Matthew Ball wrote: > Hi OpenSC developers, > > I'm new to OpenSC, and am trying to get pkcs11-spy working as an > interface to the Solaris Cryptographic Framework (SCF), but haven't had > any luck so far. I'd appreciate any pointers! >
So are you trying run cryptoadm install provider=/some/path/opensc-pkcs11.so cryptoadm install provider=/some/path/pkcs11-spy.so so that you can use these with unmodified Sun commands? If so you would need have these libs elfsigned by cert/key signed by Sun from [email protected] If you are trying to run a test program to call the Sun PKCS11, then you need to do what Martin suggested use dlopen dlsym to get C_GetFunctionList. I also found that on Solaris, you need to patch the libtool after the configure is run with this: --- ,libtool Mon Jun 8 16:04:31 2009 +++ libtool Mon Jun 8 16:13:01 2009 @@ -314,7 +314,7 @@ # Commands used to build a loadable module if different from building # a shared archive. -module_cmds="" +module_cmds="$archive_cmds \${wl}-B \${wl}direct \${wl}-z \${wl}defs" module_expsym_cmds="" # Whether we are building with GNU ld or not. The above may be your problem with the loop. > As background, I'm running on Solaris 10 sparc with OpenSC 0.11.11, and > am simply trying to call the C_Initialize function, which I'm hoping > will then connect to the SCF C_Initialize function and give me some > basic feedback. Here's my program (called pktest.c): > > #include <security/cryptoki.h> > int main() { > CK_C_INITIALIZE_ARGS stInitializeArgs; > stInitializeArgs.CreateMutex = NULL_PTR; > stInitializeArgs.DestroyMutex = NULL_PTR; > stInitializeArgs.LockMutex = NULL_PTR; > stInitializeArgs.UnlockMutex = NULL_PTR; > stInitializeArgs.pReserved = NULL_PTR; > stInitializeArgs.flags = CKF_OS_LOCKING_OK; > C_Initialize( &stInitializeArgs ); > return 0; > } > > I attempted to link this against pkcs11-spy.so. The first problem I ran > into was that gcc (version 3.4.5) couldn't even find the library until I > changed the name to libpkcs11-spy.so. After that, I was able to compile > like this: > > # cd [to the directory with libpkcs11-spy.so] > # cp pkcs11-spy.so libpkcs11-spy.so > # gcc -Wall pktest.c -o pktest -L. -lpkcs11-spy > > That produced the executable pktest. Here's how I ran it (with BASH): > > # export PKCS11SPY="/usr/lib/libpkcs11.so" > # export LD_LIBRARY_PATH=. > # ./pktest > > After running this, I got an infinite recursive loop that eventually > caused a core dump. In looking at pkcs11-spy.c, this behavior seems > like what you'd expect: In init_spy, you get "pkcs11_spy->C_Initialize > = C_Initialize", and in C_Initialize, you get "rv = > po->C_Initialize(pInitArgs)", which seems to just call itself again (and > is exactly what happened). > > Clearly, I'm missing a very big-picture thing with pkcs11-spy, but > unfortunately I haven't been able to find any documentation to give an > example of correct usage. Can anyone help? How is pkcs11-spy supposed > to be included? > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
