Go to the first, previous, next, last section, table of contents.

4 Writing a new Token

In order to create a new token you must implement the following functions that are defined in internal.h and link the to a library of their own. They are all defined as callbacks and a structure containing the pointers to them is gather during initialisation of the token.

A full featured software development kit (SDK) to aid in the development of new tokens has not been put together yet, but hopefully will grow out of gpkcs11 in the future.

Most function are a simple counterpart to the functions defined in the standard, but have the nessecary table lookups done for them and given pointers to the actual structures rather than the handles as defined in the standard.

Other than those functions in the standard a function in the internal slot needs not to be defined, since the wrapper will take care of the return of the proper value. The entry in the function pointer structure only needs to be set to NULL.

4.1 Token Internal Functions

Function: CK_RV <init-symbol> (CK_CHAR_PTR token_name, CK_I_SLOT_DATA_PTR CK_PTR ppSlotData)
This is just a template for a function name that every token needs to implement. This function is not held in the funktion list, but will be looked up by named with the mechanism for shared objects native to the operating system. <init-symbol> is set by the InitSym directive in the section of the token.

token_name contains the name of the token as it was read from the list of all tokens as given in the config file. This allows the function to read from the propper section of the config file.

A pointer to the structure that contains the information about the slot and the token that is contained therein has to be set in ppSlotData. The exact format of CK_I_SLOT_DATA may be found in internal_slot.h

There is not seperate initialization function called for the slot. It has to be handled in this function. If any of the initialization fails or the slot and/or its token is disabled for some reason this function must return NULL_PTR, and the slot will be skipped when all slots are registered with the system. The slot will be disabled until the C_Initialize function is called again.

All following functions are callbacks that are listed in the CK_I_TOKEN_METHODS structure defined in `internal_slot.h'. A full set of these functions must be defined and then listed in structure. If a function is not supported by a token it must be implemented regardless and simply return CKR_FUNCTION_NOT_SUPPORTED.

Function: CK_RV CIP_GetTokenInfo (CK_I_SLOT_DATA_PTR slot_data, CK_TOKEN_INFO_PTR pInfo)
get informations about the token.

Function: CK_RV CIP_GetMechanismList (CK_MECHANISM_TYPE_PTR pMechanismList,CK_ULONG_PTR pulCount)
Get the List of mechanisms supported by the token. pMechanismList gets mechanism array. If set to NULL_PTR, the lenght of the buffer needed will be put into Address referenced by pulCount. pulCount holds the Address to the number of elements in the list provided. Address pointed to will be set to the number of entries in the list when function returns.

Function: CK_RV CIP_GetMechanismInfo (CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)

Function: CK_RV CIP_InitToken (CK_CHAR_PTR pPin, CK_ULONG ulPinLen, CK_CHAR_PTR pLabel)

Function: CK_RV CIP_FinalizeToken (CK_I_SLOT_DATA_PTR slot_data)

Function: CK_RV CIP_InitPIN (CK_I_SESSION_DATA_PTR session_data, CK_CHAR_PTR pPin,
CK_ULONG ulPinLen) session_data is the structure referenced by the handle given to the standard function

Function: CK_RV CIP_SetPIN (CK_I_SESSION_DATA_PTR session_data, CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)
session_data is the structure referenced by the handle given to the standard function

Function: CK_RV CIP_OpenSession (CK_I_SESSION_DATA_PTR session_data)
perform token specific operations when opening a session.

Token must implement this function if it holds some internal representation of each session. The nessecary base operations are handled by the outer library code. This function is called as a type of hook where a token may handle issues above and beyond those checks that are required in the standard.

The session_data structure is allready allocated and some values are set. This function may simply set values pertaining to the internal working of the token. See section 4.2.3 CK_I_SESSION_DATA, for more details.

The implement_data field should be used for pointers to token implementation specific data structures. It is not used by the base library functions.

Function: CK_RV CIP_CloseSession (CK_I_SESSION_DATA_PTR session_data)
perform token specific operations when closing a session.

Token must implement this function if it holds some internal representation of each session. It act as a expansion mechanism similar to the one described in CIP_OpenSession.

Function: CK_RV CIP_GetOperationState (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)

Function: CK_RV CIP_SetOperationState (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_I_OBJ_PTR encrypt_key_obj, CK_I_OBJ_PTR auth_key_obj)

Function: CK_RV CIP_Login (CK_I_SESSION_DATA_PTR session_data,
CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)

Function: CK_RV CIP_Logout (CK_I_SESSION_DATA_PTR session_data)

Function: CK_RV CIP_EncryptInit (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_Encrypt (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)

Function: CK_RV CIP_EncryptUpdate (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Function: CK_RV CIP_EncryptFinal (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)

Function: CK_RV CIP_DecryptInit (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_Decrypt (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Function: CK_RV CIP_DecryptUpdate (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Function: CK_RV CIP_DecryptFinal (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)

Function: CK_RV CIP_DigestInit (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism)

Function: CK_RV CIP_Digest (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Function: CK_RV CIP_DigestUpdate (CK_I_SESSION_DATA_PTR session_data,
CK_C_BYTE_PTR pPart, CK_ULONG ulPartLen)

Function: CK_RV CIP_DigestKey (CK_I_SESSION_DATA_PTR session_data,
CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_DigestFinal (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)

Function: CK_RV CIP_SignInit (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_Sign (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Function: CK_RV CIP_SignUpdate (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Function: CK_RV CIP_SignFinal (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Function: CK_RV CIP_SignRecoverInit (CK_I_SESSION_DATA_PTR
session_data, CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_SignRecover (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)

Function: CK_RV CIP_VerifyInit (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_Verify (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Function: CK_RV CIP_VerifyUpdate (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pPart, CK_ULONG ulPartLen)

Function: CK_RV CIP_VerifyFinal (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)

Function: CK_RV CIP_VerifyRecoverInit (CK_I_SESSION_DATA_PTR
session_data, CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_VerifyRecover (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)

Function: CK_RV CIP_DigestEncryptUpdate (CK_I_SESSION_DATA_PTR
session_data, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Function: CK_RV CIP_DecryptDigestUpdate (CK_I_SESSION_DATA_PTR
session_data, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Function: CK_RV CIP_SignEncryptUpdate (CK_I_SESSION_DATA_PTR
session_data, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)

Function: CK_RV CIP_DecryptVerifyUpdate (CK_I_SESSION_DATA_PTR
session_data, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)

Function: CK_RV CIP_GenerateKey (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR key)

Function: CK_RV CIP_GenerateKeyPair (CK_I_SESSION_DATA_PTR
session_data, CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR public_key, CK_I_OBJ_PTR private_key)

Function: CK_RV CIP_WrapKey (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR wrap_key_obj, CK_I_OBJ_PTR key_obj, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)

Function: CK_RV CIP_UnwrapKey (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR unwrap_key_obj, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_I_OBJ_PTR key_obj)

Function: CK_RV CIP_DeriveKey (CK_I_SESSION_DATA_PTR session_data,
CK_MECHANISM_PTR pMechanism, CK_I_OBJ_PTR base_key, CK_I_OBJ_PTR derived_ky)

Function: CK_RV CIP_SeedRandom (CK_I_SESSION_DATA_PTR session_data,
CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)

Function: CK_RV CIP_GenerateRandom (CK_I_SESSION_DATA_PTR
session_data, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)

Function: CK_RV CIP_GetFunctionStatus (CK_I_SESSION_DATA_PTR
session_data)

Function: CK_RV CIP_CancelFunction (CK_I_SESSION_DATA_PTR
session_data)

Function: CK_RV CIP_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR
pSlot, CK_VOID_PTR pRserved)

Function: CK_RV CIP_TokenObjRetrieve (CK_I_SESSION_DATA_PTR
session_data, CK_OBJECT_HANDLE phObject, CK_I_OBJ_PTR CK_PTR ppNewObject)

Function: CK_RV CIP_TokenObjCommit (CK_I_SESSION_DATA_PTR
session_data, CK_I_OBJ_PTR pObject)

Function: CK_RV CIP_TokenObjAdd (CK_I_SESSION_DATA_PTR session_data,
CK_OBJECT_HANDLE phObject, CK_I_OBJ_PTR pNewObject)

Function: CK_RV CIP_TokenObjDelete (CK_I_SESSION_DATA_PTR
session_data, CK_OBJECT_HANDLE phObject)

4.2 Token Internal Structures

4.2.1 CK_I_SLOT_DATA

typedef struct CK_I_SLOT_DATA {
  CK_ULONG flags;
  CK_CHAR_PTR config_section_name;
  CK_SLOT_INFO_PTR slot_info;
  CK_I_TOKEN_DATA_PTR token_data;
} CK_I_SLOT_DATA;
flags
misssing info
config_section_name
section of the config file that containes information about this slot/token
slot_info
standard defined information about the slot
token_data
gpkcs11 internal data about the token. See section 4.2.2 CK_I_TOKEN_DATA, for details.

4.2.2 CK_I_TOKEN_DATA

struct CK_I_TOKEN_DATA {
  CK_TOKEN_INFO_PTR token_info;
  CK_I_TOKEN_METHODS_PTR methods;
  CK_SLOT_ID slot;
  CK_VOID_PTR impl_data;
};
token_info
pointer to the structure defined in the PKCS11 Standard
methods
structure of function pointers containing of the functions provided by the token.
slot
make the token aware of the slot it is holding
impl_data
implementation specific data

4.2.3 CK_I_SESSION_DATA

struct CK_I_SESSION_DATA {
  CK_SESSION_HANDLE session_handle;
  CK_USER_TYPE user_type;
  CK_VOID_PTR pApplication;
  CK_I_APP_DATA app_data;
  CK_NOTIFY Notify;
  CK_SESSION_INFO_PTR session_info;
  CK_I_TOKEN_DATA_PTR token_data;
  CK_I_HASHTABLE_PTR object_list;
  CK_I_FIND_STATE_PTR find_state;
  CK_VOID_PTR digest_state;
  CK_MECHANISM_TYPE digest_mechanism;
  CK_VOID_PTR encrypt_state;
  CK_MECHANISM_TYPE encrypt_mechanism;
  CK_VOID_PTR decrypt_state;           
  CK_MECHANISM_TYPE decrypt_mechanism; 
  CK_VOID_PTR sign_state;              
  CK_MECHANISM_TYPE sign_mechanism;    
  CK_VOID_PTR verify_state;            
  CK_MECHANISM_TYPE verify_mechanism;  
  CK_VOID_PTR implement_data;          
};
session_handle
The handle of this session
user_type
Type of user that runs this session
pApplication
Information to be returned when using a callback. This ia pointer to opaque application defined data.
app_data
Data about this application: holds pointers to the object list and the list of open sessions for this application.
Notify
callback to application.
session_info
Session information required by the PKCS#11 Standard.
token_data
Pointer to the structure representing the token of this session
object_list
Objects of this session, deep copies of supplied templates
find_state
internal state for the FindObject functions
digest_state
encrypt_state
decrypt_state
sign_state
verify_state
Created by respective the C_<operation>Init function
digest_mechanism
encrypt_mechanism
decrypt_mechanism
sign_mechanism
verify_mechanism
active mechanism type if the associated state is != NULL_PTR
implement_data
Pointer to session specific data required by a given token implementation. See the individual token implementations for details.

4.3 Object Management API

gpkcs11 contains an internal API for handling objects of various kind. Its aims to ease to make handling the objects within the module easier. It also helps ensure that all the rules on object visibility, that are stated in the standard, are followed correctly. Furthermore does it help in memory management for the created objects and allows a quick lookup in the hashtables that are used as containers of the objects.

Each object is identified by the handle that is also used to identify the object with the application.

The functions are not to be confused with the external object functions and their internal helper. Therefore they all have CI_Obj prefix to their name.

Function: CK_RV CI_ObjCreateObj (CK_I_OBJ_PTR CK_PTR ppNewObj)
Function sets the pointer to a newly created object into the address ppNewObj points to. The function will return one of CKR_OK, CKR_HOST_MEMORY, CKR_GENERAL_ERROR.

Function: CK_RV CI_ObjSetAttributeValue (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE AttributeType, CK_VOID_PTR pValue, CK_ULONG ulValueLen)
Set an attribute of the object by stating attribute type, value and value lenght. The AttributeType must be one of the attribute types declare in the standard (defines with the CKA_ prefix). The contents of pValue are copied and its memory my be freed overwritten afterwards. The function will return one of CKR_OK, CKR_HOST_MEMORY, CKR_GENERAL_ERROR.

Function: CK_RV CI_ObjSetIntAttributeValue (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE InternalAttributType, CK_VOID_PTR pValue, CK_ULONG ulValueLen)
Same as CI_ObjSetAttributeValue, but uses the internal attribute types (defines with the CK_IA_ prefix).

Function: CK_RV CI_ObjSetAttribute (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_PTR pAttribute)
Set an attribute of the object by providing a CK_ATTRIBUTE structure. The structure and its contents is copied by the function and may be freed after the function returns. The function will return one of CKR_OK, CKR_HOST_MEMORY, CKR_GENERAL_ERROR.

Function: CK_RV CI_ObjGetAttributeValue (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE AttributeType, CK_BYTE_PTR pValue, CK_ULONG_PTR pulValueLen)
Retrieve the value of an object. The function uses the technique to determine the amount of memory as described in the PKCS#11 standard section 10.2. The AttributeType must be one of the attribute types declare in the standard (defines with the CKA_ prefix). The function will return one of CKR_OK, CKR_HOST_MEMORY, CKR_GENERAL_ERROR, CKR_ATTRIBUTE_TYPE_INVALID, CKR_BUFFER_TOO_SMALL.

Function: CK_RV CI_ObjGetIntAttributeValue (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE InternalAttributeType, CK_BYTE_PTR pValue, CK_ULONG_PTR pulValueLen)
Same as CI_ObjGetAttributeValue, but uses the internal attribute types (defines with the CK_IA_ prefix).

Function: CK_RV CI_ObjReadTemplate (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulTemplateLen)
Convert a PKCS#11 style template into an object. The object needs have been allocated and initialized using the CI_ObjCreateObj function.

Function: CK_RV, CI_ObjCopyObject (CK_I_OBJ_PTR pTargetObject, CK_I_OBJ_PTR pSourceObject)
Copy the data contained in pSourceObject into pTargetObject. The both object must have been previously allocated. All data that was contained in the target object will be removed. Any memory that was contained will be freed.

Function: CK_RV CI_ObjDestroyObj (CK_I_OBJ_PTR pObject)
Destroy an object and recoursively free all memory that is allocated within.

Function: CK_RV CI_ObjMergeObj (CK_I_OBJ_PTR pTargetObject, CK_I_OBJ_PTR pSourceObject, CK_BBOOL overwrite)
) Merge an object into another. All data from pSourceObject will be copied into pTargetObject, retaining Attributes that are not set within the source object. if overwrite is set to false, attributes that are allready set in the target object are also left unchanged. Otherwise they are overwritten with the data from the source object.

Function: CK_RV CI_ObjDeleteAttribute (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE Attribute)
Delete an Attribute from an object. The AttributeType must be one of the attribute types declare in the standard (defines with the CKA_ prefix). The memory allocated by the value will be freed.

Function: CK_RV CI_ObjDeleteIntAttribute (CK_I_OBJ_PTR pObject, CK_ATTRIBUTE_TYPE InternalAttribute)
Same as CI_ObjDeleteIntAtrrbute, but uses the internal attribute types (defines with the CK_IA_ prefix).

Function: CK_RV CI_ObjDumpObj (CK_I_OBJ_PTR pObject, FILE CK_PTR pOut)
Write the contents of the object into file that is pointed to by pOut. The Data is formated in a human readable format is to aid in debugging the use of the object system by giving insight to the contents of an object.

Function: CK_RV CI_ObjAttribCount (CK_I_OBJ_PTR pObject, CK_ULONG CK_PTR pCount)
Put the number of attributes within the object into the memory pointed to by pCount

Function: CK_RV CI_ObjAttribIter (CK_I_OBJ_PTR pObject, CK_I_HASH_ITERATOR_PTR CK_PTR pIterator)
Put an iterator over the attributes within the object into the memory pointed at by the pIterator.

Function: CK_RV CI_ObjAttribIterDeRef (CK_I_HASH_ITERATOR_PTR pIterator, CK_ATTRIBUTE_PTR CK_PTR ppAttrib)
Dereference the attribute indicated by the iterator. The address of the attribute structure will be written into the memory pointed at by ppAttrib.

Function: CK_RV CI_ContainerAddObj (CK_I_HASHTABLE_PTR container, CK_ULONG key, CK_I_OBJ_PTR pObject)
Add an object to the container. The function will check if there is an already object of the key and remove it from the container. The object is stored as a reference and not a copy of the original obj. A reference counter within the object will be increased.

Function: CK_RV CI_ContainerDelObj (CK_I_HASHTABLE_PTR container, CK_ULONG key)
Delete an object from the container. The function will free the mem of the object if this was the last reference to the function.

Function: CK_RV CI_AppListAddObj (CK_ULONG key, CK_I_OBJ_PTR val)
Add Object to application list. To make dynamic loading possible we only export functions as some operating system have difficulties exporting variables. This function wraps direct manipulations of the application list outside the libgpkcs11. the function returns the value that the actual call to CI_ContainerAddObj returned.

Macro: CI_ObjLookup (obj, int_attrib)
return attribute structure of an internal attribute (CK_IA_*) from an object. The returned value is NULL_PTR if the attribute is not set.

Function: CK_RV CI_TokenObjAdd (CK_I_SESSION_DATA_PTR session_data, CK_OBJECT_HANDLE phObject, CK_I_OBJ_PTR pNewObject)
Add an object to the list of object on a token. In what form this is handled further is dependant upon the token that is addresssed at (determined via the session_data structure.)

Function: CK_RV CI_TokenObjDelete (CK_I_SESSION_DATA_PTR session_data, CK_OBJECT_HANDLE phObject)
Delete an object from an token.

Function: CK_RV CI_TokenObjCommit (CK_I_SESSION_DATA_PTR session_data, CK_OBJECT_HANDLE phObject)
order to token to execute token specific operations regarding the object that are defined upon it.

Function: CK_RV CI_AttributeValid (CK_ATTRIBUTE_TYPE Attribute, CK_OBJECT_CLASS ObjClass, CK_BBOOL CK_PTR pValid)
Check validity of attribute in a object type. The validity of the attribute for a given object class is returned by setting the memory pointed to by pValid to TRUE if the attribute is valid for the given object class. Will be set to FALSE otherwise.

4.4 Configuration Functions

Function: CK_RV CI_GetConfigString (CK_CHAR_PTR section, CK_CHAR_PTR field, CK_CHAR_PTR CK_PTR ppValue)
Retrieve an entry from the configuration file that was selected during initialization. If the section is set to NULL_PTR, "PKCS11-DLL" will be used. The section that a slot was loaded into will be set into the CI_SLOT_DATA structure.

4.5 Logging Functions

Function: CK_RV CI_ErrorStr (CK_RV rv)

Function: CK_RV CI_MechanismStr (CK_MECHANISM_TYPE rv)

Function: CK_RV CI_AttributeStr (CK_ATTRIBUTE_TYPE attrib)

Function: CK_RV CI_AttributeNum (CK_CHAR_PTR pAttribName)

Function: CK_RV CI_PrintableByteStream (CK_C_BYTE_PTR stream, CK_ULONG len)

Function: CK_RV CI_ScanableByteStream (CK_C_BYTE_PTR stream, CK_ULONG len)

Function: CK_RV CI_ScanableMechanism (CK_MECHANISM_PTR pMechanism)

Function: CK_RV CI_PrintTemplate (CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)

Function: CK_RV CI_LogEntry (CK_C_CHAR_PTR FunctionName, CK_C_CHAR_PTR ProcessDesc, CK_RV rv, CK_ULONG level)
/* Name of the current function */ /* Description of the current process */ /* return value in case of imediate abort of function */ /* logging level at which message will be printed */

Function: CK_RV CI_VarLogEntry (CK_C_CHAR_PTR FunctionName, CK_C_CHAR_PTR ProcessDesc, CK_RV rv, CK_ULONG level, ...)
/* Name of the current function */ /* Description of the current process */ /* return value in case of imediate abort of function */ /* logging level at which message will be printed */

Function: CK_RV CI_SetLogingLevel (CK_ULONG level)

Function: CK_RV CI_SetLoggingFile (CK_CHAR_PTR logFileName)

Function: CK_RV CI_EvalLogFileName (void)

Function: CK_RV CI_CI_CodeFktEntry (CK_C_CHAR_PTR FunctionName, CK_C_CHAR_PTR ProcessDesc, ...)
/* Name of the current function */ /* Description of the current process */

Function: CK_RV TC_free (handle)
Actually this is a macro wrapping the functions _TC_free(handle, line, file) or free(3), depending on the preprocessor define NO_MEM_LOGGING

Function: CK_RV TC_calloc (nelem, elsize)
Actually this is a macro wrapping the functions _TC_calloc(nelem,elsize, line, file) or calloc(3), depending on the preprocessor define NO_MEM_LOGGING

Function: CK_RV TC_malloc (size)
Actually this is a macro wrapping the functions _TC_malloc(size, line, file) or malloc(3), depending on the preprocessor define NO_MEM_LOGGING

Function: CK_RV CI_SetMemLoggingFile (CK_C_CHAR_PTR memLogFileName)

Function: CK_RV CI_EvalMemLogFileName (void)

4.6 Managing Dynamic Libraries

To ensure the libraries that are loaded during runtime are closed properly a table of all open Dynamic Link Libraries (DLLs) exists. This Table is created during initialization and opened tokens are automatically registered. If a token opens a dll with CI_GetDllHandle the dll will be opened if nessecary and be registered for a clean closure when the library is shut down.

4.7 Event Handler

Since the function C_WaitForSlotEvent collects the event arising from all tokens of an PKCS#11 module, there needs to exist a central event handler. The event handler servers to do two jobs: it sends events to the blocking C_WaitForSlotEvent function on all threads that watch this slot and it can call a callback in behalf of the token that registered the event to take care of cleanup or reinitialisation functions like changing a smartcard in a reader.

In gpkcs11 this handler is dormant as long as there is no event source registered, returning CKR_FUNCTION_NOT_IMPLEMENTED upon calling C_WaitForSlotEvent. Only when one or more slots register for the handler will the function block on request.

Function: CK_RV CI_RegisterEventSink (CK_SLOT_HANDLE slot, CK_I_EventActionCallback action, CK_VOID_PTR user_data, CK_I_EVENT_INFO_PTR CK_PTR pHandle)

add the slot to the list of watched event sources and a sink for the slot events. When an event is signaled action is called with user_data if it is not equal to NULL or the signal call sets a new user_data. The address pHandle points to is set with the handle of this event. Multiple sinks and their actions may be defined for a given slot, the first will activate even watching for that slot. If the slot Handle is equal to (-1)L, the event will not be rejected for belonging to a invalid slot, but will never be called by CI_SendSlotEvent. This allows event sinks to be registered, but not bound to a slot.

Function: CK_RV CI_RemoveEventSink (CK_I_EVENT_INFO_PTR event)
Remove the event sink with the handle event from the sinks. If this was the last event for a slot, the event handling will be turned inactive. If there is still a thread waiting for the slot event via C_WaitForSlotEvent, the function will return with CKR_FUNCTION_NOT_IMPLEMENTED

Function: CK_RV CI_SendSlotEvent (CK_SLOT_HANDLE slot, CK_VOID_PTR user_data, CK_CHAR_PTR event_label)
Trigger all events that are registered with a slot, setting user_data if it is not not NULL. If event_label is non-NULL it will be printed to the log. The order in which each event is triggered is not defined. If an component needs a certain order, this has to be handled by the component itself.

Function: CK_RV CI_TriggerEvent (CK_I_EVENT_INFO_PTR event, CK_VOID_PTR user_data, CK_CHAR_PTR event_label)
Trigger event, setting user_data if it is not not NULL. If event_label is non-NULL it will be printed to the log. This function is intendet for triggering seperate Events, possibly by other events.

The two functions CI_InitEventHandler and CI_FinalizeEventHandler that are defined in slot.h are for internal use, to start and stop the handler and are of use neither to the user of the library, nor to the token developer.

Go to the first, previous, next, last section, table of contents.