[xmlsec] Re: get PKCS11 slot

Tejkumar Arora tej at netscape.com
Wed Jun 18 21:27:34 PDT 2003 

Andrew Fan wrote:

 >
 >
 > Aleksey Sanin wrote:
 >
 > > Andrew,
 > >
 > > First of all, please use xmlsec mailing list for any questions
 > > regarding xmlsec.
 > > Otherwise, you messages have a very good chance to go to my trash
 > (sorry,
 > > I recieve too many spam).
 > >
 > > Probably the simplest solution to your problem would be to have a
 > special
 > > NSS specific function "SetSlot" that will set slot in
 > > xmlSecNssEvpBlockCipherCtx
 > > structure. Later on, xmlSecNssEvpBlockCipherCtxInit() would use either
 > > this
 > > slot or call GetBestSlot(). This would change an internal xmlsec-nss
 > > structure
 > > not visible to user and I don't see any backward compatibility
 > problems.
 >
 > Because the KeyData( Transform ) is intialized from an global list(
 > xmlSecAllKeyDataIds/xmlSecAllTransformIds ), I can not forecast when and
 > how the intiailization taken place,  so I can not directly set slot
 > in xmlSecNssEvpBlockCipherCtx  in my application, some internal
 > functions maybe swallow or ignore my settings in
 > xmlSecNssEvpBlockCipherCtx .
 >
 > I think, the way is set something global, such as the global PK11Slot,
 > the function "SetSlot" and "GetSlot" access the global stuff in order to
 > set or get a slot. xmlSecNssEvpBlockCipherCtxInit() , if GetSlot gets
 > nothing, would use the GetBestSlot, otherwise, use the slot gotten by
 > "GetSlot".
 >
 > Global variable is not a good choice. Do you have any excellent
 > suggestions?
 >
 > Regards,
 > Andrew


Application callbacks would be a good way.
Whenenver the crypto code needs to determine a slot, it
can invoke a callback, whose signature is similar to GetBestSlot.
If the callback is not specified, it can just use GetBestSlot.

  -Tej

 >
 > >
 > >
 > > Aleksey
 > >
 > >
 > >
 > > Andrew Fan wrote:
 > >
 > >> Hi Aleksey,
 > >>
 > >> In the crypto engine implementation on NSS, you use the interface:
 > >> PK11_GetBestSlot to initialize a slot( in cipher.c ). I think, if  a
 > >> Kalss, such as xmlSecNssAes128CbcKlass can accept a parameter(
 > >> PK11SlotInfo* ), it'll be better. Because a user maybe want to use a
 > >> particular slot instead of the default ones. PK11-GetBestSlot can not
 > >> tie to a particular slot, I think.
 > >>
 > >> If I correct, how can I feed the parameter( PK11SlotInfo* ) into a
 > >> certain Klass?
 > >>
 > >> Thanks & Regards,
 > >> Andrew
 > >
 > >
 > >
 >
 >
 > _______________________________________________
 > xmlsec mailing list
 > xmlsec at aleksey.com
 > http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list