Ejemplos de gnutls_pkcs11_init en C++ (Cpp)

Ejemplo n.º 1

Archivo: pkcs11-privkey-pthread.c Proyecto: GostCrypt/GnuTLS

void doit(void)
{
	int ret, status;
	const char *lib;
	gnutls_privkey_t pkey;
	pid_t pid;

	signal(SIGPIPE, SIG_IGN);

	gnutls_pkcs11_set_pin_function(pin_func, NULL);
	gnutls_global_set_log_function(tls_log_func);
	if (debug)
		gnutls_global_set_log_level(4711);

	lib = getenv("P11MOCKLIB1");
	if (lib == NULL)
		lib = P11LIB;

	ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_add_provider(lib, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	assert(gnutls_privkey_init(&pkey) == 0);

	ret = gnutls_privkey_import_url(pkey, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
	if (ret < 0) {
		fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret));
		exit(1);
	}

	/* fork to force PKCS#11 reinitialization */
	pid = fork();
	if (pid == -1) {
		exit(1);
	} else if (pid) {
                waitpid(pid, &status, 0);
                check_wait_status(status);
                goto cleanup;
	}

	do_thread_stuff(pkey);

 cleanup:
	gnutls_privkey_deinit(pkey);
}

Ejemplo n.º 2

Archivo: pkcs11-privkey-always-auth.c Proyecto: gnutls/gnutls

void doit(void)
{
	int ret;
	const char *lib;
	gnutls_privkey_t key;
	gnutls_pkcs11_obj_t obj;
	gnutls_datum_t sig = {NULL, 0}, data;
	unsigned flags = 0;

	lib = getenv("P11MOCKLIB1");
	if (lib == NULL)
		lib = P11LIB;

	{
		void *dl;
		unsigned int *pflags;

		dl = dlopen(lib, RTLD_NOW);
		if (dl == NULL) {
			fail("could not dlopen %s\n", lib);
			exit(1);
		}

		pflags = dlsym(dl, "pkcs11_mock_flags");
		if (pflags == NULL) {
			fail("could find pkcs11_mock_flags\n");
			exit(1);
		}

		*pflags = MOCK_FLAG_ALWAYS_AUTH;
	}

	data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb";
	data.size = 20;

	ret = global_init();
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	gnutls_global_set_log_function(tls_log_func);
	if (debug)
		gnutls_global_set_log_level(4711);

	ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_add_provider(lib, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_obj_init(&obj);
	assert(ret>=0);

	gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);

	ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:object=test;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
	assert(ret>=0);

	ret = gnutls_pkcs11_obj_get_flags(obj, &flags);
	assert(ret>=0);

	if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH)) {
		fail("key object doesn't have the always authenticate flag\n");
	}
	gnutls_pkcs11_obj_deinit(obj);


	ret = gnutls_privkey_init(&key);
	assert(ret>=0);

	gnutls_privkey_set_pin_function(key, pin_func, NULL);

	ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	pin_called = 0;

	ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	if (pin_called == 0) {
		fail("PIN function wasn't called!\n");
	}
	pin_called = 0;

	gnutls_free(sig.data);

	/* call again - should re-authenticate */
	ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	if (pin_called == 0) {
		fail("PIN function wasn't called twice!\n");
	}
	pin_called = 0;

	gnutls_free(sig.data);

	if (debug)
		printf("done\n\n\n");

	gnutls_privkey_deinit(key);
	gnutls_pkcs11_deinit();
	gnutls_global_deinit();
}

Ejemplo n.º 3

Archivo: p11tool.c Proyecto: philippe-goetz/gnutls

static void
cmd_parser (int argc, char **argv)
{
    int ret, debug = 0;
    common_info_st cinfo;
    unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN;
    const char* url = NULL;
    unsigned int detailed_url = 0, optct;
    unsigned int login = 0, bits = 0;
    const char* label = NULL, *sec_param = NULL;

    optct = optionProcess( &p11toolOptions, argc, argv);
    argc += optct;
    argv += optct;

    if (url == NULL && argc > 0)
        url = argv[0];
    else
        url = "pkcs11:";

    if (HAVE_OPT(DEBUG))
        debug = OPT_VALUE_DEBUG;

    gnutls_global_set_log_function (tls_log_func);
    gnutls_global_set_log_level (debug);
    if (debug > 1)
        printf ("Setting log level to %d\n", debug);

    if ((ret = gnutls_global_init ()) < 0)
        error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));

    if (HAVE_OPT(PROVIDER))
    {
        ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
        if (ret < 0)
            fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
        else
        {
            ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
            if (ret < 0)
                error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
                       gnutls_strerror (ret));
        }
    }
    else
    {
        ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
        if (ret < 0)
            fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
    }

    if (HAVE_OPT(OUTFILE))
    {
        outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
        if (outfile == NULL)
            error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
    }
    else
        outfile = stdout;

    memset (&cinfo, 0, sizeof (cinfo));

    if (HAVE_OPT(SECRET_KEY))
        cinfo.secret_key = OPT_ARG(SECRET_KEY);

    if (HAVE_OPT(LOAD_PRIVKEY))
        cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);

    if (HAVE_OPT(PKCS8))
        cinfo.pkcs8 = 1;

    if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
        cinfo.incert_format = GNUTLS_X509_FMT_DER;
    else
        cinfo.incert_format = GNUTLS_X509_FMT_PEM;

    if (HAVE_OPT(LOAD_CERTIFICATE))
        cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);

    if (HAVE_OPT(LOAD_PUBKEY))
        cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);

    if (ENABLED_OPT(DETAILED_URL))
        detailed_url = 1;

    if (ENABLED_OPT(LOGIN))
        login = 1;

    if (HAVE_OPT(LABEL))
    {
        label = OPT_ARG(LABEL);
    }

    if (HAVE_OPT(BITS))
    {
        bits = OPT_VALUE_BITS;
    }

    if (HAVE_OPT(SEC_PARAM))
    {
        sec_param = OPT_ARG(SEC_PARAM);
    }

    if (debug > 0)
    {
        if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no");
        fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no");
        fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no");
        fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no");
        fprintf(stderr, "\n");
    }

    /* handle actions
     */
    if (HAVE_OPT(LIST_TOKENS))
        pkcs11_token_list (outfile, detailed_url, &cinfo);
    else if (HAVE_OPT(LIST_MECHANISMS))
        pkcs11_mechanism_list (outfile, url, login,
                               &cinfo);
    else if (HAVE_OPT(LIST_ALL))
    {
        pkcs11_type = PKCS11_TYPE_ALL;
        pkcs11_list (outfile, url, pkcs11_type,
                     login, detailed_url, &cinfo);
    }
    else if (HAVE_OPT(LIST_ALL_CERTS))
    {
        pkcs11_type = PKCS11_TYPE_CRT_ALL;
        pkcs11_list (outfile, url, pkcs11_type,
                     login, detailed_url, &cinfo);
    }
    else if (HAVE_OPT(LIST_CERTS))
    {
        pkcs11_type = PKCS11_TYPE_PK;
        pkcs11_list (outfile, url, pkcs11_type,
                     login, detailed_url, &cinfo);
    }
    else if (HAVE_OPT(LIST_ALL_PRIVKEYS))
    {
        pkcs11_type = PKCS11_TYPE_PRIVKEY;
        pkcs11_list (outfile, url, pkcs11_type,
                     login, detailed_url, &cinfo);
    }
    else if (HAVE_OPT(LIST_ALL_TRUSTED))
    {
        pkcs11_type = PKCS11_TYPE_TRUSTED;
        pkcs11_list (outfile, url, pkcs11_type,
                     login, detailed_url, &cinfo);
    }
    else if (HAVE_OPT(EXPORT))
    {
        pkcs11_export (outfile, url, login, &cinfo);
    }
    else if (HAVE_OPT(WRITE))
    {
        int priv;

        if (HAVE_OPT(PRIVATE))
            priv = ENABLED_OPT(PRIVATE);
        else priv = -1;
        pkcs11_write (outfile, url, label,
                      ENABLED_OPT(TRUSTED), priv, login, &cinfo);
    }
    else if (HAVE_OPT(INITIALIZE))
        pkcs11_init (outfile, url, label, &cinfo);
    else if (HAVE_OPT(DELETE))
        pkcs11_delete (outfile, url, 0, login, &cinfo);
    else if (HAVE_OPT(GENERATE_ECC))
    {
        key_type = GNUTLS_PK_EC;
        pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
                         label, ENABLED_OPT(PRIVATE), detailed_url, login,
                         &cinfo);
    }
    else if (HAVE_OPT(GENERATE_RSA))
    {
        key_type = GNUTLS_PK_RSA;
        pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
                         label, ENABLED_OPT(PRIVATE), detailed_url, login,
                         &cinfo);
    }
    else if (HAVE_OPT(GENERATE_DSA))
    {
        key_type = GNUTLS_PK_DSA;
        pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param),
                         label, ENABLED_OPT(PRIVATE), detailed_url, login,
                         &cinfo);
    }
    else
    {
        USAGE(1);
    }

    fclose (outfile);

#ifdef ENABLE_PKCS11
    gnutls_pkcs11_deinit ();
#endif
    gnutls_global_deinit ();
}

Ejemplo n.º 4

Archivo: pkcs11-privkey-export.c Proyecto: GostCrypt/GnuTLS

void doit(void)
{
	int ret;
	const char *lib;
	gnutls_privkey_t key;
	gnutls_pubkey_t pub;
	gnutls_datum_t m1, e1;
	gnutls_datum_t m2, e2;

	ret = global_init();
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	gnutls_global_set_log_function(tls_log_func);
	if (debug)
		gnutls_global_set_log_level(4711);

	lib = getenv("P11MOCKLIB1");
	if (lib == NULL)
		lib = P11LIB;

	ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_add_provider(lib, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_privkey_init(&key);
	assert(ret>=0);
	ret = gnutls_pubkey_init(&pub);
	assert(ret>=0);

	gnutls_privkey_set_pin_function(key, pin_func, NULL);

	ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pubkey_import_privkey(pub, key, 0, 0);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pubkey_export_rsa_raw(pub, &m1, &e1);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	gnutls_pubkey_deinit(pub);
	gnutls_privkey_deinit(key);

	/* try again using gnutls_pubkey_import_url */	
	ret = gnutls_pubkey_init(&pub);
	assert(ret>=0);

	ret = gnutls_pubkey_import_url(pub, "pkcs11:object=test;type=public", 0);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pubkey_export_rsa_raw(pub, &m2, &e2);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	assert(m1.size == m2.size);
	assert(e1.size == e2.size);
	assert(memcmp(e1.data, e2.data, e2.size)==0);
	assert(memcmp(m1.data, m2.data, m2.size)==0);

	gnutls_pubkey_deinit(pub);
	gnutls_free(m1.data);
	gnutls_free(e1.data);
	gnutls_free(m2.data);
	gnutls_free(e2.data);
	gnutls_pkcs11_deinit();
	gnutls_global_deinit();
}

Ejemplo n.º 5

Archivo: p11tool.c Proyecto: sqs/gnutls

static void
gaa_parser (int argc, char **argv)
{
  int ret;
  common_info_st cinfo;

  if (gaa (argc, argv, &info) != -1)
    {
      fprintf (stderr, "Try `%s --help' for more information.\n",
               program_name);
      exit (1);
    }

  gnutls_global_set_log_function (tls_log_func);
  gnutls_global_set_log_level (info.debug);
  if (info.debug > 1)
    printf ("Setting log level to %d\n", info.debug);

  if ((ret = gnutls_global_init ()) < 0)
    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));

  if (info.pkcs11_provider != NULL)
    {
      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL);
      if (ret < 0)
        fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
      else
        {
          ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL);
          if (ret < 0)
            error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
                   gnutls_strerror (ret));
        }
    }
  else
    {
      ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
      if (ret < 0)
        fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret));
    }

  if (info.outfile)
    {
      outfile = safe_open_rw (info.outfile, 0);
      if (outfile == NULL)
        error (EXIT_FAILURE, errno, "%s", info.outfile);
    }
  else
    outfile = stdout;

  memset (&cinfo, 0, sizeof (cinfo));
  cinfo.secret_key = info.secret_key;
  cinfo.privkey = info.privkey;
  cinfo.pkcs8 = info.pkcs8;
  cinfo.incert_format = info.incert_format;
  cinfo.cert = info.cert;

  switch (info.action)
    {
    case ACTION_PKCS11_LIST:
      pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type,
                   info.pkcs11_login, info.pkcs11_detailed_url, &cinfo);
      break;
    case ACTION_PKCS11_TOKENS:
      pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo);
      break;
    case ACTION_PKCS11_MECHANISMS:
      pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login,
                             &cinfo);
      break;
    case ACTION_PKCS11_EXPORT_URL:
      pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo);
      break;
    case ACTION_PKCS11_WRITE_URL:
      pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label,
                    info.pkcs11_trusted, info.pkcs11_login, &cinfo);
      break;
    case ACTION_PKCS11_TOKEN_INIT:
      pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo);
      break;
    case ACTION_PKCS11_DELETE_URL:
      pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo);
      break;
    default:
      gaa_help ();
      exit (0);
    }
  fclose (outfile);

  gnutls_pkcs11_deinit ();
  gnutls_global_deinit ();
}

Ejemplo n.º 6

Archivo: gnutls_global.c Proyecto: frankmorgner/gnutls

/**
 * gnutls_global_init:
 *
 * This function performs any required precalculations, detects
 * the supported CPU capabilities and initializes the underlying
 * cryptographic backend. In order to free any resources 
 * taken by this call you should gnutls_global_deinit() 
 * when gnutls usage is no longer needed.
 *
 * This function increments a global counter, so that
 * gnutls_global_deinit() only releases resources when it has been
 * called as many times as gnutls_global_init().  This is useful when
 * GnuTLS is used by more than one library in an application.  This
 * function can be called many times, but will only do something the
 * first time.
 *
 * Note!  This function is not thread safe.  If two threads call this
 * function simultaneously, they can cause a race between checking
 * the global counter and incrementing it, causing both threads to
 * execute the library initialization code.  That would lead to a
 * memory leak.  To handle this, your application could invoke this
 * function after aquiring a thread mutex.  To ignore the potential
 * memory leak is also an option.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 **/
int
gnutls_global_init (void)
{
  int result = 0;
  int res;

  if (_gnutls_init++)
    goto out;

  if (gl_sockets_startup (SOCKETS_1_1))
    return gnutls_assert_val(GNUTLS_E_FILE_ERROR);

  bindtextdomain (PACKAGE, LOCALEDIR);

  res = gnutls_crypto_init ();
  if (res != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_CRYPTO_INIT_FAILED;
    }

  _gnutls_register_accel_crypto();

  /* initialize ASN.1 parser
   * This should not deal with files in the final
   * version.
   */
  if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
    {
      gnutls_assert ();
      _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
                         asn1_check_version (NULL),
                         GNUTLS_MIN_LIBTASN1_VERSION);
      return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
    }

  res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  /* Initialize the random generator */
  result = _gnutls_rnd_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  /* Initialize the default TLS extensions */
  result = _gnutls_ext_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  result = gnutls_mutex_init(&_gnutls_file_mutex);
  if (result < 0)
    {
      gnutls_assert();
      goto out;
    }

  result = gnutls_system_global_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

#ifdef ENABLE_PKCS11
  gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
#endif

  _gnutls_cryptodev_init ();

out:
  return result;
}

Ejemplo n.º 7

Archivo: pkcs11-privkey-fork-reinit.c Proyecto: gnutls/gnutls

void doit(void)
{
	int ret;
	const char *lib;
	gnutls_privkey_t key;
	gnutls_datum_t sig = {NULL, 0}, data;
	pid_t pid;

	data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb";
	data.size = 20;

	ret = global_init();
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	gnutls_global_set_log_function(tls_log_func);
	if (debug)
		gnutls_global_set_log_level(4711);

	lib = getenv("P11MOCKLIB1");
	if (lib == NULL)
		lib = P11LIB;

	ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_add_provider(lib, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_privkey_init(&key);
	assert(ret>=0);

	gnutls_privkey_set_pin_function(key, pin_func, NULL);

	ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	gnutls_free(sig.data);

	pid = fork();
	if (pid != 0) {
		int status;
		assert(waitpid(pid, &status, 0) >= 0);

		if (WEXITSTATUS(status) != 0) {
			fail("child return status was unexpected: %d\n", WEXITSTATUS(status));
			exit(1);
		}
	} else { /* child */

		ret = gnutls_pkcs11_reinit();
		assert(ret == 0);

		ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
		if (ret < 0) {
			fail("%d: %s\n", ret, gnutls_strerror(ret));
			exit(1);
		}

		gnutls_free(sig.data);		
		gnutls_privkey_deinit(key);
		gnutls_pkcs11_deinit();
		gnutls_global_deinit();
		exit(0);
	}

	if (debug)
		printf("done\n\n\n");

	gnutls_privkey_deinit(key);
	gnutls_pkcs11_deinit();
	gnutls_global_deinit();
}

Ejemplo n.º 8

Archivo: pkcs11-cert-import-url-exts.c Proyecto: GostCrypt/GnuTLS

void doit(void)
{
	int ret;
	gnutls_x509_crt_t crt, ocrt;
	unsigned keyusage;
	const char *lib;

	ret = global_init();
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	lib = getenv("P11MOCKLIB1");
	if (lib == NULL)
		lib = P11LIB;

	gnutls_global_set_time_function(mytime);
	if (debug) {
		gnutls_global_set_log_level(4711);
		success("loading lib %s\n", lib);
	}

	ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_pkcs11_add_provider(lib, "trusted");
	if (ret != 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	assert(gnutls_x509_crt_init(&crt)>=0);
	assert(gnutls_x509_crt_init(&ocrt)>=0);

	/* check high level certificate functions */
	ret = gnutls_x509_crt_import_url(crt, "pkcs11:type=cert;object=cert1", 0);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_x509_crt_import_url(ocrt, "pkcs11:type=cert;object=cert1", GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_x509_crt_equals(crt, ocrt);
	if (ret != 0) {
	    fail("exported certificates are equal!\n");
	}

	ret = gnutls_x509_crt_get_ca_status(ocrt, NULL);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	if (ret == 0) {
		fail("overriden cert is not a CA!\n");
		exit(1);
	}

	ret = gnutls_x509_crt_get_key_usage(ocrt, &keyusage, NULL);
	if (ret < 0) {
		fail("%d: %s\n", ret, gnutls_strerror(ret));
		exit(1);
	}

	if (keyusage != (GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_KEY_CERT_SIGN)) {
		fail("Extension does not have the expected key usage!\n");
	}

	gnutls_x509_crt_deinit(crt);
	gnutls_x509_crt_deinit(ocrt);
	if (debug)
		printf("done\n\n\n");

	gnutls_global_deinit();
}