pkcsconf.c

IBM的Linux上的PKCS#11实现

   /* Strip the carage return from the user input (it is not part of the PIN)
    * and put the PIN in the return buffer */
   buff[count-1] =  '\0'; //NULL; 
   strncpy(*pin, buff, strlen(buff)+1); // keep the trailing null for the strlen
}

int
echo(int bool){
   struct termios term;

   /* flush standard out to make sure everything that needs to be displayed has
    * been displayed */
   fflush(stdout);

   /* get the current terminal attributes */
   if (tcgetattr(STDIN_FILENO, &term) != 0)
      return -1;

   /* Since we are calling this function we must want to read in a char at a
    * time.  Therefore set the cc structure before setting the terminal attrs */
   term.c_cc[VMIN] = 1;
   term.c_cc[VTIME] = 0;

   /* If we are turning off the display of input characters AND with the inverse
    * of the ECHO mask, if we are turning on the display OR with the ECHO mask. 
    * We also set if we are reading in canonical or noncanonical mode.  */
   if (bool)
      term.c_lflag |= (ECHO | ICANON);
   else
      term.c_lflag &= ~(ECHO | ICANON);

   /* Set the attributes, and flush the streams so that any input already
    * displayed on the terminal is invalid */
   if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &term) != 0)
      return -1;
}

#if SHM
void
display_shared_memory(void){
   int lcv;  // Loop control variable

   /* display message headers */
   printf(PKCSINIT_MSG(SHMEM, "Shared Memory Data\n"));
   printf(PKCSINIT_MSG(SLOTNUMS, "\tNumber of Slots: %d\n"), shmp->num_slots);

   /* go through all the slots and display the shared memeory information */
   for (lcv = 0; lcv < shmp->num_slots; lcv++) {
      printf("\n");
      printf(PKCSINIT_MSG(SLOTNUM, "\tSlot Number: %d\n"),
               shmp->slot_info[lcv].slot_number);
      printf(PKCSINIT_MSG(PRESENT, "\tPresent: %d\n"), shmp->slot_info[lcv].present);
      printf(PKCSINIT_MSG(DLLLOC, "\tDLL Location: %s\n"),
            shmp->slot_info[lcv].dll_location);
      printf(PKCSINIT_MSG(INITFCN, "\tInit Function: %s\n"),
            shmp->slot_info[lcv].slot_init_fcn);
      printf(PKCSINIT_MSG(COORELATE, "\tCoorelator: %s\n"),
            shmp->slot_info[lcv].correlator);
      printf(PKCSINIT_MSG(GLOBAL, "\tGlobal Sessions: 0x%X\n"),
            shmp->slot_info[lcv].global_sessions);
   }
}
#endif

CK_RV
display_pkcs11_info(void){

   CK_RV rc;
   CK_INFO CryptokiInfo;

   /* Get the PKCS11 infomation structure and if fails print message */
   rc = FunctionPtr->C_GetInfo(&CryptokiInfo);
   if (rc != CKR_OK) {
      printf(PKCSINIT_MSG(INFOERROR, "Error getting PKCS#11 info: 0x%X\n"), rc);
      return rc;
   }

   /* display the header and information */
   printf(PKCSINIT_MSG(PKCSINFO, "PKCS#11 Info\n"));
   printf(PKCSINIT_MSG(VERSION, "\tVersion %d.%d \n"), CryptokiInfo.cryptokiVersion.major,
         CryptokiInfo.cryptokiVersion.minor);
   printf(PKCSINIT_MSG(MANUFACT, "\tManufacturer: %32s \n"), CryptokiInfo.manufacturerID);
   printf(PKCSINIT_MSG(FLAGS, "\tFlags: 0x%X  \n"), CryptokiInfo.flags);
   printf(PKCSINIT_MSG(LIBDESCRIPT, "\tLibrary Description: %32s \n"),
         CryptokiInfo.libraryDescription);
   printf(PKCSINIT_MSG(LIBVERSION, "\tLibrary Version %d.%d \n"),
         CryptokiInfo.libraryVersion.major,
         CryptokiInfo.libraryVersion.minor);
}

CK_RV
get_slot_list(int cond, CK_CHAR_PTR slot){
   int                   lcv;                  // Loop control variable
   CK_RV                 rc;                   // Return Code
   CK_SLOT_ID_PTR        TempSlotList = NULL;  // Temporary Slot List

   /* Find out how many tokens are present in slots */
   rc = FunctionPtr->C_GetSlotList(TRUE, NULL_PTR, &SlotCount);
   if (rc != CKR_OK) {
      printf(PKCSINIT_MSG(SLOTERROR, "Error getting number of slots: 0x%X\n"), rc);
      return rc;
   }

   if (SlotCount == 0) {
      printf("C_GetSlotCount returned 0 slots. Check that your tokens"
		" are installed correctly.\n");
      return -ENODEV;
   }

   /* Allocate enough space for the slots information */
   SlotList = (CK_SLOT_ID_PTR) malloc(SlotCount * sizeof(CK_SLOT_ID));

   rc = FunctionPtr->C_GetSlotList(TRUE, SlotList, &SlotCount);
   if (rc != CKR_OK) {
      printf(PKCSINIT_MSG(LISTERROR, "Error getting slot list: 0x%X\n"), rc);
      return rc;
   }

   /* If the conditional variable cond is true then slot should
    * contain a char string representing a slot number to examine.
    * The validate_slot function has already been run, therefore we now that
    * the slot exsists in the system. */
   if (cond) {

      /* NOTE: This function changes slot list to not be the PKCS11 slot list,
       * but instead the list of slots which we are going to be working with.
       * This allows us to do the same operation on multiple slots; however, the
       * configuration routines currently expect only one slot to be passed in
       * with the -c flag.  Therefore, the slot list will contain only the slot
       * passed in with the -c flag. */

      TempSlotList = (CK_SLOT_ID_PTR) malloc(sizeof(CK_SLOT_ID));

      /* The validate_slot function set the variable in_slot to tell
       * us the array position of the passed in card.  We can therefore
       * use this position and assume it is valid. */
      *TempSlotList = SlotList[in_slot];

      free (SlotList);
      SlotList = (CK_SLOT_ID_PTR) malloc(sizeof(CK_SLOT_ID));

      *SlotList = *TempSlotList;
      SlotCount = 1;

      free (TempSlotList);
   }

   return CKR_OK;
}

CK_RV
display_mechanism_info(void){
   CK_RV          rc;                  // Return Code
   CK_MECHANISM_TYPE_PTR MechanismList = NULL;  // Head to Mechanism list
   CK_MECHANISM_INFO MechanismInfo;    // Structure to hold Mechanism Info
   CK_ULONG       MechanismCount = 0;  // Number of supported mechanisms
   int            lcv, lcv2;           // Loop Control Variables

   for (lcv = 0; lcv < SlotCount; lcv++){
      /* For each slot find out how many mechanisms are supported */
      rc = FunctionPtr->C_GetMechanismList(SlotList[lcv], NULL_PTR,
            &MechanismCount);
      if (rc != CKR_OK) {
         printf(PKCSINIT_MSG(MECHERROR, "Error getting number of mechanisms: 0x%X\n"),
              rc);
         return rc;
      }

      /* Allocate enough memory to store all the supported mechanisms */
      MechanismList = (CK_MECHANISM_TYPE_PTR) malloc(MechanismCount *
            sizeof(CK_MECHANISM_TYPE));

      /* This time get the mechanism list */
      rc = FunctionPtr->C_GetMechanismList(SlotList[lcv], MechanismList,
            &MechanismCount);
      if (rc != CKR_OK) {
         printf(PKCSINIT_MSG(LISTERROR2, "Error getting mechanisms list: 0x%X\n"), rc);
         return rc;
      }

      /* For each Mechanism in the List */
      for (lcv2 = 0; lcv2 < MechanismCount; lcv2++){

         /* Get the Mechanism Info and display it */
         rc = FunctionPtr->C_GetMechanismInfo(SlotList[lcv],
               MechanismList[lcv2], &MechanismInfo);
         if (rc != CKR_OK) {
            printf(PKCSINIT_MSG(INFOERROR2, "Error getting mechanisms info: 0x%X\n"), rc);
            return rc;
         }
         printf(PKCSINIT_MSG(MECH, "Mechanism #%d\n"), lcv2);
         printf(PKCSINIT_MSG(MECHLABEL, "\tMechanism: 0x%X\n"), MechanismList[lcv2]);
         printf(PKCSINIT_MSG(KEYSIZE, "\tKey Size: %d-%d\n"), MechanismInfo.ulMinKeySize,
               MechanismInfo.ulMaxKeySize);
         printf(PKCSINIT_MSG(FLAGS, "\tFlags: 0x%X\n"), MechanismInfo.flags);
      }

      /* Free the memory we allocated for the mechanism list */
      free (MechanismList);
   }
   return CKR_OK;
}

CK_RV
display_slot_info(void){
   CK_RV          rc;        // Return Code
   CK_SLOT_INFO   SlotInfo;  // Structure to hold slot information
   int            lcv;       // Loop control Variable

   for (lcv = 0; lcv < SlotCount; lcv++){
      /* Get the info for the slot we are examining and store in SlotInfo*/
      rc = FunctionPtr->C_GetSlotInfo(SlotList[lcv], &SlotInfo);
      if (rc != CKR_OK) {
         printf(PKCSINIT_MSG(SLOTERROR2, "Error getting slot info: 0x%X\n"), rc);
         return rc;
      }

      /* Display the slot information */
      printf(PKCSINIT_MSG(SLOTINFO, "Slot #%d Info\n"), SlotList[lcv]);
      printf(PKCSINIT_MSG(SLOTDESC, "\tDescription: %.64s\n"), SlotInfo.slotDescription);
      printf(PKCSINIT_MSG(MANUFACT, "\tManufacturer: %.32s\n"), SlotInfo.manufacturerID);
      printf(PKCSINIT_MSG(FLAGS, "\tFlags: 0x%X\n"), SlotInfo.flags);
      printf(PKCSINIT_MSG(HWVERSION, "\tHardware Version: %d.%d\n"),
            SlotInfo.hardwareVersion.major,
            SlotInfo.hardwareVersion.minor);
      printf(PKCSINIT_MSG(FWVERSION, "\tFirmware Version: %d.%d\n"),
            SlotInfo.firmwareVersion.major,
            SlotInfo.firmwareVersion.minor);
   }
   return CKR_OK;
}

CK_RV
list_slot(void){
   CK_RV          rc;        // Return code
   CK_SLOT_INFO   SlotInfo;  // Structure to hold slot information
   int            lcv;       // Loop control variable

   for (lcv = 0; lcv < SlotCount; lcv++){
      /* Get the info for the slot we are examining and store in SlotInfo*/
      rc = FunctionPtr->C_GetSlotInfo(SlotList[lcv], &SlotInfo);
      if (rc != CKR_OK) {
         printf(PKCSINIT_MSG(SLOTERROR2, "Error getting slot info: 0x%X\n"), rc);
         return rc;
      }

      /* Display the slot description */
      printf("%d:", SlotList[lcv]);
      printf(PKCSINIT_MSG(SLOTDESC, "\tDescription: %.64s\n"), SlotInfo.slotDescription);
   }
   return CKR_OK;
}

CK_RV
display_token_info(void){
   CK_RV          rc;         // Return Code
   CK_TOKEN_INFO  TokenInfo;  // Variable to hold Token Information
   int            lcv;        // Loop control variable

   for (lcv = 0; lcv < SlotCount; lcv++){
      /* Get the Token info for each slot in the system */
      rc = FunctionPtr->C_GetTokenInfo(SlotList[lcv], &TokenInfo);
      if (rc != CKR_OK) {
         printf(PKCSINIT_MSG(TOKERROR, "Error getting token info: 0x%X\n"), rc);
         return rc;
      }

      /* Display the token information */
      printf(PKCSINIT_MSG(TOKINFO, "Token #%d Info:\n"), SlotList[lcv]);
      printf(PKCSINIT_MSG(TOKLABEL, "\tLabel: %.32s\n"), TokenInfo.label);
      printf(PKCSINIT_MSG(MANUFACT, "\tManufacturer: %.32s\n"), TokenInfo.manufacturerID);
      printf(PKCSINIT_MSG(MODEL, "\tModel: %.16s\n"), TokenInfo.model);
      printf(PKCSINIT_MSG(SERIAL, "\tSerial Number: %.16s\n"), TokenInfo.serialNumber);
      printf(PKCSINIT_MSG(FLAGS, "\tFlags: 0x%X\n"), TokenInfo.flags);
      printf(PKCSINIT_MSG(SESSIONS, "\tSessions: %d/%d\n"), TokenInfo.ulSessionCount,
            TokenInfo.ulMaxSessionCount);
      printf(PKCSINIT_MSG(RWSESSIONS, "\tR/W Sessions: %d/%d\n"),
            TokenInfo.ulRwSessionCount, TokenInfo.ulMaxRwSessionCount);
      printf(PKCSINIT_MSG(PINLEN, "\tPIN Length: %d-%d\n"), TokenInfo.ulMinPinLen,
            TokenInfo.ulMaxPinLen);
      printf(PKCSINIT_MSG(PUBMEM, "\tPublic Memory: 0x%X/0x%X\n"),
            TokenInfo.ulFreePublicMemory, TokenInfo.ulTotalPublicMemory);
      printf(PKCSINIT_MSG(PRIVMEM, "\tPrivate Memory: 0x%X/0x%X\n"),
            TokenInfo.ulFreePrivateMemory, TokenInfo.ulTotalPrivateMemory);
      printf(PKCSINIT_MSG(HWVERSION, "\tHardware Version: %d.%d\n"), TokenInfo.hardwareVersion.major,
            TokenInfo.hardwareVersion.minor);
      printf(PKCSINIT_MSG(FWVERSION, "\tFirmware Version: %d.%d\n"),
            TokenInfo.firmwareVersion.major,
            TokenInfo.firmwareVersion.minor);
      printf(PKCSINIT_MSG(TIME, "\tTime: %.16s\n"), TokenInfo.utcTime);
   }
   return CKR_OK;
}

CK_RV
init_token(CK_CHAR_PTR pin){
   /* Note this function reinitializes a token to the state it was
    * in just after the initial install of the microcode (clu files).
    * It does the following actions (if SO pin is correct):
    *   (1) Purges all Token Objects
    *   (2) Resets SO PIN back ot the default
    *   (3) Purges the USER PIN
    *   (4) Sets the Token Label
    */

   CK_RV rc;                     // Return Code
   CK_ULONG    pinlen;           // Length of the PIN
   CK_CHAR     label[32],        // What we want to set the Label of the card to
               enteredlabel[33]; // Max size of 32 + carriage return;

   int lcv;                      // Loop Control Varable

   /* Find out the size of the entered PIN */
   pinlen = strlen(pin);

   /* Get the token label from the user, NOTE it states to give a unique label
    * but it is never verified as unique.  This is becuase Netscape requires a
    * unique token label; however the PKCS11 spec does not.  */
   printf(PKCSINIT_MSG(GETLABEL, "Enter a unique token label: "));
   fflush(stdout);
   fgets(enteredlabel, sizeof(enteredlabel), stdin);