upstream/illumos/illumos-gate: usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/kssladm

898 64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	1	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	2	* CDDL HEADER START
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	3	*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	4	* The contents of this file are subject to the terms of the
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	5	* Common Development and Distribution License, Version 1.0 only
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	6	* (the "License"). You may not use this file except in compliance
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	7	* with the License.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	8	*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	9	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	10	* or http://www.opensolaris.org/os/licensing.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	11	* See the License for the specific language governing permissions
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	12	* and limitations under the License.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	13	*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	14	* When distributing Covered Code, include this CDDL HEADER in each
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	15	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	16	* If applicable, add the following below this CDDL HEADER, with the
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	17	* fields enclosed by brackets "[]" replaced with your own identifying
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	18	* information: Portions Copyright [yyyy] [name of copyright owner]
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	19	*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	20	* CDDL HEADER END
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	21	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	22	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	23	* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	24	* Use is subject to license terms.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	25	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	26
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	27	#pragma ident "%Z%%M% %I% %E% SMI"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	28
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	29	#include <arpa/inet.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	30	#include <errno.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	31	#include <netdb.h> /* hostent */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	32	#include <netinet/in.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	33	#include <openssl/rsa.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	34	#include <security/cryptoki.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	35	#include <security/pkcs11.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	36	#include <cryptoutil.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	37	#include <stdio.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	38	#include <strings.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	39	#include <sys/socket.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	40	#include <libscf.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	41	#include <inet/kssl/kssl.h>
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	42	#include "kssladm.h"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	43
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	44	void
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	45	usage_create(boolean_t do_print)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	46	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	47	if (do_print)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	48	(void) fprintf(stderr, "Usage:\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	49	(void) fprintf(stderr, "kssladm create"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	50	" -f pkcs11 [-d softtoken_directory] -T <token_label>"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	51	" -C <certificate_label> -x <proxy_port>"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	52	" [options] [<server_address>] [<server_port>]\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	53
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	54	(void) fprintf(stderr, "kssladm create"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	55	" -f pkcs12 -i <certificate_file> -x <proxy_port>"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	56	" [options] [<server_address>] [<server_port>]\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	57
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	58	(void) fprintf(stderr, "kssladm create"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	59	" -f pem -i <certificate_file> -x <proxy_port>"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	60	" [options] [<server_address>] [<server_port>]\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	61
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	62	(void) fprintf(stderr, "options are:\n"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	63	"\t[-c <ciphersuites>]\n"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	64	"\t[-p <password_file>]\n"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	65	"\t[-t <ssl_session_cache_timeout>]\n"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	66	"\t[-z <ssl_session_cache_size>]\n"
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	67	"\t[-v]\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	68	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	69
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	70	static uchar_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	71	get_cert_val(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE cert_obj, int *len)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	72	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	73	CK_RV rv;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	74	uchar_t *buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	75	CK_ATTRIBUTE cert_attrs[] = {{CKA_VALUE, NULL, 0}};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	76
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	77	/* the certs ... */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	78	rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	79	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	80	(void) fprintf(stderr, "Cannot get cert size."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	81	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	82	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	83	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	84
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	85	buf = malloc(cert_attrs[0].ulValueLen);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	86	if (buf == NULL)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	87	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	88	cert_attrs[0].pValue = buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	89
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	90	rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	91	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	92	(void) fprintf(stderr, "Cannot get cert value."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	93	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	94	free(buf);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	95	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	96	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	97
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	98	*len = cert_attrs[0].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	99	return (buf);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	100	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	101
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	102	#define REQ_ATTR_CNT 2
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	103	#define OPT_ATTR_CNT 6
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	104	#define MAX_ATTR_CNT (REQ_ATTR_CNT + OPT_ATTR_CNT)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	105
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	106	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	107	* Everything is allocated in one single contiguous buffer.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	108	* The layout is the following:
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	109	* . the kssl_params_t structure
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	110	* . the array of sizes of the certificates, (value of sc_sizes_offset)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	111	* . the array of key attribute structs, (value of ck_attrs)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	112	* . the certificates values (values of sc_certs[i])
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	113	* . the key attributes values (values of ck_attrs[i].ck_value);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	114	*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	115	* The address of the certs and key attributes values are offsets
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	116	* from the beginning of the big buffer.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	117	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	118	static kssl_params_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	119	pkcs11_to_kssl(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE privkey_obj,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	120	CK_OBJECT_HANDLE cert_obj, int *paramsize)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	121	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	122	int i;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	123	CK_RV rv;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	124	CK_ATTRIBUTE privkey_attrs[MAX_ATTR_CNT] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	125	{CKA_MODULUS, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	126	{CKA_PRIVATE_EXPONENT, NULL_PTR, 0}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	127	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	128	CK_ATTRIBUTE privkey_opt_attrs[OPT_ATTR_CNT] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	129	{CKA_PUBLIC_EXPONENT, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	130	{CKA_PRIME_1, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	131	{CKA_PRIME_2, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	132	{CKA_EXPONENT_1, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	133	{CKA_EXPONENT_2, NULL_PTR, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	134	{CKA_COEFFICIENT, NULL_PTR, 0}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	135	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	136	CK_ATTRIBUTE cert_attrs[] = { {CKA_VALUE, NULL, 0} };
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	137	kssl_object_attribute_t kssl_attrs[MAX_ATTR_CNT];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	138	kssl_params_t *kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	139	kssl_key_t *key;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	140	char *buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	141	uint32_t cert_size, bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	142	int attr_cnt;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	143
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	144	/* the certs ... */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	145	rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	146	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	147	(void) fprintf(stderr, "Cannot get cert size."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	148	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	149	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	150	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	151
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	152	/* Get the sizes */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	153	bufsize = sizeof (kssl_params_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	154	cert_size = (uint32_t)cert_attrs[0].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	155	bufsize += cert_size + sizeof (uint32_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	156
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	157	/* and the required key attributes */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	158	rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	159	REQ_ATTR_CNT);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	160	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	161	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	162	"Cannot get private key object attributes. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	163	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	164	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	165	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	166	for (i = 0; i < REQ_ATTR_CNT; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	167	bufsize += sizeof (crypto_object_attribute_t) +
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	168	privkey_attrs[i].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	169	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	170	attr_cnt = REQ_ATTR_CNT;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	171
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	172	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	173	* Get the optional key attributes. The return values could be
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	174	* CKR_ATTRIBUTE_TYPE_INVALID with ulValueLen set to -1 OR
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	175	* CKR_OK with ulValueLen set to 0. The latter is done by
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	176	* soft token and seems dubious.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	177	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	178	rv = C_GetAttributeValue(sess, privkey_obj, privkey_opt_attrs,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	179	OPT_ATTR_CNT);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	180	if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	181	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	182	"Cannot get private key object attributes. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	183	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	184	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	185	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	186	for (i = 0; i < OPT_ATTR_CNT; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	187	if (privkey_opt_attrs[i].ulValueLen == (CK_ULONG)-1 \|\|
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	188	privkey_opt_attrs[i].ulValueLen == 0)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	189	continue;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	190	/* Structure copy */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	191	privkey_attrs[attr_cnt] = privkey_opt_attrs[i];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	192	bufsize += sizeof (crypto_object_attribute_t) +
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	193	privkey_opt_attrs[i].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	194	attr_cnt++;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	195	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	196
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	197	/* Now the big memory allocation */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	198	if ((buf = calloc(bufsize, 1)) == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	199	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	200	"Cannot allocate memory for the kssl_params "
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	201	"and values\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	202	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	203	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	204
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	205	/* LINTED */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	206	kssl_params = (kssl_params_t *)buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	207
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	208	buf = (char *)(kssl_params + 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	209
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	210	kssl_params->kssl_certs.sc_count = 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	211	bcopy(&cert_size, buf, sizeof (uint32_t));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	212	kssl_params->kssl_certs.sc_sizes_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	213	buf += sizeof (uint32_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	214
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	215	/* the keys attributes structs array */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	216	key = &kssl_params->kssl_privkey;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	217	key->ks_format = CRYPTO_KEY_ATTR_LIST;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	218	key->ks_count = attr_cnt;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	219	key->ks_attrs_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	220	buf += attr_cnt * sizeof (kssl_object_attribute_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	221
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	222	/* now the certs values */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	223	cert_attrs[0].pValue = buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	224	kssl_params->kssl_certs.sc_certs_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	225	buf += cert_attrs[0].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	226
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	227	rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	228	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	229	(void) fprintf(stderr, "Cannot get cert value."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	230	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	231	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	232	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	233
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	234	/* then the attributes values */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	235	for (i = 0; i < attr_cnt; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	236	privkey_attrs[i].pValue = buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	237	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	238	* We assume the attribute types in the kernel are
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	239	* the same as the PKCS #11 values.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	240	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	241	kssl_attrs[i].ka_type = privkey_attrs[i].type;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	242	kssl_attrs[i].ka_value_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	243
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	244	kssl_attrs[i].ka_value_len = privkey_attrs[i].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	245
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	246	buf += privkey_attrs[i].ulValueLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	247	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	248	/* then the key attributes values */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	249	rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs, attr_cnt);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	250	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	251	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	252	"Cannot get private key object attributes."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	253	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	254	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	255	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	256
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	257	bcopy(kssl_attrs, ((char *)kssl_params) + key->ks_attrs_offset,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	258	attr_cnt * sizeof (kssl_object_attribute_t));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	259
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	260	*paramsize = bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	261	return (kssl_params);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	262	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	263
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	264	#define max_num_cert 32
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	265
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	266	kssl_params_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	267	load_from_pkcs11(const char token_label, const char password_file,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	268	const char certname, int bufsize)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	269	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	270	static CK_BBOOL true = TRUE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	271	static CK_BBOOL false = FALSE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	272
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	273	CK_RV rv;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	274	CK_SLOT_ID slot;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	275	CK_SLOT_ID_PTR pk11_slots;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	276	CK_ULONG slotcnt = 10;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	277	CK_TOKEN_INFO token_info;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	278	CK_SESSION_HANDLE sess;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	279	static CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	280	static CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	281	CK_ATTRIBUTE cert_tmpl[4] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	282	{CKA_TOKEN, &true, sizeof (true)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	283	{CKA_LABEL, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	284	{CKA_CLASS, &cert_class, sizeof (cert_class)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	285	{CKA_CERTIFICATE_TYPE, &cert_type, sizeof (cert_type)}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	286	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	287	CK_ULONG cert_tmpl_count = 4, cert_obj_count = 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	288	CK_OBJECT_HANDLE cert_obj, privkey_obj;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	289	CK_OBJECT_HANDLE cert_objs[max_num_cert];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	290	static CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	291	static CK_KEY_TYPE privkey_type = CKK_RSA;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	292	CK_ATTRIBUTE privkey_tmpl[] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	293	{CKA_MODULUS, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	294	{CKA_TOKEN, &true, sizeof (true)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	295	{CKA_CLASS, &privkey_class, sizeof (privkey_class)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	296	{CKA_KEY_TYPE, &privkey_type, sizeof (privkey_type)}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	297	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	298	CK_ULONG privkey_tmpl_count = 4, privkey_obj_count = 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	299	static CK_BYTE modulus[1024];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	300	CK_ATTRIBUTE privkey_attrs[1] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	301	{CKA_MODULUS, modulus, sizeof (modulus)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	302	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	303	boolean_t bingo = B_FALSE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	304	int blen, mlen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	305	uchar_t mval, ber_buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	306	char token_label_padded[sizeof (token_info.label) + 1];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	307
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	308	(void) snprintf(token_label_padded, sizeof (token_label_padded),
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	309	"%-32s", token_label);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	310
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	311	rv = C_Initialize(NULL_PTR);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	312
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	313	if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	314	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	315	"Cannot initialize PKCS#11. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	316	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	317	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	318	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	319
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	320	/* Get slot count */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	321	rv = C_GetSlotList(1, NULL_PTR, &slotcnt);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	322	if (rv != CKR_OK \|\| slotcnt == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	323	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	324	"Cannot get PKCS#11 slot list. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	325	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	326	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	327	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	328
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	329	pk11_slots = calloc(slotcnt, sizeof (CK_SLOT_ID));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	330	if (pk11_slots == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	331	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	332	"Cannot get memory for %ld slots\n", slotcnt);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	333	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	334	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	335
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	336	rv = C_GetSlotList(1, pk11_slots, &slotcnt);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	337	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	338	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	339	"Cannot get PKCS#11 slot list. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	340	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	341	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	342	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	343
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	344	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	345	(void) printf("Found %ld slots\n", slotcnt);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	346
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	347	/* Search the token that matches the label */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	348	while (slotcnt > 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	349	rv = C_GetTokenInfo(pk11_slots[--slotcnt], &token_info);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	350	if (rv != CKR_OK)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	351	continue;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	352
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	353	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	354	(void) printf("slot [%ld] = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	355	slotcnt, token_info.label);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	356	if (memcmp(token_label_padded, token_info.label,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	357	sizeof (token_info.label)) == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	358	bingo = B_TRUE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	359	slot = pk11_slots[slotcnt];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	360	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	361	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	362	if (verbose) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	363	token_info.label[31] = '\0';
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	364	(void) printf("found slot [%s]\n", token_info.label);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	365	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	366	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	367
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	368	if (!bingo) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	369	(void) fprintf(stderr, "no matching PKCS#11 token found\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	370	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	371	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	372
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	373	rv = C_OpenSession(slot, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	374	&sess);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	375	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	376	(void) fprintf(stderr, "Cannot open session. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	377	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	378	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	379	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	380
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	381	cert_tmpl[1].pValue = (CK_VOID_PTR) certname;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	382	cert_tmpl[1].ulValueLen = strlen(certname);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	383
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	384	rv = C_FindObjectsInit(sess, cert_tmpl, cert_tmpl_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	385	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	386	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	387	"Cannot intialize cert search."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	388	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	389	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	390	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	391
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	392	rv = C_FindObjects(sess, cert_objs,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	393	(certname == NULL ? 1 : max_num_cert), &cert_obj_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	394	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	395	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	396	"Cannot retrieve cert object. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	397	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	398	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	399	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	400
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	401	/* Who cares if this fails! */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	402	(void) C_FindObjectsFinal(sess);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	403	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	404	(void) printf("found %ld certificates\n", cert_obj_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	405
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	406	if (cert_obj_count == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	407	(void) fprintf(stderr, "\"%s\" not found.\n", certname);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	408	(void) fprintf(stderr, "no certs. bye.\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	409	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	410	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	411
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	412	cert_obj = cert_objs[0];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	413
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	414	/* Get the modulus value from the certificate */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	415	ber_buf = get_cert_val(sess, cert_obj, &blen);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	416	if (ber_buf == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	417	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	418	"Cannot get certificate data for \"%s\".\n", certname);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	419	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	420	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	421
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	422	mval = get_modulus(ber_buf, blen, &mlen);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	423	if (mval == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	424	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	425	"Cannot get Modulus in certificate \"%s\".\n", certname);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	426	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	427	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	428
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	429	/* Now get the private key */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	430
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	431	/* Gotta authenticate first if login is required. */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	432	if (token_info.flags & CKF_LOGIN_REQUIRED) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	433	char passphrase[1024];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	434	CK_ULONG ulPinLen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	435
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	436	ulPinLen = get_passphrase(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	437	password_file, passphrase, sizeof (passphrase));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	438	if (ulPinLen == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	439	(void) fprintf(stderr, "Unable to read passphrase");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	440	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	441	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	442
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	443	rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)passphrase,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	444	ulPinLen);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	445	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	446	(void) fprintf(stderr, "Cannot login to the token."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	447	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	448	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	449	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	450	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	451
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	452	privkey_tmpl[0].pValue = mval;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	453	privkey_tmpl[0].ulValueLen = mlen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	454
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	455	rv = C_FindObjectsInit(sess, privkey_tmpl, privkey_tmpl_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	456	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	457	(void) fprintf(stderr, "Cannot intialize private key search."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	458	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	459	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	460	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	461
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	462	rv = C_FindObjects(sess, &privkey_obj, 1, &privkey_obj_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	463	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	464	(void) fprintf(stderr, "Cannot retrieve private key object "
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	465	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	466	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	467	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	468	/* Who cares if this fails! */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	469	(void) C_FindObjectsFinal(sess);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	470
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	471
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	472	(void) printf("found %ld private keys\n", privkey_obj_count);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	473
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	474	if (privkey_obj_count == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	475	(void) fprintf(stderr, "no private keys. bye.\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	476	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	477	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	478
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	479	rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	480	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	481	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	482	"Cannot get private key object attributes."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	483	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	484	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	485	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	486
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	487	if (verbose) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	488	(void) printf("private key attributes: \n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	489	(void) printf("\tmodulus: size %ld value:",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	490	privkey_attrs[0].ulValueLen);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	491	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	492
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	493	/* Now wrap the key, then unwrap it */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	494
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	495	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	496	CK_BYTE aes_key_val[16] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	497	1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	498	static CK_BYTE aes_param[16] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	499	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	500	CK_MECHANISM aes_cbc_pad_mech = {CKM_AES_CBC_PAD, aes_param, 16};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	501	CK_OBJECT_HANDLE aes_key_obj, sess_privkey_obj;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	502	CK_BYTE *wrapped_privkey;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	503	CK_ULONG wrapped_privkey_len;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	504
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	505	CK_ATTRIBUTE unwrap_tmpl[] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	506	{CKA_TOKEN, &false, sizeof (false)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	507	{CKA_CLASS, &privkey_class, sizeof (privkey_class)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	508	{CKA_KEY_TYPE, &privkey_type, sizeof (privkey_type)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	509	{CKA_SENSITIVE, &false, sizeof (false)},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	510	{CKA_PRIVATE, &false, sizeof (false)}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	511	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	512
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	513	rv = SUNW_C_KeyToObject(sess, CKM_AES_CBC_PAD, aes_key_val, 16,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	514	&aes_key_obj);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	515
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	516	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	517	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	518	"Cannot create wrapping key. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	519	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	520	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	521	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	522
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	523	/* get the size of the wrapped key */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	524	rv = C_WrapKey(sess, &aes_cbc_pad_mech, aes_key_obj, privkey_obj,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	525	NULL, &wrapped_privkey_len);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	526	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	527	(void) fprintf(stderr, "Cannot get key size. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	528	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	529	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	530	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	531
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	532	wrapped_privkey = malloc(wrapped_privkey_len * sizeof (CK_BYTE));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	533	if (wrapped_privkey == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	534	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	535	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	536
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	537	/* do the actual key wrapping */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	538	rv = C_WrapKey(sess, &aes_cbc_pad_mech, aes_key_obj, privkey_obj,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	539	wrapped_privkey, &wrapped_privkey_len);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	540	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	541	(void) fprintf(stderr, "Cannot wrap private key. error = %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	542	pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	543	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	544	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	545
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	546	(void) C_Logout(sess);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	547	(void) printf("private key successfully wrapped, "
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	548	"wrapped blob length: %ld\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	549	wrapped_privkey_len);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	550
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	551	rv = C_UnwrapKey(sess, &aes_cbc_pad_mech, aes_key_obj,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	552	wrapped_privkey, wrapped_privkey_len,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	553	unwrap_tmpl, 5, &sess_privkey_obj);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	554	if (rv != CKR_OK) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	555	(void) fprintf(stderr, "Cannot unwrap private key."
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	556	" error = %s\n", pkcs11_strerror(rv));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	557	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	558	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	559	(void) printf("session private key successfully unwrapped\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	560
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	561	return (pkcs11_to_kssl(sess, sess_privkey_obj, cert_obj, bufsize));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	562	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	563	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	564
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	565
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	566	static kssl_params_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	567	openssl_to_kssl(RSA rsa, uchar_t cert_buf, int cert_size, int *paramsize)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	568	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	569	int i;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	570	kssl_params_t *kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	571	kssl_key_t *key;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	572	char *buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	573	uint32_t bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	574	kssl_object_attribute_t kssl_attrs[MAX_ATTR_CNT];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	575	kssl_object_attribute_t kssl_tmpl_attrs[MAX_ATTR_CNT] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	576	{SUN_CKA_MODULUS, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	577	{SUN_CKA_PUBLIC_EXPONENT, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	578	{SUN_CKA_PRIVATE_EXPONENT, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	579	{SUN_CKA_PRIME_1, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	580	{SUN_CKA_PRIME_2, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	581	{SUN_CKA_EXPONENT_1, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	582	{SUN_CKA_EXPONENT_2, NULL, 0},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	583	{SUN_CKA_COEFFICIENT, NULL, 0}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	584	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	585	BIGNUM *priv_key_bignums[MAX_ATTR_CNT];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	586	int attr_cnt;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	587
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	588	bufsize = sizeof (kssl_params_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	589	bufsize += cert_size + sizeof (uint32_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	590
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	591	/* and the key attributes */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	592	priv_key_bignums[0] = rsa->n; /* MODULUS */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	593	priv_key_bignums[1] = rsa->e; /* PUBLIC_EXPONENT */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	594	priv_key_bignums[2] = rsa->d; /* PRIVATE_EXPONENT */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	595	priv_key_bignums[3] = rsa->p; /* PRIME_1 */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	596	priv_key_bignums[4] = rsa->q; /* PRIME_2 */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	597	priv_key_bignums[5] = rsa->dmp1; /* EXPONENT_1 */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	598	priv_key_bignums[6] = rsa->dmq1; /* EXPONENT_2 */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	599	priv_key_bignums[7] = rsa->iqmp; /* COEFFICIENT */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	600
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	601	if (rsa->n == NULL \|\| rsa->d == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	602	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	603	"missing required attributes in private key.\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	604	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	605	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	606
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	607	attr_cnt = 0;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	608	for (i = 0; i < MAX_ATTR_CNT; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	609	if (priv_key_bignums[i] == NULL)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	610	continue;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	611	kssl_attrs[attr_cnt].ka_type = kssl_tmpl_attrs[i].ka_type;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	612	kssl_attrs[attr_cnt].ka_value_len =
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	613	BN_num_bytes(priv_key_bignums[i]);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	614	bufsize += sizeof (crypto_object_attribute_t) +
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	615	kssl_attrs[attr_cnt].ka_value_len;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	616	attr_cnt++;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	617	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	618
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	619	/* Now the big memory allocation */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	620	if ((buf = calloc(bufsize, 1)) == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	621	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	622	"Cannot allocate memory for the kssl_params "
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	623	"and values\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	624	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	625	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	626
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	627	/* LINTED */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	628	kssl_params = (kssl_params_t *)buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	629
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	630	buf = (char *)(kssl_params + 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	631
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	632	kssl_params->kssl_certs.sc_count = 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	633	bcopy(&cert_size, buf, sizeof (uint32_t));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	634	kssl_params->kssl_certs.sc_sizes_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	635	buf += sizeof (uint32_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	636
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	637	/* the keys attributes structs array */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	638	key = &kssl_params->kssl_privkey;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	639	key->ks_format = CRYPTO_KEY_ATTR_LIST;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	640	key->ks_count = attr_cnt;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	641	key->ks_attrs_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	642	buf += attr_cnt * sizeof (kssl_object_attribute_t);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	643
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	644	/* now the certs values */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	645	bcopy(cert_buf, buf, cert_size);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	646	kssl_params->kssl_certs.sc_certs_offset = buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	647	buf += cert_size;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	648
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	649	attr_cnt = 0;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	650	/* then the key attributes values */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	651	for (i = 0; i < MAX_ATTR_CNT; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	652	if (priv_key_bignums[i] == NULL)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	653	continue;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	654	(void) BN_bn2bin(priv_key_bignums[i], (unsigned char *)buf);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	655	kssl_attrs[attr_cnt].ka_value_offset =
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	656	buf - (char *)kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	657	buf += kssl_attrs[attr_cnt].ka_value_len;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	658	attr_cnt++;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	659	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	660
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	661	bcopy(kssl_attrs, ((char *)kssl_params) + key->ks_attrs_offset,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	662	attr_cnt * sizeof (kssl_object_attribute_t));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	663
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	664	*paramsize = bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	665	return (kssl_params);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	666	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	667
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	668	kssl_params_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	669	load_from_pem(const char filename, const char password_file, int *paramsize)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	670	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	671	uchar_t *cert_buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	672	int cert_size;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	673	RSA *rsa;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	674	kssl_params_t *kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	675
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	676	rsa = PEM_get_rsa_key(filename, (char *)password_file);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	677	if (rsa == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	678	(void) fprintf(stderr, "cannot read the private key\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	679	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	680	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	681
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	682	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	683	(void) printf("private key read successfully\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	684
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	685	cert_buf = PEM_get_cert(filename, (char *)password_file, &cert_size);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	686	if (cert_buf == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	687	RSA_free(rsa);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	688	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	689	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	690
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	691	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	692	(void) printf("certificate read successfully size=%d\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	693	cert_size);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	694
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	695	kssl_params = openssl_to_kssl(rsa, cert_buf, cert_size, paramsize);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	696
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	697	free(cert_buf);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	698	RSA_free(rsa);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	699	return (kssl_params);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	700	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	701
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	702	kssl_params_t *
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	703	load_from_pkcs12(const char filename, const char password_file,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	704	int *paramsize)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	705	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	706	uchar_t *cert_buf;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	707	int cert_size;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	708	RSA *rsa;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	709	kssl_params_t *kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	710
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	711	if (PKCS12_get_rsa_key_cert(filename, password_file, &rsa, &cert_buf,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	712	&cert_size) < 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	713	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	714	"Unable to read cert and/or key from %s\n", filename);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	715	return (NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	716	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	717
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	718	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	719	(void) printf(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	720	"key/certificate read successfully cert_size=%d\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	721	cert_size);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	722
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	723	kssl_params = openssl_to_kssl(rsa, cert_buf, cert_size, paramsize);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	724
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	725	free(cert_buf);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	726	RSA_free(rsa);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	727	return (kssl_params);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	728	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	729
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	730
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	731	int
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	732	parse_and_set_addr(char server_address, char server_port,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	733	struct sockaddr_in *addr)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	734	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	735	if (server_port == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	736	return (-1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	737	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	738
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	739	if (server_address == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	740	addr->sin_addr.s_addr = INADDR_ANY;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	741	} else {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	742	addr->sin_addr.s_addr = inet_addr(server_address);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	743	if ((int)addr->sin_addr.s_addr == -1) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	744	struct hostent *hp;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	745
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	746	if ((hp = gethostbyname(server_address)) == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	747	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	748	"Error: Unknown host: %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	749	server_address);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	750	return (-1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	751	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	752
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	753	(void) memcpy(&addr->sin_addr.s_addr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	754	hp->h_addr_list[0],
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	755	sizeof (addr->sin_addr.s_addr));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	756	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	757	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	758
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	759	errno = 0;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	760	addr->sin_port = strtol(server_port, NULL, 10);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	761	if (addr->sin_port == 0 \|\| errno != 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	762	(void) fprintf(stderr, "Error: Invalid Port value: %s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	763	server_port);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	764	return (-1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	765	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	766
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	767	return (0);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	768	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	769
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	770	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	771	* The order of the ciphers is important. It is used as the
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	772	* default order (when -c is not specified).
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	773	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	774	struct csuite {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	775	const char *suite;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	776	uint16_t val;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	777	boolean_t seen;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	778	} cipher_suites[CIPHER_SUITE_COUNT - 1] = {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	779	{"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA, B_FALSE},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	780	{"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5, B_FALSE},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	781	{"rsa_3des_ede_cbc_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA, B_FALSE},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	782	{"rsa_des_cbc_sha", SSL_RSA_WITH_DES_CBC_SHA, B_FALSE},
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	783	};
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	784
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	785	int
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	786	check_suites(char suites, uint16_t sarray)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	787	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	788	int i;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	789	int err = 0;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	790	char *suite;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	791	int sindx = 0;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	792
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	793	if (suites != NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	794	for (i = 0; i < CIPHER_SUITE_COUNT - 1; i++)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	795	sarray[i] = CIPHER_NOTSET;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	796	} else {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	797	for (i = 0; i < CIPHER_SUITE_COUNT - 1; i++)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	798	sarray[i] = cipher_suites[i].val;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	799	return (err);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	800	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	801
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	802	suite = strtok(suites, ",");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	803	do {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	804	for (i = 0; i < CIPHER_SUITE_COUNT - 1; i++) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	805	if (strcasecmp(suite, cipher_suites[i].suite) == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	806	if (!cipher_suites[i].seen) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	807	sarray[sindx++] = cipher_suites[i].val;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	808	cipher_suites[i].seen = B_TRUE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	809	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	810	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	811	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	812	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	813
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	814	if (i == (CIPHER_SUITE_COUNT - 1)) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	815	(void) fprintf(stderr,
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	816	"Unknown Cipher suite name: %s\n", suite);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	817	err++;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	818	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	819	} while ((suite = strtok(NULL, ",")) != NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	820
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	821	return (err);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	822	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	823
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	824	int
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	825	do_create(int argc, char *argv[])
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	826	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	827	const char *softtoken_dir = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	828	const char *token_label = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	829	const char *password_file = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	830	const char *filename = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	831	const char *certname = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	832	char *suites = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	833	uint32_t timeout = DEFAULT_SID_TIMEOUT;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	834	uint32_t scache_size = DEFAULT_SID_CACHE_NENTRIES;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	835	int proxy_port = -1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	836	struct sockaddr_in server_addr;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	837	char *format = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	838	char port, addr;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	839	char c;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	840	int pcnt;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	841	kssl_params_t *kssl_params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	842	int bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	843
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	844	argc -= 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	845	argv += 1;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	846
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	847	while ((c = getopt(argc, argv, "vT:d:f:i:p:c:C:t:x:z:")) != -1) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	848	switch (c) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	849	case 'd':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	850	softtoken_dir = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	851	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	852	case 'c':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	853	suites = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	854	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	855	case 'C':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	856	certname = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	857	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	858	case 'f':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	859	format = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	860	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	861	case 'i':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	862	filename = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	863	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	864	case 'T':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	865	token_label = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	866	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	867	case 'p':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	868	password_file = optarg;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	869	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	870	case 't':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	871	timeout = atoi(optarg);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	872	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	873	case 'x':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	874	proxy_port = atoi(optarg);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	875	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	876	case 'v':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	877	verbose = B_TRUE;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	878	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	879	case 'z':
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	880	scache_size = atoi(optarg);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	881	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	882	default:
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	883	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	884	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	885	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	886
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	887	pcnt = argc - optind;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	888	if (pcnt == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	889	port = "443"; /* default SSL port */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	890	addr = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	891	} else if (pcnt == 1) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	892	port = argv[optind];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	893	addr = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	894	} else if (pcnt == 2) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	895	addr = argv[optind];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	896	port = argv[optind + 1];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	897	} else {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	898	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	899	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	900
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	901	if (parse_and_set_addr(addr, port, &server_addr) < 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	902	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	903	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	904
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	905	if (verbose) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	906	(void) printf("addr=%s, port = %d\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	907	inet_ntoa(server_addr.sin_addr), server_addr.sin_port);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	908	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	909
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	910	if (format == NULL \|\| proxy_port == -1) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	911	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	912	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	913
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	914	if (strcmp(format, "pkcs11") == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	915	if (token_label == NULL \|\| certname == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	916	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	917	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	918	if (softtoken_dir != NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	919	(void) setenv("SOFTTOKEN_DIR", softtoken_dir, 1);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	920	if (verbose) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	921	(void) printf(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	922	"SOFTTOKEN_DIR=%s\n",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	923	getenv("SOFTTOKEN_DIR"));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	924	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	925	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	926	kssl_params = load_from_pkcs11(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	927	token_label, password_file, certname, &bufsize);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	928	} else if (strcmp(format, "pkcs12") == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	929	if (filename == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	930	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	931	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	932	kssl_params = load_from_pkcs12(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	933	filename, password_file, &bufsize);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	934	} else if (strcmp(format, "pem") == 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	935	if (filename == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	936	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	937	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	938	kssl_params = load_from_pem(
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	939	filename, password_file, &bufsize);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	940	} else {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	941	(void) fprintf(stderr, "Unsupported cert format: %s\n", format);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	942	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	943	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	944
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	945	if (kssl_params == NULL) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	946	return (FAILURE);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	947	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	948
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	949	if (check_suites(suites, kssl_params->kssl_suites) != 0)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	950	goto err;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	951
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	952	kssl_params->kssl_params_size = bufsize;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	953	kssl_params->kssl_addr = server_addr;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	954	kssl_params->kssl_session_cache_timeout = timeout;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	955	kssl_params->kssl_proxy_port = proxy_port;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	956	kssl_params->kssl_session_cache_size = scache_size;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	957
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	958	if (kssl_send_command((char *)kssl_params, KSSL_ADD_ENTRY) < 0) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	959	(void) fprintf(stderr, "Error loading cert and key");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	960	return (FAILURE);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	961	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	962
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	963	if (verbose)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	964	(void) printf("Successfully loaded cert and key\n");
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	965
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	966	free(kssl_params);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	967	return (SUCCESS);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	968
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	969	err:
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	970	usage_create(B_TRUE);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	971	return (SMF_EXIT_ERR_CONFIG);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: diff changeset	972	}

author	kais
	Sat, 12 Nov 2005 18:58:05 -0800
changeset 898	64b2a371a6bd
child 1933	4ec26e50a4d3
permissions	-rw-r--r--