|
Packit Service |
2ea82d |
/* libp11 example code: listkeys.c
|
|
Packit Service |
2ea82d |
*
|
|
Packit Service |
2ea82d |
* This examply simply connects to your smart card
|
|
Packit Service |
2ea82d |
* and list the keys.
|
|
Packit Service |
2ea82d |
*
|
|
Packit Service |
2ea82d |
* Feel free to copy all of the code as needed.
|
|
Packit Service |
2ea82d |
*
|
|
Packit Service |
2ea82d |
*/
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
#include <sys/types.h>
|
|
Packit Service |
2ea82d |
#include <sys/stat.h>
|
|
Packit Service |
2ea82d |
#include <fcntl.h>
|
|
Packit Service |
2ea82d |
#include <stdio.h>
|
|
Packit Service |
2ea82d |
#include <unistd.h>
|
|
Packit Service |
2ea82d |
#include <string.h>
|
|
Packit Service |
2ea82d |
#include <sys/types.h>
|
|
Packit Service |
2ea82d |
#include <libp11.h>
|
|
Packit Service |
2ea82d |
#include <unistd.h>
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
#define RANDOM_SOURCE "/dev/urandom"
|
|
Packit Service |
2ea82d |
#define RANDOM_SIZE 20
|
|
Packit Service |
2ea82d |
#define MAX_SIGSIZE 256
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
static void list_keys(const char *title,
|
|
Packit Service |
2ea82d |
const PKCS11_KEY *keys, const unsigned int nkeys);
|
|
Packit Service |
2ea82d |
static void error_queue(const char *name);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
#define CHECK_ERR(cond, txt, code) \
|
|
Packit Service |
2ea82d |
do { \
|
|
Packit Service |
2ea82d |
if (cond) { \
|
|
Packit Service |
2ea82d |
fprintf(stderr, "%s\n", (txt)); \
|
|
Packit Service |
2ea82d |
rc=(code); \
|
|
Packit Service |
2ea82d |
goto end; \
|
|
Packit Service |
2ea82d |
} \
|
|
Packit Service |
2ea82d |
} while (0)
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
int main(int argc, char *argv[])
|
|
Packit Service |
2ea82d |
{
|
|
Packit Service |
2ea82d |
PKCS11_CTX *ctx=NULL;
|
|
Packit Service |
2ea82d |
PKCS11_SLOT *slots=NULL, *slot;
|
|
Packit Service |
2ea82d |
PKCS11_KEY *keys;
|
|
Packit Service |
2ea82d |
unsigned int nslots, nkeys;
|
|
Packit Service |
2ea82d |
int rc = 0;
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
if (argc < 2) {
|
|
Packit Service |
2ea82d |
fprintf(stderr,
|
|
Packit Service |
2ea82d |
"usage: %s /usr/lib/opensc-pkcs11.so [PIN]\n",
|
|
Packit Service |
2ea82d |
argv[0]);
|
|
Packit Service |
2ea82d |
return 1;
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
ctx = PKCS11_CTX_new();
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_CTX_new");
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* load pkcs #11 module */
|
|
Packit Service |
2ea82d |
rc = PKCS11_CTX_load(ctx, argv[1]);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_CTX_load");
|
|
Packit Service |
2ea82d |
CHECK_ERR(rc < 0, "loading pkcs11 engine failed", 1);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* get information on all slots */
|
|
Packit Service |
2ea82d |
rc = PKCS11_enumerate_slots(ctx, &slots, &nslots);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_enumerate_slots");
|
|
Packit Service |
2ea82d |
CHECK_ERR(rc < 0, "no slots available", 2);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* get first slot with a token */
|
|
Packit Service |
2ea82d |
slot = PKCS11_find_token(ctx, slots, nslots);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_find_token");
|
|
Packit Service |
2ea82d |
CHECK_ERR(!slot || !slot->token, "no token available", 3);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
printf("Slot manufacturer......: %s\n", slot->manufacturer);
|
|
Packit Service |
2ea82d |
printf("Slot description.......: %s\n", slot->description);
|
|
Packit Service |
2ea82d |
printf("Slot token label.......: %s\n", slot->token->label);
|
|
Packit Service |
2ea82d |
printf("Slot token manufacturer: %s\n", slot->token->manufacturer);
|
|
Packit Service |
2ea82d |
printf("Slot token model.......: %s\n", slot->token->model);
|
|
Packit Service |
2ea82d |
printf("Slot token serialnr....: %s\n", slot->token->serialnr);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* get public keys */
|
|
Packit Service |
2ea82d |
rc = PKCS11_enumerate_public_keys(slot->token, &keys, &nkeys);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_enumerate_public_keys");
|
|
Packit Service |
2ea82d |
CHECK_ERR(rc < 0, "PKCS11_enumerate_public_keys failed", 4);
|
|
Packit Service |
2ea82d |
CHECK_ERR(nkeys == 0, "No public keys found", 5);
|
|
Packit Service |
2ea82d |
list_keys("Public keys", keys, nkeys);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
if (slot->token->loginRequired && argc > 2) {
|
|
Packit Service |
2ea82d |
/* perform pkcs #11 login */
|
|
Packit Service |
2ea82d |
rc = PKCS11_login(slot, 0, argv[2]);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_login");
|
|
Packit Service |
2ea82d |
CHECK_ERR(rc < 0, "PKCS11_login failed", 6);
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* get private keys */
|
|
Packit Service |
2ea82d |
rc = PKCS11_enumerate_keys(slot->token, &keys, &nkeys);
|
|
Packit Service |
2ea82d |
error_queue("PKCS11_enumerate_keys");
|
|
Packit Service |
2ea82d |
CHECK_ERR(rc < 0, "PKCS11_enumerate_keys failed", 7);
|
|
Packit Service |
2ea82d |
CHECK_ERR(nkeys == 0, "No private keys found", 8);
|
|
Packit Service |
2ea82d |
list_keys("Private keys", keys, nkeys);
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
end:
|
|
Packit Service |
2ea82d |
if (slots)
|
|
Packit Service |
2ea82d |
PKCS11_release_all_slots(ctx, slots, nslots);
|
|
Packit Service |
2ea82d |
if (ctx) {
|
|
Packit Service |
2ea82d |
PKCS11_CTX_unload(ctx);
|
|
Packit Service |
2ea82d |
PKCS11_CTX_free(ctx);
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
if (rc)
|
|
Packit Service |
2ea82d |
printf("Failed (error code %d).\n", rc);
|
|
Packit Service |
2ea82d |
else
|
|
Packit Service |
2ea82d |
printf("Success.\n");
|
|
Packit Service |
2ea82d |
return rc;
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
static void list_keys(const char *title, const PKCS11_KEY *keys,
|
|
Packit Service |
2ea82d |
const unsigned int nkeys) {
|
|
Packit Service |
2ea82d |
unsigned int i;
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
printf("\n%s:\n", title);
|
|
Packit Service |
2ea82d |
for (i = 0; i < nkeys; i++)
|
|
Packit Service |
2ea82d |
printf(" * %s key: %s\n",
|
|
Packit Service |
2ea82d |
keys[i].isPrivate ? "Private" : "Public", keys[i].label);
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
static void error_queue(const char *name)
|
|
Packit Service |
2ea82d |
{
|
|
Packit Service |
2ea82d |
if (ERR_peek_last_error()) {
|
|
Packit Service |
2ea82d |
fprintf(stderr, "%s generated errors:\n", name);
|
|
Packit Service |
2ea82d |
ERR_print_errors_fp(stderr);
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
}
|
|
Packit Service |
2ea82d |
|
|
Packit Service |
2ea82d |
/* vim: set noexpandtab: */
|