|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Management tool for EP11 sessions.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define _GNU_SOURCE
|
|
Packit |
8681c6 |
#include <stdint.h>
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <memory.h>
|
|
Packit |
8681c6 |
#include <dlfcn.h>
|
|
Packit |
8681c6 |
#include <pkcs11types.h>
|
|
Packit |
8681c6 |
#include <ep11.h>
|
|
Packit |
8681c6 |
#include <p11util.h>
|
|
Packit |
8681c6 |
#include <ctype.h>
|
|
Packit |
8681c6 |
#include <time.h>
|
|
Packit |
8681c6 |
#include <sys/stat.h>
|
|
Packit |
8681c6 |
#include <fcntl.h>
|
|
Packit |
8681c6 |
#include <unistd.h>
|
|
Packit |
8681c6 |
#include <regex.h>
|
|
Packit |
8681c6 |
#include <dirent.h>
|
|
Packit |
8681c6 |
#include <libgen.h>
|
|
Packit |
8681c6 |
#include <termios.h>
|
|
Packit |
8681c6 |
#include <errno.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define EP11SHAREDLIB_NAME "OCK_EP11_LIBRARY"
|
|
Packit |
8681c6 |
#define EP11SHAREDLIB_V3 "libep11.so.3"
|
|
Packit |
8681c6 |
#define EP11SHAREDLIB_V2 "libep11.so.2"
|
|
Packit |
8681c6 |
#define EP11SHAREDLIB_V1 "libep11.so.1"
|
|
Packit |
8681c6 |
#define EP11SHAREDLIB "libep11.so"
|
|
Packit |
8681c6 |
#define PKCS11_MAX_PIN_LEN 128
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define CKH_IBM_EP11_SESSION CKH_VENDOR_DEFINED + 1
|
|
Packit |
8681c6 |
#define CKH_IBM_EP11_VHSMPIN CKH_VENDOR_DEFINED + 2
|
|
Packit |
8681c6 |
#define CKA_HIDDEN CKA_VENDOR_DEFINED + 0x01000000
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#ifndef XCP_PINBLOB_BYTES
|
|
Packit |
8681c6 |
#define XCP_HMAC_BYTES ((size_t) (256 /8)) /* SHA-256 */
|
|
Packit |
8681c6 |
#define XCP_WK_BYTES ((size_t) (256 /8)) /* keypart and session sizes */
|
|
Packit |
8681c6 |
#define MOD_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */
|
|
Packit |
8681c6 |
#define XCP_PIN_SALT_BYTES MOD_WRAP_BLOCKSIZE
|
|
Packit |
8681c6 |
#define XCP_PINBLOB_BYTES \
|
|
Packit |
8681c6 |
(XCP_WK_BYTES +XCP_PIN_SALT_BYTES +XCP_HMAC_BYTES)
|
|
Packit |
8681c6 |
#define XCP_MIN_PINBYTES 8
|
|
Packit |
8681c6 |
#define XCP_MAX_PINBYTES 16
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define CK_IBM_XCPHQ_VERSION 0xff000001
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define UNUSED(var) ((void)(var))
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
typedef unsigned int (*m_Logout_t) (const unsigned char *pin, size_t len,
|
|
Packit |
8681c6 |
target_t target);
|
|
Packit |
8681c6 |
typedef int (*m_add_module_t) (XCP_Module_t module, target_t *target);
|
|
Packit |
8681c6 |
typedef int (*m_rm_module_t) (XCP_Module_t module, target_t target);
|
|
Packit |
8681c6 |
typedef CK_RV (*m_get_xcp_info_t)(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
|
|
Packit |
8681c6 |
unsigned int query, unsigned int subquery,
|
|
Packit |
8681c6 |
target_t target);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define SHA256_HASH_SIZE 32
|
|
Packit |
8681c6 |
#define EP11_SESSION_ID_SIZE 16
|
|
Packit |
8681c6 |
#define SYSFS_DEVICES_AP "/sys/devices/ap/"
|
|
Packit |
8681c6 |
#define REGEX_CARD_PATTERN "card[0-9a-fA-F]+"
|
|
Packit |
8681c6 |
#define REGEX_SUB_CARD_PATTERN "[0-9a-fA-F]+\\.[0-9a-fA-F]+"
|
|
Packit |
8681c6 |
#define MASK_EP11 0x04000000
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
typedef struct {
|
|
Packit |
8681c6 |
short format;
|
|
Packit |
8681c6 |
short length;
|
|
Packit |
8681c6 |
short apqns[512];
|
|
Packit |
8681c6 |
} __attribute__ ((packed)) ep11_target_t;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
typedef CK_RV (*handler_t) (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
|
|
Packit |
8681c6 |
CK_BYTE *pin_blob, CK_ULONG pin_blob_size,
|
|
Packit |
8681c6 |
CK_BYTE *session_id, CK_ULONG session_id_len,
|
|
Packit |
8681c6 |
ep11_target_t *ep11_targets,
|
|
Packit |
8681c6 |
pid_t pid, CK_DATE *date);
|
|
Packit |
8681c6 |
typedef CK_RV (*adapter_handler_t) (uint_32 adapter, uint_32 domain,
|
|
Packit |
8681c6 |
void *handler_data);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_FUNCTION_LIST *funcs;
|
|
Packit |
8681c6 |
m_Logout_t dll_m_Logout;
|
|
Packit |
8681c6 |
m_add_module_t dll_m_add_module;
|
|
Packit |
8681c6 |
m_rm_module_t dll_m_rm_module;
|
|
Packit |
8681c6 |
m_get_xcp_info_t dll_m_get_xcp_info;
|
|
Packit |
8681c6 |
CK_SLOT_ID SLOT_ID = -1;
|
|
Packit |
8681c6 |
int action = 0;
|
|
Packit |
8681c6 |
int force = 0;
|
|
Packit |
8681c6 |
time_t filter_date = -1;
|
|
Packit |
8681c6 |
pid_t filter_pid = 0;
|
|
Packit |
8681c6 |
char filter_sess_id[EP11_SESSION_ID_SIZE];
|
|
Packit |
8681c6 |
int filter_sess_id_set = 0;
|
|
Packit |
8681c6 |
unsigned long count = 0;
|
|
Packit |
8681c6 |
CK_RV error = CKR_OK;
|
|
Packit |
8681c6 |
CK_VERSION lib_version;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define ACTION_SHOW 1
|
|
Packit |
8681c6 |
#define ACTION_LOGOUT 2
|
|
Packit |
8681c6 |
#define ACTION_VHSMPIN 3
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int get_pin(char **pin, size_t *pinlen)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
struct termios old, new;
|
|
Packit |
8681c6 |
int nread;
|
|
Packit |
8681c6 |
char *buff = NULL;
|
|
Packit |
8681c6 |
size_t buflen;
|
|
Packit |
8681c6 |
int rc = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* turn echoing off */
|
|
Packit |
8681c6 |
if (tcgetattr(fileno(stdin), &old) != 0)
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
new = old;
|
|
Packit |
8681c6 |
new.c_lflag &= ~ECHO;
|
|
Packit |
8681c6 |
if (tcsetattr(fileno(stdin), TCSAFLUSH, &new) != 0)
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* read the pin
|
|
Packit |
8681c6 |
* Note: getline will allocate memory for buff. free it when done.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
nread = getline(&buff, &buflen, stdin);
|
|
Packit |
8681c6 |
if (nread == -1) {
|
|
Packit |
8681c6 |
rc = -1;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Restore terminal */
|
|
Packit |
8681c6 |
tcsetattr(fileno(stdin), TCSAFLUSH, &old;;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* start a newline */
|
|
Packit |
8681c6 |
printf("\n");
|
|
Packit |
8681c6 |
fflush(stdout);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Allocate PIN.
|
|
Packit |
8681c6 |
* Note: nread includes carriage return.
|
|
Packit |
8681c6 |
* Replace with terminating NULL.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
*pin = (char *) malloc(nread);
|
|
Packit |
8681c6 |
if (*pin == NULL) {
|
|
Packit |
8681c6 |
rc = -ENOMEM;
|
|
Packit |
8681c6 |
goto done;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* strip the carriage return since not part of pin. */
|
|
Packit |
8681c6 |
buff[nread - 1] = '\0';
|
|
Packit |
8681c6 |
memcpy(*pin, buff, nread);
|
|
Packit |
8681c6 |
/* don't include the terminating null in the pinlen */
|
|
Packit |
8681c6 |
*pinlen = nread - 1;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
done:
|
|
Packit |
8681c6 |
if (buff)
|
|
Packit |
8681c6 |
free(buff);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static int get_user_pin(CK_BYTE *dest)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int ret;
|
|
Packit |
8681c6 |
char *userpin = NULL;
|
|
Packit |
8681c6 |
size_t userpinlen;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Enter the USER PIN: ");
|
|
Packit |
8681c6 |
fflush(stdout);
|
|
Packit |
8681c6 |
ret = get_pin(&userpin, &userpinlen);
|
|
Packit |
8681c6 |
if (ret != 0) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Could not get USER PIN.\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (userpinlen > PKCS11_MAX_PIN_LEN) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The USER PIN must be less than %d chars in length.\n",
|
|
Packit |
8681c6 |
(int) PKCS11_MAX_PIN_LEN);
|
|
Packit |
8681c6 |
free(userpin);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(dest, userpin, userpinlen + 1);
|
|
Packit |
8681c6 |
free(userpin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static int get_vhsm_pin(CK_BYTE *dest)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int ret;
|
|
Packit |
8681c6 |
char *vhsmpin = NULL;
|
|
Packit |
8681c6 |
size_t vhsmpinlen;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Enter the new VHSM PIN: ");
|
|
Packit |
8681c6 |
fflush(stdout);
|
|
Packit |
8681c6 |
ret = get_pin(&vhsmpin, &vhsmpinlen);
|
|
Packit |
8681c6 |
if (ret != 0) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Could not get VHSM PIN.\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (vhsmpinlen < XCP_MIN_PINBYTES) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The VHSM PIN must be at least %d chars in length.\n",
|
|
Packit |
8681c6 |
(int) XCP_MIN_PINBYTES);
|
|
Packit |
8681c6 |
free(vhsmpin);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (vhsmpinlen > XCP_MAX_PINBYTES) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The VHSM PIN must be less than %d chars in length.\n",
|
|
Packit |
8681c6 |
(int) XCP_MAX_PINBYTES);
|
|
Packit |
8681c6 |
free(vhsmpin);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(dest, vhsmpin, vhsmpinlen + 1);
|
|
Packit |
8681c6 |
free(vhsmpin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static int do_GetFunctionList(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_RV (*func_list)() = NULL;
|
|
Packit |
8681c6 |
void *d;
|
|
Packit |
8681c6 |
char *evar;
|
|
Packit |
8681c6 |
char *evar_default = "libopencryptoki.so";
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
evar = secure_getenv("PKCSLIB");
|
|
Packit |
8681c6 |
if (evar == NULL)
|
|
Packit |
8681c6 |
evar = evar_default;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
d = dlopen(evar, RTLD_NOW);
|
|
Packit |
8681c6 |
if (d == NULL)
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
*(void **)(&func_list) = dlsym(d, "C_GetFunctionList");
|
|
Packit |
8681c6 |
if (func_list == NULL)
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = func_list(&funcs);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int is_ep11_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return strstr((const char *) tokinfo.model, "EP11") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static void usage(char *fct)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
printf("usage: %s show|logout|vhsmpin [-date <yyyy/mm/dd>] [-pid <pid>] "
|
|
Packit |
8681c6 |
"[-id <sess-id>] [-slot <num>] [-force] [-h]\n\n", fct);
|
|
Packit |
8681c6 |
return;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static int do_ParseArgs(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i, k;
|
|
Packit |
8681c6 |
struct tm tm;
|
|
Packit |
8681c6 |
char *p;
|
|
Packit |
8681c6 |
unsigned int v;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (argc <= 1) {
|
|
Packit |
8681c6 |
printf("No Arguments given. For help use the '--help' or '-h' "
|
|
Packit |
8681c6 |
"option.\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[1], "show") == 0) {
|
|
Packit |
8681c6 |
action = ACTION_SHOW;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[1], "logout") == 0) {
|
|
Packit |
8681c6 |
action = ACTION_LOGOUT;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[1], "vhsmpin") == 0) {
|
|
Packit |
8681c6 |
action = ACTION_VHSMPIN;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
printf("Unknown Action given. For help use the '--help' or '-h' "
|
|
Packit |
8681c6 |
"option.\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 2; i < argc; i++) {
|
|
Packit |
8681c6 |
if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) {
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-slot") == 0) {
|
|
Packit |
8681c6 |
if (argc <= i + 1 || !isdigit(*argv[i + 1])) {
|
|
Packit |
8681c6 |
printf("Slot parameter is not numeric!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
SLOT_ID = (int) strtol(argv[i + 1], NULL, 0);
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-force") == 0) {
|
|
Packit |
8681c6 |
force = 1;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-date") == 0) {
|
|
Packit |
8681c6 |
if (argc <= i + 1 || strlen(argv[i + 1]) == 0) {
|
|
Packit |
8681c6 |
printf("Date parameter is not valid!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(&tm, 0, sizeof(tm));
|
|
Packit |
8681c6 |
p = strptime(argv[i + 1], "%Y/%m/%d", &tm;;
|
|
Packit |
8681c6 |
if (p == NULL || *p != '\0') {
|
|
Packit |
8681c6 |
printf("Date parameter is not valid!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
filter_date = mktime(&tm;;
|
|
Packit |
8681c6 |
if (filter_date == -1) {
|
|
Packit |
8681c6 |
printf("Date parameter is not valid!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-pid") == 0) {
|
|
Packit |
8681c6 |
if (argc <= i + 1 || !isdigit(*argv[i + 1])) {
|
|
Packit |
8681c6 |
printf("Pid parameter is not numeric!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
filter_pid = (pid_t) strtol(argv[i + 1], NULL, 0);
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-id") == 0) {
|
|
Packit |
8681c6 |
if (argc <= i + 1
|
|
Packit |
8681c6 |
|| strlen(argv[i + 1]) != EP11_SESSION_ID_SIZE * 2) {
|
|
Packit |
8681c6 |
printf("Id parameter is not valid!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
p = argv[i + 1];
|
|
Packit |
8681c6 |
for (k = 0; k < EP11_SESSION_ID_SIZE; k++, p += 2) {
|
|
Packit |
8681c6 |
if (sscanf(p, "%02X", &v) != 1) {
|
|
Packit |
8681c6 |
printf("Id parameter is not valid!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
filter_sess_id[k] = v;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
filter_sess_id_set = 1;
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
printf("Invalid argument passed as option: %s\n", argv[i]);
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (SLOT_ID == (CK_SLOT_ID)(-1)) {
|
|
Packit |
8681c6 |
printf("Slot-ID not set!\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static int is_process_running(pid_t pid)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
char fbuf[800];
|
|
Packit |
8681c6 |
int fd;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
sprintf(fbuf, "/proc/%d/stat", pid);
|
|
Packit |
8681c6 |
if ((fd = open(fbuf, O_RDONLY, 0)) == -1)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
close(fd);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV get_ep11_library_version(CK_VERSION *lib_version)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int host_version;
|
|
Packit |
8681c6 |
CK_ULONG version_len = sizeof(host_version);
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = dll_m_get_xcp_info(&host_version, &version_len,
|
|
Packit |
8681c6 |
CK_IBM_XCPHQ_VERSION, 0, 0);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "dll_m_get_xcp_info (HOST) failed: rc=0x%lx\n", rc);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
lib_version->major = (host_version & 0x00FF0000) >> 16;
|
|
Packit |
8681c6 |
lib_version->minor = host_version & 0x000000FF0000;
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* EP11 host library < v2.0 returns an invalid version (i.e. 0x100). This
|
|
Packit |
8681c6 |
* can safely be treated as version 1.0
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (lib_version->major == 0) {
|
|
Packit |
8681c6 |
lib_version->major = 1;
|
|
Packit |
8681c6 |
lib_version->minor = 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV logout_handler(uint_32 adapter, uint_32 domain, void *handler_data)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
ep11_target_t target_list;
|
|
Packit |
8681c6 |
struct XCP_Module module;
|
|
Packit |
8681c6 |
target_t target = XCP_TGT_INIT;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (dll_m_add_module != NULL) {
|
|
Packit |
8681c6 |
memset(&module, 0, sizeof(module));
|
|
Packit |
8681c6 |
module.version = lib_version.major >= 3 ? XCP_MOD_VERSION_2
|
|
Packit |
8681c6 |
: XCP_MOD_VERSION_1;
|
|
Packit |
8681c6 |
module.flags = XCP_MFL_MODULE;
|
|
Packit |
8681c6 |
module.module_nr = adapter;
|
|
Packit |
8681c6 |
XCPTGTMASK_SET_DOM(module.domainmask, domain);
|
|
Packit |
8681c6 |
rc = dll_m_add_module(&module, &target);
|
|
Packit |
8681c6 |
if (rc != 0)
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
/* Fall back to old target handling */
|
|
Packit |
8681c6 |
memset(&target_list, 0, sizeof(ep11_target_t));
|
|
Packit |
8681c6 |
target_list.length = 1;
|
|
Packit |
8681c6 |
target_list.apqns[0] = adapter;
|
|
Packit |
8681c6 |
target_list.apqns[1] = domain;
|
|
Packit |
8681c6 |
target = (target_t)&target_list;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = dll_m_Logout(handler_data, XCP_PINBLOB_BYTES, target);
|
|
Packit |
8681c6 |
if (rc != CKR_OK && rc != CKR_SESSION_CLOSED) {
|
|
Packit |
8681c6 |
fprintf(stderr,
|
|
Packit |
8681c6 |
"WARNING: Logout failed for adapter %02X.%04X: 0x%lx [%s]\n",
|
|
Packit |
8681c6 |
adapter, domain, rc, p11_get_ckr(rc));
|
|
Packit |
8681c6 |
error = rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (dll_m_rm_module != NULL)
|
|
Packit |
8681c6 |
dll_m_rm_module(&module, target);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV file_fgets(const char *fname, char *buf, size_t buflen)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
FILE *fp;
|
|
Packit |
8681c6 |
char *end;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
buf[0] = '\0';
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
fp = fopen(fname, "r");
|
|
Packit |
8681c6 |
if (fp == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Failed to open file '%s'\n", fname);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (fgets(buf, buflen, fp) == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Failed to read from file '%s'\n", fname);
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto out_fclose;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
end = memchr(buf, '\n', buflen);
|
|
Packit |
8681c6 |
if (end)
|
|
Packit |
8681c6 |
*end = 0;
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
buf[buflen - 1] = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (strlen(buf) == 0) {
|
|
Packit |
8681c6 |
rc = CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
goto out_fclose;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
out_fclose:
|
|
Packit |
8681c6 |
fclose(fp);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV is_card_ep11_and_online(const char *name)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
char fname[290];
|
|
Packit |
8681c6 |
char buf[250];
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
unsigned long val;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#ifdef EP11_HSMSIM
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
sprintf(fname, "%s%s/online", SYSFS_DEVICES_AP, name);
|
|
Packit |
8681c6 |
rc = file_fgets(fname, buf, sizeof(buf));
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
if (strcmp(buf, "1") != 0)
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
sprintf(fname, "%s%s/ap_functions", SYSFS_DEVICES_AP, name);
|
|
Packit |
8681c6 |
rc = file_fgets(fname, buf, sizeof(buf));
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
if (sscanf(buf, "%lx", &val) != 1)
|
|
Packit |
8681c6 |
val = 0x00000000;
|
|
Packit |
8681c6 |
if ((val & MASK_EP11) == 0)
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV scan_for_card_domains(const char *name, adapter_handler_t handler,
|
|
Packit |
8681c6 |
void *handler_data)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
char fname[290];
|
|
Packit |
8681c6 |
regex_t reg_buf;
|
|
Packit |
8681c6 |
regmatch_t pmatch[1];
|
|
Packit |
8681c6 |
DIR *d;
|
|
Packit |
8681c6 |
struct dirent *de;
|
|
Packit |
8681c6 |
char *tok;
|
|
Packit |
8681c6 |
uint_32 adapter, domain;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#ifdef EP11_HSMSIM
|
|
Packit |
8681c6 |
return handler(0, 0, handler_data);
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (regcomp(®_buf, REGEX_SUB_CARD_PATTERN, REG_EXTENDED) != 0) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Failed to compile regular expression '%s'\n",
|
|
Packit |
8681c6 |
REGEX_SUB_CARD_PATTERN);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
sprintf(fname, "%s%s/", SYSFS_DEVICES_AP, name);
|
|
Packit |
8681c6 |
d = opendir(fname);
|
|
Packit |
8681c6 |
if (d == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Directory %s is not available\n", fname);
|
|
Packit |
8681c6 |
regfree(®_buf);
|
|
Packit |
8681c6 |
// ignore this error, card may have been removed in the meantime
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while ((de = readdir(d)) != NULL) {
|
|
Packit |
8681c6 |
if (regexec(®_buf, de->d_name, (size_t) 1, pmatch, 0) == 0) {
|
|
Packit |
8681c6 |
tok = strtok(de->d_name, ".");
|
|
Packit |
8681c6 |
if (tok == NULL)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
if (sscanf(tok, "%x", &adapter) != 1)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
tok = strtok(NULL, ",");
|
|
Packit |
8681c6 |
if (tok == NULL)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
if (sscanf(tok, "%x", &domain) != 1)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (handler(adapter, domain, handler_data) != CKR_OK)
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
closedir(d);
|
|
Packit |
8681c6 |
regfree(®_buf);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* Iterate over all cards in the sysfs directorys /sys/device/ap/cardxxx
|
|
Packit |
8681c6 |
* and check if the card is online. Calls the handler function for all
|
|
Packit |
8681c6 |
* online EP11 cards.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
static CK_RV scan_for_ep11_cards(adapter_handler_t handler, void *handler_data)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
DIR *d;
|
|
Packit |
8681c6 |
struct dirent *de;
|
|
Packit |
8681c6 |
regex_t reg_buf;
|
|
Packit |
8681c6 |
regmatch_t pmatch[1];
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (handler == NULL)
|
|
Packit |
8681c6 |
return CKR_ARGUMENTS_BAD;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#ifdef EP11_HSMSIM
|
|
Packit |
8681c6 |
return handler(0, 0, handler_data);
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (regcomp(®_buf, REGEX_CARD_PATTERN, REG_EXTENDED) != 0) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Failed to compile regular expression '%s'\n",
|
|
Packit |
8681c6 |
REGEX_CARD_PATTERN);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
d = opendir(SYSFS_DEVICES_AP);
|
|
Packit |
8681c6 |
if (d == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "Directory %s is not available\n", SYSFS_DEVICES_AP);
|
|
Packit |
8681c6 |
regfree(®_buf);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while ((de = readdir(d)) != NULL) {
|
|
Packit |
8681c6 |
if (regexec(®_buf, de->d_name, (size_t) 1, pmatch, 0) == 0) {
|
|
Packit |
8681c6 |
if (is_card_ep11_and_online(de->d_name) != CKR_OK)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (scan_for_card_domains(de->d_name, handler, handler_data) !=
|
|
Packit |
8681c6 |
CKR_OK)
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
closedir(d);
|
|
Packit |
8681c6 |
regfree(®_buf);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV handle_all_ep11_cards(ep11_target_t *ep11_targets,
|
|
Packit |
8681c6 |
adapter_handler_t handler,
|
|
Packit |
8681c6 |
void *handler_data)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (ep11_targets->length > 0) {
|
|
Packit |
8681c6 |
/* APQN_WHITELIST is specified */
|
|
Packit |
8681c6 |
for (i = 0; i < ep11_targets->length; i++) {
|
|
Packit |
8681c6 |
rc = handler(ep11_targets->apqns[2 * i],
|
|
Packit |
8681c6 |
ep11_targets->apqns[2 * i + 1], handler_data);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
/* APQN_ANY used, scan sysfs for available cards */
|
|
Packit |
8681c6 |
return scan_for_ep11_cards(handler, handler_data);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV logout_session_obj(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
|
|
Packit |
8681c6 |
CK_BYTE *pin_blob, CK_ULONG pin_blob_size,
|
|
Packit |
8681c6 |
CK_BYTE *session_id, CK_ULONG session_id_len,
|
|
Packit |
8681c6 |
ep11_target_t *ep11_targets,
|
|
Packit |
8681c6 |
pid_t pid, CK_DATE *date)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_ULONG i;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
UNUSED(pin_blob_size);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < session_id_len; i++)
|
|
Packit |
8681c6 |
printf("%02X", session_id[i]);
|
|
Packit |
8681c6 |
printf(":\n");
|
|
Packit |
8681c6 |
if (is_process_running(pid))
|
|
Packit |
8681c6 |
printf("\tPid:\t%u (still running)\n", pid);
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
printf("\tPid:\t%u\n", pid);
|
|
Packit |
8681c6 |
printf("\tDate:\t%.4s/%.2s/%.2s\n", date->year, date->month, date->day);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (is_process_running(pid)) {
|
|
Packit |
8681c6 |
printf("\tSession is not logged out, process %u is still running\n",
|
|
Packit |
8681c6 |
pid);
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error = CKR_OK;
|
|
Packit |
8681c6 |
rc = handle_all_ep11_cards(ep11_targets, logout_handler, pin_blob);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "handle_all_ep11_cards() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (error != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr,
|
|
Packit |
8681c6 |
"WARNING: Not all APQNs were successfully logged out.\n");
|
|
Packit |
8681c6 |
if (!force) {
|
|
Packit |
8681c6 |
fprintf(stderr,
|
|
Packit |
8681c6 |
" Session is not deleted. Specify -force to delete"
|
|
Packit |
8681c6 |
"it anyway.\n");
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_DestroyObject() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!force)
|
|
Packit |
8681c6 |
printf("\tSession logged out successfully\n");
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
printf("\tSession deleted due to -force option\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
count++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV show_session_obj(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj,
|
|
Packit |
8681c6 |
CK_BYTE *pin_blob, CK_ULONG pin_blob_size,
|
|
Packit |
8681c6 |
CK_BYTE *session_id, CK_ULONG session_id_len,
|
|
Packit |
8681c6 |
ep11_target_t *ep11_targets,
|
|
Packit |
8681c6 |
pid_t pid, CK_DATE *date)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ULONG i;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
UNUSED(session);
|
|
Packit |
8681c6 |
UNUSED(obj);
|
|
Packit |
8681c6 |
UNUSED(pin_blob);
|
|
Packit |
8681c6 |
UNUSED(pin_blob_size);
|
|
Packit |
8681c6 |
UNUSED(ep11_targets);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < session_id_len; i++)
|
|
Packit |
8681c6 |
printf("%02X", session_id[i]);
|
|
Packit |
8681c6 |
printf(":\n");
|
|
Packit |
8681c6 |
if (is_process_running(pid))
|
|
Packit |
8681c6 |
printf("\tPid:\t%u (still running)\n", pid);
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
printf("\tPid:\t%u\n", pid);
|
|
Packit |
8681c6 |
printf("\tDate:\t%.4s/%.2s/%.2s\n", date->year, date->month, date->day);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
count++;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_BBOOL filter_session(CK_BYTE *session_id, CK_ULONG session_id_len,
|
|
Packit |
8681c6 |
CK_DATE *date, pid_t pid)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
struct tm tm;
|
|
Packit |
8681c6 |
char temp[12];
|
|
Packit |
8681c6 |
char *p;
|
|
Packit |
8681c6 |
time_t t;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (filter_sess_id_set) {
|
|
Packit |
8681c6 |
if (session_id_len == sizeof(filter_sess_id) &&
|
|
Packit |
8681c6 |
memcmp(session_id, filter_sess_id, session_id_len) == 0)
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (filter_date != -1) {
|
|
Packit |
8681c6 |
memset(&tm, 0, sizeof(tm));
|
|
Packit |
8681c6 |
memcpy(temp, date->year, 4);
|
|
Packit |
8681c6 |
temp[4] = '/';
|
|
Packit |
8681c6 |
memcpy(temp + 5, date->month, 2);
|
|
Packit |
8681c6 |
temp[7] = '/';
|
|
Packit |
8681c6 |
memcpy(temp + 8, date->day, 2);
|
|
Packit |
8681c6 |
temp[10] = '\0';
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
p = strptime(temp, "%Y/%m/%d", &tm;;
|
|
Packit |
8681c6 |
if (p == NULL || *p != '\0')
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
t = mktime(&tm;;
|
|
Packit |
8681c6 |
if (t == -1)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
if (difftime(t, filter_date) <= 0)
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (filter_pid != 0) {
|
|
Packit |
8681c6 |
if (pid == filter_pid)
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV process_session_obj(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj, handler_t handler)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_BBOOL match;
|
|
Packit |
8681c6 |
CK_BYTE pin_blob[XCP_PINBLOB_BYTES];
|
|
Packit |
8681c6 |
CK_BYTE session_id[EP11_SESSION_ID_SIZE];
|
|
Packit |
8681c6 |
ep11_target_t ep11_targets;
|
|
Packit |
8681c6 |
pid_t pid;
|
|
Packit |
8681c6 |
CK_DATE date;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE attrs[] = {
|
|
Packit |
8681c6 |
{ CKA_VALUE, pin_blob, sizeof(pin_blob) },
|
|
Packit |
8681c6 |
{ CKA_ID, session_id, sizeof(session_id) },
|
|
Packit |
8681c6 |
{ CKA_APPLICATION, &ep11_targets, sizeof(ep11_targets) },
|
|
Packit |
8681c6 |
{ CKA_OWNER, &pid, sizeof(pid) },
|
|
Packit |
8681c6 |
{ CKA_START_DATE, &date, sizeof(date) },
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetAttributeValue(session, obj, attrs,
|
|
Packit |
8681c6 |
sizeof(attrs) / sizeof(CK_ATTRIBUTE));
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_GetAttributeValue() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Invalid CKH_IBM_EP11_SESSION object */
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, obj);
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Ignore our own EP11 session */
|
|
Packit |
8681c6 |
if (pid == getpid())
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
match = filter_session(session_id, sizeof(session_id), &date, pid);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (match) {
|
|
Packit |
8681c6 |
rc = handler(session, obj, pin_blob, sizeof(pin_blob),
|
|
Packit |
8681c6 |
session_id, sizeof(session_id), &ep11_targets, pid, &date);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV find_sessions(CK_SESSION_HANDLE session, handler_t handler)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj_store[4096];
|
|
Packit |
8681c6 |
CK_ULONG objs_found = 0;
|
|
Packit |
8681c6 |
CK_ULONG obj;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_HW_FEATURE;
|
|
Packit |
8681c6 |
CK_HW_FEATURE_TYPE type = CKH_IBM_EP11_SESSION;
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE session_template[] = {
|
|
Packit |
8681c6 |
{ CKA_CLASS, &class, sizeof(class) },
|
|
Packit |
8681c6 |
{ CKA_TOKEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_PRIVATE, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HIDDEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HW_FEATURE_TYPE, &type, sizeof(type) },
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* find all objects */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(session, session_template,
|
|
Packit |
8681c6 |
sizeof(session_template) /
|
|
Packit |
8681c6 |
sizeof(CK_ATTRIBUTE));
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_FindObjectsInit() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto out;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
do {
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(session, obj_store, 4096, &objs_found);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_FindObjects() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto out;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (obj = 0; obj < objs_found; obj++) {
|
|
Packit |
8681c6 |
rc = process_session_obj(session, obj_store[obj], handler);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
goto out;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} while (objs_found != 0);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
out:
|
|
Packit |
8681c6 |
funcs->C_FindObjectsFinal(session);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV show_sessions(CK_SESSION_HANDLE session)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("List of EP11 sessions:\n\n");
|
|
Packit |
8681c6 |
count = 0;
|
|
Packit |
8681c6 |
rc = find_sessions(session, show_session_obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
printf("\n%lu EP11-Sessions displayed\n", count);
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV logout_sessions(CK_SESSION_HANDLE session)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("List of EP11 sessions:\n\n");
|
|
Packit |
8681c6 |
count = 0;
|
|
Packit |
8681c6 |
rc = find_sessions(session, logout_session_obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
printf("\n%lu EP11-Sessions logged out\n", count);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV find_vhsmpin_object(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE *obj)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj_store[16];
|
|
Packit |
8681c6 |
CK_ULONG objs_found = 0;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_HW_FEATURE;
|
|
Packit |
8681c6 |
CK_HW_FEATURE_TYPE type = CKH_IBM_EP11_VHSMPIN;
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE vhsmpin_template[] = {
|
|
Packit |
8681c6 |
{ CKA_CLASS, &class, sizeof(class) },
|
|
Packit |
8681c6 |
{ CKA_TOKEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_PRIVATE, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HIDDEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HW_FEATURE_TYPE, &type, sizeof(type) },
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* find all objects */
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjectsInit(session, vhsmpin_template,
|
|
Packit |
8681c6 |
sizeof(vhsmpin_template) /
|
|
Packit |
8681c6 |
sizeof(CK_ATTRIBUTE));
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_FindObjectsInit() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto out;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_FindObjects(session, obj_store, 16, &objs_found);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_FindObjects() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto out;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (objs_found > 0)
|
|
Packit |
8681c6 |
*obj = obj_store[0];
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
*obj = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
out:
|
|
Packit |
8681c6 |
funcs->C_FindObjectsFinal(session);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static CK_RV set_vhsmpin(CK_SESSION_HANDLE session)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_BYTE vhsm_pin[XCP_MAX_PINBYTES + 1];
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_HW_FEATURE;
|
|
Packit |
8681c6 |
CK_HW_FEATURE_TYPE type = CKH_IBM_EP11_VHSMPIN;
|
|
Packit |
8681c6 |
CK_BYTE subject[] = "EP11 VHSM-Pin Object";
|
|
Packit |
8681c6 |
CK_BYTE true = TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_vhsm_pin(vhsm_pin)) {
|
|
Packit |
8681c6 |
fprintf(stderr, "get_vhsm_pin() failed\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE attrs[] = {
|
|
Packit |
8681c6 |
{ CKA_CLASS, &class, sizeof(class) },
|
|
Packit |
8681c6 |
{ CKA_TOKEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_PRIVATE, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HIDDEN, &true, sizeof(true) },
|
|
Packit |
8681c6 |
{ CKA_HW_FEATURE_TYPE, &type, sizeof(type) },
|
|
Packit |
8681c6 |
{ CKA_SUBJECT, &subject, sizeof(subject) },
|
|
Packit |
8681c6 |
{ CKA_VALUE, vhsm_pin, strlen((char *)vhsm_pin) },
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = find_vhsmpin_object(session, &obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "find_vhsmpin_object() failed\n");
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (obj != CK_INVALID_HANDLE) {
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_DestroyObject() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session,
|
|
Packit |
8681c6 |
attrs, sizeof(attrs) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
&obj);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_CreateObject() rc = 0x%02lx [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
printf("VHSM-pin successfully set.\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#ifdef EP11_HSMSIM
|
|
Packit |
8681c6 |
#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW | RTLD_DEEPBIND
|
|
Packit |
8681c6 |
#else
|
|
Packit |
8681c6 |
#define DLOPEN_FLAGS RTLD_GLOBAL | RTLD_NOW
|
|
Packit |
8681c6 |
#endif
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static void *ep11_load_host_lib()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
void *lib_ep11;
|
|
Packit |
8681c6 |
char *ep11_lib_name;
|
|
Packit |
8681c6 |
char *errstr;
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
ep11_lib_name = secure_getenv(EP11SHAREDLIB_NAME);
|
|
Packit |
8681c6 |
if (ep11_lib_name != NULL) {
|
|
Packit |
8681c6 |
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (lib_ep11 == NULL) {
|
|
Packit |
8681c6 |
errstr = dlerror();
|
|
Packit |
8681c6 |
fprintf(stderr, "Error loading shared library '%s' [%s]\n",
|
|
Packit |
8681c6 |
ep11_lib_name, errstr);
|
|
Packit |
8681c6 |
return NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
return lib_ep11;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ep11_lib_name = EP11SHAREDLIB_V3;
|
|
Packit |
8681c6 |
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (lib_ep11 == NULL) {
|
|
Packit |
8681c6 |
/* Try version 2 instead */
|
|
Packit |
8681c6 |
ep11_lib_name = EP11SHAREDLIB_V2;
|
|
Packit |
8681c6 |
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (lib_ep11 == NULL) {
|
|
Packit |
8681c6 |
/* Try version 1 instead */
|
|
Packit |
8681c6 |
ep11_lib_name = EP11SHAREDLIB_V1;
|
|
Packit |
8681c6 |
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (lib_ep11 == NULL) {
|
|
Packit |
8681c6 |
/* Try unversioned library instead */
|
|
Packit |
8681c6 |
ep11_lib_name = EP11SHAREDLIB;
|
|
Packit |
8681c6 |
lib_ep11 = dlopen(ep11_lib_name, DLOPEN_FLAGS);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (lib_ep11 == NULL) {
|
|
Packit |
8681c6 |
errstr = dlerror();
|
|
Packit |
8681c6 |
fprintf(stderr, "Error loading shared library '%s[.3|.2|.1]' [%s]\n",
|
|
Packit |
8681c6 |
EP11SHAREDLIB, errstr);
|
|
Packit |
8681c6 |
return NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return lib_ep11;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int main(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
void *lib_ep11;
|
|
Packit |
8681c6 |
CK_C_INITIALIZE_ARGS cinit_args;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN + 1];
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_ParseArgs(argc, argv);
|
|
Packit |
8681c6 |
if (rc != 1)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* dynamically load in the ep11 shared library */
|
|
Packit |
8681c6 |
lib_ep11 = ep11_load_host_lib();
|
|
Packit |
8681c6 |
if (!lib_ep11)
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
*(void **)(&dll_m_Logout) = dlsym(lib_ep11, "m_Logout");
|
|
Packit |
8681c6 |
*(void **)(&dll_m_get_xcp_info) = dlsym(lib_ep11, "m_get_xcp_info");
|
|
Packit |
8681c6 |
if (dll_m_Logout == NULL || dll_m_get_xcp_info == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "ERROR loading shared lib '%s' [%s]\n",
|
|
Packit |
8681c6 |
EP11SHAREDLIB, dlerror());
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* The following are only available since EP11 host library version 2.
|
|
Packit |
8681c6 |
* Ignore if they fail to load, the code will fall back to the old target
|
|
Packit |
8681c6 |
* handling in this case.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
*(void **)(&dll_m_add_module) = dlsym(lib_ep11, "m_add_module");
|
|
Packit |
8681c6 |
*(void **)(&dll_m_rm_module) = dlsym(lib_ep11, "m_rm_module");
|
|
Packit |
8681c6 |
if (dll_m_add_module == NULL || dll_m_rm_module == NULL) {
|
|
Packit |
8681c6 |
dll_m_add_module = NULL;
|
|
Packit |
8681c6 |
dll_m_rm_module = NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = get_ep11_library_version(&lib_version);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Using slot #%lu...\n\n", SLOT_ID);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_GetFunctionList();
|
|
Packit |
8681c6 |
if (!rc) {
|
|
Packit |
8681c6 |
fprintf(stderr, "ERROR do_GetFunctionList() Failed, rx = 0x%0x\n", rc);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&cinit_args, 0x0, sizeof(cinit_args));
|
|
Packit |
8681c6 |
cinit_args.flags = CKF_OS_LOCKING_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
funcs->C_Initialize(&cinit_args);
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE hsess = 0;
|
|
Packit |
8681c6 |
rc = funcs->C_GetFunctionStatus(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CancelFunction(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!is_ep11_token(SLOT_ID)) {
|
|
Packit |
8681c6 |
fprintf(stderr, "ERROR Slot %lu is not an EP11 token\n", SLOT_ID);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rc = funcs->C_OpenSession(SLOT_ID, flags, NULL, NULL, &session);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_OpenSession() rc = 0x%02x [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
session = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin)) {
|
|
Packit |
8681c6 |
fprintf(stderr, "get_user_pin() failed\n");
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(SLOT_ID);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
fprintf(stderr, "C_CloseAllSessions() rc = 0x%02x [%s]\n", rc,
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
fprintf(stderr, "C_Login() rc = 0x%02x [%s]\n", rc, p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
switch (action) {
|
|
Packit |
8681c6 |
case ACTION_SHOW:
|
|
Packit |
8681c6 |
rc = show_sessions(session);
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case ACTION_LOGOUT:
|
|
Packit |
8681c6 |
rc = logout_sessions(session);
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
case ACTION_VHSMPIN:
|
|
Packit |
8681c6 |
rc = set_vhsmpin(session);
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Logout(session);
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(SLOT_ID);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|