TclPKCS11

Check-in [0a81f17bc9]
Login

Check-in [0a81f17bc9]

Overview
Comment:Added signing and verification to test Made test less verbose
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0a81f17bc947224b0bedb18c35aab2568387f295c199a3a1daa9cb0ac027a203
User & Date: rkeene on 2010-10-10 04:45:32
Other Links: manifest | tags
Context
2010-10-10
05:25
Updated to support Tcl 8.6 file loading (untested) check-in: 295f01867c user: rkeene tags: trunk
04:45
Added signing and verification to test Made test less verbose check-in: 0a81f17bc9 user: rkeene tags: trunk
04:34
Got tclpkcs11 into usable state check-in: 504bf858f4 user: rkeene tags: trunk
Changes

Modified test.tcl from [5a54b809c1] to [967a299a54].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

34
35


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63


64


65

66


67
#! /usr/bin/env tclsh

lappend auto_path [file join [pwd] work lib]

set pkcs11_module "/usr/local/lib/libcackey_g.so"

load tclpkcs11.so Tclpkcs11

set handle [::pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"

set slots [::pki::pkcs11::listslots $handle]
puts "Slots: $slots"

foreach slotinfo $slots {
	set slotid [lindex $slotinfo 0]
	set slotlabel [lindex $slotinfo 1]
	set slotflags [lindex $slotinfo 2]

	if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {
		set token_slotlabel $slotlabel
		set token_slotid $slotid
	}
}

if {![info exists token_slotid]} {
	puts stderr "Found no slots with tokens, aborting."

	exit 1
}

set certs [::pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"

set orig "TestMsg"
foreach certinfo $certs {


	puts "Cert: $certinfo"

	set cipher [pki::encrypt -binary -pub $orig $certinfo]

	if {[catch {
		set plain  [pki::decrypt -binary -priv $cipher $certinfo]
	} err]} {
		if {$err == "PKCS11_ERROR USER_NOT_LOGGED_IN"} {
			# Login and try it again...
			puts -nonewline " *** ENTER PIN: "
			flush stdout

			gets stdin password
			::pki::pkcs11::login $handle $token_slotid $password

			set plain  [pki::decrypt -binary -priv $cipher $certinfo]
		}
	}

	if {$plain != $orig} {
		puts "Decryption error!  Expected \"$orig\", got \"$plain\""

		exit
	}

	set cipher [pki::encrypt -binary -priv $orig $certinfo]
	set plain  [pki::decrypt -binary -pub $cipher $certinfo]



	puts "Got Match!"


}




::pki::pkcs11::unloadmodule $handle




|



|


|



















|

>

|
>
>
|

|


|







|

|






|


|
|

>
>
|
>
>
|
>
|
>
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#! /usr/bin/env tclsh

lappend auto_path [file join [pwd] work lib]

set pkcs11_module "/usr/local/lib/libcackey.so"

load tclpkcs11.so Tclpkcs11

set handle [pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"

set slots [pki::pkcs11::listslots $handle]
puts "Slots: $slots"

foreach slotinfo $slots {
	set slotid [lindex $slotinfo 0]
	set slotlabel [lindex $slotinfo 1]
	set slotflags [lindex $slotinfo 2]

	if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {
		set token_slotlabel $slotlabel
		set token_slotid $slotid
	}
}

if {![info exists token_slotid]} {
	puts stderr "Found no slots with tokens, aborting."

	exit 1
}

set certs [pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"

set orig "TestMsg"
foreach certinfo_list $certs {
	unset -nocomplain certinfo
	array set certinfo $certinfo_list
	puts "Cert: $certinfo(pkcs11_label) / $certinfo(subject)"

	set cipher [pki::encrypt -binary -pub $orig $certinfo_list]

	if {[catch {
		set plain  [pki::decrypt -binary -priv $cipher $certinfo_list]
	} err]} {
		if {$err == "PKCS11_ERROR USER_NOT_LOGGED_IN"} {
			# Login and try it again...
			puts -nonewline " *** ENTER PIN: "
			flush stdout

			gets stdin password
			pki::pkcs11::login $handle $token_slotid $password

			set plain  [pki::decrypt -binary -priv $cipher $certinfo_list]
		}
	}

	if {$plain != $orig} {
		puts "Decryption error!  Expected \"$orig\", got \"$plain\""

		exit 1
	}

	set cipher [pki::encrypt -binary -priv $orig $certinfo_list]
	set plain  [pki::decrypt -binary -pub $cipher $certinfo_list]

	set sig    [pki::sign $orig $certinfo_list]
	set verify [pki::verify $sig $orig $certinfo_list]

	if {!$verify} {
		puts "Signature verification error!"

		exit 1
	}
}

pki::pkcs11::unloadmodule $handle