/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
#include "pkcs11_manager.h"
#include <debug.h>
-#include <threading/mutex.h>
typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t;
pkcs11_library_t *lib;
/**
- * Token session
+ * Slot the token is in
*/
- CK_SESSION_HANDLE session;
+ CK_SLOT_ID slot;
/**
- * Mutex to lock session
+ * Token session
*/
- mutex_t *mutex;
+ CK_SESSION_HANDLE session;
/**
* Key object on the token
/**
* Reauthenticate to do a signature
*/
-static bool reauth(private_pkcs11_private_key_t *this)
+static bool reauth(private_pkcs11_private_key_t *this,
+ CK_SESSION_HANDLE session)
{
enumerator_t *enumerator;
shared_key_t *shared;
{
found = TRUE;
pin = shared->get_key(shared);
- rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC,
+ rv = this->lib->f->C_Login(session, CKU_CONTEXT_SPECIFIC,
pin.ptr, pin.len);
if (rv == CKR_OK)
{
chunk_t data, chunk_t *signature)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
signature_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_SignInit(this->session, mechanism, this->object);
- if (this->reauth && !reauth(this))
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_SignInit(session, mechanism, this->object);
+ if (this->reauth && !reauth(this, session))
{
+ this->lib->f->C_CloseSession(session);
return FALSE;
}
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
- rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Sign(session, data.ptr, data.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv);
chunk_t crypt, chunk_t *plain)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
encryption_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object);
- if (this->reauth && !reauth(this))
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_DecryptInit(session, mechanism, this->object);
+ if (this->reauth && !reauth(this, session))
{
+ this->lib->f->C_CloseSession(session);
return FALSE;
}
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
- rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Decrypt(session, crypt.ptr, crypt.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv);
{
this->pubkey->destroy(this->pubkey);
}
- this->mutex->destroy(this->mutex);
this->keyid->destroy(this->keyid);
this->lib->f->C_CloseSession(this->session);
free(this);
return NULL;
}
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->slot = slot;
this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid);
if (!login(this, slot))
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
#include "pkcs11_manager.h"
#include <debug.h>
-#include <threading/mutex.h>
typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t;
*/
CK_OBJECT_HANDLE object;
- /**
- * Mutex to lock session
- */
- mutex_t *mutex;
-
/**
* References to this key
*/
chunk_t data, chunk_t sig)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_RV rv;
mechanism = pkcs11_signature_scheme_to_mech(scheme);
{ /* trim leading zero byte in sig */
sig = chunk_skip(sig, 1);
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object);
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_VerifyInit(session, mechanism, this->object);
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
- rv = this->lib->f->C_Verify(this->session, data.ptr, data.len,
- sig.ptr, sig.len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Verify(session, data.ptr, data.len, sig.ptr, sig.len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv);
chunk_t plain, chunk_t *crypt)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
encryption_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object);
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_EncryptInit(session, mechanism, this->object);
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
- rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Encrypt(session, plain.ptr, plain.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv);
{
lib->encoding->clear_cache(lib->encoding, this);
this->lib->f->C_CloseSession(this->session);
- this->mutex->destroy(this->mutex);
free(this);
}
}
.slot = slot,
.session = session,
.object = object,
- .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.ref = 1,
);
projects / thirdparty / strongswan.git / commitdiff
