C_OpenSession

This function operates as specified in PKCS#11 with the following exceptions:

>The Notify parameter is ignored.

>The CKF_SERIAL_SESSION flag is ignored.

>PKCS#11 states “If the application calling C_OpenSession already has a R/W SO session open with the token, then any attempt to open a R/O session with the token fails with error code CKR_SESSION_READ_WRITE_SO_EXISTS” this is not enforced with SafeNet ProtectToolkit-C.

Synopsis

C_OpenSession(

        CK_SLOT_ID slotID,
        CK_FLAGS flags,
        CK_VOID_PTR pApplication,
        CK_NOTIFY Notify,
        CK_SESSION_HANDLE_PTR phSession
); 

Operation in WLD Mode

When SafeNet ProtectToolkit is configured to operate in WLD mode, the first C_OpenSession() call selects a random token from the list of available WLD tokens to open the session with. Subsequent C_OpenSession() calls, randomly select a token from those with the least number of sessions.

If successful, a WLD session handle is returned. The WLD session handle is internally mapped to the appropriate HSM token and session handle.

If unsuccessful, for ANY reason, another token is chosen and SafeNet ProtectToolkit-C retries to open a session utilizing this token. This is repeated until either a session is opened successfully or no more tokens are available. 

If the HSM token used did not result in a session opening successfully for one of the following error conditions, the token will no longer be considered for WLD for the life of the application:

>CKR_GENERAL_ERROR

>CKR_DEVICE_ERROR

>CKR_MESSAGE_ERROR number space (SafeNet vendor defined)

NOTE   When the any of the above error conditions are detected C_OpenSession() will not return the associated error code as SafeNet ProtectToolkit-C will retry to open a session using another token until all tokens are exhausted. If there are no tokens available the error CKR_TOKEN_NOT_PRESENT are returned.