- Patches from Stef implementing PKCS11 RNG related functions
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@866 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
98e9561b5c
commit
a7551e1822
|
@ -19,7 +19,7 @@ all: install-headers install-headers-dir $(TARGET) $(TARGET2)
|
||||||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||||
|
|
||||||
$(TARGET): $(OBJECTS)
|
$(TARGET): $(OBJECTS)
|
||||||
link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\pkcs15init\pkcs15init.lib winscard.lib
|
link $(LINKFLAGS) /dll /out:$(TARGET) $(OBJECTS) ..\libopensc\opensc.lib ..\scconf\scconf.lib ..\scrandom\scrandom.lib ..\pkcs15init\pkcs15init.lib winscard.lib
|
||||||
|
|
||||||
$(TARGET2): $(OBJECTS2)
|
$(TARGET2): $(OBJECTS2)
|
||||||
lib /nologo /machine:ix86 /out:$(TARGET2) $(OBJECTS2)
|
lib /nologo /machine:ix86 /out:$(TARGET2) $(OBJECTS2)
|
||||||
|
|
|
@ -255,6 +255,8 @@ static void pkcs15_init_slot(struct sc_pkcs15_card *card,
|
||||||
| CKF_WRITE_PROTECTED;
|
| CKF_WRITE_PROTECTED;
|
||||||
if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD)
|
if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD)
|
||||||
slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
|
slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
|
||||||
|
if (card->card->caps & SC_CARD_CAP_RNG)
|
||||||
|
slot->token_info.flags |= CKF_RNG;
|
||||||
slot->fw_data = fw_data = (struct pkcs15_slot_data *) calloc(1, sizeof(*fw_data));
|
slot->fw_data = fw_data = (struct pkcs15_slot_data *) calloc(1, sizeof(*fw_data));
|
||||||
fw_data->auth_obj = auth;
|
fw_data->auth_obj = auth;
|
||||||
|
|
||||||
|
|
|
@ -156,6 +156,8 @@ pkcs15init_initialize(struct sc_pkcs11_card *p11card, void *ptr,
|
||||||
for (id = 0; slot_get_slot(id, &slot) == CKR_OK; id++) {
|
for (id = 0; slot_get_slot(id, &slot) == CKR_OK; id++) {
|
||||||
if (slot->card == p11card)
|
if (slot->card == p11card)
|
||||||
slot->token_info.flags |= CKF_TOKEN_INITIALIZED;
|
slot->token_info.flags |= CKF_TOKEN_INITIALIZED;
|
||||||
|
if (slot->card->card->caps & SC_CARD_CAP_RNG)
|
||||||
|
slot->token_info.flags |= CKF_RNG;
|
||||||
}
|
}
|
||||||
|
|
||||||
sc_pkcs15init_unbind(profile);
|
sc_pkcs15init_unbind(profile);
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "sc-pkcs11.h"
|
#include "sc-pkcs11.h"
|
||||||
|
#include "opensc/scrandom.h"
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
@ -58,6 +59,9 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
|
||||||
sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
|
sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int rng_seeded = 0;
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Handle OpenSSL digest functions
|
* Handle OpenSSL digest functions
|
||||||
*/
|
*/
|
||||||
|
@ -116,4 +120,53 @@ sc_pkcs11_openssl_md_release(sc_pkcs11_operation_t *op)
|
||||||
op->priv_data = NULL;
|
op->priv_data = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CK_RV
|
||||||
|
sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *session,
|
||||||
|
CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
|
||||||
|
{
|
||||||
|
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||||
|
return CKR_RANDOM_NO_RNG;
|
||||||
|
|
||||||
|
if (pSeed == NULL || ulSeedLen == 0)
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
|
RAND_seed(pSeed, ulSeedLen);
|
||||||
|
|
||||||
|
return CKR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
CK_RV
|
||||||
|
sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *session,
|
||||||
|
CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen)
|
||||||
|
{
|
||||||
|
unsigned char seed[20];
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||||
|
return CKR_RANDOM_NO_RNG;
|
||||||
|
|
||||||
|
if (RandomData == NULL || ulRandomLen == 0)
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
|
if (scrandom_get_data(seed, 20) == -1) {
|
||||||
|
error(context, "scrandom_get_data() failed\n");
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
RAND_seed(seed, 20);
|
||||||
|
|
||||||
|
if (rng_seeded == 0) {
|
||||||
|
r = sc_get_challenge(session->slot->card->card, seed, 20);
|
||||||
|
if (r != 0) {
|
||||||
|
error(context, "sc_get_challenge() returned %d\n", r);
|
||||||
|
return sc_to_cryptoki_error(r, session->slot->card->reader);
|
||||||
|
}
|
||||||
|
rng_seeded = 1;
|
||||||
|
}
|
||||||
|
RAND_seed(seed, 20);
|
||||||
|
|
||||||
|
r = RAND_bytes(RandomData, ulRandomLen);
|
||||||
|
|
||||||
|
return r == 1 ? CKR_OK : CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -725,14 +725,36 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_BYTE_PTR pSeed, /* the seed material */
|
CK_BYTE_PTR pSeed, /* the seed material */
|
||||||
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
||||||
{
|
{
|
||||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
#ifdef HAVE_OPENSSL
|
||||||
|
struct sc_pkcs11_session *session;
|
||||||
|
int rv;
|
||||||
|
|
||||||
|
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
return rv;
|
||||||
|
|
||||||
|
return sc_pkcs11_openssl_add_seed_rand(session, pSeed, ulSeedLen);
|
||||||
|
#else
|
||||||
|
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_BYTE_PTR RandomData, /* receives the random data */
|
CK_BYTE_PTR RandomData, /* receives the random data */
|
||||||
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
||||||
{
|
{
|
||||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
#ifdef HAVE_OPENSSL
|
||||||
|
struct sc_pkcs11_session *session;
|
||||||
|
int rv;
|
||||||
|
|
||||||
|
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
return rv;
|
||||||
|
|
||||||
|
return sc_pkcs11_openssl_add_gen_rand(session, RandomData, ulRandomLen);
|
||||||
|
#else
|
||||||
|
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
||||||
|
|
|
@ -357,6 +357,12 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
||||||
CK_MECHANISM_TYPE, CK_MECHANISM_TYPE,
|
CK_MECHANISM_TYPE, CK_MECHANISM_TYPE,
|
||||||
sc_pkcs11_mechanism_type_t *);
|
sc_pkcs11_mechanism_type_t *);
|
||||||
|
|
||||||
|
#ifdef HAVE_OPENSSL
|
||||||
|
/* Random generation functions */
|
||||||
|
CK_RV sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||||
|
CK_RV sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Load configuration defaults */
|
/* Load configuration defaults */
|
||||||
void load_pkcs11_parameters(struct sc_pkcs11_config *, struct sc_context *);
|
void load_pkcs11_parameters(struct sc_pkcs11_config *, struct sc_context *);
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ OBJECTS = scrandom.obj
|
||||||
all: install-headers $(TARGET)
|
all: install-headers $(TARGET)
|
||||||
|
|
||||||
$(TARGET): $(OBJECTS)
|
$(TARGET): $(OBJECTS)
|
||||||
lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS)
|
lib /nologo /machine:ix86 /out:$(TARGET) $(OBJECTS) advapi32.lib
|
||||||
|
|
||||||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||||
|
|
||||||
|
|
|
@ -111,7 +111,7 @@ struct mech_info {
|
||||||
|
|
||||||
static void show_cryptoki_info(void);
|
static void show_cryptoki_info(void);
|
||||||
static void list_slots(void);
|
static void list_slots(void);
|
||||||
static void show_slot(CK_SLOT_ID);
|
static void show_token(CK_SLOT_ID);
|
||||||
static void list_mechs(CK_SLOT_ID);
|
static void list_mechs(CK_SLOT_ID);
|
||||||
static void list_objects(CK_SESSION_HANDLE);
|
static void list_objects(CK_SESSION_HANDLE);
|
||||||
static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
|
@ -393,12 +393,13 @@ list_slots(void)
|
||||||
info.firmwareVersion.minor);
|
info.firmwareVersion.minor);
|
||||||
printf(" flags: %s\n", p11_slot_info_flags(info.flags));
|
printf(" flags: %s\n", p11_slot_info_flags(info.flags));
|
||||||
}
|
}
|
||||||
show_slot(p11_slots[n]);
|
if (info.flags & CKF_TOKEN_PRESENT)
|
||||||
|
show_token(p11_slots[n]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
show_slot(CK_SLOT_ID slot)
|
show_token(CK_SLOT_ID slot)
|
||||||
{
|
{
|
||||||
CK_TOKEN_INFO info;
|
CK_TOKEN_INFO info;
|
||||||
|
|
||||||
|
@ -1239,11 +1240,71 @@ test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
test_random(CK_SESSION_HANDLE session)
|
||||||
|
{
|
||||||
|
CK_BYTE buf1[100], buf2[100];
|
||||||
|
CK_BYTE seed1[100];
|
||||||
|
CK_RV rv;
|
||||||
|
int errors = 0;
|
||||||
|
|
||||||
|
printf("C_SeedRandom() and C_GenerateRandom():\n");
|
||||||
|
|
||||||
|
rv = p11->C_SeedRandom(session, seed1, 10);
|
||||||
|
if (rv == CKR_RANDOM_NO_RNG) {
|
||||||
|
printf(" not implemented\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (rv == CKR_RANDOM_SEED_NOT_SUPPORTED) {
|
||||||
|
printf(" seeding (C_SeedRandom) not supported\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
printf(" ERR: C_SeedRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = p11->C_GenerateRandom(session, buf1, 10);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
printf(" ERR: C_GenerateRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = p11->C_GenerateRandom(session, buf1, 100);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
printf(" ERR: C_GenerateRandom returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = p11->C_GenerateRandom(session, buf1, 0);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
printf(" ERR: C_GenerateRandom(,,0) returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = p11->C_GenerateRandom(session, NULL, 100);
|
||||||
|
if (rv != CKR_OK) {
|
||||||
|
printf(" ERR: C_GenerateRandom(,NULL,) returned %s (0x%0x)\n", CKR2Str(rv), rv);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (memcmp(buf1, buf2, 100) == 0) {
|
||||||
|
printf(" ERR: C_GenerateRandom returned twice the same value!!!\n");
|
||||||
|
errors++;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf(" seems to be OK\n");
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
p11_test(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
p11_test(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
{
|
{
|
||||||
int errors = 0;
|
int errors = 0;
|
||||||
|
|
||||||
|
errors += test_random(session);
|
||||||
|
|
||||||
errors += test_digest(slot);
|
errors += test_digest(slot);
|
||||||
|
|
||||||
errors += test_signature(slot, session);
|
errors += test_signature(slot, session);
|
||||||
|
|
Loading…
Reference in New Issue