/* * Helper functions */ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id) { PKCS11_SLOT_private *priv; CK_SLOT_INFO info; int rv; rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info)); CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv); priv = OPENSSL_malloc(sizeof(PKCS11_SLOT_private)); if (priv == NULL) return -1; memset(priv, 0, sizeof(PKCS11_SLOT_private)); priv->parent = ctx; priv->id = id; priv->forkid = PRIVCTX(ctx)->forkid; priv->prev_rw = 0; priv->prev_pin = NULL; priv->prev_so = 0; priv->lockid = CRYPTO_get_new_dynlockid(); slot->description = PKCS11_DUP(info.slotDescription); slot->manufacturer = PKCS11_DUP(info.manufacturerID); slot->removable = (info.flags & CKF_REMOVABLE_DEVICE) ? 1 : 0; slot->_private = priv; if ((info.flags & CKF_TOKEN_PRESENT) && pkcs11_check_token(ctx, slot)) return -1; return 0; }
/* * Load the shared library, and initialize it. */ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name) { PKCS11_CTX_private *priv = PRIVCTX(ctx); CK_C_INITIALIZE_ARGS args; CK_INFO ck_info; int rv; if (priv->libinfo != NULL) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_MODULE_LOADED_ERROR); return -1; } handle = C_LoadModule(name, &priv->method); if (!handle) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR); return -1; } /* Tell the PKCS11 to initialize itself */ memset(&args, 0, sizeof(args)); args.pReserved = priv->init_args; rv = priv->method->C_Initialize(&args); if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv); return -1; } /* Get info on the library */ rv = priv->method->C_GetInfo(&ck_info); CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv); ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID); ctx->description = PKCS11_DUP(ck_info.libraryDescription); return 0; }
static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot) { PKCS11_SLOT_private *priv = PRIVSLOT(slot); PKCS11_TOKEN_private *tpriv; CK_TOKEN_INFO info; int rv; if (slot->token) { pkcs11_destroy_token(slot->token); } else { slot->token = OPENSSL_malloc(sizeof(PKCS11_TOKEN)); if (slot->token == NULL) return -1; memset(slot->token, 0, sizeof(PKCS11_TOKEN)); } rv = CRYPTOKI_call(ctx, C_GetTokenInfo(priv->id, &info)); if (rv == CKR_TOKEN_NOT_PRESENT || rv == CKR_TOKEN_NOT_RECOGNIZED) { OPENSSL_free(slot->token); slot->token = NULL; return 0; } CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHECK_TOKEN, rv); /* We have a token */ tpriv = OPENSSL_malloc(sizeof(PKCS11_TOKEN_private)); if (tpriv == NULL) return -1; memset(tpriv, 0, sizeof(PKCS11_TOKEN_private)); tpriv->parent = slot; tpriv->prv.keys = NULL; tpriv->prv.num = -1; tpriv->pub.keys = NULL; tpriv->pub.num = -1; tpriv->ncerts = -1; slot->token->label = PKCS11_DUP(info.label); slot->token->manufacturer = PKCS11_DUP(info.manufacturerID); slot->token->model = PKCS11_DUP(info.model); slot->token->serialnr = PKCS11_DUP(info.serialNumber); slot->token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0; slot->token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0; slot->token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0; slot->token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0; slot->token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0; slot->token->hasRng = (info.flags & CKF_RNG) ? 1 : 0; slot->token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0; slot->token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0; slot->token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0; slot->token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0; slot->token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0; slot->token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0; slot->token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0; slot->token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0; slot->token->_private = tpriv; return 0; }
/* * Load the shared library, and initialize it. */ int pkcs11_CTX_load(PKCS11_CTX * ctx, const char *name) { PKCS11_CTX_private *cpriv = PRIVCTX(ctx); CK_C_INITIALIZE_ARGS _args; CK_C_INITIALIZE_ARGS *args = NULL; CK_INFO ck_info; int rv; cpriv->handle = C_LoadModule(name, &cpriv->method); if (cpriv->handle == NULL) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR); return -1; } /* Tell the PKCS11 to initialize itself */ if (cpriv->init_args != NULL) { memset(&_args, 0, sizeof(_args)); args = &_args; /* Unconditionally say using OS locking primitives is OK */ args->flags |= CKF_OS_LOCKING_OK; args->pReserved = cpriv->init_args; } rv = cpriv->method->C_Initialize(args); if (rv && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, rv); return -1; } /* Get info on the library */ rv = cpriv->method->C_GetInfo(&ck_info); CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv); ctx->manufacturer = PKCS11_DUP(ck_info.manufacturerID); ctx->description = PKCS11_DUP(ck_info.libraryDescription); return 0; }