Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ex-pkcs11-1.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <memory.h>
#include "pkcs11.h"
#include "pkcs11p6r.h" // optional, only needed if using P6R vendor extensions
// PKCS 11 is a C language API.
//
int main(int argc,char *argv[])
{
CK_C_INITIALIZE_ARGS initArgs;
CK_SLOT_INFO oneSlot;
CK_SLOT_ID_PTR pSlotList = NULL_PTR;
CK_UTF8CHAR_PTR pPin = NULL_PTR;
CK_UTF8CHAR_PTR pUserPin = NULL_PTR;
CK_UTF8CHAR_PTR pLabel = NULL_PTR;
CK_SESSION_HANDLE hSession = 0;
CK_FLAGS flags = 0;
CK_ULONG ulSlotCount = 0;
CK_ULONG i = 0;
CK_RV rv = 0;
int match = 0;
// [A] We must first initialize the entire PKCS 11 library
memset( &initArgs, 0, sizeof( CK_C_INITIALIZE_ARGS ));
initArgs.flags = CKF_OS_LOCKING_OK; // -> let PKCS11 use its own locking
if (CKR_OK != (rv = C_Initialize( &initArgs ))) {
printf( "PKCS11 example1: failed C_Initialize (error:%x)", (unsigned int) rv );
return -1;
}
// [B] What slots are defined (see p6pkcs11.conf file)
if (CKR_OK == (rv = C_GetSlotList( CK_FALSE, NULL_PTR, &ulSlotCount )))
{
if (NULL_PTR == (pSlotList = (CK_SLOT_ID_PTR) malloc( ulSlotCount * sizeof( CK_SLOT_ID )))) {
printf( "PKCS11 example1: memory allocation failed" );
return -2;
}
// -> (re-)initialize a particular slot by its description (or all defined slots if desired)
if (CKR_OK == (rv = C_GetSlotList( CK_FALSE, pSlotList, &ulSlotCount )))
{
for( i=0; i < ulSlotCount; i++ )
{
if (CKR_OK == (rv = C_GetSlotInfo( pSlotList[i], (CK_SLOT_INFO_PTR)&oneSlot )))
{
// -> slot description field is a fixed 64 characters long and is not NULL terminated
match = strncmp( (const char*)oneSlot.slotDescription, "KMIP SLOT1 ", 64 );
if (0 == match)
{
// So the very first time we must initialize the SO account on the token before we can create a user account
// -> after the first time we can re-initalize the Security Officer (SO) account if we remember the PIN we created it with.
pPin = (CK_UTF8CHAR_PTR)"123fhje!";
pLabel = (CK_UTF8CHAR_PTR)"Financial data slot "; // -> label is at 32 characters meant for humans to read
if (CKR_OK != (rv = C_InitToken( pSlotList[i], pPin, 8, pLabel ))) {
printf( "PKCS11 example1: slot %d failed to init SO account (error:%x)", (int) pSlotList[i], (unsigned int) rv );
break;
}
// Now the SO account exists we must login to the token as the SO to create the token's one user account
// -> most things on a token require that we first create a session to the token in the slot
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
if (CKR_OK != (rv = C_OpenSession( pSlotList[i], flags, NULL, NULL, &hSession ))) {
printf( "PKCS11 example1: slot %ld failed to open a session (error:%lx)", pSlotList[i], rv );
break;
}
// Logging into the token in slot pSlotList[i] as the SO
if (CKR_OK == (rv = C_Login( hSession, CKU_SO, pPin, 8 )))
{
pUserPin = (CK_UTF8CHAR_PTR)"roggerrabbit";
if (CKR_OK != (rv = C_InitPIN( hSession, pUserPin, 12 ))) {
printf( "PKCS11 example1: slot %ld failed to initialize user account (error:%lx)", pSlotList[i], rv );
}
if (CKR_OK != (rv = C_Logout( hSession ))) {
printf( "PKCS11 example1: slot %ld failed to logout of token (error:%lx)", pSlotList[i], rv );
}
}
// Now we are done we have to close the session to the token
if (CKR_OK != (rv = C_CloseSession( hSession ))) {
printf( "PKCS11 example1: slot %ld failed to close an active token session (error:%lx)", pSlotList[i], rv );
break;
}
}
}
}
}
}
// [C] At the end we must tell the library we are done
if (NULL_PTR != pSlotList) free( pSlotList );
if (CKR_OK != (rv = C_Finalize( NULL_PTR ))) {
printf( "PKCS11 example1: failed C_Finalize %lx", rv );
return -3;
}
return 0;
}