gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

5 files changed, 83 insertions, 0 deletions

diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 8741f96322..1ea635ed73 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -357,6 +357,11 @@ gnutls_pkcs11_token_get_mechanism(const char *url,
 				  unsigned int idx,
 				  unsigned long *mechanism);
 
+unsigned
+gnutls_pkcs11_token_check_mechanism(const char *url,
+				    unsigned long mechanism,
+				    void *ptr, unsigned psize, unsigned flags);
+
 int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags	/*gnutls_pin_flag_t */);
 
 int gnutls_pkcs11_token_get_url(unsigned int seq,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 5e1ea798a8..4ed21f8fa1 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1171,6 +1171,7 @@ GNUTLS_3_4
 	gnutls_group_list;
 	gnutls_group_get;
 	gnutls_priority_group_list;
+	gnutls_pkcs11_token_check_mechanism;
  local:
 	*;
 };
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 4d7eb69f91..52836fece8 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -3470,7 +3470,68 @@ gnutls_pkcs11_token_get_mechanism(const char *url, unsigned int idx,
 	*mechanism = mlist[idx];
 
 	return 0;
+}
+
+/**
+ * gnutls_pkcs11_token_check_mechanism:
+ * @url: should contain a PKCS 11 URL
+ * @mechanism: The PKCS #11 mechanism ID
+ * @ptr: if set it should point to a CK_MECHANISM_INFO struct
+ * @psize: the size of CK_MECHANISM_INFO struct (for safety)
+ * @flags: must be zero
+ *
+ * This function will return whether a mechanism is supported
+ * by the given token. If the mechanism is supported and
+ * @ptr is set, it will be updated with the token information.
+ *
+ * Returns: Non-zero if the mechanism is supported or zero otherwise.
+ *
+ * Since: 3.6.0
+ **/
+unsigned
+gnutls_pkcs11_token_check_mechanism(const char *url,
+				    unsigned long mechanism,
+				    void *ptr, unsigned psize, unsigned flags)
+{
+	int ret;
+	ck_rv_t rv;
+	struct ck_function_list *module;
+	ck_slot_id_t slot;
+	struct ck_token_info tinfo;
+	struct p11_kit_uri *info = NULL;
+	struct ck_mechanism_info minfo;
+
+	PKCS11_CHECK_INIT;
+
+	ret = pkcs11_url_to_info(url, &info, 0);
+	if (ret < 0) {
+		gnutls_assert();
+		return ret;
+	}
+
+	ret = pkcs11_find_slot(&module, &slot, info, &tinfo, NULL, NULL);
+	p11_kit_uri_free(info);
+
+	if (ret < 0) {
+		gnutls_assert();
+		return ret;
+	}
+
+	rv = pkcs11_get_mechanism_info(module, slot, mechanism, &minfo);
+	if (rv != CKR_OK) {
+		gnutls_assert();
+		return 0;
+	}
+
+	if (ptr) {
+		if (sizeof(minfo) > psize)
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+		else if (sizeof(minfo) < psize)
+			memset(ptr, 0, psize);
+		memcpy(ptr, &minfo, sizeof(minfo));
+	}
 
+	return 1;
 }
 
 /**
diff --git a/lib/pkcs11_int.c b/lib/pkcs11_int.c
index dce59475c7..1134f43252 100644
--- a/lib/pkcs11_int.c
+++ b/lib/pkcs11_int.c
@@ -173,6 +173,16 @@ pkcs11_get_mechanism_list(struct ck_function_list * module,
 }
 
 ck_rv_t
+pkcs11_get_mechanism_info(struct ck_function_list *module,
+			  ck_slot_id_t slot_id,
+			  ck_mechanism_type_t mechanism,
+			  struct ck_mechanism_info *ptr)
+{
+	return (module)->C_GetMechanismInfo(slot_id, mechanism,
+					    ptr);
+}
+
+ck_rv_t
 pkcs11_sign_init(struct ck_function_list * module,
 		 ck_session_handle_t sess,
 		 struct ck_mechanism * mechanism, ck_object_handle_t key)
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index ffeb23e161..baa28b772f 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -308,6 +308,12 @@ pkcs11_get_mechanism_list(struct ck_function_list *module,
 			  unsigned long *count);
 
 ck_rv_t
+pkcs11_get_mechanism_info(struct ck_function_list *module,
+			  ck_slot_id_t slot_id,
+			  ck_mechanism_type_t mechanism,
+			  struct ck_mechanism_info *ptr);
+
+ck_rv_t
 pkcs11_sign_init(struct ck_function_list *module,
 		 ck_session_handle_t sess,
 		 struct ck_mechanism *mechanism, ck_object_handle_t key);