std::string d_ecdsa_params;
std::string d_label;
+ std::string d_pub_label;
+
bool d_loaded;
CK_RV d_err;
}
public:
- Pkcs11Token(const std::shared_ptr<Pkcs11Slot>& slot, const std::string& label);
+ Pkcs11Token(const std::shared_ptr<Pkcs11Slot>& slot, const std::string& label, const std::string& pub_label);
~Pkcs11Token();
bool Login(const std::string& pin) {
attr.clear();
attr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PUBLIC_KEY));
// attr.push_back(P11KitAttribute(CKA_VERIFY, (char)CK_TRUE));
- attr.push_back(P11KitAttribute(CKA_LABEL, d_label));
+ attr.push_back(P11KitAttribute(CKA_LABEL, d_pub_label));
FindObjects2(attr, key, 1);
if (key.size() == 0) {
- L<<Logger::Warning<<"Cannot load PCKS#11 public key "<<d_label<<std::endl;
+ L<<Logger::Warning<<"Cannot load PCKS#11 public key "<<d_pub_label<<std::endl;
return;
}
d_public_key = key[0];
d_exponent = attr[1].str();
d_bits = attr[2].ulong();
} else {
- throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
+ throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_pub_label);
}
} else if (d_key_type == CKK_EC || d_key_type == CKK_ECDSA) {
attr.clear();
if (attr[1].str().length() != (d_bits*2/8 + 3)) throw PDNSException("EC Point data invalid");
d_ec_point = attr[1].str().substr(3);
} else {
- throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
+ throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_pub_label);
}
} else {
- throw PDNSException("Cannot determine type for PCKS#11 public key " + d_label);
+ throw PDNSException("Cannot determine type for PCKS#11 public key " + d_pub_label);
}
} else {
- throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
+ throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_pub_label);
}
d_loaded = true;
return d_bits;
}
- static std::shared_ptr<Pkcs11Token> GetToken(const std::string& module, const string& tokenId, const std::string& label);
+ static std::shared_ptr<Pkcs11Token> GetToken(const std::string& module, const string& tokenId, const std::string& label, const std::string& pub_label);
};
static std::map<std::string, std::shared_ptr<Pkcs11Slot> > pkcs11_slots;
return pkcs11_slots[sidx];
}
-std::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string& module, const string& tokenId, const std::string& label) {
+std::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string& module, const string& tokenId, const std::string& label, const std::string& pub_label) {
// see if we can find module
std::string tidx = module;
tidx.append("|");
if ((tokenIter = pkcs11_tokens.find(tidx)) != pkcs11_tokens.end()) return tokenIter->second;
std::shared_ptr<Pkcs11Slot> slot = Pkcs11Slot::GetSlot(module, tokenId);
- pkcs11_tokens[tidx] = std::make_shared<Pkcs11Token>(slot, label);
+ pkcs11_tokens[tidx] = std::make_shared<Pkcs11Token>(slot, label, pub_label);
return pkcs11_tokens[tidx];
}
-Pkcs11Token::Pkcs11Token(const std::shared_ptr<Pkcs11Slot>& slot, const std::string& label) {
+Pkcs11Token::Pkcs11Token(const std::shared_ptr<Pkcs11Slot>& slot, const std::string& label, const std::string& pub_label) {
// open a session
this->d_bits = 0;
this->d_slot = slot;
this->d_label = label;
+ this->d_pub_label = pub_label;
this->d_err = 0;
this->d_loaded = false;
if (this->d_slot->LoggedIn()) LoadAttributes();
CK_OBJECT_HANDLE pubKey, privKey;
CK_RV rv;
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
pubAttr.push_back(P11KitAttribute(CKA_WRAP, (char)CK_TRUE));
pubAttr.push_back(P11KitAttribute(CKA_MODULUS_BITS, (unsigned long)bits));
pubAttr.push_back(P11KitAttribute(CKA_PUBLIC_EXPONENT, pubExp));
- pubAttr.push_back(P11KitAttribute(CKA_LABEL, d_label));
+ pubAttr.push_back(P11KitAttribute(CKA_LABEL, d_pub_label));
privAttr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PRIVATE_KEY));
privAttr.push_back(P11KitAttribute(CKA_KEY_TYPE, (unsigned long)CKK_RSA));
std::string PKCS11DNSCryptoKeyEngine::sign(const std::string& msg) const {
std::string result;
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
mech.pParameter = NULL;
mech.ulParameterLen = 0;
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
bool PKCS11DNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const {
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
std::string PKCS11DNSCryptoKeyEngine::getPubKeyHash() const {
// find us a public key
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
std::string PKCS11DNSCryptoKeyEngine::getPublicKeyString() const {
std::string result("");
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
int PKCS11DNSCryptoKeyEngine::getBits() const {
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Not logged in to token");
(make_pair("Engine", d_module))
(make_pair("Slot", d_slot_id))
(make_pair("PIN", d_pin))
- (make_pair("Label", d_label));
+ (make_pair("Label", d_label))
+ (make_pair("PubLabel", d_pub_label));
return storvect;
};
boost::trim(d_slot_id);
d_pin = stormap["pin"];
d_label = stormap["label"];
+ if (stormap.find("publabel") != stormap.end())
+ d_pub_label = stormap["publabel"];
+ else
+ d_pub_label = d_label;
// validate parameters
std::shared_ptr<Pkcs11Token> d_slot;
- d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label, d_pub_label);
if (d_pin != "" && d_slot->LoggedIn() == false)
if (d_slot->Login(d_pin) == false)
throw PDNSException("Could not log in to token (PIN wrong?)");