Hi Douglas, On 11/05/09 12:50, Douglas E. Engert wrote: > > Matthew Ball wrote: >> Hi OpenSC developers, >> >> I'm new to OpenSC, and am trying to get pkcs11-spy working as an >> interface to the Solaris Cryptographic Framework (SCF), but haven't had >> any luck so far. I'd appreciate any pointers! >> > > So are you trying run > cryptoadm install provider=/some/path/opensc-pkcs11.so > cryptoadm install provider=/some/path/pkcs11-spy.so > > so that you can use these with unmodified Sun commands? > If so you would need have these libs elfsigned by cert/key signed > by Sun from [email protected] > I guess that mentioning SCF was a bit of a red-herring. My goal is to develop a new pkcs11 provider, but to start with, I just want to point to softtoken (something convenient that implements pretty much anything you need). After that works, I'm hoping to put the new PKCS#11 library underneath, then remove pkcs11-spy after development is done. > > If you are trying to run a test program to call the Sun > PKCS11, then you need to do what Martin suggested use dlopen > dlsym to get C_GetFunctionList. > Yup -- this works! I used libpkcs11.c as a guiding example, and was able to run the simple test by dynamically linking instead of statically linking to pkcs11-spy.so > > I also found that on Solaris, you need to patch the libtool > after the configure is run with this: > > --- ,libtool Mon Jun 8 16:04:31 2009 > +++ libtool Mon Jun 8 16:13:01 2009 > @@ -314,7 +314,7 @@ > > # Commands used to build a loadable module if different from building > # a shared archive. > -module_cmds="" > +module_cmds="$archive_cmds \${wl}-B \${wl}direct \${wl}-z \${wl}defs" > module_expsym_cmds="" > > # Whether we are building with GNU ld or not. > I didn't have to do this after using dlopen/dlsym to interface to pkcs11-spy.so, so this may be a problem for a different context. > > > The above may be your problem with the loop. > > > >> As background, I'm running on Solaris 10 sparc with OpenSC 0.11.11, and >> am simply trying to call the C_Initialize function, which I'm hoping >> will then connect to the SCF C_Initialize function and give me some >> basic feedback. Here's my program (called pktest.c): >> >> #include <security/cryptoki.h> >> int main() { >> CK_C_INITIALIZE_ARGS stInitializeArgs; >> stInitializeArgs.CreateMutex = NULL_PTR; >> stInitializeArgs.DestroyMutex = NULL_PTR; >> stInitializeArgs.LockMutex = NULL_PTR; >> stInitializeArgs.UnlockMutex = NULL_PTR; >> stInitializeArgs.pReserved = NULL_PTR; >> stInitializeArgs.flags = CKF_OS_LOCKING_OK; >> C_Initialize( &stInitializeArgs ); >> return 0; >> } >> >> I attempted to link this against pkcs11-spy.so. The first problem I ran >> into was that gcc (version 3.4.5) couldn't even find the library until I >> changed the name to libpkcs11-spy.so. After that, I was able to compile >> like this: >> >> # cd [to the directory with libpkcs11-spy.so] >> # cp pkcs11-spy.so libpkcs11-spy.so >> # gcc -Wall pktest.c -o pktest -L. -lpkcs11-spy >> >> That produced the executable pktest. Here's how I ran it (with BASH): >> >> # export PKCS11SPY="/usr/lib/libpkcs11.so" >> # export LD_LIBRARY_PATH=. >> # ./pktest >> >> After running this, I got an infinite recursive loop that eventually >> caused a core dump. In looking at pkcs11-spy.c, this behavior seems >> like what you'd expect: In init_spy, you get "pkcs11_spy->C_Initialize >> = C_Initialize", and in C_Initialize, you get "rv = >> po->C_Initialize(pInitArgs)", which seems to just call itself again (and >> is exactly what happened). >> >> Clearly, I'm missing a very big-picture thing with pkcs11-spy, but >> unfortunately I haven't been able to find any documentation to give an >> example of correct usage. Can anyone help? How is pkcs11-spy supposed >> to be included? >> >
-- Thanks! Matt Ball, Staff Engineer, Sun Microsystems, Inc. 500 Eldorado Blvd, Bldg 5, Broomfield, CO 80021 Office: 303-272-7580 Cell: 303-717-2717 Fax: 303-272-3023 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
