View | Details | Raw Unified | Return to bug 2430 | Differences between
and this patch

Collapse All | Expand All

(-)a/ssh-pkcs11.c (-20 / +43 lines)
Lines 216-221 pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, Link Here
216 
	return (ret);
 216 
	return (ret);
217 
}
 217 
}
218 

          218
          

        

            

              
              
              219
              
int

            

            

              220
              
pkcs11_login(struct pkcs11_provider *p, struct pkcs11_slotinfo *si,

            

            

              221
              
    int login_type)

            

            

              222
              
{

            

            

              223
              
	CK_RV			rv;

            

            

              224
              
	CK_FUNCTION_LIST	*f;

            

            

              225
              
	char			*pin = NULL, prompt[1024];

            

            

              226
              

            

            

              227
              
	f = p->function_list;

            

            

              228
              

            

            

              229
              
	if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)

            

            

              230
              
		verbose("Deferring PIN entry to reader keypad.");

            

            

              231
              
	else {

            

            

              232
              
		snprintf(prompt, sizeof(prompt),

            

            

              233
              
		    "Enter PIN for '%s': ", si->token.label);

            

            

              234
              
		pin = read_passphrase(prompt, RP_ALLOW_EOF);

            

            

              235
              
		if (pin == NULL)

            

            

              236
              
			return (-1);	/* bail out */

            

            

              237
              
	}

            

            

              238
              
	rv = f->C_Login(si->session, login_type, (u_char *)pin,

            

            

              239
              
		(pin != NULL) ? strlen(pin) : 0);

            

            

              240
              

            

            

              241
              
	if (pin != NULL) {

            

            

              242
              
		explicit_bzero(pin, strlen(pin));

            

            

              243
              
		free(pin);

            

            

              244
              
	}

            

            

              245
              
	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {

            

            

              246
              
		error("C_Login failed: %lu", rv);

            

            

              247
              
		return (-1);

            

            

              248
              
	}

            

            

              249
              
	/* authentication successful */

            

            

              250
              
	return (0);

            

            

              251
              
}

            

            

              252
              

            

        

          219
          
/* openssl callback doing the actual signing operation */

          253
          
/* openssl callback doing the actual signing operation */

        

        

          220
          
static int

          254
          
static int

        

        

          221
          
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,

          255
          
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,

        

  

    
      
            Lines 237-243
          pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
      
      
        Link Here
      
    
  

        

          237
          
		{CKA_ID, NULL, 0},

          271
          
		{CKA_ID, NULL, 0},

        

        

          238
          
		{CKA_SIGN, NULL, sizeof(true_val) }

          272
          
		{CKA_SIGN, NULL, sizeof(true_val) }

        

        

          239
          
	};

          273
          
	};

        

            

              240
              
	char			*pin = NULL, prompt[1024];

              
              
            

        

          241
          
	int			rval = -1;

          274
          
	int			rval = -1;

        

        

          242
          

          275
          

        

        

          243
          
	key_filter[0].pValue = &private_key_class;

          276
          
	key_filter[0].pValue = &private_key_class;

        

  

    
      
            Lines 260-284
          pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
      
      
        Link Here
      
    
  

        

          260
          
			    " on reader keypad" : "");

          293
          
			    " on reader keypad" : "");

        

        

          261
          
			return (-1);

          294
          
			return (-1);

        

        

          262
          
		}

          295
          
		}

        

          
            

              263
              
		if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)


              296
              
		if (pkcs11_login(k11->provider, si, CKU_USER) < 0)

            

            

              264
              
			verbose("Deferring PIN entry to reader keypad.");


              
              
            

            

              265
              
		else {


            

            

              266
              
			snprintf(prompt, sizeof(prompt),


            

            

              267
              
			    "Enter PIN for '%s': ", si->token.label);


            

            

              268
              
			pin = read_passphrase(prompt, RP_ALLOW_EOF);


            

            

              269
              
			if (pin == NULL)


            

            

              270
              
				return (-1);	/* bail out */


            

            

              271
              
		}


            

            

              272
              
		rv = f->C_Login(si->session, CKU_USER, (u_char *)pin,


            

            

              273
              
		    (pin != NULL) ? strlen(pin) : 0);


            

            

              274
              
		if (pin != NULL) {


            

            

              275
              
			explicit_bzero(pin, strlen(pin));


            

            

              276
              
			free(pin);


            

            

              277
              
		}


            

            

              278
              
		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {


            

            

              279
              
			error("C_Login failed: %lu", rv);


            

        

          280
          
			return (-1);

          297
          
			return (-1);

        

            

              281
              
		}

              
              
            

        

          282
          
		si->logged_in = 1;

          298
          
		si->logged_in = 1;

        

        

          283
          
	}

          299
          
	}

        

        

          284
          
	key_filter[1].pValue = k11->keyid;

          300
          
	key_filter[1].pValue = k11->keyid;

        

  

    
      
            Lines 689-696
          pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
      
      
        Link Here
      
    
  

        

          689
          
		    token->label, token->manufacturerID, token->model,

          705
          
		    token->label, token->manufacturerID, token->model,

        

        

          690
          
		    token->serialNumber, token->flags);

          706
          
		    token->serialNumber, token->flags);

        

        

          691
          
		/* open session, login with pin and retrieve public keys */

          707
          
		/* open session, login with pin and retrieve public keys */

        

          
            

              692
              
		if (pkcs11_open_session(p, i, pin) == 0)


              708
              
		if (pkcs11_open_session(p, i, pin) == 0) {

            

        

          693
          
			pkcs11_fetch_keys(p, i, keyp, &nkeys);

          709
          
			pkcs11_fetch_keys(p, i, keyp, &nkeys);

        

            

              
              
              710
              
			/* if we don't get any keys try to prompt for PIN */

            

            

              711
              
			if (nkeys == 0 && pin == NULL &&

            

            

              712
              
			    pkcs11_login(p, &p->slotinfo[i], CKU_USER) == 0) {

            

            

              713
              
				pkcs11_fetch_keys(p, i, keyp, &nkeys);

            

            

              714
              
				p->slotinfo[i].logged_in = 1;

            

            

              715
              
			}

            

            

              716
              
		}

            

        

          694
          
	}

          717
          
	}

        

        

          695
          
	if (nkeys > 0) {

          718
          
	if (nkeys > 0) {

        

        

          696
          
		TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);

          719
          
		TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);

        






  

  Return to bug 2430