Add flags for PKCS#11 libraries with reduced feature set
This commit is contained in:
Martin Willi
parent
41ec04c34d
commit
59df2d2a6f
|
|
@ -466,6 +466,11 @@ struct private_pkcs11_library_t {
|
|||
* Name as passed to the constructor
|
||||
*/
|
||||
char *name;
|
||||
|
||||
/**
|
||||
* Supported feature set
|
||||
*/
|
||||
pkcs11_feature_t features;
|
||||
};
|
||||
|
||||
METHOD(pkcs11_library_t, get_name, char*,
|
||||
|
|
@ -474,6 +479,12 @@ METHOD(pkcs11_library_t, get_name, char*,
|
|||
return this->name;
|
||||
}
|
||||
|
||||
METHOD(pkcs11_library_t, get_features, pkcs11_feature_t,
|
||||
private_pkcs11_library_t *this)
|
||||
{
|
||||
return this->features;
|
||||
}
|
||||
|
||||
/**
|
||||
* Object enumerator
|
||||
*/
|
||||
|
|
@ -765,6 +776,27 @@ static CK_RV UnlockMutex(CK_VOID_PTR data)
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the library has at least a given cryptoki version
|
||||
*/
|
||||
static bool has_version(CK_INFO *info, int major, int minor)
|
||||
{
|
||||
return info->cryptokiVersion.major > major ||
|
||||
(info->cryptokiVersion.major == major &&
|
||||
info->cryptokiVersion.minor >= minor);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check for optional PKCS#11 library functionality
|
||||
*/
|
||||
static void check_features(private_pkcs11_library_t *this, CK_INFO *info)
|
||||
{
|
||||
if (has_version(info, 2, 20))
|
||||
{
|
||||
this->features |= PKCS11_TRUSTED_CERTS;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize a PKCS#11 library
|
||||
*/
|
||||
|
|
@ -830,6 +862,8 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file)
|
|||
{
|
||||
DBG1(DBG_CFG, " uses OS locking functions");
|
||||
}
|
||||
|
||||
check_features(this, &info);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
@ -843,6 +877,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file)
|
|||
INIT(this,
|
||||
.public = {
|
||||
.get_name = _get_name,
|
||||
.get_features = _get_features,
|
||||
.create_object_enumerator = _create_object_enumerator,
|
||||
.create_mechanism_enumerator = _create_mechanism_enumerator,
|
||||
.destroy = _destroy,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
#ifndef PKCS11_LIBRARY_H_
|
||||
#define PKCS11_LIBRARY_H_
|
||||
|
||||
typedef enum pkcs11_feature_t pkcs11_feature_t;
|
||||
typedef struct pkcs11_library_t pkcs11_library_t;
|
||||
|
||||
#include "pkcs11.h"
|
||||
|
|
@ -28,6 +29,14 @@ typedef struct pkcs11_library_t pkcs11_library_t;
|
|||
#include <enum.h>
|
||||
#include <utils/enumerator.h>
|
||||
|
||||
/**
|
||||
* Optional PKCS#11 features some libraries support, some not
|
||||
*/
|
||||
enum pkcs11_feature_t {
|
||||
/** CKA_TRUSTED attribute supported for certificate objects */
|
||||
PKCS11_TRUSTED_CERTS = (1<<0),
|
||||
};
|
||||
|
||||
/**
|
||||
* A loaded and initialized PKCS#11 library.
|
||||
*/
|
||||
|
|
@ -45,6 +54,13 @@ struct pkcs11_library_t {
|
|||
*/
|
||||
char* (*get_name)(pkcs11_library_t *this);
|
||||
|
||||
/**
|
||||
* Get the feature set supported by this library.
|
||||
*
|
||||
* @return ORed set of features supported
|
||||
*/
|
||||
pkcs11_feature_t (*get_features)(pkcs11_library_t *this);
|
||||
|
||||
/**
|
||||
* Create an enumerator over CK_OBJECT_HANDLE using a search template.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue