUBJECT of the public key ***\n");
rv = p11->C_SetAttributeValue(session, pub_key, attribs, 3);
if (rv != CKR_OK)
p11_fatal("C_SetAttributeValue", rv);
printf("\n*** Logging off and releasing pkcs11 lib ***\n");
rv = p11->C_CloseAllSessions(slot);
if (rv != CKR_OK)
p11_fatal("CloseAllSessions", rv);
rv = p11->C_Finalize(NULL);
if (rv != CKR_OK)
p11_fatal("Finalize", rv);
C_UnloadModule(module);
/* Now we assume the user turns of her PC and comes back tomorrow to see
* if here cert is allready made and to install it (as is done next) */
printf("\n*** In real life, the cert req should now be sent to the CA ***\n");
printf("\n*** Loading the pkcs11 lib, opening a session and logging in ***\n");
module = C_LoadModule(opt_module, &p11);
if (module == NULL)
fatal("Failed to load pkcs11 module");
rv = p11->C_Initialize(NULL);
if (rv != CKR_OK)
p11_fatal("C_Initialize", rv);
rv = p11->C_OpenSession(opt_slot, CKF_SERIAL_SESSION| CKF_RW_SESSION,
NULL, NULL, &session);
if (rv != CKR_OK)
p11_fatal("C_OpenSession", rv);
login(session);
printf("\n*** Put a cert on the card (NOTE: doesn't correspond with the key!) ***\n");
opt_object_class = CKO_CERTIFICATE;