Filter
Top Products
Chapter 4 Using Crypto-C 135
Using Cryptographic Hardware
Using a PKCS #11 Device with Crypto-C
If you want to have Crypto-C use a PKCS #11 device to perform the crypto, you must
first build a hardware chooser. To do that, call,
B_CreateHardwareChooser.
The call to the
B_CreateHardwareChooser routine will create a brand new chooser. It
will contain all the AMs in the original chooser, plus new ones created "on-the-fly"
that will call down to the desired PKCS #11 token. If the function cannot create a
hardware version of the desired AM, it will find a software version in
RSA_GEN_SW_CHOOSER. If the software chooser is NULL_PTR or does not contain an AM
that can be used as a replacement for the desired hardware AM, the function will
return an error.
B_ALGORITHM_METHOD *RSA_GEN_HW_CHOOSER[] = {
(B_ALGORITHM_METHOD *)&AM_PKCS11_RSA_KEY_GEN,
(B_ALGORITHM_METHOD *)NULL_PTR
};
B_ALGORITHM_METHOD *RSA_GEN_SW_CHOOSER[] = {
&AM_RSA_KEY_GEN,
(B_ALGORITHM_METHOD *)NULL_PTR
};
B_ALGORITHM_CHOOSER *hwChooserGen =
(B_ALGORITHM_CHOOSER)NULL_PTR;
B_PKCS11_SESSION p11Session;
unsigned char passPhrase[8] = {
'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
};
p11Session.sessionHandle = 0;
p11Session.passPhrase.data = passPhrase;
p11Session.passPhrase.len = 8;
p11Session.cryptokiFunctions = NULL_PTR;
p11Session.libraryName = (char *)"p11DLLName";
p11Session.tokenLabel.data = (unsigned char *)"myToken";
p11Session.tokenLabel.len =
T_strlen ((char *) p11Session.tokenLabel.data);
p11Session.surrenderContext = (A_SURRENDER_CTX *)NULL_PTR;
if ((status = B_CreateHardwareChooser
(RSA_GEN_HW_CHOOSER, &hwChooserGen,
RSA_GEN_SW_CHOOSER, HI_PKCS11Session,
(POINTER)&p11Info)) != 0)
break;