[git] Scute - branch, master, updated. scute-1.3.0-59-gbc6c9e7
by Damien Goutte-Gattat
cvs at cvs.gnupg.org
Mon May 23 11:43:00 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PKCS#11 token on top of gpg-agent".
The branch, master has been updated
via bc6c9e746432f4005aef359a620660a9d35df791 (commit)
via 8d6099136c765b053d88c0a9a516804021503b00 (commit)
via 764de881a38da9b725652994145410b8676b586a (commit)
from dc7dff17066510ed4687a2bfdd16afded77f4d27 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bc6c9e746432f4005aef359a620660a9d35df791
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Apr 6 09:17:00 2016 +0200
Add test for C_GenerateRandom.
* tests/Makefile.am (TESTS): Add t-generaterandom test.
* tests/t-generaterandom.c: New file.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 644eeb0..6c19071 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -33,7 +33,7 @@ noinst_HEADERS = t-support.h
TESTS = t-link t-getfunctionlist t-initialize t-getinfo t-getslotlist \
t-getslotinfo t-gettokeninfo t-getmechanismlist t-getmechanisminfo \
t-opensession t-closeallsessions t-getsessioninfo \
- t-findobjects t-getattribute t-auth
+ t-findobjects t-getattribute t-auth t-generaterandom
noinst_PROGRAMS = $(TESTS)
diff --git a/tests/t-generaterandom.c b/tests/t-generaterandom.c
new file mode 100644
index 0000000..675138d
--- /dev/null
+++ b/tests/t-generaterandom.c
@@ -0,0 +1,105 @@
+/* t-generaterandom.c - Regression test.
+ Copyright (C) 2016 g10 Code GmbH
+
+ This file is part of Scute.
+
+ Scute is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ Scute is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Scute; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+ In addition, as a special exception, g10 Code GmbH gives permission
+ to link this library: with the Mozilla Foundation's code for
+ Mozilla (or with modified versions of it that use the same license
+ as the "Mozilla" code), and distribute the linked executables. You
+ must obey the GNU General Public License in all respects for all of
+ the code used other than "Mozilla". If you modify this file, you
+ may extend this exception to your version of the file, but you are
+ not obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version. */
+
+#include <stdio.h>
+#include <stdbool.h>
+
+#include "t-support.h"
+
+
+int
+main (int argc, char *argv[])
+{
+ CK_RV err;
+ CK_SLOT_ID_PTR slots;
+ CK_ULONG slots_count;
+ unsigned int i;
+
+ (void) argc;
+ (void) argv;
+
+ init_cryptoki ();
+
+ err = C_GetSlotList (true, NULL, &slots_count);
+ fail_if_err (err);
+
+ if (slots_count == 0)
+ {
+ printf ("Skipping test because no token is present.\n");
+ return 77;
+ }
+
+ printf ("Number of slots with tokens: %lu\n", slots_count);
+ slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
+ if (!slots)
+ fail_if_err (CKR_HOST_MEMORY);
+
+ err = C_GetSlotList (true, slots, &slots_count);
+ fail_if_err (err);
+
+ for (i = 0; i < slots_count; i++)
+ {
+ CK_TOKEN_INFO info;
+
+ printf ("%2i. Slot ID %lu\n", i, slots[i]);
+
+ err = C_GetTokenInfo (slots[i], &info);
+ fail_if_err (err);
+
+ if ((info.flags & CKF_RNG) > 0)
+ {
+ CK_SESSION_HANDLE session;
+ unsigned char buffer[16];
+ unsigned int j;
+
+ printf(" RNG available\n");
+
+ err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ fail_if_err (err);
+
+ printf (" Session ID: %lu\n", session);
+
+ err = C_GenerateRandom (session, buffer, sizeof(buffer));
+ fail_if_err (err);
+
+ printf (" Random bytes: 0x");
+ for (j = 0; j < sizeof(buffer); j++)
+ printf ("%02x", buffer[j]);
+ printf ("\n");
+
+ err = C_CloseSession (session);
+ fail_if_err (err);
+ }
+ else
+ printf (" No RNG available on token\n");
+ }
+
+ return 0;
+}
commit 8d6099136c765b053d88c0a9a516804021503b00
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Apr 6 09:16:59 2016 +0200
Check whether the card has a RNG.
* src/agent.c (learn_status_cb): Learn from the agent whether the
card supports GET CHALLENGE.
* src/agent.h (struct agent_card_info_s): New member rng_available.
* src/p11-gettokeninfo (C_GetTokenInfo): Set CKF_RNG flag.
* src/slots.c (slot_token_has_rng): New function.
* src/slots.h (slot_token_has_rng): New prototype.
Parse card capabilities
--
Now that C_GenerateRandom is implemented, we can inform the client
application that a RNG is available on the token.
But support for the GET CHALLENGE operation does not seem to be
mandatory as per the OpenPGP Card specification, so we should
first make sure that the inserted token does support it.
The code for parsing the EXTCAP line is taken from GnuPG, with
Werner's permission to reuse it under the same licensing terms as
the rest of Scute.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/src/agent.c b/src/agent.c
index e2ed31e..8fc48e0 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -846,6 +846,30 @@ learn_status_cb (void *opaque, const char *line)
}
}
}
+ else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
+ {
+ char *p, *p2, *buf;
+ int abool;
+
+ buf = p = unescape_status_string (line);
+ if (buf)
+ {
+ for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
+ {
+ p2 = strchr (p, '=');
+ if (p2)
+ {
+ *p2++ = 0;
+ abool = (*p2 == '1');
+ if (!strcmp (p, "gc"))
+ parm->rng_available = abool;
+ /* We're currently not interested in the
+ * other capabilities. */
+ }
+ }
+ free (buf);
+ }
+ }
return 0;
}
diff --git a/src/agent.h b/src/agent.h
index 6f3f6df..0d6bb30 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -73,6 +73,8 @@ struct agent_card_info_s
char grip1[41];
char grip2[41];
char grip3[41];
+ int rng_available; /* True if the GET CHALLENGE operation
+ is supported. */
};
diff --git a/src/p11-gettokeninfo.c b/src/p11-gettokeninfo.c
index 88d77be..c0a2417 100644
--- a/src/p11-gettokeninfo.c
+++ b/src/p11-gettokeninfo.c
@@ -72,8 +72,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)
pInfo->flags = CKF_TOKEN_INITIALIZED
| CKF_PROTECTED_AUTHENTICATION_PATH | CKF_WRITE_PROTECTED
| CKF_USER_PIN_INITIALIZED;
- /* FIXME: Support this later: CKF_RNG.
- FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
+
+ if (slot_token_has_rng (slot))
+ pInfo->flags |= CKF_RNG;
+
+ /* FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
FIXME: CKF_LOGIN_REQUIRED needed? We could implement login via
the "SCD CHECKPIN" command. I am not sure how this mixes with
CKF_PROTECTED_AUTHENTICATION_PATH.
diff --git a/src/slots.c b/src/slots.c
index 136d64e..810be0b 100644
--- a/src/slots.c
+++ b/src/slots.c
@@ -657,6 +657,15 @@ slot_get_id (slot_iterator_t slot)
return slot;
}
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool
+slot_token_has_rng (slot_iterator_t id)
+{
+ struct slot *slot = scute_table_data (slots, id);
+
+ return slot->info.rng_available;
+}
+
/* Mechanism management. */
diff --git a/src/slots.h b/src/slots.h
index e36be27..3624c55 100644
--- a/src/slots.h
+++ b/src/slots.h
@@ -116,6 +116,9 @@ void slot_token_pincount (slot_iterator_t id, int *max, int *len);
/* Return the ID of slot SLOT. */
CK_SLOT_ID slot_get_id (slot_iterator_t slot);
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool slot_token_has_rng (slot_iterator_t id);
+
/* Begin iterating over the list of mechanisms. If succeeds, will be
followed up by a slot_iterate_end. */
commit 764de881a38da9b725652994145410b8676b586a
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Apr 6 09:16:58 2016 +0200
Implement C_GenerateRandom.
* src/agent.c (scute_agent_get_random, get_challenge_data_cb):
New functions.
* src/agent.h (scute_agent_get_random): New prototype.
* src/p11-generaterandom.c (C_GenerateRandom): Implement feature.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/src/agent.c b/src/agent.c
index b51dc7e..e2ed31e 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -1281,6 +1281,42 @@ scute_agent_get_cert (int no, struct cert *cert)
return 0;
}
+struct random_request
+{
+ unsigned char *buffer;
+ size_t len;
+};
+
+gpg_error_t
+get_challenge_data_cb (void *opaque, const void *line, size_t len)
+{
+ struct random_request *request = opaque;
+
+ if (len != request->len)
+ return gpg_error (GPG_ERR_INV_LENGTH);
+
+ memcpy (request->buffer, line, len);
+
+ return 0;
+}
+
+gpg_error_t
+scute_agent_get_random (unsigned char *data, size_t len)
+{
+ char command[16];
+ gpg_error_t err;
+ struct random_request request;
+
+ snprintf (command, sizeof(command), "SCD RANDOM %lu", len);
+
+ request.buffer = data;
+ request.len = len;
+ err = assuan_transact (agent_ctx, command, get_challenge_data_cb,
+ &request, NULL, NULL, NULL, NULL);
+
+ return err;
+}
+
void
scute_agent_finalize (void)
diff --git a/src/agent.h b/src/agent.h
index 6ac479f..6f3f6df 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -113,4 +113,7 @@ gpg_error_t scute_agent_is_trusted (char *fpr, bool *is_trusted);
/* Try to get certificate for key numer NO. */
gpg_error_t scute_agent_get_cert (int no, struct cert *cert);
+/* Get random bytes from the card. */
+gpg_error_t scute_agent_get_random (unsigned char *data, size_t len);
+
#endif /* AGENT_H */
diff --git a/src/p11-generaterandom.c b/src/p11-generaterandom.c
index f192e9d..e8b20d9 100644
--- a/src/p11-generaterandom.c
+++ b/src/p11-generaterandom.c
@@ -33,14 +33,32 @@
#include "cryptoki.h"
+#include "locking.h"
+#include "slots.h"
+#include "agent.h"
+#include "error-mapping.h"
+
CK_DEFINE_FUNCTION(CK_RV, C_GenerateRandom)
(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData,
CK_ULONG ulRandomLen)
{
- /* FIXME: Implement me. */
- (void) hSession;
- (void) pRandomData;
- (void) ulRandomLen;
- return CKR_FUNCTION_NOT_SUPPORTED;
+ CK_RV err;
+ slot_iterator_t slot;
+ session_iterator_t session;
+
+ if (pRandomData == NULL_PTR)
+ return CKR_ARGUMENTS_BAD;
+
+ err = scute_global_lock ();
+ if (err)
+ return err;
+
+ err = slots_lookup_session (hSession, &slot, &session);
+ if (!err)
+ err = scute_gpg_err_to_ck (scute_agent_get_random (pRandomData,
+ ulRandomLen));
+
+ scute_global_unlock ();
+ return err;
}
-----------------------------------------------------------------------
Summary of changes:
src/agent.c | 60 ++++++++++++++++++++++
src/agent.h | 5 ++
src/p11-generaterandom.c | 28 ++++++++--
src/p11-gettokeninfo.c | 7 ++-
src/slots.c | 9 ++++
src/slots.h | 3 ++
tests/Makefile.am | 2 +-
tests/{t-getmechanismlist.c => t-generaterandom.c} | 45 ++++++++++------
8 files changed, 135 insertions(+), 24 deletions(-)
copy tests/{t-getmechanismlist.c => t-generaterandom.c} (69%)
hooks/post-receive
--
PKCS#11 token on top of gpg-agent
http://git.gnupg.org
More information about the Gnupg-commits
mailing list