Dump PKCS11 Slot Info

Recently, I needed a tool to show the detailed PKCS11 slot information. Cryptoadm is a good utility to display cryptographic provider information for a system, but it does not show me the "ulMaxSessionCount" field, which was important to me at that time, I was eager to know what's the maximum number of sessions that can be opened with the token at one time by a single application. Google did not help this time, so I had to write a simple tool by myself.

Past the code here, maybe one day, it will save me a lot time when I need such a detailed slot info.

Compile the codes with:

$gcc cryinfo.c -o slotinfo -lpkcs11

Copy (or download), save, compile the source code bellow:

#include <stdio.h>
#include <security/cryptoki.h>
#include <security/pkcs11.h>

extern void dump_info();

int main(int argc, char \*\*argv) {
    CK_RV               rv;
    CK_MECHANISM        mechanism = {CKM_RC4, NULL_PTR, 0L};
    CK_SESSION_HANDLE   hSession;

    // initialize teh crypto library
    rv = C_Initialize(NULL_PTR);
    if (rv != CKR_OK) {
        fprintf(stderr, "C_Initialize: Error = 0x%.8X\\n", rv);
        return -1;
    }

    dump_info();

    rv = C_Finalize(NULL_PTR);
    if (rv != CKR_OK) {
        fprintf(stderr, "C_Finalize: Error = 0x%.8X\\n", rv);
        return -1;
    }

}

void dump_info() {
    CK_RV               rv;
    CK_SLOT_INFO        slotInfo;
    CK_TOKEN_INFO       tokenInfo;
    CK_ULONG            ulSlotCount = 0;
    CK_SLOT_ID_PTR      pSlotList = NULL_PTR;
    int                 i = 0;

    rv = C_GetSlotList(0, NULL_PTR, &ulSlotCount);
    if (rv != CKR_OK) {
        fprintf(stderr, "C_GetSlotList: Error = 0x%.8X\\n", rv);
        return;
    }

    fprintf(stdout, "slotCount = %d\\n", ulSlotCount);
    pSlotList = malloc(ulSlotCount \* sizeof(CK_SLOT_ID));
    if (pSlotList == NULL) {
        fprintf(stderr, "System error: unable to allocate memory");
        return;
    }

    rv = C_GetSlotList(0, pSlotList, &ulSlotCount);
    if (rv != CKR_OK) {
        fprintf(stderr, "C_GetSlotList: Error = 0x%.8X\\n", rv);
        free(pSlotList);
        return;
    }

    for (i = 0; i < ulSlotCount; i++) {
        fprintf(stdout, "slot found: %d ----\\n", pSlotList[i]);
        rv = C_GetSlotInfo(pSlotList[i], &slotInfo);
        if (rv != CKR_OK) {
            fprintf(stderr, "C_GetSlotInfo: Error = 0x%.8X\\n", rv);
            free(pSlotList);
            return;
        }

        fprintf(stdout, "slot description: %s\\n", slotInfo.slotDescription);
        fprintf(stdout, "slot manufacturer: %s\\n", slotInfo.manufacturerID);
        fprintf(stdout, "slot flags: 0x%.8X\\n", slotInfo.flags);
        fprintf(stdout, "slot hardwareVersion: %d.%d\\n",
            slotInfo.hardwareVersion.major, slotInfo.hardwareVersion.minor);
        fprintf(stdout, "slot firmwareVersion: %d.%d\\n",
            slotInfo.firmwareVersion.major, slotInfo.firmwareVersion.minor);

        rv = C_GetTokenInfo(pSlotList[i], &tokenInfo);
        if (rv != CKR_OK) {
            fprintf(stderr, "C_GetTokenInfo: Error = 0x%.8X\\n", rv);
            free(pSlotList);
            return;
        }

        fprintf(stdout, "Token label: %s\\n", tokenInfo.label);
        fprintf(stdout, "Token manufacturer: %s\\n", tokenInfo.manufacturerID);
        fprintf(stdout, "Token model: %s\\n", tokenInfo.model);
        fprintf(stdout, "Token serial: %s\\n", tokenInfo.serialNumber);
        fprintf(stdout, "Token flags: 0x%.8X\\n", tokenInfo.flags);
        fprintf(stdout, "Token ulMaxSessionCount: %ld\\n",
                                tokenInfo.ulMaxSessionCount);
        fprintf(stdout, "Token ulSessionCount: %ld\\n",
                                tokenInfo.ulSessionCount);
        fprintf(stdout, "Token ulMaxRwSessionCount: %ld\\n",
                                tokenInfo.ulMaxRwSessionCount);
        fprintf(stdout, "Token ulRwSessionCount: %ld\\n",
                                tokenInfo.ulRwSessionCount);
        fprintf(stdout, "Token ulMaxPinLen: %ld\\n", tokenInfo.ulMaxPinLen);
        fprintf(stdout, "Token ulMinPinLen: %ld\\n", tokenInfo.ulMinPinLen);
        fprintf(stdout, "Token ulTotalPublicMemory: %ld\\n",
                                tokenInfo.ulTotalPublicMemory);
        fprintf(stdout, "Token ulFreePublicMemory: %ld\\n",
                                tokenInfo.ulFreePublicMemory);
        fprintf(stdout, "Token ulTotalPrivateMemory: %ld\\n",
                                tokenInfo.ulTotalPrivateMemory);
        fprintf(stdout, "Token ulFreePrivateMemory: %ld\\n",
                                tokenInfo.ulFreePrivateMemory);
        fprintf(stdout, "slot hardwareVersion: %d.%d\\n",
            tokenInfo.hardwareVersion.major, tokenInfo.hardwareVersion.minor);
        fprintf(stdout, "slot firmwareVersion: %d.%d\\n",
            tokenInfo.firmwareVersion.major, tokenInfo.firmwareVersion.minor);
        fprintf(stdout, "Token utcTime: %s\\n", tokenInfo.utcTime);
        fprintf(stdout, "\\n");
    }

    free(pSlotList);
}

Comments:

You'll need to escape your &lt; and &gt; else the #include lines (for example) are swallowed by the HTML parsing...

Rgds

Damon

Posted by Damon Hart-Davis on July 18, 2009 at 08:51 PM GMT+08:00 #

Post a Comment:
  • HTML Syntax: NOT allowed
About

A blog on security and networking

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today