[PATCH 2/3] Check whether the card has a RNG.
Damien Goutte-Gattat
dgouttegattat at incenp.org
Tue Mar 29 16:44:38 CEST 2016
* src/agent.c (learn_status_cb): Learn from the agent whether the
card supports GET CHALLENGE.
* src/agent.h (struct agent_card_info_s): New member rng_available.
* src/p11-gettokeninfo (C_GetTokenInfo): Set CKF_RNG flag.
* src/slots.c (slot_token_has_rng): New function.
* src/slots.h (slot_token_has_rng): New prototype.
--
Now that C_GenerateRandom is implemented, we can inform the client
application that a RNG is available on the token.
But support for the GET CHALLENGE operation does not seem to be
mandatory as per the OpenPGP Card specification, so we should
first make sure that the inserted token does support it.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
src/agent.c | 6 ++++++
src/agent.h | 2 ++
src/p11-gettokeninfo.c | 7 +++++--
src/slots.c | 9 +++++++++
src/slots.h | 3 +++
5 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index 4306f93..9a75bf8 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -846,6 +846,12 @@ learn_status_cb (void *opaque, const char *line)
}
}
}
+ else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
+ {
+ /* FIXME: Should we parse the line properly instead of assuming
+ that the gc capability will always be at the beginning? */
+ sscanf (line, "gc=%d", &(parm->rng_available));
+ }
return 0;
}
diff --git a/src/agent.h b/src/agent.h
index 6f3f6df..0d6bb30 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -73,6 +73,8 @@ struct agent_card_info_s
char grip1[41];
char grip2[41];
char grip3[41];
+ int rng_available; /* True if the GET CHALLENGE operation
+ is supported. */
};
diff --git a/src/p11-gettokeninfo.c b/src/p11-gettokeninfo.c
index 88d77be..c0a2417 100644
--- a/src/p11-gettokeninfo.c
+++ b/src/p11-gettokeninfo.c
@@ -72,8 +72,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)
pInfo->flags = CKF_TOKEN_INITIALIZED
| CKF_PROTECTED_AUTHENTICATION_PATH | CKF_WRITE_PROTECTED
| CKF_USER_PIN_INITIALIZED;
- /* FIXME: Support this later: CKF_RNG.
- FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
+
+ if (slot_token_has_rng (slot))
+ pInfo->flags |= CKF_RNG;
+
+ /* FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
FIXME: CKF_LOGIN_REQUIRED needed? We could implement login via
the "SCD CHECKPIN" command. I am not sure how this mixes with
CKF_PROTECTED_AUTHENTICATION_PATH.
diff --git a/src/slots.c b/src/slots.c
index 136d64e..810be0b 100644
--- a/src/slots.c
+++ b/src/slots.c
@@ -657,6 +657,15 @@ slot_get_id (slot_iterator_t slot)
return slot;
}
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool
+slot_token_has_rng (slot_iterator_t id)
+{
+ struct slot *slot = scute_table_data (slots, id);
+
+ return slot->info.rng_available;
+}
+
/* Mechanism management. */
diff --git a/src/slots.h b/src/slots.h
index e36be27..3624c55 100644
--- a/src/slots.h
+++ b/src/slots.h
@@ -116,6 +116,9 @@ void slot_token_pincount (slot_iterator_t id, int *max, int *len);
/* Return the ID of slot SLOT. */
CK_SLOT_ID slot_get_id (slot_iterator_t slot);
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool slot_token_has_rng (slot_iterator_t id);
+
/* Begin iterating over the list of mechanisms. If succeeds, will be
followed up by a slot_iterate_end. */
--
2.7.4
More information about the Gnupg-devel
mailing list