else if (match("PIN", &token))
{
chunk_t sc = chunk_empty, secret = chunk_empty;
- char smartcard[64], keyid[64], pin[64], module[64], *pos;
+ char smartcard[64], keyid[64], module[64], *pos;
private_key_t *key;
u_int slot;
enum {
DBG1(DBG_CFG, "line %d: malformed PIN: %s", line_nr, ugh);
goto error;
}
- snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
- pin[sizeof(pin) - 1] = '\0';
switch (format)
{
BUILD_PKCS11_SLOT, slot,
BUILD_PKCS11_MODULE, module,
BUILD_PKCS11_KEYID, keyid,
- BUILD_PKCS11_PIN, pin, BUILD_END);
+ BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_SLOT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_SLOT, slot,
BUILD_PKCS11_KEYID, keyid,
- BUILD_PKCS11_PIN, pin, BUILD_END);
+ BUILD_PASSPHRASE, secret, BUILD_END);
break;
case SC_FORMAT_KEYID:
key = lib->creds->create(lib->creds,
CRED_PRIVATE_KEY, KEY_ANY,
BUILD_PKCS11_KEYID, keyid,
- BUILD_PKCS11_PIN, pin, BUILD_END);
+ BUILD_PASSPHRASE, secret, BUILD_END);
break;
}
if (key)
DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr);
this->private->insert_last(this->private, key);
}
- memset(pin, 0, sizeof(pin));
chunk_clear(&secret);
}
else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
"BUILD_PKCS11_MODULE",
"BUILD_PKCS11_SLOT",
"BUILD_PKCS11_KEYID",
- "BUILD_PKCS11_PIN",
"BUILD_RSA_MODULUS",
"BUILD_RSA_PUB_EXP",
"BUILD_RSA_PRIV_EXP",
BUILD_BLOB_PGP,
/** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
BUILD_BLOB_DNSKEY,
- /** passphrase for e.g. PEM decryption, chunk_t */
+ /** passphrase for e.g. PEM decryption, smartcard unlock, chunk_t */
BUILD_PASSPHRASE,
/** passphrase callback, chunk_t(*fn)(void *user, int try), void *user.
* The callback is invoked until the returned passphrase is accepted, or
BUILD_PKCS11_SLOT,
/** key ID of a key on a token, null terminated char* */
BUILD_PKCS11_KEYID,
- /** pin to access a token, null terminated char* */
- BUILD_PKCS11_PIN,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
/** public exponent (e) of a RSA key, chunk_t */
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
- char *keyid = NULL, *pin = NULL, *engine_id = NULL;
- char keyname[64];
+ char *keyid = NULL, *engine_id = NULL;
+ char keyname[64], pin[32];;
+ chunk_t secret = chunk_empty;
EVP_PKEY *key;
ENGINE *engine;
int slot = -1;
case BUILD_PKCS11_KEYID:
keyid = va_arg(args, char*);
continue;
- case BUILD_PKCS11_PIN:
- pin = va_arg(args, char*);
+ case BUILD_PASSPHRASE:
+ secret = va_arg(args, chunk_t);
continue;
case BUILD_PKCS11_SLOT:
slot = va_arg(args, int);
}
break;
}
- if (!keyid || !pin)
+ if (!keyid || !secret.len || !secret.ptr)
{
return NULL;
}
{
snprintf(keyname, sizeof(keyname), "%d:%s", slot, keyid);
}
+ snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr);
if (!engine_id)
{
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
{
private_pkcs11_private_key_t *this;
- char *keyid = NULL, *pin = NULL, *module = NULL;
+ char *keyid = NULL, *module = NULL;
int slot = -1;
CK_RV rv;
- chunk_t chunk;
+ chunk_t chunk, pin = chunk_empty;
while (TRUE)
{
case BUILD_PKCS11_KEYID:
keyid = va_arg(args, char*);
continue;
- case BUILD_PKCS11_PIN:
- pin = va_arg(args, char*);
+ case BUILD_PASSPHRASE:
+ pin = va_arg(args, chunk_t);
continue;
case BUILD_PKCS11_SLOT:
slot = va_arg(args, int);
}
break;
}
- if (!keyid || !pin || !module || slot == -1)
+ if (!keyid || !pin.ptr || !pin.len || !module || slot == -1)
{ /* we currently require all parameters, TODO: search for pubkeys */
return NULL;
}
this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
- rv = this->lib->f->C_Login(this->session, CKU_USER, pin, strlen(pin));
+ rv = this->lib->f->C_Login(this->session, CKU_USER, pin.ptr, pin.len);
if (rv != CKR_OK)
{
DBG1(DBG_CFG, "login to '%s':%d failed: %N",