#include <config.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <isc/log.h>#include <isc/mem.h>#include <isc/once.h>#include <isc/platform.h>#include <isc/thread.h>#include <isc/util.h>#include <dst/result.h>#include <pk11/pk11.h>#include <pk11/internal.h>#include <pk11/result.h>#include <pkcs11/cryptoki.h>#include <pkcs11/pkcs11.h>Go to the source code of this file.
Data Structures | |
| struct | pk11_token |
Defines | |
| #define | PINLEN 256 |
| #define | PK11_NO_LOGERR 1 |
| #define | PK11_LIB_LOCATION "unknown_provider" |
| #define | SEEDSIZE 1024 |
| #define | DST_RET(a) { ret = a; goto err; } |
Typedefs | |
| typedef struct pk11_session | pk11_session_t |
| typedef struct pk11_token | pk11_token_t |
Functions | |
| typedef | ISC_LIST (pk11_session_t) |
| static | ISC_LIST (pk11_token_t) |
| void | pk11_set_lib_name (const char *name) |
| Function prototypes. | |
| const char * | pk11_get_lib_name (void) |
| static void | initialize (void) |
| void * | pk11_mem_get (size_t size) |
| void | pk11_mem_put (void *ptr, size_t size) |
| isc_result_t | pk11_initialize (isc_mem_t *mctx, const char *engine) |
| Initialize PKCS#11 device. | |
| isc_result_t | pk11_finalize (void) |
| Shut down PKCS#11 device and free all sessions. | |
| isc_result_t | pk11_rand_bytes (unsigned char *buf, int num) |
| void | pk11_rand_seed_fromfile (const char *randomfile) |
| isc_result_t | pk11_get_session (pk11_context_t *ctx, pk11_optype_t optype, isc_boolean_t need_services, isc_boolean_t rw, isc_boolean_t logon, const char *pin, CK_SLOT_ID slot) |
| Initialize PKCS#11 device and acquire a session. | |
| void | pk11_return_session (pk11_context_t *ctx) |
| Release an active PKCS#11 session for reuse. | |
| static isc_result_t | free_all_sessions (void) |
| static isc_result_t | free_session_list (pk11_sessionlist_t *slist) |
| static isc_result_t | setup_session (pk11_session_t *sp, pk11_token_t *token, isc_boolean_t rw) |
| static isc_result_t | token_login (pk11_session_t *sp) |
| static void | choose_slots (void) |
| CK_SLOT_ID | pk11_get_best_token (pk11_optype_t optype) |
| unsigned int | pk11_numbits (CK_BYTE_PTR data, unsigned int bytecnt) |
| CK_ATTRIBUTE * | pk11_attribute_first (const pk11_object_t *obj) |
| CK_ATTRIBUTE * | pk11_attribute_next (const pk11_object_t *obj, CK_ATTRIBUTE *attr) |
| CK_ATTRIBUTE * | pk11_attribute_bytype (const pk11_object_t *obj, CK_ATTRIBUTE_TYPE type) |
| static char * | percent_decode (char *x, size_t *len) |
| static isc_boolean_t | pk11strcmp (const char *x, size_t lenx, const char *y, size_t leny) |
| static CK_ATTRIBUTE * | push_attribute (pk11_object_t *obj, isc_mem_t *mctx, size_t len) |
| isc_result_t | pk11_parse_uri (pk11_object_t *obj, const char *label, isc_mem_t *mctx, pk11_optype_t optype) |
| void | pk11_error_fatalcheck (const char *file, int line, const char *funcname, CK_RV rv) |
| void | pk11_dump_tokens (void) |
Variables | |
| static isc_once_t | once = ISC_ONCE_INIT |
| static isc_mem_t * | pk11_mctx = NULL |
| static isc_int32_t | allocsize = 0 |
| static isc_boolean_t | initialized = ISC_FALSE |
| static const char * | lib_name = PK11_LIB_LOCATION |
| static CK_BYTE | seed [SEEDSIZE] |
| #define PINLEN 256 |
| #define PK11_LIB_LOCATION "unknown_provider" |
| #define SEEDSIZE 1024 |
| #define DST_RET | ( | a | ) | { ret = a; goto err; } |
| typedef struct pk11_session pk11_session_t |
| typedef struct pk11_token pk11_token_t |
| typedef ISC_LIST | ( | pk11_session_t | ) |
| static ISC_LIST | ( | pk11_token_t | ) | [static] |
| void pk11_set_lib_name | ( | const char * | lib_name | ) |
| const char* pk11_get_lib_name | ( | void | ) |
Definition at line 225 of file pk11.c.
References lib_name.
Referenced by pkcs_C_Initialize(), and pkcs_C_OpenSession().
| static void initialize | ( | void | ) | [static] |
Definition at line 230 of file pk11.c.
References isc_mutex_init, ISC_R_SUCCESS, lib_name, and RUNTIME_CHECK.
| void* pk11_mem_get | ( | size_t | size | ) |
Definition at line 242 of file pk11.c.
References allocsize, isc_mem_get, LOCK, and UNLOCK.
Referenced by choose_slots(), and pk11_get_session().
| void pk11_mem_put | ( | void * | ptr, | |
| size_t | size | |||
| ) |
Definition at line 261 of file pk11.c.
References allocsize, free(), isc_mem_put, LOCK, and UNLOCK.
Referenced by choose_slots(), free_session_list(), pk11_finalize(), and pk11_return_session().
| isc_result_t pk11_initialize | ( | isc_mem_t * | mctx, | |
| const char * | engine | |||
| ) |
Initialize PKCS#11 device.
mctx: memory context to attach to pk11_mctx. engine: PKCS#11 provider (aka library) path/name.
returns: ISC_R_SUCCESS PK11_R_NOPROVIDER: can't load the provider PK11_R_INITFAILED: C_Initialize() failed PK11_R_NORANDOMSERVICE: can't find required random service PK11_R_NODIGESTSERVICE: can't find required digest service PK11_R_NOAESSERVICE: can't find required AES service
Definition at line 276 of file pk11.c.
References allocsize, choose_slots(), CKR_OK, initialize(), initialized, ISC_LIST_INIT, isc_mem_attach(), isc_once_do, ISC_R_SUCCESS, ISC_TRUE, lib_name, LOCK, once, PK11_R_INITFAILED, PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, PK11_R_NOPROVIDER, PK11_R_NORANDOMSERVICE, pkcs_C_Initialize(), RUNTIME_CHECK, and UNLOCK.
Referenced by pk11_get_session().
| isc_result_t pk11_finalize | ( | void | ) |
Shut down PKCS#11 device and free all sessions.
Definition at line 336 of file pk11.c.
References free_all_sessions(), initialized, ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_detach(), NULL_PTR, pk11_mem_put(), pkcs_C_Finalize(), and token.
| isc_result_t pk11_rand_bytes | ( | unsigned char * | buf, | |
| int | num | |||
| ) |
Definition at line 372 of file pk11.c.
References CK_INVALID_HANDLE, CKR_OK, DST_R_CRYPTOFAILURE, ISC_FALSE, ISC_R_SUCCESS, OP_RAND, pk11_get_session(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, pk11_return_session(), pkcs_C_GenerateRandom(), RUNTIME_CHECK, and pk11_context::session.
Referenced by dst__entropy_getdata().
| void pk11_rand_seed_fromfile | ( | const char * | randomfile | ) |
Definition at line 398 of file pk11.c.
References CK_INVALID_HANDLE, cleanup(), ISC_FALSE, ISC_R_SUCCESS, isc_stdio_close(), isc_stdio_open(), isc_stdio_read(), OP_RAND, pk11_get_session(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, pk11_return_session(), pkcs_C_SeedRandom(), RUNTIME_CHECK, seed, SEEDSIZE, and pk11_context::session.
Referenced by isc_entropy_usebestsource().
| isc_result_t pk11_get_session | ( | pk11_context_t * | ctx, | |
| pk11_optype_t | optype, | |||
| isc_boolean_t | need_services, | |||
| isc_boolean_t | rw, | |||
| isc_boolean_t | logon, | |||
| const char * | pin, | |||
| CK_SLOT_ID | slot | |||
| ) |
Initialize PKCS#11 device and acquire a session.
need_services: if ISC_TRUE, this session requires full PKCS#11 API support including random and digest services, and the lack of these services will cause the session not to be initialized. If ISC_FALSE, the function will return an error code indicating the missing service, but the session will be usable for other purposes. rw: if ISC_TRUE, session will be read/write (useful for generating or destroying keys); otherwise read-only. login: indicates whether to log in to the device pin: optional PIN, overriding any PIN currently associated with the slot: device slot ID
Definition at line 430 of file pk11.c.
References CK_INVALID_HANDLE, pk11_context::handle, ISC_LINK_INIT, ISC_LIST_APPEND, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, ISC_R_NOMEMORY, ISC_R_NOTFOUND, ISC_R_RANGE, ISC_R_SUCCESS, LOCK, OP_AES, OP_ANY, OP_DIGEST, OP_RAND, pk11_token::operations, PINLEN, pk11_initialize(), pk11_mem_get(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, PK11_R_NORANDOMSERVICE, SES_MAGIC, pk11_context::session, setup_session(), token, token_login(), UNLOCK, and UNUSED.
Referenced by pk11_rand_bytes(), and pk11_rand_seed_fromfile().
| void pk11_return_session | ( | pk11_context_t * | ctx | ) |
Release an active PKCS#11 session for reuse.
Definition at line 548 of file pk11.c.
References CK_INVALID_HANDLE, pk11_context::handle, ISC_LIST_APPEND, ISC_LIST_UNLINK, LOCK, pk11_mem_put(), pk11_context::session, and UNLOCK.
Referenced by pk11_rand_bytes(), and pk11_rand_seed_fromfile().
| static isc_result_t free_all_sessions | ( | void | ) | [static] |
Definition at line 570 of file pk11.c.
References free_session_list(), ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_R_ADDRINUSE, ISC_R_SUCCESS, and token.
Referenced by pk11_finalize().
| static isc_result_t free_session_list | ( | pk11_sessionlist_t * | slist | ) | [static] |
Definition at line 592 of file pk11.c.
References CK_INVALID_HANDLE, CKR_OK, DST_R_CRYPTOFAILURE, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_UNLINK, ISC_R_SUCCESS, LOCK, pk11_mem_put(), pkcs_C_CloseSession(), and UNLOCK.
Referenced by free_all_sessions().
| static isc_result_t setup_session | ( | pk11_session_t * | sp, | |
| pk11_token_t * | token, | |||
| isc_boolean_t | rw | |||
| ) | [static] |
Definition at line 617 of file pk11.c.
References CKF_RW_SESSION, CKF_SERIAL_SESSION, CKR_OK, DST_R_CRYPTOFAILURE, ISC_R_SUCCESS, NULL_PTR, and pkcs_C_OpenSession().
Referenced by pk11_get_session().
| static isc_result_t token_login | ( | pk11_session_t * | sp | ) | [static] |
Definition at line 634 of file pk11.c.
References CKR_OK, CKU_USER, ISC_R_NOPERM, ISC_R_SUCCESS, ISC_TRUE, LOCK, pk11_error_fatalcheck(), pkcs_C_Login(), token, and UNLOCK.
Referenced by pk11_get_session().
| static void choose_slots | ( | void | ) | [static] |
Definition at line 658 of file pk11.c.
References CK_FALSE, CKF_DERIVE, CKF_DIGEST, CKF_ENCRYPT, CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_RNG, CKF_SIGN, CKF_VERIFY, CKM_AES_ECB, CKM_DH_PKCS_DERIVE, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_PARAMETER_GEN, CKM_DSA_KEY_PAIR_GEN, CKM_DSA_PARAMETER_GEN, CKM_DSA_SHA1, CKM_EC_KEY_PAIR_GEN, CKM_ECDSA, CKM_GOSTR3410_KEY_PAIR_GEN, CKM_GOSTR3410_WITH_GOSTR3411, CKM_GOSTR3411, CKM_MD5, CKM_MD5_HMAC, CKM_MD5_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_SHA1_RSA_PKCS, CKM_SHA224, CKM_SHA224_HMAC, CKM_SHA256, CKM_SHA256_HMAC, CKM_SHA256_RSA_PKCS, CKM_SHA384, CKM_SHA384_HMAC, CKM_SHA512, CKM_SHA512_HMAC, CKM_SHA512_RSA_PKCS, CKM_SHA_1, CKM_SHA_1_HMAC, CKR_OK, CK_MECHANISM_INFO::flags, CK_TOKEN_INFO::flags, ISC_LINK_INIT, ISC_LIST_APPEND, ISC_LIST_INIT, CK_TOKEN_INFO::label, pk11_token::magic, CK_TOKEN_INFO::manufacturerID, CK_TOKEN_INFO::model, NULL_PTR, OP_AES, OP_DH, OP_DIGEST, OP_DSA, OP_EC, OP_GOST, OP_RAND, OP_RSA, pk11_token::operations, PK11_FATALCHECK, pk11_mem_get(), pk11_mem_put(), pkcs_C_GetMechanismInfo(), pkcs_C_GetSlotList(), pkcs_C_GetTokenInfo(), RUNTIME_CHECK, CK_TOKEN_INFO::serialNumber, TOK_MAGIC, and token.
Referenced by pk11_initialize().
| CK_SLOT_ID pk11_get_best_token | ( | pk11_optype_t | optype | ) |
| unsigned int pk11_numbits | ( | CK_BYTE_PTR | data, | |
| unsigned int | bytecnt | |||
| ) |
| CK_ATTRIBUTE* pk11_attribute_first | ( | const pk11_object_t * | obj | ) |
Definition at line 938 of file pk11.c.
References pk11_object::repr.
Referenced by pk11_attribute_bytype().
| CK_ATTRIBUTE* pk11_attribute_next | ( | const pk11_object_t * | obj, | |
| CK_ATTRIBUTE * | attr | |||
| ) |
Definition at line 943 of file pk11.c.
References pk11_object::attrcnt, and pk11_object::repr.
Referenced by pk11_attribute_bytype().
| CK_ATTRIBUTE* pk11_attribute_bytype | ( | const pk11_object_t * | obj, | |
| CK_ATTRIBUTE_TYPE | type | |||
| ) |
Definition at line 953 of file pk11.c.
References pk11_attribute_first(), pk11_attribute_next(), and CK_ATTRIBUTE::type.
Referenced by pk11_parse_uri().
| static char* percent_decode | ( | char * | x, | |
| size_t * | len | |||
| ) | [static] |
| static isc_boolean_t pk11strcmp | ( | const char * | x, | |
| size_t | lenx, | |||
| const char * | y, | |||
| size_t | leny | |||
| ) | [static] |
Definition at line 1052 of file pk11.c.
References INSIST, and ISC_TF.
Referenced by pk11_parse_uri().
| static CK_ATTRIBUTE* push_attribute | ( | pk11_object_t * | obj, | |
| isc_mem_t * | mctx, | |||
| size_t | len | |||
| ) | [static] |
Definition at line 1065 of file pk11.c.
References pk11_object::attrcnt, isc_mem_get, isc_mem_put, CK_ATTRIBUTE::pValue, pk11_object::repr, and CK_ATTRIBUTE::ulValueLen.
Referenced by pk11_parse_uri().
| isc_result_t pk11_parse_uri | ( | pk11_object_t * | obj, | |
| const char * | label, | |||
| isc_mem_t * | mctx, | |||
| pk11_optype_t | optype | |||
| ) |
Definition at line 1098 of file pk11.c.
References CKA_ID, CKA_LABEL, DST_RET, ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, isc_mem_get, isc_mem_put, ISC_R_EOF, ISC_R_NOMEMORY, ISC_R_NOTFOUND, ISC_R_RANGE, ISC_R_SUCCESS, isc_stdio_close(), isc_stdio_open(), isc_stdio_read(), ISC_TRUE, OP_DH, OP_DSA, OP_EC, OP_RSA, percent_decode(), PINLEN, pk11_attribute_bytype(), PK11_R_NOPROVIDER, pk11strcmp(), push_attribute(), CK_ATTRIBUTE::pValue, pk11_object::reqlogon, pk11_object::slot, token, and CK_ATTRIBUTE::type.
| void pk11_error_fatalcheck | ( | const char * | file, | |
| int | line, | |||
| const char * | funcname, | |||
| CK_RV | rv | |||
| ) |
| void pk11_dump_tokens | ( | void | ) |
Definition at line 1268 of file pk11.c.
References ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_TRUE, OP_DH, OP_DIGEST, OP_DSA, OP_EC, OP_RAND, OP_RSA, pk11_token::operations, and token.
isc_once_t once = ISC_ONCE_INIT [static] |
isc_int32_t allocsize = 0 [static] |
Definition at line 144 of file pk11.c.
Referenced by pk11_initialize(), pk11_mem_get(), and pk11_mem_put().
isc_boolean_t initialized = ISC_FALSE [static] |
const char* lib_name = PK11_LIB_LOCATION [static] |
Definition at line 215 of file pk11.c.
Referenced by initialize(), pk11_get_lib_name(), pk11_initialize(), and pk11_set_lib_name().