TclPKCS11

Diff
Login

Diff

Annotate Patch Unified Diff

Differences From Artifact [e1ed48f58d]:

To Artifact [cc7cb624cf]:

1
2
3
4
5
6








7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

22
23

24
25
26
27
28
29
30
31















32
33
34
35
36
37
38

#! /usr/bin/env tclsh

lappend auto_path [file join [pwd] work lib]
lappend auto_path [file join [pwd] lib]

set pkcs11_module "/usr/local/lib/libcackey.so"









load ./tclpkcs11.so Tclpkcs11

set handle [pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"

set slots [pki::pkcs11::listslots $handle]
puts "Slots: $slots"

foreach slotinfo $slots {
	set slotid [lindex $slotinfo 0]
	set slotlabel [lindex $slotinfo 1]
	set slotflags [lindex $slotinfo 2]

	if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {

		set token_slotlabel $slotlabel
		set token_slotid $slotid

	}
}

if {![info exists token_slotid]} {
	puts stderr "Found no slots with tokens, aborting."

	exit 1
}
















set certs [pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"

set orig "TestMsg"
foreach certinfo_list $certs {
	unset -nocomplain certinfo







>
>
>
>
>
>
>
>















>
|
|
>








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

#! /usr/bin/env tclsh

lappend auto_path [file join [pwd] work lib]
lappend auto_path [file join [pwd] lib]

set pkcs11_module "/usr/local/lib/libcackey.so"
set pkcs11_module /home/rkeene/devel/cackey/libcackey.so
set pkcs11_module /home/rkeene/devel/saml-idp/archive/gcp-pkcs11.so

if {0} {
	set env(PKCS11SPY) $pkcs11_module
	set env(PKCS11SPY_OUTPUT) /dev/stderr
	set pkcs11_module /usr/lib/x86_64-linux-gnu/pkcs11/pkcs11-spy.so
}

load ./tclpkcs11.so Tclpkcs11

set handle [pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"

set slots [pki::pkcs11::listslots $handle]
puts "Slots: $slots"

foreach slotinfo $slots {
	set slotid [lindex $slotinfo 0]
	set slotlabel [lindex $slotinfo 1]
	set slotflags [lindex $slotinfo 2]

	if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {
		if {![info exists token_slotid]} {
			set token_slotlabel $slotlabel
			set token_slotid $slotid
		}
	}
}

if {![info exists token_slotid]} {
	puts stderr "Found no slots with tokens, aborting."

	exit 1
}

set pubKeys [pki::pkcs11::listkeys $handle $token_slotid]
puts "Found [llength $pubKeys] keys"

set orig "TestMsg"
foreach keyinfo_list $pubKeys {
	unset -nocomplain keyinfo
	array set keyinfo $keyinfo_list
	puts "Key: $keyinfo(pkcs11_label)"

	set signature [pki::sign $orig $keyinfo_list sha256]
	set verify [pki::verify $signature $orig $keyinfo_list]

	puts "Signature valid: $verify"
}

set certs [pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"

set orig "TestMsg"
foreach certinfo_list $certs {
	unset -nocomplain certinfo

73
74
75
76
77
78
79


80
81
82

	set verify [pki::verify $sig $orig $certinfo_list]

	if {!$verify} {
		puts "Signature verification error!"

		break
	}


}

pki::pkcs11::unloadmodule $handle








>
>




98
99
100
101
102
103
104
105
106
107
108
109

	set verify [pki::verify $sig $orig $certinfo_list]

	if {!$verify} {
		puts "Signature verification error!"

		break
	}

	puts "OK"
}

pki::pkcs11::unloadmodule $handle