sess_mgmt.c

IBM的Linux上的PKCS#11实现

// File: sess_mgmt.c
//

#include <windows.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <memory.h>

#include "pkcs11types.h"
#include "regress.h"


//
//
void dump_session_info( CK_SESSION_INFO *info )
{
   printf("   CK_SESSION_INFO:\n");
   printf("      slotID:         %d\n", info->slotID );
   printf("      state:          ");
   switch (info->state) {
      case CKS_RO_PUBLIC_SESSION:   printf("CKS_RO_PUBLIC_SESSION\n");
                                    break;
      case CKS_RW_PUBLIC_SESSION:   printf("CKS_RW_PUBLIC_SESSION\n");
                                    break;
      case CKS_RO_USER_FUNCTIONS:   printf("CKS_RO_USER_FUNCTIONS\n");
                                    break;
      case CKS_RW_USER_FUNCTIONS:   printf("CKS_RW_USER_FUNCTIONS\n");
                                    break;
      case CKS_RW_SO_FUNCTIONS:     printf("CKS_RW_SO_FUNCTIONS\n");
                                    break;
   }
   printf("      flags:          0x%0x\n", info->flags );
   printf("      ulDeviceError:  %d\n",    info->ulDeviceError );
}



//
//
int do_OpenSession( void )
{
   CK_SLOT_ID        slot_id;
   CK_FLAGS          flags;
   CK_SESSION_HANDLE handle;
   CK_RV             rc;

   printf("do_OpenSession...\n");

   slot_id = SLOT_ID;
   flags   = CKF_SERIAL_SESSION;   // read-only session

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &handle );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_CloseSession( handle );
   if (rc != CKR_OK) {
      show_error("   C_CloseSession #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");

   return TRUE;
}


//
//
int do_OpenSession2( void )
{
   CK_SLOT_ID        slot_id;
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h1, h2;
   CK_RV             rc;

   printf("do_OpenSession2...\n");

   slot_id = SLOT_ID;
   flags   = CKF_SERIAL_SESSION;   // read-only session

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   rc = funcs->C_CloseSession( h1 );
   if (rc != CKR_OK) {
      show_error("   C_CloseSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_CloseSession( h2 );
   if (rc != CKR_OK) {
      show_error("   C_CloseSession #2", rc );
      return FALSE;
   }

   printf("Looks okay...\n");

   return TRUE;
}


//
//
int do_CloseAllSessions( void )
{
   CK_SLOT_ID        slot_id;
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h1, h2, h3;
   CK_RV             rc;

   printf("do_CloseAllSessions...\n");

   slot_id = SLOT_ID;
   flags   = CKF_SERIAL_SESSION;   // read-only session

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h3 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #3", rc );
      return FALSE;
   }

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions", rc );
      return FALSE;
   }

   printf("Looks okay...\n");

   return TRUE;
}


//
//
int do_GetSessionInfo( void )
{
   CK_SLOT_ID        slot_id;
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h1, h2, h3;
   CK_SESSION_INFO   info;
   CK_RV             rc;

   printf("do_GetSessionInfo...\n");

   slot_id = SLOT_ID;
   flags   = CKF_SERIAL_SESSION;   // read-only session

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h3 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #3", rc );
      return FALSE;
   }

   rc = funcs->C_GetSessionInfo( h1, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #1", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_GetSessionInfo( h2, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #2", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_GetSessionInfo( h2, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #3", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions", rc );
      return FALSE;
   }

   printf("Looks okay...\n");

   return TRUE;
}



// This is a messy function but it does alot of tests:
//
//  1) Create 1 RO session and 2 RW sessions
//  2) Log the USER into session #1.  Verify that all 3 become USER sessions.
//  3) Try to login again, this time to session #2.  Verify that it fails
//  4) Logout session #1
//  5) Try to logout from session #2.  Verify that this fails.
//  6) Try to log the SO into session #1.  Verify that it fails (RO session exists)
//  7) Try to log the SO into session #2.  Verify that it fails (RO session exists)
//  8) Close all sessions
//  9) Creaate 2 RW sessions
//  A) Log the SO into one.  Verify that both are now SO sessions.
//  B) Create a 3rd RW session.  Verify that it immediately becomes an SO session
//  C) Try to create a RO session.  Verify that it fails (SO session exists)
//  D) Close all sessions and return
//
int do_LoginLogout( void )
{
   CK_SLOT_ID        slot_id;
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h1, h2, h3, h4;
   CK_SESSION_INFO   info;
   CK_RV             rc;
   CK_BYTE           user_pin[8];
   CK_ULONG          user_pin_len;
   CK_BYTE           so_pin[8];
   CK_ULONG          so_pin_len;

   printf("do_LoginLogout...\n");

   memcpy( user_pin, "12345678", 8 );
   memcpy( so_pin,   "87654321", 8 );
   user_pin_len = 8;
   so_pin_len   = 8;

   slot_id = SLOT_ID;
   flags   = CKF_SERIAL_SESSION;   // read-only session

   //
   // create 3 sessions.  1 RO, two RW
   //
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h3 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #3", rc );
      return FALSE;
   }

   //
   // log the first session in.  all sessions should become USER sessions
   //
   rc = funcs->C_Login( h1, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   rc = funcs->C_GetSessionInfo( h1, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #1", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_GetSessionInfo( h2, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #2", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_GetSessionInfo( h2, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #3", rc );
      return FALSE;
   }

   dump_session_info( &info );


   //
   // now, try to log in session #2.  this should fail (already logged in)
   //
   rc = funcs->C_Login( h2, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_USER_ALREADY_LOGGED_IN) {
      show_error("   C_Login #2", rc );
      printf("   Expected CKR_USER_ALREADY_LOGGED_IN\n");
      return FALSE;
   }

   //
   // now, try to logout twice
   //
   rc = funcs->C_Logout( h1 );
   if (rc != CKR_OK) {
      show_error("   C_Logout #1", rc );
      return FALSE;
   }

   rc = funcs->C_Logout( h2 );
   if (rc != CKR_USER_NOT_LOGGED_IN) {
      show_error("   C_Logout #2", rc );
      printf("   Expected CKR_USER_NOT_LOGGED_IN\n");
      return FALSE;
   }

   //
   // now, try to log the SO in.  this should fail since H1 is a RO session
   //
   rc = funcs->C_Login( h1, CKU_SO, so_pin, so_pin_len );
   if (rc != CKR_SESSION_READ_ONLY_EXISTS) {
      show_error("   C_Login #4", rc );
      printf("   Expected CKR_SESSION_READ_ONLY_EXISTS\n");
      return FALSE;
   }

   rc = funcs->C_Login( h2, CKU_SO, so_pin, so_pin_len );
   if (rc != CKR_SESSION_READ_ONLY_EXISTS) {
      show_error("   C_Login #5", rc );
      printf("   Expected CKR_SESSION_READ_ONLY_EXISTS\n");
      return FALSE;
   }

   //
   // log completely out
   //

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   //
   // now, start two RW sessions
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #4", rc );
      return FALSE;
   }

   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #5", rc );
      return FALSE;
   }

   //
   // now, try to log the SO in.  this should work
   //
   rc = funcs->C_Login( h1, CKU_SO, so_pin, so_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #6", rc );
      return FALSE;
   }