Fix PKCS#11 server sample to open session to hold ECDH priv key

2019-02-14 17:04:11 +10:00 · 2019-02-14 17:04:11 +10:00 · 77a5576242
parent bedbd47229
commit 77a5576242
1 changed files with 11 additions and 3 deletions
--- a/pkcs11/server-tls-pkcs11.c
+++ b/pkcs11/server-tls-pkcs11.c
@ -41,7 +41,7 @@
 #define PRIV_KEY_ID  {0x00, 0x01}

 #ifndef WOLFCRYPT_ONLY
-int server_tls(int devId)
+int server_tls(int devId, Pkcs11Token* token)
 {
    int                sockfd;
    int                connd;
@ -96,7 +96,7 @@ int server_tls(int devId)

    /* Load server key into WOLFSSL_CTX */
    if (wolfSSL_CTX_use_PrivateKey_id(ctx, privKeyId, sizeof(privKeyId), devId,
-            2048) != SSL_SUCCESS) {
+            2048/8) != SSL_SUCCESS) {
        fprintf(stderr, "ERROR: failed to set id.\n");
        return -1;
    }
@ -138,6 +138,13 @@ int server_tls(int devId)
            return -1;
        }

+        /* Create a WOLFSSL object */
+        if ((ret = wc_Pkcs11Token_Open(token, 1)) != 0) {
+            fprintf(stderr, "ERROR: failed to open session on token (%d)\n",
+                ret);
+            return -1;
+        }
+
        /* Create a WOLFSSL object */
        if ((ssl = wolfSSL_new(ctx)) == NULL) {
            fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
@ -193,6 +200,7 @@ int server_tls(int devId)

        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
+        wc_Pkcs11Token_Close(token);
        close(connd);           /* Close the connection to the client   */
    }

@ -258,7 +266,7 @@ int main(int argc, char* argv[])
            }
            if (ret == 0) {
            #if !defined(WOLFCRYPT_ONLY)
-                ret = server_tls(devId);
+                ret = server_tls(devId, &token);
                if (ret != 0)
                    ret = 1;
            #endif