FreeRTOS: PKCS11
PKCS11 Cryptoki Library
Return to main page ↑
C_OpenSession

Opens a connection between an application and a particular token or sets up an application callback for token insertion.

CK_DECLARE_FUNCTION( CK_RV, C_OpenSession )( CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession )
{
CK_RV xResult = CKR_OK;
P11Session_t * pxSessionObj = NULL;
uint32_t ulSessionCount = 0;
( void ) ( slotID );
( void ) ( pApplication );
/* Allow unused parameters to be cast to void to silence compiler warnings.
* Even if they are a function pointer. */
/* coverity[misra_c_2012_rule_11_1_violation] */
( void ) Notify;
/* Check that the PKCS #11 module is initialized. */
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( xP11Context.xIsInitialized != ( CK_BBOOL ) CK_TRUE )
{
xResult = CKR_CRYPTOKI_NOT_INITIALIZED;
}
/* Check arguments. */
if( NULL == phSession )
{
xResult = CKR_ARGUMENTS_BAD;
}
/* For legacy reasons, the CKF_SERIAL_SESSION bit MUST always be set. */
if( ( CKR_OK == xResult ) && ( 0UL == ( CKF_SERIAL_SESSION & flags ) ) )
{
xResult = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
}
/*
* Make space for the context.
*/
if( CKR_OK == xResult )
{
/* Get next open session slot. */
if( xSemaphoreTake( xP11Context.xSessionMutex, portMAX_DELAY ) == pdTRUE )
{
for( ulSessionCount = 0; ulSessionCount < pkcs11configMAX_SESSIONS; ++ulSessionCount )
{
/* coverity[misra_c_2012_rule_10_5_violation] */
if( pxP11Sessions[ ulSessionCount ].xOpened == ( CK_BBOOL ) CK_FALSE )
{
xResult = CKR_OK;
pxSessionObj = &pxP11Sessions[ ulSessionCount ];
/* coverity[misra_c_2012_rule_10_5_violation] */
pxSessionObj->xOpened = ( CK_BBOOL ) CK_TRUE;
break;
}
else
{
/* No available session. */
xResult = CKR_SESSION_COUNT;
}
}
( void ) xSemaphoreGive( xP11Context.xSessionMutex );
}
else
{
xResult = CKR_FUNCTION_FAILED;
}
if( CKR_OK == xResult )
{
pxSessionObj->xSignMutex = xSemaphoreCreateMutex();
if( NULL == pxSessionObj->xSignMutex )
{
xResult = CKR_HOST_MEMORY;
}
pxSessionObj->xVerifyMutex = xSemaphoreCreateMutex();
if( NULL == pxSessionObj->xVerifyMutex )
{
xResult = CKR_HOST_MEMORY;
}
}
}
if( CKR_OK == xResult )
{
/*
* Assign the session.
*/
pxSessionObj->ulState =
( 0UL != ( flags & CKF_RW_SESSION ) ) ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION;
}
/*
* Initialize the operation in progress.
*/
if( CKR_OK == xResult )
{
}
if( CKR_OK != xResult )
{
PKCS11_PRINT( ( "Failed to open a new session with error %d \r\n", xResult ) );
if( pxSessionObj != NULL )
{
if( pxSessionObj->xSignMutex != NULL )
{
vSemaphoreDelete( pxSessionObj->xSignMutex );
}
if( pxSessionObj->xVerifyMutex != NULL )
{
vSemaphoreDelete( pxSessionObj->xVerifyMutex );
}
( void ) memset( pxSessionObj, 0, sizeof( P11Session_t ) );
*phSession = CK_INVALID_HANDLE;
}
}
else
{
/* Increment by one, as invalid handles in PKCS #11 are 0. */
++ulSessionCount;
*phSession = ulSessionCount;
}
return xResult;
}
Note
PKCS #11 module must have been previously initialized with a call to C_Initialize() before calling C_OpenSession().
Parameters
[in]slotIDThis parameter is unused in this port.
[in]flagsSession flags - CKF_SERIAL_SESSION is a mandatory flag.
[in]pApplicationThis parameter is unused in this port.
[in]NotifyThis parameter is unused in this port.
[in]phSessionPointer to the location that the created session's handle will be placed.
Returns
CKR_OK if successful. Else, see PKCS #11 specification for more information.
P11Session_t::xOperationVerifyMechanism
CK_MECHANISM_TYPE xOperationVerifyMechanism
The mechanism of verify operation in progress. Set during C_VerifyInit.
Definition: iot_pkcs11_mbedtls.c:223
CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name)
Macro for defining a PKCS #11 functions.
Definition: iot_pkcs11.h:66
P11Session_t::xOperationDigestMechanism
CK_MECHANISM_TYPE xOperationDigestMechanism
Indicates if a digest operation is in progress.
Definition: iot_pkcs11_mbedtls.c:220
P11Session_t::xVerifyMutex
SemaphoreHandle_t xVerifyMutex
Protects the verification key from being modified while in use.
Definition: iot_pkcs11_mbedtls.c:224
P11Session_t::xOperationSignMechanism
CK_MECHANISM_TYPE xOperationSignMechanism
Mechanism of the sign operation in progress. Set during C_SignInit.
Definition: iot_pkcs11_mbedtls.c:226
P11Struct_t::xIsInitialized
CK_BBOOL xIsInitialized
Indicates whether PKCS #11 module has been initialized with a call to C_Initialize.
Definition: iot_pkcs11_mbedtls.c:202
PKCS11_PRINT
#define PKCS11_PRINT(X)
Macro for logging in PKCS #11.
Definition: iot_pkcs11_mbedtls.c:103
C_OpenSession
CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
Opens a connection between an application and a particular token or sets up an application callback f...
Definition: iot_pkcs11_mbedtls.c:1699
P11Session_t
Session structure.
Definition: iot_pkcs11_mbedtls.c:217
P11Session_t::ulState
CK_ULONG ulState
Stores the session flags.
Definition: iot_pkcs11_mbedtls.c:218
P11Session_t::xSignMutex
SemaphoreHandle_t xSignMutex
Protects the signing key from being modified while in use.
Definition: iot_pkcs11_mbedtls.c:227
P11Session_t::xOpened
CK_BBOOL xOpened
Set to CK_TRUE upon opening PKCS #11 session.
Definition: iot_pkcs11_mbedtls.c:219
P11Struct_t::xSessionMutex
SemaphoreHandle_t xSessionMutex
Mutex that protects write operations to the pxSession array.
Definition: iot_pkcs11_mbedtls.c:205
pkcs11NO_OPERATION
#define pkcs11NO_OPERATION
Indicates that no PKCS #11 operation is underway for given session.
Definition: iot_pkcs11_mbedtls.c:117
xP11Context
static P11Struct_t xP11Context
The global PKCS #11 module object. Entropy/randomness and object lists are shared across PKCS #11 ses...
Definition: iot_pkcs11_mbedtls.c:238
pxP11Sessions
static P11Session_t pxP11Sessions[pkcs11configMAX_SESSIONS]
The global PKCS #11 session list.
Definition: iot_pkcs11_mbedtls.c:243