]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
get random data from pkcs#11 tokens
authorWolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
Thu, 24 Oct 2013 09:14:38 +0000 (11:14 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 25 Oct 2013 18:10:34 +0000 (20:10 +0200)
Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
lib/includes/gnutls/pkcs11.h
lib/libgnutls.map
lib/pkcs11.c
lib/pkcs11_int.h
lib/pkcs11_write.c

index 51bcab968509e11c79431cc66eec6691a7ffb452..d3e641b7f18029d74d5477d60f473c571466d01a 100644 (file)
@@ -318,6 +318,11 @@ gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk,
                                 gnutls_datum_t * pubkey,
                                 unsigned int flags);
 
+int
+gnutls_pkcs11_token_get_random (const char* token_url,
+                                void* data,
+                                size_t len);
+
 #ifdef __cplusplus
 }
 #endif
index ef0497eb73b847a3c414333b4d0ada72a1191bb4..dbcacea370cfcb96772b238c5af15d979df45cb3 100644 (file)
@@ -924,6 +924,7 @@ GNUTLS_3_1_0 {
        gnutls_priority_cipher_list;
        gnutls_priority_kx_list;
        gnutls_record_set_timeout;
+       gnutls_pkcs11_token_get_random;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {
index 1192c8bbe5f004dc4d0403808593212f7a220e77..f1e1d297015ce01f4f663d9c3fc871635a36550f 100644 (file)
@@ -3127,6 +3127,15 @@ pkcs11_set_pin (struct ck_function_list *module,
        return (module)->C_SetPIN (sess, (uint8_t*)old_pin, old_len, (uint8_t*)new_pin, new_len);
 }
 
+ck_rv_t
+pkcs11_get_random (struct ck_function_list *module,
+                   ck_session_handle_t sess,
+                   void * data,
+                   size_t len)
+{
+       return (module)->C_GenerateRandom (sess, data, len);
+}
+
 const char *
 pkcs11_strerror (ck_rv_t rv)
 {
index 0afd7152d788d70426371e13e1d8f7b9105df817..32d83cd250a577347dcc47f799240b0eae8eede0 100644 (file)
@@ -278,6 +278,13 @@ pkcs11_set_pin (struct ck_function_list *module,
                 const char *new_pin,
                 unsigned long new_len);
 
+ck_rv_t
+pkcs11_get_random (struct ck_function_list *module,
+                   ck_session_handle_t sess,
+                   void *data,
+                   size_t len);
+                   
+
 const char *
 pkcs11_strerror (ck_rv_t rv);
 
index 0af3f672ca21fcf9da9ce17efbdef65e87df0973..cbcd9f9d3c7e910432b0ae9be24ecdc12d0419ac 100644 (file)
@@ -832,3 +832,64 @@ finish:
 
 }
 
+/**
+ * gnutls_pkcs11_token_get_random:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @len:       The number of bytes of randomness to request
+ * @rnddata:   A pointer to the memory area to be filled with random data
+ *
+ * This function will get random data from the given token.
+ * It will store rnddata and fill the memory pointed to by rnddata with
+ * len random bytes from the token.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ **/
+int
+gnutls_pkcs11_token_get_random (const char *token_url,
+                                void *rnddata,
+                                size_t len)
+{
+  int ret;
+  struct p11_kit_uri *info = NULL;
+  ck_rv_t rv;
+  unsigned int ses_flags;
+  struct pkcs11_session_info sinfo;
+
+  memset(&sinfo, 0, sizeof(sinfo));
+
+  ret = pkcs11_url_to_info (token_url, &info);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      return ret;
+    }
+
+  ses_flags = 0; // randomness can be read without login in user session
+
+  ret = pkcs11_open_session (&sinfo, NULL, info, ses_flags);
+  p11_kit_uri_free (info);
+
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      return ret;
+    }
+
+  rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len);
+  if (rv != CKR_OK)
+    {
+      gnutls_assert();
+      _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv));
+      ret = pkcs11_rv_to_err (rv);
+      goto finish;
+    }
+
+  ret = 0;
+
+finish:
+  pkcs11_close_session (&sinfo);
+  return ret;
+
+}
+