Using the PKCS#11 Sample

The Luna SDK includes a simple "C" language cross platform source example, p11Sample, that demonstrates the following:

> How to dynamically load the Luna cryptoki library.

>How to obtain the function pointers to the exported PKCS11 standard functions and the Luna extension functions.

The sample demonstrates how to invoke some, but not all of the API functions.

The SfntLibPath Environment Variable

The sample depends on an environment variable created and exported prior to execution. This variable specifies the location of cryptoki.dll (Windows) or libCryptoki2.so on Linux/UNIX. The variable is called SfntLibPath. You are free to provide your own means for locating the library.

What p11Sample Does

The p11Sample program performs the following actions:

1.The sample first attempts to load the dynamic library in the function called LoadP11Functions. This calls LoadLibrary (Windows) or dlopen (Linux/UNIX).

2.The function then attempts to get a function pointer to the PKCS11 API C_GetFunctionList using GetProcAddress (Windows) or dlsym (Linux/UNIX).

3.Once the function pointer is obtained, use the API to obtain a pointer called P11Functions that points to the static CK_FUNCTION_LIST structure in the library. This structure holds pointers to all the other PKCS11 API functions supported by the library.

At this point, if successful, PKCS11 APIs may be invoked like the following:

P11Functions->C_Initialize(...);  
P11Functions->C_GetSlotList(...);  
P11Functions->C_OpenSession(...);  
P11Functions->C_Login(...);  
P11Functions->C_GenerateKey(...);  
P11Functions->C_Encrypt(...);  
:  
:  
etc

4.The sample next attempts to get a function pointer to the Luna extension API CA_GetFunctionList using GetProcAddress (Windows) or dlsym (Linux/UNIX).

5.Once the function pointer is obtained, use the API to obtain a pointer called SfntFunctions that points to the static CK_SFNT_CA_FUNCTION_LIST structure in the library. This structure holds pointers to some but not all of the other Luna extension API functions supported by the library.

6.At this point, if successful, Luna extension APIs may be invoked like the following:

SfntFunctions->CA_GetHAState(...);   
:   
:   
etc.

7.A sample makefile is provided for 64-bit AIX

You can easily port to another platform with minor changes.

8.To build: make -f Makefile.aix.64

NOTE   Please note that this simple example loads the cryptoki library directly. If your application requires integration with cklog or ckshim, you will need to load the required library (see SDK General for naming on your platform) in lieu of cryptoki. cklog and ckshim will then use the Chrystoki configuration file to locate and load cryptoki. You also have the option of locating the cryptoki library by parsing the Chrystoki2 section of the Chrystoki config file. If you do this, then the initial library (cryptoki, cklog, or ckshim) can be changed by simply updating the configuration file.