Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ex-pkcs11-6.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <memory.h>
#include "pkcs11.h"
#include "pkcs11p6r.h" // optional, only needed if using P6R vendor extensions
// *** For this example to work Example #1 must be run successfully first. ***
// Copy the following files from example 1 into example 6: PKCS11, PKCS11.sig, pkcs11baseKey.txt,
// so that they don't have to be created for each example.
//
// Also the Utimaco HSM token must be defined in the p6pkcs11.conf file. See "Utimaco HSM Integration"
// in PKCS11 documentation.
// ***
// Example 1 initializes the token with the Security Officer and normal user accounts.
//
//
int main(int argc,char *argv[])
{
CK_C_INITIALIZE_ARGS initArgs;
CK_SLOT_INFO oneSlot;
CK_TOKEN_INFO oneToken;
CK_SLOT_ID_PTR pSlotList = NULL_PTR;
CK_UTF8CHAR_PTR pLabel = NULL_PTR;
CK_UTF8CHAR_PTR pSOPin = NULL_PTR;
CK_UTF8CHAR_PTR pUserPin = NULL_PTR;
CK_UTF8CHAR_PTR pNewPin = NULL_PTR;
CK_UTF8CHAR_PTR pADMIN = NULL_PTR;
CK_SESSION_HANDLE hSession = 0;
CK_FLAGS flags = 0;
CK_ULONG ulSlotCount = 0;
CK_ULONG ulPinLen = 0;
CK_ULONG i = 0;
CK_RV rv = 0;
int match = 0;
// [A] We must first initialize the entire PKCS 11 library
memset( &initArgs, 0, sizeof( CK_C_INITIALIZE_ARGS ));
initArgs.flags = CKF_OS_LOCKING_OK; // -> let PKCS11 use its own locking
if (CKR_OK != (rv = C_Initialize( &initArgs ))) {
printf( "PKCS11 example6: failed C_Initialize (error:%lx)", rv );
return -1;
}
// [B] What slots are defined (see p6pkcs11.conf file)
if (CKR_OK == (rv = C_GetSlotList( CK_FALSE, NULL_PTR, &ulSlotCount )))
{
if (NULL_PTR == (pSlotList = (CK_SLOT_ID_PTR) malloc( ulSlotCount * sizeof( CK_SLOT_ID )))) {
printf( "PKCS11 example6: memory allocation failed" );
return -2;
}
// -> The Utimaco HSM is represented in one slot as one token
// Each slot in the HSM is represented as a separate slot in the P6R PKCS11 library configuration
if (CKR_OK == (rv = C_GetSlotList( CK_FALSE, pSlotList, &ulSlotCount )))
{
for( i=0; i < ulSlotCount; i++ )
{
match = -1;
// -> Utimaco HSM has first been initialized by their command line tool then we now login to the HSM as a Utimaco Admin
// -> Utimaco slot description consists of several parts: Protocol ":" Port "@" IP Address" - SLOT_" slot number
// -> Change the Utimaco slot description to match your network setup
match = strncmp( (const char*)oneSlot.slotDescription, (const char*)"TCP:3001@10.123.123.6 - SLOT_0001 ", 64 );
if (0 == match)
{
// [1] *** this sequence is unique to the Utimaco PKCS#11 library with its OWN Admin user with the user extension value of "CKU_CS_GENERIC" ***
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
if (CKR_OK == (rv = C_OpenSession( pSlotList[i], flags, NULL, NULL, &hSession )))
{
// -> on Windows a path to the Admin key provided by Utimaco, REPLACE WITH YOUR PATH
pADMIN = (CK_UTF8CHAR_PTR)"ADMIN,E:\\Utimaco\\SafeGuardCryptoServer\\Administration\\ADMIN.key";
// -> or on Linux a path to the Admin Key provided by Utimaco, REPLACE WITH YOUR PATH
// pADMIN = (CK_UTF8CHAR_PTR)"ADMIN,/home/mjoseph/Utimaco/Admin/ADMIN.key";
ulPinLen = (CK_ULONG)strlen((const char*) pADMIN );
if (CKR_OK == (rv = C_Login( hSession, CKU_CS_GENERIC, pADMIN, ulPinLen )))
{
// -> the ADMIN creates the SO account, and uses the ADMIN key to authenticate itself
pSOPin = (CK_UTF8CHAR_PTR)"123456";
pLabel = (CK_UTF8CHAR_PTR)"01234567890123456789012345678901";
if (CKR_OK != (rv = C_InitToken( pSlotList[i], pSOPin, 6, pLabel ))) {
printf( "PKCS11 example6: slot %ld C_InitToken failed (error:%lx)", pSlotList[i], rv );
}
if (CKR_OK != (rv = C_Logout( hSession ))) {
printf( "PKCS11 example6: slot %ld C_Logout failed (error:%lx)", pSlotList[i], rv );
}
}
// [2] Now the SO (newly created) logs in to create the user
if (CKR_OK == (rv = C_Login( hSession, CKU_SO, pSOPin, 6 )))
{
pUserPin = (CK_UTF8CHAR_PTR)"roggerrabbit";
if (CKR_OK != (rv = C_InitPIN( hSession, pUserPin, 12 ))) {
printf( "PKCS11 example6: slot %ld C_InitPIN for a new user failed (error:%lx)", pSlotList[i], rv );
}
if (CKR_OK == (rv = C_Logout( hSession )))
{
// -> SO changes the PIN of the CKU_USER if not logged in
pNewPin = (CK_UTF8CHAR_PTR)"Henry456++";
if (CKR_OK != (rv = C_SetPIN( hSession, pUserPin, 12, pNewPin, 10 ))) {
printf( "PKCS11 example6: slot %ld C_SetPIN for a new user failed (error:%lx)", pSlotList[i], rv );
}
}
}
// [3] Get the newly initialized token's information
memset( &oneToken, 0, sizeof( CK_TOKEN_INFO ));
rv = C_GetTokenInfo( pSlotList[i], (CK_TOKEN_INFO_PTR)&oneToken );
if (CKR_OK == rv)
{
match = -1;
match = strncmp( (const char*)oneToken.label, (const char*)"01234567890123456789012345678901", 32 );
if (0 != match) printf( "PKCS11 example6: slot %ld, token label mismatch [%s]", pSlotList[i], (const char*)oneToken.label );
match = -1;
match = strncmp( (const char*)oneToken.serialNumber, (const char*)"UTIMACO CS000000", 16 );
if (0 != match) printf( "PKCS11 example6: slot %ld, token serial number mismatch [%s]", pSlotList[i], (const char*)oneToken.serialNumber );
match = -1;
match = strncmp( (const char*)oneToken.model, (const char*)"CryptoServer ", 16 );
if (0 != match) printf( "PKCS11 example6: slot %ld, token model mismatch [%s]", pSlotList[i], (const char*)oneToken.model );
match = -1;
match = strncmp( (const char*)oneToken.manufacturerID, (const char*)"Utimaco IS GmbH ", 32 );
if (0 != match) printf( "PKCS11 example6: slot %ld, token manufacturer Id mismatch [%s]", pSlotList[i], (const char*)oneToken.manufacturerID );
if (oneToken.flags != (CKF_CLOCK_ON_TOKEN|CKF_RNG|CKF_USER_PIN_INITIALIZED|CKF_LOGIN_REQUIRED|CKF_TOKEN_INITIALIZED)) {
printf( "PKCS11 example6: slot %ld, token flags mismatch [%d]", pSlotList[i], (int)oneToken.flags );
}
if (oneToken.ulMaxSessionCount != 256) {
printf( "PKCS11 example6: slot %ld, token max session count mismatch [%ld]", pSlotList[i], oneToken.ulMaxSessionCount );
}
if (oneToken.ulSessionCount != 1) {
printf( "PKCS11 example6: slot %ld, token session count mismatch [%ld]", pSlotList[i], oneToken.ulSessionCount );
}
if (oneToken.ulMaxRwSessionCount != 256) {
printf( "PKCS11 example6: slot %ld, token max RW session count mismatch [%ld]", pSlotList[i], oneToken.ulMaxRwSessionCount );
}
if (oneToken.ulRwSessionCount != 1) {
printf( "PKCS11 example6: slot %ld, token RW session count mismatch [%ld]", pSlotList[i], oneToken.ulRwSessionCount );
}
if (oneToken.ulMaxPinLen != 255) {
printf( "PKCS11 example6: slot %ld, token max PIN length mismatch [%ld]", pSlotList[i], oneToken.ulMaxPinLen );
}
if (oneToken.ulMinPinLen != 4) {
printf( "PKCS11 example6: slot %ld, token min PIN length mismatch [%ld]", pSlotList[i], oneToken.ulMinPinLen );
}
}
if (CKR_OK != (rv = C_CloseSession( hSession ))) {
printf( "PKCS11 example6: failed C_CloseSession %lx", rv );
}
}
}
}
}
}
// [C] At the end we must tell the library we are done
if (NULL_PTR != pSlotList) free( pSlotList );
if (CKR_OK != (rv = C_Finalize( NULL_PTR ))) {
printf( "PKCS11 example6: failed C_Finalize %lx", rv );
return -3;
}
return 0;
}