don't use software prng
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2436 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
nils
parent
a1e2ac529d
commit
e09bdac57b
|
|
@ -1413,6 +1413,17 @@ kpgen_done:
|
|||
}
|
||||
#endif
|
||||
|
||||
static CK_RV pkcs15_get_random(struct sc_pkcs11_card *p11card,
|
||||
CK_BYTE_PTR p, CK_ULONG len)
|
||||
{
|
||||
int rc;
|
||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||
struct sc_card *card = fw_data->p15_card->card;
|
||||
|
||||
rc = sc_get_challenge(card, p, (size_t)len);
|
||||
return sc_to_cryptoki_error(rc, p11card->reader);
|
||||
}
|
||||
|
||||
struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
||||
pkcs15_bind,
|
||||
pkcs15_unbind,
|
||||
|
|
@ -1427,9 +1438,12 @@ struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
|||
pkcs15_create_object,
|
||||
pkcs15_gen_keypair,
|
||||
#else
|
||||
NULL,
|
||||
NULL,
|
||||
NULL
|
||||
#endif
|
||||
NULL, /* seed_random */
|
||||
pkcs15_get_random
|
||||
};
|
||||
|
||||
static CK_RV pkcs15_set_attrib(struct sc_pkcs11_session *session,
|
||||
|
|
|
|||
|
|
@ -120,43 +120,6 @@ sc_pkcs11_openssl_md_release(sc_pkcs11_operation_t *op)
|
|||
op->priv_data = NULL;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *session,
|
||||
CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
|
||||
{
|
||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||
return CKR_RANDOM_NO_RNG;
|
||||
|
||||
if (pSeed == NULL || ulSeedLen == 0)
|
||||
return CKR_OK;
|
||||
|
||||
RAND_seed(pSeed, ulSeedLen);
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *session,
|
||||
CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen)
|
||||
{
|
||||
unsigned char seed[20];
|
||||
int r;
|
||||
|
||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
||||
return CKR_RANDOM_NO_RNG;
|
||||
|
||||
if (RandomData == NULL || ulRandomLen == 0)
|
||||
return CKR_OK;
|
||||
|
||||
r = sc_get_challenge(session->slot->card->card, RandomData, ulRandomLen);
|
||||
if (r != 0) {
|
||||
sc_error(context, "sc_get_challenge() returned %d\n", r);
|
||||
return sc_to_cryptoki_error(r, session->slot->card->reader);
|
||||
}
|
||||
|
||||
return r == 1 ? CKR_OK : CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
static int
|
||||
do_convert_bignum(sc_pkcs15_bignum_t *dst, BIGNUM *src)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -918,8 +918,8 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
CK_BYTE_PTR pSeed, /* the seed material */
|
||||
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
||||
{
|
||||
#ifdef NEW_IMPLEMENTATION_COMPLETE
|
||||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
int rv;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
|
|
@ -927,22 +927,24 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
return rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv == CKR_OK)
|
||||
rv = sc_pkcs11_openssl_add_seed_rand(session, pSeed, ulSeedLen);
|
||||
if (rv == CKR_OK) {
|
||||
slot = session->slot;
|
||||
if (slot->card->framework->seed_random == NULL)
|
||||
rv = CKR_FUNCTION_NOT_SUPPORTED;
|
||||
else
|
||||
rv = slot->card->framework->seed_random(slot->card, pSeed, ulSeedLen);
|
||||
}
|
||||
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
#else
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||
CK_BYTE_PTR RandomData, /* receives the random data */
|
||||
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
||||
{
|
||||
#ifdef NEW_IMPLEMENTATION_COMPLETE
|
||||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_slot *slot;
|
||||
int rv;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
|
|
@ -950,14 +952,16 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
return rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv == CKR_OK)
|
||||
rv = sc_pkcs11_openssl_add_gen_rand(session, RandomData, ulRandomLen);
|
||||
if (rv == CKR_OK) {
|
||||
slot = session->slot;
|
||||
if (slot->card->framework->get_random == NULL)
|
||||
rv = CKR_FUNCTION_NOT_SUPPORTED;
|
||||
else
|
||||
rv = slot->card->framework->get_random(slot->card, RandomData, ulRandomLen);
|
||||
}
|
||||
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
#else
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
||||
|
|
|
|||
|
|
@ -174,9 +174,12 @@ struct sc_pkcs11_framework_ops {
|
|||
CK_ATTRIBUTE_PTR pPubKeyTempl, CK_ULONG ulPubKeyAttrCnt,
|
||||
CK_ATTRIBUTE_PTR pPrivKeyTempl, CK_ULONG ulPrivKeyAttrCnt,
|
||||
CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey);
|
||||
CK_RV (*seed_random)(struct sc_pkcs11_card *p11card,
|
||||
CK_BYTE_PTR, CK_ULONG);
|
||||
CK_RV (*get_random)(struct sc_pkcs11_card *p11card,
|
||||
CK_BYTE_PTR, CK_ULONG);
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
* PKCS#11 Slot (used to access card with specific framework data)
|
||||
*/
|
||||
|
|
@ -419,8 +422,6 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
|||
|
||||
#ifdef HAVE_OPENSSL
|
||||
/* Random generation functions */
|
||||
CK_RV sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||
CK_RV sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
||||
CK_RV sc_pkcs11_gen_keypair_soft(CK_KEY_TYPE keytype, CK_ULONG keybits,
|
||||
struct sc_pkcs15_prkey *privkey, struct sc_pkcs15_pubkey *pubkey);
|
||||
CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len,
|
||||
|
|
|
|||
Loading…
Reference in New Issue