From: Wolfgang Meyer zu Bergsten Date: Thu, 24 Oct 2013 09:14:38 +0000 (+0200) Subject: get random data from pkcs#11 tokens X-Git-Tag: gnutls_3_2_6~34 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2bd55546a22a63a4325883d43eb5dcfed8d86d47;p=thirdparty%2Fgnutls.git get random data from pkcs#11 tokens Signed-off-by: Wolfgang Meyer zu Bergsten --- diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 51bcab9685..d3e641b7f1 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -318,6 +318,11 @@ gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk, gnutls_datum_t * pubkey, unsigned int flags); +int +gnutls_pkcs11_token_get_random (const char* token_url, + void* data, + size_t len); + #ifdef __cplusplus } #endif diff --git a/lib/libgnutls.map b/lib/libgnutls.map index ef0497eb73..dbcacea370 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -924,6 +924,7 @@ GNUTLS_3_1_0 { gnutls_priority_cipher_list; gnutls_priority_kx_list; gnutls_record_set_timeout; + gnutls_pkcs11_token_get_random; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 1192c8bbe5..f1e1d29701 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3127,6 +3127,15 @@ pkcs11_set_pin (struct ck_function_list *module, return (module)->C_SetPIN (sess, (uint8_t*)old_pin, old_len, (uint8_t*)new_pin, new_len); } +ck_rv_t +pkcs11_get_random (struct ck_function_list *module, + ck_session_handle_t sess, + void * data, + size_t len) +{ + return (module)->C_GenerateRandom (sess, data, len); +} + const char * pkcs11_strerror (ck_rv_t rv) { diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 0afd7152d7..32d83cd250 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -278,6 +278,13 @@ pkcs11_set_pin (struct ck_function_list *module, const char *new_pin, unsigned long new_len); +ck_rv_t +pkcs11_get_random (struct ck_function_list *module, + ck_session_handle_t sess, + void *data, + size_t len); + + const char * pkcs11_strerror (ck_rv_t rv); diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 0af3f672ca..cbcd9f9d3c 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -832,3 +832,64 @@ finish: } +/** + * gnutls_pkcs11_token_get_random: + * @token_url: A PKCS #11 URL specifying a token + * @len: The number of bytes of randomness to request + * @rnddata: A pointer to the memory area to be filled with random data + * + * This function will get random data from the given token. + * It will store rnddata and fill the memory pointed to by rnddata with + * len random bytes from the token. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + **/ +int +gnutls_pkcs11_token_get_random (const char *token_url, + void *rnddata, + size_t len) +{ + int ret; + struct p11_kit_uri *info = NULL; + ck_rv_t rv; + unsigned int ses_flags; + struct pkcs11_session_info sinfo; + + memset(&sinfo, 0, sizeof(sinfo)); + + ret = pkcs11_url_to_info (token_url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ses_flags = 0; // randomness can be read without login in user session + + ret = pkcs11_open_session (&sinfo, NULL, info, ses_flags); + p11_kit_uri_free (info); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + rv = pkcs11_get_random(sinfo.module, sinfo.pks, rnddata, len); + if (rv != CKR_OK) + { + gnutls_assert(); + _gnutls_debug_log ("pkcs11: %s\n", pkcs11_strerror (rv)); + ret = pkcs11_rv_to_err (rv); + goto finish; + } + + ret = 0; + +finish: + pkcs11_close_session (&sinfo); + return ret; + +} +