don't use software prng
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2436 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
a1e2ac529d
commit
e09bdac57b
|
@ -1413,6 +1413,17 @@ kpgen_done:
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static CK_RV pkcs15_get_random(struct sc_pkcs11_card *p11card,
|
||||||
|
CK_BYTE_PTR p, CK_ULONG len)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) p11card->fw_data;
|
||||||
|
struct sc_card *card = fw_data->p15_card->card;
|
||||||
|
|
||||||
|
rc = sc_get_challenge(card, p, (size_t)len);
|
||||||
|
return sc_to_cryptoki_error(rc, p11card->reader);
|
||||||
|
}
|
||||||
|
|
||||||
struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
||||||
pkcs15_bind,
|
pkcs15_bind,
|
||||||
pkcs15_unbind,
|
pkcs15_unbind,
|
||||||
|
@ -1427,9 +1438,12 @@ struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
||||||
pkcs15_create_object,
|
pkcs15_create_object,
|
||||||
pkcs15_gen_keypair,
|
pkcs15_gen_keypair,
|
||||||
#else
|
#else
|
||||||
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
NULL
|
NULL
|
||||||
#endif
|
#endif
|
||||||
|
NULL, /* seed_random */
|
||||||
|
pkcs15_get_random
|
||||||
};
|
};
|
||||||
|
|
||||||
static CK_RV pkcs15_set_attrib(struct sc_pkcs11_session *session,
|
static CK_RV pkcs15_set_attrib(struct sc_pkcs11_session *session,
|
||||||
|
|
|
@ -120,43 +120,6 @@ sc_pkcs11_openssl_md_release(sc_pkcs11_operation_t *op)
|
||||||
op->priv_data = NULL;
|
op->priv_data = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV
|
|
||||||
sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *session,
|
|
||||||
CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
|
|
||||||
{
|
|
||||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
|
||||||
return CKR_RANDOM_NO_RNG;
|
|
||||||
|
|
||||||
if (pSeed == NULL || ulSeedLen == 0)
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
RAND_seed(pSeed, ulSeedLen);
|
|
||||||
|
|
||||||
return CKR_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_RV
|
|
||||||
sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *session,
|
|
||||||
CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen)
|
|
||||||
{
|
|
||||||
unsigned char seed[20];
|
|
||||||
int r;
|
|
||||||
|
|
||||||
if (!(session->slot->card->card->caps & SC_CARD_CAP_RNG))
|
|
||||||
return CKR_RANDOM_NO_RNG;
|
|
||||||
|
|
||||||
if (RandomData == NULL || ulRandomLen == 0)
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
r = sc_get_challenge(session->slot->card->card, RandomData, ulRandomLen);
|
|
||||||
if (r != 0) {
|
|
||||||
sc_error(context, "sc_get_challenge() returned %d\n", r);
|
|
||||||
return sc_to_cryptoki_error(r, session->slot->card->reader);
|
|
||||||
}
|
|
||||||
|
|
||||||
return r == 1 ? CKR_OK : CKR_FUNCTION_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_convert_bignum(sc_pkcs15_bignum_t *dst, BIGNUM *src)
|
do_convert_bignum(sc_pkcs15_bignum_t *dst, BIGNUM *src)
|
||||||
{
|
{
|
||||||
|
|
|
@ -918,8 +918,8 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_BYTE_PTR pSeed, /* the seed material */
|
CK_BYTE_PTR pSeed, /* the seed material */
|
||||||
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
CK_ULONG ulSeedLen) /* count of bytes of seed material */
|
||||||
{
|
{
|
||||||
#ifdef NEW_IMPLEMENTATION_COMPLETE
|
|
||||||
struct sc_pkcs11_session *session;
|
struct sc_pkcs11_session *session;
|
||||||
|
struct sc_pkcs11_slot *slot;
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
rv = sc_pkcs11_lock();
|
rv = sc_pkcs11_lock();
|
||||||
|
@ -927,22 +927,24 @@ CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||||
if (rv == CKR_OK)
|
if (rv == CKR_OK) {
|
||||||
rv = sc_pkcs11_openssl_add_seed_rand(session, pSeed, ulSeedLen);
|
slot = session->slot;
|
||||||
|
if (slot->card->framework->seed_random == NULL)
|
||||||
|
rv = CKR_FUNCTION_NOT_SUPPORTED;
|
||||||
|
else
|
||||||
|
rv = slot->card->framework->seed_random(slot->card, pSeed, ulSeedLen);
|
||||||
|
}
|
||||||
|
|
||||||
sc_pkcs11_unlock();
|
sc_pkcs11_unlock();
|
||||||
return rv;
|
return rv;
|
||||||
#else
|
|
||||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
CK_BYTE_PTR RandomData, /* receives the random data */
|
CK_BYTE_PTR RandomData, /* receives the random data */
|
||||||
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
CK_ULONG ulRandomLen) /* number of bytes to be generated */
|
||||||
{
|
{
|
||||||
#ifdef NEW_IMPLEMENTATION_COMPLETE
|
|
||||||
struct sc_pkcs11_session *session;
|
struct sc_pkcs11_session *session;
|
||||||
|
struct sc_pkcs11_slot *slot;
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
rv = sc_pkcs11_lock();
|
rv = sc_pkcs11_lock();
|
||||||
|
@ -950,14 +952,16 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||||
if (rv == CKR_OK)
|
if (rv == CKR_OK) {
|
||||||
rv = sc_pkcs11_openssl_add_gen_rand(session, RandomData, ulRandomLen);
|
slot = session->slot;
|
||||||
|
if (slot->card->framework->get_random == NULL)
|
||||||
|
rv = CKR_FUNCTION_NOT_SUPPORTED;
|
||||||
|
else
|
||||||
|
rv = slot->card->framework->get_random(slot->card, RandomData, ulRandomLen);
|
||||||
|
}
|
||||||
|
|
||||||
sc_pkcs11_unlock();
|
sc_pkcs11_unlock();
|
||||||
return rv;
|
return rv;
|
||||||
#else
|
|
||||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */
|
||||||
|
|
|
@ -174,9 +174,12 @@ struct sc_pkcs11_framework_ops {
|
||||||
CK_ATTRIBUTE_PTR pPubKeyTempl, CK_ULONG ulPubKeyAttrCnt,
|
CK_ATTRIBUTE_PTR pPubKeyTempl, CK_ULONG ulPubKeyAttrCnt,
|
||||||
CK_ATTRIBUTE_PTR pPrivKeyTempl, CK_ULONG ulPrivKeyAttrCnt,
|
CK_ATTRIBUTE_PTR pPrivKeyTempl, CK_ULONG ulPrivKeyAttrCnt,
|
||||||
CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey);
|
CK_OBJECT_HANDLE_PTR phPubKey, CK_OBJECT_HANDLE_PTR phPrivKey);
|
||||||
|
CK_RV (*seed_random)(struct sc_pkcs11_card *p11card,
|
||||||
|
CK_BYTE_PTR, CK_ULONG);
|
||||||
|
CK_RV (*get_random)(struct sc_pkcs11_card *p11card,
|
||||||
|
CK_BYTE_PTR, CK_ULONG);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PKCS#11 Slot (used to access card with specific framework data)
|
* PKCS#11 Slot (used to access card with specific framework data)
|
||||||
*/
|
*/
|
||||||
|
@ -419,8 +422,6 @@ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
/* Random generation functions */
|
/* Random generation functions */
|
||||||
CK_RV sc_pkcs11_openssl_add_seed_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
||||||
CK_RV sc_pkcs11_openssl_add_gen_rand(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
||||||
CK_RV sc_pkcs11_gen_keypair_soft(CK_KEY_TYPE keytype, CK_ULONG keybits,
|
CK_RV sc_pkcs11_gen_keypair_soft(CK_KEY_TYPE keytype, CK_ULONG keybits,
|
||||||
struct sc_pkcs15_prkey *privkey, struct sc_pkcs15_pubkey *pubkey);
|
struct sc_pkcs15_prkey *privkey, struct sc_pkcs15_pubkey *pubkey);
|
||||||
CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len,
|
CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len,
|
||||||
|
|
Loading…
Reference in New Issue