diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-27 18:07:54 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 13:54:42 +0200 |
commit | 98aef258ac83312449d59adf8e75932df4c7e9be (patch) | |
tree | 13f005a7c3bdc492f37718e9e6cbfa645dc96690 /lib | |
parent | acb99354b29c7f9a3e913904cd046f28e2b1012d (diff) | |
download | gnutls-98aef258ac83312449d59adf8e75932df4c7e9be.tar.gz |
gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 5 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 | ||||
-rw-r--r-- | lib/pkcs11.c | 61 | ||||
-rw-r--r-- | lib/pkcs11_int.c | 10 | ||||
-rw-r--r-- | lib/pkcs11_int.h | 6 |
5 files changed, 83 insertions, 0 deletions
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 8741f96322..1ea635ed73 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -357,6 +357,11 @@ gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx, unsigned long *mechanism); +unsigned +gnutls_pkcs11_token_check_mechanism(const char *url, + unsigned long mechanism, + void *ptr, unsigned psize, unsigned flags); + int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pin_flag_t */); int gnutls_pkcs11_token_get_url(unsigned int seq, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 5e1ea798a8..4ed21f8fa1 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1171,6 +1171,7 @@ GNUTLS_3_4 gnutls_group_list; gnutls_group_get; gnutls_priority_group_list; + gnutls_pkcs11_token_check_mechanism; local: *; }; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 4d7eb69f91..52836fece8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3470,7 +3470,68 @@ gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx, *mechanism = mlist[idx]; return 0; +} + +/** + * gnutls_pkcs11_token_check_mechanism: + * @url: should contain a PKCS 11 URL + * @mechanism: The PKCS #11 mechanism ID + * @ptr: if set it should point to a CK_MECHANISM_INFO struct + * @psize: the size of CK_MECHANISM_INFO struct (for safety) + * @flags: must be zero + * + * This function will return whether a mechanism is supported + * by the given token. If the mechanism is supported and + * @ptr is set, it will be updated with the token information. + * + * Returns: Non-zero if the mechanism is supported or zero otherwise. + * + * Since: 3.6.0 + **/ +unsigned +gnutls_pkcs11_token_check_mechanism(const char *url, + unsigned long mechanism, + void *ptr, unsigned psize, unsigned flags) +{ + int ret; + ck_rv_t rv; + struct ck_function_list *module; + ck_slot_id_t slot; + struct ck_token_info tinfo; + struct p11_kit_uri *info = NULL; + struct ck_mechanism_info minfo; + + PKCS11_CHECK_INIT; + + ret = pkcs11_url_to_info(url, &info, 0); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = pkcs11_find_slot(&module, &slot, info, &tinfo, NULL, NULL); + p11_kit_uri_free(info); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + rv = pkcs11_get_mechanism_info(module, slot, mechanism, &minfo); + if (rv != CKR_OK) { + gnutls_assert(); + return 0; + } + + if (ptr) { + if (sizeof(minfo) > psize) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + else if (sizeof(minfo) < psize) + memset(ptr, 0, psize); + memcpy(ptr, &minfo, sizeof(minfo)); + } + return 1; } /** diff --git a/lib/pkcs11_int.c b/lib/pkcs11_int.c index dce59475c7..1134f43252 100644 --- a/lib/pkcs11_int.c +++ b/lib/pkcs11_int.c @@ -173,6 +173,16 @@ pkcs11_get_mechanism_list(struct ck_function_list * module, } ck_rv_t +pkcs11_get_mechanism_info(struct ck_function_list *module, + ck_slot_id_t slot_id, + ck_mechanism_type_t mechanism, + struct ck_mechanism_info *ptr) +{ + return (module)->C_GetMechanismInfo(slot_id, mechanism, + ptr); +} + +ck_rv_t pkcs11_sign_init(struct ck_function_list * module, ck_session_handle_t sess, struct ck_mechanism * mechanism, ck_object_handle_t key) diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index ffeb23e161..baa28b772f 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -308,6 +308,12 @@ pkcs11_get_mechanism_list(struct ck_function_list *module, unsigned long *count); ck_rv_t +pkcs11_get_mechanism_info(struct ck_function_list *module, + ck_slot_id_t slot_id, + ck_mechanism_type_t mechanism, + struct ck_mechanism_info *ptr); + +ck_rv_t pkcs11_sign_init(struct ck_function_list *module, ck_session_handle_t sess, struct ck_mechanism *mechanism, ck_object_handle_t key); |