Exemplos de PKCS11_sign em C++ (Cpp)

Linguagem de programação: C++ (Cpp)

Método / Função: PKCS11_sign

Exemplos em hotexamples.com: 2

PKCS11_sign em C++ (Cpp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de PKCS11_sign em C++ (Cpp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Exemplo n.º 1

0

Exibir arquivo

Arquivo: fork-test.c Projeto: moench-tegeder/libp11

int main(int argc, char *argv[]) { PKCS11_CTX *ctx; PKCS11_SLOT *slots, *slot; PKCS11_CERT *certs; PKCS11_KEY *authkey; PKCS11_CERT *authcert; EVP_PKEY *pubkey = NULL; unsigned char *random = NULL, *signature = NULL; char password[20]; int rc = 0, fd; unsigned int nslots, ncerts, siglen; if (argc < 2) { fprintf(stderr, "usage: %s /usr/lib/opensc-pkcs11.so [PIN]\n", argv[0]); return 1; } do_fork(); ctx = PKCS11_CTX_new(); error_queue("PKCS11_CTX_new"); /* load pkcs #11 module */ do_fork(); rc = PKCS11_CTX_load(ctx, argv[1]); error_queue("PKCS11_CTX_load"); if (rc) { fprintf(stderr, "loading pkcs11 engine failed: %s\n", ERR_reason_error_string(ERR_get_error())); rc = 1; goto nolib; } /* get information on all slots */ do_fork(); rc = PKCS11_enumerate_slots(ctx, &slots, &nslots); error_queue("PKCS11_enumerate_slots"); if (rc < 0) { fprintf(stderr, "no slots available\n"); rc = 2; goto noslots; } /* get first slot with a token */ do_fork(); slot = PKCS11_find_token(ctx, slots, nslots); error_queue("PKCS11_find_token"); if (slot == NULL || slot->token == NULL) { fprintf(stderr, "no token available\n"); rc = 3; goto notoken; } printf("Slot manufacturer......: %s\n", slot->manufacturer); printf("Slot description.......: %s\n", slot->description); printf("Slot token label.......: %s\n", slot->token->label); printf("Slot token manufacturer: %s\n", slot->token->manufacturer); printf("Slot token model.......: %s\n", slot->token->model); printf("Slot token serialnr....: %s\n", slot->token->serialnr); if (!slot->token->loginRequired) goto loggedin; /* get password */ if (argc > 2) { strcpy(password, argv[2]); } else { exit(1); } loggedin: /* perform pkcs #11 login */ do_fork(); rc = PKCS11_login(slot, 0, password); error_queue("PKCS11_login"); memset(password, 0, strlen(password)); if (rc != 0) { fprintf(stderr, "PKCS11_login failed\n"); goto failed; } /* get all certs */ do_fork(); rc = PKCS11_enumerate_certs(slot->token, &certs, &ncerts); error_queue("PKCS11_enumerate_certs"); if (rc) { fprintf(stderr, "PKCS11_enumerate_certs failed\n"); goto failed; } if (ncerts <= 0) { fprintf(stderr, "no certificates found\n"); goto failed; } /* use the first cert */ authcert=&certs[0]; /* get random bytes */ random = OPENSSL_malloc(RANDOM_SIZE); if (random == NULL) goto failed; fd = open(RANDOM_SOURCE, O_RDONLY); if (fd < 0) { fprintf(stderr, "fatal: cannot open RANDOM_SOURCE: %s\n", strerror(errno)); goto failed; } rc = read(fd, random, RANDOM_SIZE); if (rc < 0) { fprintf(stderr, "fatal: read from random source failed: %s\n", strerror(errno)); close(fd); goto failed; } if (rc < RANDOM_SIZE) { fprintf(stderr, "fatal: read returned less than %d<%d bytes\n", rc, RANDOM_SIZE); close(fd); goto failed; } close(fd); do_fork(); authkey = PKCS11_find_key(authcert); error_queue("PKCS11_find_key"); if (authkey == NULL) { fprintf(stderr, "no key matching certificate available\n"); goto failed; } /* ask for a sha1 hash of the random data, signed by the key */ siglen = MAX_SIGSIZE; signature = OPENSSL_malloc(MAX_SIGSIZE); if (signature == NULL) goto failed; /* do the operations in child */ do_fork(); rc = PKCS11_sign(NID_sha1, random, RANDOM_SIZE, signature, &siglen, authkey); error_queue("PKCS11_sign"); if (rc != 1) { fprintf(stderr, "fatal: pkcs11_sign failed\n"); goto failed; } /* verify the signature */ pubkey = X509_get_pubkey(authcert->x509); if (pubkey == NULL) { fprintf(stderr, "could not extract public key\n"); goto failed; } /* now verify the result */ rc = RSA_verify(NID_sha1, random, RANDOM_SIZE, signature, siglen, pubkey->pkey.rsa); if (rc != 1) { fprintf(stderr, "fatal: RSA_verify failed\n"); goto failed; } if (pubkey != NULL) EVP_PKEY_free(pubkey); if (random != NULL) OPENSSL_free(random); if (signature != NULL) OPENSSL_free(signature); PKCS11_release_all_slots(ctx, slots, nslots); PKCS11_CTX_unload(ctx); PKCS11_CTX_free(ctx); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); printf("authentication successfull.\n"); return 0; failed: notoken: PKCS11_release_all_slots(ctx, slots, nslots); noslots: PKCS11_CTX_unload(ctx); nolib: PKCS11_CTX_free(ctx); printf("authentication failed.\n"); return 1; }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: PKCS11Signer.cpp Projeto: Krabi/idkaart_public

/** * Signs the digest provided using the selected certificate. If the certificate needs PIN, * the PIN is acquired by calling the callback function <code>getPin</code>. * * @param digest digest, which is being signed. * @param signature memory for the signature that is created. Struct parameter <code>length</code> * is set to the actual signature length. * @throws SignException throws exception if the signing operation failed. */ void digidoc::PKCS11Signer::sign(const Digest& digest, Signature& signature) throw(SignException) { DEBUG("sign(digest = {type=%s,digest=%p,length=%d}, signature={signature=%p,length=%d})", OBJ_nid2sn(digest.type), digest.digest, digest.length, signature.signature, signature.length); // Check that sign slot and certificate are selected. if(d->sign.certificate == NULL || d->sign.slot == NULL) { THROW_SIGNEXCEPTION("Signing slot or certificate are not selected."); } // Login if required. if(d->sign.slot->token->loginRequired) { int rv = 0; if(d->sign.slot->token->secureLogin) { showPinpad(); rv = PKCS11_login(d->sign.slot, 0, NULL); hidePinpad(); } else rv = PKCS11_login(d->sign.slot, 0, getPin(d->createPKCS11Cert(d->sign.slot, d->sign.certificate)).c_str()); switch(ERR_GET_REASON(ERR_get_error())) { case CKR_OK: break; case CKR_CANCEL: case CKR_FUNCTION_CANCELED: { SignException e( __FILE__, __LINE__, "PIN acquisition canceled."); e.setCode( Exception::PINCanceled ); throw e; break; } case CKR_PIN_INCORRECT: { SignException e( __FILE__, __LINE__, "PIN Incorrect" ); e.setCode( Exception::PINIncorrect ); throw e; break; } case CKR_PIN_LOCKED: { SignException e( __FILE__, __LINE__, "PIN Locked" ); e.setCode( Exception::PINLocked ); throw e; break; } default: std::ostringstream s; s << "Failed to login to token '" << d->sign.slot->token->label << "': " << ERR_reason_error_string(ERR_get_error()); SignException e( __FILE__, __LINE__, s.str() ); e.setCode( Exception::PINFailed ); throw e; break; } } PKCS11_KEY* signKey = PKCS11_find_key(d->sign.certificate); if(signKey == NULL) { THROW_SIGNEXCEPTION("Could not get key that matches selected certificate."); } // Sign the digest. int result = PKCS11_sign(digest.type, digest.digest, digest.length, signature.signature, &(signature.length), signKey); if(result != 1) { THROW_SIGNEXCEPTION("Failed to sign digest: %s", ERR_reason_error_string(ERR_get_error())); } }