[PATCH v2 2/3] Check whether the card has a RNG.

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Apr 6 09:16:59 CEST 2016


* src/agent.c (learn_status_cb): Learn from the agent whether the
card supports GET CHALLENGE.
* src/agent.h (struct agent_card_info_s): New member rng_available.
* src/p11-gettokeninfo (C_GetTokenInfo): Set CKF_RNG flag.
* src/slots.c (slot_token_has_rng): New function.
* src/slots.h (slot_token_has_rng): New prototype.
Parse card capabilities
--

Now that C_GenerateRandom is implemented, we can inform the client
application that a RNG is available on the token.

But support for the GET CHALLENGE operation does not seem to be
mandatory as per the OpenPGP Card specification, so we should
first make sure that the inserted token does support it.

The code for parsing the EXTCAP line is taken from GnuPG, with
Werner's permission to reuse it under the same licensing terms as
the rest of Scute.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 src/agent.c            | 24 ++++++++++++++++++++++++
 src/agent.h            |  2 ++
 src/p11-gettokeninfo.c |  7 +++++--
 src/slots.c            |  9 +++++++++
 src/slots.h            |  3 +++
 5 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/src/agent.c b/src/agent.c
index e2ed31e..8fc48e0 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -846,6 +846,30 @@ learn_status_cb (void *opaque, const char *line)
 	    }
 	}
     }
+  else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
+    {
+      char *p, *p2, *buf;
+      int abool;
+
+      buf = p = unescape_status_string (line);
+      if (buf)
+        {
+          for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
+            {
+              p2 = strchr (p, '=');
+              if (p2)
+                {
+                  *p2++ = 0;
+                  abool = (*p2 == '1');
+                  if (!strcmp (p, "gc"))
+                    parm->rng_available = abool;
+                  /* We're currently not interested in the
+                   * other capabilities. */
+                }
+            }
+          free (buf);
+        }
+    }
   return 0;
 }
 
diff --git a/src/agent.h b/src/agent.h
index 6f3f6df..0d6bb30 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -73,6 +73,8 @@ struct agent_card_info_s
   char grip1[41];
   char grip2[41];
   char grip3[41];
+  int rng_available;    /* True if the GET CHALLENGE operation
+                           is supported. */
 };
 
 
diff --git a/src/p11-gettokeninfo.c b/src/p11-gettokeninfo.c
index 88d77be..c0a2417 100644
--- a/src/p11-gettokeninfo.c
+++ b/src/p11-gettokeninfo.c
@@ -72,8 +72,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)
   pInfo->flags = CKF_TOKEN_INITIALIZED
     | CKF_PROTECTED_AUTHENTICATION_PATH | CKF_WRITE_PROTECTED
     | CKF_USER_PIN_INITIALIZED;
-  /* FIXME: Support this later: CKF_RNG.
-     FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
+
+  if (slot_token_has_rng (slot))
+    pInfo->flags |= CKF_RNG;
+
+  /* FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
      FIXME: CKF_LOGIN_REQUIRED needed?  We could implement login via
      the "SCD CHECKPIN" command.  I am not sure how this mixes with
      CKF_PROTECTED_AUTHENTICATION_PATH.
diff --git a/src/slots.c b/src/slots.c
index 136d64e..810be0b 100644
--- a/src/slots.c
+++ b/src/slots.c
@@ -657,6 +657,15 @@ slot_get_id (slot_iterator_t slot)
   return slot;
 }
 
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool
+slot_token_has_rng (slot_iterator_t id)
+{
+  struct slot *slot = scute_table_data (slots, id);
+
+  return slot->info.rng_available;
+}
+
 
 /* Mechanism management.  */
 
diff --git a/src/slots.h b/src/slots.h
index e36be27..3624c55 100644
--- a/src/slots.h
+++ b/src/slots.h
@@ -116,6 +116,9 @@ void slot_token_pincount (slot_iterator_t id, int *max, int *len);
 /* Return the ID of slot SLOT.  */
 CK_SLOT_ID slot_get_id (slot_iterator_t slot);
 
+/* Return true if the token supports the GET CHALLENGE operation. */
+bool slot_token_has_rng (slot_iterator_t id);
+
 
 /* Begin iterating over the list of mechanisms.  If succeeds, will be
    followed up by a slot_iterate_end.  */
-- 
2.7.4




More information about the Gnupg-devel mailing list