login.c

IBM的Linux上的PKCS#11实现

/*
 * openCryptoki testcase
 * - Tests the new login flags for v2.11
 *
 * Feb 12, 2002
 * Kent Yoder <yoder1@us.ibm.com>
 *
 */

#include <stdio.h>
#include <string.h>
#include <dlfcn.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>

#include "pkcs11types.h"

#define BAD_USER_PIN		"534566346"
#define BAD_USER_PIN_LEN	strlen(BAD_USER_PIN)
#define GOOD_USER_PIN		"12345678"
#define GOOD_USER_PIN_LEN	8

void oc_err_msg(char *, CK_RV);
int do_GetFunctionList(void);
int clean_up(void);

CK_SLOT_ID		slot_id;
CK_FUNCTION_LIST	*funcs;
CK_SESSION_HANDLE	session_handle;
CK_SESSION_INFO		si;
CK_TOKEN_INFO		ti;

void *dl_handle;

int main(int argc, char **argv)
{
	int i;
	CK_RV rc;
	CK_C_INITIALIZE_ARGS initialize_args;

	/* Set default slot to 0 */
	slot_id = 0;
	
	/* Parse the command line */
	for( i = 1; i < argc; i++ ) {
		if(strncmp(argv[i], "-slot", 5) == 0) {
			slot_id = atoi(argv[i + 1]);
			i++;
			break;
		}
	}
	
	printf("Using slot %d...\n\n", slot_id);
	
	if(do_GetFunctionList())
		return -1;
	
	/* There will be no multi-threaded Cryptoki access in this app */
	memset( &initialize_args, 0, sizeof(initialize_args) );
	memset( &si, 0, sizeof(CK_SESSION_INFO) );
	
	if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) {
		oc_err_msg("C_Initialize", rc);
		return;
	}

	//
	// Tests:
	//
	// 1. Open Session
	// 2. Check that the session looks normal
	// 3. Login/Logout as USER with correct PIN
	// 4. Login as USER with an incorrect PIN
	// 5. Check that USER PIN COUNT LOW set
	// 6. Login as USER with an incorrect PIN
	// 7. Check that USER PIN LAST TRY set
	// 8. Login correctly
	// 9. Check that flags are reset
	// 10. Try to set a new PIN, but with newPIN == oldPIN
	// 11. Check that we get CKR_PIN_INVALID
	// 12. Login as USER with an incorrect PIN
	// 13. Check that USER PIN COUNT LOW set
	// 14. Login as USER with an incorrect PIN
	// 15. Check that USER PIN LAST TRY set
	// 16. Login as USER with incorrect PIN
	// 17. Check that USER PIN LOCKED set
	// 

	/* 1. Open a session with the token */
	if( (rc = funcs->C_OpenSession(slot_id, 
					(CKF_SERIAL_SESSION|CKF_RW_SESSION), 
					NULL_PTR, 
					NULL_PTR, 
					&session_handle)) != CKR_OK ) {
		oc_err_msg("C_OpenSession #1", rc);
		goto done;
	}

	
	if( (rc = funcs->C_GetSessionInfo(session_handle, &si)) != CKR_OK) {
		oc_err_msg("C_GetSessionInfo #1", rc);
		goto session_close;
	}

	/* 2. Test the slot_id change.  This used to be hard coded to 1. 
	 * It should now be the slot number of the token we're using 
	 */
	if(si.slotID != slot_id) {
		printf("Test #2 failed. Slot ID was %d, expected %d\n", si.slotID, slot_id);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		oc_err_msg("C_GetTokenInfo #2", rc);
		goto session_close;
	}

	if(ti.flags & CKF_USER_PIN_LOCKED) {
		printf("The USER's PIN is locked for the token in slot %d.\n"
			"Please reset the USER's PIN and re-run this test.\n", slot_id);
		goto session_close;
	}

	if(!(ti.flags & CKF_TOKEN_INITIALIZED)) {
		printf("The token in slot %d is uninitialized.\n", slot_id);
		goto session_close;
	}

	// 3. Login/Logout with correct USER PIN
	rc = funcs->C_Login(session_handle, CKU_USER, GOOD_USER_PIN, GOOD_USER_PIN_LEN);
	if( rc != CKR_OK ) {
		oc_err_msg("C_Login #3", rc);
		goto session_close;
	}
	
	rc = funcs->C_Logout(session_handle);
	if( rc != CKR_OK ) {
		oc_err_msg("C_Logout #3", rc);
		goto session_close;
	}

	
	// 4. Login as USER with an incorrect PIN
	rc = funcs->C_Login(session_handle, CKU_USER, BAD_USER_PIN, BAD_USER_PIN_LEN);
	if( rc != CKR_PIN_INCORRECT ) {
		oc_err_msg("Test #4", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		oc_err_msg("C_GetTokenInfo #4", rc);
		goto session_close;
	}

	// 5. Check that USER PIN COUNT LOW set
	if(((ti.flags & CKF_USER_PIN_COUNT_LOW) == 0) || 
		(ti.flags & CKF_USER_PIN_FINAL_TRY)   ||
		(ti.flags & CKF_USER_PIN_LOCKED)) {
		printf("Test #5 failed. Token flags: 0x%x.\n", ti.flags);
		goto session_close;
	}

	// 6. Login as USER with an incorrect PIN
	rc = funcs->C_Login(session_handle, CKU_USER, BAD_USER_PIN, BAD_USER_PIN_LEN);
	if( rc != CKR_PIN_INCORRECT ) {
		oc_err_msg("C_Login #6", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		oc_err_msg("C_GetTokenInfo #6", rc);
		goto session_close;
	}

	// 7. Check that USER PIN LAST TRY set
	if((ti.flags & CKF_USER_PIN_COUNT_LOW) || 
		((ti.flags & CKF_USER_PIN_FINAL_TRY) == 0) ||
		(ti.flags & CKF_USER_PIN_LOCKED)) {
		printf("Test #7 failed. Token flags: %d.\n", ti.flags);
		goto session_close;
	}
	
	// 8. Login correctly
	rc = funcs->C_Login(session_handle, CKU_USER, GOOD_USER_PIN, GOOD_USER_PIN_LEN);
	if( rc != CKR_OK ) {
		oc_err_msg("C_Login #8", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		oc_err_msg("C_GetTokenInfo #8", rc);
		goto session_close;
	}

	// 9. Check that flags are reset
	if((ti.flags & CKF_USER_PIN_COUNT_LOW) || 
		(ti.flags & CKF_USER_PIN_FINAL_TRY)  ||
		(ti.flags & CKF_USER_PIN_LOCKED) ) {

		printf("Test #9 failed. Token flags: %d.\n", ti.flags);
		goto session_close;
	}

        // 10. Try to set a new PIN, but with newPIN == oldPIN
	// 11. Check that we get CKR_PIN_INVALID
	rc = funcs->C_SetPIN(session_handle, GOOD_USER_PIN, GOOD_USER_PIN_LEN,
       				GOOD_USER_PIN, GOOD_USER_PIN_LEN);
	if(rc != CKR_PIN_INVALID) {
		oc_err_msg("Test #10", rc);
		goto session_close;
	}