/*
* Helper functions
*/
static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
{
PKCS11_SLOT_private *priv;
CK_SLOT_INFO info;
int rv;
rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
priv = OPENSSL_malloc(sizeof(PKCS11_SLOT_private));
if (priv == NULL)
return -1;
memset(priv, 0, sizeof(PKCS11_SLOT_private));
priv->parent = ctx;
priv->id = id;
priv->forkid = PRIVCTX(ctx)->forkid;
priv->prev_rw = 0;
priv->prev_pin = NULL;
priv->prev_so = 0;
priv->lockid = CRYPTO_get_new_dynlockid();
slot->description = PKCS11_DUP(info.slotDescription);
slot->manufacturer = PKCS11_DUP(info.manufacturerID);
slot->removable = (info.flags & CKF_REMOVABLE_DEVICE) ? 1 : 0;
slot->_private = priv;
if ((info.flags & CKF_TOKEN_PRESENT) && pkcs11_check_token(ctx, slot))
return -1;
return 0;
}
/*
* Load the shared library, and initialize it.
*/
int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
{
PKCS11_CTX_private *priv = PRIVCTX(ctx);
CK_C_INITIALIZE_ARGS args;
CK_INFO ck_info;
int rv;
if (priv->libinfo != NULL) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_MODULE_LOADED_ERROR);
return -1;
}
handle = C_LoadModule(name, &priv->method);
if (!handle) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR);
return -1;
}
/* Tell the PKCS11 to initialize itself */
memset(&args, 0, sizeof(args));
args.pReserved = priv->init_args;
rv = priv->method->C_Initialize(&args);
if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv);
return -1;
}
/* Get info on the library */
rv = priv->method->C_GetInfo(&ck_info);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv);
ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID);
ctx->description = PKCS11_DUP(ck_info.libraryDescription);
return 0;
}
static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
{
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
PKCS11_TOKEN_private *tpriv;
CK_TOKEN_INFO info;
int rv;
if (slot->token) {
pkcs11_destroy_token(slot->token);
} else {
slot->token = OPENSSL_malloc(sizeof(PKCS11_TOKEN));
if (slot->token == NULL)
return -1;
memset(slot->token, 0, sizeof(PKCS11_TOKEN));
}
rv = CRYPTOKI_call(ctx, C_GetTokenInfo(priv->id, &info));
if (rv == CKR_TOKEN_NOT_PRESENT || rv == CKR_TOKEN_NOT_RECOGNIZED) {
OPENSSL_free(slot->token);
slot->token = NULL;
return 0;
}
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHECK_TOKEN, rv);
/* We have a token */
tpriv = OPENSSL_malloc(sizeof(PKCS11_TOKEN_private));
if (tpriv == NULL)
return -1;
memset(tpriv, 0, sizeof(PKCS11_TOKEN_private));
tpriv->parent = slot;
tpriv->prv.keys = NULL;
tpriv->prv.num = -1;
tpriv->pub.keys = NULL;
tpriv->pub.num = -1;
tpriv->ncerts = -1;
slot->token->label = PKCS11_DUP(info.label);
slot->token->manufacturer = PKCS11_DUP(info.manufacturerID);
slot->token->model = PKCS11_DUP(info.model);
slot->token->serialnr = PKCS11_DUP(info.serialNumber);
slot->token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
slot->token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
slot->token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
slot->token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
slot->token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
slot->token->hasRng = (info.flags & CKF_RNG) ? 1 : 0;
slot->token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
slot->token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
slot->token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
slot->token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0;
slot->token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0;
slot->token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0;
slot->token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0;
slot->token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0;
slot->token->_private = tpriv;
return 0;
}
/*
* Load the shared library, and initialize it.
*/
int pkcs11_CTX_load(PKCS11_CTX * ctx, const char *name)
{
PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
CK_C_INITIALIZE_ARGS _args;
CK_C_INITIALIZE_ARGS *args = NULL;
CK_INFO ck_info;
int rv;
cpriv->handle = C_LoadModule(name, &cpriv->method);
if (cpriv->handle == NULL) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR);
return -1;
}
/* Tell the PKCS11 to initialize itself */
if (cpriv->init_args != NULL) {
memset(&_args, 0, sizeof(_args));
args = &_args;
/* Unconditionally say using OS locking primitives is OK */
args->flags |= CKF_OS_LOCKING_OK;
args->pReserved = cpriv->init_args;
}
rv = cpriv->method->C_Initialize(args);
if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv);
return -1;
}
/* Get info on the library */
rv = cpriv->method->C_GetInfo(&ck_info);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv);
ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID);
ctx->description = PKCS11_DUP(ck_info.libraryDescription);
return 0;
}
