- Patches from Stef implementing PKCS11 RNG related functions
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@866 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
98e9561b5c
commit
a7551e1822
|
@ -19,7 +19,7 @@ all: install-headers install-headers-dir $(TARGET) $(TARGET2)
|
|||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||
|
||||
$(TARGET): $(OBJECTS)
|
||||
link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib winscard.lib
|
||||
link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\scrandom\scrandom.lib ..\pkcs15init\pkcs15init.lib winscard.lib
|
||||
|
||||
$(TARGET2): $(OBJECTS2)
|
||||
lib /nologo /machine:ix86 /out:$(TARGET2) $(OBJECTS2)
|
||||
|
|
|
@ -255,6 +255,8 @@ static void pkcs15_init_slot(struct sc_pkcs15_card *card,
|
|||
| CKF_WRITE_PROTECTED;
|
||||
if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD)
|
||||
slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
|
||||
if (card->card->caps & SC_CARD_CAP_RNG)
|
||||
slot->token_info.flags |= CKF_RNG;
|
||||
slot->fw_data = fw_data = (struct pkcs15_slot_data *) calloc(1, sizeof(*fw_data));
|
||||
fw_data->auth_obj = auth;
|
||||
|
||||
|
|
|
@ -156,6 +156,8 @@ pkcs15init_initialize(struct sc_pkcs11_card *p11card, void *ptr,
|
|||
for (id = 0; slot_get_slot(id, &slot) == CKR_OK; id++) {
|
||||
if (slot->card == p11card)
|
||||
slot->token_info.flags |= CKF_TOKEN_INITIALIZED;
|
||||
if (slot->card->card->caps & SC_CARD_CAP_RNG)
|
||||
slot->token_info.flags |= CKF_RNG;
|
||||
}
|
||||
|
||||
sc_pkcs15init_unbind(profile);
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
*/
|
||||
|
||||
#include "sc-pkcs11.h"
|
||||
#include "opensc/scrandom.h"
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
|
@ -58,6 +59,9 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
|
|||
sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
|
||||
}
|
||||
|
||||
static int rng_seeded = 0;
|
||||
|
||||
|
||||
/*
|
||||
* Handle OpenSSL digest functions
|
||||
*/
|
||||
|
@ -116,4 +120,53 @@ sc_pkcs11_openssl_md_release(sc_pkcs11_operation_t *op)
|
|||
op->priv_data = NULL;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *session,
|
||||
CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
|
||||
{
|
||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||
return CKR_RANDOM_NO_RNG;
|
||||
|
||||
if (pSeed == NULL || ulSeedLen == 0)
|
||||
return CKR_OK;
|
||||
|
||||
RAND_seed(pSeed, ulSeedLen);
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *session,
|
||||
CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen)
|
||||
{
|
||||
unsigned char seed[20];
|
||||
int r;
|
||||
|
||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||
return CKR_RANDOM_NO_RNG;
|
||||
|
||||
if (RandomData == NULL || ulRandomLen == 0)
|
||||
return CKR_OK;
|
||||
|
||||
if (scrandom_get_data(seed, 20) == -1) {
|
||||
error(context, "scrandom_get_data() failed\n");
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
RAND_seed(seed, 20);
|
||||
|
||||
if (rng_seeded == 0) {
|
||||
r = sc_get_challenge(session->slot->card->card, seed, 20);
|
||||
if (r != 0) {
|
||||
error(context, "sc_get_challenge() returned %d\n", r);
|
||||
return sc_to_cryptoki_error(r, session->slot->card->reader);
|
||||
}
|
||||
rng_seeded = 1;
|
||||
}
|
||||
RAND_seed(seed, 20);
|
||||
|
||||
r = RAND_bytes(RandomData, ulRandomLen);
|
||||
|
||||
return r == 1 ? CKR_OK : CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
@ -725,14 +725,36 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
CK_BYTE_PTR pSeed, /* the seed material */
|
||||
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
||||
{
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#ifdef HAVE_OPENSSL
|
||||
struct sc_pkcs11_session *session;
|
||||
int rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
return sc_pkcs11_openssl_add_seed_rand(session, pSeed, ulSeedLen);
|
||||
#else
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||
CK_BYTE_PTR RandomData, /* receives the random data */
|
||||
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
||||
{
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#ifdef HAVE_OPENSSL
|
||||
struct sc_pkcs11_session *session;
|
||||
int rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
return sc_pkcs11_openssl_add_gen_rand(session, RandomData, ulRandomLen);
|
||||
#else
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
||||
|
|
|
@ -357,6 +357,12 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
|||
CK_MECHANISM_TYPE, CK_MECHANISM_TYPE,
|
||||
sc_pkcs11_mechanism_type_t *);
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
/* Random generation functions */
|
||||
CK_RV sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||
CK_RV sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||
#endif
|
||||
|
||||
/* Load configuration defaults */
|
||||
void load_pkcs11_parameters(struct sc_pkcs11_config *, struct sc_context *);
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ OBJECTS = scrandom.obj
|
|||
all: install-headers $(TARGET)
|
||||
|
||||
$(TARGET): $(OBJECTS)
|
||||
lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS)
|
||||
lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS) advapi32.lib
|
||||
|
||||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||
|
||||
|
|
|
@ -111,7 +111,7 @@ struct mech_info {
|
|||
|
||||
static void show_cryptoki_info(void);
|
||||
static void list_slots(void);
|
||||
static void show_slot(CK_SLOT_ID);
|
||||
static void show_token(CK_SLOT_ID);
|
||||
static void list_mechs(CK_SLOT_ID);
|
||||
static void list_objects(CK_SESSION_HANDLE);
|
||||
static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||
|
@ -393,12 +393,13 @@ list_slots(void)
|
|||
info.firmwareVersion.minor);
|
||||
printf(" flags: %s\n", p11_slot_info_flags(info.flags));
|
||||
}
|
||||
show_slot(p11_slots[n]);
|
||||
if (info.flags & CKF_TOKEN_PRESENT)
|
||||
show_token(p11_slots[n]);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
show_slot(CK_SLOT_ID slot)
|
||||
show_token(CK_SLOT_ID slot)
|
||||
{
|
||||
CK_TOKEN_INFO info;
|
||||
|
||||
|
@ -1239,11 +1240,71 @@ test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
|||
return errors;
|
||||
}
|
||||
|
||||
static int
|
||||
test_random(CK_SESSION_HANDLE session)
|
||||
{
|
||||
CK_BYTE buf1[100], buf2[100];
|
||||
CK_BYTE seed1[100];
|
||||
CK_RV rv;
|
||||
int errors = 0;
|
||||
|
||||
printf("C_SeedRandom() and C_GenerateRandom():\n");
|
||||
|
||||
rv = p11->C_SeedRandom(session, seed1, 10);
|
||||
if (rv == CKR_RANDOM_NO_RNG) {
|
||||
printf(" not implemented\n");
|
||||
return 0;
|
||||
}
|
||||
if (rv == CKR_RANDOM_SEED_NOT_SUPPORTED) {
|
||||
printf(" seeding (C_SeedRandom) not supported\n");
|
||||
return 0;
|
||||
}
|
||||
if (rv != CKR_OK) {
|
||||
printf(" ERR: C_SeedRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||
return 1;
|
||||
}
|
||||
|
||||
rv = p11->C_GenerateRandom(session, buf1, 10);
|
||||
if (rv != CKR_OK) {
|
||||
printf(" ERR: C_GenerateRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||
return 1;
|
||||
}
|
||||
|
||||
rv = p11->C_GenerateRandom(session, buf1, 100);
|
||||
if (rv != CKR_OK) {
|
||||
printf(" ERR: C_GenerateRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||
return 1;
|
||||
}
|
||||
|
||||
rv = p11->C_GenerateRandom(session, buf1, 0);
|
||||
if (rv != CKR_OK) {
|
||||
printf(" ERR: C_GenerateRandom(,,0) returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||
return 1;
|
||||
}
|
||||
|
||||
rv = p11->C_GenerateRandom(session, NULL, 100);
|
||||
if (rv != CKR_OK) {
|
||||
printf(" ERR: C_GenerateRandom(,NULL,) returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (memcmp(buf1, buf2, 100) == 0) {
|
||||
printf(" ERR: C_GenerateRandom returned twice the same value!!!\n");
|
||||
errors++;
|
||||
}
|
||||
|
||||
printf(" seems to be OK\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
p11_test(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||
{
|
||||
int errors = 0;
|
||||
|
||||
errors += test_random(session);
|
||||
|
||||
errors += test_digest(slot);
|
||||
|
||||
errors += test_signature(slot, session);
|
||||
|
|
Loading…
Reference in New Issue