1d059297112922cabb0c674840589be8db821fd9aAdam Langley/* $OpenBSD: ssh-pkcs11-client.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2010 Markus Friedl. All rights reserved. 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Permission to use, copy, modify, and distribute this software for any 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * purpose with or without fee is hereby granted, provided that the above 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * copyright notice and this permission notice appear in all copies. 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h" 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef ENABLE_PKCS11 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/types.h> 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef HAVE_SYS_TIME_H 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# include <sys/time.h> 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/socket.h> 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdarg.h> 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <string.h> 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <unistd.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <errno.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 33d059297112922cabb0c674840589be8db821fd9aAdam Langley#include <openssl/rsa.h> 34d059297112922cabb0c674840589be8db821fd9aAdam Langley 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "pathnames.h" 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "xmalloc.h" 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "buffer.h" 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "log.h" 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "misc.h" 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "key.h" 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "authfd.h" 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "atomicio.h" 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "ssh-pkcs11.h" 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* borrows code from sftp-server and ssh-agent */ 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint fd = -1; 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpid_t pid = -1; 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic void 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmansend_msg(Buffer *m) 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char buf[4]; 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int mlen = buffer_len(m); 55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman put_u32(buf, mlen); 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (atomicio(vwrite, fd, buf, 4) != 4 || 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman atomicio(vwrite, fd, buffer_ptr(m), 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_len(m)) != buffer_len(m)) 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("write to helper failed"); 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_consume(m, mlen); 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanrecv_msg(Buffer *m) 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int l, len; 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char buf[1024]; 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((len = atomicio(read, fd, buf, 4)) != 4) { 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("read from helper failed: %u", len); 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); /* XXX */ 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman len = get_u32(buf); 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (len > 256 * 1024) 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("response too long: %u", len); 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* read len bytes into m */ 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(m); 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman while (len > 0) { 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman l = len; 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (l > sizeof(buf)) 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman l = sizeof(buf); 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (atomicio(read, fd, buf, l) != l) { 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("response from helper failed."); 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); /* XXX */ 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_append(m, buf, l); 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman len -= l; 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (buffer_get_char(m)); 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_init(int interactive) 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_terminate(void) 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(fd); 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int padding) 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Key key; 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *blob, *signature = NULL; 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int blen, slen = 0; 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret = -1; 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (padding != RSA_PKCS1_PADDING) 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman key.type = KEY_RSA; 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman key.rsa = rsa; 119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (key_to_blob(&key, &blob, &blen) == 0) 120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return -1; 121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); 123bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_string(&msg, blob, blen); 124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_string(&msg, from, flen); 125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_int(&msg, 0); 126d059297112922cabb0c674840589be8db821fd9aAdam Langley free(blob); 127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 128d059297112922cabb0c674840589be8db821fd9aAdam Langley buffer_clear(&msg); 129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 130bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { 131bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman signature = buffer_get_string(&msg, &slen); 132bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (slen <= (u_int)RSA_size(rsa)) { 133bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman memcpy(to, signature, slen); 134bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret = slen; 135bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 136d059297112922cabb0c674840589be8db821fd9aAdam Langley free(signature); 137bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 138d059297112922cabb0c674840589be8db821fd9aAdam Langley buffer_free(&msg); 139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (ret); 140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* redirect the private key encrypt operation to the ssh-pkcs11-helper */ 143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanwrap_key(RSA *rsa) 145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman static RSA_METHOD helper_rsa; 147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); 149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman helper_rsa.name = "ssh-pkcs11-helper"; 150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; 151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman RSA_set_method(rsa, &helper_rsa); 152bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 153bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 154bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 155bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 156bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_start_helper(void) 157bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 158bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int pair[2]; 159bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 160bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { 161bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("socketpair: %s", strerror(errno)); 162bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 163bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 164bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((pid = fork()) == -1) { 165bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("fork: %s", strerror(errno)); 166bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 167bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } else if (pid == 0) { 168bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((dup2(pair[1], STDIN_FILENO) == -1) || 169bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (dup2(pair[1], STDOUT_FILENO) == -1)) { 170bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fprintf(stderr, "dup2: %s\n", strerror(errno)); 171bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman _exit(1); 172bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 173bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[0]); 174bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[1]); 175bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, 176bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (char *) 0); 177bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, 178bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman strerror(errno)); 179bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman _exit(1); 180bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 181bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[1]); 182bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fd = pair[0]; 183bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 184bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 185bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 186bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 187bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_add_provider(char *name, char *pin, Key ***keysp) 188bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 189bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Key *k; 190bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int i, nkeys; 191bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *blob; 192bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int blen; 193bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 194bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 195bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (fd < 0 && pkcs11_start_helper() < 0) 196bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 197bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 198bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 199bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH_AGENTC_ADD_SMARTCARD_KEY); 200bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, name); 201bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, pin); 202bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 203bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(&msg); 204bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 205bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) { 206bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman nkeys = buffer_get_int(&msg); 207bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *keysp = xcalloc(nkeys, sizeof(Key *)); 208bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for (i = 0; i < nkeys; i++) { 209bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman blob = buffer_get_string(&msg, &blen); 210d059297112922cabb0c674840589be8db821fd9aAdam Langley free(buffer_get_string(&msg, NULL)); 211bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman k = key_from_blob(blob, blen); 212bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman wrap_key(k->rsa); 213bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (*keysp)[i] = k; 214d059297112922cabb0c674840589be8db821fd9aAdam Langley free(blob); 215bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 216bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } else { 217bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman nkeys = -1; 218bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 219bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_free(&msg); 220bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (nkeys); 221bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 222bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 223bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 224bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_del_provider(char *name) 225bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 226bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret = -1; 227bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 228bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 229bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 230bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY); 231bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, name); 232bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, ""); 233bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 234bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(&msg); 235bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 236bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH_AGENT_SUCCESS) 237bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret = 0; 238bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_free(&msg); 239bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (ret); 240bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 241bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 242bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif /* ENABLE_PKCS11 */ 243