ssh-pkcs11-client.c revision bd77cf78387b72b7b3ea870459077672bf75c3b5
1bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2010 Markus Friedl. All rights reserved. 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Permission to use, copy, modify, and distribute this software for any 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * purpose with or without fee is hereby granted, provided that the above 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * copyright notice and this permission notice appear in all copies. 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h" 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef ENABLE_PKCS11 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/types.h> 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef HAVE_SYS_TIME_H 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman# include <sys/time.h> 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/socket.h> 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdarg.h> 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <string.h> 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <unistd.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <errno.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "pathnames.h" 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "xmalloc.h" 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "buffer.h" 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "log.h" 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "misc.h" 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "key.h" 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "authfd.h" 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "atomicio.h" 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "ssh-pkcs11.h" 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* borrows code from sftp-server and ssh-agent */ 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint fd = -1; 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpid_t pid = -1; 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic void 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmansend_msg(Buffer *m) 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char buf[4]; 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int mlen = buffer_len(m); 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman put_u32(buf, mlen); 55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (atomicio(vwrite, fd, buf, 4) != 4 || 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman atomicio(vwrite, fd, buffer_ptr(m), 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_len(m)) != buffer_len(m)) 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("write to helper failed"); 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_consume(m, mlen); 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanrecv_msg(Buffer *m) 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int l, len; 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char buf[1024]; 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((len = atomicio(read, fd, buf, 4)) != 4) { 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("read from helper failed: %u", len); 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); /* XXX */ 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman len = get_u32(buf); 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (len > 256 * 1024) 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("response too long: %u", len); 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman /* read len bytes into m */ 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(m); 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman while (len > 0) { 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman l = len; 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (l > sizeof(buf)) 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman l = sizeof(buf); 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (atomicio(read, fd, buf, l) != l) { 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("response from helper failed."); 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); /* XXX */ 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_append(m, buf, l); 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman len -= l; 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (buffer_get_char(m)); 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_init(int interactive) 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_terminate(void) 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(fd); 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int padding) 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Key key; 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *blob, *signature = NULL; 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int blen, slen = 0; 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret = -1; 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (padding != RSA_PKCS1_PADDING) 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman key.type = KEY_RSA; 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman key.rsa = rsa; 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (key_to_blob(&key, &blob, &blen) == 0) 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return -1; 119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); 121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_string(&msg, blob, blen); 122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_string(&msg, from, flen); 123bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_int(&msg, 0); 124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman xfree(blob); 125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 126bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { 128bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman signature = buffer_get_string(&msg, &slen); 129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (slen <= (u_int)RSA_size(rsa)) { 130bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman memcpy(to, signature, slen); 131bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret = slen; 132bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 133bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman xfree(signature); 134bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 135bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (ret); 136bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 137bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 138bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* redirect the private key encrypt operation to the ssh-pkcs11-helper */ 139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanwrap_key(RSA *rsa) 141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman static RSA_METHOD helper_rsa; 143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); 145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman helper_rsa.name = "ssh-pkcs11-helper"; 146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; 147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman RSA_set_method(rsa, &helper_rsa); 148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstatic int 152bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_start_helper(void) 153bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 154bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int pair[2]; 155bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 156bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) { 157bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("socketpair: %s", strerror(errno)); 158bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 159bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 160bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((pid = fork()) == -1) { 161bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("fork: %s", strerror(errno)); 162bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 163bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } else if (pid == 0) { 164bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((dup2(pair[1], STDIN_FILENO) == -1) || 165bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (dup2(pair[1], STDOUT_FILENO) == -1)) { 166bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fprintf(stderr, "dup2: %s\n", strerror(errno)); 167bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman _exit(1); 168bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 169bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[0]); 170bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[1]); 171bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, 172bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (char *) 0); 173bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, 174bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman strerror(errno)); 175bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman _exit(1); 176bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 177bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman close(pair[1]); 178bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fd = pair[0]; 179bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 180bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 181bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 182bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 183bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_add_provider(char *name, char *pin, Key ***keysp) 184bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 185bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Key *k; 186bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int i, nkeys; 187bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_char *blob; 188bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int blen; 189bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 190bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 191bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (fd < 0 && pkcs11_start_helper() < 0) 192bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (-1); 193bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 194bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 195bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH_AGENTC_ADD_SMARTCARD_KEY); 196bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, name); 197bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, pin); 198bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 199bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(&msg); 200bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 201bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) { 202bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman nkeys = buffer_get_int(&msg); 203bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *keysp = xcalloc(nkeys, sizeof(Key *)); 204bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman for (i = 0; i < nkeys; i++) { 205bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman blob = buffer_get_string(&msg, &blen); 206bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman xfree(buffer_get_string(&msg, NULL)); 207bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman k = key_from_blob(blob, blen); 208bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman wrap_key(k->rsa); 209bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman (*keysp)[i] = k; 210bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman xfree(blob); 211bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 212bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } else { 213bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman nkeys = -1; 214bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 215bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_free(&msg); 216bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (nkeys); 217bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 218bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 219bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 220bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanpkcs11_del_provider(char *name) 221bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 222bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret = -1; 223bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer msg; 224bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 225bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_init(&msg); 226bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_char(&msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY); 227bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, name); 228bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_put_cstring(&msg, ""); 229bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman send_msg(&msg); 230bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_clear(&msg); 231bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 232bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (recv_msg(&msg) == SSH_AGENT_SUCCESS) 233bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ret = 0; 234bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman buffer_free(&msg); 235bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (ret); 236bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 237bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 238bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif /* ENABLE_PKCS11 */ 239