Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Martin Willi
071903235a
Register manager of pkcs11 plugin as library object
2011-08-24 15:45:59 +02:00
Martin Willi
33bfdf6f37
Fixed public key construction from PKCS#11 private key
2010-12-23 10:29:01 +01:00
Martin Willi
b78ca4b04c
Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
2010-11-18 08:56:12 +01:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Martin Willi
01e4f5f32f
Implemented public key encryption/private key decryption in PKCS#11
2010-08-11 12:12:37 +02:00
Martin Willi
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Martin Willi
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
Martin Willi
babed73257
Export scheme_to_mechanism conversion function
2010-08-06 17:02:01 +02:00
Martin Willi
af007ed68a
Support PKCS#11 keys requiring reauthentication for each operation
2010-08-04 09:26:21 +02:00
Martin Willi
199b17122d
Do not try to log in if we already have a user session
2010-08-04 09:26:21 +02:00
Martin Willi
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
Martin Willi
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
a0bdd5d63e
Implemented callback PIN invocation for PKCS#11 login
2010-08-04 09:26:20 +02:00
Martin Willi
7afc00d03c
Implemented keyid discovery on all modules/slots
2010-08-04 09:26:20 +02:00
Martin Willi
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
Martin Willi
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
Martin Willi
5f1e4438cb
Implemented private key on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00