pk11.c File Reference

#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/platform.h>
#include <isc/thread.h>
#include <isc/util.h>
#include <dst/result.h>
#include <pk11/pk11.h>
#include <pk11/internal.h>
#include <pk11/result.h>
#include <pkcs11/cryptoki.h>
#include <pkcs11/pkcs11.h>

Go to the source code of this file.

Data Structures

struct  pk11_token

Defines

#define PINLEN   256
#define PK11_NO_LOGERR   1
#define PK11_LIB_LOCATION   "unknown_provider"
#define SEEDSIZE   1024
#define DST_RET(a)   { ret = a; goto err; }

Typedefs

typedef struct pk11_session pk11_session_t
typedef struct pk11_token pk11_token_t

Functions

typedef ISC_LIST (pk11_session_t)
static ISC_LIST (pk11_token_t)
void pk11_set_lib_name (const char *name)
 Function prototypes.
const char * pk11_get_lib_name (void)
static void initialize (void)
void * pk11_mem_get (size_t size)
void pk11_mem_put (void *ptr, size_t size)
isc_result_t pk11_initialize (isc_mem_t *mctx, const char *engine)
 Initialize PKCS#11 device.
isc_result_t pk11_finalize (void)
 Shut down PKCS#11 device and free all sessions.
isc_result_t pk11_rand_bytes (unsigned char *buf, int num)
void pk11_rand_seed_fromfile (const char *randomfile)
isc_result_t pk11_get_session (pk11_context_t *ctx, pk11_optype_t optype, isc_boolean_t need_services, isc_boolean_t rw, isc_boolean_t logon, const char *pin, CK_SLOT_ID slot)
 Initialize PKCS#11 device and acquire a session.
void pk11_return_session (pk11_context_t *ctx)
 Release an active PKCS#11 session for reuse.
static isc_result_t free_all_sessions (void)
static isc_result_t free_session_list (pk11_sessionlist_t *slist)
static isc_result_t setup_session (pk11_session_t *sp, pk11_token_t *token, isc_boolean_t rw)
static isc_result_t token_login (pk11_session_t *sp)
static void choose_slots (void)
CK_SLOT_ID pk11_get_best_token (pk11_optype_t optype)
unsigned int pk11_numbits (CK_BYTE_PTR data, unsigned int bytecnt)
CK_ATTRIBUTEpk11_attribute_first (const pk11_object_t *obj)
CK_ATTRIBUTEpk11_attribute_next (const pk11_object_t *obj, CK_ATTRIBUTE *attr)
CK_ATTRIBUTEpk11_attribute_bytype (const pk11_object_t *obj, CK_ATTRIBUTE_TYPE type)
static char * percent_decode (char *x, size_t *len)
static isc_boolean_t pk11strcmp (const char *x, size_t lenx, const char *y, size_t leny)
static CK_ATTRIBUTEpush_attribute (pk11_object_t *obj, isc_mem_t *mctx, size_t len)
isc_result_t pk11_parse_uri (pk11_object_t *obj, const char *label, isc_mem_t *mctx, pk11_optype_t optype)
void pk11_error_fatalcheck (const char *file, int line, const char *funcname, CK_RV rv)
void pk11_dump_tokens (void)

Variables

static isc_once_t once = ISC_ONCE_INIT
static isc_mem_tpk11_mctx = NULL
static isc_int32_t allocsize = 0
static isc_boolean_t initialized = ISC_FALSE
static const char * lib_name = PK11_LIB_LOCATION
static CK_BYTE seed [SEEDSIZE]


Define Documentation

#define PINLEN   256

Definition at line 135 of file pk11.c.

Referenced by pk11_get_session(), and pk11_parse_uri().

#define PK11_NO_LOGERR   1

Definition at line 139 of file pk11.c.

#define PK11_LIB_LOCATION   "unknown_provider"

Definition at line 211 of file pk11.c.

Referenced by usage().

#define SEEDSIZE   1024

Definition at line 393 of file pk11.c.

Referenced by pk11_rand_seed_fromfile().

#define DST_RET (  )     { ret = a; goto err; }

Definition at line 1095 of file pk11.c.

Referenced by pk11_parse_uri().


Typedef Documentation

typedef struct pk11_session pk11_session_t

Definition at line 147 of file pk11.c.

typedef struct pk11_token pk11_token_t

Definition at line 148 of file pk11.c.


Function Documentation

typedef ISC_LIST ( pk11_session_t   ) 

Definition at line 149 of file pk11.c.

References ISC_LINK, pk11_token::magic, and token.

static ISC_LIST ( pk11_token_t   )  [static]

Definition at line 171 of file pk11.c.

References CKF_OS_LOCKING_OK, and NULL_PTR.

void pk11_set_lib_name ( const char *  lib_name  ) 

Function prototypes.

Set the PKCS#11 provider (aka library) path/name.

Definition at line 220 of file pk11.c.

References lib_name.

const char* pk11_get_lib_name ( void   ) 

Definition at line 225 of file pk11.c.

References lib_name.

Referenced by pkcs_C_Initialize(), and pkcs_C_OpenSession().

static void initialize ( void   )  [static]

Definition at line 230 of file pk11.c.

References isc_mutex_init, ISC_R_SUCCESS, lib_name, and RUNTIME_CHECK.

void* pk11_mem_get ( size_t  size  ) 

Definition at line 242 of file pk11.c.

References allocsize, isc_mem_get, LOCK, and UNLOCK.

Referenced by choose_slots(), and pk11_get_session().

void pk11_mem_put ( void *  ptr,
size_t  size 
)

Definition at line 261 of file pk11.c.

References allocsize, free(), isc_mem_put, LOCK, and UNLOCK.

Referenced by choose_slots(), free_session_list(), pk11_finalize(), and pk11_return_session().

isc_result_t pk11_initialize ( isc_mem_t mctx,
const char *  engine 
)

Initialize PKCS#11 device.

mctx: memory context to attach to pk11_mctx. engine: PKCS#11 provider (aka library) path/name.

returns: ISC_R_SUCCESS PK11_R_NOPROVIDER: can't load the provider PK11_R_INITFAILED: C_Initialize() failed PK11_R_NORANDOMSERVICE: can't find required random service PK11_R_NODIGESTSERVICE: can't find required digest service PK11_R_NOAESSERVICE: can't find required AES service

Definition at line 276 of file pk11.c.

References allocsize, choose_slots(), CKR_OK, initialize(), initialized, ISC_LIST_INIT, isc_mem_attach(), isc_once_do, ISC_R_SUCCESS, ISC_TRUE, lib_name, LOCK, once, PK11_R_INITFAILED, PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, PK11_R_NOPROVIDER, PK11_R_NORANDOMSERVICE, pkcs_C_Initialize(), RUNTIME_CHECK, and UNLOCK.

Referenced by pk11_get_session().

isc_result_t pk11_finalize ( void   ) 

Shut down PKCS#11 device and free all sessions.

Definition at line 336 of file pk11.c.

References free_all_sessions(), initialized, ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_detach(), NULL_PTR, pk11_mem_put(), pkcs_C_Finalize(), and token.

isc_result_t pk11_rand_bytes ( unsigned char *  buf,
int  num 
)

Definition at line 372 of file pk11.c.

References CK_INVALID_HANDLE, CKR_OK, DST_R_CRYPTOFAILURE, ISC_FALSE, ISC_R_SUCCESS, OP_RAND, pk11_get_session(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, pk11_return_session(), pkcs_C_GenerateRandom(), RUNTIME_CHECK, and pk11_context::session.

Referenced by dst__entropy_getdata().

void pk11_rand_seed_fromfile ( const char *  randomfile  ) 

Definition at line 398 of file pk11.c.

References CK_INVALID_HANDLE, cleanup(), ISC_FALSE, ISC_R_SUCCESS, isc_stdio_close(), isc_stdio_open(), isc_stdio_read(), OP_RAND, pk11_get_session(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, pk11_return_session(), pkcs_C_SeedRandom(), RUNTIME_CHECK, seed, SEEDSIZE, and pk11_context::session.

Referenced by isc_entropy_usebestsource().

isc_result_t pk11_get_session ( pk11_context_t ctx,
pk11_optype_t  optype,
isc_boolean_t  need_services,
isc_boolean_t  rw,
isc_boolean_t  logon,
const char *  pin,
CK_SLOT_ID  slot 
)

Initialize PKCS#11 device and acquire a session.

need_services: if ISC_TRUE, this session requires full PKCS#11 API support including random and digest services, and the lack of these services will cause the session not to be initialized. If ISC_FALSE, the function will return an error code indicating the missing service, but the session will be usable for other purposes. rw: if ISC_TRUE, session will be read/write (useful for generating or destroying keys); otherwise read-only. login: indicates whether to log in to the device pin: optional PIN, overriding any PIN currently associated with the slot: device slot ID

Definition at line 430 of file pk11.c.

References CK_INVALID_HANDLE, pk11_context::handle, ISC_LINK_INIT, ISC_LIST_APPEND, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, ISC_R_NOMEMORY, ISC_R_NOTFOUND, ISC_R_RANGE, ISC_R_SUCCESS, LOCK, OP_AES, OP_ANY, OP_DIGEST, OP_RAND, pk11_token::operations, PINLEN, pk11_initialize(), pk11_mem_get(), PK11_R_NOAESSERVICE, PK11_R_NODIGESTSERVICE, PK11_R_NORANDOMSERVICE, SES_MAGIC, pk11_context::session, setup_session(), token, token_login(), UNLOCK, and UNUSED.

Referenced by pk11_rand_bytes(), and pk11_rand_seed_fromfile().

void pk11_return_session ( pk11_context_t ctx  ) 

Release an active PKCS#11 session for reuse.

Definition at line 548 of file pk11.c.

References CK_INVALID_HANDLE, pk11_context::handle, ISC_LIST_APPEND, ISC_LIST_UNLINK, LOCK, pk11_mem_put(), pk11_context::session, and UNLOCK.

Referenced by pk11_rand_bytes(), and pk11_rand_seed_fromfile().

static isc_result_t free_all_sessions ( void   )  [static]

Definition at line 570 of file pk11.c.

References free_session_list(), ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_R_ADDRINUSE, ISC_R_SUCCESS, and token.

Referenced by pk11_finalize().

static isc_result_t free_session_list ( pk11_sessionlist_t *  slist  )  [static]

Definition at line 592 of file pk11.c.

References CK_INVALID_HANDLE, CKR_OK, DST_R_CRYPTOFAILURE, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_UNLINK, ISC_R_SUCCESS, LOCK, pk11_mem_put(), pkcs_C_CloseSession(), and UNLOCK.

Referenced by free_all_sessions().

static isc_result_t setup_session ( pk11_session_t sp,
pk11_token_t token,
isc_boolean_t  rw 
) [static]

Definition at line 617 of file pk11.c.

References CKF_RW_SESSION, CKF_SERIAL_SESSION, CKR_OK, DST_R_CRYPTOFAILURE, ISC_R_SUCCESS, NULL_PTR, and pkcs_C_OpenSession().

Referenced by pk11_get_session().

static isc_result_t token_login ( pk11_session_t sp  )  [static]

Definition at line 634 of file pk11.c.

References CKR_OK, CKU_USER, ISC_R_NOPERM, ISC_R_SUCCESS, ISC_TRUE, LOCK, pk11_error_fatalcheck(), pkcs_C_Login(), token, and UNLOCK.

Referenced by pk11_get_session().

static void choose_slots ( void   )  [static]

Definition at line 658 of file pk11.c.

References CK_FALSE, CKF_DERIVE, CKF_DIGEST, CKF_ENCRYPT, CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_RNG, CKF_SIGN, CKF_VERIFY, CKM_AES_ECB, CKM_DH_PKCS_DERIVE, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_PARAMETER_GEN, CKM_DSA_KEY_PAIR_GEN, CKM_DSA_PARAMETER_GEN, CKM_DSA_SHA1, CKM_EC_KEY_PAIR_GEN, CKM_ECDSA, CKM_GOSTR3410_KEY_PAIR_GEN, CKM_GOSTR3410_WITH_GOSTR3411, CKM_GOSTR3411, CKM_MD5, CKM_MD5_HMAC, CKM_MD5_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_SHA1_RSA_PKCS, CKM_SHA224, CKM_SHA224_HMAC, CKM_SHA256, CKM_SHA256_HMAC, CKM_SHA256_RSA_PKCS, CKM_SHA384, CKM_SHA384_HMAC, CKM_SHA512, CKM_SHA512_HMAC, CKM_SHA512_RSA_PKCS, CKM_SHA_1, CKM_SHA_1_HMAC, CKR_OK, CK_MECHANISM_INFO::flags, CK_TOKEN_INFO::flags, ISC_LINK_INIT, ISC_LIST_APPEND, ISC_LIST_INIT, CK_TOKEN_INFO::label, pk11_token::magic, CK_TOKEN_INFO::manufacturerID, CK_TOKEN_INFO::model, NULL_PTR, OP_AES, OP_DH, OP_DIGEST, OP_DSA, OP_EC, OP_GOST, OP_RAND, OP_RSA, pk11_token::operations, PK11_FATALCHECK, pk11_mem_get(), pk11_mem_put(), pkcs_C_GetMechanismInfo(), pkcs_C_GetSlotList(), pkcs_C_GetTokenInfo(), RUNTIME_CHECK, CK_TOKEN_INFO::serialNumber, TOK_MAGIC, and token.

Referenced by pk11_initialize().

CK_SLOT_ID pk11_get_best_token ( pk11_optype_t  optype  ) 

Definition at line 866 of file pk11.c.

References OP_AES, OP_DH, OP_DIGEST, OP_DSA, OP_EC, OP_GOST, OP_RAND, OP_RSA, and token.

unsigned int pk11_numbits ( CK_BYTE_PTR  data,
unsigned int  bytecnt 
)

Definition at line 903 of file pk11.c.

References INSIST.

CK_ATTRIBUTE* pk11_attribute_first ( const pk11_object_t obj  ) 

Definition at line 938 of file pk11.c.

References pk11_object::repr.

Referenced by pk11_attribute_bytype().

CK_ATTRIBUTE* pk11_attribute_next ( const pk11_object_t obj,
CK_ATTRIBUTE attr 
)

Definition at line 943 of file pk11.c.

References pk11_object::attrcnt, and pk11_object::repr.

Referenced by pk11_attribute_bytype().

CK_ATTRIBUTE* pk11_attribute_bytype ( const pk11_object_t obj,
CK_ATTRIBUTE_TYPE  type 
)

Definition at line 953 of file pk11.c.

References pk11_attribute_first(), pk11_attribute_next(), and CK_ATTRIBUTE::type.

Referenced by pk11_parse_uri().

static char* percent_decode ( char *  x,
size_t *  len 
) [static]

Definition at line 965 of file pk11.c.

References INSIST.

Referenced by pk11_parse_uri().

static isc_boolean_t pk11strcmp ( const char *  x,
size_t  lenx,
const char *  y,
size_t  leny 
) [static]

Definition at line 1052 of file pk11.c.

References INSIST, and ISC_TF.

Referenced by pk11_parse_uri().

static CK_ATTRIBUTE* push_attribute ( pk11_object_t obj,
isc_mem_t mctx,
size_t  len 
) [static]

Definition at line 1065 of file pk11.c.

References pk11_object::attrcnt, isc_mem_get, isc_mem_put, CK_ATTRIBUTE::pValue, pk11_object::repr, and CK_ATTRIBUTE::ulValueLen.

Referenced by pk11_parse_uri().

isc_result_t pk11_parse_uri ( pk11_object_t obj,
const char *  label,
isc_mem_t mctx,
pk11_optype_t  optype 
)

Definition at line 1098 of file pk11.c.

References CKA_ID, CKA_LABEL, DST_RET, ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, isc_mem_get, isc_mem_put, ISC_R_EOF, ISC_R_NOMEMORY, ISC_R_NOTFOUND, ISC_R_RANGE, ISC_R_SUCCESS, isc_stdio_close(), isc_stdio_open(), isc_stdio_read(), ISC_TRUE, OP_DH, OP_DSA, OP_EC, OP_RSA, percent_decode(), PINLEN, pk11_attribute_bytype(), PK11_R_NOPROVIDER, pk11strcmp(), push_attribute(), CK_ATTRIBUTE::pValue, pk11_object::reqlogon, pk11_object::slot, token, and CK_ATTRIBUTE::type.

void pk11_error_fatalcheck ( const char *  file,
int  line,
const char *  funcname,
CK_RV  rv 
)

Definition at line 1261 of file pk11.c.

References isc_error_fatal().

Referenced by token_login().

void pk11_dump_tokens ( void   ) 

Definition at line 1268 of file pk11.c.

References ISC_FALSE, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_TRUE, OP_DH, OP_DIGEST, OP_DSA, OP_EC, OP_RAND, OP_RSA, pk11_token::operations, and token.


Variable Documentation

isc_once_t once = ISC_ONCE_INIT [static]

Definition at line 142 of file pk11.c.

isc_mem_t* pk11_mctx = NULL [static]

Definition at line 143 of file pk11.c.

isc_int32_t allocsize = 0 [static]

Definition at line 144 of file pk11.c.

Referenced by pk11_initialize(), pk11_mem_get(), and pk11_mem_put().

isc_boolean_t initialized = ISC_FALSE [static]

Definition at line 145 of file pk11.c.

Referenced by pk11_finalize(), and pk11_initialize().

const char* lib_name = PK11_LIB_LOCATION [static]

Definition at line 215 of file pk11.c.

Referenced by initialize(), pk11_get_lib_name(), pk11_initialize(), and pk11_set_lib_name().

CK_BYTE seed[SEEDSIZE] [static]

Definition at line 395 of file pk11.c.

Referenced by pk11_rand_seed_fromfile().


Generated on Tue Apr 28 17:41:18 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha